Benchmark Verification Tasks
All verification tasks are available for web browsing and for download via the following GIT repository: (for SV-COMP 2021 visit the tag 'svcomp21'): https://gitlab.com/sosy-lab/benchmarking/sv-benchmarks
This edition of the competition on software verification is based on the following categories of verification tasks.
The verification tasks were contributed by several research and development groups.
After the submission deadline for verification tasks, a group of people (organizer and participants)
were working on improving the quality of the verification tasks.
That means that after the sets were made public,
some programs were removed (not qualified, no property encoded, unknown architecture),
and some programs got technically improved (CIL simplifications, compiler warnings, memory model).
These changes have improved the overall quality of the final set of programs for the competition,
and have not changed the intended verification result;
all changes are tracked in the public repository.
Thanks to all participants that contributed programs, sent patches, and commented on the sets.
As announced in the rules and definitions, the verification tasks are not necessarily preprocessed with CIL (which was a restriction for the first SV-COMP). For each category, we specify whether its verification tasks assume a 32-bit or a 64-bit architecture.
For illustration, a structured overview shows the categories. Rankings will be provided for the first- and second-level categories, and Falsification, which is not shown in the figure.
The authorative definition of the category structure is maintained in the repository for the benchmark definitions (https://gitlab.com/sosy-lab/sv-comp/bench-defs).
1. ReachSafety
This category consists of the following sub-categories.
c/ReachSafety-Arrays
Contains tasks for which treatment of arrays is necessary in order to determine reachability.
The verification tasks consist of the programs that match
array-examples/*.yml array-industry-pattern/*.yml reducercommutativity/*.yml array-tiling/*.yml array-programs/*.yml array-crafted/*.yml array-multidimensional/*.yml array-patterns/*.yml array-cav19/*.yml array-lopstr16/*.yml array-fpi/*.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
c/ReachSafety-BitVectors
Contains tasks for which treatment of bit-operations is necessary.
The verification tasks consist of the programs that match
bitvector/*.yml bitvector-regression/*.yml bitvector-loops/*.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
c/ReachSafety-ControlFlow
Contains programs for which the correctness depends mostly on the control-flow structure and integer variables. There is no particular focus on pointers, data structures, and concurrency.
The verification tasks consist of the programs that match
ntdrivers-simplified/*.yml openssl-simplified/*.yml locks/*.yml ntdrivers/*.yml openssl/*.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
c/ReachSafety-ECA
Contains programs that represent event-condition-action systems.
The verification tasks consist of the programs that match
eca-rers2012/*.yml eca-rers2018/*.yml psyco/*.yml eca-programs/*.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
c/ReachSafety-Floats
Contains tasks for checking programs with floating-point arithmetics.
The verification tasks consist of the programs that match
floats-cdfpl/*.yml floats-cbmc-regression/*.yml float-benchs/*.yml floats-esbmc-regression/*.yml float-newlib/*.yml loop-floats-scientific-comp/*.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
c/ReachSafety-Heap
Contains tasks that require the analysis of data structures on the heap, pointer aliases, and function pointers.
The verification tasks consist of the programs that match
heap-manipulation/*.yml list-properties/*.yml ldv-regression/*.yml ddv-machzwd/*.yml forester-heap/*.yml list-ext-properties/*.yml list-ext2-properties/*.yml ldv-sets/*.yml list-simple/*.yml heap-data/*.yml list-ext3-properties/*.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
c/ReachSafety-Loops
Contains tasks for which loop analysis is necessary.
The verification tasks consist of the programs that match
loops/*.yml loop-acceleration/*.yml loop-crafted/*.yml loop-invgen/*.yml loop-lit/*.yml loop-new/*.yml loop-industry-pattern/*.yml loops-crafted-1/*.yml loop-invariants/*.yml loop-simple/*.yml loop-zilu/*.yml verifythis/duplets.yml verifythis/elimination_max.yml verifythis/lcp.yml verifythis/prefixsum_iter.yml verifythis/tree_del_iter.yml verifythis/tree_del_iter_incorrect.yml nla-digbench/*.yml nla-digbench-scaling/*.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
c/ReachSafety-ProductLines
Contains programs that represents 'products' and 'product simulators' that are derived using different configurations of product lines.
The verification tasks consist of the programs that match
product-lines/*.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
c/ReachSafety-Recursive
Contains tasks for which recursive analysis is necessary.
The verification tasks consist of the programs that match
recursive/*.yml recursive-simple/*.yml recursive-with-pointer/*.yml verifythis/prefixsum_rec.yml verifythis/tree_del_rec.yml verifythis/tree_del_rec_incorrect.yml verifythis/tree_max.yml verifythis/tree_max_incorrect.yml verifythis/elimination_max_rec.yml verifythis/elimination_max_rec_onepoint.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
c/ReachSafety-Sequentialized
Contains sequentialized concurrent programs that were derived from SystemC programs. The programs were transformed to pure C programs by incorporating the scheduler into the C code.
The verification tasks consist of the programs that match
systemc/*.yml seq-mthreaded/*.yml seq-mthreaded-reduced/*.yml seq-pthread/*.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
c/ReachSafety-XCSP
Contains tasks from the XCSP_to_C tool benchmark set.
The verification tasks consist of the programs that match
xcsp/*.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
c/ReachSafety-Combinations
Contains programs combined from other sv-benchmark tasks through loose coupling
The verification tasks consist of the programs that match
combinations/*.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
2. MemSafety
This category consists of the following sub-categories.
c/MemSafety-Arrays
Contains tasks for checking memory safety of array-based programs.
The verification tasks consist of the programs that match
array-memsafety/*.yml array-examples/*.yml array-memsafety-realloc/*.yml termination-crafted/Arrays*.yml termination-crafted/LexIndexValue*.yml termination-crafted/NonTermination3-1.yml verifythis/duplets.yml verifythis/elimination_max.yml verifythis/lcp.yml verifythis/prefixsum_iter.yml verifythis/elimination_max_rec.yml verifythis/elimination_max_rec_onepoint.yml
with the specification:
CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) )
c/MemSafety-Heap
Contains tasks for checking memory safety of programs.
The verification tasks consist of the programs that match
memsafety/*.yml memsafety-ext/*.yml memsafety-ext2/*.yml list-ext-properties/*.yml memory-alloca/*.yml ldv-memsafety/*.yml ldv-memsafety-bitfields/*.yml
with the specification:
CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) )
c/MemSafety-LinkedLists
Contains tasks for checking memory safety of programs.
The verification tasks consist of the programs that match
heap-manipulation/*.yml forester-heap/*.yml list-properties/*.yml ddv-machzwd/*.yml list-simple/*.yml list-ext3-properties/*.yml
with the specification:
CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) )
c/MemSafety-Other
Contains tasks for checking memory safety of programs.
The verification tasks consist of the programs that match
loops/*.yml loop-acceleration/*.yml ntdrivers/*.yml ntdrivers-simplified/*.yml locks/*.yml memsafety-ext3/*.yml pthread-memsafety/*.yml memsafety-bftpd/*.yml termination-crafted/4BitCounterPointer.yml termination-crafted/SyntaxSupportPointer*.yml
with the specification:
CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) )
c/MemSafety-Juliet
Contains tasks for checking memory safety of programs from Juliet Test Suite. CWE415_Double_Free CWE476_NULL_Pointer_Dereference CWE121_Stack_Based_Buffer_Overflow CWE401_Memory_Leak CWE590_Free_Memory_Not_on_Heap
The verification tasks consist of the programs that match
Juliet_Test/CWE415*.yml Juliet_Test/CWE476*_int*.yml Juliet_Test/CWE476*_long*.yml Juliet_Test/CWE476*_struct*.yml Juliet_Test/CWE121*rand*.yml Juliet_Test/CWE121*fgets*.yml Juliet_Test/CWE121*large*.yml Juliet_Test/CWE401*__int*.yml Juliet_Test/CWE401*__struct*.yml Juliet_Test/CWE401*__twoIntsStruct*.yml Juliet_Test/CWE590*.yml
with the specification:
CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) )
c/MemSafety-MemCleanup
Contains tasks for checking memory safety of programs.
The verification tasks consist of the programs that match
list-ext-properties/*.yml heap-manipulation/*.yml forester-heap/*.yml list-properties/*.yml list-ext3-properties/*.yml memsafety/*.yml memsafety-bftpd/*.yml verifythis/tree_max.yml verifythis/tree_del_iter.yml verifythis/tree_del_rec.yml
with the specification:
CHECK( init(main()), LTL(G valid-memcleanup) )
3. ConcurrencySafety
This category consists of the following sub-categories.
c/ConcurrencySafety-Main
Contains concurrency problems.
The verification tasks consist of the programs that match
pthread/*.yml pthread-atomic/*.yml pthread-ext/*.yml pthread-wmm/*.yml pthread-lit/*.yml ldv-races/*.yml ldv-linux-3.14-races/*.yml pthread-complex/*.yml pthread-driver-races/*.yml pthread-C-DAC/*.yml pthread-divine/*.yml pthread-nondet/*.yml goblint-regression/*.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
4. NoOverflows
This category consists of the following sub-categories.
c/NoOverflows-BitVectors
Contains tasks for checking if variables of type signed integers overflow.
The verification tasks consist of the programs that match
signedintegeroverflow-regression/*.yml termination-crafted/*.yml termination-crafted-lit/*.yml termination-numeric/*.yml
with the specification:
CHECK( init(main()), LTL(G ! overflow) )
c/NoOverflows-Other
Contains tasks for checking if variables of type signed integers overflow.
The verification tasks consist of the programs that match
recursive/*.yml recursive-simple/*.yml bitvector/*.yml psyco/*.yml loop-zilu/*.yml
with the specification:
CHECK( init(main()), LTL(G ! overflow) )
5. Termination
This category consists of the following sub-categories.
c/Termination-MainControlFlow
Contains programs for which termination should be decided.
The verification tasks consist of the programs that match
termination-crafted/*.yml termination-crafted-lit/*.yml termination-numeric/*.yml termination-restricted-15/*.yml
with the specification:
CHECK( init(main()), LTL(F end) )
c/Termination-MainHeap
Contains programs for which termination should be decided.
The verification tasks consist of the programs that match
termination-dietlibc/*.yml termination-memory-alloca/*.yml termination-memory-linkedlists/*.yml termination-15/*.yml termination-recursive-malloc/*.yml
with the specification:
CHECK( init(main()), LTL(F end) )
c/Termination-Other
Contains programs for which termination should be decided.
The verification tasks consist of the programs that match
array-examples/*.yml array-industry-pattern/*.yml bitvector/*.yml bitvector-regression/*.yml bitvector-loops/*.yml ntdrivers-simplified/*.yml openssl-simplified/*.yml locks/*.yml ntdrivers/*.yml eca-rers2012/*.yml psyco/*.yml floats-cdfpl/*.yml floats-cbmc-regression/*.yml ldv-regression/*.yml list-ext-properties/*.yml list-ext2-properties/*.yml ldv-sets/*.yml loops/*.yml loop-acceleration/*.yml loop-invgen/*.yml loop-lit/*.yml loop-new/*.yml product-lines/*.yml recursive/*.yml recursive-simple/*.yml systemc/*.yml seq-mthreaded/*.yml seq-pthread/*.yml reducercommutativity/*.yml array-memsafety/*.yml memsafety/*.yml memsafety-ext/*.yml ldv-memsafety/*.yml ldv-memsafety-bitfields/*.yml pthread-atomic/*.yml uthash-2.0.2/*.yml
with the specification:
CHECK( init(main()), LTL(F end) )
6. SoftwareSystems
This category consists of several sets of verification tasks. Each of these sets is an own sub-category. While the categories above are collections of rather `academic', or synthesized, example verification tasks, this category aims to represent verification tasks from real software systems.
c/SoftwareSystems-AWS-C-Common-ReachSafety
Contains programs from the AWS C commons library
The verification tasks consist of the programs that match
aws-c-common/*.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
c/SoftwareSystems-BusyBox-MemSafety
Contains problems from the software system BusyBox.
The verification tasks consist of the programs that match
busybox-1.22.0/*.yml
with the specification:
CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) )
c/SoftwareSystems-BusyBox-NoOverflows
Contains problems from the software system BusyBox.
The verification tasks consist of the programs that match
busybox-1.22.0/*.yml
with the specification:
CHECK( init(main()), LTL(G ! overflow) )
c/SoftwareSystems-DeviceDriversLinux64-ReachSafety
Contains problems that require the analysis of pointer aliases and function pointers.
The verification tasks consist of the programs that match
ldv-linux-3.0/*.yml ldv-linux-3.4-simple/*.yml ldv-linux-3.7.3/*.yml ldv-commit-tester/*.yml ldv-consumption/*.yml ldv-linux-3.12-rc1/*.yml ldv-linux-3.16-rc1/*.yml ldv-validator-v0.6/*.yml ldv-validator-v0.8/*.yml ldv-linux-4.2-rc1/*.yml ldv-linux-3.14/*.yml ldv-challenges/*.yml ldv-linux-4.0-rc1-mav/*.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
c/SoftwareSystems-DeviceDriversLinux64Large-ReachSafety
Contains large tasks from the DeviceDrivers64 category (from the LDV project).
The verification tasks consist of the programs that match
ldv-challenges/linux-3.14_complex_emg_linux-alloc-spinlock_drivers-net-ethernet-sfc-sfc.cil.yml ldv-challenges/linux-3.14_complex_emg_linux-kernel-locking-mutex_drivers-net-ethernet-sfc-sfc.cil.yml ldv-challenges/linux-3.14_complex_emg_linux-kernel-locking-spinlock_drivers-net-ethernet-sfc-sfc.cil.yml ldv-challenges/linux-3.14_complex_emg_linux-usb-dev_drivers-net-ethernet-sfc-sfc.cil.yml ldv-linux-3.14/linux-3.14_complex_emg_linux-drivers-clk1_drivers-net-ethernet-sfc-sfc.cil.yml ldv-linux-4.2-rc1/linux-4.2-rc1.tar.xz-08_1a-drivers--gpu--drm--amd--amdgpu--amdgpu.ko-entry_point.cil.out.yml ldv-linux-4.2-rc1/linux-4.2-rc1.tar.xz-08_1a-drivers--gpu--drm--i915--i915.ko-entry_point.cil.out.yml ldv-linux-4.2-rc1/linux-4.2-rc1.tar.xz-32_7a-drivers--gpu--drm--i915--i915.ko-entry_point.cil.out.yml ldv-linux-4.2-rc1/linux-4.2-rc1.tar.xz-32_7a-drivers--vfio--pci--vfio-pci.ko-entry_point.cil.out.yml ldv-linux-4.2-rc1/linux-4.2-rc1.tar.xz-43_2a-drivers--vfio--pci--vfio-pci.ko-entry_point.cil.out.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
c/SoftwareSystems-OpenBSD-MemSafety
Contains problems that require the analysis of memory safety.
The verification tasks consist of the programs that match
openbsd-6.2/*.yml
with the specification:
CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) )
c/SoftwareSystems-uthash-MemSafety
Contains problems from the uthash hashing library.
The verification tasks consist of the programs that match
uthash-2.0.2/*.yml
with the specification:
CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) )
c/SoftwareSystems-uthash-NoOverflows
Contains problems from the uthash hashing library.
The verification tasks consist of the programs that match
uthash-2.0.2/*.yml
with the specification:
CHECK( init(main()), LTL(G ! overflow) )
c/SoftwareSystems-uthash-ReachSafety
Contains problems from the uthash hashing library.
The verification tasks consist of the programs that match
uthash-2.0.2/*.yml
with the specification:
CHECK( init(main()), LTL(G ! call(reach_error())) )
7. C-Overall
The category Overall contains all verification tasks of all above categories. Each above-mentioned main category is an own sub-category in category Overall. (The weighting schema is explained on the rules page.)
8. C-Falsification
The category Falsification consists of all verification tasks with safety properties and the results "correct TRUE" and "incorrect TRUE" are not counted. (The weighting schema is the same as for Overall.)
9. Java-Overall
The category consists of one category that contains a set of verification tasks in Java.
java/ReachSafety-Java
The verification tasks consist of the programs that match
jayhorn-recursive/*.yml jbmc-regression/*.yml jpf-regression/*.yml java-ranger-regression/*.yml java-ranger-regression/WBS/*.yml java-ranger-regression/alarm/*.yml java-ranger-regression/infusion/*.yml java-ranger-regression/siena_eqchk/*.yml java-ranger-regression/replace5_eqchk/*.yml java-ranger-regression/nanoxml_eqchk/*.yml java-ranger-regression/printtokens_eqchk/*.yml MinePump/*.yml algorithms/*.yml juliet-java/*.yml jdart-regression/*.yml
with the specification:
CHECK( init(Main.main()), LTL(G assert) )