Towards counterexample-guided k-induction for fast bug detection

Gadelha, Mikhail R.; Monteiro, Felipe R.; Cordeiro, Lucas C.; Nicole, Denis A.

doi:10.1145/3236024.3264840

Cited by 3 publications

(2 citation statements)

References 20 publications

(23 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Results over the SV-COMP 2018 benchmark suite show that ESBMC is the strongest k-induction tool currently available. We are currently extending the k-induction proof rule to use information from the inductive step, to make bug finding more efficiently [16].…”

Section: ) Setupmentioning

confidence: 99%

ESBMC 5.0: an industrial-strength C model checker

Gadelha

Monteiro

Morse

et al. 2018

Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering

Self Cite

View full text Add to dashboard Cite

ESBMC is a mature, permissively licensed opensource context-bounded model checker for the verification of single-and multi-threaded C programs. It can verify both safety (e.g., bounds check, pointer safety, overflow) and userdefined (as asserts in the program) properties automatically. ESBMC provides C++ and Python APIs to access internal data structures, allowing inspection and extension at any stage of the verification process. We discuss improvements over previous versions of ESBMC, including the description of new front-and back-ends, IEEE floating-point support, and an improved k-induction algorithm. A demonstration is available at https://www.youtube.com/watch?v=N_qmN-cazvM.

show abstract

Section: ) Setupmentioning

confidence: 99%

ESBMC 5.0: an industrial-strength C model checker

Gadelha

Monteiro

Morse

et al. 2018

Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering

Self Cite

View full text Add to dashboard Cite

show abstract

“…In practice, the bkind algorithm performs a bidirectional search for bugs in the program state space to quickly refute properties. Given the current knowledge in software model checking, our extension has not previously been described or evaluated in the literature, but we have already provided preliminary results of this approach on a limited number of small benchmarks [11]. Similar techniques do exist, however, in other domains: Bischoff et al [12] describe a technique called "target enlargement" which combines binary decisions diagrams (BDDs) and Boolean Satisfiability (SAT) solvers to reduce the time to find property violations in hardware verification, and Bradley et al introduced "property-directed reachability" (or IC3) procedure for safety verification of systems [13] and have shown that IC3 can scale on certain benchmarks, where k-induction fails to succeed.…”

Section: Introductionmentioning

confidence: 99%

Beyond k-induction: Learning from Counterexamples to Bidirectionally Explore the State Space

Gadelha,

Monteiro,

Steffinlongo

et al. 2019

Preprint

Self Cite

View full text Add to dashboard Cite

We describe and evaluate a novel k-induction proof rule called bidirectional k-induction (bkind), which substantially improves the k-induction bugfinding capabilities. Particularly, bkind exploits the counterexamples generated by the over-approximation step to derive new properties and feed them back to the bounded model checking procedure. We also combine an interval invariant generator and bkind to significantly improve the number of correct verification results. Experimental results show that bkind can considerably reduce the verification time compared to the naïve k-induction proof rule, since it only requires half the number of steps to find a given safety property violation in an unsafe program. The bkind algorithm outperforms 2LS, another state-of-the-art k-induction verifier, and produces more than twice correct proofs and about 35% more correct alarms than when analysing a large set of public available benchmarks.

show abstract

Verification and refutation of C programs based on k-induction and invariant inference

Alhawi

Rocha

Gadelha³

et al. 2020

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

DepthK is a source-to-source transformation tool that employs bounded model checking (BMC) to verify and falsify safety properties in single- and multi-threaded C programs, without manual annotation of loop invariants. Here, we describe and evaluate a proof-by-induction algorithm that combines k-induction with invariant inference to prove and refute safety properties. We apply two invariant generators to produce program invariants and feed these into a k-induction-based verification algorithm implemented in DepthK, which uses the efficient SMT-based context-bounded model checker (ESBMC) as sequential verification back-end. A set of C benchmarks from the International Competition on Software Verification (SV-COMP) and embedded-system applications extracted from the available literature are used to evaluate the effectiveness of the proposed approach. Experimental results show that k-induction with invariants can handle a wide variety of safety properties, in typical programs with loops and embedded software applications from the telecommunications, control systems, and medical domains. The results of our comparative evaluation extend the knowledge about approaches that rely on both BMC and k-induction for software verification, in the following ways. (1) The proposed method outperforms the existing implementations that use k-induction with an interval-invariant generator (e.g., 2LS and ESBMC), in the category ConcurrencySafety, and overcame, in others categories, such as SoftwareSystems, other software verifiers that use plain BMC (e.g., CBMC). Also, (2) it is more precise than other verifiers based on the property-directed reachability (PDR) algorithm (i.e., SeaHorn, Vvt and CPAchecker-CTIGAR). This way, our methodology demonstrated improvement over existing BMC and k-induction-based approaches.

show abstract

Towards counterexample-guided k-induction for fast bug detection

Cited by 3 publications

References 20 publications

ESBMC 5.0: an industrial-strength C model checker

ESBMC 5.0: an industrial-strength C model checker

Beyond k-induction: Learning from Counterexamples to Bidirectionally Explore the State Space

Verification and refutation of C programs based on k-induction and invariant inference

Contact Info

Product

Resources

About