Bounded model checking using satisfiability solving. (2001)

by E M Clarke, A Bierea, R Raimi, Y Zhu
Venue:Formal Methods in System Design,
Add To MetaCart
Results 1 - 10 of 195

Lazy Satisfiability Modulo Theories

by Roberto Sebastiani - JOURNAL ON SATISFIABILITY, BOOLEAN MODELING AND COMPUTATION 3 (2007) 141€“224 , 2007
"... Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a first-order formula with respect to some decidable first-order theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingl ..."
Abstract - Cited by 189 (50 self) - Add to MetaCart
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a first-order formula with respect to some decidable first-order theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingly important due to its applications in many domains in different communities, in particular in formal verification. An amount of papers with novel and very efficient techniques for SMT has been published in the last years, and some very efficient SMT tools are now available. Typical SMT (T) problems require testing the satisfiability of formulas which are Boolean combinations of atomic propositions and atomic expressions in T, so that heavy Boolean reasoning must be efficiently combined with expressive theory-specific reasoning. The dominating approach to SMT (T), called lazy approach, is based on the integration of a SAT solver and of a decision procedure able to handle sets of atomic constraints in T (T-solver), handling respectively the Boolean and the theory-specific components of reasoning. Unfortunately, neither the problem of building an efficient SMT solver, nor even that
(Show Context)

Context-bounded model checking of concurrent software

by Shaz Qadeer Jakob Rehof - In TACAS , 2005
"... ..."
Abstract - Cited by 152 (9 self) - Add to MetaCart
Abstract not found
(Show Context)

Lazy theorem proving for bounded model checking over infinite domains

by Leonardo De Moura, Harald Ruess, Maria Sorea , 2002
"... Abstract. We investigate the combination of propositional SAT checkers with domain-specific theorem provers as a foundation for bounded model checking over infinite domains. Given a program M over an infinite state type, a linear temporal logic formula ' with domain-specific constraints over pr ..."
Abstract - Cited by 91 (11 self) - Add to MetaCart
Abstract. We investigate the combination of propositional SAT checkers with domain-specific theorem provers as a foundation for bounded model checking over infinite domains. Given a program M over an infinite state type, a linear temporal logic formula ' with domain-specific constraints over program states, and an upper bound k, our procedure determines if there is a falsifying path of length k to the hypothesis that M satisfies the specification '. This problem can be reduced to the satisfiability of Boolean constraint formulas. Our verification engine for these kinds of formulas is lazy in that propositional abstractions of Boolean constraint formulas are incrementally refined by generating lemmas on demand from an automated analysis of spurious counterexamples using theorem proving. We exemplify bounded model checking for timed automata and for RTL level descriptions, and investigate the lazy integration of SAT solving and theorem proving. 1 Introduction Model checking decides the problem of whether a system satisfies a temporal logic property by exploring the underlying state space. It applies primarily to finite-state systems but also to certain infinite-state systems, and the state space can be represented in symbolic or explicit form. Symbolic model checking has traditionally employed a boolean representation of state sets using binary decision diagrams (BDD) [4] as a way of checking temporal properties, whereas explicit-state model checkers enumerate the set of reachable states of the system.

Verifying Epistemic Properties of Multi-agent Systems via Bounded Model Checking

by W. Penczek, Podlasie Academy, A. Lomuscio , 2003
"... We present a framework for verifying temporal and epistemic properties of multi-agent systems by means of bounded model checking. We use interpreted systems as underlying semantics. We give details of the proposed technique, and show how it can be applied to the "attacking generals problem &qu ..."
Abstract - Cited by 86 (43 self) - Add to MetaCart
We present a framework for verifying temporal and epistemic properties of multi-agent systems by means of bounded model checking. We use interpreted systems as underlying semantics. We give details of the proposed technique, and show how it can be applied to the "attacking generals problem ", a typical example of coordination in multi-agent systems.

Bounded model checking and induction: From refutation to verification (extended abstract, category A

by Leonardo De Moura, Harald Ruess, Maria Sorea - Proceedings of the 15th International Conference on Computer Aided Verification, CAV 2003, volume 2725 of Lecture Notes in Computer Science
"... Abstract. We explore the combination of bounded model checking and induction for proving safety properties of infinite-state systems. In particular, we define a general k-induction scheme and prove completeness thereof. A main characteristic of our methodology is that strengthened invariants are gen ..."
Abstract - Cited by 68 (8 self) - Add to MetaCart
Abstract. We explore the combination of bounded model checking and induction for proving safety properties of infinite-state systems. In particular, we define a general k-induction scheme and prove completeness thereof. A main characteristic of our methodology is that strengthened invariants are generated from failed k-induction proofs. This strengthening step requires quantifier-elimination, and we propose a lazy quantifierelimination procedure, which delays expensive computations of disjunctive normal forms when possible. The effectiveness of induction based on bounded model checking and invariant strengthening is demonstrated using infinite-state systems ranging from communication protocols to timed automata and (linear) hybrid automata. 1 Introduction Bounded model checking (BMC) [5, 4, 7] is often used for refutation, where one systematically searches for counterexamples whose length is bounded by some integer k. The bound k is increased until a bug is found, or some pre-computed completeness threshold is reached. Unfortunately, the computation of completeness thresholds is usually prohibitively expensive and these thresholds may be too large to effectively explore the associated bounded search space. In addition, such completeness thresholds do not exist for many infinite-state systems.
(Show Context)

Engineering an Incremental ASP Solver

by M. Gebser, R. Kaminski, B. Kaufmann, M. Ostrowski, T. Schaub, S. Thiele
"... Abstract. Many real-world applications, like planning or model checking, comprise a parameter reflecting the size of a solution. In a propositional formalism like Answer Set Programming (ASP), such problems can only be dealt with in a bounded way, considering one problem instance after another by gr ..."
Abstract - Cited by 51 (19 self) - Add to MetaCart
Abstract. Many real-world applications, like planning or model checking, comprise a parameter reflecting the size of a solution. In a propositional formalism like Answer Set Programming (ASP), such problems can only be dealt with in a bounded way, considering one problem instance after another by gradually increasing the bound on the solution size. We thus propose an incremental approach to both grounding and solving in ASP. Our goal is to avoid redundancy by gradually processing the extensions to a problem rather than repeatedly re-processing the entire (extended) problem. We start by furnishing a formal framework capturing our incremental approach in terms of module theory. In turn, we take advantage of this framework for guiding the successive treatment of program slices during grounding and solving. Finally, we describe the first integrated incremental ASP system, iclingo, and provide an experimental evaluation. 1
(Show Context)

Proving non-termination

by Ashutosh K. Gupta, Thomas A. Henzinger, Rupak Majumdar, Andrey Rybalchenko, Ru-gang Xu - In POPL , 2008
"... The search for proof and the search for counterexamples (bugs) are complementary activities that need to be pursued concurrently in order to maximize the practical success rate of verification tools. While this is well-understood in safety verification, the current focus of liveness verification has ..."
Abstract - Cited by 46 (7 self) - Add to MetaCart
The search for proof and the search for counterexamples (bugs) are complementary activities that need to be pursued concurrently in order to maximize the practical success rate of verification tools. While this is well-understood in safety verification, the current focus of liveness verification has been almost exclusively on the search for termination proofs. A counterexample to termination is an infinite program execution. In this paper, we propose a method to search for such counterexamples. The search proceeds in two phases. We first dynamically enumerate lasso-shaped candidate paths for counterexamples, and then statically prove their feasibil-ity. We illustrate the utility of our nontermination prover, called TNT, on several nontrivial examples, some of which require bit-level reasoning about integer representations.
(Show Context)

An overview of the SATURN project

by Alex Aiken, Suhabe Bugrara, Isil Dillig, Thomas Dillig, Brian Hackett, Peter Hawkins - In Proceedings of the 7th ACM SIGPLANSIGSOFT workshop on , 2007
"... We present an overview of the Saturn program analysis system, including a rationale for three major design decisions: the use of function-at-a-time, or summary-based, analysis, the use of con-straints, and the use of a logic programming language to express program analysis algorithms. We argue that ..."
Abstract - Cited by 44 (15 self) - Add to MetaCart
We present an overview of the Saturn program analysis system, including a rationale for three major design decisions: the use of function-at-a-time, or summary-based, analysis, the use of con-straints, and the use of a logic programming language to express program analysis algorithms. We argue that the combination of summaries and constraints allows Saturn to achieve both great scal-ability and great precision, while the use of a logic programming language with constraints allows for succinct, high-level expression of program analyses.
(Show Context)

Predicate abstraction for reachability analysis of hybrid systems

by Rajeev Alur - ACM Trans. Embedded Comput. Syst , 2006
"... Embedded systems are increasingly finding their way into a growing range of physical devices. These embedded systems often consist of a collection of software threads interacting concurrently with each other and with a physical, continuous environment. While continuous dynamics have been well studie ..."
Abstract - Cited by 41 (3 self) - Add to MetaCart
Embedded systems are increasingly finding their way into a growing range of physical devices. These embedded systems often consist of a collection of software threads interacting concurrently with each other and with a physical, continuous environment. While continuous dynamics have been well studied in control theory, and discrete and distributed systems have been investigated in computer science, the combination of the two complexities leads us to the recent research on hybrid systems. This paper addresses the formal analysis of such hybrid systems. Predicate abstraction has emerged to be a powerful technique for extracting finite-state models from infinite-state discrete programs. This paper presents algorithms and tools for reachability analysis of hybrid systems by combining the notion of predicate abstraction with recent techniques for approximating the set of reachable states of linear systems using polyhedra. Given a hybrid system and a set of predicates, we consider the finite discrete quotient whose states correspond to all possible truth assignments to the input predicates. The tool performs an on-the-fly exploration of the abstract system. We present the basic techniques for guided search in the abstract statespace, optimizations of these techniques, implementation of these in our verifier, and case studies demonstrating the promise of the approach. We also address the completeness of our abstractionbased verification strategy by showing that predicate abstraction of hybrid systems can be used to prove bounded safety.
(Show Context)

Propositional Satisfiability and Constraint Programming: a Comparative Survey

by Lucas Bordeaux, Youssef Hamadi, Lintao Zhang - ACM Computing Surveys , 2006
"... Propositional Satisfiability (SAT) and Constraint Programming (CP) have developed as two relatively independent threads of research, cross-fertilising occasionally. These two approaches to problem solving have a lot in common, as evidenced by similar ideas underlying the branch and prune algorithms ..."
Abstract - Cited by 38 (4 self) - Add to MetaCart
Propositional Satisfiability (SAT) and Constraint Programming (CP) have developed as two relatively independent threads of research, cross-fertilising occasionally. These two approaches to problem solving have a lot in common, as evidenced by similar ideas underlying the branch and prune algorithms that are most successful at solving both kinds of problems. They also exhibit differences in the way they are used to state and solve problems, since SAT’s approach is in general a black-box approach, while CP aims at being tunable and programmable. This survey overviews the two areas in a comparative way, emphasising the similarities and differences between the two and the points where we feel that one technology can benefit from ideas or experience acquired