Abstract
Program analysis is on the brink of mainstream usage in embedded systems development. Formal verification of behavioural requirements, finding runtime errors and test case generation are some of the most common applications of automated verification tools based on bounded model checking (BMC). Existing industrial tools for embedded software use an off-the-shelf bounded model checker and apply it iteratively to verify the program with an increasing number of unwindings. This approach unnecessarily wastes time repeating work that has already been done and fails to exploit the power of incremental SAT solving. This article reports on the extension of the software model checker CBMC to support incremental BMC and its successful integration with the industrial embedded software verification tool BTC EMBEDDEDTESTER. We present an extensive evaluation over large industrial embedded programs, mainly from the automotive industry. We show that incremental BMC cuts runtimes by one order of magnitude in comparison to the standard non-incremental approach, enabling the application of formal verification to large and complex embedded software. We furthermore report promising results on analysing programs with arbitrary loop structure using incremental BMC, demonstrating its applicability and potential to verify general software beyond the embedded domain.
Highlights
Recent trend estimation [GKF+12] in automotive embedded systems indicates ever growing complexity of computer systems, providing increased safety, efficiency and entertainment satisfaction
We claim that incremental Bounded Model Checking (BMC) is an indispensable technique for industrial embedded software verification based on BMC
We report on the successful integration of our incremental extension of CBMC into an industrial embedded software verification tool
Summary
Recent trend estimation [GKF+12] in automotive embedded systems indicates ever growing complexity of computer systems, providing increased safety, efficiency and entertainment satisfaction. Industrial verification tools based on BMC, such as BTC EMBEDDEDTESTER, use an off-the-shelf Bounded Model Checker and, without additional information about the program to be checked, apply it in an iterative fashion: k=0 while t r u e do i f BMC( program , k ) fails return counterexample fi k++ od. This basic procedure offers scope for improvement. One can stop unwinding when the completeness threshold [KS03, KOS+11] of the system is reached, but this threshold is often impractically large
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have