SMT-Based Bounded Model Checking for Embedded ANSI-C Software
SMT-Based Bounded Model Checking for Embedded ANSI-C Software
Propositional bounded model checking has been applied successfully to verify embedded software but is limited by the increasing propositional formula size and the loss of structure during the translation. These limitations can be reduced by encoding word-level information in theories richer than propositional logic and using SMT solvers for the generated verification conditions. Here, we investigate the application of different SMT solvers to the verification of embedded software written in ANSI-C. We have extended the encodings from previous SMT-based bounded model checkers to provide more accurate support for variables of finite bit width, bit-vector operations, arrays, structures, unions and pointers. We have integrated the CVC3, Boolector, and Z3 solvers with the CBMC front-end and evaluated them using both standard software model checking benchmarks and typical embedded software applications from telecommunications, control systems, and medical devices. The experiments show that our approach can analyze larger problems and substantially reduce the verification time.
Cordeiro, Lucas
3580f117-e41c-4235-982c-51d383e40883
Fischer, Bernd
0c9575e6-d099-47f1-b3a2-2dbc93c53d18
Marques-Silva, Joao
f992f61f-cedd-4897-9f73-1a3ac7ebb35c
18 November 2009
Cordeiro, Lucas
3580f117-e41c-4235-982c-51d383e40883
Fischer, Bernd
0c9575e6-d099-47f1-b3a2-2dbc93c53d18
Marques-Silva, Joao
f992f61f-cedd-4897-9f73-1a3ac7ebb35c
Cordeiro, Lucas, Fischer, Bernd and Marques-Silva, Joao
(2009)
SMT-Based Bounded Model Checking for Embedded ANSI-C Software.
24th IEEE/ACM International Conference on Automated Software Engineering, , Auckland, New Zealand.
16 - 20 Nov 2009.
Record type:
Conference or Workshop Item
(Paper)
Abstract
Propositional bounded model checking has been applied successfully to verify embedded software but is limited by the increasing propositional formula size and the loss of structure during the translation. These limitations can be reduced by encoding word-level information in theories richer than propositional logic and using SMT solvers for the generated verification conditions. Here, we investigate the application of different SMT solvers to the verification of embedded software written in ANSI-C. We have extended the encodings from previous SMT-based bounded model checkers to provide more accurate support for variables of finite bit width, bit-vector operations, arrays, structures, unions and pointers. We have integrated the CVC3, Boolector, and Z3 solvers with the CBMC front-end and evaluated them using both standard software model checking benchmarks and typical embedded software applications from telecommunications, control systems, and medical devices. The experiments show that our approach can analyze larger problems and substantially reduce the verification time.
Text
ase2009-cordeiro.pdf
- Version of Record
Text
SMT-Based_CBMC.pdf
- Other
Text
ase2009-slides.pdf
- Other
More information
Submitted date: 19 June 2009
Published date: 18 November 2009
Additional Information:
Event Dates: 16-20 November 2009
Venue - Dates:
24th IEEE/ACM International Conference on Automated Software Engineering, , Auckland, New Zealand, 2009-11-16 - 2009-11-20
Organisations:
Electronic & Software Systems
Identifiers
Local EPrints ID: 267593
URI: http://eprints.soton.ac.uk/id/eprint/267593
PURE UUID: 71a22185-4ebe-46fb-9592-43e76e1bb08b
Catalogue record
Date deposited: 19 Jun 2009 07:52
Last modified: 17 Mar 2024 04:41
Export record
Contributors
Author:
Lucas Cordeiro
Author:
Bernd Fischer
Author:
Joao Marques-Silva
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics