ABSTRACT
Recently, the k-induction algorithm has proven to be a successful approach for both finding bugs and proving correctness. However, since the algorithm is an incremental approach, it might waste resources trying to prove incorrect programs. In this paper, we extend the k-induction algorithm to shorten the number of steps required to find a property violation. We convert the algorithm into a meet-in-the-middle bidirectional search algorithm, using the counterexample produced from over-approximating the program. The main advantage is in the reduction of the state explosion by reducing the maximum required steps from k to ⌊k/2 + 1⌋.
- Dirk Beyer. 2017. Software Verification With Validation Of Results (Report On SV-COMP 2017). In TACAS (LNCS), Vol. 10206. 331–349. Google ScholarDigital Library
- Armin Biere. 2009.Google Scholar
- Handbook Of Satisfiability. Vol. 185. IOS Press, Chapter 14, 455–481.Google Scholar
- Armin Biere, Alessandro Cimatti, Edmund Clarke, and Yunshan Zhu. 1999. Symbolic Model Checking Without BDDs. In TACAS (LNCS), Vol. 1633. 193–207. Google ScholarDigital Library
- Gabriel P. Bischoff, Karl S. Brace, G. Cabodi, and S. Nocco, S.and Quer. 2005.Google Scholar
- Exploiting Target Enlargement And Dynamic Abstraction Within Mixed BDD And SAT Invariant Checking. Electronic Notes in Theoretical Computer Science 119, 2 (2005), 33–49. Google ScholarDigital Library
- Edmund Clarke, Daniel Kroening, and Flavio Lerda. 2004. A Tool For Checking ANSI-C Programs. In TACAS (LNCS), Vol. 2988. 168–176.Google Scholar
- Lucas C. Cordeiro, Bernd Fischer, and João Marques-Silva. 2012.Google Scholar
- SMT-Based Bounded Model Checking For Embedded ANSI-C Software. IEEE Transactions on Software Engineering 38, 4 (2012), 957–974. Google ScholarDigital Library
- Zakir Durumeric, James Kasten, David Adrian, J. Alex Halderman, Michael Bailey, Frank Li, Nicolas Weaver, Johanna Amann, Jethro Beekman, Mathias Payer, and Vern Paxson. 2014. The Matter Of Heartbleed. In IMC. 475–488. Google ScholarDigital Library
- Mikhail R. Gadelha, Felipe R. Monteiro, Jeremy Morse, Lucas C. Cordeiro, Bernd Fischer, and Denis A. Nicole. 2018. ESBMC 5.0: An Industrial-Strength C Model Checker. In ASE. ACM, 888–891. Google ScholarDigital Library
- Mikhail Y. R. Gadelha, Hussama I. Ismail, and Lucas C. Cordeiro. 2017. Handling Loops In Bounded Model Checking Of C Programs Via K-induction. STTT 19, 1 (2017), 97–114. Google ScholarDigital Library
- Steve Heath. 2003.Google Scholar
- Embedded Systems Design. Newnes, Oxford, United Kingdom. 430 pages.Google Scholar
- Dejan Jovanović and Bruno Dutertre. 2016. Property-directed k-induction. In FMCAD. 85–92. Google ScholarDigital Library
- Daniel Kroening, Joël Ouaknine, Ofer Strichman, Thomas Wahl, and James Worrell. 2011. Linear Completeness Thresholds For Bounded Model Checking. In CAV (LNCS), Vol. 6806. 557–572. Google ScholarDigital Library
- Florian Merz, Stephan Falke, and Carsten Sinz. 2012. LLBMC: Bounded Model Checking Of C And C++ Programs Using A Compiler IR. In VSTTE (LNCS), Vol. 7152. 146–161. Google ScholarDigital Library
- Felipe R. Monteiro, Erickson H. da S. Alves, Isabela S. Silva, Hussama I. Ismail, Lucas C. Cordeiro, and Eddie B. de Lima Filho. 2018. ESBMC-GP U A Context-Bounded Model Checking Tool To Verify CUDA Programs. Science of Computer Programming 152 (2018), 63 – 69. Google ScholarDigital Library
- Shaz Qadeer and Jakob Rehof. 2005.Google Scholar
- Context-Bounded Model Checking Of Concurrent Software. In TACAS (LNCS), Vol. 3440. 93–107. Google ScholarDigital Library
- Mary Sheeran, Satnam Singh, and Gunnar Stålmarck. 2000.Google Scholar
Index Terms
- Towards counterexample-guided k-induction for fast bug detection
Recommendations
Assertion Based Verification using Yosys: A Case Study from Nuclear Domain
ISEC '23: Proceedings of the 16th Innovations in Software Engineering ConferenceAssertion Based Verification is a design methodology that integrates Formal Methods as part of the design process. As each module is designed, the designer expresses the functional, structural and interface requirements of the module as logical formulas ...
Verification and refutation of C programs based on k-induction and invariant inference
AbstractDepthK is a source-to-source transformation tool that employs bounded model checking (BMC) to verify and falsify safety properties in single- and multi-threaded C programs, without manual annotation of loop invariants. Here, we describe and ...
Latticed k-Induction with an Application to Probabilistic Programs
Computer Aided VerificationAbstractWe revisit two well-established verification techniques, k-induction and bounded model checking (BMC), in the more general setting of fixed point theory over complete lattices. Our main theoretical contribution is latticed k-induction, which (i) ...
Comments