Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Anvesh Komuravelli Spacer Automatic Abstraction in SMT-Based Unbounded Software Model Checking Anvesh Komuravelli Carnegie Mellon University Joint work.

Published byAiyana Fell Modified over 9 years ago

Similar presentations

Presentation on theme: "© Anvesh Komuravelli Spacer Automatic Abstraction in SMT-Based Unbounded Software Model Checking Anvesh Komuravelli Carnegie Mellon University Joint work."— Presentation transcript:

1 © Anvesh Komuravelli Spacer Automatic Abstraction in SMT-Based Unbounded Software Model Checking Anvesh Komuravelli Carnegie Mellon University Joint work with Arie Gurfinkel, Sagar Chaki and Edmund Clarke

2 © Anvesh Komuravelli Spacer The Problem Program P + Assertions Program P + Assertions Automatic analysis for assertion failures Automatic analysis for assertion failures Safe Unsafe Unknown Software Model Checking + Proof + Counterexample + Partial Proof reach(P) error(P) 1 Is it empty?

3 © Anvesh Komuravelli Spacer reach(P) error(P) Over-approximation Driven (OD) 2

4 © Anvesh Komuravelli Spacer reach(P) error(P) Over-approximation driven (OD) 3

5 © Anvesh Komuravelli Spacer Over-approximation driven (OD) Key IdeaCEGAR based on Predicate Abstraction Symbolic Method BDDs for fixed point computation, SMT for new predicates ToolsSLAM, BLAST, SDV, etc. 4

6 © Anvesh Komuravelli Spacer reach(P) Under-approximation Driven (UD) error(P) 5

7 © Anvesh Komuravelli Spacer Under-approximation driven (UD) reach(P) error(P) 6

8 © Anvesh Komuravelli Spacer Under-approximation driven (UD) Key IdeaBMC based Approach Symbolic Method SMT ToolsIMPACT, UFO, etc. 7

9 © Anvesh Komuravelli Spacer Key Recent Advancements 2003Interpolation for Hardware Model CheckingMcMillan 2006IMPACT (Path Interpolants)McMillan 2009Path Interpolants for Hardware Model CheckingGrumberg et al. 2010IC3 (Different way of computing Interpolants, Hardware)Bradley 2011WOLVERINE (Bit-level Implementation of IMPACT)Kroening et al. 2012UFO (DAG Interpolation method, Predicate Abstraction + Interpolation)Gurfinkel et al. 2012VINTA (Abstract Interpretation + Interpolation)Gurfinkel et al. 2011FunFrog (Interprocedural)Sharygina et al. 2012μZ (Horn clause solver based on GPDR)Bjorner et al. 2012Duality (Horn clause solver based on Interpolation) McMillan, Rybalchenko 2012WHALE (Interprocedural)Gurfinkel et al. 8

10 © Anvesh Komuravelli Spacer reach(P) error(P) Our Strategy 9 Under-approx.  Abstract  Under-approx.

11 © Anvesh Komuravelli Spacer reach(P) error(P) Our Strategy 10 Under-approx.  Abstract  Under-approx.  Refine

12 © Anvesh Komuravelli Spacer error(P) reach(P) Our Strategy 11 Under-approx.  Abstract  Under-approx.  Refine  Abstract

13 © Anvesh Komuravelli Spacer error(P) reach(P) Our Strategy 12 And so on …

14 © Anvesh Komuravelli Spacer error(P) reach(P) reach(P) is covered Our Strategy 13 Abstractions guide the SMT solver to look for general proofs

15 © Anvesh Komuravelli Spacer It’s based on UD 14 … … … … Under-approximations AbstractAbstract

16 © Anvesh Komuravelli Spacer It’s based on UD 15 … … … … Under-approximations AbstractAbstract need not be monotonic

17 © Anvesh Komuravelli Spacer Spacer is based on UD 16 … … … … Under-approximations AbstractAbstract non-trivial abstraction

18 © Anvesh Komuravelli Spacer Program Under- Approximate Check Safety Feasible? Abstract Refine Proof-Based Abstraction CEGAR No Yes Safety ProofCounterexample 17

19 © Anvesh Komuravelli Spacer Why Abstraction? x = y = z = w = 0; while (*) { x = *; y = *; assume (0 ≤ y ≤ 100x); if (y > 10w && z ≥ 100x) { y = −y; } t = 1; w += t; z += 10t; } assert (0 ≤ y) 18 only way to fail the assertion

20 © Anvesh Komuravelli Spacer UD Reasoning x = y = z = w = 0; while (*) { x = *; y = *; assume (0 ≤ y ≤ 100x); if (y > 10w && z ≥ 100x) { y = −y; } t = 1; w += t; z += 10t; } assert (0 ≤ y) 1 st Iteration: w = 0, z = 0 1 st Iteration: w = 0, z = 0 19 y ≤ 100x

21 © Anvesh Komuravelli Spacer UD Reasoning x = y = z = w = 0; while (*) { x = *; y = *; assume (0 ≤ y ≤ 100x); if (y > 10w && z ≥ 100x) { y = −y; } t = 1; w += t; z += 10t; } assert (0 ≤ y) 2 nd Iteration: w = 1, z =10 2 nd Iteration: w = 1, z =10 20 y ≤ 100x

22 © Anvesh Komuravelli Spacer UD Reasoning x = y = z = w = 0; while (*) { x = *; y = *; assume (0 ≤ y ≤ 100x); if (y > 10w && z ≥ 100x) { y = −y; } t = 1; w += t; z += 10t; } assert (0 ≤ y) 3 rd Iteration: w = 2, z = 20 3 rd Iteration: w = 2, z = 20 21 y ≤ 100x And so on…

23 © Anvesh Komuravelli Spacer But … x = y = z = w = 0; while (*) { x = *; y = *; assume (0 ≤ y ≤ 100x); if (y > 10w && z ≥ 100x) { y = −y; } t = 1; w += t; z += 10t; } assert (0 ≤ y) 22 The value ‘1’ doesn’t matter!

24 © Anvesh Komuravelli Spacer But … x = y = z = w = 0; while (*) { x = *; y = *; assume (0 ≤ y ≤ 100x); if (y > 10w && z ≥ 100x) { y = −y; } t = *; w += t; z += 10t; } assert (0 ≤ y) 23

25 © Anvesh Komuravelli Spacer UD Reasoning on the Abstraction x = y = z = w = 0; while (*) { x = *; y = *; assume (0 ≤ y ≤ 100x); if (y > 10w && z ≥ 100x) { y = −y; } t = *; w += t; z += 10t; } assert (0 ≤ y) 24 2 nd Iteration w = t, z = 10t z = 10w All Iterations Resolve t away y ≤ 100x Redundant

26 © Anvesh Komuravelli Spacer Original Example x = y = z = w = 0; while (*) { if (*) {x++; y += 100;} else if (*) if (x ≥ 4) {x++; y++;} else if (y > 10w && z ≥ 100x) { y = −y; } t = 1; w += t; z += 10t; } assert (!(x ≥ 4 && y ≤ 2)) Source: Automatically Refining Abstract Interpretations, Gulavani, Chakraborty, Nori and Rajamani, TACAS ‘08. 25 μZ (SMT-Based Model Checker, part of Z3) Cannot solve in an hour Spacer (our tool) Finds a proof in a min. Solves an abstraction in < 1 sec. t = *;

27 © Anvesh Komuravelli Spacer What’s the magic? Focused Proofs Abstractions guide the SMT solver to look for certain kind of proofs Avoid proofs specific to an under-approximation Abstractions guide the SMT solver to look for certain kind of proofs Avoid proofs specific to an under-approximation How to obtain abstractions? From proofs of under-approximations! (Proof-Based Abstraction) Hope: What’s sufficient for the under-approximation is sufficient in general Downside: If abstraction is too coarse, need to refine (CEGAR) From proofs of under-approximations! (Proof-Based Abstraction) Hope: What’s sufficient for the under-approximation is sufficient in general Downside: If abstraction is too coarse, need to refine (CEGAR) 26

28 © Anvesh Komuravelli Spacer Program Under- Approximate Check Safety Feasible? Abstract Refine Proof-Based Abstraction CEGAR No Yes Safety ProofCounterexample 27

29 © Anvesh Komuravelli Spacer Schematic Example init_stmt; c = 0; while (*) { // invar_1, invar_2 // invar_3, invar_4 assume (c < k 1 ); if (*) { v1 = e1; v2 = e2; } else { v3 = e3; v4 = e4; } v5 = e5; v6 = e6; c += 1; } assert (safe); Add Counters Under-approximate Solve  Loop Invariants 28

30 © Anvesh Komuravelli Spacer Schematic Example Under-approximate Solve  Feasible? init_stmt; c = 0; assume (invar_1, invar_2); while (*) { // invar_1, invar_2 // invar_3, invar_4 assume (c < k 1 ); if (*) { v1 = e1; v2 = e2; } else { v3 = e3; v4 = e4; } v5 = e5; v6 = e6; c += 1; assume (invar_1, invar_2); } assert (safe);  Unbounded! Specific to under-approx. 29 Treat as guessed unbounded invariants. Essentially like Houdini [FL’01]. Treat as guessed unbounded invariants. Essentially like Houdini [FL’01]. Extract Unbounded Invariants Strengthen with Invariants [FL’01] Houdini, an annotation assistant for ESC/Java, C. Flanagan and K.R.M. Leino, 2001

31 © Anvesh Komuravelli Spacer init_stmt; c = 0; assume (invar_1, invar_2); while (*) { // invar_1, invar_2 if (*) { v1 = e1; v2 = e2; } else { v3 = e3; v4 = e4; } v5 = e5; v6 = e6; c += 1; assume (invar_1, invar_2); } assert (safe); Does not prove the assertion Does not prove the assertion Schematic Example Under-approximate Solve  Feasible?  NO 30

32 © Anvesh Komuravelli Spacer init_stmt; c = 0; assume (invar_1, invar_2); while (*) { // invar_1, invar_2 // invar_3, invar_4 assume (c < k 1 ); if (*) { v1 = e1; v2 = e2; } else { v3 = e3; v4 = e4; } v5 = e5; v6 = e6; c += 1; assume (invar_1, invar_2); } assert (safe); Redundant for the proof Schematic Example Under-approximate Solve  Feasible?  NOAbstract  31

33 © Anvesh Komuravelli Spacer Schematic Example Under-approximate Solve  Feasible?  NOAbstract  32 init_stmt; c = 0; assume (invar_1, invar_2); while (*) { // invar_1, invar_2 // invar_3, invar_4 assume (c < k 1 ); if (*) { v1 = e1; v2 = *; } else { v3 = e3; v4 = *; } v5 = e5; v6 = *; c += 1; assume (invar_1, invar_2); } assert (safe); Proof-Based Abstraction

34 © Anvesh Komuravelli Spacer init_stmt; c = 0; assume (invar_1, invar_2); while (*) { assume (c < k 2 ); if (*) { v1 = e1; v2 = *; } else { v3 = e3; v4 = *; } v5 = e5; v6 = *; c += 1; assume (invar_1, invar_2); } assert (safe); Concretize k 2 > k 1 Schematic Example Under-approximate Solve  Abstract Counterexample! Feasible?  Concrete control path is infeasible NORefine  33

35 © Anvesh Komuravelli Spacer Schematic Example Under-approximate Solve  Feasible?  NORefine  34 init_stmt; c = 0; assume (invar_1, invar_2); while (*) { assume (c < k 2 ); if (*) { v1 = e1; v2 = e2; } else { v3 = e3; v4 = e4; } v5 = e5; v6 = *; c += 1; assume (invar_1, invar_2); } assert (safe); CEGAR

36 © Anvesh Komuravelli Spacer init_stmt; c = 0; assume (invar_1, invar_2); while (*) { // invar_5 // invar_6 assume (c < k 2 ); if (*) { v1 = e1; v2 = e2; } else { v3 = e3; v4 = e4; } v5 = e5; v6 = *; c += 1; assume (invar_1, invar_2); } assert (safe); Unbounded Schematic Example Under-approximate Solve  Feasible?  YES 35 Invariants

37 © Anvesh Komuravelli Spacer Program Under- Approximate Check Safety Feasible? Abstract Refine Proof-Based Abstraction CEGAR No Yes Safety ProofCounterexample 36

38 © Anvesh Komuravelli Spacer Detailed Example x = y = z = w = 0; while (*) { if ::x++; y += 100; ::(x ≥ 4) -> x++; y++; ::(y > 10w && z ≥ 100x) -> y = −y; fi w++; z += 10; } assert (!(x ≥ 4 && y ≤ 2)); if (nd ()) {x++; y += 100;} else if (nd () && x ≥ 4) {x++; y++;} else if (y > 10w && z ≥ 100x) {y = −y;} else assume (0); if (nd ()) {x++; y += 100;} else if (nd () && x ≥ 4) {x++; y++;} else if (y > 10w && z ≥ 100x) {y = −y;} else assume (0); non-deterministic choice (e.g. as in Promela) C-like 37

39 © Anvesh Komuravelli Spacer Detailed Example x = y = z = w = 0; c = 0; while (*) { // (y > 10w) => (z < 100x), z ≤ 100x, // x ≤ 2, c ≤ 0 => x ≤ 0, c ≤ 1 => x ≤ 1 assume (c < 2); if ::x++; y += 100; ::(x ≥ 4) -> x++; y++; ::(y > 10w && z ≥ 100x) -> y = −y; fi w++; z += 10; c += 1; } assert (!(x ≥ 4 && y ≤ 2)); Add Counters Under-approximate Solve  Loop Invariants 38

40 © Anvesh Komuravelli Spacer Detailed Example x = y = z = w = 0; c = 0; while (*) { // (y > 10w) => (z < 100x), z ≤ 100x, // x ≤ 2, c ≤ 0 => x ≤ 0, c ≤ 1 => x ≤ 1 assume (c < 2); if ::x++; y += 100; ::(x ≥ 4) -> x++; y++; ::(y > 10w && z ≥ 100x) -> y = −y; fi w++; z += 10; c += 1; } assert (!(x ≥ 4 && y ≤ 2)); Inductive Invariant Under-approximate Solve  Safe 39

41 © Anvesh Komuravelli Spacer Detailed Example x = y = z = w = 0; c = 0; assume (y > 10w => z < 100x, z ≤ 100x); while (*) { // (y > 10w) => (z < 100x), z ≤ 100x, // x ≤ 2, c ≤ 0 => x ≤ 0, c ≤ 1 => x ≤ 1 assume (c < 2); if ::x++; y += 100; ::(x ≥ 4) -> x++; y++; ::(y > 10w && z ≥ 100x) -> y = −y; fi w++; z += 10; c += 1; assume (y > 10w => z < 100x, z ≤ 100x); } assert (!(x ≥ 4 && y ≤ 2)); Under-approximate Solve  Feasible?  Preserved! Specific to under-approx. Depend on counter Extract Unbounded Invariants Strengthen with Invariants 40

42 © Anvesh Komuravelli Spacer Detailed Example x = y = z = w = 0; c = 0; assume (y > 10w => z < 100x, z ≤ 100x); while (*) { // (y > 10w) => (z < 100x), z ≤ 100x, if ::x++; y += 100; ::(x ≥ 4) -> x++; y++; ::(y > 10w && z ≥ 100x) -> y = −y; fi w++; z += 10; c += 1; assume (y > 10w => z < 100x, z ≤ 100x); } assert (!(x ≥ 4 && y ≤ 2)); Under-approximate Solve  Feasible?  NO Does not prove the assertion Does not prove the assertion 41

43 © Anvesh Komuravelli Spacer Detailed Example x = y = z = w = 0; c = 0; assume (y > 10w => z < 100x, z ≤ 100x); while (*) { // (y > 10w) => (z < 100x), z ≤ 100x, // x ≤ 2, c ≤ 0 => x ≤ 0, c ≤ 1 => x ≤ 1 assume (c < 2); if ::x++; y += 100; ::(x ≥ 4) -> x++; y++; ::(y > 10w && z ≥ 100x) -> y = −y; fi w++; z += 10; c += 1; assume (y > 10w => z < 100x, z ≤ 100x); } assert (!(x ≥ 4 && y ≤ 2)); Under-approximate Solve  Feasible?  NOAbstract  Redundant 42

44 © Anvesh Komuravelli Spacer Detailed Example x = y = z = w = 0; c = 0; assume (y > 10w => z < 100x, z ≤ 100x); while (*) { // (y > 10w) => (z < 100x), z ≤ 100x, // x ≤ 2, c ≤ 0 => x ≤ 0, c ≤ 1 => x ≤ 1 assume (c < 2); if ::x++; y = *; ::(x ≥ 4) -> x++; y = *; ::(y > 10w && z ≥ 100x) -> y = *; fi w = *; z = *; c += 1; assume (y > 10w => z < 100x, z ≤ 100x); } assert (!(x ≥ 4 && y ≤ 2)); Under-approximate Solve  Feasible?  NOAbstract  Fails Enlarge error 43

45 © Anvesh Komuravelli Spacer Detailed Example x = y = z = w = 0; c = 0; assume (y > 10w => z < 100x, z ≤ 100x); while (*) { // (y > 10w) => (z < 100x), z ≤ 100x, // x ≤ 2, c ≤ 0 => x ≤ 0, c ≤ 1 => x ≤ 1 assume (c < 2); if ::x++; y = *; ::(x ≥ 4) -> x++; y = *; ::(y > 10w && z ≥ 100x) -> y = *; fi w = *; z = *; c += 1; assume (y > 10w => z < 100x, z ≤ 100x); } assert (!(x ≥ 4)); Under-approximate Solve  Feasible?  NOAbstract  44

46 © Anvesh Komuravelli Spacer Detailed Example x = y = z = w = 0; c = 0; assume (y > 10w => z < 100x, z ≤ 100x); while (*) { assume (c < 4); if ::x++; y = *; ::(x ≥ 4) -> x++; y = *; ::(y > 10w && z ≥ 100x) -> y = *; fi w = *; z = *; c += 1; assume (y > 10w => z < 100x, z ≤ 100x); } assert (!(x ≥ 4)); Under-approximate Solve  Counterexample! Increment x to 4 Choose y arbitrarily Feasible?  Concrete control path is infeasible NORefine  Concretize 45

47 © Anvesh Komuravelli Spacer Detailed Example x = y = z = w = 0; c = 0; assume (y > 10w => z < 100x, z ≤ 100x); while (*) { assume (c < 4); if ::x++; y += 100; ::(x ≥ 4) -> x++; y++; ::(y > 10w && z ≥ 100x) -> y = −y; fi w = *; z = *; c += 1; assume (y > 10w => z < 100x, z ≤ 100x); } assert (!(x ≥ 4 && y ≤ 2)); Under-approximate Solve  Feasible?  NORefine  46

48 © Anvesh Komuravelli Spacer Detailed Example x = y = z = w = 0; c = 0; assume (y > 10w => z < 100x, z ≤ 100x); while (*) { // (y > 10w) => (z < 100x), z ≤ 100x // y > 0, (x > 0) => (y ≥ 100) assume (c < 4); if ::x++; y += 100; ::(x ≥ 4) -> x++; y++; ::(y > 10w && z ≥ 100x) -> y = −y; fi w = *; z = *; c += 1; assume (y > 10w => z < 100x, z ≤ 100x); } assert (!(x ≥ 4 && y ≤ 2)); Under-approximate Solve  Feasible?  YES Inductive Invariant Safe Unbounded 47

49 © Anvesh Komuravelli Spacer Implementation Details – Unbounded Invariants Pre-LemmasPost-LemmasConcreteCounters Goal Find maximalsuch that 48

50 © Anvesh Komuravelli Spacer Implementation Details – Unbounded Invariants UNSAT SAT withtrue SAT? 49 Repeat until fixed point

51 © Anvesh Komuravelli Spacer Implementation Details – Unbounded Invariants Maximal subset of true post-lemmas Minimal number of b i ’s to be set to false Maximal subset of true post-lemmas Minimal number of b i ’s to be set to false Fixed point Iteration: 50 Introduce Assumption variables

52 © Anvesh Komuravelli Spacer Implementation Details – Unbounded Invariants Iteration 1 ✔ ✗ Iteration 2 ✗ 51 disabled

53 © Anvesh Komuravelli Spacer Implementation Details – Abstraction 52 Introduce Assumption variables

54 © Anvesh Komuravelli Spacer Implementation Details – Abstraction 53 Are all lemmas necessary?

55 © Anvesh Komuravelli Spacer Implementation Details – Abstraction 54 Introduce Assumption variables for lemmas

56 © Anvesh Komuravelli Spacer Spacer Tool Program Under- Approximate Check Safety Feasible? Abstract Refine Proof-Based Abstraction CEGAR No Yes Safety ProofCounterexample 55

57 © Anvesh Komuravelli Spacer Spacer Tool Program Under- Approximate Check Safety Feasible? Abstract Refine Proof-Based Abstraction CEGAR No Yes Safety ProofCounterexample 56 μZ Horn-Clause Solver (part of Z3) μZ Horn-Clause Solver (part of Z3)

58 © Anvesh Komuravelli Spacer Spacer Tool Program Under- Approximate Check Safety Feasible? Abstract Refine Proof-Based Abstraction CEGAR No Yes Safety ProofCounterexample 57 Horn-Clause Encoding μZ Horn-Clause Solver (part of Z3) μZ Horn-Clause Solver (part of Z3)

59 © Anvesh Komuravelli Spacer Spacer Tool C Program Preprocessing UFO Frontend (based on LLVM) Simplification, Large Block Encoding, etc. Horn Clause Encoding Implemented using UFO Frontend 58

60 © Anvesh Komuravelli Spacer Results on SV-COMP’13 Benchmarks 59 Abstraction did not help for UNSAFE ALSO, not a challenging pool of benchmarks

61 © Anvesh Komuravelli Spacer Results on SV-COMP’13 Benchmarks 60

62 © Anvesh Komuravelli Spacer Results on SV-COMP’13 Benchmarks 61 ~1 min. Not very meaningful to compare ~1 min. Not very meaningful to compare

63 © Anvesh Komuravelli Spacer Results on SV-COMP’13 Benchmarks 62 < 5 min. Mixed Results < 5 min. Mixed Results

64 © Anvesh Komuravelli Spacer Results on SV-COMP’13 Benchmarks 63 Advantage!

65 © Anvesh Komuravelli Spacer Results on SV-COMP’13 Benchmarks 64 Advantage! Time-out Mem-out

66 © Anvesh Komuravelli Spacer Conclusion Focused Proofs Abstractions guide the SMT solver to look for certain kind of proofs Avoid proofs specific to an under-approximation Abstractions guide the SMT solver to look for certain kind of proofs Avoid proofs specific to an under-approximation How to obtain abstractions? From proofs of under-approximations! (Proof-Based Abstraction) Hope: What’s sufficient for the under-approximation is sufficient in general Downside: If abstraction is too coarse, need to refine (CEGAR) From proofs of under-approximations! (Proof-Based Abstraction) Hope: What’s sufficient for the under-approximation is sufficient in general Downside: If abstraction is too coarse, need to refine (CEGAR) 65 A framework for automated abstraction in SMT-based Software Model Checking Implementation using an existing SMT-based model checker with practical advantage A framework for automated abstraction in SMT-based Software Model Checking Implementation using an existing SMT-based model checker with practical advantage Contributions

67 © Anvesh Komuravelli Spacer Conclusion (contd…) 66 Post-pruning of Proofs during Abstraction (Local vs. Global Proofs) Non-monotonic abstractions Major role of invariants (exploit the generality of proofs of under-approximations Post-pruning of Proofs during Abstraction (Local vs. Global Proofs) Non-monotonic abstractions Major role of invariants (exploit the generality of proofs of under-approximations Visit spacer.bitbucket.org to download tool and detailed slides! Why does PBA work?

68 © Anvesh Komuravelli Spacer On-going and Future Work Observation: Fixed granularity of abstraction – at the program level Observation: Restricted space of abstractions Questions: When/How to abstract/refine? Observation: Proofs too dependent on counter constraints (i.e. underapprox.) Question: How to use counters only when needed? In general, how to minimize the use of a given set of assumptions? Observation: Abstraction is done offline, after obtaining a proof of an under- approximation. Question: How does an on-the-fly abstraction work? When each transition is treated as a recursion-free procedure, it is similar to summarizing procedures on-the-fly. Also, how to handle recursion? 67

69 © Anvesh Komuravelli Spacer Read our CAV’13 paper for details… Questions? 68

70 © Anvesh Komuravelli Spacer Extra Slides 69

71 © Anvesh Komuravelli Spacer SMT-Based Model Checking init error CFGLoop-Free Unrolling Possibility 1 : UNSAFE Possibility 2 : SAFE Path Interpolants (McMillan ‘06) Discharge Verification Condition on SMT solver 70

72 © Anvesh Komuravelli Spacer SMT-Based Model Checking init error CFG Further Unrolling Possibility 1 : UNSAFE Possibility 2 : SAFE DAG Interpolants [AGC’12] Continue Until Convergence Discharge Verification Condition on SMT solver [AGC’12] : From Under-approximations to Over- approximations and Back, Albarghouthi, Gurfinkel and Chechik, TACAS ‘12 71

Download ppt "© Anvesh Komuravelli Spacer Automatic Abstraction in SMT-Based Unbounded Software Model Checking Anvesh Komuravelli Carnegie Mellon University Joint work."

Similar presentations

The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.

The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.
Exploiting SAT solvers in unbounded model checking

Exploiting SAT solvers in unbounded model checking
A practical and complete approach to predicate abstraction Ranjit Jhala UCSD Ken McMillan Cadence Berkeley Labs.

A practical and complete approach to predicate abstraction Ranjit Jhala UCSD Ken McMillan Cadence Berkeley Labs.
Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.

Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.
Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.

Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.
© 2013 Carnegie Mellon University UFO: From Underapproximations to Overapproximations and Back! Arie Gurfinkel (SEI/CMU) with Aws Albarghouthi and Marsha.

© 2013 Carnegie Mellon University UFO: From Underapproximations to Overapproximations and Back! Arie Gurfinkel (SEI/CMU) with Aws Albarghouthi and Marsha.
© 2006 Carnegie Mellon University Combining Predicate and Numeric Abstraction for Software Model Checking Software Engineering Institute Carnegie Mellon.

© 2006 Carnegie Mellon University Combining Predicate and Numeric Abstraction for Software Model Checking Software Engineering Institute Carnegie Mellon.
Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………

Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………
Verification of Evolving Software Natasha Sharygina Joint work with Sagar Chaki and Nishant Sinha Carnegie Mellon University.

Verification of Evolving Software Natasha Sharygina Joint work with Sagar Chaki and Nishant Sinha Carnegie Mellon University.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
© Anvesh Komuravelli Quantified Invariants in Rich Domains using Model Checking and Abstract Interpretation Anvesh Komuravelli, CMU Joint work with Ken.

© Anvesh Komuravelli Quantified Invariants in Rich Domains using Model Checking and Abstract Interpretation Anvesh Komuravelli, CMU Joint work with Ken.
Logic as the lingua franca of software verification Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A Joint work with Andrey Rybalchenko.

Logic as the lingua franca of software verification Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A Joint work with Andrey Rybalchenko.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University.

© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University.
© 2012 Carnegie Mellon University UFO: Verification with Interpolants and Abstract Interpretation Arie Gurfinkel and Sagar Chaki Software Engineering Institute.

© 2012 Carnegie Mellon University UFO: Verification with Interpolants and Abstract Interpretation Arie Gurfinkel and Sagar Chaki Software Engineering Institute.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Strichman Carnegie Mellon University.

Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Strichman Carnegie Mellon University.
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
Termination Proofs for Systems Code Andrey Rybalchenko, EPFL/MPI joint work with Byron Cook, MSR and Andreas Podelski, MPI PLDI’2006, Ottawa.

Termination Proofs for Systems Code Andrey Rybalchenko, EPFL/MPI joint work with Byron Cook, MSR and Andreas Podelski, MPI PLDI’2006, Ottawa.
Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.

Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.

Similar presentations

Ads by Google