Efficient Verification of Sequential and Concurrent C Programs

摘要

There has been considerable progress in the domain of software verification over the last few years. This advancement has been driven, to a large extent, by the emergence of powerful yet automated ion techniques such as predicate ion. However, the state-space explosion problem in model checking remains the chief obstacle to the practical verification of real-world distributed systems. Even in the case of purely sequential programs, a crucial requirement to make predicate ion effective is to use as few predicates as possible. This is because, in the worst case, the state-space of the ion generated (and consequently the time and memory complexity of the ion process) is exponential in the number of predicates involved. In addition, for concurrent programs, the number of reachable states could grow exponentially with the number of components. We attempt to address these issues in the context of verifying concurrent (message-passing) C programs against safety specifications. More specifically, we present a fully automated compositional framework which combines two orthogonal ion techniques (predicate ion for data and action-guided ion for events) within a counterexample-guided ion refinement scheme. In this way, our algorithm incrementally increases the granularity of the ions until the specification is either established or refuted. Additionally, a key feature of our approach is that if a property can be proved to hold or not hold based on a given finite set of predicates P, the predicate refinement procedure we propose in this article finds automatically a minimal subset of P that is sufficient for the proof. This, along with our explicit use of compositionality, delays the onset of state-space explosion for as long as possible. We describe our approach in detail, and report on some very encouraging experimental results obtained with our tool MAGIC.