IC3 Modulo Theories via Implicit Predicate Abstraction

@article{Cimatti2014IC3MT,
  title={IC3 Modulo Theories via Implicit Predicate Abstraction},
  author={Alessandro Cimatti and Alberto Griggio and Sergio Mover and Stefano Tonetta},
  journal={ArXiv},
  year={2014},
  volume={abs/1310.6847}
}
We present a novel approach for generalizing the IC3 algorithm for invariant checking from finite-state to infinite-state transition systems, expressed over some background theories. The procedure is based on a tight integration of IC3 with Implicit (predicate) Abstraction, a technique that expresses abstract transitions without computing explicitly the abstract system and is incremental with respect to the addition of predicates. In this scenario, IC3 operates only at the Boolean level of the… 
Infinite-state invariant checking with IC3 and predicate abstraction
TLDR
A novel approach, IC3ia, for generalizing the IC3 invariant checking algorithm from finite-state to infinite-state transition systems, expressed over some background theories, based on a tight integration of IC3 with Implicit Abstraction, a form of predicate abstraction that expresses abstract paths without computing explicitly the abstract system.
Evaluating control-flow based inductive model checking algorithms
TLDR
An implementation of the TreeIC3 algorithm is presented and further improvements to it are proposed by introducing various strategies to drop irrelevant information in learned clauses.
Property Directed Inference of Relational Invariants
TLDR
A novel algorithm is contributed that identifies groups of predicates automatically and complements the existing PDR technique and shows that for some CHC systems, on which existing solvers diverge, the tool is able to discover relational invariants.
SMT-based generation of symbolic automata
TLDR
An algorithm is presented, building predicates expressing the synchronisation conditions between the events of pNet sub-systems, based on the so-called “BIP architectures”, which have been used to specify the control software of a nanosatellite at the EPFL Space Engineering Center.
IC3 software model checking on control flow automata
TLDR
This paper proposes a technique that supports this explicit representation in the form of control flow automata, and integrates it with symbolic reasoning about the data state space of the program, and provides a true lifting of IC3 from hardware to software model checking.
EasyChair Preprint No XXX Model Checking of Verilog RTL using IC 3 with Syntax-guided Abstraction
TLDR
This paper presents a novel technique that combines IC3 with syntax-guided abstraction (SA) to allow scalable word-level model checking using SMT solvers, and demonstrates its effectiveness on a suite of open-source and industrial Verilog RTL designs.
Property-Directed Inference of Universal Invariants or Proving Their Absence
TLDR
An analyzer based on PDR∀ was able to automatically infer universal invariants strong enough to establish memory safety and certain functional correctness properties, show the absence of such invariants for certain natural programs and specifications, and detect bugs without the need for user-supplied abstraction predicates.
A Lazy Approach to Temporal Epistemic Logic Model Checking
TLDR
This paper tackles the verification of KL1 properties under observational semantics, by proposing an effective approach that is able to deal with both finite and infinite state systems and demonstrates that the approach outperforms existing approaches.
Complexity and information in invariant inference
TLDR
It is shown, for the first time, that by utilizing rich Hoare queries, as done in PDR, inference can be exponentially more efficient than approaches such as ICE learning, which only utilize inductiveness checks of candidates.
...
...

References

SHOWING 1-10 OF 26 REFERENCES
SMT Techniques for Fast Predicate Abstraction
TLDR
A new algorithm is demonstrated based on a careful generation of the set of all satisfying assignments over a set of predicates that consistently outperforms previous methods by a factor of at least 20, on a diverse set of hardware and software verification benchmarks.
Lazy abstraction and SAT-based reachability in hardware model checking
TLDR
This work presents a novel lazy abstraction-refinement technique for hardware model checking, integrated with the SAT-based algorithm IC3, and implemented and compared it with the original IC3 on large industrial hardware designs, obtaining significant speedups.
SAT-Based Model Checking without Unrolling
TLDR
Experimental studies show that induction is a powerful tool for generalizing the unreachability of given error states: it can refine away many states at once, and it is effective at focusing the proof search on aspects of the transition system relevant to the property.
Software Model Checking via IC3
TLDR
This paper generalizes IC3 from SAT to Satisfiability Modulo Theories (SMT), thus enabling the direct analysis of programs after an encoding in form of symbolic transition systems, and adapts the "linear" search style of IC3 to a tree-like search.
The synergy of precise and fast abstractions for program verification
TLDR
A new abstraction refinement technique that combines slow and precise predicate abstraction techniques with fast and imprecise ones that allows computing the abstraction quickly, but keeps it precise enough to avoid too many refinement iterations is proposed.
Abstractions from proofs
TLDR
The model checker Blast is extended with predicate discovery by Craig interpolation, and applied successfully to C programs with more than 130,000 lines of code, which was not possible with approaches that build less parsimonious abstractions.
Model checking and abstraction
TLDR
Using techniques similar to those involved in abstract interpretation, an abstract model of a program is constructed without ever examining the corresponding unabstracted model, and it is shown how this abstract model can be used to verify properties of the original program.
Generalized Property Directed Reachability
TLDR
This work provides a specification of the IC3 algorithm using an abstract transition system and highlights its dual operation: model search and conflict resolution, and generalizes the method to Boolean constraints involving theories.
Satisfiability Modulo Theories
TLDR
This chapter provides a brief overview of SMT together with references to the relevant literature for a deeper study and an alternative approach in which a SAT solver is integrated with a separate decision procedure for conjunctions of literals in the background theory.
SMT-based scenario verification for hybrid systems
TLDR
This paper proposes a novel approach, that exploits the structure of the scenario to partition and drive the search, both for bounded model checking and k-induction, and fully leverages the advanced features of modern SMT solvers, such as incrementality, unsatisfiable core extraction, and interpolation.
...
...