Results 1  10
of
190
Lazy Satisfiability Modulo Theories
 JOURNAL ON SATISFIABILITY, BOOLEAN MODELING AND COMPUTATION 3 (2007) 141Â224
, 2007
"... Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingl ..."
Abstract

Cited by 181 (47 self)
 Add to MetaCart
(Show Context)
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingly important due to its applications in many domains in different communities, in particular in formal verification. An amount of papers with novel and very efficient techniques for SMT has been published in the last years, and some very efficient SMT tools are now available. Typical SMT (T) problems require testing the satisfiability of formulas which are Boolean combinations of atomic propositions and atomic expressions in T, so that heavy Boolean reasoning must be efficiently combined with expressive theoryspecific reasoning. The dominating approach to SMT (T), called lazy approach, is based on the integration of a SAT solver and of a decision procedure able to handle sets of atomic constraints in T (Tsolver), handling respectively the Boolean and the theoryspecific components of reasoning. Unfortunately, neither the problem of building an efficient SMT solver, nor even that
Lazy theorem proving for bounded model checking over infinite domains
, 2002
"... Abstract. We investigate the combination of propositional SAT checkers with domainspecific theorem provers as a foundation for bounded model checking over infinite domains. Given a program M over an infinite state type, a linear temporal logic formula ' with domainspecific constraints over pr ..."
Abstract

Cited by 90 (11 self)
 Add to MetaCart
Abstract. We investigate the combination of propositional SAT checkers with domainspecific theorem provers as a foundation for bounded model checking over infinite domains. Given a program M over an infinite state type, a linear temporal logic formula ' with domainspecific constraints over program states, and an upper bound k, our procedure determines if there is a falsifying path of length k to the hypothesis that M satisfies the specification '. This problem can be reduced to the satisfiability of Boolean constraint formulas. Our verification engine for these kinds of formulas is lazy in that propositional abstractions of Boolean constraint formulas are incrementally refined by generating lemmas on demand from an automated analysis of spurious counterexamples using theorem proving. We exemplify bounded model checking for timed automata and for RTL level descriptions, and investigate the lazy integration of SAT solving and theorem proving. 1 Introduction Model checking decides the problem of whether a system satisfies a temporal logic property by exploring the underlying state space. It applies primarily to finitestate systems but also to certain infinitestate systems, and the state space can be represented in symbolic or explicit form. Symbolic model checking has traditionally employed a boolean representation of state sets using binary decision diagrams (BDD) [4] as a way of checking temporal properties, whereas explicitstate model checkers enumerate the set of reachable states of the system.
Verifying Epistemic Properties of Multiagent Systems via Bounded Model Checking
, 2003
"... We present a framework for verifying temporal and epistemic properties of multiagent systems by means of bounded model checking. We use interpreted systems as underlying semantics. We give details of the proposed technique, and show how it can be applied to the "attacking generals problem &qu ..."
Abstract

Cited by 84 (41 self)
 Add to MetaCart
We present a framework for verifying temporal and epistemic properties of multiagent systems by means of bounded model checking. We use interpreted systems as underlying semantics. We give details of the proposed technique, and show how it can be applied to the "attacking generals problem ", a typical example of coordination in multiagent systems.
Bounded model checking and induction: From refutation to verification (extended abstract, category A
 Proceedings of the 15th International Conference on Computer Aided Verification, CAV 2003, volume 2725 of Lecture Notes in Computer Science
"... Abstract. We explore the combination of bounded model checking and induction for proving safety properties of infinitestate systems. In particular, we define a general kinduction scheme and prove completeness thereof. A main characteristic of our methodology is that strengthened invariants are gen ..."
Abstract

Cited by 67 (8 self)
 Add to MetaCart
(Show Context)
Abstract. We explore the combination of bounded model checking and induction for proving safety properties of infinitestate systems. In particular, we define a general kinduction scheme and prove completeness thereof. A main characteristic of our methodology is that strengthened invariants are generated from failed kinduction proofs. This strengthening step requires quantifierelimination, and we propose a lazy quantifierelimination procedure, which delays expensive computations of disjunctive normal forms when possible. The effectiveness of induction based on bounded model checking and invariant strengthening is demonstrated using infinitestate systems ranging from communication protocols to timed automata and (linear) hybrid automata. 1 Introduction Bounded model checking (BMC) [5, 4, 7] is often used for refutation, where one systematically searches for counterexamples whose length is bounded by some integer k. The bound k is increased until a bug is found, or some precomputed completeness threshold is reached. Unfortunately, the computation of completeness thresholds is usually prohibitively expensive and these thresholds may be too large to effectively explore the associated bounded search space. In addition, such completeness thresholds do not exist for many infinitestate systems.
Engineering an Incremental ASP Solver
"... Abstract. Many realworld applications, like planning or model checking, comprise a parameter reflecting the size of a solution. In a propositional formalism like Answer Set Programming (ASP), such problems can only be dealt with in a bounded way, considering one problem instance after another by gr ..."
Abstract

Cited by 52 (20 self)
 Add to MetaCart
(Show Context)
Abstract. Many realworld applications, like planning or model checking, comprise a parameter reflecting the size of a solution. In a propositional formalism like Answer Set Programming (ASP), such problems can only be dealt with in a bounded way, considering one problem instance after another by gradually increasing the bound on the solution size. We thus propose an incremental approach to both grounding and solving in ASP. Our goal is to avoid redundancy by gradually processing the extensions to a problem rather than repeatedly reprocessing the entire (extended) problem. We start by furnishing a formal framework capturing our incremental approach in terms of module theory. In turn, we take advantage of this framework for guiding the successive treatment of program slices during grounding and solving. Finally, we describe the first integrated incremental ASP system, iclingo, and provide an experimental evaluation. 1
Proving nontermination
 In POPL
, 2008
"... The search for proof and the search for counterexamples (bugs) are complementary activities that need to be pursued concurrently in order to maximize the practical success rate of verification tools. While this is wellunderstood in safety verification, the current focus of liveness verification has ..."
Abstract

Cited by 47 (7 self)
 Add to MetaCart
(Show Context)
The search for proof and the search for counterexamples (bugs) are complementary activities that need to be pursued concurrently in order to maximize the practical success rate of verification tools. While this is wellunderstood in safety verification, the current focus of liveness verification has been almost exclusively on the search for termination proofs. A counterexample to termination is an infinite program execution. In this paper, we propose a method to search for such counterexamples. The search proceeds in two phases. We first dynamically enumerate lassoshaped candidate paths for counterexamples, and then statically prove their feasibility. We illustrate the utility of our nontermination prover, called TNT, on several nontrivial examples, some of which require bitlevel reasoning about integer representations.
An overview of the SATURN project
 In Proceedings of the 7th ACM SIGPLANSIGSOFT workshop on
, 2007
"... We present an overview of the Saturn program analysis system, including a rationale for three major design decisions: the use of functionatatime, or summarybased, analysis, the use of constraints, and the use of a logic programming language to express program analysis algorithms. We argue that ..."
Abstract

Cited by 44 (15 self)
 Add to MetaCart
(Show Context)
We present an overview of the Saturn program analysis system, including a rationale for three major design decisions: the use of functionatatime, or summarybased, analysis, the use of constraints, and the use of a logic programming language to express program analysis algorithms. We argue that the combination of summaries and constraints allows Saturn to achieve both great scalability and great precision, while the use of a logic programming language with constraints allows for succinct, highlevel expression of program analyses.
Predicate abstraction for reachability analysis of hybrid systems
 ACM Trans. Embedded Comput. Syst
, 2006
"... Embedded systems are increasingly finding their way into a growing range of physical devices. These embedded systems often consist of a collection of software threads interacting concurrently with each other and with a physical, continuous environment. While continuous dynamics have been well studie ..."
Abstract

Cited by 39 (3 self)
 Add to MetaCart
(Show Context)
Embedded systems are increasingly finding their way into a growing range of physical devices. These embedded systems often consist of a collection of software threads interacting concurrently with each other and with a physical, continuous environment. While continuous dynamics have been well studied in control theory, and discrete and distributed systems have been investigated in computer science, the combination of the two complexities leads us to the recent research on hybrid systems. This paper addresses the formal analysis of such hybrid systems. Predicate abstraction has emerged to be a powerful technique for extracting finitestate models from infinitestate discrete programs. This paper presents algorithms and tools for reachability analysis of hybrid systems by combining the notion of predicate abstraction with recent techniques for approximating the set of reachable states of linear systems using polyhedra. Given a hybrid system and a set of predicates, we consider the finite discrete quotient whose states correspond to all possible truth assignments to the input predicates. The tool performs an onthefly exploration of the abstract system. We present the basic techniques for guided search in the abstract statespace, optimizations of these techniques, implementation of these in our verifier, and case studies demonstrating the promise of the approach. We also address the completeness of our abstractionbased verification strategy by showing that predicate abstraction of hybrid systems can be used to prove bounded safety.
Propositional Satisfiability and Constraint Programming: a Comparative Survey
 ACM Computing Surveys
, 2006
"... Propositional Satisfiability (SAT) and Constraint Programming (CP) have developed as two relatively independent threads of research, crossfertilising occasionally. These two approaches to problem solving have a lot in common, as evidenced by similar ideas underlying the branch and prune algorithms ..."
Abstract

Cited by 38 (4 self)
 Add to MetaCart
Propositional Satisfiability (SAT) and Constraint Programming (CP) have developed as two relatively independent threads of research, crossfertilising occasionally. These two approaches to problem solving have a lot in common, as evidenced by similar ideas underlying the branch and prune algorithms that are most successful at solving both kinds of problems. They also exhibit differences in the way they are used to state and solve problems, since SAT’s approach is in general a blackbox approach, while CP aims at being tunable and programmable. This survey overviews the two areas in a comparative way, emphasising the similarities and differences between the two and the points where we feel that one technology can benefit from ideas or experience acquired