MCMT: A Model Checker Modulo Theories
We describe mcmt, a fully declarative and deductive symbolic model checker for safety properties of infinite state systems whose state variables are arrays. Theories specify the properties of the indexes and the elements of the arrays. Sets of states and transitions of a system are described by quantified first-order formulae. The core of the system is a backward reachability procedure which symbolically computes pre-images of the set of unsafe states and checks for safety and fix-points by solving Satisfiability Modulo Theories (SMT) problems. Besides standard SMT techniques, efficient heuristics for quantifier instantiation, specifically tailored to model checking, are at the very heart of the system. mcmt has been successfully applied to the verification of imperative programs, parametrised, timed, and distributed systems.
Unable to display preview. Download preview PDF.
- 1.Abdulla, P.A., Cerans, K., Jonsson, B., Tsay, Y.-K.: General decidability theorems for infinite-state systems. In: LICS, pp. 313–321 (1996)Google Scholar
- 5.Flanagan, C., Qadeer, S.: Predicate abstraction for software verification. In: POPL, pp. 191–202. ACM, New York (2002)Google Scholar
- 8.Ghilardi, S., Ranise, S.: Model Checking Modulo Theory at work: the intergration of Yices in MCMT. In: AFM (co-located with CAV’09) (2009)Google Scholar
- 9.Ghilardi, S., Ranise, S., Valsecchi, T.: Light-Weight SMT-based Model-Checking. In: AVOCS 07-08, ENTCS (2008)Google Scholar
- 10.Graf, S., Saïdi, H.: Construction of abstract state graphs with PVS. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254. Springer, Heidelberg (1997)Google Scholar
- 11.Lahiri, S.K., Bryant, R.E.: Predicate abstraction with indexed predicates. ACM Transactions on Computational Logic (TOCL) 9(1) (2007)Google Scholar