Results 1  10
of
68
Lazy Satisfiability Modulo Theories
 JOURNAL ON SATISFIABILITY, BOOLEAN MODELING AND COMPUTATION 3 (2007) 141Â224
, 2007
"... Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingl ..."
Abstract

Cited by 189 (50 self)
 Add to MetaCart
(Show Context)
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingly important due to its applications in many domains in different communities, in particular in formal verification. An amount of papers with novel and very efficient techniques for SMT has been published in the last years, and some very efficient SMT tools are now available. Typical SMT (T) problems require testing the satisfiability of formulas which are Boolean combinations of atomic propositions and atomic expressions in T, so that heavy Boolean reasoning must be efficiently combined with expressive theoryspecific reasoning. The dominating approach to SMT (T), called lazy approach, is based on the integration of a SAT solver and of a decision procedure able to handle sets of atomic constraints in T (Tsolver), handling respectively the Boolean and the theoryspecific components of reasoning. Unfortunately, neither the problem of building an efficient SMT solver, nor even that
Bounded model checking
, 2009
"... Besides Equivalence Checking [KK97, KPKG02] the most important industrial application of SAT is currently Bounded Model Checking (BMC) [BCCZ99]. Both techniques are used for formal hardware verification in the context of electronic design automation (EDA), but have successfully been applied to many ..."
Abstract

Cited by 165 (3 self)
 Add to MetaCart
Besides Equivalence Checking [KK97, KPKG02] the most important industrial application of SAT is currently Bounded Model Checking (BMC) [BCCZ99]. Both techniques are used for formal hardware verification in the context of electronic design automation (EDA), but have successfully been applied to many other domains as well. In this chapter, we focus on BMC. In practice, BMC is mainly used for falsification resp. testing, which is concerned with violations of temporal properties. However, the original paper on BMC [BCCZ99] already discussed extensions that can prove properties. A considerable part of this chapter discusses these complete extensions, which are often called “unbounded ” model checking techniques, even though they are build upon the same principles as plain BMC. Two further related applications, in which BMC becomes more and more important, are automatic test case generation for closing coverage holes, and disproving redundancy in designs. Most of the techniques discussed in this chapter transfer to this more general setting as well, even though our focus is on property
SATbased model checking without unrolling
 Proc. VMCAI’11
"... Abstract. A new form of SATbased symbolic model checking is described. Instead of unrolling the transition relation, it incrementally generates clauses that are inductive relative to (and augment) stepwise approximate reachability information. In this way, the algorithm gradually refines thepropert ..."
Abstract

Cited by 79 (4 self)
 Add to MetaCart
(Show Context)
Abstract. A new form of SATbased symbolic model checking is described. Instead of unrolling the transition relation, it incrementally generates clauses that are inductive relative to (and augment) stepwise approximate reachability information. In this way, the algorithm gradually refines theproperty,eventuallyproducingeither an inductivestrengthening of the property or a counterexample trace. Our experimental studies show that induction is a powerful tool for generalizing the unreachability of given error states: it can refine away many states at once, and it is effective at focusing the proof search on aspects of the transition system relevant to the property. Furthermore, the incremental structure of the algorithm lends itself to a parallel implementation. 1
Software Model Checking
"... Software model checking is the algorithmic analysis of programs to prove properties of their executions. It traces its roots to logic and theorem proving, both to provide the conceptual framework in which to formalize the fundamental questions and to provide algorithmic procedures for the analysis o ..."
Abstract

Cited by 52 (0 self)
 Add to MetaCart
Software model checking is the algorithmic analysis of programs to prove properties of their executions. It traces its roots to logic and theorem proving, both to provide the conceptual framework in which to formalize the fundamental questions and to provide algorithmic procedures for the analysis of logical questions. The undecidability theorem [Turing 1936] ruled out the possibility of a sound and complete algorithmic solution for any sufficiently powerful programming model, and even under restrictions (such as finite state spaces), the correctness problem remained computationally intractable. However, just because a problem is hard does not mean it never appears in practice. Also, just because the general problem is undecidable does not imply that specific instances of the problem will also be hard. As the complexity of software systems grew, so did the need for some reasoning mechanism about correct behavior. (While we focus here on analyzing the behavior of a program relative to given correctness specifications, the development of specification mechanisms happened in parallel, and merits a different survey.) Initially, the focus of program verification research was on manual reasoning, and
Generating Efficient Test Sets with a Model Checker
 In: 2nd International Conference on Software Engineering and Formal Methods
, 2004
"... It is wellknown that counterexamples produced by model checkers can provide a basis for automated generation of test cases. However, when this approach is used to meet a coverage criterion, it generally results in very inefficient test sets having many tests and much redundancy. We describe an impr ..."
Abstract

Cited by 46 (10 self)
 Add to MetaCart
It is wellknown that counterexamples produced by model checkers can provide a basis for automated generation of test cases. However, when this approach is used to meet a coverage criterion, it generally results in very inefficient test sets having many tests and much redundancy. We describe an improved approach that uses model checkers to generate efficient test sets. Furthermore, the generation is itself efficient, and is able to reach deep regions of the statespace. We have prototyped the approach using the model checkers of our SAL system and have applied it to modelbased designs developed in Stateflow. In one example, our method achieves complete state and transition coverage in a Stateflow model for the shift scheduler of a 4speed automatic transmission with a single test case.
Modeling and Verification of a FaultTolerant Realtime Startup Protocol using Calendar Automata
, 2004
"... We discuss the modeling and verification of realtime systems using the SAL model checker. A new modeling framework based on event calendars enables dense timed systems to be described without relying on continuously varying clocks. We present verification techniques that rely on induction and ab ..."
Abstract

Cited by 32 (2 self)
 Add to MetaCart
(Show Context)
We discuss the modeling and verification of realtime systems using the SAL model checker. A new modeling framework based on event calendars enables dense timed systems to be described without relying on continuously varying clocks. We present verification techniques that rely on induction and abstraction, and show how these techniques are e#ciently supported by the SAL symbolic modelchecking tools. The modeling and verification method is applied to the faulttolerant realtime startup protocol used in the Timed Triggered Architecture.
Checking safety by inductive generalization of counterexamples to induction
 Proc. FMCAD’07
"... Abstract—Scaling verification to large circuits requires some form of abstraction relative to the asserted property. We describe a safety analysis of finitestate systems that generalizes from counterexamples to the inductiveness of the safety specification to inductive invariants. It thus abstracts ..."
Abstract

Cited by 29 (8 self)
 Add to MetaCart
(Show Context)
Abstract—Scaling verification to large circuits requires some form of abstraction relative to the asserted property. We describe a safety analysis of finitestate systems that generalizes from counterexamples to the inductiveness of the safety specification to inductive invariants. It thus abstracts the system’s state space relative to the property. The analysis either strengthens a safety specification to be inductive or discovers a counterexample to its correctness. The analysis is easily made parallel. We provide experimental data showing how the analysis time decreases with the number of processes on several hard problems. I.
Linear encodings of bounded LTL model checking
 Logical Methods in Computer Science, 2(5):1–64, 2006. Matteo Pradella, Angelo Morzenti, and Pierluigi San Pietro
"... ABSTRACT. We consider the problem of bounded model checking (BMC) for linear temporal logic (LTL). We present several efficient encodings that have size linear in the bound. Furthermore, we show how the encodings can be extended to LTL with past operators (PLTL). The generalised encoding is still of ..."
Abstract

Cited by 28 (4 self)
 Add to MetaCart
(Show Context)
ABSTRACT. We consider the problem of bounded model checking (BMC) for linear temporal logic (LTL). We present several efficient encodings that have size linear in the bound. Furthermore, we show how the encodings can be extended to LTL with past operators (PLTL). The generalised encoding is still of linear size, but cannot detect minimal length counterexamples. By using the virtual unrolling technique minimal length counterexamples can be captured, however, the size of the encoding is quadratic in the specification. We also extend virtual unrolling to Büchi automata, enabling them to accept minimal length counterexamples. Our BMC encodings can be made incremental in order to benefit from incremental SAT technology. With fairly small modifications the incremental encoding can be further enhanced with a termination check, allowing us to prove properties with BMC. An analysis of the livenesstosafety transformation reveals many similarities to the BMC encodings in this paper. We conduct experiments to determine the advantage of employing dedicated BMC encodings for PLTL over combining more general but potentially less efficient approaches with BMC: the livenesstosafety transformation with invariant checking and Büchi automata with fair cycle detection.
The ICS Decision Procedures for Embedded Deduction
, 2004
"... Automated theorem proving... linear arithmetic, and lists. The ground (i.e., quantifierfree) fragment of many combinations is decidable when the fully quantified combination is not, and practical experience indicates that automation of the ground case is adequate for most applications. Practical ex ..."
Abstract

Cited by 28 (6 self)
 Add to MetaCart
Automated theorem proving... linear arithmetic, and lists. The ground (i.e., quantifierfree) fragment of many combinations is decidable when the fully quantified combination is not, and practical experience indicates that automation of the ground case is adequate for most applications. Practical experience also suggests several other desiderata for an effective deductive service. Some applications (e.g., construction of abstractions) invoke their deductive service a huge number of times in the course of a single calculation, so that performance of the service must be very good. Other applications such as proof search explore many variations on a formula (i.e., alternately asserting and denying various combinations of its premises), so the deductive service should not examine individual formulas in isolation, but should provide a rich application programming interface that supports incremental assertion, retraction, and querying of formulas. Other applications such as test case generation...
Scaling up the formal verification of Lustre programs with SMTbased techniques
 In FMCAD ’08
, 2008
"... We present a general approach for verifying safety properties of Lustre programs automatically. Key aspects of the approach are the choice of an expressive firstorder logic in which Lustre’s semantics is modeled very naturally, the tailoring to this logic of SATbased kinduction and abstraction t ..."
Abstract

Cited by 26 (4 self)
 Add to MetaCart
(Show Context)
We present a general approach for verifying safety properties of Lustre programs automatically. Key aspects of the approach are the choice of an expressive firstorder logic in which Lustre’s semantics is modeled very naturally, the tailoring to this logic of SATbased kinduction and abstraction techniques, and the use of SMT solvers to reason efficiently in this logic. We discuss initial experimental results showing that our implementation of the approach is highly competitive with existing verification solutions for Lustre. 1