Model Checking Boolean Programs
نویسندگان
چکیده
The reliability of software is crucial to the functioning of today’s world, which heavily depends on computer systems. Given the ever increasing complexity of software, bugs are subtle and thus hard to find with manual inspection. A more promising approach is to use a formal method such as model checking, which employs exhaustive state-space search to ensure the correctness of the software. However, existing tools typically feature two flaws: either they have insufficient capacity to handle large programs or they report many false positives. A successful approach to push the boundaries of model checking is predicate abstraction (-refinement). With this method, an abstraction of a program in a high-level programming language is constructed using predicates and represented as a Boolean program. It is analyzed by a dedicated checker to determine if an error state is reachable. Boolean program verification remains, despite the reduced state space, the bottleneck within the automated abstraction-refinement loop. This thesis introduces techniques for efficient reachability analysis of sequential and concurrent Boolean programs. We improve on known summarization algorithms for sequential Boolean programs and propose over-approximations of procedure calls. For non-recursive concurrent Boolean programs with bounded thread creation, we first introduce a transformation to a representation based on thread-state counters, which exploits the symmetry inherent in replicated programs. In a second step, we combine this representation with a method to locate thread creating cycles in order to allow an unbounded number of threads. The algorithms are implemented in BOOM, a model checking platform for Boolean programs. It is the first tool which implements a summarizing reachability engine that entirely relies on a satisfiability solver for (quantified) Boolean formulæ. The concurrent variant of BOOM is implemented using binary decision diagrams and includes partial order reduction methods. BOOM has been used in combination with the SATABS software model checker to verify safety properties of Linux device drivers. BOOM is, to the best of our knowledge, the first efficient model checker for non-recursive concurrent Boolean programs.
منابع مشابه
Analysis of Boolean Programs
Boolean programs are a popular abstract domain for static-analysisbased software model checking. Yet little is known about the complexity of model checking for this model of computation. This paper aims to fill this void by providing a comprehensive study of the worst-case complexity of several basic analyses of Boolean programs, including reachability analysis, cycle detection, LTL, CTL, and C...
متن کاملBoolean Programs: A Model and Process For Software Analysis
A fundamental issue in model checking of software is the choice of a model for software. We present a model called boolean programs that is expressive enough to represent features in common programming languages and is amenable to model checking. We present a model checking algorithm for boolean programs using context-free-language reachability. The model checking algorithm allows procedure cal...
متن کاملChecking Synchronous Programs via Boolean Automata
This paper describes a novel approach to the veriication of synchronous programs. Synchronous languages such as Esterel, Argos, or Signal, have a computational model that consists of an innnite sequence of input/output events, each taking time to compute that is negligible on a scale measured by the environment. This model is well suited to programming reactive, and real-time systems. The seman...
متن کاملAlgorithms for Atomicity
We study the algorithmics of checking atomicity of in concurrent programs. Unearthing fundamental results behind scheduling algorithms in database control, we build space-efficient monitoring algorithms for checking atomicity. Second, by interpreting the monitoring algorithm as a deterministic automaton, we solve several key model checking problems for checking atomicity of finite-state concurr...
متن کاملA SAT Characterization of Boolean-Program Correctness
Boolean programs, imperative programs where all variables have type boolean, have been used effectively as abstractions of device drivers (in Ball and Rajamani’s SLAM project). To find errors in these boolean programs, SLAM uses a model checker based on binary decision diagrams (BDDs). As an alternative checking method, this paper defines the semantics of procedure-less boolean programs by weak...
متن کامل