Theory Refinement for Program Verification

@inproceedings{Hyvrinen2017TheoryRF,
  title={Theory Refinement for Program Verification},
  author={A. Hyv{\"a}rinen and Sepideh Asadi and Karine Even-Mendoza and Grigory Fedyukovich and Hana Chockler and Natasha Sharygina},
  booktitle={SAT},
  year={2017}
}
Recent progress in automated formal verification is to a large degree due to the development of constraint languages that are sufficiently light-weight for reasoning but still expressive enough to prove properties of programs. Satisfiability modulo theories (SMT) solvers implement efficient decision procedures, but offer little direct support for adapting the constraint language to the task at hand. Theory refinement is a new approach that modularly adjusts the modeling precision based on the… 
Incremental Verification by SMT-based Summary Repair
TLDR
Upprover is a bounded model checker designed to incrementally verify software while it is being gradually developed, refactored, or optimized, offering two more levels of encoding precision: linear arithmetic and uninterpreted functions, thus allowing a trade-off between precision and performance.
Function Summarization Modulo Theories
TLDR
This paper employs safe over-approximations for the program based on both function summaries and light-weight SMT theories to model a program using the lightest possible theories that suffice to verify the desired property.
Lattice-Based Refinement in Bounded Model Checking
TLDR
This paper presents an algorithm for bounded model-checking with SMT solvers of programs with library functions—either standard or user-defined—that faces the danger of the state-explosion problem.
Duality-based interpolation for quantifier-free equalities and uninterpreted functions
TLDR
A solid framework for building compact, strength-controlled interpolants is presented, its strength and size properties on EUF are proved, its implementation is implemented and combined with a propositional interpolation system and the implementation is integrated into a model checker.
Lattice-based SMT for program verification
We present a lattice-based satisfiability modulo theory for verification of programs with library functions, for which the mathematical libraries supporting these functions contain a high number of
Artificial Intelligence and Reasoning Function Summarization Modulo Theories
TLDR
This paper employs safe over-approximations for the program based on both function summaries and light-weight SMT theories to model a program using the lightest possible theories that suffice to verify the desired property.
LRA Interpolants from No Man's Land
TLDR
This work introduces the SI-LRA interpolation system for linear real arithmetics that allows the tuning of interpolants based on shifting between the primal and dual interpolants, and proves a strength relation between the interpolants constructed by SI- LRA.

References

SHOWING 1-10 OF 22 REFERENCES
Theory-aided model checking of concurrent transition systems
We present a method for the automatic compositional verification of certain classes of concurrent programs. Our approach is based on the casting of the model checking problem into a theory of
Counterexample-guided abstraction refinement for symbolic model checking
TLDR
An automatic iterative abstraction-refinement methodology that extends symbolic model checking to large hardware designs and devise new symbolic techniques that analyze such counterexamples and refine the abstract model correspondingly.
SAT-Based Model Checking without Unrolling
TLDR
Experimental studies show that induction is a powerful tool for generalizing the unreachability of given error states: it can refine away many states at once, and it is effective at focusing the proof search on aspects of the transition system relevant to the property.
Synthesizing Safe Bit-Precise Invariants
TLDR
This paper proposes a novel technique that uses unsound approximations for synthesizing sound bit-precise invariants and demonstrates significant performance improvements with respect to bit- precise verificaton using Z3/PDR directy.
A Lazy and Layered SMT ( B V ) Solver for Hard Industrial Verification Problems ⋆
TLDR
This paper developed a satisfiabili ty procedure for reasoning about bit vectors that carefully leverages on the power of boolean SAT solver to deal with components that are more naturally “bool ean”, and activates bit-vector reasoning whenever possible.
Simplify: a theorem prover for program checking
TLDR
The article describes two techniques, error context reporting and error localization, for helping the user to determine the reason that a false conjecture is false, and includes detailed performance figures on conjectures derived from realistic program-checking problems.
Invariant Checking of NRA Transition Systems via Incremental Reduction to LRA with EUF
TLDR
A counterexample-guided abstraction refinement (CEGAR) approach that leverages linearization techniques from differential calculus to enable the use of mature and efficient model checking algorithms for transition systems on linear real arithmetic (LRA) with uninterpreted functions (EUF).
Symbolic Model Checking without BDDs
TLDR
This paper shows how boolean decision procedures, like Stalmarck's Method or the Davis & Putnam Procedure, can replace BDDs, and introduces a bounded model checking procedure for LTL which reduces model checking to propositional satisfiability.
Counterexample-guided abstraction refinement
  • E. Clarke
  • Computer Science
    10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings.
  • 2003
TLDR
Counterexample-guided abstraction refinement is an automatic abstraction method where the key step is to extract information from false negatives ("spurious counterexamples") due to over-approximation.
Efficient uninterpreted function abstraction and refinement for word-level model checking
TLDR
The methods and efficiency improvements developed for UFAR enabled it to prove 2422 of a set of industrial sequential model checking problems within a 1-hour limit, while a bit-level model checker super prove completed only 2115 of these within the same limit.
...
...