Backward reachability of array-based systems by smt solving: Termination and invariant synthesis

Logical Methods in Computer Science

Volumn 6, Issue 4, 2010, Pages 1-48

  Silvio, Ghilardi ^a   Ranise, Silvio ^b  

^a UNIVERSITY OF MILAN   (Italy)

^b ITC IRST   (Italy)

Author keywords

Backward reachability; Infinite state model checking; Invariant synthesis; Satisfiability modulo theories

Indexed keywords

MACHINERY;

BACKWARD REACHABILITY; INFINITE STATE MODEL CHECKING; INFINITE STATE SYSTEMS; MODEL CHECKER; SAFETY PROBLEMS; SAFETY PROPERTY; SATISFIABILITY MODULO THEORIES; SEARCH SPACES;

MODEL CHECKING;

EID: 79951864962     PISSN: None     EISSN: 18605974     Source Type: Journal    
DOI: 10.2168/LMCS-6(4:10)2010     Document Type: Article

References (56)

1. P. A. Abdulla, K. Cerans, B. Jonsson, and Y.-K. Tsay. General decidability theorems for infinite-state systems. In Proc. of LICS, pages 313-321, 1996.
2. P. A. Abdulla, G. Delzanno, N. B. Henda, and A. Rezine. Regular model checking without transducers. In TACAS, volume 4424 of LNCS, pages 721-736, 2007.
3. P. A. Abdulla, G. Delzanno, and A. Rezine. Parameterized Verification of infinite-state processes with global conditions. In CAV, volume 4590 of LNCS, pages 145-157, 2007.
4. Parosh Aziz Abdulla, Noomene Ben Henda, Giorgio Delzanno, and Ahmed Rezine. Handling parameterized systems with non-atomic global conditions. In Proc. of VMCAI, volume 4905 of LNCS, pages 22-36, 2008.
5. Parosh Aziz Abdulla and Bengt Jonsson. Verifying programs with unreliable channels. Information and Computation, 127(2):91-101, 1996.
6. Parosh Aziz Abdulla and Bengt Jonsson. Model checking of systems with many identical timed processes. Theoretical Computer Science, pages 241-264, 2003.
7. F. Alberti, S. Ghilardi, E. Pagani, S. Ranise, and G. P. Rossi. Automated Support for the Design and Validation of Fault Tolerant Parameterized Systems: a case study. In Proc. of AVOCS 10, Electr. Comm. of the EASST, 2010.
8. F. Alberti, S. Ghilardi, E. Pagani, S. Ranise, and G. P. Rossi. Brief Announcement: Automated Support for the Design and Validation of Fault Tolerant Parameterized Systemsa case study. In Proc. of DISC 10, number 6343 in LNCS, pages 392-394, 2010.
9. A. Armando, J. Mantovani, and L. Platania. Bounded Model Checking of Software using SMT Solvers instead of SAT Solvers. In Proc. of SPIN'06, number 3925 in LNCS, pages 146-162, 2006.
10. F. Baader and T. Nipkow. Term Rewriting and All That. Cambridge University Press, United Kingdom, 1998.
11. Franz Baader and Silvio Ghilardi. Connecting many-sorted theories. Journal of Symbolic Logic, 72:535-583, 2007.
12. Ittai Balaban, Yi Fang, Amir Pnueli, and Lenore Zuck. Iiv: An invisible invariant verifier. In Computer Aided Verification (CAV) 2005, 2005.
13. D. Beyer, T. A. Henzinger, R. Majumdar, and A. Rybalchenko. Invariant Synthesis for Combined Theories. In VMCAI'07, volume 4349 of LNCS, 2007.
14. N. Bjołrner, A. Browne, and Z. Manna. Automatic Generation of Invariants and Assertions. In Princi-ples and Practice of Constraint Programming - CP'95, First International Conference, CP'95, Cassis, France, volume 976 of LNCS, pages 589-623. Springer, 1995.
15. A. Bouajjani, P. Habermehl, Y. Yurski, and M. Sighireanu. Rewriting systems with data. In Proc. Of Symp. on Fund. of Comp. Th. (FCT 07), pages 1-22, 2007.
16. Aaron R. Bradley and Zohar Manna. Property-Directed Incremental Invariant Generation. Formal Aspects of Computing, 2009. To appear.
17. Aaron R. Bradley, Zohar Manna, and Henny B. Sipma. What's decidable about arrays? In Proc. Of VMCAI, volume 3855 of LNCS, pages 427-442, 2006.
18. T. Bultan, R. Gerber, and C. League. Composite model-checking: verification with type-specific symbolic representations. ACM Trans. on Soft. Eng. an Meth., 9(1):3-50, 2000.
19. T. Bultan, R. Gerber, and W. Pugh. Model-checking concurrent systems with unbounded integer variables: symbolic representations, approximations, and experimental results. ACM Trans. on Progr. Lang. and Sys., 21(4):747-789, 1999.
20. A. Carioni, S. Ghilardi, and S. Ranise. MCMT in the Land of Parametrized Timed Automata. In Proc. of VERIFY 10, 2010.
21. A. Chagrov and M. Zakharyaschev. Modal Logic. Clarendon Press, 1997.
22. Chen-Chung Chang and Jerome H. Keisler. Model Theory. North-Holland, Amsterdam-London, third edition, 1990.
23. L. de Moura and N. Bjołrner. Efficient e-matching for smt solvers. In Proc. of CADE, LNCS, 2007.
24. L. de Moura, H. Rueb, and M. Sorea. Lazy theorem proving for bounded model checking over infinite domains. In Proc. CADE, volume 2392 of LNCS, 2002.
25. D. Déeharbe and S. Ranise. Satis ability solving for software verification. Int. Journal on STTT, volume 11, number 3, 2009.
26. G. Delzanno. Automatic verification of parameterized cache coherence protocols. In Proc. of CAV, number 1855 in LNCS, 2000.
27. G. Delzanno, J. Esparza, and A. Podelski. Constraint-based analysis of broadcast protocols. In Proc. of CSL, volume 1683 of LNCS, pages 50-66, 1999.
28. G. Delzanno, J.-F. Raskin, and L. Van Begin. Towards the automated verification of multi-threaded java programs. In 8th Int. Conf. on TACAS, number 2280 in LNCS, 2002.
29. E. W. Dijkstra. Guarded commands, nondeterminacy and formal derivation of programs. Communications of the ACM, 18:453-457, 1975.
30. D. L. Dill and H. Wong-Toi. Verification of Real-Time Systems by Successive Over and Under Approximation. In Computer Aided Verification, 7th International Conference, Lièege, Belgium, volume 939 of LNCS, pages 409-422. Springer, 1995.
31. Bruno Dutertre and Leonardo De Moura. The yices smt solver. Technical report, Computer Science Laboratory, SRI International, 2006. Available at http://yices.csl.sri.com.
32. Herbert B. Enderton. A Mathematical Introduction to Logic. Academic Press, New York-London, 1972.
33. J. Esparza, A. Finkel, and R. Mayr. On the Verification of broadcast protocols. In Proc. of LICS, pages 352-359. IEEE Computer Society, 1999.
34. C. Flanagan and S. Qadeer. Predicate abstraction for software Verification. In Proc. of POPL'02, pages 191-202. ACM, 2002.
35. J. Gallier. What's so Special about Kruskal's Theorem and the Ordinal I0? A Survey of Some Results in Proof Theory. Annals of Pure and Applied Logic, 53:199-260, 1991.
36. Y. Ge, C. Barrett, and C. Tinelli. Solving quantified Verification conditions using satisfiability modulo theories. In Proc. of CADE-21, LNCS, 2007.
37. S. Ghilardi, E. Nicolini, S. Ranise, and D. Zucchelli. Towards SMT Model-Checking of Array-based Systems. In Proc. of IJCAR, LNCS, 2008. Extended version available online as Tech. Report RI318-08 at http://homes.dsi.unimi.it/~zucchell/publications/techreport/GhiNiRaZu-RI318-08.pdf.
38. S. Ghilardi and S. Ranise. A Note on the Stopping Failures Models. 2009. Unpublished Draft, available from mcmt web site.
39. S. Ghilardi and S. Ranise. Goal Directed Invariant Synthesis for Model Checking Modulo Theories. In (TABLEAUX 09), LNAI, pages 173-188. Springer, 2009.
40. S. Ghilardi and S. Ranise. Model Checking Modulo Theory at work: the integration of Yices in MCMT. In AFM 09 (co-located with CAV09), 2009.
41. S. Ghilardi and S. Ranise. MCMT: a Model Checker Modulo Theories. In Proc. of IJCAR'10, LNCS, 2010. To appear.
42. S. Ghilardi, S. Ranise, and T. Valsecchi. Light-Weight SMT-based Model-Checking. In Proc. of AVOCS 07-08, ENTCS, 2008.
43. D. Gopan, T. Reps, and M. Sagiv. Numeric analysis of array operations. In Conference Record of the Thirty-Second ACM Symposium on Principles of Programming Languages, (Long Beach, CA), 338-350, 2005.
44. S. Graf and H. Saïdi. Construction of abstract state graphs with PVS. In Proc. of CAV 1997, volume 1254 of LNCS. Springer, 1997.
45. T. A. Henzinger, P.-H. Ho, and H. Wong-Toi. HYTECH: A Model Checker for Hybrid Systems. In Computer Aided Verification, 9th International Conference, CAV '97, Haifa, Israel, volume 1254 of LNCS, pages 460-463. Springer, 1997.
46. S. K. Lahiri and R. E. Bryant. Predicate abstraction with indexed predicates. ACM Transactions on Computational Logic (TOCL), 9(1), 2007.
47. Nancy A. Lynch. Distributed Algorithms. Morgan Kaufmann, 1996.
48. A. Rezine P. A. Abdulla, G. Delzanno. Approximated context-sensitive analysis for parametrized veri-fication. In Proc. of FORTE 09, LNCS, 2009.
49. S. Park and D. L. Dill. Verification of FLASH Cache Coherence Protocol by Aggregation of Distributed Transactions. In Proceedings of the 8th Annual ACM Symposium on Parallel Algorithms and Archi-tectures, pages 288-296. ACM Press, 1996.
50. Schnoebelen Philippe. Verifying lossy channel systems has nonprimitive recursive complexity. Informa-tion Processing Letters, 83(5):251-261, 2002.
51. A. Pnueli, S. Ruath, and L. D. Zuck. Automatic deductive Verification with invisible invariants. In Proc. of TACAS 2001, volume 2031 of LNCS, 2001.
52. S. Ranise and C. Tinelli. The SMT-LIB Standard: Version 1.2. Technical report, Dep. of Comp. Science, Iowa, 2006. Available at http://www.SMT-LIB.org/papers.
53. Silvio Ranise and Cesare Tinelli. The SMT-LIB standard: Version 1.2. Technical report, 2006. Available at http://combination.cs.uiowa.edu/smtlib/papers/format-v1.2-r06.08.30.pdf.
54. A. W. Roscoe, R. S. Lazic, and T. C. Newcomb. On model checking data-independent systems with arrays without reset. Theory and Practice of Logic Programming, pages 659-693, 2004.
55. A. W. Roscoe, R. S. Lazic, and Tom Newcomb. On model checking data-independent systems with arrays with whole-array operations. In Communicating Sequential Processes. Springer LNCS, 2005.
56. T. Rybina and A. Voronkov. Using canonical representations of solutions to speed up infinite-state model checking. In Proc. of CAV, number 2404 in LNCS, 2002.