Results 1  10
of
91
Lazy Satisfiability Modulo Theories
 JOURNAL ON SATISFIABILITY, BOOLEAN MODELING AND COMPUTATION 3 (2007) 141Â224
, 2007
"... Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingl ..."
Abstract

Cited by 189 (50 self)
 Add to MetaCart
(Show Context)
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingly important due to its applications in many domains in different communities, in particular in formal verification. An amount of papers with novel and very efficient techniques for SMT has been published in the last years, and some very efficient SMT tools are now available. Typical SMT (T) problems require testing the satisfiability of formulas which are Boolean combinations of atomic propositions and atomic expressions in T, so that heavy Boolean reasoning must be efficiently combined with expressive theoryspecific reasoning. The dominating approach to SMT (T), called lazy approach, is based on the integration of a SAT solver and of a decision procedure able to handle sets of atomic constraints in T (Tsolver), handling respectively the Boolean and the theoryspecific components of reasoning. Unfortunately, neither the problem of building an efficient SMT solver, nor even that
An interpolating theorem prover
 In TACAS
, 2004
"... Abstract. We present a method of deriving Craig interpolants from proofs in the quantifierfree theory of linear inequality and uninterpreted function symbols, and an interpolating theorem prover based on this method. The prover has been used for predicate refinement in the Blast software model chec ..."
Abstract

Cited by 101 (11 self)
 Add to MetaCart
(Show Context)
Abstract. We present a method of deriving Craig interpolants from proofs in the quantifierfree theory of linear inequality and uninterpreted function symbols, and an interpolating theorem prover based on this method. The prover has been used for predicate refinement in the Blast software model checker, and can also be used directly for model checking infinitestate systems, using interpolationbased image approximation. 1
A practical and complete approach to predicate refinement
 In Tools and Algorithms for the Construction and Analysis of Systems, LNCS 3920
, 2006
"... Abstract. Predicate abstraction is a method of synthesizing the strongest inductive invariant of a system expressible as a Boolean combination of a given set of atomic predicates. A predicate selection method can be said to be complete for a given theory if it is guaranteed to eventually find atomic ..."
Abstract

Cited by 84 (7 self)
 Add to MetaCart
(Show Context)
Abstract. Predicate abstraction is a method of synthesizing the strongest inductive invariant of a system expressible as a Boolean combination of a given set of atomic predicates. A predicate selection method can be said to be complete for a given theory if it is guaranteed to eventually find atomic predicates sufficient to prove a given property, when such exist. Current heuristics are incomplete, and often diverge on simple examples. We present a practical method of predicate selection that is complete in the above sense. The method is based on interpolation and uses a “split prover”, somewhat in the style of structurebased provers used in artificial intelligence. We show that it allows the verification of a variety of simple programs that cannot be verified by existing software model checkers. 1
Bounded model checking and induction: From refutation to verification (extended abstract, category A
 Proceedings of the 15th International Conference on Computer Aided Verification, CAV 2003, volume 2725 of Lecture Notes in Computer Science
"... Abstract. We explore the combination of bounded model checking and induction for proving safety properties of infinitestate systems. In particular, we define a general kinduction scheme and prove completeness thereof. A main characteristic of our methodology is that strengthened invariants are gen ..."
Abstract

Cited by 68 (8 self)
 Add to MetaCart
(Show Context)
Abstract. We explore the combination of bounded model checking and induction for proving safety properties of infinitestate systems. In particular, we define a general kinduction scheme and prove completeness thereof. A main characteristic of our methodology is that strengthened invariants are generated from failed kinduction proofs. This strengthening step requires quantifierelimination, and we propose a lazy quantifierelimination procedure, which delays expensive computations of disjunctive normal forms when possible. The effectiveness of induction based on bounded model checking and invariant strengthening is demonstrated using infinitestate systems ranging from communication protocols to timed automata and (linear) hybrid automata. 1 Introduction Bounded model checking (BMC) [5, 4, 7] is often used for refutation, where one systematically searches for counterexamples whose length is bounded by some integer k. The bound k is increased until a bug is found, or some precomputed completeness threshold is reached. Unfortunately, the computation of completeness thresholds is usually prohibitively expensive and these thresholds may be too large to effectively explore the associated bounded search space. In addition, such completeness thresholds do not exist for many infinitestate systems.
Efficient proof engines for bounded model checking of hybrid systems
 ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE
, 2005
"... In this paper we present HySAT, a bounded model checker for linear hybrid systems, incorporating a tight integration of a DPLL–based pseudo–Boolean SAT solver and a linear programming routine as core engine. In contrast to related tools like MathSAT, ICS, or CVC, our tool exploits the various opt ..."
Abstract

Cited by 56 (9 self)
 Add to MetaCart
In this paper we present HySAT, a bounded model checker for linear hybrid systems, incorporating a tight integration of a DPLL–based pseudo–Boolean SAT solver and a linear programming routine as core engine. In contrast to related tools like MathSAT, ICS, or CVC, our tool exploits the various optimizations that arise naturally in the bounded model checking context, e.g. isomorphic replication of learned conflict clauses or tailored decision strategies, and extends them to the hybrid domain. We demonstrate that those optimizations are crucial to the performance of the tool.
Software Model Checking
"... Software model checking is the algorithmic analysis of programs to prove properties of their executions. It traces its roots to logic and theorem proving, both to provide the conceptual framework in which to formalize the fundamental questions and to provide algorithmic procedures for the analysis o ..."
Abstract

Cited by 52 (0 self)
 Add to MetaCart
Software model checking is the algorithmic analysis of programs to prove properties of their executions. It traces its roots to logic and theorem proving, both to provide the conceptual framework in which to formalize the fundamental questions and to provide algorithmic procedures for the analysis of logical questions. The undecidability theorem [Turing 1936] ruled out the possibility of a sound and complete algorithmic solution for any sufficiently powerful programming model, and even under restrictions (such as finite state spaces), the correctness problem remained computationally intractable. However, just because a problem is hard does not mean it never appears in practice. Also, just because the general problem is undecidable does not imply that specific instances of the problem will also be hard. As the complexity of software systems grew, so did the need for some reasoning mechanism about correct behavior. (While we focus here on analyzing the behavior of a program relative to given correctness specifications, the development of specification mechanisms happened in parallel, and merits a different survey.) Initially, the focus of program verification research was on manual reasoning, and
SMTbased bounded model checking for embedded ANSIC software
 In Proc. ASE
, 2009
"... Propositional bounded model checking has been applied successfully to verify embedded software but is limited by the increasing propositional formula size and the loss of structure during the translation. These limitations can be reduced by encoding wordlevel information in theories richer than pro ..."
Abstract

Cited by 44 (9 self)
 Add to MetaCart
(Show Context)
Propositional bounded model checking has been applied successfully to verify embedded software but is limited by the increasing propositional formula size and the loss of structure during the translation. These limitations can be reduced by encoding wordlevel information in theories richer than propositional logic and using SMT solvers for the generated verification conditions. Here, we investigate the application of different SMT solvers to the verification of embedded software written in ANSIC. We have extended the encodings from previous SMTbased bounded model checkers to provide more accurate support for finite variables, bitvector operations, arrays, structures, unions and pointers. We have integrated the CVC3, Boolector, and Z3 solvers with the CBMC frontend and evaluated them using both standard software model checking benchmarks and typical embedded applications from telecommunications, control systems and medical devices. The experiments show that our approach can analyze larger problems and substantially reduce the verification time. 1.
The UCLID Decision Procedure
 In CAV’04
, 2004
"... UCLID is a tool for termlevel modeling and verification of infinitestate systems expressible in the logic of counter arithmetic with lambda expressions and uninterpreted functions (CLU). In this paper, we describe a key component of the tool, the decision procedure for CLU. ..."
Abstract

Cited by 42 (2 self)
 Add to MetaCart
(Show Context)
UCLID is a tool for termlevel modeling and verification of infinitestate systems expressible in the logic of counter arithmetic with lambda expressions and uninterpreted functions (CLU). In this paper, we describe a key component of the tool, the decision procedure for CLU.
Completeness and Complexity of Bounded Model Checking
, 2004
"... For every finite model M and an LTL property #, there exists a number CT (the Completeness Threshold) such that if there is no counterexample to # in M of length or less, then M #. Finding this number, if it is sufficiently small, offers a practical method for making Bounded Model Checking ..."
Abstract

Cited by 40 (4 self)
 Add to MetaCart
(Show Context)
For every finite model M and an LTL property #, there exists a number CT (the Completeness Threshold) such that if there is no counterexample to # in M of length or less, then M #. Finding this number, if it is sufficiently small, offers a practical method for making Bounded Model Checking complete. We describe how to compute an overapproximation to for a general LTL property using Büchi automata, following the VardiWolper LTL model checking framework. Based on