ABSTRACT
Model checking [5] is an automated algorithmic technique for exhaustive verification of systems, described as finite state machines, against temporal logic [9] specifications. It has been used successfully to verify hardware at an industrial scale [6]. One of the most successful variants of model checking is Bounded Model Checking (BMC) [2] which leverages the power of state-of-the-art satisfiability (SAT) 1 and satisfiability-modulo-theory (SMT) 2 to push the boundaries of automated verification. Like model checking, BMC was developed originally for hardware, but has since been extended and applied successfully to verify sequential [4], multi-threaded [1, 10], as well as real-time software [3].
A key benefit of BMC-based software model checkers, such as CBMC [4], is that they are able to handle bit-level semantics of programs precisely. Thus, they are able to detect errors due to integer overflows, and prove correctness of programs that use bit-level operations, without reporting false warnings, or missing bugs. This makes BMC ideal for verifying high-integrity software, where the cost of failure is substantial. Indeed, CBMC has been used to verify a wide variety of low-level safety and security-critical systems, such as co-pilots [8], OS schedulers [7], and hypervisors [11] (see url{http://www.cprover.org/cbmc/applications.shtml} for a more expansive list).
This tutorial will provide an introduction to BMC, its underlying technical principles, and applications to verifying sequential, multi-threaded, and real-time software. The tutorial will be hands-on, with live demonstrations of using BMC tools for verifying sample programs written in C.
- J. Alglave, D. Kroening, V. Nimal, and M. Tautschnig. Software Verification for Weak Memory via Program Transformation. In M. Felleisen and P. Gardner, editors, Proceedings of the 22nd European Symposium On Programming (ESOP '13), volume 7792 of Lecture Notes in Computer Science, pages 512--532, Rome, Italy, March 2013. Springer-Verlag. Google ScholarDigital Library
- A. Biere, A. Cimatti, E. M. Clarke, O. Strichman, and Y. Zue. Bounded Model Checking, volume 58 of Advances in computers. Academic Press, 2003.Google Scholar
- S. Chaki, A. Gurfinkel, S. Kong, and O. Strichman. Compositional Sequentialization of Periodic Programs. In R. Giacobazzi, J. Berdine, and I. Mastroeni, editors, Proceedings of the 14th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI '13), volume 7737 of Lecture Notes in Computer Science, pages 536--554, Rome, Italy. New York, January 2013. Springer-Verlag.Google Scholar
- E. Clarke, D. Kroening, and F. Lerda. A Tool for Checking ANSI-C Programs. In K. Jensen and A. Podelski, editors, Proceedings of the 10th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS '04), volume 2988 of Lecture Notes in Computer Science, pages 168--176, Barcelona, Spain, March 29--April 2, 2004. New York, NY, March--April 2004. Springer-Verlag.Google Scholar
- E. M. Clarke, E. A. Emerson, and J. Sifakis. Model checking: algorithmic verification and debugging. Communications of the ACM (CACM), 52(11):74--84, November 2009. Google ScholarDigital Library
- E. M. Clarke, O. Grumberg, H. Hiraishi, S. Jha, D. E. Long, K. L. McMillan, and L. A. Ness. Verification of the FuturebusGoogle Scholar
- Cache Coherence Protocol. Formal Methods in System Design (FMSD), 6(2):217--232, March 1995. Google ScholarDigital Library
- M. K. Ludwich and A. A. Fröhlich. On the formal verification of component-based embedded operating systems. Operating Systems Review, 46(1):28--34, 2013. Google ScholarDigital Library
- L. Pike, S. Niller, and N. Wegmann. Runtime Verification for Ultra-Critical Systems. In S. Khurshid and K. Sen, editors, Proceedings of the 2nd International Conference on Runtime Verification (RV '11), volume 7186 of Lecture Notes in Computer Science, pages 310--324, San Francisco, CA, USA, September 2011. Springer-Verlag. Google ScholarDigital Library
- A. Pnueli. The Temporal Logic of Programs. In Proceedings of the 18th Annual Symposium on Foundations of Computer Science (FOCS '77), pages 46--57, Providence, RI, October 31--November 2, 1977. New York, NY, October--November 1977. IEEE Computer Society. Google ScholarDigital Library
- N. Sinha and C. Wang. Staged concurrent program analysis. In Proceedings of the 18th ACM SIGSOFT Symposium on Foundations of Software Engineering (FSE '10), pages 47--56, Santa Fe, NM, USA, November 7--11, 2010, November 2010. Association for Computing Machinery. Google ScholarDigital Library
- A. Vasudevan, S. Chaki, L. Jia, J. M. McCune, J. Newsome, and A. Datta. Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework. In Proceedings of the 34th IEEE Symposium on Security and Privacy (Oakland '13), pages 430--444, San Francisco, CA, USA, May 2013. IEEE Computer Society. Google ScholarDigital Library
Index Terms
- Bounded model checking of high-integrity software
Recommendations
Bounded model checking of high-integrity software
HILT '13Model checking [5] is an automated algorithmic technique for exhaustive verification of systems, described as finite state machines, against temporal logic [9] specifications. It has been used successfully to verify hardware at an industrial scale [6]. ...
Improved bounded model checking for the universal fragment of CTL
SAT-based bounded model checking (BMC) has been introduced as a complementary technique to BDD-based symbolic model checking in recent years, and a lot of successful work has been done in this direction. The approach was first introduced by A. Biere et ...
Handling loops in bounded model checking of C programs via k-induction
The first attempts to apply the k-induction method to software verification are only recent. In this paper, we present a novel proof by induction algorithm, which is built on the top of a symbolic context-bounded model checker and uses an iterative ...
Comments