- Make sure you are in Linux or MacOS (except M1/M2)
- Install:
pip install cvc5 - Import:
import cvc5
- Install:
pip install z3-solver - Import:
from z3 import *
- Create an input model.json, for exmaple
{
"atoms" : ["a", "b", "c", "d"],
"states" : ["0000", "0001", "0010", "0101", "0011", "1111"],
"trans" : {"0000": ["0001"],
"0001": ["0101","0010"],
"0101": ["0011"],
"0010":["0011","0000"],
"0011":["1111"]}
}
- The State Representation
"0010"means thata=0, b=0, c=1, d=0for this State - The Initial State is by default
states[0]and the Error State is by default"1111" - The Transition Representation
"0001: ["0101","0010"]"means that from State"0001", we can go to Sate"0101"and"0010" cd srcpython3 BMC_general.py [model.json] [limit]- For example, when we run
python3 BMC_general.py test/test_model.json 5, the result should be the following, which indicates that a we have a counterexample that reaches the Error State at STEP 4.
Property satisfied within 0 steps
Property satisfied within 1 steps
Property satisfied within 2 steps
Property satisfied within 3 steps
STEP 0: 0000
STEP 1: 0001
STEP 2: 0101
STEP 3: 0011
STEP 4: 1111
Counterexample found at STEP 4
make, which will generate the executable file named "translate"llvm-as [test.ll] –o [test.bc]./translate [test.bc] > [out.json]- For example, when we run
llvm-as test\test2.ll –o test2.bcand./translate test2.bc > out2.json, we should get aout2.jsonas output, which is the Interdemia Model that can be further processed byBMC_llvm.py
python3 BMC_llvm.py [out.json] [limit]- For example, when we run
python3 BMC_llvm.py test\out2.json 4, the result should be the following
STEP 0: x=0; y=2;
STEP 1: x=7; y=2;
STEP 2: x=14; y=2;
STEP 3: x=21; y=2;
Counterexample found at STEP 3
- Can only
storeeach variable once per basic block - Only supports basic LLVM instructions: no pointers, structs, or calls
- Only one LLVM function at a time
- Only AG properties