Pono: A Flexible and Extensible SMT-Based Model Checker

Symbolic model checking is an important tool for finding bugs (or proving the absence of bugs) in modern system designs. Because of this, improving the ease of use, scalability, and performance of model checking tools and algorithms continues to be an important research direction. In service of this goal, we present Pono, an open-source SMT-based model checker. Pono is designed to be both a research platform for developing and improving model checking algorithms, as well as a performance-competitive tool that can be used for academic and industry verification applications. In addition to performance, Pono prioritizes transparency (developed as an open-source project on GitHub), flexibility (Pono can be adapted to a variety of tasks by exploiting its general SMT-based interface), and extensibility (it is easy to add new algorithms and new back-end solvers). In this paper, we describe the design of the tool with a focus on the flexible and extensible architecture, cover its current capabilities, and demonstrate that Pono is competitive with state-of-the-art tools.

[1]  Mark R. Tuttle,et al.  SMT-Based System Verification with DVF , 2012, SMT@IJCAR.

[3]  Georg Weissenbacher,et al.  Counterexample to Induction-Guided Abstraction-Refinement (CTIGAR) , 2014, CAV.

[4]  Christopher L. Conway,et al.  Cvc4 , 2011, CAV.

[5]  Alberto Griggio,et al.  Infinite-state invariant checking with IC3 and predicate abstraction , 2016, Formal Methods Syst. Des..

[6]  Cesare Tinelli,et al.  Smt-Switch: a solver-agnostic C++ API for SMT Solving , 2020, ArXiv.

[7]  Andreas Kuehlmann,et al.  QF BV model checking with property directed reachability , 2013, 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[8]  Silvio Ghilardi,et al.  Booster: An Acceleration-Based Verification Framework for Array Programs , 2014, ATVA.

[9]  Sharad Malik,et al.  Syntax-Guided Synthesis for Lemma Generation in Hardware Model Checking , 2021, International Conference on Verification, Model Checking and Abstract Interpretation.

[10]  Armin Biere,et al.  Btor2 , BtorMC and Boolector 3.0 , 2018, CAV.

[11]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[12]  Pat Hanrahan,et al.  CoSA: Integrated Verification for Agile Hardware Design , 2018, 2018 Formal Methods in Computer Aided Design (FMCAD).

[13]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[14]  Bruno Dutertre,et al.  Yices 2.2 , 2014, CAV.

[15]  Robert K. Brayton,et al.  Efficient implementation of property directed reachability , 2011, 2011 Formal Methods in Computer-Aided Design (FMCAD).

[16]  Alex Groce,et al.  Counterexample Guided Abstraction Refinement Via Program Execution , 2004, ICFEM.

[17]  Jorge A. Navas,et al.  Verification of Fault-Tolerant Protocols with Sally , 2018, NFM.

[18]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[19]  Alberto Griggio,et al.  Incremental Linearization for Satisfiability and Verification Modulo Nonlinear Arithmetic and Transcendental Functions , 2018, ACM Trans. Comput. Log..

[20]  Inês Lynce,et al.  Conflict-Driven Clause Learning SAT Solvers , 2009, Handbook of Satisfiability.

[21]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[22]  Alberto Griggio,et al.  Efficient generation of craig interpolants in satisfiability modulo theories , 2009, TOCL.

[23]  Cesare Tinelli,et al.  Scaling Up the Formal Verification of Lustre Programs with SMT-Based Techniques , 2008, 2008 Formal Methods in Computer-Aided Design.

[24]  Aaron R. Bradley,et al.  SAT-Based Model Checking without Unrolling , 2011, VMCAI.

[25]  Cesare Tinelli,et al.  The Kind 2 Model Checker , 2016, CAV.

[26]  Martín Abadi,et al.  The existence of refinement mappings , 1988, [1988] Proceedings. Third Annual Information Symposium on Logic in Computer Science.

[27]  Stefan Behnel,et al.  Cython: The Best of Both Worlds , 2011, Computing in Science & Engineering.

[28]  Johann Glaser,et al.  Yosys-A Free Verilog Synthesis Suite , 2013 .

[29]  Bruno Dutertre,et al.  Property-directed k-induction , 2016, 2016 Formal Methods in Computer-Aided Design (FMCAD).

[30]  Marco Roveri,et al.  Verilog2SMV: A tool for word-level verification , 2016, 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[31]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[32]  Mary Sheeran,et al.  Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.

[33]  Roberto Bruttomesso,et al.  SAFARI: SMT-Based Abstraction for Arrays with Interpolants , 2012, CAV.

[34]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[35]  William Craig,et al.  Linear reasoning. A new form of the Herbrand-Gentzen theorem , 1957, Journal of Symbolic Logic.

[36]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[37]  Kenneth L. McMillan Interpolants and Symbolic Model Checking , 2007, VMCAI.

[38]  Arie Gurfinkel,et al.  Word Level Property Directed Reachability , 2020, 2020 IEEE/ACM International Conference On Computer Aided Design (ICCAD).

[39]  Silvio Ghilardi,et al.  MCMT: A Model Checker Modulo Theories , 2010, IJCAR.

[40]  Kenneth L. McMillan,et al.  Ivy: A Multi-modal Verification Tool for Distributed Algorithms , 2020, CAV.

[41]  John Cartmell,et al.  Generalised algebraic theories and contextual categories , 1986, Ann. Pure Appl. Log..

[42]  Grigory Fedyukovich,et al.  Quantified Invariants via Syntax-Guided Synthesis , 2019, CAV.

[43]  Marco Roveri,et al.  The nuXmv Symbolic Model Checker , 2014, CAV.

[44]  Stefano Tonetta,et al.  Abstract Model Checking without Computing the Abstraction , 2009, FM.

[45]  Sagar Chaki,et al.  Automatic Abstraction in SMT-Based Unbounded Software Model Checking , 2013, CAV.

[46]  Nikolaj Bjørner,et al.  Property Directed Polyhedral Abstraction , 2015, VMCAI.

[47]  Aman Goel,et al.  AVR: Abstractly Verifying Reachability , 2020, TACAS.

[48]  Cesare Tinelli,et al.  Satisfiability Modulo Theories , 2021, Handbook of Satisfiability.

[49]  Alberto Griggio,et al.  The MathSAT5 SMT Solver , 2013, TACAS.

[50]  M. Gario,et al.  PySMT: a Solver-Agnostic Library for Fast Prototyping of SMT-Based Algorithms , 2015 .

[51]  Fausto Giunchiglia,et al.  NUSMV: A New Symbolic Model Verifier , 1999, CAV.

[52]  Alberto Griggio,et al.  Counterexample-Guided Prophecy for Model Checking Modulo the Theory of Arrays , 2021, TACAS.

[53]  Robert K. Brayton,et al.  Property directed reachability with word-level abstraction , 2017, 2017 Formal Methods in Computer Aided Design (FMCAD).

[54]  Aman Goel,et al.  Model Checking of Verilog RTL Using IC3 with Syntax-Guided Abstraction , 2019, NFM.

[55]  Ashish Tiwari,et al.  Sal 2 , 2004, CAV.

[56]  Robert K. Brayton,et al.  ABC: An Academic Industrial-Strength Verification Tool , 2010, CAV.