When we want to examine the properties of a system e. Interpolation and satbased model checking springerlink. Over the past decade, software model checking tools have adopted a number. Generalized linear interpolation of language models. Main logicbased approaches bounded model checking cbrz01, amp06, bhvmw09 interpolationbased model checking mcm03, mcm05 model checking without unrolling bm07, bra10 temporal induction sss00, dmrs03, ht08 backward reachability acjt96, gr10 past accomplishments. Computing relational fixed points using interpolation. Symbolic model checking 8,9 is a method of verifying temporal properties of. Bounded model checking bmc is well known for its simplicity and ability to find counterexamples. Thus, it has a variety of applications, including including model checking of recursive and threaded programs. The interpolants form an inductive sequence of hoare triples that prove safety of a given program path, and potentially others. Gpdr, these algorithms are based on a combination of bounded model checking bmc 8 and craig interpolation 16. We present a interpolationbased method for symbolically computing relational postfixed points. Automated goal operationalisation based on interpolation.
Fast interpolating bounded model checking microsoft research. The prover has been used for predicate refinement in the blast software model checker, and can also be used directly for model checking infinitestate systems, using interpolation based image. Pdf interpolation properties and satbased model checking. Our experiments demonstrate the feasibility of the new technique and confirm its advantages on the large programs. These formulae are given as an input to a sat solver when performing bounded model checking bmc 5, induction based model checking 74,6, or interpolation based model checking 58. Applications of craig interpolants in model checking lara. The survey focuses on hardware model checking, but the presented ideas can be extended to other systems as well. We make those techniques available for the explicitvalue domain. In 11 interpolationsequence is used for software model checking and lazy abstraction. Incremental upgrade checking by means of interpolationbased function summaries ondrej seryy grigory fedyukovich natasha sharygina formal veri. The tool relies on the builtin predicate and explicit value domains and re. An automatatheoretic approach to automatic program. We consider a fully satbased method of unbounded symbolic model checking based on computing craig interpolants.
The prover has been used for predicate refinement in the blast software model checker, and can also be used directly for model checking infinitestate systems, using interpolationbased image. Incremental upgrade checking by means of interpolation. The method is implemented in tool called duality, which we evaluate using. Satbased model checking with interpolation orna grumberg. Interpolation properties and satbased model checking. In bounded model checking, the number of states is bounded, e. It is based on the idea of symbolically representing counterexamples in a transition system and then using a satsolver to check for their existence or their absence. We present an approach that integrates abstraction and interpolationbased. Software model checking is the algorithmic analysis of programs to prove. During its evolution, a typical softwarehardware design undergoes a myriad of small changes.
Comparing model checking and static program analysis. Our approach starts with a model checking phase, for verifying whether the. Crl has pioneered numerous fundamental ideas and algorithms to this field, including interpolation as a satisfiabilitybased proof method which is often dr amatically faster. Abstract interpolation based automatic abstraction is a powerful and robust technique for the automated analysis of hardware and software systems. An approximate operator post is implemented using a sat solver that generates refutations and an interpolation system. The introduction of interpolation and ic3npdr enable e cient complete algorithms that can provide full veri cation as well. A counterexampleguided interpolant generation algorithm. Satbased model checking main idea translate the model and the specification to. Interpolation based model checking interpolation and satbased model checking 2003 survey on hardware verification a survey of recent advances in satbased formal verification 2005 property directed reachability pdric3 satbased model checking without unrolling 2011, understanding ic3 2012 sygus resources. Incremental upgrade checking by means of interpolationbased function summaries ondrej sery. Satbased model checking using interpolation and ic3. Exploiting partial variable assignment in interpolation. Satbased model checking using interpolation and ic3 research thesis in partial ful llment of the requirements for the degree of doctor of philosophy yakir vizel sumbitted to the senate of technion israel institute of technology iyar, 5774 haifa may, 2014 technion computer science department ph.
We implemented interpolationbased summarization in our funfrog tool, and compared it with several stateoftheart software model checking tools. An interpolant 5 of aand bis a formula pcontaining only variables that are common between aand b, and satisfying the. Lazy abstraction, originally developed for software model checking, is a specific type of abstraction that allows hiding dif ferent model details at different steps of. Typically, one has hardware or software systems in mind, whereas the specification contains safety requirements such as the absence of deadlocks and similar critical states that can cause the. Unbounded modelchecking with interpolation for regular. Most stateoftheart model checking techniques based on interpolation require collections of interpolants to satisfy particular properties, to which we refer as collectives. Lncs 7793 explicitstate software model checking based. About bounded model checking and interpolation theoretical. On the other hand, the approximate image may contain spurious counterexamples, necessitating quality guarantees for the approximation. Sampling measurements made at discrete points, such as measurements of contaminant concentrations, can be used to build a model for the whole site. As previous approaches 17, 2, our technique applies to safety and time progress goals. This paper presents funfrog, a tool that implements a function summarization approach for software bounded model checking. Explicitstate software model checking based on cegar and interpolation. Model checking, sat based model checking, interpolation, interpolation sequence, bounded model checking bmc, ic3, unbounded model checking, abstraction, lazy abstraction, hardware model checking 1.
Citeseerx n interpolationbased function summaries in. Interpolation for data structures university of new mexico. Fa872105c0003 with carnegie mellon university for the operation of the software. In 112 the idea of interpolation is combined with bounded model checking to obtain. First, they use an smtsolver to check for a bounded counterexample, where the bound is on the depth of the call stack i. In fact, 12 out of the 15 cegarbased tools in svcomp are based on craig. In benchmark studies using a set of large industrial circuit verification instances. Our algorithm is integrated into stateoftheart satbased model checking using craig interpolation. Abstractduring its evolution, a typical softwarehardware design undergoes a myriad of small changes. Stateoftheart bmc algorithms combine a direct translation to sat with circuitaware simplifications and. Finally we give the notation for propositional satis ability and interpolation we will use in the paper. Different methods are available to make models for contaminant concentrations at all points within the site. The second approach, craig, is based on craig interpolation. Request pdf approximation refinement for interpolationbased model checking model checking using craig interpolants provides an effec tive method for computing an overapproximation of the.
More effective interpolations in software model checking. A configurable cegar framework with interpolationbased. Satbased model checking is currently one of the most successful approaches to checkingverylarge systems. Explicitvalue analysis based on cegar and interpolation. Model checking software or hardware systems can be often represented as a state transition system m s,i,t,l m can be seen as a modelboth 1. Software model checking zprogram behaviorprogram behavior zpredicate abstraction zcounterexampleguided abstraction refinement part ii. Approximation refinement for interpolationbased model checking. Crl has pioneered numerous fundamental ideas and algorithms to this field, including interpolation as a. The method can be used to solve for unknown predicates in the verification conditions of programs. In general, interpolationbased software model checking techniques extract interpolants from refutation proofs of infeasible program paths. In satbased model checking, nite sets and relations are encoded in propositional logic. We further seamlessly integrated the novel interpolant generation algorithm into the reinterpreted interpolationbased model checking procedure.
There are two fundamental variations of model checking. Moreover, we are also able to deal with a wide range of liveness goals, namely, those captured by the reactivity pattern 23. These techniques have not yet been applied together to explicitvalue program analysis. However, it is extremely costly to verify each new version fr incremental upgrade checking by means of interpolationbased function summaries ieee conference publication. Interpolationsequence based model checking cs technion.
We consider a fully satbased method of unbounded symbolic model checking based on computing. The finite number of states can be searched using either stateful search or stateless search. In its early days, satbased bounded model checking was mainly used for bug hunting. It uses interpolationbased function summaries as overapproximation of. Given a model of a system, exhaustively and automatically check whether this model meets a given specification. Abstractduring its evolution, a typical softwarehardware. We use it for a systematic study of the collectives and of the constraints they pose on propositional interpolation systems used in satbased model checking. Interpolation based model checking ib in 10 mcmillan presents a sa t based model checking algorithm for full veri. Model checking using craig interpolants provides an effec tive method for computing an overapproximation of the set of reachable states using a sat.
Relative completeness can be ensured for interpolationbased techniques by re. Citeseerx explicitstate software model checking based. In this paper we present the eufinterpolation system which aims at specializing and tailoring interpolants for the needs of interpolationbased modelchecking. Since the quality of interpolants can critically affect the success and failure, or convergence and divergence of model checking, researchers have put forward a novel and flexible interpolation abstraction. Craig interpolation has emerged as an effective approximation method and can be widely applied in hardware and software model checking. This material is based upon work funded and supported by the department of defense under contract no. It provides a systematic way to generate predicates over pro.
Model checking given a system and a specification, does the system satisfy the specification. Sery o, fedyukovich g, sharygina n 2012 interpolationbased function summaries in bounded model checking. Citeseerx document details isaac councill, lee giles, pradeep teregowda. Lncs 2725 interpolation and satbased model checking. Advances in software model checkers based on craig, however, can go only lockstep with advances in smt solvers with craig. Interpolationbased function summaries in bounded model.
A framework for abstraction and interpolationbased. Mcmillan 112 describes a satbased method for finitestate model checking based on the use of interpolants. In 8 it is used for computing an abstract model based on predicate abstraction, for software model checking. Interpolationbased techniques avoid the expensive abstraction. While this work uses the interpolationsequence to compute overapproximations of reachable states. While this work uses the interpolation sequence to compute over. Model checking algorithms are widely used for verifying hardware and software models. N interpolationbased function summaries in bounded. Equivalence checking of a floatingpoint unit against a highlevel c model unbounded safety verification for hardware using software analyzers computing mutation coverage in. Abstraction, counterexampleguided refinement, and interpolation are techniques that are essential to the success of predicatebased program analysis. In this paper, a new approach to generate a variety of functionally di erent interpolants using simulation and sat solving is proposed. A widely used algorithm for symbolic model checking is based on constructing the safe inductive invariant rx by means of unrolling the transi.
It was widely believed that craig is substantially more effective than newton. Approximation refinement for interpolationbased model. In computer science, model checking or property checking refers to the following problem. In international conference on fundamental approaches to software engineering, pages 146.
1092 137 973 254 251 7 41 403 1534 1162 393 766 168 914 373 1036 1073 834 756 89 42 917 287 1215 156 1340 210 745 801 107 139 1076 1319 656 1207