Skip to main content
SpringerLink
Log in

ESBMC 6.1: automated test case generation using bounded model checking

  • Competitions and Challenges
  • Special Issue: TestComp 2019
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

ESBMC is an SMT-based bounded model checker that provides a bit-precise verification of both C and C++ programs. Bounded model checking (BMC) was developed to provide faster results when finding property violations; BMC achieves this by limiting the number of loop unwindings and recursion depth. The technique, however, is unable to prove correctness unless all loops and recursions are fully unwound, which might not be possible for some programs (e.g., infinite loops). The version of ESBMC described here is designed to avoid the problem of guessing the number of unwindings, which leads to a property violation; it incrementally verifies the program, searching only for property violations. Once ESBMC has found a property violation, it produces a test suite that contains at least one test to expose a bug. ESBMC can correctly produce 312 test cases, which are confirmed by the test validator employed by Test-Comp 2019.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Notes

  1. We produce test suites that adhere to the exchange format described in https://gitlab.com/sosy-lab/software/test-format/blob/master/doc/Format.md.

  2. https://raw.githubusercontent.com/sosy-lab/sv-benchmarks/master/c/loops/sum_array-1.c.

References

  1. Cordeiro, L.C., Fischer, B., Marques-Silva, J.: SMT-based bounded model checking for embedded ANSI-C software. IEEE TSE 38(4), 957–974 (2012)

    Google Scholar 

  2. Petrov, M., Gagarski, K., Belyaev, M.A., Itsykson, V.M.: Using a bounded model checker for test generation: how to kill two birds with one SMT solver. Autom. Control Comput. Sci. 49(7), 466–472 (2015)

    Article  Google Scholar 

  3. Anielak, G., Jakacki, G., Lasota, S.: Incremental test case generation using bounded model checking: an application to automatic rating. STTT 17(3), 339–349 (2015)

    Article  Google Scholar 

  4. Rocha, H., Barreto, R.S., Cordeiro, L.C.: Memory management test-case generation of C programs using bounded model checking. In: SEFM, LNCS 9276, pp. 251–267 (2015)

  5. Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: TACAS, LNCS 2988, pp. 168–176 (2004)

  6. Lopes, B.C., Auler, R.: Getting Started With LLVM Core Libraries, 1st edn. Packt Publishing, Birmingham (2014)

    Google Scholar 

  7. Brummayer, R., Biere, A.: Boolector: an efficient SMT solver for bit-vectors and arrays. In: TACAS, LNCS 5505, pp. 174–177 (2009)

  8. De Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: TACAS, LNCS 4963, pp. 337–340 (2008)

  9. Dutertre, B.: Yices 2.2. In: CAV, LNCS 8559, pp. 737–744 (2014)

  10. Cimatti, A., Griggio, A., Schaafsma, B., Sebastiani, R.: The mathSAT5 SMT solver. In: TACAS, LNCS 7795, pp. 93–107 (2013)

  11. Barrett, C., Conway, C., Deters, M., Hadarean, L., Jovanović, D., King, T., Reynolds, A., Tinelli, C.: CVC4. In: CAV, LNCS 6806, pp. 171–177 (2011)

  12. Biere, A., Heule, M., van Maaren, H., Walsh, T.: Handbook of Satisfiability: Volume 185 Frontiers in Artificial Intelligence and Applications, vol. 185. IOS Press, Amsterdam (2009)

    Google Scholar 

  13. Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without BDDs. In: TACAS, LNCS 1633, pp. 193–207 (1999)

  14. Morse, J., Cordeiro, L.C., Nicole, D., Fischer, B.: Model checking LTL properties over ANSI-C programs with bounded traces. SoSym 14(1), 65–81 (2015)

    Google Scholar 

  15. Merz, F., Falke, S., Sinz, C.: LLBMC: bounded model checking of C and C++ programs using a compiler IR. In: VSTTE, LNCS 7152, pp. 146–161 (2012)

  16. Ivančić, F., Shlyakhter, I., Gupta, A., Ganai, M.K.: Model checking C programs using F-SOFT. In: Computer Design, pp. 297–308 (2005)

  17. Hooker, J.N.: Solving the incremental satisfiability problem. J. Log. Program. 15(1), 177–186 (1993)

    Article  MathSciNet  Google Scholar 

  18. Kroening, D., Ouaknine, J., Strichman, O., Wahl, T., Worrell, J.: Linear completeness thresholds for bounded model checking. In: CAV. LNCS 6806, pp. 557–572 (2011)

  19. Beyer, D., Dangl, M., Dietsch, D., Heizmann, M., Stahlbauer, A.: Witness validation and stepwise testification across software verifiers. In: FSE, pp. 721–733 (2015)

  20. Neamtiu, I., Foster, J.S., Hicks, M.: Understanding source code evolution using abstract syntax tree matching. In: Mining Software Repositories, pp. 1–5 (2005)

  21. Xu, Z., Kremenek, T., Zhang, J.: A memory model for static analysis of C programs. In: Symposium On Leveraging Applications Of Formal Methods, Verification And Validation. LNCS, 6415, pp. 535–548 (2010)

  22. Levine, J.: Flex & Bison, 1st edn. O’Reilly Media, Inc., Sebastopol (2009)

    Google Scholar 

  23. Pierce, B.C.: Types and Programming Languages, 1st edn. The MIT Press, Cambridge (2002)

    MATH  Google Scholar 

  24. Cytron, R., Ferrante, J., Rosen, B.K., Wegman, M.N., Zadeck, F.K.: An efficient method of computing static single assignment form. In: POPL, pp. 25–35 (1989)

  25. Baldoni, R., Coppa, E., D’elia, D.C., Demetrescu, C., Finocchi, I.: A survey of symbolic execution techniques. ACM Comput. Survey 51(3), 50:1–50:39 (2018)

    Article  Google Scholar 

  26. Günther, H., Weissenbacher, G.: Incremental bounded software model checking. In: SPIN, pp. 40–47 (2014)

  27. Niemetz, A., Preiner, M., Biere, A.: Boolector 2.0 system description. J. Satisf., Boolean Model. Comput. 9, 53–58 (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Sidia Instituto de Ciência e Tecnologia, Manaus, Brazil

    Mikhail R. Gadelha

  2. Electronic and Information Research Center, Federal University of Amazonas, Manaus, Brazil

    Rafael S. Menezes

  3. Department of Computer Science, University of Manchester, Manchester, UK

    Lucas C. Cordeiro

Authors
  1. Mikhail R. Gadelha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rafael S. Menezes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lucas C. Cordeiro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mikhail R. Gadelha.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Gadelha, M.R., Menezes, R.S. & Cordeiro, L.C. ESBMC 6.1: automated test case generation using bounded model checking. Int J Softw Tools Technol Transfer 23, 857–861 (2021). https://doi.org/10.1007/s10009-020-00571-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-020-00571-2

Keywords

Search

Navigation