34,263 research outputs found
Interpolation Properties and SAT-based Model Checking
Craig interpolation is a widespread method in verification, with important
applications such as Predicate Abstraction, CounterExample Guided Abstraction
Refinement and Lazy Abstraction With Interpolants. Most state-of-the-art model
checking techniques based on interpolation require collections of interpolants
to satisfy particular properties, to which we refer as "collectives"; they do
not hold in general for all interpolation systems and have to be established
for each particular system and verification environment. Nevertheless, no
systematic approach exists that correlates the individual interpolation systems
and compares the necessary collectives. This paper proposes a uniform
framework, which encompasses (and generalizes) the most common collectives
exploited in verification. We use it for a systematic study of the collectives
and of the constraints they pose on propositional interpolation systems used in
SAT-based model checking
Safety Model Checking with Complementary Approximations
Formal verification techniques such as model checking, are becoming popular
in hardware design. SAT-based model checking techniques such as IC3/PDR, have
gained a significant success in hardware industry. In this paper, we present a
new framework for SAT-based safety model checking, named Complementary
Approximate Reachability (CAR). CAR is based on standard reachability analysis,
but instead of maintaining a single sequence of reachable- state sets, CAR
maintains two sequences of over- and under- approximate reachable-state sets,
checking safety and unsafety at the same time. To construct the two sequences,
CAR uses standard Boolean-reasoning algorithms, based on satisfiability
solving, one to find a satisfying cube of a satisfiable Boolean formula, and
one to provide a minimal unsatisfiable core of an unsatisfiable Boolean
formula. We applied CAR to 548 hardware model-checking instances, and compared
its performance with IC3/PDR. Our results show that CAR is able to solve 42
instances that cannot be solved by IC3/PDR. When evaluated against a portfolio
that includes IC3/PDR and other approaches, CAR is able to solve 21 instances
that the other approaches cannot solve. We conclude that CAR should be
considered as a valuable member of any algorithmic portfolio for safety model
checking
Interpolant-Based Transition Relation Approximation
In predicate abstraction, exact image computation is problematic, requiring
in the worst case an exponential number of calls to a decision procedure. For
this reason, software model checkers typically use a weak approximation of the
image. This can result in a failure to prove a property, even given an adequate
set of predicates. We present an interpolant-based method for strengthening the
abstract transition relation in case of such failures. This approach guarantees
convergence given an adequate set of predicates, without requiring an exact
image computation. We show empirically that the method converges more rapidly
than an earlier method based on counterexample analysis.Comment: Conference Version at CAV 2005. 17 Pages, 9 Figure
Spatial Interpolants
We propose Splinter, a new technique for proving properties of
heap-manipulating programs that marries (1) a new separation logic-based
analysis for heap reasoning with (2) an interpolation-based technique for
refining heap-shape invariants with data invariants. Splinter is property
directed, precise, and produces counterexample traces when a property does not
hold. Using the novel notion of spatial interpolants modulo theories, Splinter
can infer complex invariants over general recursive predicates, e.g., of the
form all elements in a linked list are even or a binary tree is sorted.
Furthermore, we treat interpolation as a black box, which gives us the freedom
to encode data manipulation in any suitable theory for a given program (e.g.,
bit vectors, arrays, or linear arithmetic), so that our technique immediately
benefits from any future advances in SMT solving and interpolation.Comment: Short version published in ESOP 201
Software Model Checking via Large-Block Encoding
The construction and analysis of an abstract reachability tree (ART) are the
basis for a successful method for software verification. The ART represents
unwindings of the control-flow graph of the program. Traditionally, a
transition of the ART represents a single block of the program, and therefore,
we call this approach single-block encoding (SBE). SBE may result in a huge
number of program paths to be explored, which constitutes a fundamental source
of inefficiency. We propose a generalization of the approach, in which
transitions of the ART represent larger portions of the program; we call this
approach large-block encoding (LBE). LBE may reduce the number of paths to be
explored up to exponentially. Within this framework, we also investigate
symbolic representations: for representing abstract states, in addition to
conjunctions as used in SBE, we investigate the use of arbitrary Boolean
formulas; for computing abstract-successor states, in addition to Cartesian
predicate abstraction as used in SBE, we investigate the use of Boolean
predicate abstraction. The new encoding leverages the efficiency of
state-of-the-art SMT solvers, which can symbolically compute abstract
large-block successors. Our experiments on benchmark C programs show that the
large-block encoding outperforms the single-block encoding.Comment: 13 pages (11 without cover), 4 figures, 5 table
- …