Use this URL to cite or link to this record in EThOS: https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.815368
Title: Efficient SMT-based verification of software programs
Author: Even Mendoza, Karine
ISNI:       0000 0004 9357 5910
Awarding Body: King's College London
Current Institution: King's College London (University of London)
Date of Award: 2020
Availability of Full Text:
Access from EThOS:
Access from Institution:
Abstract:
In this thesis, we present efficient techniques for satisfiability modulo theories-based model checking (SMT-based MC) of software where the model is too large or complicated to analyse; real-world software once represented as a mathematical model faces the danger of the state-explosion problem where the size of the model grows exponentially, thus analysing the whole model becomes a challenge. The SMT reasoning framework is one of the most successful approaches nowadays to deal with the state explosion problem when commonly combining additional techniques like symbolic algorithms, bounded model checking (BSMC), incremental modelling and reasoning, abstraction and counterexample-guided abstraction refinement (CEGAR). These approaches construct a model of the software with its specifications as a first-order formula while expressing domain-specific knowledge with first-order theories, thus creating smaller and simple models than with propositional logic modelling. The simplicity of the models improves the performance of the verification process and allows for reusing the model analysis for other tasks. However, finding a model that is sufficiently high-level to prevent reasoning from becoming prohibitively expensive but expressive enough to capture the software behaviour required for correctness, is a non-trivial task. We describe novel SMT-based MC approaches in which a model of a software system is automatically analysed using these techniques to verify if the model satisfies its specifications or to find a real counterexample. The verification process is incremental through SMT summaries based on the structure of the program. The summaries are either Craig interpolants of previous successful verification tasks or user-defined. To avoid spurious counterexamples, each of the approaches introduces a refinement technique that deals with the over-approximative nature of modelling software in SMT framework. The LB-CEGAR algorithm uses lattices for efficient representation of library functions and gradual refinement of this representation; the CEGAR-based theory refinement algorithm uses the partial order according to precision between SMT theories to gradually refine program statements required for proving correctness; and the function summarization modulo theories algorithm uses summaries between different theories when verifying a software with many requirements. We evaluate our approaches on benchmarks in C taken from SV-COMP (software verification competition), the robotics community, unimib (the University of Milano-Bicocca benchmarks), FunFrog tool benchmarks (the University of Lugano benchmarks), and our own. Our experimental results demonstrate that we can verify instances that existing model checking approaches failed to verify.
Supervisor: Chockler, Hana ; Vigano, Luca Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.815368  DOI: Not available
Share: