Formal Methods in System Design

, Volume 49, Issue 3, pp 190–218 | Cite as

Infinite-state invariant checking with IC3 and predicate abstraction

  • Alessandro Cimatti
  • Alberto Griggio
  • Sergio Mover
  • Stefano Tonetta
Article

Abstract

We address the problem of verifying invariant properties on infinite-state systems. We present a novel approach, IC3ia, for generalizing the IC3 invariant checking algorithm from finite-state to infinite-state transition systems, expressed over some background theories. The procedure is based on a tight integration of IC3 with Implicit Abstraction, a form of predicate abstraction that expresses abstract paths without computing explicitly the abstract system. In this scenario, IC3 operates only at the Boolean level of the abstract state space, discovering inductive clauses over the abstraction predicates. Theory reasoning is confined within the underlying SMT solver, and applied transparently when performing satisfiability checks. When the current abstraction allows for a spurious counterexample, it is refined by discovering and adding a sufficient set of new predicates. Importantly, this can be done in a completely incremental manner, without discarding the clauses found in the previous search. The proposed approach has two key advantages. First, unlike previous SMT generalizations of IC3, it allows to handle a wide range of background theories without relying on ad-hoc extensions, such as quantifier elimination or theory-specific clause generalization procedures, which might not always be available and are often highly inefficient. Second, compared to a direct exploration of the concrete transition system, the use of abstraction gives a significant performance improvement, as our experiments demonstrate.

Keywords

Model checking Infinite-state systems IC3 Predicate abstraction SMT Inductive invariants 

References

  1. 1.
    Ball T, Majumdar R, Millstein TD, Rajamani SK (2001) Automatic predicate abstraction of C programs. In: PLDI, pp. 203–213Google Scholar
  2. 2.
    Ball T, Podelski A, Rajamani SK (2002) Relative completeness of abstraction refinement for software model checking. In: Katoen JP, Stevens P (eds) TACS, LNCS, vol 2280. Springer, pp 158–172Google Scholar
  3. 3.
    Ball T, Podelski A, Rajamani SK (2003) Boolean and Cartesian abstraction for model checking C programs. STTT 5(1):49–58CrossRefMATHGoogle Scholar
  4. 4.
    Barrett CW, Sebastiani R, Seshia SA, Tinelli C (2009) Satisfiability modulo theories. In Handbook of satisfiability, vol 185. IOS Press, pp 825–885Google Scholar
  5. 5.
    Baumgartner J, Ivrii A, Matsliah A, Mony H (2012) IC3-guided abstraction. In: Formal methods in computer-aided design (FMCAD 2012). Cambridge, UK, pp 182–185, 22–25 October 2012Google Scholar
  6. 6.
    Beyer D (2013) Second competition on software verification—(Summary of SV-COMP 2013). In: TACAS, LNCS, vol 7795. Springer, pp 594–609Google Scholar
  7. 7.
    Biere A, Artho C, Schuppan V (2002) Liveness checking as safety checking. Electr Notes Theor Comput Sci 66(2):160–177CrossRefGoogle Scholar
  8. 8.
    Birgmeier J, Bradley AR, Weissenbacher G (2014) Counterexample to induction-guided abstraction-refinement (CTIGAR). In CAV, pp 831–848Google Scholar
  9. 9.
    Bjørner N, Gurfinkel A (2015) Property directed polyhedral abstraction. In VMCAI, pp 263–281Google Scholar
  10. 10.
  11. 11.
    Bradley A, Somenzi F, Hassan Z, Zhang Y (2011) An incremental approach to model checking progress properties. In: FMCADGoogle Scholar
  12. 12.
    Bradley AR (2011) SAT-based model checking without unrolling. In: VMCAI, LNCS, vol 6538. Springer, pp 70–87Google Scholar
  13. 13.
    Bradley AR, Manna Z (2007) Checking safety by inductive generalization of counterexamples to induction. In: FMCAD. IEEE Computer Society, pp 173–180Google Scholar
  14. 14.
    Cavada R, Cimatti A, Dorigatti M, Griggio A, Mariotti A, Micheli A, Mover S, Roveri M, Tonetta S (2014) The nuXmv symbolic model checker. In CAV, LNCS, vol 8559, pp 334–342Google Scholar
  15. 15.
    Cavada R, Cimatti A, Franzén A, Kalyanasundaram K, Roveri M, Shyamasundar RK (2007) Computing predicate abstractions by integrating BDDs and SMT solvers. In: FMCAD. IEEE Computer Society, pp 69–76Google Scholar
  16. 16.
    Chokler H, Ivrii A, Matsliah A, Moran S, Nevo Z (2011) Incremental formal verification of hardware. In: FMCADGoogle Scholar
  17. 17.
    Cimatti A, Franzén A, Griggio A, Kalyanasundaram K, Roveri M (2010) Tighter integration of BDDs and SMT for predicate abstraction. In: DATE. IEEE, pp 1707–1712Google Scholar
  18. 18.
    Cimatti A, Griggio A (2012) Software model checking via IC3. In: CAV, pp 277–293Google Scholar
  19. 19.
    Cimatti A, Griggio A, Mover S, Tonetta S (2014) IC3 modulo theories via implicit predicate abstraction. In: TACAS, pp 46–61Google Scholar
  20. 20.
    Cimatti A, Griggio A, Schaafsma B, Sebastiani R (2013) The MathSAT5 SMT solver. In: TACAS, LNCS, vol 7795. SpringerGoogle Scholar
  21. 21.
    Cimatti A, Griggio A, Sebastiani R (2010) Efficient generation of Craig interpolants in satisfiability modulo theories. ACM Trans Comput Log 12(1):7MathSciNetCrossRefMATHGoogle Scholar
  22. 22.
    Claessen K, Sörensson N (2012) A liveness checking algorithm that counts. In: FMCAD. IEEE, pp 52–59Google Scholar
  23. 23.
    Clarke EM, Grumberg O, Jha S, Lu Y, Veith H (2003) Counterexample-guided abstraction refinement for symbolic model checking. J ACM 50(5):752–794MathSciNetCrossRefMATHGoogle Scholar
  24. 24.
    Clarke EM, Grumberg O, Long DE (1994) Model checking and abstraction. ACM Trans Program Lang Syst 16(5):1512–1542CrossRefGoogle Scholar
  25. 25.
    Een N, Mishchenko A, Brayton R (2011) Efficient implementation of property-directed reachability. In: FMCADGoogle Scholar
  26. 26.
    Graf S, Saïdi H (1997) Construction of abstract state graphs with PVS. In: CAV, pp 72–83Google Scholar
  27. 27.
    Griggio A, Roveri M (2016) Comparing different variants of the IC3 algorithm for hardware model checking. IEEE Trans CAD Integr Circuits Syst 35(6):1026–1039Google Scholar
  28. 28.
    Gupta A, Rybalchenko A (2009) InvGen: An efficient invariant generator. In: CAV, LNCS, vol 5643. Springer, pp 634–640Google Scholar
  29. 29.
    Gupta A, Strichman O (2005) Abstraction refinement for bounded model checking. In: CAV, pp 112–124Google Scholar
  30. 30.
    Gurfinkel A, Ivrii A (2015) Pushing to the top. In: Formal methods in computer-aided design (FMCAD 2015) Austin, Texas, USA, pp 65–72, 27–30 September 2015Google Scholar
  31. 31.
    Hagen G, Tinelli C (2008) Scaling up the formal verification of lustre programs with SMT-based techniques. In: FMCAD. IEEE, pp 1–9Google Scholar
  32. 32.
    Hassan Z, Bradley AR, Somenzi F (2013) Better generalization in IC3. In: FMCAD. IEEE, pp 157–164Google Scholar
  33. 33.
    Henzinger TA, Jhala R, Majumdar R, McMillan KL (2004) Abstractions from proofs. In: POPL, pp 232–244Google Scholar
  34. 34.
    Henzinger TA, Jhala R, Majumdar R, Sutre G (2002) Lazy abstraction. In: POPL, pp 58–70Google Scholar
  35. 35.
    Hoder K, Bjørner N (2012) Generalized property directed reachability. In: SAT, pp 157–171Google Scholar
  36. 36.
    Isenberg T, Wehrheim H (2014) Timed automata verification via IC3 with zones. In: ICFEM, pp 203–218Google Scholar
  37. 37.
    Itzhaky S, Bjørner N, Reps TW, Sagiv M, Thakur AV (2014) Property-directed shape analysis. In: CAV, pp 35–51Google Scholar
  38. 38.
    Jain H, Kroening D, Sharygina N, Clarke EM (2005) Word level predicate abstraction and refinement for verifying RTL verilog. In: DAC, pp 445–450Google Scholar
  39. 39.
    Kahsai T, Tinelli C (2011) PKind: A parallel k-induction based model checker. In: PDMC, EPTCS, vol 72, pp 55–62Google Scholar
  40. 40.
    Karbyshev A, Bjørner N, Itzhaky S, Rinetzky N, Shoham S (2015) Property-directed inference of universal invariants or proving their absence. In: CAV, pp 583–602Google Scholar
  41. 41.
    Kindermann R, Junttila TA, Niemelä I (2012) SMT-based induction methods for timed systems. In: FORMATS, LNCS, vol 7595. Springer, pp 171–187Google Scholar
  42. 42.
    Kurshan RP (1994) Computer aided verification of coordinating processes. Princeton University Press, PrincetonMATHGoogle Scholar
  43. 43.
    Lahiri SK, Nieuwenhuis R, Oliveras A (2006) SMT techniques for fast predicate abstraction. In: CAV, pp 424–437Google Scholar
  44. 44.
    Lange T, Neuhäußer MR, Noll T (2015) IC3 software model checking on control flow automata. In: Formal methods in computer-aided design (FMCAD 2015) Austin, Texas, USA, pp 97–104, 27–30 September 2015Google Scholar
  45. 45.
    McMillan KL (2006) Lazy Abstraction with Interpolants. In: CAV, LNCS, vol 4144. Springer, pp 123–136Google Scholar
  46. 46.
    Sorensson N, Claessen K. Tip. https://github.com/niklasso/tip
  47. 47.
    Tonetta S (2009) Abstract model checking without computing the abstraction. In: FM, pp 89–105Google Scholar
  48. 48.
    Vizel Y, Grumberg O, Shoham S (2012) Lazy abstraction and SAT-based reachability in hardware model checking. In: FMCAD. IEEE, pp 173–181Google Scholar
  49. 49.
    Vizel Y, Gurfinkel A (2014) Interpolating property directed reachability. In: CAV, pp 260–276Google Scholar
  50. 50.
    Vizel Y, Weissenbacher G, Malik S (2015) Boolean satisfiability solvers and their applications in model checking. Proc IEEE 103(11):2021–2035Google Scholar
  51. 51.
    Welp T, Kuehlmann A (2013) QF_BV model checking with property directed reachability. In: DATE, pp 791–796Google Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  • Alessandro Cimatti
    • 1
  • Alberto Griggio
    • 1
  • Sergio Mover
    • 2
  • Stefano Tonetta
    • 1
  1. 1.Fondazione Bruno KesslerTrentoItaly
  2. 2.University of Colorado BoulderBoulderUSA

Personalised recommendations