多執行緒Ｃ語言程式的顯式和符號模型驗證方法比較研究

劉韋成; Wei-Cheng Liu

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/87140

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	蔡益坤	zh_TW
dc.contributor.advisor	Yih-Kuen Tsay	en
dc.contributor.author	劉韋成	zh_TW
dc.contributor.author	Wei-Cheng Liu	en
dc.date.accessioned	2023-05-10T16:11:45Z	-
dc.date.available	2023-11-09	-
dc.date.copyright	2023-05-10	-
dc.date.issued	2023	-
dc.date.submitted	2023-02-14	-
dc.identifier.citation	[1] David Baelde. Least and greatest fixed points in linear logic. ACM Transactions on Computational Logic (TOCL), 13(1):1–44, 2012. [2] Armin Biere, Alessandro Cimatti, Edmund Clarke, and Yunshan Zhu. Symbolic model checking without BDDs. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pages 193–207. Springer, 1999. [3] J. Richard Büchi. On a decision method in restricted second order arithmetic. In The Collected Works of J. Richard Büchi, pages 425–435. Springer, 1990. [4] Jerry R. Burch, Edmund M. Clarke, Kenneth L. McMillan, David L. Dill, and Lain-Jinn Hwang. Symbolic model checking: 1020 states and beyond Information and Computation, 98(2):142–170, 1992. [5] Jo-Chuan Chou. A comparative study of depth-first search algorithms for automata-based model checking. Master’s thesis, National Taiwan University, Jan 2021. [6] Yaacov Choueka. Theories of automata on ω-tapes: A simplified approach. Journal of Computer and System Sciences, 8(2):117–141, 1974. [7] Edmund Clarke, Armin Biere, Richard Raimi, and Yunshan Zhu. Bounded model checking using satisfiability solving. Formal Methods in System Design, 19(1):7–34, 2001. [8] Edmund M. Clarke and E. Allen Emerson. Design and synthesis of synchronization skeletons using branching time temporal logic. In Workshop on Logic of Programs, pages 52–71. Springer, 1981. [9] Federico Echenique. A short and constructive proof of Tarski’s fixed-point theorem. International Journal of Game Theory, 33(2):215–218, 2005. [10] Cindy Eisner and Doron Peled. Comparing symbolic and explicit model checking of a software system. In International SPIN Workshop on Model Checking of Software, pages 230–239. Springer, 2002. [11] Saul Kripke. Semantical considerations of the modal logic. Studia Philosophica, 1, 2007. [12] Saul A. Kripke. Semantical analysis of modal logic I normal modal propositional calculi. Mathematical Logic Quarterly, 9(5-6):67–96, 1963. [13] Hong-Yang Lin. Tool support for automata-based model checking of multithreaded programs. Master’s thesis, National Taiwan University, Jan 2021. [14] Carroll Morgan, Annabelle McIver, and Karen Seidel. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems (TOPLAS), 18(3):325–353, 1996. [15] Amir Pnueli. The temporal logic of programs. In 18th Annual Symposium on Foundations of Computer Science (FOCS 1977), pages 46–57. IEEE, 1977. [16] Amir Pnueli. The temporal semantics of concurrent programs. Theoretical Computer Science, 13:45–60, 1981. [17] Roberto Sebastiani, Stefano Tonetta, and Moshe Y. Vardi. Symbolic systems, explicit properties: on hybrid approaches for LTL symbolic model checking. In International Conference on Computer Aided Verification, pages 350–363. Springer, 2005. [18] Thomas Wahl. Fairness and liveness.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/87140	-
dc.description.abstract	有兩種主要的方法來實現模型檢查過程，即顯式模型驗證和符號模型驗證。顯式模型驗證首先使用某種深度搜索算法為核心，同時結合偏序歸約技術限制探索狀態的數量。符號模型檢查基於布林函數的操作，代表狀態和路徑的集合，而不是顯式狀態路徑圖的遍歷。二元決策圖通常被使用於符號模型驗證器的實現。這兩種方法都有自己的優點和缺點。本論文的目的是提供顯式模型驗證和符號模型驗證之間的比較並分析其比較結果。對於顯式模型驗證，我們採用在程序分析框架 Ultimate 中，基於巢狀深度優先搜索的一個模型驗證工具。對於符號模型驗證，我們實現了一個固定點模型驗證工具，它也是在 Ultimate 中被實作，並且使用 JavaBDD 套件作為二元決策圖輔助。我們使用可擴展的源代碼分析器 Scantu 來進行比較實驗。它允許通過其用戶界面選擇不同的模型驗證工具，因此我們可以在其中使用兩種方法來驗證各種 C 程式語言並進行比較。我們通過使用正確和錯誤的 C 程序和線性時序邏輯性質來設計不同的實驗，以產生更多樣化的比較結果。從實驗中，我們得出結論：在固定點計算期間，可達狀態和遍歷路徑的數量對於我們的模型驗證工具花費的時間有巨大影響。在這篇論文中，我們呈現比較結果並分析其原因。	zh_TW
dc.description.abstract	There are two primary approaches to implementing the process of model checking, namely explicit-state model checking and symbolic model check ing. Explicit-state model checking uses some depth first search algorithm as the core, while incorporating partial-order reduction techniques to limit the number of states explored. Symbolic model checking is based on the manip ulation of Boolean functions, which represent sets of states and transitions, rather than the traversal of explicit-state transition graphs. Binary decision diagrams are often used to support the implementation of a symbolic model checker. Both approaches have their own strengths and weaknesses. The aim of this thesis is to provide a comparison between explicit model checking and symbolic model checking and to analyze the results of the com parison. For the explicit approach, we adopt an existing implementation of nested depth first search based on the Ultimate program analysis frame work. For the symbolic approach, we implement a fixpoint model checker, also based on Ultimate and using JavaBDD as our BDD package. We use Scantu, an extensible source code analyzer, to facilitate the comparison. It allows the choice of different model checkers through its user interface, so we can alternate between the two approaches to verify various target C programs and carry out the comparison easily. We design different experimental set tings by using different correctness combinations of temporal properties and C programs to produce more diverse comparison results. From the experi ments, we conclude that the number of reachable states has a huge impact on the time spent, and so does the number of traversed transitions during the fixpoint calculation. We present the comparison results and analyze their causes in this thesis.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2023-05-10T16:11:45Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2023-05-10T16:11:45Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	摘要 i THESIS ABSTRACT ii 1 Introduction 1 1.1 Background ........................... 1 1.2 Motivation and Objectives ................... 2 1.3 Thesis Outline ......................... 2 2 Related Works 4 2.1 Existing Model Checkers .................... 4 2.1.1 NuSMV ......................... 4 2.1.2 Spin ........................... 5 2.1.3 Frama-C ........................ 5 2.1.4 Ultimate ....................... 5 2.2 Comparative Tests ....................... 5 3 Preliminaries 7 3.1 Automataon Infinite Words .................. 7 3.2 Kripke Structure and Temporal Logic ................... 9 3.2.1 Kripke Structure .................... 9 3.2.2 Temporal Logic ..................... 9 3.3 Symbolic Model Checking ................... 11 3.3.1 Fixpoint Calculus.................... 11 3.3.2 Theorem of the Model Checker Using Fixpoints ..... 13 3.3.3 Bounded Model Checking ............... 15 4 Design and Implementation 17 4.1 Software Architecture ..................... 17 4.1.1 Recursive Control Flow Graph (RCFG) ............. 17 4.1.2 Different Kinds of Transitions in RCFG ............. 19 4.1.3 Java Binary Decision Diagram (JavaBDD) ............. 22 4.2 Design and Implementation .................. 24 4.3 Fairness Issues ......................... 33 5 Experiments and Results 36 5.1 Comparison between Different Algorithms ............ 37 5.2 Comparison between Different Number of Threads ............ 42 6 Conclusion 45 6.1 Contributions .......................... 45 6.2 Future Work .......................... 46 References 47	-
dc.language.iso	en	-
dc.subject	Büchi 自動機	zh_TW
dc.subject	固定點計算	zh_TW
dc.subject	軟體驗證	zh_TW
dc.subject	二元決策圖	zh_TW
dc.subject	線性時序邏輯	zh_TW
dc.subject	模型驗證	zh_TW
dc.subject	多執行緒程式	zh_TW
dc.subject	Binary Decision Diagram	en
dc.subject	Büchi Automata	en
dc.subject	Fixpoints	en
dc.subject	Linear Temporal Logic	en
dc.subject	Model Checking	en
dc.subject	Multithreaded programs	en
dc.subject	Software Verification	en
dc.title	多執行緒Ｃ語言程式的顯式和符號模型驗證方法比較研究	zh_TW
dc.title	Explicit and Symbolic Model-Checking Approaches for Multithreaded C Programs: A Comparative Study	en
dc.type	Thesis	-
dc.date.schoolyear	111-1	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	郁方;陳郁方;蔡明憲	zh_TW
dc.contributor.oralexamcommittee	Fang Yu;Yu-Fang Chen;Ming-Hsien Tsai	en
dc.subject.keyword	Büchi 自動機,固定點計算,線性時序邏輯,模型驗證,多執行緒程式,軟體驗證,二元決策圖,	zh_TW
dc.subject.keyword	Büchi Automata,Fixpoints,Linear Temporal Logic,Model Checking,Multithreaded programs,Software Verification,Binary Decision Diagram,	en
dc.relation.page	48	-
dc.identifier.doi	10.6342/NTU202300384	-
dc.rights.note	同意授權(全球公開)	-
dc.date.accepted	2023-02-15	-
dc.contributor.author-college	管理學院	-
dc.contributor.author-dept	資訊管理學系	-
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-111-1.pdf	577.79 kB	Adobe PDF	檢視/開啟

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。