Results 1  10
of
34
Lazy Satisfiability Modulo Theories
 JOURNAL ON SATISFIABILITY, BOOLEAN MODELING AND COMPUTATION 3 (2007) 141Â224
, 2007
"... Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingl ..."
Abstract

Cited by 189 (50 self)
 Add to MetaCart
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingly important due to its applications in many domains in different communities, in particular in formal verification. An amount of papers with novel and very efficient techniques for SMT has been published in the last years, and some very efficient SMT tools are now available. Typical SMT (T) problems require testing the satisfiability of formulas which are Boolean combinations of atomic propositions and atomic expressions in T, so that heavy Boolean reasoning must be efficiently combined with expressive theoryspecific reasoning. The dominating approach to SMT (T), called lazy approach, is based on the integration of a SAT solver and of a decision procedure able to handle sets of atomic constraints in T (Tsolver), handling respectively the Boolean and the theoryspecific components of reasoning. Unfortunately, neither the problem of building an efficient SMT solver, nor even that
MONA Implementation Secrets
, 2000
"... The MONA tool provides an implementation of the decision procedures for the logics WS1S and WS2S. It has been used for numerous applications, and it is remarkably efficient in practice, even though it faces a theoretically nonelementary worstcase complexity. The implementation has matured over a p ..."
Abstract

Cited by 84 (6 self)
 Add to MetaCart
(Show Context)
The MONA tool provides an implementation of the decision procedures for the logics WS1S and WS2S. It has been used for numerous applications, and it is remarkably efficient in practice, even though it faces a theoretically nonelementary worstcase complexity. The implementation has matured over a period of six years. Compared to the first naive version, the present tool is faster by several orders of magnitude. This speedup is obtained from many different contributions working on all levels of the compilation and execution of formulas. We present a selection of implementation "secrets" that have been discovered and tested over the years, including formula reductions, DAGification, guided tree automata, threevalued logic, eager minimization, BDDbased automata representations, and cacheconscious data structures. We describe these techniques and quantify their respective effects by experimenting with separate versions of the MONA tool that in turn omit each of them.
Safraless Decision Procedures
, 2005
"... The automatatheoretic approach is one of the most fundamental approaches to developing decision procedures in mathematical logics. To decide whether a formula in a logic with the treemodel property is satisfiable, one constructs an automaton that accepts all (or enough) tree models of the formu ..."
Abstract

Cited by 83 (24 self)
 Add to MetaCart
The automatatheoretic approach is one of the most fundamental approaches to developing decision procedures in mathematical logics. To decide whether a formula in a logic with the treemodel property is satisfiable, one constructs an automaton that accepts all (or enough) tree models of the formula and then checks that the language of this automaton is nonempty. The standard approach translates formulas into alternating parity tree automata, which are then translated, via Safra's determinization construction, into nondeterministic parity automata. This approach is not amenable to implementation because of the difficulty of implementing Safra's construction and the nonemptiness test for nondeterministic parity tree automata. In this
Synthesizing Distributed Systems
, 2001
"... In system synthesis, we transform a specication into a system that is guaranteed to satisfy the speci cation. When the system is distributed, the goal is to construct the system's underlying processes. Results on multiplayer games imply that the synthesis problem for linear specications is un ..."
Abstract

Cited by 68 (1 self)
 Add to MetaCart
In system synthesis, we transform a specication into a system that is guaranteed to satisfy the speci cation. When the system is distributed, the goal is to construct the system's underlying processes. Results on multiplayer games imply that the synthesis problem for linear specications is undecidable for general architectures, and is nonelementary decidable for hierarchical architectures, where the processes are linearly ordered and information among them ows in one direction. In this paper we present a signicant extension of this result. We handle both linear and branching specications, and we show that a sucient condition for decidability of the synthesis problem is a linear or cyclic order among the processes, in which information ows in either one or both directions. We also allow the processes to have internal hidden variables, and we consider communications with and without delay. Many practical applications fall into this class. 1 Introduction In system synthesis, we...
Salsa: Combining Constraint Solvers with BDDs for Automatic Invariant Checking
, 2000
"... . Salsa is an invariant checker for specifications in SAL (the SCR Abstract Language). To establish a formula as an invariant without any user guidance Salsa carries out an induction proof that utilizes tightly integrated decision procedures, currently a combination of BDD algorithms and a const ..."
Abstract

Cited by 39 (13 self)
 Add to MetaCart
(Show Context)
. Salsa is an invariant checker for specifications in SAL (the SCR Abstract Language). To establish a formula as an invariant without any user guidance Salsa carries out an induction proof that utilizes tightly integrated decision procedures, currently a combination of BDD algorithms and a constraint solver for integer linear arithmetic, for discharging the verification conditions. The user interface of Salsa is designed to mimic the interfaces of model checkers; i.e., given a formula and a system description, Salsa either establishes the formula as an invariant of the system (but returns no proof) or provides a counterexample. In either case, the algorithm will terminate. Unlike model checkers, Salsa returns a state pair as a counterexample and not an execution sequence. Also, due to the incompleteness of induction, users must validate the counterexamples. The use of induction enables Salsa to combat the state explosion problem that plagues model checkers  it can handle...
Safraless compositional synthesis
 In CAV
, 2006
"... Abstract. In automated synthesis, we transform a specification into a system that is guaranteed to satisfy the specification. In spite of the rich theory developed for system synthesis, little of this theory has been reduced to practice. This is in contrast with of modelchecking theory, which has l ..."
Abstract

Cited by 28 (9 self)
 Add to MetaCart
Abstract. In automated synthesis, we transform a specification into a system that is guaranteed to satisfy the specification. In spite of the rich theory developed for system synthesis, little of this theory has been reduced to practice. This is in contrast with of modelchecking theory, which has led to industrial development and use of formal verification tools. We see two main reasons for the lack of practical impact of synthesis. The first is algorithmic: synthesis involves Safra’s determinization of automata on infinite words, and a solution of parity games with highly complex state spaces; both problems have been notoriously resistant to efficient implementation. The second is methodological: current theory of synthesis assumes a single comprehensive specification. In practice, however, the specification is composed of a set of properties, which is typically evolving – properties may be added, deleted, or modified. In this work we address both issues. We extend the Safraless synthesis algorithm of Kupferman and Vardi so that it handles LTL formulas by translating them to nondeterministic generalized Büchi automata. This leads to an exponential improvement in the complexity of the algorithm. Technically, our algorithm reduces the synthesis problem to the emptiness problem of a nondeterministic Büchi tree automaton A. The generation of A avoids determinization, avoids the parity acceptance condition, and is based on an analysis of runs of universal generalized coBüchi tree automata. The clean and simple structure of A enables optimizations and a symbolic implementation. In addition, it makes it possible to use information gathered during the synthesis process of properties in the process of synthesizing their conjunction. 1
An Overview of Formal Verification for the TimeTriggered Architecture
, 2002
"... We describe formal verification of some of the key algorithms in the TimeTriggered Architecture (TTA) for realtime safetycritical control applications. ..."
Abstract

Cited by 25 (3 self)
 Add to MetaCart
(Show Context)
We describe formal verification of some of the key algorithms in the TimeTriggered Architecture (TTA) for realtime safetycritical control applications.
Deciding Presburger Arithmetic by Model Checking and Comparisons with Other Methods
 In Proceedings of FMCAD 02
, 2002
"... We present a new way of using Binary Decision Diagrams in automata based algorithms for solving the satisfiability problem of quantifierfree Presburger arithmetic. Unlike in previous approaches [5, 2, 19], we translate the satisfiability problem into a model checking problem and use the existing ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
(Show Context)
We present a new way of using Binary Decision Diagrams in automata based algorithms for solving the satisfiability problem of quantifierfree Presburger arithmetic. Unlike in previous approaches [5, 2, 19], we translate the satisfiability problem into a model checking problem and use the existing BDDbased model checker SMV [13] as our primary engine.
Automata Based Symbolic Reasoning in Hardware Verification
, 1998
"... . We present a new approach to hardware verification based on describing circuits in Monadic Secondorder Logic (M2L). We show how to use this logic to represent generic designs like nbit adders, which are parameterized in space, and sequential circuits, where time is an unbounded parameter. M2L ad ..."
Abstract

Cited by 20 (11 self)
 Add to MetaCart
. We present a new approach to hardware verification based on describing circuits in Monadic Secondorder Logic (M2L). We show how to use this logic to represent generic designs like nbit adders, which are parameterized in space, and sequential circuits, where time is an unbounded parameter. M2L admits a decision procedure, implemented in the Mona tool [17], which reduces formulas to canonical automata. The decision problem for M2L is nonelementary decidable and thus unlikely to be usable in practice. However, we have used Mona to automatically verify, or find errors in, a number of circuits studied in the literature. Previously published machine proofs of the same circuits are based on deduction and may involve substantial interaction with the user. Moreover, our approach is orders of magnitude faster for the examples considered. We show why the underlying computations are feasible and how our use of Mona generalizes standard BDDbased hardware reasoning. 1. Introduction Correctnes...
Reasoning About Strategies: On the ModelChecking Problem
, 2011
"... In open systems veri cation, to formally check for reliability, one needs an appropriate formalism to model the interaction between agents and express the correctness of the system no matter how the environment behaves. An important contribution in this context is given by modal logics for strategic ..."
Abstract

Cited by 19 (15 self)
 Add to MetaCart
In open systems veri cation, to formally check for reliability, one needs an appropriate formalism to model the interaction between agents and express the correctness of the system no matter how the environment behaves. An important contribution in this context is given by modal logics for strategic ability, in the setting of multiagent games, such as Atl, Atl ∗ , and the like. Recently, Chatterjee, Henzinger, and Piterman introduced Strategy Logic, which we denote here by CHPSl, with the aim of getting a powerful framework for reasoning explicitly about strategies. CHPSl is obtained by using rstorder quanti cations over strategies and has been investigated in the very speci c setting of twoagents turnedbased games, where a nonelementary modelchecking algorithm has been provided. While CHPSl is a very expressive logic, we claim that it does not fully capture the strategic aspects of multiagent systems. In this paper, we introduce and study a more general strategy logic, denoted Sl, for reasoning about strategies in multiagent concurrent games. We prove that Sl includes CHPSl, while maintaining a decidable modelchecking problem. In particular, the algorithm we propose is computationally not harder than the best one known for CHPSl. Moreover, we prove that such a problem for Sl is NonElementarySpacehard. This negative result has spurred us to investigate here syntactic fragments of Sl, strictly subsuming Atl ∗ , with the hope of obtaining an elementary modelchecking problem. Among the others, we study the