SMT-Based Bounded Model Checking of Multi-threaded Software in Embedded Systems

Download

PDF Download (3440Kb)

Description/Abstract

Our reliance on the correct functioning of embedded systems is growing rapidly. Such systems are used in a wide range of applications such as airbag control systems, mobile phones, and high-end television sets. These systems are becoming more and more complex and require multi-core processors with scalable shared memory to meet the increasing computational power demands. The reliability of the embedded (distributed) software is thus a key issue in the system development. In this thesis we describe and evaluate an approach to reason accurately and effectively about large embedded software using bounded model checking (BMC) based on Satisfiability Modulo Theories (SMT) techniques. We present three major novel contributions. First, we extend the encodings from previous SMT-based bounded model checkers to provide more accurate support for variables of finite bit width, bit-vector operations, arrays, structures, unions and pointers and thus making our approach suitable to reason about embedded software. We then provide new encodings into existing SMT theories and we show that our translations from ANSI-C programs to SMT formulas are as precise as bit-accurate procedures based on Boolean Satisfiability. Second, we develop three related approaches for model checking multi-threaded software in embedded systems. In the lazy approach, we generate all possible interleavings and call the SMT solver on each of them individually, until we either find a bug, or have systematically explored all interleavings. In the schedule recording approach, we encode all possible interleavings into one single formula and then exploit the high speed of the SMT solvers. In the underapproximation and widening approach,we reduce the state space by abstracting the number of interleavings from the proofs of unsatisfiability generated by the SMT solvers. Finally, we describe and evaluate an approach to integrate our SMT-based BMC into the software engineering process by making the verification process incremental. In particular, our approach looks at the modifications suffered by the software system since its last verification, and submits them to a partly static and dynamic verification process, which is thus guided by a set of test cases for coverage. Experiments show that our SMT-based BMC can analyze larger problems and reduce the verification time compared to state-of-the-art techniques that use BMC, iterative context-bounding or counterexample-guided abstraction refinement.