Counterexample-Guided Prophecy for Model Checking Modulo the Theory of Arrays

Mann, Makai; Irfan, Ahmed; Griggio, Alberto; Padon, Oded; Barrett, Clark

doi:10.1007/978-3-030-72016-2_7

Cited by 6 publications

(6 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although there are no quantifiers in the benchmarks themselves, most cannot be proved safe without strengthening the property with quantified invariants. We compare against: i) freqhorn [44], a state-of-the-art CHC solver for this type of problem; ii) prophic3 [8], a recent method that outperforms freqhorn [58]; and iii) nuXmv, which does not support quantified invariants, to illustrate that most of these benchmarks do require them; freqhorn takes the CHC format natively, and we used scripts from the ic3ia and nuXmv distributions to translate the CHC input to SMV and the Verification Modulo Theories (VMT) format [38] -an annotated SMT-LIB file representing a transition system -for the other tools. We ran Pono with Counterexample-Guided Prophecy using IC3IA as the underlying model checking technique.…”

Section: Discussionmentioning

confidence: 99%

“…Counterexample-Guided Prophecy. This CEGAR approach replaces array variables with initially memoryless variables of uninterpreted sort and replaces the select and store array operators with UFs [58]. Due to the array theory semantics, it is not always possible to remove spurious counterexamples with quantifierfree refinement axioms over existing variables.…”

Section: Counterexample-guided Abstraction Refinement (Cegar) Cegarmentioning

confidence: 99%

See 1 more Smart Citation

Pono: A Flexible and Extensible SMT-Based Model Checker

Mann

Irfan

Lonsing

et al. 2021

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Symbolic model checking is an important tool for finding bugs (or proving the absence of bugs) in modern system designs. Because of this, improving the ease of use, scalability, and performance of model checking tools and algorithms continues to be an important research direction. In service of this goal, we present , an open-source SMT-based model checker. is designed to be both a research platform for developing and improving model checking algorithms, as well as a performance-competitive tool that can be used for academic and industry verification applications. In addition to performance, prioritizes transparency (developed as an open-source project on GitHub), flexibility ( can be adapted to a variety of tasks by exploiting its general SMT-based interface), and extensibility (it is easy to add new algorithms and new back-end solvers). In this paper, we describe the design of the tool with a focus on the flexible and extensible architecture, cover its current capabilities, and demonstrate that is competitive with state-of-the-art tools.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Counterexample-guided Abstraction Refinement (Cegar) Cegarmentioning

confidence: 99%

Pono: A Flexible and Extensible SMT-Based Model Checker

Mann

Irfan

Lonsing

et al. 2021

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Abstraction-Based Techniques. Counterexample-guided abstraction refinement using prophecy variables for programs with arrays is proposed in [36]. Veri-Abs [1] uses a portfolio of techniques, specifically to identify loops that can be soundly abstracted by a bounded number of iterations.…”

Section: Related Workmentioning

confidence: 99%

Diffy: Inductive Reasoning of Array Programs Using Difference Invariants

Chakraborty

Gupta

Unadkat

2021

Computer Aided Verification

View full text Add to dashboard Cite

We present a novel verification technique to prove properties of a class of array programs with a symbolic parameter N denoting the size of arrays. The technique relies on constructing two slightly different versions of the same program. It infers difference relations between the corresponding variables at key control points of the joint control-flow graph of the two program versions. The desired post-condition is then proved by inducting on the program parameter N, wherein the difference invariants are crucially used in the inductive step. This contrasts with classical techniques that rely on finding potentially complex loop invaraints for each loop in the program. Our synergistic combination of inductive reasoning and finding simple difference invariants helps prove properties of programs that cannot be proved even by the winner of Arrays sub-category in SV-COMP 2021. We have implemented a prototype tool called Diffy to demonstrate these ideas. We present results comparing the performance of Diffy with that of state-of-the-art tools.

show abstract

“…Recently, the language has been adopted also by the AVR [11] model checker. VMT-LIB is also the native language of ic3ia [13], an efficient open-source model checker for invariant and LTL properties, as well as its recent extensions ProphIC3 [14] (for discovering universally quantified invariants over arrays) and Lambda [7] (for the verification of parametric systems).…”

Section: Vmt-lib Toolsmentioning

confidence: 99%

“…VMT-LIB is fully supported by the nuXmv [4] model checker, and it has been used as a benchmark format in several publications over the last few years (e.g. [6,14,11,7,5]).…”

Section: Introductionmentioning

confidence: 99%

The VMT-LIB Language and Tools

Cimatti,

Griggio,

Tonetta

2021

Preprint

Self Cite

View full text Add to dashboard Cite

We present VMT-LIB, a language for the representation of verification problems of linear-time temporal properties on infinite-state symbolic transition systems. VMT-LIB is an extension of the standard SMT-LIB language for SMT solvers, developed with the goal of facilitating the interoperability and exchange of benchmark problems among different verification tools. Besides describing its syntax and semantics, we also present a set of open-source tools to work with the language.

show abstract

Counterexample-Guided Prophecy for Model Checking Modulo the Theory of Arrays

Cited by 6 publications

References 48 publications

Pono: A Flexible and Extensible SMT-Based Model Checker

Pono: A Flexible and Extensible SMT-Based Model Checker

Diffy: Inductive Reasoning of Array Programs Using Difference Invariants

The VMT-LIB Language and Tools

Contact Info

Product

Resources

About