University of Trento Software Model Checking via Large-block Encoding Software Model Checking via Large-block Encoding

The construction and analysis of an abstract reachability tree (ART) are the basis for a successful method for software verification. The ART represents unwindings of the control-flow graph of the program. Traditionally, a transition of the ART represents a single block of the program, and therefore, we call this approach single-block encoding (SBE). SBE may result in a huge number of program paths to be explored, which constitutes a fundamental source of inefficiency. We propose a generalization of the approach, in which transitions of the ART represent larger portions of the program; we call this approach large-block encoding (LBE). LBE may reduce the number of paths to be explored up to exponentially. Within this framework, we also investigate symbolic representations: for representing abstract states, in addition to conjunctions as used in SBE, we investigate the use of arbitrary Boolean formulas; for computing abstract-successor states, in addition to Cartesian predicate abstraction as used in SBE, we investigate the use of Boolean predicate abstraction. The new encoding leverages the efficiency of state-of-the-art SMT solvers, which can symbolically compute abstract large-block successors. Our experiments on benchmark C programs show that the large-block encoding outperforms the single-block encoding.

[1]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[2]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[3]  Thomas A. Henzinger,et al.  The software model checker B last : Applications to software engineering , 2007 .

[4]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[5]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[6]  Rupak Majumdar,et al.  CSIsat: Interpolation for LA+EUF , 2008, CAV.

[7]  Roberto Bruttomesso,et al.  The MathSAT 4 SMT Solver ( Tool Paper ) , 2008 .

[8]  Albert Oliveras,et al.  SMT Techniques for Fast Predicate Abstraction , 2006, CAV.

[9]  Alan J. Hu,et al.  Calysto: scalable and precise extended static checking , 2008, ICSE.

[10]  Marco Roveri,et al.  Computing Predicate Abstractions by Integrating BDDs and SMT Solvers , 2007, Formal Methods in Computer Aided Design (FMCAD'07).

[11]  Daniel Kroening,et al.  SATABS: SAT-Based Predicate Abstraction for ANSI-C , 2005, TACAS.

[12]  Dirk Beyer,et al.  CPAchecker: A Tool for Configurable Software Verification , 2009, CAV.

[13]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[14]  Alberto Griggio,et al.  Efficient Interpolant Generation in Satisfiability Modulo Theories , 2008, TACAS.

[15]  Andreas Podelski,et al.  Boolean and Cartesian abstraction for model checking C programs , 2001, International Journal on Software Tools for Technology Transfer.

[16]  Kenneth L. McMillan,et al.  Lazy Abstraction with Interpolants , 2006, CAV.