Rewriting Modulo SMT and Open System Analysis

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8663)

Abstract

This paper proposes rewriting modulo SMT, a new technique that combines the power of SMT solving, rewriting modulo theories, and model checking. Rewriting modulo SMT is ideally suited to model and analyze infinite-state open systems, i.e., systems that interact with a non-deterministic environment. Such systems exhibit both internal non-determinism, which is proper to the system, and external non-determinism, which is due to the environment. In a reflective formalism, such as rewriting logic, rewriting modulo SMT can be reduced to standard rewriting. Hence, rewriting modulo SMT naturally extends rewriting-based reachability analysis techniques, which are available for closed systems, to open systems. The proposed technique is illustrated with the formal analysis of a real-time system that is beyond the scope of timed-automata methods.

References

  1. 1.
    Althaus, E., Kruglov, E., Weidenbach, C.: Superposition modulo linear arithmetic SUP(LA). In: Ghilardi, S., Sebastiani, R. (eds.) FroCoS 2009. LNCS, vol. 5749, pp. 84–99. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Alur, R., Dill, D.L.: A theory of timed automata. Theor. Comput. Sci. 126(2), 183–235 (1994)MATHMathSciNetCrossRefGoogle Scholar
  3. 3.
    Armando, A., Mantovani, J., Platania, L.: Bounded model checking of software using SMT solvers instead of SAT solvers. In: Valmari, A. (ed.) SPIN 2006. LNCS, vol. 3925, pp. 146–162. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Arusoaie, A., Lucanu, D., Rusu, V.: A generic framework for symbolic execution. In: Erwig, M., Paige, R.F., Van Wyk, E. (eds.) SLE 2013. LNCS, vol. 8225, pp. 281–301. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  5. 5.
    Ayala-Rincón, M.: Expressiveness of conditional equational systems with built-in predicates. Ph.D. thesis, Universität Kaiserslauten (1993)Google Scholar
  6. 6.
    Baader, F., Nipkow, T.: Term Rewriting and All That. Cambridge University Press, Cambridge (1998)Google Scholar
  7. 7.
    Baader, F., Schulz, K.: Unification in the union of disjoint equational theories: combining decision procedures. J. Symb. Comput. 21, 211–243 (1996)MATHMathSciNetCrossRefGoogle Scholar
  8. 8.
    Bae, K., Escobar, S., Meseguer, J.: Abstract logical model checking of infinite-state systems using narrowing. In: van Raamsdonk, F. (ed.) RTA. LIPIcs, vol. 21, pp. 81–96. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Wadern (2013)Google Scholar
  9. 9.
    Bae, K., Rocha, C.: A note on symbolic reachability analysis modulo integer constraints for the CASH algorithm (2012). http://maude.cs.uiuc.edu/cases/scash
  10. 10.
    Bonacina, M.P., Lynch, C., de Moura, L.M.: On deciding satisfiability by theorem proving with speculative inferences. J. Autom. Reason. 47(2), 161–189 (2011)MATHCrossRefGoogle Scholar
  11. 11.
    Boudet, A.: Combining unification algorithms. J. Symb. Comp. 16(6), 597–626 (1993)MATHMathSciNetCrossRefGoogle Scholar
  12. 12.
    Bruni, R., Meseguer, J.: Semantic foundations for generalized rewrite theories. Theor. Comput. Sci. 360(1–3), 386–414 (2006)MATHMathSciNetCrossRefGoogle Scholar
  13. 13.
    Caccamo, M., Buttazzo, G.C., Sha, L.: Capacity sharing for overrun control. In: IEEE Real-Time Systems Symposium, pp. 295–304. IEEE Computer Society (2000)Google Scholar
  14. 14.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C. (eds.): All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007)MATHGoogle Scholar
  15. 15.
    Clavel, M., Meseguer, J., Palomino, M.: Reflection in membership equational logic, many-sorted equational logic, horn logic with equality, and rewriting logic. Theor. Comput. Sci. 373(1–2), 70–91 (2007)MATHMathSciNetCrossRefGoogle Scholar
  16. 16.
    Falke, S., Kapur, D.: Operational termination of conditional rewriting with built-in numbers and semantic data structures. ENTCS 237, 75–90 (2009)Google Scholar
  17. 17.
    Falke, S., Kapur, D.: Rewriting induction + linear arithmetic = decision procedure. In: Gramlich, B., Miller, D., Sattler, U. (eds.) IJCAR 2012. LNCS, vol. 7364, pp. 241–255. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Ganai, M., Gupta, A.: Accelerating high-level bounded model checking. In: ICCAD, pp. 794–801. ACM (2006)Google Scholar
  19. 19.
    Goguen, J.A., Meseguer, J.: Order-sorted algebra I: equational deduction for multiple inheritance, overloading, exceptions and partial operations. Theor. Comput. Sci. 105(2), 217–273 (1992)MATHMathSciNetCrossRefGoogle Scholar
  20. 20.
    Kirchner, H., Ringeissen, C.: Combining symbolic constraint solvers on algebraic domains. J. Symb. Comput. 18(2), 113–155 (1994)MATHMathSciNetCrossRefGoogle Scholar
  21. 21.
    Kop, C., Nishida, N.: Term rewriting with logical constraints. In: Fontaine, P., Ringeissen, C., Schmidt, R.A. (eds.) FroCoS 2013. LNCS, vol. 8152, pp. 343–358. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  22. 22.
    Larsen, K.G., Pettersson, P., Yi, W.: Uppaal in a nutshell. STTT 1(1–2), 134–152 (1997)MATHCrossRefGoogle Scholar
  23. 23.
    Lucanu, D., Şerbănuţă, T.F., Roşu, G.: \(\mathbb{K}\) framework distilled. In: Durán, F. (ed.) WRLA 2012. LNCS, vol. 7571, pp. 31–53. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  24. 24.
    Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. Theor. Comput. Sci. 96(1), 73–155 (1992)MATHMathSciNetCrossRefGoogle Scholar
  25. 25.
    Meseguer, J.: Membership algebra as a logical framework for equational specification. In: Parisi-Presicce, F. (ed.) WADT 1997. LNCS, vol. 1376, pp. 18–61. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  26. 26.
    Meseguer, J., Thati, P.: Symbolic reachability analysis using narrowing and its application to verification of cryptographic protocols. High.-Order Symb. Comput. 20(1–2), 123–160 (2007)MATHCrossRefGoogle Scholar
  27. 27.
    Milicevic, A., Kugler, H.: Model checking using SMT and theory of lists. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 282–297. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  28. 28.
    Nelson, G., Oppen, D.C.: Simplification by cooperating decision procedures. ACM Trans. Program. Lang. Syst. 1(2), 245–257 (1979)MATHCrossRefGoogle Scholar
  29. 29.
    Nieuwenhuis, R., Oliveras, A., Tinelli, C.: Solving SAT and SAT modulo theories: from an abstract Davis-Putnam-Logemann-Loveland procedure to DPLL(t). J. ACM 53(6), 937–977 (2006)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Ölveczky, P.C., Caccamo, M.: Formal simulation and analysis of the CASH scheduling algorithm in real-time Maude. In: Baresi, L., Heckel, R. (eds.) FASE 2006. LNCS, vol. 3922, pp. 357–372. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  31. 31.
    Ölveczky, P.C., Meseguer, J.: Semantics and pragmatics of real-time Maude. High.-Order Symb. Comput. 20(1–2), 161–196 (2007)MATHCrossRefGoogle Scholar
  32. 32.
    Owre, S., Rushby, J.M., Shankar, N.: PVS: a prototype verification system. In: Kapur, D. (ed.) 11th International Conference on Automated Deduction (CADE). LNCS (LNAI), vol. 607, pp. 748–752. Springer, Saratoga, NY (1992)Google Scholar
  33. 33.
    Rocha, C.: Symbolic reachability analysis for rewrite theories. Ph.D. thesis, University of Illinois at Urbana-Champaign (2012)Google Scholar
  34. 34.
    Rocha, C., Meseguer, J., Muñoz, C.: Rewriting modulo SMT. Technical Memorandum NASA/TM-2013-218033, NASA, Langley Research Center, Hampton, VA, 23681–2199, USA, August 2013Google Scholar
  35. 35.
    Roşu, G., Ştefănescu, A.: Matching logic: a new program verification approach (NIER Track). In: ICSE’11: Proceedings of the 30th International Conference on Software Engineering, pp. 868–871. ACM (2011)Google Scholar
  36. 36.
    Veanes, M., Bjørner, N.S., Raschke, A.: An SMT approach to bounded reachability analysis of model programs. In: Suzuki, K., Higashino, T., Yasumoto, K., El-Fakih, K. (eds.) FORTE 2008. LNCS, vol. 5048, pp. 53–68. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  37. 37.
    Viry, P.: Equational rules for rewriting logic. TCS 285, 487–517 (2002)MATHMathSciNetCrossRefGoogle Scholar
  38. 38.
    Walter, D., Little, S., Myers, C.J.: Bounded model checking of analog and mixed-signal circuits using an SMT solver. In: Namjoshi, K.S., Yoneda, T., Higashino, T., Okamura, Y. (eds.) ATVA 2007. LNCS, vol. 4762, pp. 66–81. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  39. 39.
    Yovine, S.: Kronos: a verification tool for real-time systems. STTT 1(1–2), 123–133 (1997)MATHCrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland (outside the US) 2014

Authors and Affiliations

  1. 1.Escuela Colombiana de IngenieríaBogotáColombia
  2. 2.University of Illinois at Urbana-ChampaignUrbanaUSA
  3. 3.NASA Langley Research CenterHamptonUSA

Personalised recommendations