Guarded Terms for Rewriting Modulo SMT

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10487)

Abstract

Rewriting modulo SMT is a novel symbolic technique to model and analyze infinite-state systems that interact with a nondeterministic environment. It seamlessly combines rewriting modulo equational theories, SMT solving, and model checking. One of the main challenges of this technique is to cope with the symbolic state-space explosion problem. This paper presents guarded terms, an approach to deal with this problem for rewriting modulo SMT. Guarded terms can encode many symbolic states into one by using SMT constraints as part of the term structure. This approach enables the reduction of the symbolic state space by limiting branching due to concurrent computation, and the complexity and size of constraints by distributing them in the term structure. A case study of an unbounded and symbolic priority queue illustrates the approach.

References

  1. 1.
    Armando, A., Mantovani, J., Platania, L.: Bounded model checking of software using SMT solvers instead of SAT solvers. Softw. Tools Technol. Transf. 11(1), 69–83 (2009)CrossRefMATHGoogle Scholar
  2. 2.
    Bae, K., Escobar, S., Meseguer, J.: Abstract logical model checking of infinite-state systems using narrowing. In: RTA. LIPIcs, vol. 21, pp. 81–96. Schloss Dagstuhl (2013)Google Scholar
  3. 3.
    Bae, K., Ölveczky, P.C., Meseguer, J.: Definition, semantics, and analysis of Multirate Synchronous AADL. In: Jones, C., Pihlajasaari, P., Sun, J. (eds.) FM 2014. LNCS, vol. 8442, pp. 94–109. Springer, Cham (2014). doi:10.1007/978-3-319-06410-9_7 CrossRefGoogle Scholar
  4. 4.
    Bae, K., Ölveczky, P.C., Feng, T.H., Lee, E.A., Tripakis, S.: Verifying hierarchical Ptolemy II discrete-event models using Real-Time Maude. Sci. Comput. Program. 77(12), 1235–1271 (2012)CrossRefMATHGoogle Scholar
  5. 5.
    Bae, K., Rocha, C.: A Note on Guarded Terms for Rewriting Modulo SMT, July 2017. http://sevlab.postech.ac.kr/~kmbae/rew-smt
  6. 6.
    Bruni, R., Meseguer, J.: Semantic foundations for generalized rewrite theories. Theoret. Comput. Sci. 360(1–3), 386–414 (2006)MathSciNetCrossRefMATHGoogle Scholar
  7. 7.
    Caccamo, M., Buttazzo, G., Sha, L.: Capacity sharing for overrun control. In: RTSS, pp. 295–304. IEEE (2000)Google Scholar
  8. 8.
    Cadar, C., Dunbar, D., Engler, D.R.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI, pp. 209–224 (2008)Google Scholar
  9. 9.
    Cadar, C., Sen, K.: Symbolic execution for software testing: three decades later. Commun. ACM 56(2), 82–90 (2013)CrossRefGoogle Scholar
  10. 10.
    Cimatti, A., Griggio, A.: Software model checking via IC3. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 277–293. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31424-7_23 CrossRefGoogle Scholar
  11. 11.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: All About Maude - A High-Performance Logical Framework: How to Specify, Program and Verify Systems in Rewriting Logic. LNCS, vol. 4350. Springer, Heidelberg (2007)MATHGoogle Scholar
  12. 12.
    Dowek, G., Muñoz, C., Rocha, C.: Rewriting logic semantics of a plan execution language. Electron. Proc. Theor. Comput. Sci. 18, 77–91 (2010)CrossRefGoogle Scholar
  13. 13.
    Lal, A., Qadeer, S., Lahiri, S.: Corral: a solver for reachability modulo theories. Technical report MSR-TR-2012-9, Microsoft Research, January 2012Google Scholar
  14. 14.
    Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. Theoret. Comput. Sci. 96(1), 73–155 (1992)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    Meseguer, J.: Twenty years of rewriting logic. J. Logic Algebraic Program. 81(7–8), 721–781 (2012)MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    Meseguer, J., Thati, P.: Symbolic reachability analysis using narrowing and its application to verification of cryptographic protocols. High.-Ord. Symbolic Comput. 20(1–2), 123–160 (2007)CrossRefMATHGoogle Scholar
  17. 17.
    Ölveczky, P.C., Caccamo, M.: Formal simulation and analysis of the CASH scheduling algorithm in Real-Time Maude. In: Baresi, L., Heckel, R. (eds.) FASE 2006. LNCS, vol. 3922, pp. 357–372. Springer, Heidelberg (2006). doi:10.1007/11693017_26 CrossRefGoogle Scholar
  18. 18.
    Rocha, C.: Symbolic Reachability Analysis for Rewrite Theories. Ph.D. thesis, University of Illinois, December 2012Google Scholar
  19. 19.
    Rocha, C., Meseguer, J., Muñoz, C.: Rewriting modulo SMT and open system analysis. J. Log. Algebraic Methods Program. 86(1), 269–297 (2017)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Pohang University of Science and TechnologyPohangSouth Korea
  2. 2.Pontificia Universidad JaverianaCaliColombia

Personalised recommendations