Constraint-Based BMC: A Backjumping Strategy

Safety property checking is mandatory in the validation process of critical software. When formal verification tools fail to prove some properties, the automatic generation of counterexamples for a given loop depth is therefore an important issue in practice. We investigate in this paper the capabilities of constraint-based bounded model checking for program verification and counterexample generation on real applications. We introduce DPVS (Dynamic Post-condition Variable driven Strategy), a new backjumping strategy we have developed to handle an industrial application from a car manufacturer, the Flasher Manager. This backjumping strategy is used to search a faulty path and to collect the constraints of such a path. The simplified control flow graph (CFG) of the program is explored in a backward way, starting from the post-condition and jumping to the most promising node where the variables of the post-condition are defined. In other words, the constraints are collected by exploring the CFG in a dynamic and non-sequential backward way. The Flasher Manager application has been designed and simulated using the Simulink platform. However, this module is concretely embedded as a C program in a car computer, thus we have to check that the safety properties are preserved on this C code. We report experiments on the Flasher Manager with our constraint-based bounded model checker, and with CBMC, a state-of-the-art bounded model checker. Experiments show that DPVS and CBMC have similar performances on one property of the Flasher Manager; DPVS outperforms CBMC to find a counterexample for two properties; two of the properties of the Flasher Manager remain intractable both for CBMC and DPVS.

Mots clés

embedded systems validation constraint-based bounded model checking counterexample generation

Domaines

Performance et fiabilité [cs.PF] Systèmes embarqués

Fichier principal

backjumpingBMC.pdf (624.87 Ko)

p1.c (12.98 Ko)

p2.c (13.36 Ko)

p3a.c (14.34 Ko)

p3b.c (12.7 Ko)

p4.c (13.4 Ko)

simulink1.pdf (7.96 Ko)

simulink2.pdf (16.47 Ko)

Origine : Fichiers produits par l'(les) auteur(s)

Format : Autre

Michel Rueher : Connectez-vous pour contacter le contributeur

https://hal.science/hal-00635417

Soumis le : mardi 27 mars 2012-16:02:11

Dernière modification le : lundi 26 février 2024-11:22:07

Archivage à long terme le : mercredi 14 décembre 2016-17:43:53

Dates et versions

hal-00635417 , version 1 (25-10-2011)

hal-00635417 , version 2 (27-03-2012)

hal-00635417 , version 3 (27-03-2012)

hal-00635417 , version 4 (30-07-2012)

Identifiants

HAL Id : hal-00635417 , version 3

Citer

Hélène Collavizza, Le Vinh Nguyen, Olivier Ponsini, Michel Rueher, Antoine Rollet. Constraint-Based BMC: A Backjumping Strategy. 2011. ⟨hal-00635417v3⟩

Exporter

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

330 Consultations

282 Téléchargements