TY - GEN
T1 - Bounded Model Checking for LLVM
AU - Priya, Siddharth
AU - Su, Yusen
AU - Bao, Yuyan
AU - Zhou, Xiang
AU - Vizel, Yakir
AU - Gurfinkel, Arie
N1 - Publisher Copyright: © 2022 FMCAD Association and authors.
PY - 2022
Y1 - 2022
N2 - Bounded Model Checking (BMC) is an effective and precise static analysis technique that reduces program verification to satisfiability (SAT) solving. In this paper, we present the design and implementation of a new BMC engine (SEABMC) in the SEAHORN verification framework for LLVM. SeaBmc precisely models arithmetic, pointer, and memory operations of LLVM. Our key design innovation is to structure verification condition generation around a series of transformations, starting with a custom IR (called SEA-IR) that explicitly purifies all memory operations by explicating dependencies between them. This transformation-based approach enables supporting many different styles of verification conditions. To support memory safety checking, we extend our base approach with fat pointers and shadow bits of memory to keep track of metadata, such as the size of a pointed-to object. To evaluate SeaBmc, we have used it to verify aws-c-common library from AWS. We report on the effect of different encoding options with different SMT solvers, and also compare with CBMC, SMACK, KLEE and Symbiotic. We show that SeaBmc is capable of providing order of magnitude improvement compared with state-of-the-art.
AB - Bounded Model Checking (BMC) is an effective and precise static analysis technique that reduces program verification to satisfiability (SAT) solving. In this paper, we present the design and implementation of a new BMC engine (SEABMC) in the SEAHORN verification framework for LLVM. SeaBmc precisely models arithmetic, pointer, and memory operations of LLVM. Our key design innovation is to structure verification condition generation around a series of transformations, starting with a custom IR (called SEA-IR) that explicitly purifies all memory operations by explicating dependencies between them. This transformation-based approach enables supporting many different styles of verification conditions. To support memory safety checking, we extend our base approach with fat pointers and shadow bits of memory to keep track of metadata, such as the size of a pointed-to object. To evaluate SeaBmc, we have used it to verify aws-c-common library from AWS. We report on the effect of different encoding options with different SMT solvers, and also compare with CBMC, SMACK, KLEE and Symbiotic. We show that SeaBmc is capable of providing order of magnitude improvement compared with state-of-the-art.
UR - http://www.scopus.com/inward/record.url?scp=85148094949&partnerID=8YFLogxK
U2 - https://doi.org/10.34727/2022/isbn.978-3-85448-053-2-28
DO - https://doi.org/10.34727/2022/isbn.978-3-85448-053-2-28
M3 - منشور من مؤتمر
T3 - Proceedings of the 22nd Conference on Formal Methods in Computer-Aided Design, FMCAD 2022
SP - 214
EP - 224
BT - Proceedings of the 22nd Conference on Formal Methods in Computer-Aided Design, FMCAD 2022
A2 - Griggio, Alberto
A2 - Rungta, Neha
T2 - 22nd International Conference on Formal Methods in Computer-Aided Design, FMCAD 2022
Y2 - 17 October 2022 through 21 October 2022
ER -