Verifying multi-threaded software using smt-based context-bounded model checking

@article{Cordeiro2011VerifyingMS,
  title={Verifying multi-threaded software using smt-based context-bounded model checking},
  author={Lucas C. Cordeiro and Bernd Fischer},
  journal={2011 33rd International Conference on Software Engineering (ICSE)},
  year={2011},
  pages={331-340}
}
  • L. Cordeiro, B. Fischer
  • Published 21 May 2011
  • Computer Science
  • 2011 33rd International Conference on Software Engineering (ICSE)
We describe and evaluate three approaches to model check multi-threaded software with shared variables and locks using bounded model checking based on Satisfiability Modulo Theories (SMT) and our modelling of the synchronization primitives of the Pthread library. In the lazy approach, we generate all possible interleavings and call the SMT solver on each of them individually, until we either find a bug, or have systematically explored all interleavings. In the schedule recording approach, we… 

Figures and Tables from this paper

Bounded Verification of Multi-threaded Programs via Lazy Sequentialization
TLDR
A new approach to BMC of sequentially consistent imperative programs that use POSIX threads is described, which translates the multi-threaded program into a nondeterministic sequential program that preserves reachability for all round-robin schedules with a given bound on the number of rounds.
Model Checking LTL Properties over C Programs with Bounded Traces
TLDR
This paper describes and experiment with an approach to extend context-bounded software model checking to safety and liveness properties expressed in linear-time temporal logic (LTL), and uses an extended, four-valued LTL semantics to handle the finite traces that bounded model checking explores.
Bounded Model Checking of Multi-threaded C Programs via Lazy Sequentialization
TLDR
This approach first translates a multi-threaded C program into a nondeterministic sequential C program that preserves reachability for all round-robin schedules with a given bound on the number of rounds, and re-uses existing high-performance BMC tools as backends for the sequential verification problem.
Model checking LTL properties over ANSI-C programs with bounded traces
TLDR
This paper describes and experiment with an approach to extend context-bounded software model checking to safety and liveness properties expressed in linear-time temporal logic (LTL), and uses an extended, four-valued LTL semantics to handle the finite traces that bounded model checking explores.
Combining sequentialization-based verification of multi-threaded C programs with symbolic Partial Order Reduction
TLDR
A novel implementation of lazy sequentialization is presented, which integrates symbolic POR into the encoding to prune redundant schedules, and can provide considerable speed-ups.
Interference relation-guided SMT solving for multi-threaded program verification
TLDR
It is shown that the backend SMT solver can benefit a lot from the domain knowledge of concurrent programs and is compared with the state-of-the-art Z3 tool on credible benchmarks from the ConcurrencySafety category of SV-COMP 2019.
Harnessing SMT-Based Bounded Model Checking through Stateless Explicit-State Exploration
TLDR
A hybrid approach to improving the verification performance of SMT-based bounded model checking for LTL properties by utilizing stateless explicit-state exploration and propositional formulas, which shows that Garakabu2 often outperforms the state-of-the-art pure BMC methods implemented in SAL infinite bounded model checker for both safety and liveness properties.
Context-Bounded Model Checking of LTL Properties for ANSI-C Software
TLDR
An approach to extend context-bounded model checking to liveness properties expressed in linear-time temporal logic (LTL), which converts the LTL formulae into Buchi-automata and then further into C monitor threads, which are interleaved with the execution of the program under test.
SMT-Based Bounded Model Checking for Embedded ANSI-C Software
TLDR
This work proposes the application of different background theories and SMT solvers to the verification of embedded software written in ANSI-C in order to improve scalability and precision in a completely automatic way and shows that the ESBMC model checker can analyze larger problems than existing tools and substantially reduce the verification time.
Lazy-CSeq: A Context-Bounded Model Checking Tool for Multi-threaded C-Programs
TLDR
Lazy-CSeq translates a multi-threaded C program into a bounded nondeterministic sequential C program that preserves bounded reachability for all round-robin schedules up to a given number of rounds, and reuses existing high-performance bounded model checkers as sequential verification backends.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 32 REFERENCES
SMT-Based Bounded Model Checking for Embedded ANSI-C Software
TLDR
This work proposes the application of different background theories and SMT solvers to the verification of embedded software written in ANSI-C in order to improve scalability and precision in a completely automatic way and shows that the ESBMC model checker can analyze larger problems than existing tools and substantially reduce the verification time.
Bounded Model Checking of Concurrent Programs
TLDR
This work proposes a SAT-based bounded verification technique, called TCBMC, for threaded C programs, based on CBMC, and obtains an efficient modeling that can be sent to a SAT solver for property checking.
Context-Bounded Model Checking of Concurrent Software
TLDR
This paper proves that the problem of verifying a concurrent boolean program is decidable, even in the presence of unbounded parallelism, if the analysis is restricted to executions in which the number of context switches is bounded by an arbitrary constant.
Iterative context bounding for systematic testing of multithreaded programs
TLDR
This paper proposes iterative context-bounding, a new search algorithm that systematically explores the executions of a multithreaded program in an order that prioritizes executions with fewer context switches, and shows both theoretically and empirically that context-bounded search is an effective method for exploring the behaviors of multith readed programs.
Efficient Modeling of Concurrent Systems in BMC
We present an efficient method for modeling multi-threaded concurrent systems with shared variables and locks in Bounded Model Checking (BMC), and use it to improve the detection of safety properties
Semantic Reduction of Thread Interleavings in Concurrent Programs
TLDR
A static analysis framework for concurrent programs based on reduction of thread interleavings using sound invariants on the top of partial order techniques that facilitates use of model checking on the remaining warnings to generate concrete error traces.
Reducing Concurrent Analysis Under a Context Bound to Sequential Analysis
TLDR
This paper gives a general reduction from a concurrent program P, and a given context bound K, to a sequential program $P_s^K$ such that the analysis of P can be used to prove properties about K, and gives instances of the reduction for common program models used in model checking, such as Boolean programs and pushdown systems.
Verifying SystemC: A software model checking approach
TLDR
This paper approaches formal verification of SystemC by reduction to software model checking by relying on a translation from SystemC to a sequential C program, that contains both the mapping of the SystemC threads in form of C functions and the coding of relevant semantic aspects.
Bounded Model Checking of Software Using SMT Solvers Instead of SAT Solvers
TLDR
This paper proposes a generalisation of the CBMC approach based on an encoding into richer (but still decidable) theories than propositional logic, and shows that this approach may lead to considerably more compact formulae than those obtained with CBMC.
KISS: keep it simple and sequential
TLDR
This paper transforms a concurrent program into a sequential program that simulates the execution of a large subset of the behaviors of the concurrent program and presents a novel analysis technique for concurrent programs that avoids exponential complexity.
...
1
2
3
4
...