sat-based static assertion checking

SAT-Based Static Assertion Checking Application to VSIPL The Satisfiability Problem R-Verify Design R-Verify ™ : Deep Checking of Embedded Code Reservoir Labs, Inc. Definition: Given a Boolean formula , decide if there is an assignment to the variables in such that evaluates to true. Example: Solution: evaluates to true (is satisfied) if = 0, = 1, = 1. ) ( ) ( ) ( 3 1 3 2 1 2 1 x x x x x x x F 1 x 2 x 3 x F F F F Development & Verification Cycle C ounter- example Static Verification D eveloperID E R -Stream H igh-level Com piler SaltC onstraint Language Translator AlefB oolean Satisfiability Solver Runtime C hecking C hecked S ystem Verified S ystem C Program text w ith A ssertions Program and Specification R-Verify is built on three core Reservoir Labs technologies: •R-Stream ™ – a high-level compiler which contains a state- of-the-art framework that permits a wide-range of program analyses •Salt ™ – a constraint translator which efficiently generates optimized constraint systems from high-level program descriptions •Alef ™ – a multiprocessor Boolean satisfiability (SAT) solver which contains novel algorithms that allow it to take advantage of HPC hardware R-Verify plugs-in to existing IDEs such as Eclipse via an 8- step cycle: 1. Normal IDE Source Development 2.R-Stream compiler builds an internal representation of the code 3.IR and specification are translated to Salt constraints 4.Salt tool translates the 5.Alef searches for an execution that violates the specification 6.Violation is returned to R- Stream 7.Violation is reflected as an error path in the R- Stream IR 8.Error path in the R-Stream “R-Verify can quickly and efficiently find deep software errors that are invisible to superficial abstraction- based analysis. These types of errors are common in low-level embedded code and can easily go undetected during the normal software testing process. These undiscovered errors can be fatal in deployed software.” How does it work? 1.Model the program (P) and the verification conditions (Q) using constraints 2. Use Alef SAT solver to look for a solution to: P ^ ¬Q 3. Decode an Alef solution into a counter-example We are currently applying R-Verify to: •Pre- and post-condition checking including all of the above VSIPL rules •Memory safety of embedded device drivers, interrupt handlers, and VSIPL “admitted” blocks •Numerical precision of arithmetic pipelines with an emphasis on VSIPL pipeline implementations

Upload: kamin

Post on 07-Jan-2016

21 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

DESCRIPTION

Definition: Given a Boolean formula , decide if there is an assignment to the variables in such that evaluates to true . Example: Solution: evaluates to true (is satisfied) if = 0, = 1, = 1. R-Verify ™ : Deep Checking of Embedded Code Reservoir Labs, Inc. - PowerPoint PPT Presentation

TRANSCRIPT

SAT-Based Static Assertion Checking

Application to VSIPL

The Satisfiability Problem

Deep Bit-Level CheckingR-Verify Design

R-Verify™: Deep Checking of Embedded CodeReservoir Labs, Inc.

Definition: Given a Boolean formula , decide if there is an assignment to the variables in such that evaluates to true.

Example:

Solution: evaluates to true (is satisfied) if = 0, = 1, = 1.

)()()( 3132121 xxxxxxxF

1x 2x 3x

FFF

Development & Verification Cycle

Counter-example

Static Verification

Developer IDE

R-Stream High-level Compiler

Salt Constraint Language Translator

Alef Boolean Satisfiability

Solver

Runtime Checking

Checked System

Verified System

C Program text with Assertions

Program and Specification

R-Verify is built on three core Reservoir Labs technologies:

•R-Stream™ – a high-level compiler which contains a state-of-the-art framework that permits a wide-range of program analyses

•Salt™ – a constraint translator which efficiently generates optimized constraint systems from high-level program descriptions

•Alef™ – a multiprocessor Boolean satisfiability (SAT) solver which contains novel algorithms that allow it to take advantage of HPC hardware

R-Verify plugs-in to existing IDEs such as Eclipse via an 8-step cycle:

1. Normal IDE Source Development

2. R-Stream compiler builds an internal representation of the code

3. IR and specification are translated to Salt constraints

4. Salt tool translates the combined constraints to annotated CNF

5. Alef searches for an execution that violates the specification

6. Violation is returned to R-Stream

7. Violation is reflected as an error path in the R-Stream IR

8. Error path in the R-Stream IR is reflected back to the IDE

“R-Verify can quickly and efficiently find deep software errors that are invisible to superficial abstraction-based analysis. These types of errors are common in low-level embedded code and can easily go undetected during the normal software testing process. These undiscovered errors can be fatal in deployed software.”

How does it work?

1. Model the program (P) and the verification conditions (Q) using constraints

2. Use Alef SAT solver to look for a solution to: P ^ ¬Q

3. Decode an Alef solution into a counter-example

We are currently applying R-Verify to:

•Pre- and post-condition checking including all of the above VSIPL rules

•Memory safety of embedded device drivers, interrupt handlers, and VSIPL “admitted” blocks

•Numerical precision of arithmetic pipelines with an emphasis on VSIPL pipeline implementations

SAT-based Bounded Model Checking

SAT-based unbounded model checking using interpolation

Trading-off SAT search and Variable Quantifications for effective Unbounded Model Checking

SAT-Based Model Checking · 1 A Short Intro to Model Checking Structures Properties Symbolic Model Checking 2 SAT Solver Interface To The Solver From The Solver 3 Checking Invariants