Verification of the Futurebus+ cache coherence protocol
Formal Methods in System Design - Special issue on symbolic model checking
The temporal logic of programs
SFCS '77 Proceedings of the 18th Annual Symposium on Foundations of Computer Science
Model checking: algorithmic verification and debugging
Communications of the ACM - Scratch Programming for All
Staged concurrent program analysis
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Runtime verification for ultra-critical systems
RV'11 Proceedings of the Second international conference on Runtime verification
On the formal verification of component-based embedded operating systems
ACM SIGOPS Operating Systems Review
Software verification for weak memory via program transformation
ESOP'13 Proceedings of the 22nd European conference on Programming Languages and Systems
Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework
SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy
Hi-index | 0.00 |
Model checking [5] is an automated algorithmic technique for exhaustive verification of systems, described as finite state machines, against temporal logic [9] specifications. It has been used successfully to verify hardware at an industrial scale [6]. One of the most successful variants of model checking is Bounded Model Checking (BMC) [2] which leverages the power of state-of-the-art satisfiability (SAT) 1 and satisfiability-modulo-theory (SMT) 2 to push the boundaries of automated verification. Like model checking, BMC was developed originally for hardware, but has since been extended and applied successfully to verify sequential [4], multi-threaded [1, 10], as well as real-time software [3]. A key benefit of BMC-based software model checkers, such as CBMC [4], is that they are able to handle bit-level semantics of programs precisely. Thus, they are able to detect errors due to integer overflows, and prove correctness of programs that use bit-level operations, without reporting false warnings, or missing bugs. This makes BMC ideal for verifying high-integrity software, where the cost of failure is substantial. Indeed, CBMC has been used to verify a wide variety of low-level safety and security-critical systems, such as co-pilots [8], OS schedulers [7], and hypervisors [11] (see url{http://www.cprover.org/cbmc/applications.shtml} for a more expansive list). This tutorial will provide an introduction to BMC, its underlying technical principles, and applications to verifying sequential, multi-threaded, and real-time software. The tutorial will be hands-on, with live demonstrations of using BMC tools for verifying sample programs written in C.