Bounded Model Checking of Multi-threaded Software using SMT solvers

The transition from single-core to multi-core processors has made multi-threaded software an important subject in computer aided verification. Here, we describe and evaluate an extension of the ESBMC model checker to support the verification of multi-threaded software with shared variables and locks using bounded model checking (BMC) based on Satisfiability Modulo Theories (SMT). We describe three approaches to model check multi-threaded software and our modelling of the synchronization primitives of the Pthread library. In the lazy approach, we generate all possible interleavings and call the BMC procedure on each of them individually, until we either find a bug, or have systematically explored all interleavings. In the schedule recording approach, we encode all possible interleavings into one single formula and then exploit the high speed of the SMT solvers. In the underapproximation-widening approach, we reduce the state space by abstracting the number of state variables and interleavings from the proofs of unsatisfiability generated by the SMT solvers. In all three approaches, we use partial-order reduction (POR) techniques to reduce the number of interleavings explored. Experiments show that our approaches can analyze larger problems and substantially reduce the verification time compared to state-of-the-art techniques that combine classic POR methods with symbolic algorithms and others that implement the Counter-Example Guided Abstraction Refinement technique.

[1]  Daniel Kroening,et al.  Symbolic Model Checking for Asynchronous Boolean Programs , 2005, SPIN.

[2]  Bernd Fischer,et al.  SMT-Based Bounded Model Checking for Embedded ANSI-C Software , 2012, IEEE Transactions on Software Engineering.

[3]  Daniel Kroening,et al.  SATABS: SAT-Based Predicate Abstraction for ANSI-C , 2005, TACAS.

[4]  M.K. Ganai,et al.  Accelerating High-level Bounded Model Checking , 2006, 2006 IEEE/ACM International Conference on Computer Aided Design.

[5]  Kenneth L. McMillan,et al.  Automatic Abstraction without Counterexamples , 2003, TACAS.

[6]  Yichen Xie,et al.  Zing: Exploiting Program Structure for Model Checking Concurrent Software , 2004, CONCUR.

[7]  Chao Wang,et al.  Monotonic Partial Order Reduction: An Optimal Symbolic Partial Order Reduction Technique , 2009, CAV.

[8]  Aarti Gupta,et al.  Efficient Modeling of Concurrent Systems in BMC , 2008, SPIN.

[9]  Stephan Merz,et al.  Model Checking , 2000 .

[10]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[11]  Ofer Strichman,et al.  Proof-guided underapproximation-widening for multi-process systems , 2005, POPL '05.

[12]  L. D. Moura,et al.  The YICES SMT Solver , 2006 .

[13]  Armin Biere,et al.  Bounded model checking , 2003, Adv. Comput..

[14]  Alessandro Armando,et al.  Bounded model checking of software using SMT solvers instead of SAT solvers , 2006, International Journal on Software Tools for Technology Transfer.

[15]  Chao Wang,et al.  Peephole Partial Order Reduction , 2008, TACAS.

[16]  Sriram Sankaranarayanan,et al.  Semantic Reduction of Thread Interleavings in Concurrent Programs , 2009, TACAS.

[17]  Robert K. Brayton,et al.  Partial-Order Reduction in Symbolic State Space Exploration , 1997, CAV.

[18]  Frank Mueller,et al.  A Library Implementation of POSIX Threads under UNIX , 1993, USENIX Winter.

[19]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[20]  Nikolaj Bjørner,et al.  Proofs and Refutations, and Z3 , 2008, LPAR Workshops.

[21]  Jakob Rehof,et al.  Context-Bounded Model Checking of Concurrent Software , 2005, TACAS.

[22]  Doron A. Peled,et al.  All from One, One for All: on Model Checking Using Representatives , 1993, CAV.

[23]  K. Sakallah,et al.  A New Search Algorithm for Satisfiability , 1996 .

[24]  Karem A. Sakallah,et al.  GRASP—a new search algorithm for satisfiability , 1996, ICCAD 1996.

[25]  Orna Grumberg,et al.  Bounded Model Checking of Concurrent Programs , 2005, CAV.

[26]  Joao Marques-Silva,et al.  GRASP-A new search algorithm for satisfiability , 1996, Proceedings of International Conference on Computer Aided Design.