Global Guidance for Local Generalization in Model Checking

SMT-based model checkers, especially IC3-style ones, are currently the most effective techniques for verification of infinite state systems. They infer global inductive invariants via local reasoning about a single step of the transition relation of a system, while employing SMT-based procedures, such as interpolation, to mitigate the limitations of local reasoning and allow for better generalization. Unfortunately, these mitigations intertwine model checking with heuristics of the underlying SMT-solver, negatively affecting stability of model checking. In this paper, we propose to tackle the limitations of locality in a systematic manner. We introduce explicit global guidance into the local reasoning performed by IC3-style algorithms. To this end, we extend the SMT-IC3 paradigm with three novel rules, designed to mitigate fundamental sources of failure that stem from locality. We instantiate these rules for the theory of Linear Integer Arithmetic and implement them on top of Spacer solver in Z3. Our empirical results show that GSpacer, Spacer extended with global guidance, is significantly more effective than both Spacer and sole global reasoning, and, furthermore, is insensitive to interpolation.

[1]  Alberto Griggio,et al.  Infinite-state invariant checking with IC3 and predicate abstraction , 2016, Formal Methods Syst. Des..

[2]  Aaron R. Bradley,et al.  SAT-Based Model Checking without Unrolling , 2011, VMCAI.

[3]  Suresh Jagannathan,et al.  A data-driven CHC solver , 2018, PLDI.

[4]  Aws Albarghouthi,et al.  Beautiful Interpolants , 2013, CAV.

[5]  Nikolaj Bjørner,et al.  Property Directed Polyhedral Abstraction , 2015, VMCAI.

[6]  Kenneth L. McMillan,et al.  Generalizing DPLL to Richer Logics , 2009, CAV.

[7]  Georg Weissenbacher,et al.  Counterexample to Induction-Guided Abstraction-Refinement (CTIGAR) , 2014, CAV.

[8]  Egor V. Kostylev,et al.  Anti-unification Algorithms and Their Applications in Program Analysis , 2009, Ershov Memorial Conference.

[9]  Jan Maluszy¿ski Verification, Model Checking, and Abstract Interpretation , 2009, Lecture Notes in Computer Science.

[10]  Andreas Kuehlmann,et al.  QF BV model checking with property directed reachability , 2013, 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[11]  Frédéric Mesnard,et al.  Computing convex hulls with a linear solver , 2003, Theory and Practice of Logic Programming.

[12]  Tanja Schindler,et al.  Selfless Interpolation for Infinite-State Model Checking , 2018, VMCAI.

[13]  Wim Vanhoof,et al.  Anti-unification in Constraint Logic Programming , 2019, Theory and Practice of Logic Programming.

[14]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[15]  Kenneth L. McMillan,et al.  Lazy Abstraction with Interpolants , 2006, CAV.

[16]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[17]  Naoki Kobayashi,et al.  ICE-Based Refinement Type Discovery for Higher-Order Functional Programs , 2018, Journal of Automated Reasoning.

[18]  Rastislav Bodík,et al.  Sampling invariants from frequency distributions , 2017, 2017 Formal Methods in Computer Aided Design (FMCAD).

[19]  Bruno Dutertre,et al.  Property-directed k-induction , 2016, 2016 Formal Methods in Computer-Aided Design (FMCAD).

[20]  Sagar Chaki,et al.  SMT-based model checking for recursive programs , 2014, Formal Methods in System Design.

[21]  Philipp Rümmer,et al.  Guiding Craig interpolation with domain-specific abstractions , 2015, Acta Informatica.

[22]  Mikolás Janota,et al.  Playing with Quantified Satisfaction , 2015, LPAR.

[23]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[24]  Dan Roth,et al.  Learning invariants using decision trees and implication counterexamples , 2016, POPL.

[25]  Jan Kofron,et al.  Decomposing Farkas Interpolants , 2019, TACAS.

[26]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.