Model Checking Embedded C Software Using k-Induction and Invariants

Rocha, Herbert; Ismail, Hussama; Cordeiro, Lucas C.; Barreto, Raimundo

doi:10.1109/sbesc.2015.24

Cited by 21 publications

(7 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Various methods for static verification use program transformation as a core component. The realm of such analyses spans widely, including safety verification of software [1,6,8,9,17,19,25,26] and hybrid systems [15]; resource-bound analysis [12,13,21,29]; termination analysis [5]; and information-flow analysis [16]. Despite this diversity, we have not noticed any methods that are based on loop fusion or the guess-andassume approach.…”

Section: Related Workmentioning

confidence: 99%

A guess-and-assume approach to loop fusion for program verification

Imanishi

Suenaga

Igarashi

2018

Proceedings of the ACM SIGPLAN Workshop on Partial Evaluation and Program Manipulation - PEPM '18

View full text Add to dashboard Cite

Loop fusion-a program transformation to merge multiple consecutive loops into a single one-has been studied mainly for compiler optimization. In this paper, we propose a new loop fusion strategy, which can fuse any loops-even loops with data dependence-and show that it is useful for program verification because it can simplify loop invariants.The crux of our loop fusion is the following observation: if the state after the first loop were known, the two loop bodies could be computed at the same time without suffering from data dependence by renaming program variables. Our loop fusion produces a program that guesses the unknown state after the first loop nondeterministically, executes the fused loop where variables are renamed, compares the guessed state and the state actually computed by the fused loop, and, if they do not match, diverges. The last two steps of comparison and divergence are crucial to preserve partial correctness. We call our approach "guess-and-assume" because, in addition to the first step to guess, the last two steps can be expressed by the pseudo-instruction assume, used in program verification.We formalize our loop fusion for a simple imperative language and prove that it preserves partial correctness. We further extend the "guess-and-assume" technique to reversing loop execution, which is useful to verify a certain type of consecutive loops. Finally, we confirm by experiments that our transformation techniques are indeed effective for stateof-the-art model checkers to verify a few small programs that they could not.

show abstract

Section: Related Workmentioning

confidence: 99%

A guess-and-assume approach to loop fusion for program verification

Imanishi

Suenaga

Igarashi

2018

Proceedings of the ACM SIGPLAN Workshop on Partial Evaluation and Program Manipulation - PEPM '18

View full text Add to dashboard Cite

show abstract

“…nuXmv also supports guided reachability and k-liveness. Other tools such as ESBMC-DepthK [25], VVT [4] CPAchecker, [5], CPROVER [7] use similar techniques for reasoning about C programs.…”

Section: Related Workmentioning

confidence: 99%

The JKind Model Checker

Gacek

Backes

Whalen

et al. 2018

Computer Aided Verification

View full text Add to dashboard Cite

JKind is an open-source industrial model checker developed by Rockwell Collins and the University of Minnesota. JKind uses multiple parallel engines to prove or falsify safety properties of infinite state models. It is portable, easy to install, performance competitive with other state-of-the-art model checkers, and has features designed to improve the results presented to users: inductive validity cores for proofs and counterexample smoothing for test-case generation. It serves as the back-end for various industrial applications. Functionality and Main FeaturesJKind is structured as several parallel engines that coordinate to prove properties, mimicking the design of PKind and Kind 2 [8,21]. Some engines are

show abstract

“…Novel verification algorithms for proving correctness of (a large set of) C programs, by mathematical induction, in a completely automatic way (i.e., users do not need to provide the loop invariant) were recently proposed [23,24,25,26,27]. Additionally, k -induction based verification was also applied to ensure that (restricted) C programs (1) do not contain violations related to data races [28], considering the Cell BE processor, and (2) do respect time constraints, which are specified during the system design phase [18].…”

Section: Induction-based Verification Of C Programsmentioning

confidence: 99%

“…(RP3) Novel approaches to model check embedded software using k -induction and invariants were proposed and evaluated in the literature, which demonstrate its effectiveness in some real-life embedded-system applications [23,25,26,28]; however, the main challenge still remains open, i.e., to compute and strengthen loop invariants to prove program correctness and timeliness in a more efficient and effective way, in order to be competitive with other model-checking approaches. In particular, invariant-generation algorithms have substantially evolved over the last years, with the goal of discovering inductive invariants of programs [21,22] or continuously refine them during verification [24]; however, there is still a lack of studies for exploiting the combination of different invariant-generation algorithms (e.g., interval analysis, linear inequalities, polynomial equalities and inequalities) and how to strengthen them during verification, in order to ensure system robustness w.r.t.…”

Section: Current Achievements and Future Trendsmentioning

confidence: 99%

SMT-Based Context-Bounded Model Checking for Embedded Systems

Cordeiro

Filho

2016

SIGSOFT Softw. Eng. Notes

View full text Add to dashboard Cite

The dependency on the correct functioning of embedded systems is rapidly growing, mainly due to their wide range of applications, such as micro-grids, automotive device control (e.g., airbag control), health care, surveillance, mobile devices, and consumer electronics. Their structures are becoming more and more complex and now require multi-core processors with scalable shared memory, in order to meet increasing computational power demands. As a consequence, reliability of embedded (distributed) software becomes a key issue during system development, which must be carefully addressed and assured. Normally, state-of-the-art verification methodologies for embedded systems generate test vectors (with constraints) and use assertion-based verification and highlevel processor models, during simulation; however, other additional challenges have been raised: the need for meeting time and energy constraints, handling concurrent software, dealing with platform restrictions, evaluating implementation-structure choices, and supporting new software architectures and legacy designs (usually written in low-level languages). The present paper discusses challenges, problems, and recent advances to ensure correctness and timeliness regarding embedded systems. Reliability issues, in the development of micro-grids and cyber-physical systems, are then considered, as a prominent (bounded) model checking application.

show abstract

Model Checking Embedded C Software Using k-Induction and Invariants

Cited by 21 publications

References 17 publications

A guess-and-assume approach to loop fusion for program verification

A guess-and-assume approach to loop fusion for program verification

The JKind Model Checker

SMT-Based Context-Bounded Model Checking for Embedded Systems

Contact Info

Product

Resources

About