SMT-Based Bounded Model Checking of C++ Programs

Ramalho, Mikhail; Freitas, Mauro; Sousa, Felipe Rodrigues Monteiro; Marques, Hendrio; Cordeiro, Lucas C.; Fischer, Bernd

doi:10.1109/ecbs.2013.15

Cited by 27 publications

(49 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…As GPUVerify, PUG does not verify main functions and this explains most unsupported cases (31), while others are explained by the lack of support to __syncthreads function (12), function pointers (9), and the curand.h library (7); additionally, PUG does not support the use of unsigned type modifier as argument to the function atomi-cAdd (6); changes in variables stored in constant memory (3), and inability to handle structs (2), variables with __device__ qualifier (2), and size_t type (1), in addition to other cases that PUG aborted by returning a false null pointer access (7) or because it did not recognize the NULL identifier (2). As GPUVerify, PUG does not verify main functions and this explains most unsupported cases (31), while others are explained by the lack of support to __syncthreads function (12), function pointers (9), and the curand.h library (7); additionally, PUG does not support the use of unsigned type modifier as argument to the function atomi-cAdd (6); changes in variables stored in constant memory (3), and inability to handle structs (2), variables with __device__ qualifier (2), and size_t type (1), in addition to other cases that PUG aborted by returning a false null pointer access (7) or because it did not recognize the NULL identifier (2).…”

Section: Resultsmentioning

confidence: 99%

“…GKLEE generated 7 false incorrect results, which are caused by incorrectly detected assertions (4), data-races (1), array out-of-bounds (1) and solver call failure (1). GPUVerify generated eight false incorrect results, due to incorrectly detected assertion (2) and data-races (6). PUG produces 11 false incorrect results due to data races incorrectly detected.…”

Section: Resultsmentioning

confidence: 99%

“…Such approach was previously attempted in the formal verification of C++ programs [6], Qt-based applications [29,30], and Android mobile applications [31,32]. Such approach was previously attempted in the formal verification of C++ programs [6], Qt-based applications [29,30], and Android mobile applications [31,32].…”

Section: Operational Models For Compute Unified Device Architecture Lmentioning

confidence: 99%

See 2 more Smart Citations

SMT‐based context‐bounded model checking for CUDA programs

Pereira

Albuquerque

Silva

et al. 2016

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

We present ESBMC-GPU tool, an extension to the Efficient SMT-Based Context-Bounded Model Checker (ESBMC), which is aimed at verifying Graphics Processing Unit (GPU) programs written for the Compute Unified Device Architecture (CUDA) platform. ESBMC-GPU uses an operational model, that is, an abstract representation of the standard CUDA libraries, which conservatively approximates their semantics, in order to verify CUDA-based programs. It then explicitly explores the possible interleavings (up to the given context bound), while treats each interleaving itself symbolically. Additionally, ESBMC-GPU employs the monotonic partial order reduction and the two-thread analysis to prune the state space exploration. Experimental results show that ESBMC-GPU can successfully verify 82% of all benchmarks, while keeping lower rates of false results. Going further than previous attempts, ESBMC-GPU is able to detect more properties violations than other existing GPU verifiers due to its ability to verify errors of the program execution flow and to detect array out-of-bounds and data race violations. exploration, similar to Cordeiro et al. [4]. In particular, we explicitly explore the possible interleavings (up to the given context bound), while we treat each interleaving itself symbolically w.r.t. a given property.To prune the state-space exploration, we apply Monotonic Partial Order Reduction (MPOR) [12] to CUDA programs, which eliminates redundant interleavings without missing any behavior that can be exhibited by the program. We have modified the MPOR algorithm to identify transitions between threads that accessed different memory locations in the same array. Because CUDA kernels typically produce regular and independent access to explore the benefits of the GPU execution model, the application of MPOR routinely leads to substantial performance improvements in most benchmarks. Thus, using operational models that simulate CUDA libraries, together with MPOR implementation in ESBMC-GPU, we achieve significant (correct) results of CUDA kernels verification, primarily when compared with other state-of-the-art GPU verifiers [3,[7][8][9]. Additionally, the present approach considers low-level aspects related to dynamic memory allocation, data transfer, memory deallocation, and overflow. Such violations are typically present in CUDA programs, however, they are routinely ignored by most GPU verifiers. Thus, we provide a more precise verification than other existing approaches, considering soundness of data passed by the main program to the kernel, with the drawback of leading to a higher verification time. ContributionsWe make four major contributions:we extend benefits of SMT-based context-bounded model checking for CUDA programs, in the context of parallel programming for GPUs, to detect more failures than other existing approaches, while keeping lower rates of false results; although SMT-based context-bounded model checking is not a novel technique, we have not seen in the literature its application to verify CUDA programs. this wor...

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Section: Operational Models For Compute Unified Device Architecture Lmentioning

confidence: 99%

See 1 more Smart Citation

SMT‐based context‐bounded model checking for CUDA programs

Pereira

Albuquerque

Silva

et al. 2016

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

show abstract

“…(RP1) Cordeiro, Fischer, and Marques-Silva proposed the first SMT-based BMC for full C programs, called Efficient SMT-Based Context-Bounded Model Checker (ESBMC) [17], which was later extended to support C++98 programs [36], CUDA programs [37], and Qt-based consumer electronics applications [38]. This approach was also able to find undiscovered bugs related to arithmetic overflow, buffer overflow, and invalid pointer, in standard benchmarks, which were later confirmed by the benchmarks' creators (e.g., NOKIA, NEC, NXP, and VERISEC) [15,17].…”

Section: Current Achievements and Future Trendsmentioning

confidence: 99%

SMT-Based Context-Bounded Model Checking for Embedded Systems

Cordeiro

Filho

2016

SIGSOFT Softw. Eng. Notes

View full text Add to dashboard Cite

The dependency on the correct functioning of embedded systems is rapidly growing, mainly due to their wide range of applications, such as micro-grids, automotive device control (e.g., airbag control), health care, surveillance, mobile devices, and consumer electronics. Their structures are becoming more and more complex and now require multi-core processors with scalable shared memory, in order to meet increasing computational power demands. As a consequence, reliability of embedded (distributed) software becomes a key issue during system development, which must be carefully addressed and assured. Normally, state-of-the-art verification methodologies for embedded systems generate test vectors (with constraints) and use assertion-based verification and highlevel processor models, during simulation; however, other additional challenges have been raised: the need for meeting time and energy constraints, handling concurrent software, dealing with platform restrictions, evaluating implementation-structure choices, and supporting new software architectures and legacy designs (usually written in low-level languages). The present paper discusses challenges, problems, and recent advances to ensure correctness and timeliness regarding embedded systems. Reliability issues, in the development of micro-grids and cyber-physical systems, are then considered, as a prominent (bounded) model checking application.

show abstract

“…In Ramalho et al (2013) it presents a bounded model checker for C++ programs, which is an evolution of dealing with C programs, and Cordeiro et al (2012) use ESBMC for embedded ANSI-C software. In , and it was proven that it is possible to use ESBMC to solve HW-SW partitioning in a single-and multi-core way, but the former has performance issues that were improved by the latter, which used only a sequential search to perform multi-core model checking.…”

Section: Introductionmentioning

confidence: 99%

Multi-core model checking and maximum satisfiability applied to hardware-software partitioning

Trindade

Degelo

Santos

et al. 2017

IJES

View full text Add to dashboard Cite

Bounded Model Checking (BMC) based on Satisfiability Modulo Theories (SMT) is well known by its capability to verify software. However, its use as optimization tool, to solve hardware and software (HW-SW) partitioning problem, is something new. In particular, its integration with the Maximum Satisfiability solver νZ tool, which provides a portfolio of approaches for solving linear optimization problems over SMT formulas, is unprecedented. We present new alternative approaches to solve the HW-SW partitioning problem. First, we use SMT-based BMC in conjunction with a multi-core support using Open Multi-Processing to create four variants to solve the partitioning problem. The multi-core SMT-based BMC approaches allow initializing many verification instances based on the number of available processing cores, where each instance checks a different optimum value until the optimization problem is satisfied. Additionally, we integrate the νZ into the BMC, making it as a specialized solution for optimization in a single-core environment. We implement all five approaches on top of the Efficient SMTBased Context-Bounded Model Checker (ESBMC) and compare them to a state-of-the-art optimization tool. Experimental results show that there is no single optimization tool to solve all HW-SW partitioning benchmarks, but based on medium-size benchmarks, ESBMC-νZ had better performance.

show abstract

SMT-Based Bounded Model Checking of C++ Programs

Cited by 27 publications

References 17 publications

SMT‐based context‐bounded model checking for CUDA programs

SMT‐based context‐bounded model checking for CUDA programs

SMT-Based Context-Bounded Model Checking for Embedded Systems

Multi-core model checking and maximum satisfiability applied to hardware-software partitioning

Contact Info

Product

Resources

About