SymDIVINE: Tool for Control-Explicit Data-Symbolic State Space Exploration
نویسندگان
چکیده
We present SymDIVINE: a tool for bit-precise model checking of parallel C and C++ programs. It builds upon LLVM compiler infrastructure, hence, it uses LLVM IR as an input formalism. Internally, SymDIVINE extends the standard explicit-state state space exploration with SMT machinery to handle non-deterministic data values. As such, SymDIVINE is on a halfway between a symbolic executor and an explicit-state model checker. The key differentiating aspect present in SymDIVINE is the ability to decide about equality of two symbolically represented states preventing thus repeated exploration of the state space graph. This is crucially important in particular for verification of parallel programs where the state space graph is full of diamond-shaped subgraphs.
منابع مشابه
SMT Queries Decomposition and Caching in Semi-Symbolic Model Checking
In semi-symbolic (control-explicit data-symbolic) model checking the state-space explosion problem is fought by representing sets of states by first-order formulas over the bit-vector theory. In this model checking approach, most of the verification time is spent in an smt solver on deciding satisfiability of quantified queries, which represent equality of symbolic states. In this paper, we int...
متن کاملMemory Efficient Data Structures for Explicit Verification of Timed Systems
Timed analysis of real-time systems can be performed using continuous (symbolic) or discrete (explicit) techniques. The explicit state-space exploration can be considerably faster for models with moderately small constants, however, at the expense of high memory consumption. In the setting of timed-arc Petri nets, we explore new data structures for lowering the used memory: PTries for efficient...
متن کاملParallel symbolic state-space exploration is difficult, but what is the alternative?
State-space exploration is an essential first step in many modeling and analysis problems. Its goal is to find and store all the states reachable from the initial state(s) of a discrete-state high-level model described, for example, using pseudocode or Petri nets. The state space can then be used to answer important questions, such as “Is there a dead state?” and “Can variable n ever become neg...
متن کاملSubsumer-first: A new Heuristic for Guided Symbolic Reachability Analysis
State space exploration using symbolic techniques provides a basis for the verification of software systems. The exploration procedure has direct impact on the overall effectiveness of the verification efforts. For example, choosing the breadth-first exploration strategy results in a verification tool that finds counterexamples quickly, but may sacrifice the efficiency of the reachability analy...
متن کاملEfficient Timed Reachability Analysis Using Clock Difference Diagrams
One of the major problems in applying automatic verification tools to industrial-size systems is the excessive amount of memory required during the state-space exploration of a model. In the setting of real-time, this problem of state-explosion requires extra attention as information must be kept not only on the discrete control structure but also on the values of continuous clock variables. In...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016