Verification and refutation of C programs based on k-induction and invariant inference

Alhawi, Omar M.; Rocha, Herbert; Gadelha, Mikhail R.; Cordeiro, Lucas C.; Batista, Eddie

doi:10.1007/s10009-020-00564-1

Cited by 11 publications

(3 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To mitigate scalability challenges, we offer an additional feature wherein, in addition to the continuous-control algorithm's source code, designers can input range values (lower and upper bounds) for the variables used by the control algorithm. These specified intervals boost the verification process and yield counterexamples in the event of a property violation [22]. By exploring the state space that represents the operational region of the control system, we can achieve more efficient verification outcomes.…”

Section: Verifying Implementation Errors In Control Algorithmsmentioning

confidence: 99%

Applying Formal Methods to Build a Safe Continuous-Control Architecture for an Unmanned Aerial Vehicle

Becker,

Gonçalves,

Broering

et al. 2023

Preprint

View full text Add to dashboard Cite

Cyber-Physical Systems (CPS) are systems composed of computational and physical processes where constant interaction with the surrounding environment exists. Unmanned Aerial Vehicles (UAVs) can be highlighted as a typical example of CPS. It contains devices that sense the surrounding environment (e.g., IMU, GPS) and provide data for the embedded continuous-control software to compute the CPS reactions. Such reactions are, in fact, actions in the physical (electro-mechanical) process, which occur using actuators (e.g., motors' speed controllers). Such a CPS is typically classified as safety-critical because a failure might have severe implications. Therefore, providing safety guarantees is of utmost importance when designing this application. This paper presents a solution for offering safety guarantees during the design of the continuous-control architecture, which is one of the most critical parts of the CPS. The present proposal applies formal verification (FV) techniques to detect software errors and verify if the architecture is suitable to cope with the real-time requirements coming from the system specification. The first verification round targets individual elements of the architecture, especially the continuous-control algorithm. Therefore, the ESBMC model checker is used; it receives the element's source code as input and can check for a set of language-specific properties, such as memory safety and concurrency vulnerabilities. After making all the individual analyses and performing subsequent corrections, another verification process is started using the UPPAAL model checker, aiming to make the schedulability analysis of the proposed architecture. Finally, we conduct a runtime monitoring analysis using our recently developed RMLib tool. This proposal was successfully used within the design process of a UAV, where different classes of design and implementation problems were detected and further corrected, as detailed in the paper.

show abstract

Section: Verifying Implementation Errors In Control Algorithmsmentioning

confidence: 99%

Applying Formal Methods to Build a Safe Continuous-Control Architecture for an Unmanned Aerial Vehicle

Becker,

Gonçalves,

Broering

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…A large number of techniques have been proposed in literature that use induction [47][48][49][50][51][52][53] and its pragmatically more useful version k-induction [1,[54][55][56][57][58][59][60][61][62][63][64]. These techniques generate and use loop invariants, especially when aimed at verifying safety properties of programs.…”

Section: Related Workmentioning

confidence: 99%

Full-program induction: verifying array programs sans loop invariants

Chakraborty

Gupta²,

Unadkat³

2022

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

Arrays are commonly used in a variety of software to store and process data in loops. Automatically proving safety properties of such programs that manipulate arrays is challenging. We present a novel verification technique, called full-program induction, for proving (a sub-class of) quantified as well as quantifier-free properties of programs manipulating arrays of parametric size N . Instead of inducting over individual loops, our technique inducts over the entire program (possibly containing multiple loops) directly via the program parameter N . The technique performs non-trivial transformations of the given program and pre-conditions during the inductive step. The transformations assist in effectively reducing the assertion checking problem by transforming a program with multiple loops to a program which has fewer and simpler loops or is loop-free. Significantly, full-program induction does not require generation or use of loop-specific invariants.To assess the efficacy of our technique, we have developed a prototype tool called Vajra. We demonstrate the performance of Vajra vis-a-vis several state-of-the-art tools on a large set of array manipulating benchmarks from the international software verification competition (SV-COMP) and on several programs inspired by algebraic functions that perform polynomial computations.

show abstract

“…In that sense, the efficient SMT-based context-bounded model checker (ESBMC) is a good candidate. It is a state-ofthe-art (SOTA) checker, which can be extended to support different programming languages and target systems, such as digital filters and controllers, even incorporating behavior models and companion tools [8][9][10]. In addition, it was initially devised as a C-language model checker and has been evaluated using standard benchmarks and embedded applications in the telecommunication industry [11,12].…”

Section: Introductionmentioning

confidence: 99%

ESBMC-Solidity: An SMT-Based Model Checker for Solidity Smart Contracts

Song¹,

Matulevicius²,

Filho³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Smart contracts written in Solidity are programs used in blockchain networks, such as Etherium, for performing transactions. However, as with any piece of software, they are prone to errors and may present vulnerabilities, which malicious attackers could then use. This paper proposes a solidity frontend for the efficient SMT-based context-bounded model checker (ESBMC), named ESBMC-Solidity, which provides a way of verifying such contracts with its framework. A benchmark suite with vulnerable smart contracts was also developed for evaluation and comparison with other verification tools. The experiments performed here showed that ESBMC-Solidity detected all vulnerabilities, was the fastest tool, and provided a counterexample for each benchmark. A demonstration is available at https://youtu.be/3UH8_1QAVN0. CCS Concepts:• Software and its engineering → Model checking; Software verification.

show abstract

Verification and refutation of C programs based on k-induction and invariant inference

Cited by 11 publications

References 51 publications

Applying Formal Methods to Build a Safe Continuous-Control Architecture for an Unmanned Aerial Vehicle

Applying Formal Methods to Build a Safe Continuous-Control Architecture for an Unmanned Aerial Vehicle

Full-program induction: verifying array programs sans loop invariants

ESBMC-Solidity: An SMT-Based Model Checker for Solidity Smart Contracts

Contact Info

Product

Resources

About