IC3 Software Model Checking on Control Flow Automata Tim Lange 1 - - PowerPoint PPT Presentation

β–Ά
ic3 software model checking on control flow automata
SMART_READER_LITE
LIVE PREVIEW

IC3 Software Model Checking on Control Flow Automata Tim Lange 1 - - PowerPoint PPT Presentation

Dec 21, 2022 504 likes β€’942 views

IC3 Software Model Checking on Control Flow Automata Tim Lange 1 Martin R. Neuhuer 2 Thomas Noll 1 1 Software Modeling and Verification Group, RWTH Aachen 2 Siemens AG FMCAD 2015 at Austin, TX, USA, September 29, 2015 Introduction Outline

slide-1
SLIDE 1

IC3 Software Model Checking on Control Flow Automata

Tim Lange 1 Martin R. NeuhÀußer 2 Thomas Noll 1

1 Software Modeling and Verification Group, RWTH Aachen 2 Siemens AG

FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-2
SLIDE 2

Introduction Outline Introduction Preliminaries Original IC3 Related Work IC3 on Control Flow Automata Conclusion

2 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-3
SLIDE 3

Introduction Motivation Lifting to software model checking

  • IC3 had a deep impact in hardware model checking
  • Showed much better performance than CEGAR and BMC
  • Nowadays employed in most major hardware model checking tools

Challenges

  • Domain in hardware model checking finite (bit-level)
  • How to handle infinite state spaces?
  • How to encode finite control flow?

3 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-4
SLIDE 4

Preliminaries Outline Introduction Preliminaries Original IC3 Related Work IC3 on Control Flow Automata Conclusion

4 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-5
SLIDE 5

Preliminaries Control Flow Automaton (CFA) A CFA 𝒝 = (𝑀, 𝐻, π‘š0, π‘šπΉ) consists of a set of locations 𝑀 = {0, … , π‘œ} and edges in 𝐻 βŠ† 𝑀 Γ— 𝑅𝐺𝐺𝑃 Γ— 𝑀 labeled with quantifier-free first-order formulas, an initial location π‘š0, and an error location π‘šπΉ. Transition formula Given two locations π‘š1, π‘š2 ∈ 𝑀, we define the transition formula π‘ˆπ‘š1β†’π‘š2 = {(π‘žπ‘‘ = π‘š1) ∧ 𝑒 ∧ (π‘žπ‘‘β€² = π‘š2) , if (π‘š1, 𝑒, π‘š2) ∈ 𝐻 π‘”π‘π‘šπ‘‘π‘“ , otherwise.

5 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-6
SLIDE 6

Preliminaries Relative Inductivity [Bra11] Given a transition formula π‘ˆ = ⋁

(π‘š1,𝑒,π‘š2)∈𝐻

π‘ˆπ‘š1β†’π‘š2, a formula πœ’ is inductive relative to another formula πœ” if πœ” ∧ πœ’ ∧ π‘ˆ β‡’ πœ’β€² is valid. Edge-Relative Inductivity Given a CFA A and locations π‘š1, π‘š2 ∈ 𝑀, a formula πœ’ is inductive edge-relative to another formula πœ” if πœ” ∧ πœ’ ∧ π‘ˆπ‘š1β†’π‘š2 β‡’ πœ’β€² is valid.

[Bra11] Aaron R. Bradley. β€œSAT-Based Model Checking without Unrolling”. In: VMCAI. 2011, pp. 70–87 6 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-7
SLIDE 7

Preliminaries Region [Hen+02] A region 𝑠 = (π‘š, 𝑑) is a pair consisting of location π‘š and formula 𝑑. The set of corresponding formulas for 𝑠 is given as {πœ’ ∣ πœ’ ≑ (π‘žπ‘‘ = π‘š ∧ 𝑑)}. Similarly, for ¬𝑠 corresponding formulas are defined as {πœ’ ∣ πœ’ ≑ Β¬(π‘žπ‘‘ = π‘š ∧ 𝑑)}. Edge-Relative Inductive Regions Assume two regions 𝑠1 = (π‘š1, 𝑑1), ¬𝑠2 = Β¬(π‘š2, 𝑑2), we can reduce edge-relative inductivity of ¬𝑠2 to 𝑠1 to 𝑑1 ∧ π‘ˆπ‘š1β†’π‘š2 β‡’ ¬𝑑′

2

, if π‘š1 ΜΈ =π‘š2 𝑑1 ∧ ¬𝑑2 ∧ π‘ˆπ‘š1β†’π‘š2 β‡’ ¬𝑑′

2

, if π‘š1 = π‘š2

[Hen+02] Thomas A. Henzinger et al. β€œLazy abstraction”. In: POPL. 2002, pp. 58–70 7 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-8
SLIDE 8

Original IC3 Outline Introduction Preliminaries Original IC3 Related Work IC3 on Control Flow Automata Conclusion

8 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-9
SLIDE 9

Original IC3 Consider the transition system β„³ = (π‘Œ, 𝐽, π‘ˆ) and the property 𝑄(π‘Œ).

𝑄 𝐺0 𝐺1 𝐺2 𝐺1 = 𝐺2 𝐺3 𝐺2 𝐺3 𝐺4 𝐺5 𝑓 𝑒 𝑑 𝑐 𝑏 π‘₯ 𝑀 𝑣 𝑒

9 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-10
SLIDE 10

Original IC3 Consider the transition system β„³ = (π‘Œ, 𝐽, π‘ˆ) and the property 𝑄(π‘Œ).

𝑄 𝐺0 𝐺1 𝐺2 𝐺1 = 𝐺2 𝐺3 𝐺2 𝐺3 𝐺4 𝐺5 𝑓 𝑒 𝑑 𝑐 𝑏 π‘₯ 𝑀 𝑣 𝑒

9 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-11
SLIDE 11

Original IC3 Consider the transition system β„³ = (π‘Œ, 𝐽, π‘ˆ) and the property 𝑄(π‘Œ).

𝐺1 = 𝑄 𝐺0 𝐺1 𝐺2 𝐺1 = 𝐺2 𝐺3 𝐺2 𝐺3 𝐺4 𝐺5 𝑓 𝑒 𝑑 𝑐 𝑏 π‘₯ 𝑀 𝑣 𝑒

9 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-12
SLIDE 12

Original IC3 Consider the transition system β„³ = (π‘Œ, 𝐽, π‘ˆ) and the property 𝑄(π‘Œ).

𝐺1 = 𝑄 𝐺0 𝐺1 𝐺2 𝐺1 = 𝐺2 𝐺3 𝐺2 𝐺3 𝐺4 𝐺5 𝑓 𝑒 𝑑 𝑐 𝑏 π‘₯ 𝑀 𝑣 𝑒

9 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-13
SLIDE 13

Original IC3 Consider the transition system β„³ = (π‘Œ, 𝐽, π‘ˆ) and the property 𝑄(π‘Œ).

𝑄 𝐺0 𝐺1 𝐺2 𝐺1 = 𝐺2 𝐺3 𝐺2 𝐺3 𝐺4 𝐺5 𝑓 𝑒 𝑑 𝑐 𝑏 π‘₯ 𝑀 𝑣 𝑒

9 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-14
SLIDE 14

Original IC3 Consider the transition system β„³ = (π‘Œ, 𝐽, π‘ˆ) and the property 𝑄(π‘Œ).

𝑄 𝐺0 𝐺1 𝐺2 𝐺1 = 𝐺2 𝐺3 𝐺2 𝐺3 𝐺4 𝐺5 𝑓 𝑒 𝑑 𝑐 𝑏 π‘₯ 𝑀 𝑣 𝑒

9 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-15
SLIDE 15

Original IC3 Consider the transition system β„³ = (π‘Œ, 𝐽, π‘ˆ) and the property 𝑄(π‘Œ).

𝐺2 = 𝑄 𝐺0 𝐺1 𝐺2 𝐺1 = 𝐺2 𝐺3 𝐺2 𝐺3 𝐺4 𝐺5 𝑓 𝑒 𝑑 𝑐 𝑏 π‘₯ 𝑀 𝑣 𝑒

9 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-16
SLIDE 16

Original IC3 Consider the transition system β„³ = (π‘Œ, 𝐽, π‘ˆ) and the property 𝑄(π‘Œ).

𝐺2 = 𝑄 𝐺0 𝐺1 𝐺2 𝐺1 = 𝐺2 𝐺3 𝐺2 𝐺3 𝐺4 𝐺5 𝑓 𝑒 𝑑 𝑐 𝑏 π‘₯ 𝑀 𝑣 𝑒

9 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-17
SLIDE 17

Original IC3 Consider the transition system β„³ = (π‘Œ, 𝐽, π‘ˆ) and the property 𝑄(π‘Œ).

𝑄 𝐺0 𝐺1 𝐺2 𝐺1 = 𝐺2 𝐺3 𝐺2 𝐺3 𝐺4 𝐺5 𝑓 𝑒 𝑑 𝑐 𝑏 π‘₯ 𝑀 𝑣 𝑒

9 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-18
SLIDE 18

Original IC3 Consider the transition system β„³ = (π‘Œ, 𝐽, π‘ˆ) and the property 𝑄(π‘Œ).

𝐺3 = 𝑄 𝐺0 𝐺1 𝐺2 𝐺1 = 𝐺2 𝐺3 𝐺2 𝐺3 𝐺4 𝐺5 𝑓 𝑒 𝑑 𝑐 𝑏 π‘₯ 𝑀 𝑣 𝑒

9 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-19
SLIDE 19

Original IC3 Consider the transition system β„³ = (π‘Œ, 𝐽, π‘ˆ) and the property 𝑄(π‘Œ).

𝑄 𝐺0 𝐺1 𝐺2 𝐺1 = 𝐺2 𝐺3 𝐺2 𝐺3 𝐺4 𝐺5 𝑓 𝑒 𝑑 𝑐 𝑏 π‘₯ 𝑀 𝑣 𝑒

9 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-20
SLIDE 20

Original IC3 Consider the transition system β„³ = (π‘Œ, 𝐽, π‘ˆ) and the property 𝑄(π‘Œ).

𝐺3 = 𝑄 𝐺0 𝐺1 𝐺2 𝐺1 = 𝐺2 𝐺3 𝐺2 𝐺3 𝐺4 𝐺5 𝑓 𝑒 𝑑 𝑐 𝑏 π‘₯ 𝑀 𝑣 𝑒

9 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-21
SLIDE 21

Original IC3 Consider the transition system β„³ = (π‘Œ, 𝐽, π‘ˆ) and the property 𝑄(π‘Œ).

𝑄 𝐺0 𝐺1 𝐺2 𝐺1 = 𝐺2 𝐺3 𝐺2 𝐺3 𝐺4 𝐺5 𝑓 𝑒 𝑑 𝑐 𝑏 π‘₯ 𝑀 𝑣 𝑒

9 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-22
SLIDE 22

Original IC3 Consider the transition system β„³ = (π‘Œ, 𝐽, π‘ˆ) and the property 𝑄(π‘Œ).

𝑄 𝐺0 𝐺1 𝐺2 𝐺1 = 𝐺2 𝐺3 𝐺2 𝐺3 𝐺4 𝐺5 𝑓 𝑒 𝑑 𝑐 𝑏 π‘₯ 𝑀 𝑣 𝑒

9 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-23
SLIDE 23

Related Work Outline Introduction Preliminaries Original IC3 Related Work IC3 on Control Flow Automata Conclusion

10 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-24
SLIDE 24

Related Work Abstract reachability tree (ART) unrolling [CG12] Unroll ART, search error path and refute (similarly to blocking phase of IC3). Bit-blasting [WK13] Encode variables as bit-vectors and use bit-blasting with bit-level IC3. Implicit Abstraction [Cim+14] Express abstract transitions without explicitly computing the abstract system. Predicate Abstraction [BBW14] Use predicate abstraction and refine predicates based on CTIs.

[CG12] Alessandro Cimatti and Alberto Griggio. β€œSoftware Model Checking via IC3”. In: CAV. 2012, pp. 277–293 [WK13] Tobias Welp and Andreas Kuehlmann. β€œQF BV model checking with property directed reachability”. In: DATE. 2013, pp. 791–796 [Cim+14] Alessandro Cimatti et al. β€œIC3 Modulo Theories via Implicit Predicate Abstraction”. In: TACAS. 2014, pp. 46–61 [BBW14] Johannes Birgmeier, Aaron R. Bradley, and Georg Weissenbacher. β€œCounterexample to Induction-Guided Abstraction-Refinement (CTIGAR)”. . In: CAV. 2014, pp. 831–848 11 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-25
SLIDE 25

IC3 on Control Flow Automata Outline Introduction Preliminaries Original IC3 Related Work IC3 on Control Flow Automata Conclusion

12 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-26
SLIDE 26

IC3 on Control Flow Automata Idea

  • Encoding of control flow using special π‘žπ‘‘ variable not efficient [CG12]
  • Extraction of control flow advantageous
  • Instead of unrolling into ART apply IC3 directly on CFA
  • For every location in the CFA construct frames 𝐺0, … , 𝐺𝑙
  • Frames represent overapproximations of 𝑗-step reachability in location
  • Explicit control flow locations allow to take only single transitions into account

[CG12] Alessandro Cimatti and Alberto Griggio. β€œSoftware Model Checking via IC3”. In: CAV. 2012, pp. 277–293 13 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-27
SLIDE 27

IC3 on Control Flow Automata Example π‘š0 π‘š0 1 1 2 π‘šπΉ π‘šπΉ 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦++; 𝑧++ 𝑦++; 𝑧++ 𝑦 = 𝑧 𝑦 β‰  𝑧 𝑦 β‰  𝑧 Initial location: π‘š0 Error location: π‘šπΉ Terminating location: 2 Frames 𝐺(𝑗,π‘š) 𝑗: π‘š: π‘š0 1 1

14 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-28
SLIDE 28

IC3 on Control Flow Automata Example π‘š0 π‘š0 1 1 2 π‘šπΉ π‘šπΉ 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦++; 𝑧++ 𝑦++; 𝑧++ 𝑦 = 𝑧 𝑦 β‰  𝑧 𝑦 β‰  𝑧 Frames 𝐺(𝑗,π‘š) 𝑗: π‘š: π‘š0 1 true false 1 true true

14 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-29
SLIDE 29

IC3 on Control Flow Automata Example π‘š0 π‘š0 1 1 2 π‘šπΉ π‘šπΉ 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦++; 𝑧++ 𝑦++; 𝑧++ 𝑦 = 𝑧 𝑦 β‰  𝑧 𝑦 β‰  𝑧 Frames 𝐺(𝑗,π‘š) 𝑗: π‘š: π‘š0 1 true false 1 true true CTI (1,𝑦 β‰  𝑧), level 1

14 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-30
SLIDE 30

IC3 on Control Flow Automata Example π‘š0 π‘š0 1 1 2 π‘šπΉ π‘šπΉ 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦++; 𝑧++ 𝑦++; 𝑧++ 𝑦 = 𝑧 𝑦 β‰  𝑧 𝑦 β‰  𝑧 Frames 𝐺(𝑗,π‘š) 𝑗: π‘š: π‘š0 1 true false 1 true true CTI (1,𝑦 β‰  𝑧), level 1 π‘‡π΅π‘ˆ(𝐺(0,1) ∧ Β¬(𝑦 β‰  𝑧) ∧ π‘ˆ1β†’1 ∧ 𝑦′ β‰  𝑧′)

14 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-31
SLIDE 31

IC3 on Control Flow Automata Example π‘š0 π‘š0 1 1 2 π‘šπΉ π‘šπΉ 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦++; 𝑧++ 𝑦++; 𝑧++ 𝑦 = 𝑧 𝑦 β‰  𝑧 𝑦 β‰  𝑧 Frames 𝐺(𝑗,π‘š) 𝑗: π‘š: π‘š0 1 true false 1 true true CTI (1,𝑦 β‰  𝑧), level 1 π‘‡π΅π‘ˆ(𝐺(0,1) ∧ Β¬(𝑦 β‰  𝑧) ∧ π‘ˆ1β†’1 ∧ 𝑦′ β‰  𝑧′) βœ—

14 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-32
SLIDE 32

IC3 on Control Flow Automata Example π‘š0 π‘š0 1 1 1 2 π‘šπΉ π‘šπΉ 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦++; 𝑧++ 𝑦++; 𝑧++ 𝑦 = 𝑧 𝑦 β‰  𝑧 𝑦 β‰  𝑧 Frames 𝐺(𝑗,π‘š) 𝑗: π‘š: π‘š0 1 true false 1 true true CTI (1,𝑦 β‰  𝑧), level 1 π‘‡π΅π‘ˆ(𝐺(0,1) ∧ Β¬(𝑦 β‰  𝑧) ∧ π‘ˆ1β†’1 ∧ 𝑦′ β‰  𝑧′) βœ— π‘‡π΅π‘ˆ(𝐺(0,π‘š0) ∧ π‘ˆπ‘š0β†’1 ∧ 𝑦′ β‰  𝑧′)

14 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-33
SLIDE 33

IC3 on Control Flow Automata Example π‘š0 π‘š0 1 1 1 2 π‘šπΉ π‘šπΉ 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦++; 𝑧++ 𝑦++; 𝑧++ 𝑦 = 𝑧 𝑦 β‰  𝑧 𝑦 β‰  𝑧 Frames 𝐺(𝑗,π‘š) 𝑗: π‘š: π‘š0 1 true false 1 true true CTI (1,𝑦 β‰  𝑧), level 1 π‘‡π΅π‘ˆ(𝐺(0,1) ∧ Β¬(𝑦 β‰  𝑧) ∧ π‘ˆ1β†’1 ∧ 𝑦′ β‰  𝑧′) βœ— π‘‡π΅π‘ˆ(𝐺(0,π‘š0) ∧ π‘ˆπ‘š0β†’1 ∧ 𝑦′ β‰  𝑧′) βœ—

14 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-34
SLIDE 34

IC3 on Control Flow Automata Example π‘š0 π‘š0 1 1 1 2 π‘šπΉ π‘šπΉ 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦++; 𝑧++ 𝑦++; 𝑧++ 𝑦 = 𝑧 𝑦 β‰  𝑧 𝑦 β‰  𝑧 Frames 𝐺(𝑗,π‘š) 𝑗: π‘š: π‘š0 1 true false 1 true 𝑦 = 𝑧 CTI (1,𝑦 β‰  𝑧), level 1 π‘‡π΅π‘ˆ(𝐺(0,1) ∧ Β¬(𝑦 β‰  𝑧) ∧ π‘ˆ1β†’1 ∧ 𝑦′ β‰  𝑧′) βœ— π‘‡π΅π‘ˆ(𝐺(0,π‘š0) ∧ π‘ˆπ‘š0β†’1 ∧ 𝑦′ β‰  𝑧′) βœ—

14 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-35
SLIDE 35

IC3 on Control Flow Automata Example π‘š0 π‘š0 1 1 2 π‘šπΉ π‘šπΉ 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦++; 𝑧++ 𝑦++; 𝑧++ 𝑦 = 𝑧 𝑦 β‰  𝑧 𝑦 β‰  𝑧 Frames 𝐺(𝑗,π‘š) 𝑗: π‘š: π‘š0 1 true false 1 true 𝑦 = 𝑧

14 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-36
SLIDE 36

IC3 on Control Flow Automata Example π‘š0 π‘š0 1 1 2 π‘šπΉ π‘šπΉ 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦 ∢= ?; 𝑧 ∢= 𝑦 𝑦++; 𝑧++ 𝑦++; 𝑧++ 𝑦 = 𝑧 𝑦 β‰  𝑧 𝑦 β‰  𝑧 Frames 𝐺(𝑗,π‘š) 𝑗: π‘š: π‘š0 1 true false 1 true 𝑦 = 𝑧 2 true 𝑦 = 𝑧

14 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-37
SLIDE 37

IC3 on Control Flow Automata Evaluation 28 benchmarks from SVCOMP & device drivers, subset of [CG12].

10

βˆ’ 3

10

βˆ’ 2

10

βˆ’ 1

10 10

1

10

2

10

3

10βˆ’3 10βˆ’2 10βˆ’1 100 101 102 103 TO TO IC3CFA IC3SMT

Algorithm solved solve time total time IC3SMT 13/28 6328s 24328s IC3CFA 22/28 584s 7784s

[CG12] Alessandro Cimatti and Alberto Griggio. β€œSoftware Model Checking via IC3”. In: CAV. 2012, pp. 277–293 15 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-38
SLIDE 38

IC3 on Control Flow Automata Evaluation 28 benchmarks from SVCOMP & device drivers, subset of [CG12].

10

βˆ’ 3

10

βˆ’ 2

10

βˆ’ 1

10 10

1

10

2

10

3

10βˆ’3 10βˆ’2 10βˆ’1 100 101 102 103 TO TO IC3CFA TreeIC3

Algorithm solved solve time total time TreeIC3 21/28 1752s 10152s IC3CFA 22/28 584s 7784s

[CG12] Alessandro Cimatti and Alberto Griggio. β€œSoftware Model Checking via IC3”. In: CAV. 2012, pp. 277–293 16 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-39
SLIDE 39

IC3 on Control Flow Automata Evaluation 28 benchmarks from SVCOMP & device drivers, subset of [CG12].

10

βˆ’ 3

10

βˆ’ 2

10

βˆ’ 1

10 10

1

10

2

10

3

10βˆ’3 10βˆ’2 10βˆ’1 100 101 102 103 TO TO IC3CFA TreeIC3-ITP

Algorithm solved solve time total time TreeIC3-ITP 28/28 3107s 3107s IC3CFA 22/28 584s 7784s

[CG12] Alessandro Cimatti and Alberto Griggio. β€œSoftware Model Checking via IC3”. In: CAV. 2012, pp. 277–293 17 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-40
SLIDE 40

Conclusion Outline Introduction Preliminaries Original IC3 Related Work IC3 on Control Flow Automata Conclusion

18 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-41
SLIDE 41

Conclusion Contributions Small SMT queries Through inspection of only specific transitions, we can use a single edge formula instead of giving the whole transition relation to the solver. No unrolling By using 𝐺𝑗 frames in every location of the CFA, we can operate on the CFA

  • exclusively. Thus no need for unrolling the CFA.

Stronger relative inductivity When considering self-loops we can use the stronger relative inductivity that is used in the original IC3.

19 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015

slide-42
SLIDE 42

Conclusion References

Johannes Birgmeier, Aaron R. Bradley, and Georg Weissenbacher. β€œCounterexample to Induction-Guided Abstraction-Refinement (CTIGAR)”. In: CAV. 2014, pp. 831–848. Aaron R. Bradley. β€œSAT-Based Model Checking without Unrolling”. In: VMCAI. 2011, pp. 70–87. Alessandro Cimatti and Alberto Griggio. β€œSoftware Model Checking via IC3”. In: CAV. 2012, pp. 277–293. Alessandro Cimatti et al. β€œIC3 Modulo Theories via Implicit Predicate Abstraction”. In: TACAS. 2014, pp. 46–61. Thomas A. Henzinger et al. β€œLazy abstraction”. In: POPL. 2002, pp. 58–70. Tobias Welp and Andreas Kuehlmann. β€œQF BV model checking with property directed reachability”. In: DATE. 2013,

  • pp. 791–796.

20 of 20 IC3 Software Model Checking on Control Flow Automata | Tim Lange | Software Modeling and Verification Group, RWTH Aachen | FMCAD 2015 at Austin, TX, USA, September 29, 2015