Guarded Terms for Rewriting Modulo SMT

  • Kyungmin BaeEmail author
  • Camilo Rocha
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10487)


Rewriting modulo SMT is a novel symbolic technique to model and analyze infinite-state systems that interact with a nondeterministic environment. It seamlessly combines rewriting modulo equational theories, SMT solving, and model checking. One of the main challenges of this technique is to cope with the symbolic state-space explosion problem. This paper presents guarded terms, an approach to deal with this problem for rewriting modulo SMT. Guarded terms can encode many symbolic states into one by using SMT constraints as part of the term structure. This approach enables the reduction of the symbolic state space by limiting branching due to concurrent computation, and the complexity and size of constraints by distributing them in the term structure. A case study of an unbounded and symbolic priority queue illustrates the approach.



The first author was supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (2016R1D1A1B03935275). The second author has been supported in part by the EPIC project funded by the Administrative Department of Science, Technology and Innovation of Colombia (Colciencias) under contract 233-2017.


  1. 1.
    Armando, A., Mantovani, J., Platania, L.: Bounded model checking of software using SMT solvers instead of SAT solvers. Softw. Tools Technol. Transf. 11(1), 69–83 (2009)CrossRefzbMATHGoogle Scholar
  2. 2.
    Bae, K., Escobar, S., Meseguer, J.: Abstract logical model checking of infinite-state systems using narrowing. In: RTA. LIPIcs, vol. 21, pp. 81–96. Schloss Dagstuhl (2013)Google Scholar
  3. 3.
    Bae, K., Ölveczky, P.C., Meseguer, J.: Definition, semantics, and analysis of Multirate Synchronous AADL. In: Jones, C., Pihlajasaari, P., Sun, J. (eds.) FM 2014. LNCS, vol. 8442, pp. 94–109. Springer, Cham (2014). doi: 10.1007/978-3-319-06410-9_7 CrossRefGoogle Scholar
  4. 4.
    Bae, K., Ölveczky, P.C., Feng, T.H., Lee, E.A., Tripakis, S.: Verifying hierarchical Ptolemy II discrete-event models using Real-Time Maude. Sci. Comput. Program. 77(12), 1235–1271 (2012)CrossRefzbMATHGoogle Scholar
  5. 5.
    Bae, K., Rocha, C.: A Note on Guarded Terms for Rewriting Modulo SMT, July 2017.
  6. 6.
    Bruni, R., Meseguer, J.: Semantic foundations for generalized rewrite theories. Theoret. Comput. Sci. 360(1–3), 386–414 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Caccamo, M., Buttazzo, G., Sha, L.: Capacity sharing for overrun control. In: RTSS, pp. 295–304. IEEE (2000)Google Scholar
  8. 8.
    Cadar, C., Dunbar, D., Engler, D.R.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI, pp. 209–224 (2008)Google Scholar
  9. 9.
    Cadar, C., Sen, K.: Symbolic execution for software testing: three decades later. Commun. ACM 56(2), 82–90 (2013)CrossRefGoogle Scholar
  10. 10.
    Cimatti, A., Griggio, A.: Software model checking via IC3. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 277–293. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-31424-7_23 CrossRefGoogle Scholar
  11. 11.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: All About Maude - A High-Performance Logical Framework: How to Specify, Program and Verify Systems in Rewriting Logic. LNCS, vol. 4350. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  12. 12.
    Dowek, G., Muñoz, C., Rocha, C.: Rewriting logic semantics of a plan execution language. Electron. Proc. Theor. Comput. Sci. 18, 77–91 (2010)CrossRefGoogle Scholar
  13. 13.
    Lal, A., Qadeer, S., Lahiri, S.: Corral: a solver for reachability modulo theories. Technical report MSR-TR-2012-9, Microsoft Research, January 2012Google Scholar
  14. 14.
    Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. Theoret. Comput. Sci. 96(1), 73–155 (1992)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Meseguer, J.: Twenty years of rewriting logic. J. Logic Algebraic Program. 81(7–8), 721–781 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Meseguer, J., Thati, P.: Symbolic reachability analysis using narrowing and its application to verification of cryptographic protocols. High.-Ord. Symbolic Comput. 20(1–2), 123–160 (2007)CrossRefzbMATHGoogle Scholar
  17. 17.
    Ölveczky, P.C., Caccamo, M.: Formal simulation and analysis of the CASH scheduling algorithm in Real-Time Maude. In: Baresi, L., Heckel, R. (eds.) FASE 2006. LNCS, vol. 3922, pp. 357–372. Springer, Heidelberg (2006). doi: 10.1007/11693017_26 CrossRefGoogle Scholar
  18. 18.
    Rocha, C.: Symbolic Reachability Analysis for Rewrite Theories. Ph.D. thesis, University of Illinois, December 2012Google Scholar
  19. 19.
    Rocha, C., Meseguer, J., Muñoz, C.: Rewriting modulo SMT and open system analysis. J. Log. Algebraic Methods Program. 86(1), 269–297 (2017)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Pohang University of Science and TechnologyPohangSouth Korea
  2. 2.Pontificia Universidad JaverianaCaliColombia

Personalised recommendations