Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Gazer-Theta: LLVM-based Verifier Portfolio with...

Critical Systems Research Group
March 23, 2021
Research
0
74

Gazer-Theta: LLVM-based Verifier Portfolio with BMC-CEGAR

Paper presented for the Competition on Software Verification (SV-COMP) at TACAS 2021. DOI: https://doi.org/10.1007/978-3-030-72013-1_27

Gazer-Theta is a software model checking toolchain including various analyses for state reachability. The frontend, namely Gazer, supports C programs through an LLVM-based transformation and optimization pipeline. Gazer includes an integrated bounded model checker (BMC) and can also employ the Theta backend, a generic verification framework based on abstraction-refinement (CEGAR). On SV-COMP 2021, a portfolio of BMC, explicit-value analysis, and predicate abstraction is applied sequentially in this order.

Critical Systems Research Group

March 23, 2021
Tweet

More Decks by Critical Systems Research Group

See All by Critical Systems Research Group
From Transpilers to​ Semantic Libraries
ftsrg
0
10
EmergenTheta: Verification Beyond Abstraction Refinement (SV-COMP Competition Contribution)
ftsrg
0
11
End-to-End Validation of Input Model Transformations in Model Checking Tools
ftsrg
0
13
Efficient Manipulation of Logical Formulas as Decision Diagrams
ftsrg
0
13
Abstraction-Based Model Checking for Real-Time Software-Intensive System Models
ftsrg
0
13
Introduction to software engineering
ftsrg
0
74
History of the Critical Systems Research Group
ftsrg
0
14
Research areas of the Critical Systems Research Group
ftsrg
0
78
V&V of Systems Engineering Models and Modeling Languages
ftsrg
0
290

Other Decks in Research

See All in Research
ダイナミックプライシング とその実例
skmr2348
3
400
Weekly AI Agents News! 9月号 論文のアーカイブ
masatoto
1
120
snlp2024_multiheadMoE
takase
0
430
テキストマイニングことはじめー基本的な考え方からメディアディスコース研究への応用まで
langstat
1
120
湯村研究室の紹介2024 / yumulab2024
yumulab
0
280
ニューラルネットワークの損失地形
joisino
PRO
35
16k
Weekly AI Agents News! 7月号 プロダクト/ニュースのアーカイブ
masatoto
0
160
marukotenant01/tenant-20240916
marketing2024
0
500
Weekly AI Agents News! 10月号 プロダクト/ニュースのアーカイブ
masatoto
1
110
12
0325
0
190
MIRU2024_招待講演_RALF_in_CVPR2024
udonda
1
330
ECCV2024読み会: Minimalist Vision with Freeform Pixels
hsmtta
1
140

Featured

See All Featured
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
6
410
Writing Fast Ruby
sferik
627
61k
Done Done
chrislema
181
16k
Keith and Marios Guide to Fast Websites
keithpitt
409
22k
Designing the Hi-DPI Web
ddemaree
280
34k
[RailsConf 2023] Rails as a piece of cake
palkan
52
4.9k
Testing 201, or: Great Expectations
jmmastey
38
7.1k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
How to Ace a Technical Interview
jacobian
276
23k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k

Transcript

  1. Gazer-Theta: LLVM-based Verifier Portfolio with BMC/CEGAR (Competition Contribution) TACAS 2021,

    SV-Comp Zsófia Ádám1, Gyula Sallai2, Ákos Hajdu1 1 Budapest University of Technology and Economics, Budapest, Hungary 2 SonarSource S.A., Geneva, Switzerland This research has received funding from the EU ECSEL JU under the H2020 Framework Programme, JU grant nr. 826452 (Arrowhead Tools project) and from the partners’ national funding authorities.

  2. Our verification tools Gazer: • C - frontend • C

    code to CFA • LLVM based • Backend: ◦ Own BMC engine ◦ Theta TACAS 2021, SV-Comp 1 Theta: • "Modular and configurable model checking framework" • Formal representations supported: STS/XSTS, XTA, XCFA, CFA • CEGAR-based analysis https://github.com/ftsrg/theta/ https://github.com/ftsrg/gazer/

  3. TACAS 2021, SV-Comp 2 Verification process C Code Compiler (clang)

    LLVM passes theta CEGAR LLVM IR trace/witness test harness ✓ / ? / ✗ Z3 gazer BMC PRED EXPL Automata Translation Result interpreter

  4. TACAS 2021, SV-Comp 3 Chosen configurations • Fast, solves many

    simpler tasks • Supports bitvectors, floats, recursive BMC • ECA (based on earlier results*) Theta EXPL • Good in general • For complex tasks (too much for BMC) Theta PRED * https://link.springer.com/content/pdf/10.1007%2Fs10817-019-09535-x.pdf

  5. TACAS 2021, SV-Comp 4 The portfolio BMC analysis Explicit analysis

    Predicate analysis Execute cex Safe Unsafe Inconcl. C program + property 900s 150s 100s 150s Execute cex Execute cex 150s 150s

  6. TACAS 2021, SV-Comp 4 The portfolio BMC analysis Explicit analysis

    Predicate analysis Execute cex Safe Unsafe Inconcl. C program + property 900s 150s 100s 150s Execute cex Execute cex 150s 150s

  7. TACAS 2021, SV-Comp 4 The portfolio BMC analysis Explicit analysis

    Predicate analysis Execute cex Safe Unsafe Inconcl. C program + property 900s 150s 100s 150s Execute cex Execute cex 150s 150s Test harness (by Gazer) + Input file -> Executable Running executable and checking output Filtering false positives

  8. TACAS 2021, SV-Comp 4 The portfolio BMC analysis Explicit analysis

    Predicate analysis Execute cex Safe Unsafe Inconcl. C program + property 900s 150s 100s 150s Execute cex Execute cex 150s 150s

  9. TACAS 2021, SV-Comp 5 Results* Category No. of tasks Correct

    (%) BMC EXPL PRED XCSP 119 82% 97 0 0 Recursive 105 67% 70 0 0 Product Lines 597 92% 451 0 97 Loops 770 48% 333 3 31 Floats 469 59% 275 0 0 ECA 1265 23% 187 100 2 Control Flow 95 40% 38 0 0 Combinations 210 0% 0 0 0 Bitvectors 49 78% 38 0 0 Total 3679 47% 1489 103 130 * https://sv-comp.sosy-lab.org/2021/results/results-verified/gazer-theta.results.SV- COMP21.All.table.html#/

  10. TACAS 2021, SV-Comp 5 Results 13 incorrect results in total,

    the rest are inconclusive: errors/timeouts/etc. Category No. of tasks Correct (%) BMC EXPL PRED XCSP 119 82% 97 0 0 Recursive 105 67% 70 0 0 Product Lines 597 92% 451 0 97 Loops 770 48% 333 3 31 Floats 469 59% 275 0 0 ECA 1265 23% 187 100 2 Control Flow 95 40% 38 0 0 Combinations 210 0% 0 0 0 Bitvectors 49 78% 38 0 0 Total 3679 47% 1489 103 130

  11. Category No. of tasks Correct (%) BMC EXPL PRED XCSP

    119 82% 97 0 0 Recursive 105 67% 70 0 0 Product Lines 597 92% 451 0 97 Loops 770 48% 333 3 31 Floats 469 59% 275 0 0 ECA 1265 23% 187 100 2 Control Flow 95 40% 38 0 0 Combinations 210 0% 0 0 0 Bitvectors 49 78% 38 0 0 Total 3679 47% 1489 103 130 TACAS 2021, SV-Comp 5 Results BMC did really well! (in unsafe and safe cases as well)

  12. Category No. of tasks Correct (%) BMC EXPL PRED XCSP

    119 82% 97 0 0 Recursive 105 67% 70 0 0 Product Lines 597 92% 451 0 97 Loops 770 48% 333 3 31 Floats 469 59% 275 0 0 ECA 1265 23% 187 100 2 Control Flow 95 40% 38 0 0 Combinations 210 0% 0 0 0 Bitvectors 49 78% 38 0 0 Total 3679 47% 1489 103 130 TACAS 2021, SV-Comp 5 Results Large CFAs, performance issues

  13. Category No. of tasks Correct (%) BMC EXPL PRED XCSP

    119 82% 97 0 0 Recursive 105 67% 70 0 0 Product Lines 597 92% 451 0 97 Loops 770 48% 333 3 31 Floats 469 59% 275 0 0 ECA 1265 23% 187 100 2 Control Flow 95 40% 38 0 0 Combinations 210 0% 0 0 0 Bitvectors 49 78% 38 0 0 Total 3679 47% 1489 103 130 TACAS 2021, SV-Comp Results 2nd place in Product Lines

  14. TACAS 2021, SV-Comp Summary 5 https://github.com/ftsrg/theta/ https://github.com/ftsrg/gazer/