Results 1 
9 of
9
MCMT: A Model Checker Modulo Theories
 In Proc. of IJCAR 2010, LNCS
, 2010
"... Abstract. We describe mcmt, a fully declarative and deductive symbolic model checker for safety properties of infinite state systems whose state variables are arrays. Theories specify the properties of the indexes and the elements of the arrays. Sets of states and transitions of a system are descr ..."
Abstract

Cited by 20 (11 self)
 Add to MetaCart
(Show Context)
Abstract. We describe mcmt, a fully declarative and deductive symbolic model checker for safety properties of infinite state systems whose state variables are arrays. Theories specify the properties of the indexes and the elements of the arrays. Sets of states and transitions of a system are described by quantified firstorder formulae. The core of the system is a backward reachability procedure which symbolically computes preimages of the set of unsafe states and checks for safety and fixpoints by solving Satisfiability Modulo Theories (SMT) problems. Besides standard SMT techniques, efficient heuristics for quantifier instantiation, specifically tailored to model checking, are at the very heart of the system. mcmt has been successfully applied to the verification of imperative programs, parametrised, timed, and distributed systems. 1
Model Checking Modulo Theory at work: the intergration
 of Yices in MCMT. In AFM (colocated with CAV09
, 2009
"... Recently, the notion of an arraybased system has been introduced as an abstraction of infinite state systems (such as parametrised systems) which allows for model checking safety properties by SMT solving. Unfortunately, the use of quantified firstorder formulae to describe sets of states makes c ..."
Abstract

Cited by 7 (7 self)
 Add to MetaCart
(Show Context)
Recently, the notion of an arraybased system has been introduced as an abstraction of infinite state systems (such as parametrised systems) which allows for model checking safety properties by SMT solving. Unfortunately, the use of quantified firstorder formulae to describe sets of states makes checking for fixpoint and unsafety extremely expensive. In this paper, we describe (static and dynamic) techniques to overcome this problem which have been implemented in the (declarative) model checker mcmt. We describe how such techniques have been combined with Yices (the backend SMT solver) and discuss some interesting experimental results.
Universal guards, relativization of quantifiers, and failure models in model checking modulo theories
 JSAT
, 2012
"... Model Checking Modulo Theories is a recent approach for the automated verification of safety properties of a class of infinite state systems manipulating arrays, called arraybased systems. The idea is to repeatedly compute preimages of a set of (unsafe) states by using certain classes of firstorde ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
(Show Context)
Model Checking Modulo Theories is a recent approach for the automated verification of safety properties of a class of infinite state systems manipulating arrays, called arraybased systems. The idea is to repeatedly compute preimages of a set of (unsafe) states by using certain classes of firstorder formulae representing sets of states and transitions, and then reduce fixpoint checks to Satisfiability Modulo Theories problems. Unfortunately, if the guards contain universally quantified index variables, the backward procedure cannot be fully automated. In this paper, we overcome the problem by describing a syntactic transformation on arraybased systems, which can be seen as an instance of the wellknown operation of relativization of quantifiers in firstorder logic. Interestingly, when specifying and verifying distributed systems, the proposed syntactic transformation can be interpreted as the adoption of the crashfailure model, which is wellknown in the literature of faulttolerant systems. By eliminating universal quantifiers from guards, the transformation significantly extends the scope of applicability of the symbolic backward reachability procedure. To provide empirical evidence of this claim, we discuss our findings in applying the proposed technique to a significant casestudy in the verification of some classical algorithms for reliable broadcast.
Automated Support for the Design and Validation of Fault Tolerant Parameterized Systems: a case study
"... Proceedings of the ..."
(Show Context)
Brief Announcement: Automated Support for the Design and Validation of Fault Tolerant Parameterized Systems—a case study
 In Proc. of DISC 10, number 6343 in LNCS
, 2010
"... Background and motivations. Algorithms for ensuring fault tolerance are key ingredients in many applications such as avionics and networking. There is an increasing demand to integrate (formal) validation in the design process of these algorithms as they are often part of safety critical systems. Wh ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Background and motivations. Algorithms for ensuring fault tolerance are key ingredients in many applications such as avionics and networking. There is an increasing demand to integrate (formal) validation in the design process of these algorithms as they are often part of safety critical systems. When validation fails, the designer would benefit from tracking the sequence of events that led to an incorrect state to recover the error. To productively integrate formal verification in the design phase, tools should be able to return such error traces. Fault tolerant algorithms are often parametric, which makes their automated verification a daunting task. Indeed, checking that an algorithm satisfies a certain property requires to prove it for any number of processes. Contributions. We propose the use of an infinite state model checker for safety properties, called mcmt [3]
CC © Creative Commons
, 2010
"... Vol. 6 (4:10) 2010, pp. 1–48 www.lmcsonline.org ..."
(Show Context)
International Journal of Foundations of Computer Science c © World Scientific Publishing Company AUTOMATED TERMINATION IN MODELCHECKING MODULO THEORIES
, 2012
"... Communicated by (xxxxxxxxxx) We identify sufficient conditions to automatically establish the termination of a backward reachability procedure for infinite state systems by using wellquasiorderings. Besides showing that backward reachability succeeds on many instances of problems covered by genera ..."
Abstract
 Add to MetaCart
(Show Context)
Communicated by (xxxxxxxxxx) We identify sufficient conditions to automatically establish the termination of a backward reachability procedure for infinite state systems by using wellquasiorderings. Besides showing that backward reachability succeeds on many instances of problems covered by general termination results, we argue that it could predict termination also on interesting instances of the reachability problem that are outside the scope of applicability of such general results. We work in the declarative framework of Model Checking Modulo Theories that permits us to exploit recent advances in Satisfiability Modulo Theories solving and modeltheoretic notions of firstorder logic.
A Note on the Stopping Failures Models
"... Abstract. We investigate the introduction of the stopping failures model in order to treat universal guards in transitions of arraybased systems. We conclude by some remarks explaining how the stopping failures model is implemented in the tool mcmt. 1 ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We investigate the introduction of the stopping failures model in order to treat universal guards in transitions of arraybased systems. We conclude by some remarks explaining how the stopping failures model is implemented in the tool mcmt. 1
MCMT v1.1.1 User Manual
, 2011
"... This document is addressed to MCMT users: it explain from the beginning MCMT input specifications and illustrate some common settings and heuristics. Advices for the formalization of some useful classes of examples are also supplied. This is a draft, subject to modifications and updates. 1 ..."
Abstract
 Add to MetaCart
This document is addressed to MCMT users: it explain from the beginning MCMT input specifications and illustrate some common settings and heuristics. Advices for the formalization of some useful classes of examples are also supplied. This is a draft, subject to modifications and updates. 1