An Infinite Needle in a Finite Haystack: Finding Infinite Counter-Models in Deductive Verification

First-order logic, and quantifiers in particular, are widely used in deductive verification. Quantifiers are essential for describing systems with unbounded domains, but prove difficult for automated solvers. Significant effort has been dedicated to finding quantifier instantiations that establish unsatisfiability, thus ensuring validity of a system's verification conditions. However, in many cases the formulas are satisfiable: this is often the case in intermediate steps of the verification process. For such cases, existing tools are limited to finding finite models as counterexamples. Yet, some quantified formulas are satisfiable but only have infinite models. Such infinite counter-models are especially typical when first-order logic is used to approximate inductive definitions such as linked lists or the natural numbers. The inability of solvers to find infinite models makes them diverge in these cases. In this paper, we tackle the problem of finding such infinite models. These models allow the user to identify and fix bugs in the modeling of the system and its properties. Our approach consists of three parts. First, we introduce symbolic structures as a way to represent certain infinite models. Second, we describe an effective model finding procedure that symbolically explores a given family of symbolic structures. Finally, we identify a new decidable fragment of first-order logic that extends and subsumes the many-sorted variant of EPR, where satisfiable formulas always have a model representable by a symbolic structure within a known family. We evaluate our approach on examples from the domains of distributed consensus protocols and of heap-manipulating programs. Our implementation quickly finds infinite counter-models that demonstrate the source of verification failures in a simple way, while SMT solvers and theorem provers such as Z3, cvc5, and Vampire diverge

Model checking infinite-state systems in CLP

The verification of safety and liveness properties for infinite-state systems is an important research problem. Can the well-established concepts and the existing technology for programming over constraints as first-class data structures contribute to this research? The work reported in this paper is a starting point for the experimental evaluation of constraint logic programming as a conceptual basis and practical implementation platform for model checking. We have implemented an automated verification method in CLP using real and boolean constraints. We have used the method on a number of infinite-state systems that model concurrent programs using integers or buffers. The basis of the correctness of our implementation is a formal connection between CLP programs and the formalism used for specifying concurrent systems

A Little Bit Infinite? On Adding Data to Finitely Labelled Structures (Abstract)

Finite or infinite strings or trees with labels from a finite alphabet play an important role in computer science. They can be used to model many interesting objects including system runs in Automated Verification and XML documents in Database Theory. They allow the application of formal tools like logical formulas to specify properties and automata for their implementation. In this framework, many reasoning tasks that are undecidable for general computational models can be solved algorithmically, sometimes even efficiently. Nevertheless, the use of finitely labelled structures usually requires an early abstraction from the real data. For example, theoretical research on XML processing very often con- centrates on the document structure (including labels) but ignores attribute or text values. While this abstraction has led to many interesting results, some aspects like key or other integrity constraints can not be adequately handled. In Automated Verification of software systems or communication protocols, infinite domains occur even more naturally, e.g., induced by program data, recursion, time, com- munication or by unbounded numbers of concurrent processes. Usually one approximates infinite domains by finite ones in a very early abstraction step. An alternative approach that has been investigated in recent years is to extend strings and trees by (a limited amount of) data and to use logical languages with a restricted ex- pressive power concerning this data. As an example, in the most simple setting, formulas can only test equality of data values. The driving goal is to identify logical languages and corresponding automata models which are strong enough to describe interesting proper- ties of data-enhanced structures while keeping decidability or even feasibility of automatic reasoning. The talk gives a basic introduction into data-enhanced finitely labelled structures, presents examples of their use, and highlights recent decidability and complexity results

infinite states verification in game-theoretic logics

Many practical problems where the environment is not in the system's control such as service orchestration and contingent and multi-agent planning can be modelled in game-theoretic logics. This thesis demonstrates that the verification techniques based on regression and fixpoint approximation introduced in De Giacomo, Lesperance and Pearce [DLP10] do work on several game-theoretic problems. De Giacomo, Lesperance and Pearce [DLP10] emphasize that their study is essentially theoretical and call for complementing their work with experimental studies to understand whether these techniques are effective in practical cases. Several example problems with varying properties have been developed and, although not exhaustive nor complete,, our results nevertheless demonstrate that the techniques work on some problems. Our results show that the methods introduced in [DLP10] work for infinite domains where very few verification methods are available and allow reasoning about a wide range of game problems. Our examples also demonstrate the use of a rich language for specifying temporal properties proposed in [DLP10]. While classical model checking is well known and utilized, it is mostly restricted to finite-state models. A important aspect of the work is the demonstration of the use and effectiveness of characteristic graphs (ClaBen and Lakemeyer [CL08]) in verifying properties of games in infinite domains. A special-purpose programming language GameGolog proposed in De Giacomo, Lesperance and Pearce [DLP10] allows such game-theoretic systems to be specified procedurally at a high-level of abstraction. We show its practicality to model game structures in a convenient way that combines declarative and procedural elements. We provided examples to show the verification of GameGolog specifications using characteristic graphs. This thesis also proposes a refinement to the formalism in [DLP10] to incorporate action constraints as a mechanism to incorporate user strategies and for the modeller to supply heuristic guidance in temporal property verification. It also presents an implementation of evaluation-based fixpoint verifier that handles Situation Calculus game structures, as well as GameGolog specifications, for temporal property verification in the initial or a given situation. The verifier supports player action constraints

Verification of Agent-Based Artifact Systems

Artifact systems are a novel paradigm for specifying and implementing business processes described in terms of interacting modules called artifacts. Artifacts consist of data and lifecycles, accounting respectively for the relational structure of the artifacts' states and their possible evolutions over time. In this paper we put forward artifact-centric multi-agent systems, a novel formalisation of artifact systems in the context of multi-agent systems operating on them. Differently from the usual process-based models of services, the semantics we give explicitly accounts for the data structures on which artifact systems are defined. We study the model checking problem for artifact-centric multi-agent systems against specifications written in a quantified version of temporal-epistemic logic expressing the knowledge of the agents in the exchange. We begin by noting that the problem is undecidable in general. We then identify two noteworthy restrictions, one syntactical and one semantical, that enable us to find bisimilar finite abstractions and therefore reduce the model checking problem to the instance on finite models. Under these assumptions we show that the model checking problem for these systems is EXPSPACE-complete. We then introduce artifact-centric programs, compact and declarative representations of the programs governing both the artifact system and the agents. We show that, while these in principle generate infinite-state systems, under natural conditions their verification problem can be solved on finite abstractions that can be effectively computed from the programs. Finally we exemplify the theoretical results of the paper through a mainstream procurement scenario from the artifact systems literature