Bounded model checking of embedded software in wireless cognitive radio systems

We present a new verification approach that applies aggressive program slicing and a proof-based abstraction-refinement strategy to enhance the scalability of bounded model checking of embedded software. While many software model-checking tools use program slicing as a separate or optional step, our program slicing is integrated in the model construction and reduction process. And it is combined with the compilation optimization techniques so to compute a more accurate slice. We also explore a proof-based abstraction-refinement strategy using the under/overapproximation on our proposed software model, and propose a heuristic method of deciding new encoding size to refine the under-approximation. Experiments on C programs from wireless cognitive radio systems show this approach can greatly reduce the model size and shorten the solving time by the SAT-solver.

[1]  Stephan Merz,et al.  Model Checking , 2000 .

[2]  Sriram K. Rajamani,et al.  Bebop: A Symbolic Model Checker for Boolean Programs , 2000, SPIN.

[3]  Joël Ouaknine,et al.  Deciding Bit-Vector Arithmetic with Abstraction , 2007, TACAS.

[4]  Per Bjesse,et al.  Using counter example guided abstraction refinement to find complex bugs , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[5]  Chao Wang,et al.  Model checking C programs using F-Soft , 2005, 2005 International Conference on Computer Design.

[6]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[7]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[8]  Frank Tip,et al.  A survey of program slicing techniques , 1994, J. Program. Lang..

[9]  Alex Groce,et al.  Making the Most of BMC Counterexamples , 2005, BMC@CAV.

[10]  Pei-Hsin Ho,et al.  Abstraction refinement by controllability and cooperativeness analysis , 2004, Proceedings. 41st Design Automation Conference, 2004..

[11]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[12]  Kenneth L. McMillan,et al.  Automatic Abstraction without Counterexamples , 2003, TACAS.

[13]  Michael D. Ernst,et al.  Value dependence graphs: representation without taxation , 1994, POPL '94.

[14]  Alexander Aiken,et al.  Scalable error detection using boolean satisfiability , 2005, POPL '05.

[15]  Alexander Aiken,et al.  Saturn: A scalable framework for error detection using Boolean satisfiability , 2007, TOPL.

[16]  Chao Wang,et al.  Disjunctive Image Computation for Embedded Software Verification , 2006, Proceedings of the Design Automation & Test in Europe Conference.