Skip to main content
Book cover

International Conference on Tools and Algorithms for the Construction and Analysis of Systems

TACAS 2021: Tools and Algorithms for the Construction and Analysis of Systems pp 113–132Cite as

Counterexample-Guided Prophecy for Model Checking Modulo the Theory of Arrays

Part of the Lecture Notes in Computer Science book series (LNTCS,volume 12651)

Abstract

We develop a framework for model checking infinite-state systems by automatically augmenting them with auxiliary variables, enabling quantifier-free induction proofs for systems that would otherwise require quantified invariants. We combine this mechanism with a counterexample-guided abstraction refinement scheme for the theory of arrays. Our framework can thus, in many cases, reduce inductive reasoning with quantifiers and arrays to quantifier-free and array-free reasoning. We evaluate the approach on a wide set of benchmarks from the literature. The results show that our implementation often outperforms state-of-the-art tools, demonstrating its practical potential.

Download conference paper PDF

References

  1. Abadi, M., Lamport, L.: The existence of refinement mappings. In: Proceedings of the 3rd Annual Symposium on Logic in Computer Science. pp. 165–175 (July 1988), https://www.microsoft.com/en-us/research/publication/the-existence-of-refinement-mappings/, lICS 1988 Test of Time Award

  2. Alberti, F., Bruttomesso, R., Ghilardi, S., Ranise, S., Sharygina, N.: SAFARI: smt-based abstraction for arrays with interpolants. In: CAV. Lecture Notes in Computer Science, vol. 7358, pp. 679–685. Springer (2012)

    Google Scholar 

  3. Alberti, F., Ghilardi, S., Sharygina, N.: Booster: An acceleration-based verification framework for array programs. In: ATVA. Lecture Notes in Computer Science, vol. 8837, pp. 18–23. Springer (2014)

    Google Scholar 

  4. Alur, R., Bodík, R., Dallal, E., Fisman, D., Garg, P., Juniwal, G., Kress-Gazit, H., Madhusudan, P., Martin, M.M.K., Raghothaman, M., Saha, S., Seshia, S.A., Singh, R., Solar-Lezama, A., Torlak, E., Udupa, A.: Syntax-guided synthesis. In: Dependable Software Systems Engineering, NATO Science for Peace and Security Series, D: Information and Communication Security, vol. 40, pp. 1–25. IOS Press (2015)

    Google Scholar 

  5. Barrett, C., Conway, C.L., Deters, M., Hadarean, L., Jovanović, D., King, T., Reynolds, A., Tinelli, C.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) Proceedings of the 23rd International Conference on Computer Aided Verification (CAV ’11). Lecture Notes in Computer Science, vol. 6806, pp. 171–177. Springer (Jul 2011), http://www.cs.stanford.edu/~barrett/pubs/BCD+11.pdf, snowbird, Utah

  6. Barrett, C., Fontaine, P., Tinelli, C.: The Satisfiability Modulo Theories Library (SMT-LIB). www.SMT-LIB.org (2016)

    Google Scholar 

  7. Barrett, C.W., Tinelli, C.: Satisfiability modulo theories. In: Handbook of Model Checking, pp. 305–343. Springer (2018)

    Google Scholar 

  8. Beyer, D.: Software verification with validation of results - (report on SV-COMP 2017). In: TACAS (2). Lecture Notes in Computer Science, vol. 10206, pp. 331–349 (2017)

    Google Scholar 

  9. Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without bdds. In: Cleaveland, W.R. (ed.) Tools and Algorithms for the Construction and Analysis of Systems. pp. 193–207. Springer Berlin Heidelberg, Berlin, Heidelberg (1999)

    Google Scholar 

  10. Bjesse, P.: Word-level sequential memory abstraction for model checking. In: 2008 Formal Methods in Computer Aided Design. pp. 1–9 (Nov 2008). https://doi.org/10.1109/FMCAD.2008.ECP.20

  11. Bjørner, N., Gurfinkel, A., McMillan, K.L., Rybalchenko, A.: Horn clause solvers for program verification. In: Fields of Logic and Computation II. Lecture Notes in Computer Science, vol. 9300, pp. 24–51. Springer (2015)

    Google Scholar 

  12. Bradley, A.R.: Sat-based model checking without unrolling. In: VMCAI. Lecture Notes in Computer Science, vol. 6538, pp. 70–87. Springer (2011)

    Google Scholar 

  13. Bradley, A.R., Manna, Z., Sipma, H.B.: What’s decidable about arrays? In: Emerson, E.A., Namjoshi, K.S. (eds.) Verification, Model Checking, and Abstract Interpretation. pp. 427–442. Springer Berlin Heidelberg, Berlin,Heidelberg (2006)

    Google Scholar 

  14. Brummayer, R., Biere, A.: Lemmas on demand for the extensional theory of arrays. In: Proceedings of the Joint Workshops of the 6th International Workshop on Satisfiability Modulo Theories and 1st International Workshop on Bit-Precise Reasoning. p. 6–11. SMT ’08/BPR ’08, Association for Computing Machinery, New York, NY, USA (2008). https://doi.org/10.1145/1512464.1512467, https://doi.org/10.1145/1512464.1512467

  15. Bueno, D., Cox, A., Sakallah, K.: Euficient reachability for software with arrays. In: Formal Methods in Computer Aided Design (2020)

    Google Scholar 

  16. Chen, Y., Kovács, L., Robillard, S.: Theory-specific reasoning about loops with arrays using vampire. In: Vampire@IJCAR. EPiC Series in Computing, vol. 44, pp. 16–32. EasyChair (2016)

    Google Scholar 

  17. Christ, J., Hoenicke, J.: Weakly equivalent arrays. In: Lutz, C., Ranise, S. (eds.) Frontiers of Combining Systems. pp. 119–134. Springer International Publishing, Cham (2015)

    Google Scholar 

  18. Cimatti, A., Griggio, A., Irfan, A., Roveri, M., Sebastiani, R.: Incremental linearization for satisfiability and verification modulo nonlinear arithmetic and transcendental functions. ACM Trans. Comput. Log. 19(3), 19:1–19:52 (2018)

    Google Scholar 

  19. Cimatti, A., Griggio, A., Micheli, A., Narasamdya, I., Roveri, M.: Kratos - A software model checker for systemc. In: CAV. Lecture Notes in Computer Science, vol. 6806, pp. 310–316. Springer (2011)

    Google Scholar 

  20. Cimatti, A., Griggio, A., Mover, S., Tonetta, S.: Infinite-state invariant checking with IC3 and predicate abstraction. Formal Methods in System Design 49(3), 190–218 (2016)

    Google Scholar 

  21. Cimatti, A., Griggio, A., Schaafsma, B., Sebastiani, R.: The MathSAT5 SMT Solver. In: Piterman, N., Smolka, S. (eds.) Proceedings of TACAS. LNCS, vol. 7795. Springer (2013)

    Google Scholar 

  22. Cimatti, A., Griggio, A., Sebastiani, R.: Computing small unsatisfiable cores in satisfiability modulo theories. J. Artif. Intell. Res. 40, 701–728 (2011)

    Google Scholar 

  23. Cimatti, A., Roveri, M., Griggio, A., Irfan, A.: Verification Modulo Theories. http://www.vmt-lib.org (2011)

    Google Scholar 

  24. Cohen, A., Namjoshi, K.S.: Local proofs for global safety properties. Formal Methods Syst. Des. 34(2), 104–125 (2009)

    Google Scholar 

  25. Conchon, S., Goel, A., Krstic, S., Majumdar, R., Roux, M.: Far-cubicle - A new reachability algorithm for cubicle. In: FMCAD. pp. 172–175. IEEE (2017)

    Google Scholar 

  26. Craig, W.: Linear reasoning. A new form of the herbrand-gentzen theorem. J. Symb. Log. 22(3), 250–268 (1957)

    Google Scholar 

  27. de Moura, L., Bjørner, N.: Generalized, efficient array decision procedures. In: 2009 Formal Methods in Computer-Aided Design. pp. 45–52 (Nov 2009). https://doi.org/10.1109/FMCAD.2009.5351142

  28. Fedyukovich, G.: Freqhorn implementation, https://github.com/grigoryfedyukovich/aeval/commit/f5cc11808c1b73886a4e7d5a71daeffb45470b9a

  29. Fedyukovich, G., Prabhu, S., Madhukar, K., Gupta, A.: Quantified invariants via syntax-guided synthesis. In: CAV (1). Lecture Notes in Computer Science, vol. 11561, pp. 259–277. Springer (2019)

    Google Scholar 

  30. Georgiou, P., Gleiss, B., Kovács, L.: Trace logic for inductive loop reasoning. In: Formal Methods in Computer Aided Design (2020)

    Google Scholar 

  31. Ghilardi, S., Ranise, S.: MCMT: A model checker modulo theories. In: Giesl, J., Hähnle, R. (eds.) Automated Reasoning. pp. 22–29. Springer Berlin Heidelberg, Berlin, Heidelberg (2010)

    Google Scholar 

  32. Goel, A., Krstić, S., Fuchs, A.: Deciding array formulas with frugal axiom instantiation. In: Proceedings of the Joint Workshops of the 6th International Workshop on Satisfiability Modulo Theories and 1st International Workshop on Bit-Precise Reasoning. p. 12–17. SMT ’08/BPR ’08, Association for Computing Machinery, New York, NY, USA (2008). https://doi.org/10.1145/1512464.1512468, https://doi.org/10.1145/1512464.1512468

  33. Goel, A., Krstic, S., Leslie, R., Tuttle, M.R.: Smt-based system verification with DVF. In: SMT@IJCAR. EPiC Series in Computing, vol. 20, pp. 32–43. EasyChair (2012)

    Google Scholar 

  34. Griggio, A.: Open-source ic3 modulo theories with implicit predicate abstraction. https://es-static.fbk.eu/people/griggio/ic3ia/index.html (Accessed 2020), https://es-static.fbk.eu/people/griggio/ic3ia/index.html

  35. Gurfinkel, A., Kahsai, T., Komuravelli, A., Navas, J.A.: The seahorn verification framework. In: CAV (1). Lecture Notes in Computer Science, vol. 9206, pp. 343–361. Springer (2015)

    Google Scholar 

  36. Gurfinkel, A., Shoham, S., Meshman, Y.: Smt-based verification of parameterized systems. In: SIGSOFT FSE. pp. 338–348. ACM (2016)

    Google Scholar 

  37. Gurfinkel, A., Shoham, S., Vizel, Y.: Quantifiers on demand. In: Lahiri, S.K., Wang, C. (eds.) Automated Technology for Verification and Analysis. pp. 248–266. Springer International Publishing, Cham (2018)

    Google Scholar 

  38. Hyberts, S.H., Jensen, P.G., Neele, T.: Tacas 21 artifact evaluation vm - ubuntu 20.04 lts (Sep 2020). https://doi.org/10.5281/zenodo.4041464

  39. Kahsai, T., Kersten, R., Rümmer, P., Schäf, M.: Quantified heap invariants for object-oriented programs. In: LPAR. EPiC Series in Computing, vol. 46, pp. 368–384. EasyChair (2017)

    Google Scholar 

  40. Komuravelli, A., Gurfinkel, A., Chaki, S.: Smt-based model checking for recursive programs. In: Biere, A., Bloem, R. (eds.) Computer Aided Verification. pp. 17–34. Springer International Publishing, Cham (2014)

    Google Scholar 

  41. Kovács, L., Voronkov, A.: Finding loop invariants for programs over arrays using a theorem prover. In: FASE. Lecture Notes in Computer Science, vol. 5503, pp. 470–485. Springer (2009)

    Google Scholar 

  42. Kovács, L., Voronkov, A.: First-order theorem proving and vampire. In: CAV. Lecture Notes in Computer Science, vol. 8044, pp. 1–35. Springer (2013)

    Google Scholar 

  43. Krishnan, H.G.V., Gurfinkel, A.: Spacer CHC-COMP 2020 Submission (2020), https://www.starexec.org/starexec/secure/details/configuration.jsp?id=350966

  44. Kroening, D., Groce, A., Clarke, E.M.: Counterexample guided abstraction refinement via program execution. In: ICFEM. Lecture Notes in Computer Science, vol. 3308, pp. 224–238. Springer (2004)

    Google Scholar 

  45. Lahiri, S.K., Bryant, R.E.: Indexed predicate discovery for unbounded system verification. In: CAV. Lecture Notes in Computer Science, vol. 3114, pp. 135–147. Springer (2004)

    Google Scholar 

  46. Li, B., Tang, Z., Zhai, J., Zhao, J.: Automatic invariant synthesis for arrays in simple programs. In: 2016 IEEE International Conference on Software Quality, Reliability and Security (QRS). pp. 108–119 (Aug 2016). https://doi.org/10.1109/QRS.2016.23

  47. Ma, H., Goel, A., Jeannin, J., Kapritsos, M., Kasikci, B., Sakallah, K.A.: I4: incremental inference of inductive invariants for verification of distributed protocols. In: SOSP. pp. 370–384. ACM (2019)

    Google Scholar 

  48. Mann, M., Irfan, A.: Prophic3 prototype, https://github.com/makaimann/prophic3/commit/497e2fbfb813bcf0a2c3bcb5b55ad47b2a678611

  49. Mann, M., Irfan, A., Griggio, A., Padon, O., Barrett, C.: FigShare Artifact for Counterexample Guided Prophecy for Model Checking Modulo the Theory of Arrays, https://doi.org/10.6084/m9.figshare.13619096

  50. Mccarthy, J.: Towards a mathematical science of computation. In: In IFIP Congress. pp. 21–28. North-Holland (1962)

    Google Scholar 

  51. McMillan, K.L.: Quantified invariant generation using an interpolating saturation prover. In: Ramakrishnan, C.R., Rehof, J. (eds.) Tools and Algorithms for the Construction and Analysis of Systems. pp. 413–427. Springer Berlin Heidelberg, Berlin, Heidelberg (2008)

    Google Scholar 

  52. McMillan, K.L.: Eager abstraction for symbolic model checking. In: Chockler, H., Weissenbacher, G. (eds.) Computer Aided Verification. pp. 191–208. Springer International Publishing, Cham (2018)

    Google Scholar 

  53. Monniaux, D., Gonnord, L.: Cell morphing: From array programs to array-free horn clauses. In: SAS. Lecture Notes in Computer Science, vol. 9837, pp. 361–382. Springer (2016)

    Google Scholar 

  54. de Moura, L., Bjørner, N.: Z3: An efficient smt solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) Tools and Algorithms for the Construction and Analysis of Systems. pp. 337–340. Springer Berlin Heidelberg, Berlin, Heidelberg (2008)

    Google Scholar 

  55. Padon, O., Hoenicke, J., McMillan, K.L., Podelski, A., Sagiv, M., Shoham, S.: Temporal prophecy for proving temporal properties of infinite-state systems. In: 2018 Formal Methods in Computer Aided Design, FMCAD 2018, Austin, TX, USA, October 30 - November 2, 2018. pp. 1–11 (2018). https://doi.org/10.23919/FMCAD.2018.8603008, https://doi.org/10.23919/FMCAD.2018.8603008

  56. Polgreen, E., Seshia, S.A.: Synrg: Syntax guided synthesis of invariants with alternating quantifiers. CoRR abs/2007.10519 (2020)

    Google Scholar 

  57. Rümmer, P.: CHC COMP 2020. https://chc-comp.github.io/ (2020)

  58. Rümmer, P.: Competition Report: CHC-COMP-20 (2020), https://arxiv.org/abs/2008.02939

  59. Sheeran, M., Singh, S., Stålmarck, G.: Checking safety properties using induction and a sat-solver. In: FMCAD. Lecture Notes in Computer Science, vol. 1954, pp. 108–125. Springer (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Stanford University, Stanford, USA

    Makai Mann, Ahmed Irfan, Oded Padon & Clark Barrett

  2. Fondazione Bruno Kessler, Trento, Italy

    Alberto Griggio

  3. VMware Research, Palo Alto, USA

    Oded Padon

Authors
  1. Makai Mann
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ahmed Irfan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alberto Griggio
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Oded Padon
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Clark Barrett
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Makai Mann .

Editor information

Editors and Affiliations

  1. Eindhoven University of Technology, Eindhoven, The Netherlands

    Prof. Jan Friso Groote

  2. Aalborg University, Aalborg East, Denmark

    Prof. Kim Guldstrand Larsen

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and Permissions

Copyright information

© 2021 The Author(s)

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Mann, M., Irfan, A., Griggio, A., Padon, O., Barrett, C. (2021). Counterexample-Guided Prophecy for Model Checking Modulo the Theory of Arrays. In: Groote, J.F., Larsen, K.G. (eds) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 2021. Lecture Notes in Computer Science(), vol 12651. Springer, Cham. https://doi.org/10.1007/978-3-030-72016-2_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-72016-2_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-72015-5

  • Online ISBN: 978-3-030-72016-2

  • eBook Packages: Computer ScienceComputer Science (R0)