Scalable and precise verification based on k-induction, symbolic execution and floating-point theory
Scalable and precise verification based on k-induction, symbolic execution and floating-point theory
In this thesis, we describe and evaluate approaches for the efficient reasoning of realworld C programs using either Bounded Model Checking (BMC) or symbolic execution. We present three main contributions.
First, we describe three new technologies developed in a software verification tool to handle real-world programs: (1) a frontend based on a state-of-the-art compiler, (2) a new SMT backend with support for floating-point arithmetic and (3) an incremental bounded model checking algorithm. These technologies are implemented in ESBMC, an SMT-based bounded model checker for C programs; results show that these technologies enable the verification of a large number of programs.
Second, we formalise and evaluate the bkind algorithm: a novel extension to the kinduction algorithm that improves its bug-finding capabilities by performing backward searches in the state space. The bkind algorithm is the main scientific contribution of this thesis. It was implemented in ESBMC, and we show that it uses fewer resources compared to the original k-induction algorithm to verify the same programs without impacting the results.
Third, we evaluate the use of SMT solvers in a state-of-the-art symbolic execution tool to reduce the number of false bugs reported to the user. Our SMT-based refutation of false bugs algorithm was implemented in the clang static analyser and evaluated on a large set of real-world projects, including the MacOS kernel. Results show that our refutation algorithm cannot only remove false bugs but also speed up the analysis when bugs are refuted. The algorithm does not remove any true bug and only introduces a 1% slowdown if it is unable to remove any bugs
University of Southampton
Ramalho Gadelha, Mikhail, Yasha
61c56e79-5115-4277-b1be-f479d40959a4
June 2019
Ramalho Gadelha, Mikhail, Yasha
61c56e79-5115-4277-b1be-f479d40959a4
Nicole, Denis
0aca6dd1-833f-4544-b7a4-58fb91c7395a
Ramalho Gadelha, Mikhail, Yasha
(2019)
Scalable and precise verification based on k-induction, symbolic execution and floating-point theory.
University of Southampton, Doctoral Thesis, 158pp.
Record type:
Thesis
(Doctoral)
Abstract
In this thesis, we describe and evaluate approaches for the efficient reasoning of realworld C programs using either Bounded Model Checking (BMC) or symbolic execution. We present three main contributions.
First, we describe three new technologies developed in a software verification tool to handle real-world programs: (1) a frontend based on a state-of-the-art compiler, (2) a new SMT backend with support for floating-point arithmetic and (3) an incremental bounded model checking algorithm. These technologies are implemented in ESBMC, an SMT-based bounded model checker for C programs; results show that these technologies enable the verification of a large number of programs.
Second, we formalise and evaluate the bkind algorithm: a novel extension to the kinduction algorithm that improves its bug-finding capabilities by performing backward searches in the state space. The bkind algorithm is the main scientific contribution of this thesis. It was implemented in ESBMC, and we show that it uses fewer resources compared to the original k-induction algorithm to verify the same programs without impacting the results.
Third, we evaluate the use of SMT solvers in a state-of-the-art symbolic execution tool to reduce the number of false bugs reported to the user. Our SMT-based refutation of false bugs algorithm was implemented in the clang static analyser and evaluated on a large set of real-world projects, including the MacOS kernel. Results show that our refutation algorithm cannot only remove false bugs but also speed up the analysis when bugs are refuted. The algorithm does not remove any true bug and only introduces a 1% slowdown if it is unable to remove any bugs
Text
Final Thesis
- Version of Record
More information
Published date: June 2019
Identifiers
Local EPrints ID: 433530
URI: http://eprints.soton.ac.uk/id/eprint/433530
PURE UUID: 4af81d36-dfd8-4493-bcbd-03cd99d629d4
Catalogue record
Date deposited: 27 Aug 2019 16:30
Last modified: 16 Mar 2024 03:41
Export record
Contributors
Author:
Mikhail, Yasha Ramalho Gadelha
Thesis advisor:
Denis Nicole
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics