ExpliSAT: Guiding SAT-Based Software Verification with Explicit States

We present a hybrid method for software model checking that combines explicit-state and symbolic techniques. Our method traverses the control flow graph of the program explicitly, and encodes the data values in a CNF formula, which we solve using a SAT solver. In order to avoid traversing control flow paths that do not correspond to a valid execution of the program we introduce the idea of a representative of a control path. We present favorable experimental results, which show that our method scales well both with regards to the nondeterministic data and the number of threads.

[1]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[2]  Stephan Merz,et al.  Model Checking , 2000 .

[3]  Eitan Farchi,et al.  Concurrent bug patterns and how to test them , 2003, Proceedings International Parallel and Distributed Processing Symposium.

[4]  Laila Dybkjær,et al.  Affective Dialogue Systems , 2004, Lecture Notes in Computer Science.

[5]  Mark N. Wegman,et al.  An efficient method of computing static single assignment form , 1989, POPL '89.

[6]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[7]  Cindy Eisner,et al.  Formal verification of software source code through semi-automatic modeling , 2005, Software & Systems Modeling.

[8]  George J. Milne,et al.  Correct Hardware Design and Verification Methods , 2003, Lecture Notes in Computer Science.

[9]  Klaus Havelund,et al.  SPIN Model Checking and Software Verification , 2000, Lecture Notes in Computer Science.

[10]  Daniel Kroening,et al.  Behavioral consistency of C and Verilog programs using bounded model checking , 2003, Proceedings 2003. Design Automation Conference (IEEE Cat. No.03CH37451).

[11]  Eitan Farchi,et al.  Formal verification of concurrent software: two case studies , 2006, PADTAD '06.

[12]  Vincent Danos,et al.  Reversible Communicating Systems , 2004, CONCUR.

[13]  Gerard J. Holzmann,et al.  An improvement in formal verification , 1994, FORTE.

[14]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[15]  Patrice Godefroid,et al.  VeriSoft: A Tool for the Automatic Analysis of Concurrent Reactive Software , 1997, CAV.

[16]  Sharon Barner,et al.  Wolf - Bug Hunter for Concurrent Software Using Formal Methods , 2005, CAV.

[17]  Malay K. Ganai,et al.  Efficient SAT-based bounded model checking for software verification , 2008, Theor. Comput. Sci..

[18]  Sharon Barner,et al.  Effcient Symbolic Model Checking of Software Using Partial Disjunctive Partitioning , 2003, CHARME.

[19]  Koushik Sen,et al.  CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-Checking Tools , 2006, CAV.

[20]  Cindy Eisner,et al.  Model checking the garbage collection mechanism of SMV , 2001, Workshop on Software Model Checking @ CAV.

[21]  Yichen Xie,et al.  Zing: Exploiting Program Structure for Model Checking Concurrent Software , 2004, CONCUR.

[22]  Orna Grumberg,et al.  Bounded Model Checking of Concurrent Programs , 2005, CAV.

[23]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.