A Dataflow Analysis to Improve SAT-Based Bounded Program Verification
نویسندگان
چکیده
SAT-based bounded verification of programs consists of the translation of the code and its annotations into a propositional formula. The formula is then analyzed for specification violations using a SATsolver. This technique is capable of proving the absence of errors up to a given scope. SAT is a well-known NP-complete problem, whose complexity depends on the number of propositional variables occurring in the formula. Thus, reducing the number of variables in the logical representation may have a great impact on the overall analysis. We propose a dataflow analysis which infers the set of possible values that can be assigned to each local and instance variable. Unnecessary variables at the SAT level can then be safely removed by relying on the inferred values. We implemented this approach in TACO, a SAT-based verification tool. We present an extensive empirical evaluation and discuss the benefits of the proposed approach.
منابع مشابه
JTACO: Test Execution for Faster Bounded Verification
In bounded program verification a finite set of execution traces is exhaustively checked in order to find violations to a given specification (i.e. errors). SAT-based bounded verifiers rely on SAT-Solvers as their back-end decision procedure, accounting for most of the execution time due to their exponential time complexity. In this paper we sketch a novel approach to improve SAT-based bounded ...
متن کاملEfficient SAT-based Bounded Model Checking for Software Verification
This paper discusses our methodology for formal analysis and automatic verification of software programs. It is currently applicable to a large subset of the C programming language that includes bounded recursion. We consider reachability properties, in particular whether certain assertions or basic blocks are reachable in the source code. We perform this analysis via a translation to a Boolean...
متن کاملModeling, Abstraction and Analysis of Software using Boolean Techniques
This paper discusses the formal analysis and automatic verification of software programs using our prototype tool FSoft. It is currently applicable to a subset of the C programming language allowing bounded recursion. We consider reachability properties, in particular whether certain assertions or basic blocks are reachable in the source code. We perform this analysis via a translation to a Boo...
متن کاملKleene Algebra and Bytecode Verification
Most standard approaches to the static analysis of programs, such as the popular worklist method, are first-order methods that inductively annotate program points with abstract values. In [6] we introduced a second-order approach based on Kleene algebra. In this approach, the primary objects of interest are not the abstract data values, but the transfer functions that manipulate them. These ele...
متن کاملIncremental Bounded Model Checking for Embedded Software (extended version)
Program analysis is on the brink of mainstream in embedded systems development. Formal verification of behavioural requirements, finding runtime errors and automated test case generation are some of the most common applications of automated verification tools based on Bounded Model Checking. Existing industrial tools for embedded software use an off-the-shelf Bounded Model Checker and apply it ...
متن کامل