Bounded Incremental Model Checking

The project addresses the problem of verifying software in C with respect to user-defined properties in the context of bounded model checking. Serving this goal, state-of-the-art model checkers hardly use the information of the old version and reduce it thereby to the standalone verification. The purpose of the research is to develop a new technique for checking the software based on successful verification of the old verification runs and reuse of the invested effort in consecutive verification runs. 

 We propose to reuse the function summaries extracted from Craig interpolation after a successful verification run. Function summaries are computed as over-approximations using Craig interpolation, a well-known mechanism, useful to preserve the most relevant information of the function bodies. The function calls are then to be substituted by these over-approximations, and it leads to a more efficient and fast verification process.

There are two main tracks made within the project:

1) Verification of different properties of the same program: summaries are extracted after a successful verification run of a program w.r.t its first property and reused as a lightweight replacement of the precise encoding of the corresponding functions while verifying other properties of that program.

There are two approaches for extracting and reusing interpolation-based function summaries:

  •  FunFrog: SAT-based bounded model checker of a single C program using interpolation-based function summarization.

  •  HiFrog: SMT-based bounded model checker of a single C program using SMT-based function summarization and Theory Refinement. 

FunFrog focuses only on propositional logic and consequently, despite behaving in an incremental manner, FunFrog is expensive in many cases in practice. HiFrog considers the rich field of first-order theories available in modern SMT solvers. On top of HiFrog  we propose to use function summaries more generally by translating them to various SMT theories. Note that HiFrog significantly outperforms FunFrog.

2) Verification of different revisions of a program w.r.t a fixed property: Over-approximating function summaries are extracted after a successful verification run of one program version with a fixed property and reused while verifying other versions of the program w.r.t a fixed property.

The method is based on the following observation. There are two possibilities for the modified functions, either their old summaries are still a valid over-approximation or not. If they are valid, properties of the old version, for which the summaries are relevant, would still hold in the new version as well.

  • eVolCheck: SAT-based bounded upgrade checker of C program versions using interpolation-based function summarization.

  • UpProver: SMT-based incremental bounded model checker for verifying different revisions of a C program using SMT-based function summarization.

SAT-based eVolCheck uses propositional encoding for modelinmg C programs, thus despite behaving in an incremental manner, it is expensive in many cases in practice due to bit-blasting. UpProver in contrast to its predecessor, exploits first-order theories available in SMT solvers, offering two more levels of encoding precision: linear arithmetic and uninterpreted functions, thus allowing a trade-off between precision and performance. Note that UpProver significantly outperforms eVolCheck.

Publications:

  1. UpProver: Incremental Verification by SMT-based Summary Repair, Sepideh Asadi, Martin Blicha, Antti Hyvarinen, Grigory Fedyukovich, and Natasha Sharygina, FMCAD 2020 (Supplemental Material, PDF, slides5-minutes-videovideo)
  2. Farkas-Based Tree Interpolation, Sepideh Asadi, Martin Blicha, Antti Hyvarinen, Grigory Fedyukovich, and Natasha Sharygina, SAS 2020 (Supplemental Material, PDF, slides, video)
  3. Interpolation-based Function Summaries in Bounded Model CheckingSery, O.; Fedyukovich, G.; Sharygina, N. , Haifa Verification Conference (HVC), Haifa, Israel, Springer (2011)
  4. FunFrog: Bounded Model Checking with Interpolation-based Function SummarizationFedyukovich, G.; Sery, O.; Sharygina, N. , 10th International Symposium on Automated Technology for Verification and Analysis (ATVA), Thiruvananthapuram, India (2012)
  5. Towards completeness in Bounded Model Checking through Automatic Recursion Depth DetectionFedyukovich, G.; Sharygina, N. , Brazilian Symposium on Formal Methods (SBMF), Maceio, Brazil (2014)
  6. Symbolic Detection of Assertion Dependencies for Bounded Model CheckingFedyukovich, G., A. D'Iddio Callia, Hyvärinen A., and Sharygina N. , 18th International Conference on Fundamental Approaches to Software Engineering (FASE), London, UK (2015)
  7. HiFrog: SMT-based Function Summarization for Software Verification L. Alt, S. Asadi, H. Chockler, K. Even, G. Fedyukovich , A. Hyvarinen, and N. Sharygina, TACAS 2017. linkpdfdemosupplemental material
  8. Theory Refinement for Program Verification A. Hyvarinen, S. Asadi, K. Even-Mendoza, G. Fedyukovich, and N. Sharygina, SAT 2017. pdf, supplemental material 
  9. Duality-based interpolation for quantifier-free equalities and uninterpreted functions L. Alt, A. Hyvarinen, S. Asadi, and N. Sharygina , FMCAD 2017. pdf 
  10. Function Summarization Modulo Theories S. Asadi, M. Blicha, A. Hyvarinen, G. Fedyukovich, K. Even, N. Sharygina, and H. Chockler, LPAR 2018. pdf, supplemental material
  11. Lattice-Based Refinement in Bounded Model Checking K. Even-Mendoza, S. Asadi, A. Hyvarinen,  H. Chockler, and N. Sharygina, VSTTE 2018. pdf
  12. Lattice-based SMT for Program Verification K Even-Mendoza, A. Hyvärinen, H. Chockler, N. Sharygina, Memocode 2019. pdf
  13. Incremental Upgrade Checking by Means of Interpolation-based Function SummariesSery, O., Fedyukovich G., and Sharygina N. , 12th International Conference on Formal Methods in Computer-Aided Design (FMCAD), Cambridge, UK (2012)
  14. eVolCheck: Incremental Upgrade Checker for CFedyukovich, G., Sery O., and Sharygina N. , 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Rome, Italy (2013)
  15. Flexible SAT-based framework for incremental bounded upgrade checkingFedyukovich, G., Sery O., and Sharygina N. , TACAS (2013)
  16. Verification-Aided Regression TestingPastore, F., Mariani L., Hyvaerinen A., Fedyukovich G., Sharygina N., Sehestedt S., and Muhammad A. , International Symposium on Software Testing and Analysis, San Jose, USA (2014)