Results 1  10
of
285
Lazy Satisfiability Modulo Theories
 JOURNAL ON SATISFIABILITY, BOOLEAN MODELING AND COMPUTATION 3 (2007) 141Â224
, 2007
"... Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingl ..."
Abstract

Cited by 189 (50 self)
 Add to MetaCart
(Show Context)
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingly important due to its applications in many domains in different communities, in particular in formal verification. An amount of papers with novel and very efficient techniques for SMT has been published in the last years, and some very efficient SMT tools are now available. Typical SMT (T) problems require testing the satisfiability of formulas which are Boolean combinations of atomic propositions and atomic expressions in T, so that heavy Boolean reasoning must be efficiently combined with expressive theoryspecific reasoning. The dominating approach to SMT (T), called lazy approach, is based on the integration of a SAT solver and of a decision procedure able to handle sets of atomic constraints in T (Tsolver), handling respectively the Boolean and the theoryspecific components of reasoning. Unfortunately, neither the problem of building an efficient SMT solver, nor even that
Picosat essentials
 Journal on Satisfiability, Boolean Modeling and Computation (JSAT
"... In this article we describe and evaluate optimized compact data structures for watching literals. Experiments with our SAT solver PicoSAT show that this lowlevel optimization not only saves memory, but also turns out to speed up the SAT solver considerably. We also discuss how to store proof traces ..."
Abstract

Cited by 140 (16 self)
 Add to MetaCart
(Show Context)
In this article we describe and evaluate optimized compact data structures for watching literals. Experiments with our SAT solver PicoSAT show that this lowlevel optimization not only saves memory, but also turns out to speed up the SAT solver considerably. We also discuss how to store proof traces compactly in memory and further unique features of PicoSAT including an aggressive restart schedule. Keywords: SAT solver, watched literals, occurrence lists, proof traces, restarts
Lazy abstraction with interpolants
 In Proc. CAV, LNCS 4144
, 2006
"... Abstract. We describe a model checker for infinitestate sequential programs, based on Craig interpolation and the lazy abstraction paradigm. On device driver benchmarks, we observe a speedup of up to two orders of magnitude relative to a similar tool using predicate abstraction. 1 ..."
Abstract

Cited by 127 (6 self)
 Add to MetaCart
(Show Context)
Abstract. We describe a model checker for infinitestate sequential programs, based on Craig interpolation and the lazy abstraction paradigm. On device driver benchmarks, we observe a speedup of up to two orders of magnitude relative to a similar tool using predicate abstraction. 1
An interpolating theorem prover
 In TACAS
, 2004
"... Abstract. We present a method of deriving Craig interpolants from proofs in the quantifierfree theory of linear inequality and uninterpreted function symbols, and an interpolating theorem prover based on this method. The prover has been used for predicate refinement in the Blast software model chec ..."
Abstract

Cited by 101 (11 self)
 Add to MetaCart
(Show Context)
Abstract. We present a method of deriving Craig interpolants from proofs in the quantifierfree theory of linear inequality and uninterpreted function symbols, and an interpolating theorem prover based on this method. The prover has been used for predicate refinement in the Blast software model checker, and can also be used directly for model checking infinitestate systems, using interpolationbased image approximation. 1
A practical and complete approach to predicate refinement
 In Tools and Algorithms for the Construction and Analysis of Systems, LNCS 3920
, 2006
"... Abstract. Predicate abstraction is a method of synthesizing the strongest inductive invariant of a system expressible as a Boolean combination of a given set of atomic predicates. A predicate selection method can be said to be complete for a given theory if it is guaranteed to eventually find atomic ..."
Abstract

Cited by 84 (7 self)
 Add to MetaCart
(Show Context)
Abstract. Predicate abstraction is a method of synthesizing the strongest inductive invariant of a system expressible as a Boolean combination of a given set of atomic predicates. A predicate selection method can be said to be complete for a given theory if it is guaranteed to eventually find atomic predicates sufficient to prove a given property, when such exist. Current heuristics are incomplete, and often diverge on simple examples. We present a practical method of predicate selection that is complete in the above sense. The method is based on interpolation and uses a “split prover”, somewhat in the style of structurebased provers used in artificial intelligence. We show that it allows the verification of a variety of simple programs that cannot be verified by existing software model checkers. 1
SATbased model checking without unrolling
 Proc. VMCAI’11
"... Abstract. A new form of SATbased symbolic model checking is described. Instead of unrolling the transition relation, it incrementally generates clauses that are inductive relative to (and augment) stepwise approximate reachability information. In this way, the algorithm gradually refines thepropert ..."
Abstract

Cited by 79 (4 self)
 Add to MetaCart
(Show Context)
Abstract. A new form of SATbased symbolic model checking is described. Instead of unrolling the transition relation, it incrementally generates clauses that are inductive relative to (and augment) stepwise approximate reachability information. In this way, the algorithm gradually refines theproperty,eventuallyproducingeither an inductivestrengthening of the property or a counterexample trace. Our experimental studies show that induction is a powerful tool for generalizing the unreachability of given error states: it can refine away many states at once, and it is effective at focusing the proof search on aspects of the transition system relevant to the property. Furthermore, the incremental structure of the algorithm lends itself to a parallel implementation. 1
Compositional MayMust Program Analysis: Unleashing the Power of Alternation
"... Program analysis tools typically compute two types of information: (1) may information that is true of all program executions and is used to prove the absence of bugs in the program, and (2) must information that is true of some program executions and is used to prove the existence of bugs in the pr ..."
Abstract

Cited by 63 (15 self)
 Add to MetaCart
(Show Context)
Program analysis tools typically compute two types of information: (1) may information that is true of all program executions and is used to prove the absence of bugs in the program, and (2) must information that is true of some program executions and is used to prove the existence of bugs in the program. In this paper, we propose a new algorithm, dubbed SMASH, which computes both may and must information compositionally. At each procedure boundary, may and must information is represented and stored as may and must summaries, respectively. Those summaries are computed in a demanddriven manner and possibly using summaries of the opposite type. We have implemented SMASH using predicate abstraction (as in SLAM) for the may part and using dynamic test generation (as in DART) for the must part. Results of experiments with 69 Microsoft Windows Vista device drivers show that SMASH can significantly outperform mayonly, mustonly and noncompositional maymust algorithms. Indeed, our empirical results indicate that most complex code fragments in large programs are actually often either easy to prove irrelevant to the specific property of interest using may analysis or easy to traverse using directed testing. The finegrained coupling and alternation of may (universal) and must (existential) summaries allows SMASH to easily navigate through these code fragments while traditional mayonly, mustonly or noncompositional maymust algorithms are stuck in their specific analyses. 1.
Array abstractions from proofs
 CAV, volume 4590 of LNCS
, 2007
"... Abstract. We present a technique for using infeasible program paths to automatically infer Range Predicates that describe properties of unbounded array segments. First, we build proofs showing the infeasibility of the paths, using axioms that precisely encode the highlevel (but informal) rules with ..."
Abstract

Cited by 56 (3 self)
 Add to MetaCart
Abstract. We present a technique for using infeasible program paths to automatically infer Range Predicates that describe properties of unbounded array segments. First, we build proofs showing the infeasibility of the paths, using axioms that precisely encode the highlevel (but informal) rules with which programmers reason about arrays. Next, we mine the proofs for Craig Interpolants which correspond to predicates that refute the particular counterexample path. By embedding the predicate inference technique within a CounterexampleGuided AbstractionRefinement (CEGAR) loop, we obtain a method for verifying datasensitive safety properties whose precision is tailored in a program and propertysensitive manner. Though the axioms used are simple, we show that the method suffices to prove a variety of arraymanipulating programs that were previously beyond automatic model checkers. 1
Quantified invariant generation using an interpolating saturation prover
 In TACAS
, 2008
"... Abstract. Interpolating provers have a variety of applications in verification, including invariant generation and abstraction refinement. Here, we extended these methods to produce universally quantified interpolants and invariants, allowing the verification of programs manipulating arrays and heap ..."
Abstract

Cited by 49 (4 self)
 Add to MetaCart
Abstract. Interpolating provers have a variety of applications in verification, including invariant generation and abstraction refinement. Here, we extended these methods to produce universally quantified interpolants and invariants, allowing the verification of programs manipulating arrays and heap data structures. We show how a paramodulationbased saturation prover, such as SPASS, can be modified in a simple way to produce a firstorder interpolating prover that is complete for universally quantified interpolants. Using a partial axiomatization of the theory of arrays with transitive closure, we show that the method can verify properties of simple programs manipulating arrays and linked lists. 1
FRAIGs: A unifying representation for logic synthesis and verification
, 2005
"... ANDINV graphs (AIGs) are Boolean networks composed of twoinput ANDgates and inverters. In the known applications, such as equivalence checking and technology mapping, AIGs are used to represent and manipulate Boolean functions. AIGs powered by simulation and Boolean satisfiability lead to function ..."
Abstract

Cited by 48 (13 self)
 Add to MetaCart
(Show Context)
ANDINV graphs (AIGs) are Boolean networks composed of twoinput ANDgates and inverters. In the known applications, such as equivalence checking and technology mapping, AIGs are used to represent and manipulate Boolean functions. AIGs powered by simulation and Boolean satisfiability lead to functionally reduced AIGs (FRAIGs), which are “semicanonical ” in the sense that each FRAIG node has unique functionality among all the nodes currently present in the FRAIG. The paper shows that FRAIGs can be used to unify and enhance many phases of logic synthesis: from the representation of the original and the intermediate netlists derived by logic optimization, through technology mapping over multiple logic structures, to combinational equivalence checking. Experimental results on large public benchmarks confirm the practicality of using FRAIGs throughout the logic synthesis flow. 1