Results 1  10
of
41
Towards SMT model checking of arraybased systems
, 2008
"... Abstract. We introduce the notion of arraybased system as a suitable abstraction of infinite state systems such as broadcast protocols or sorting programs. By using a class of quantifiedfirst order formulae to symbolically represent arraybased systems, we propose methods to check safety (invaria ..."
Abstract

Cited by 25 (15 self)
 Add to MetaCart
(Show Context)
Abstract. We introduce the notion of arraybased system as a suitable abstraction of infinite state systems such as broadcast protocols or sorting programs. By using a class of quantifiedfirst order formulae to symbolically represent arraybased systems, we propose methods to check safety (invariance) and liveness (recurrence) properties on top of Satisfiability Modulo Theories solvers. We find hypotheses under which the verification procedures for such properties can be fully mechanized. 1
MCMT: A Model Checker Modulo Theories
 In Proc. of IJCAR 2010, LNCS
, 2010
"... Abstract. We describe mcmt, a fully declarative and deductive symbolic model checker for safety properties of infinite state systems whose state variables are arrays. Theories specify the properties of the indexes and the elements of the arrays. Sets of states and transitions of a system are descr ..."
Abstract

Cited by 20 (11 self)
 Add to MetaCart
Abstract. We describe mcmt, a fully declarative and deductive symbolic model checker for safety properties of infinite state systems whose state variables are arrays. Theories specify the properties of the indexes and the elements of the arrays. Sets of states and transitions of a system are described by quantified firstorder formulae. The core of the system is a backward reachability procedure which symbolically computes preimages of the set of unsafe states and checks for safety and fixpoints by solving Satisfiability Modulo Theories (SMT) problems. Besides standard SMT techniques, efficient heuristics for quantifier instantiation, specifically tailored to model checking, are at the very heart of the system. mcmt has been successfully applied to the verification of imperative programs, parametrised, timed, and distributed systems. 1
Handling Parameterized Systems with NonAtomic Global Conditions
"... We consider verification of safety properties for parameterized systems with linear topologies. A process in the system is an extended automaton, where the transitions are guarded by both local and global conditions. The global conditions are nonatomic, i.e., a process allows arbitrary interleaving ..."
Abstract

Cited by 14 (9 self)
 Add to MetaCart
(Show Context)
We consider verification of safety properties for parameterized systems with linear topologies. A process in the system is an extended automaton, where the transitions are guarded by both local and global conditions. The global conditions are nonatomic, i.e., a process allows arbitrary interleavings with other transitions while checking the states of all (or some) of the other processes. We translate the problem into model checking of infinite transition systems where each configuration is a labeled finite graph. We derive an overapproximation of the induced transition system, which leads to a symbolic scheme for analyzing safety properties. We have implemented a prototype and run it on several nontrivial case studies, namely nonatomic versions of Burn’s protocol, Dijkstra’s protocol, the Bakery algorithm, Lamport’s distributed mutual exclusion protocol, and a twophase commit protocol used for handling transactions in distributed systems. As far as we know, these protocols have not previously been verified in a fully automated framework. 1
Goaldirected Invariant Synthesis for Model Checking Modulo Theories
, 2009
"... Abstract. We are interested in automatically proving safety properties of infinite state systems. We present a technique for invariant synthesis which can be incorporated in backward reachability analysis. The main theoretical result ensures that (under suitable hypotheses) our method is guaranteed ..."
Abstract

Cited by 9 (9 self)
 Add to MetaCart
(Show Context)
Abstract. We are interested in automatically proving safety properties of infinite state systems. We present a technique for invariant synthesis which can be incorporated in backward reachability analysis. The main theoretical result ensures that (under suitable hypotheses) our method is guaranteed to find an invariant if one exists. We also discuss heuristics that allow us to derive an implementation of the technique showing remarkable speedups on a significant set of safety problems in parametrised systems. c©SpringerVerlag 2009 1
LightWeight SMTbased ModelChecking
 In AVOCS 0708, ENTCS
, 2008
"... Recently, the notion of an arraybased system has been introduced as an abstraction of infinite state systems (such as mutual exclusion protocols or sorting programs) which allows for model checking of invariant (safety) and recurrence (liveness) properties by Satisfiability Modulo Theories (SMT) t ..."
Abstract

Cited by 8 (8 self)
 Add to MetaCart
(Show Context)
Recently, the notion of an arraybased system has been introduced as an abstraction of infinite state systems (such as mutual exclusion protocols or sorting programs) which allows for model checking of invariant (safety) and recurrence (liveness) properties by Satisfiability Modulo Theories (SMT) techniques. Unfortunately, the use of quantified firstorder formulae to describe sets of states makes fixpoint checking extremely expensive. In this paper, we show how invariant properties for a subclass of arraybased systems can be modelchecked by a backward reachability algorithm where the length of quantifier prefixes is efficiently controlled by suitable heuristics. We also present various refinements of the reachability algorithm that allows it to be easily implemented in a clientserver architecture, where a “lightweight ” algorithm is the client generating proof obligations for safety and fixpoint checks and an SMT solver plays the role of the server discharging the proof obligations. We also report on some encouraging preliminary experiments with a prototype implementation of our approach.
S.: Verification of gaporder constraint abstractions of counter systems
"... Abstract. We investigate verification problems for gaporder constraint systems (GCS), an (infinitelybranching) abstract model of counter machines, in which constraints (over Z) between the variables of the source state and the target state of a transition are gaporder constraints (GC) [27].GCS ex ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We investigate verification problems for gaporder constraint systems (GCS), an (infinitelybranching) abstract model of counter machines, in which constraints (over Z) between the variables of the source state and the target state of a transition are gaporder constraints (GC) [27].GCS extend monotonicity constraint systems [5], integral relation automata [12], and constraint automata in [15]. First, we show that checking the existence of infinite runs in GCS satisfying acceptance conditions àlaBüchi (fairness problem) is decidable and PSPACEcomplete. Next, we consider a constrained branchingtime logic, GCCTL ∗ , obtained by enriching CTL ∗ with GC, thus enabling expressive properties and subsuming the setting of [12]. We establish that, while modelchecking GCS against the universal fragment of GCCTL ∗ is undecidable, modelchecking against the existential fragment, and satisfiability of both the universal and existential fragments are instead decidable and PSPACEcomplete (note that the two fragments are not dual since GC are not closed under negation). Moreover, our results imply PSPACEcompleteness of the verification problems investigated and shown to be decidable in [12], but for which no elementary upper bounds are known. 1
Model Checking Modulo Theory at work: the intergration
 of Yices in MCMT. In AFM (colocated with CAV09
, 2009
"... Recently, the notion of an arraybased system has been introduced as an abstraction of infinite state systems (such as parametrised systems) which allows for model checking safety properties by SMT solving. Unfortunately, the use of quantified firstorder formulae to describe sets of states makes c ..."
Abstract

Cited by 7 (7 self)
 Add to MetaCart
(Show Context)
Recently, the notion of an arraybased system has been introduced as an abstraction of infinite state systems (such as parametrised systems) which allows for model checking safety properties by SMT solving. Unfortunately, the use of quantified firstorder formulae to describe sets of states makes checking for fixpoint and unsafety extremely expensive. In this paper, we describe (static and dynamic) techniques to overcome this problem which have been implemented in the (declarative) model checker mcmt. We describe how such techniques have been combined with Yices (the backend SMT solver) and discuss some interesting experimental results.
MONOTONIC ABSTRACTION (ON EFFICIENT VERIFICATION OF PARAMETERIZED SYSTEMS)
, 2009
"... We introduce the simple and efficient method of monotonic abstraction to prove safety properties for parameterized systems with linear topologies. A process in the system is a finitestate automaton, where the transitions are guarded by both local and global conditions. Processes may communicate via ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
We introduce the simple and efficient method of monotonic abstraction to prove safety properties for parameterized systems with linear topologies. A process in the system is a finitestate automaton, where the transitions are guarded by both local and global conditions. Processes may communicate via broadcast, rendezvous and shared variables over finite domains. The method of monotonic abstraction derives an overapproximation of the induced transition system that allows the use of a simple class of regular expressions as a symbolic representation. Compared to traditional regular model checking methods, the analysis does not require the manipulation of transducers, and hence its simplicity and efficiency. We have implemented a prototype that works well on several mutual exclusion algorithms and cache coherence protocols. 1.
Parameterized tree systems
 FORTE
"... Abstract. Several recent works have considered parameterized verification, i.e. automatic verification of systems consisting of an arbitrary number of finitestate processes organized in a linear array. The aim of this paper is to extend these works by giving a simple and efficient method to prove ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Several recent works have considered parameterized verification, i.e. automatic verification of systems consisting of an arbitrary number of finitestate processes organized in a linear array. The aim of this paper is to extend these works by giving a simple and efficient method to prove safety properties for systems with treelike architectures. A process in the system is a finitestate automaton and a transition is performed jointly by a process and its parent and children processes. The method derives an overapproximation of the induced transition system, which allows the use of finite trees as symbolic representations of infinite sets of configurations. Compared to traditional methods for parameterized verification of systems with tree topologies, our method does not require the manipulation of tree transducers, hence its simplicity and efficiency. We have implemented a prototype which works well on several nontrivial treebased protocols.
A small model theorem for rectangular hybrid automata networks
 In FORTE/FMOODS, H. Giese and
, 2012
"... Abstract. Rectangular hybrid automata (RHA) are finite state machines with additional skewed clocks that are useful for modeling realtime systems. This paper is concerned with the uniform verification of safety properties of networks with arbitrarily many interacting RHAs. Each automaton is equipp ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Rectangular hybrid automata (RHA) are finite state machines with additional skewed clocks that are useful for modeling realtime systems. This paper is concerned with the uniform verification of safety properties of networks with arbitrarily many interacting RHAs. Each automaton is equipped with a finite collection of pointers to other automata that enables it to read their state. This paper presents a small model result for such networks that reduces the verification problem for a system with arbitrarily many processes to a system with finitely many processes. The result is applied to verify and discover counterexamples of inductive invariant properties for distributed protocols like Fischer’s mutual exclusion algorithm and the Small Aircraft Transportation System (SATS). We have implemented a prototype tool called Passel relying on the satisfiability modulo theories (SMT) solver Z3 to check inductive invariants automatically.