-
First-Order Modal Logic via Logical Categories
Authors:
Silvio Ghilardi,
Jérémie Marquès
Abstract:
We extend the logical categories framework to first order modal logic. In our modal categories, modal operators are applied directly to subobjects and interact with the background factorization system. We prove a Joyal-style representation theorem into relational structures formalizing a `counterpart' notion. We investigate saturation conditions related to definability questions and we enrich our…
▽ More
We extend the logical categories framework to first order modal logic. In our modal categories, modal operators are applied directly to subobjects and interact with the background factorization system. We prove a Joyal-style representation theorem into relational structures formalizing a `counterpart' notion. We investigate saturation conditions related to definability questions and we enrich our framework with quotients and disjoint sums, thus leading to the notion of a modal (quasi) pretopos. We finally show how to build syntactic categories out of first order modal theories.
△ Less
Submitted 3 April, 2025;
originally announced April 2025.
-
Unification with Simple Variable Restrictions and Admissibility of $Π_{2}$-rules
Authors:
Rodrigo Nicolau Almeida,
Silvio Ghilardi
Abstract:
We develop a method to recognize admissibility of $Π_{2}$-rules, relating this problem to a specific instance of the unification problem with linear constants restriction, called here "unification with simple variable restriction". It is shown that for logical systems enjoying an appropriate algebraic semantics and a finite approximation of left uniform interpolation, this unification with simple…
▽ More
We develop a method to recognize admissibility of $Π_{2}$-rules, relating this problem to a specific instance of the unification problem with linear constants restriction, called here "unification with simple variable restriction". It is shown that for logical systems enjoying an appropriate algebraic semantics and a finite approximation of left uniform interpolation, this unification with simple variable restriction can be reduced to standard unification. As a corollary, we obtain the decidability of admissibility of $Π_{2}$-rules for many logical systems.
△ Less
Submitted 5 June, 2024;
originally announced June 2024.
-
Relational Action Bases: Formalization, Effective Safety Verification, and Invariants (Extended Version)
Authors:
Silvio Ghilardi,
Alessandro Gianola,
Marco Montali,
Andrey Rivkin
Abstract:
Modeling and verification of dynamic systems operating over a relational representation of states are increasingly investigated problems in AI, Business Process Management, and Database Theory. To make these systems amenable to verification, the amount of information stored in each relational state needs to be bounded, or restrictions are imposed on the preconditions and effects of actions. We int…
▽ More
Modeling and verification of dynamic systems operating over a relational representation of states are increasingly investigated problems in AI, Business Process Management, and Database Theory. To make these systems amenable to verification, the amount of information stored in each relational state needs to be bounded, or restrictions are imposed on the preconditions and effects of actions. We introduce the general framework of relational action bases (RABs), which generalizes existing models by lifting both these restrictions: unbounded relational states can be evolved through actions that can quantify both existentially and universally over the data, and that can exploit numerical datatypes with arithmetic predicates. We then study parameterized safety of RABs via (approximated) SMT-based backward search, singling out essential meta-properties of the resulting procedure, and showing how it can be realized by an off-the-shelf combination of existing verification modules of the state-of-the-art MCMT model checker. We demonstrate the effectiveness of this approach on a benchmark of data-aware business processes. Finally, we show how universal invariants can be exploited to make this procedure fully correct.
△ Less
Submitted 11 August, 2023; v1 submitted 12 August, 2022;
originally announced August 2022.
-
General Interpolation and Strong Amalgamation for Contiguous Arrays
Authors:
Silvio Ghilardi,
Alessandro Gianola,
Deepak Kapur,
Chiara Naso
Abstract:
Interpolation is an essential tool in software verification, where first-order theories are used to constrain datatypes manipulated by programs. In this paper, we introduce the datatype theory of contiguous arrays with maxdiff, where arrays are completely defined in their allocation memory and for which maxdiff returns the max index where they differ. This theory is strictly more expressive than t…
▽ More
Interpolation is an essential tool in software verification, where first-order theories are used to constrain datatypes manipulated by programs. In this paper, we introduce the datatype theory of contiguous arrays with maxdiff, where arrays are completely defined in their allocation memory and for which maxdiff returns the max index where they differ. This theory is strictly more expressive than the array theories previously studied. By showing via an algebraic analysis that its models strongly amalgamate, we prove that this theory admits quantifier-free interpolants and, notably, that interpolation transfers to theory combinations. Finally, we provide an algorithm that significantly improves the ones for related array theories: it relies on a polysize reduction to general interpolation in linear arithmetics, thus avoiding impractical full terms instantiations and unbounded loops.
△ Less
Submitted 25 April, 2022;
originally announced April 2022.
-
Interpolation and Amalgamation for Arrays with MaxDiff (Extended Version)
Authors:
Silvio Ghilardi,
Alessandro Gianola,
Deepak Kapur
Abstract:
In this paper, the theory of McCarthy's extensional arrays enriched with a maxdiff operation (this operation returns the biggest index where two given arrays differ) is proposed. It is known from the literature that a diff operation is required for the theory of arrays in order to enjoy the Craig interpolation property at the quantifier-free level. However, the diff operation introduced in the lit…
▽ More
In this paper, the theory of McCarthy's extensional arrays enriched with a maxdiff operation (this operation returns the biggest index where two given arrays differ) is proposed. It is known from the literature that a diff operation is required for the theory of arrays in order to enjoy the Craig interpolation property at the quantifier-free level. However, the diff operation introduced in the literature is merely instrumental to this purpose and has only a purely formal meaning (it is obtained from the Skolemization of the extensionality axiom). Our maxdiff operation significantly increases the level of expressivity; however, obtaining interpolation results for the resulting theory becomes a surprisingly hard task. We obtain such results via a thorough semantic analysis of the models of the theory and of their amalgamation properties. The results are modular with respect to the index theory and it is shown how to convert them into concrete interpolation algorithms via a hierarchical approach.
△ Less
Submitted 19 January, 2021; v1 submitted 14 October, 2020;
originally announced October 2020.
-
Petri Nets with Parameterised Data: Modelling and Verification (Extended Version)
Authors:
Silvio Ghilardi,
Alessandro Gianola,
Marco Montali,
Andrey Rivkin
Abstract:
During the last decade, various approaches have been put forward to integrate business processes with different types of data. Each of such approaches reflects specific demands in the whole process-data integration spectrum. One particular important point is the capability of these approaches to flexibly accommodate processes with multiple cases that need to co-evolve. In this work, we introduce a…
▽ More
During the last decade, various approaches have been put forward to integrate business processes with different types of data. Each of such approaches reflects specific demands in the whole process-data integration spectrum. One particular important point is the capability of these approaches to flexibly accommodate processes with multiple cases that need to co-evolve. In this work, we introduce and study an extension of coloured Petri nets, called catalog-nets, providing two key features to capture this type of processes. On the one hand, net transitions are equipped with guards that simultaneously inspect the content of tokens and query facts stored in a read-only, persistent database. On the other hand, such transitions can inject data into tokens by extracting relevant values from the database or by generating genuinely fresh ones. We systematically encode catalog-nets into one of the reference frameworks for the (parameterised) verification of data and processes. We show that fresh-value injection is a particularly complex feature to handle, and discuss strategies to tame it. Finally, we discuss how catalog nets relate to well-known formalisms in this area.
△ Less
Submitted 11 June, 2020;
originally announced June 2020.
-
Uniform Interpolants in EUF: Algorithms using DAG-representations
Authors:
Silvio Ghilardi,
Alessandro Gianola,
Deepak Kapur
Abstract:
The concept of uniform interpolant for a quantifier-free formula from a given formula with a list of symbols, while well-known in the logic literature, has been unknown to the formal methods and automated reasoning community for a long time. This concept is precisely defined. Two algorithms for computing quantifier-free uniform interpolants in the theory of equality over uninterpreted symbols (EUF…
▽ More
The concept of uniform interpolant for a quantifier-free formula from a given formula with a list of symbols, while well-known in the logic literature, has been unknown to the formal methods and automated reasoning community for a long time. This concept is precisely defined. Two algorithms for computing quantifier-free uniform interpolants in the theory of equality over uninterpreted symbols (EUF) endowed with a list of symbols to be eliminated are proposed. The first algorithm is non-deterministic and generates a uniform interpolant expressed as a disjunction of conjunctions of literals, whereas the second algorithm gives a compact representation of a uniform interpolant as a conjunction of Horn clauses. Both algorithms exploit efficient dedicated DAG representations of terms. Correctness and completeness proofs are supplied, using arguments combining rewrite techniques with model theory.
△ Less
Submitted 13 April, 2022; v1 submitted 22 February, 2020;
originally announced February 2020.
-
Combined Covers and Beth Definability (Extended Version)
Authors:
Diego Calvanese,
Silvio Ghilardi,
Alessandro Gianola,
Marco Montali,
Andrey Rivkin
Abstract:
In ESOP 2008, Gulwani and Musuvathi introduced a notion of cover and exploited it to handle infinite-state model checking problems. Motivated by applications to the verification of data-aware processes, we proved in a previous paper that covers are strictly related to model completions, a well-known topic in model theory. In this paper we investigate cover transfer to theory combinations in the di…
▽ More
In ESOP 2008, Gulwani and Musuvathi introduced a notion of cover and exploited it to handle infinite-state model checking problems. Motivated by applications to the verification of data-aware processes, we proved in a previous paper that covers are strictly related to model completions, a well-known topic in model theory. In this paper we investigate cover transfer to theory combinations in the disjoint signatures case. We prove that for convex theories, cover algorithms can be transferred to theory combinations under the same hypothesis (equality interpolation property aka strong amalgamation property) needed to transfer quantifier-free interpolation. In the non-convex case, we show by a counterexample that covers may not exist in the combined theories, even in case combined quantifier-free interpolants do exist. However, we exhibit a cover transfer algorithm operating also in the non-convex case for special kinds of theory combinations; these combinations (called `tame combinations') concern multi-sorted theories arising in many model-checking applications (in particular, the ones oriented to verification of data-aware processes).
△ Less
Submitted 29 June, 2020; v1 submitted 18 November, 2019;
originally announced November 2019.
-
Formal Modeling and SMT-Based Parameterized Verification of Data-Aware BPMN (Extended Version)
Authors:
Diego Calvanese,
Silvio Ghilardi,
Alessandro Gianola,
Marco Montali,
Andrey Rivkin
Abstract:
We propose DAB -- a data-aware extension of BPMN where the process operates over case and persistent data (partitioned into a read-only database called catalog and a read-write database called repository). The model trades off between expressiveness and the possibility of supporting parameterized verification of safety properties on top of it. Specifically, taking inspiration from the literature o…
▽ More
We propose DAB -- a data-aware extension of BPMN where the process operates over case and persistent data (partitioned into a read-only database called catalog and a read-write database called repository). The model trades off between expressiveness and the possibility of supporting parameterized verification of safety properties on top of it. Specifically, taking inspiration from the literature on verification of artifact systems, we study verification problems where safety properties are checked irrespectively of the content of the read-only catalog, and accepting the potential presence of unboundedly many tuples in the catalog and repository. We tackle such problems using an array-based backward reachability procedure fully implemented in MCMT -- a state-of-the-art array-based SMT model checker. Notably, we prove that the procedure is sound and complete for checking safety of DABs, and single out additional conditions that guarantee its termination and, in turn, show decidability of checking safety.
△ Less
Submitted 24 June, 2019; v1 submitted 31 May, 2019;
originally announced June 2019.
-
Formal Modeling and SMT-Based Parameterized Verification of Multi-Case Data-Aware BPMN
Authors:
Diego Calvanese,
Silvio Ghilardi,
Alessandro Gianola,
Marco Montali,
Andrey Rivkin
Abstract:
We propose DAB -- a data-aware extension of the BPMN de-facto standard with the ability of operating over case and persistent data (partitioned into a read-only catalog and a read-write repository), and that balances between expressiveness and the possibility of supporting parameterized verification of safety properties on top of it. In particular, we take inspiration from the literature on verifi…
▽ More
We propose DAB -- a data-aware extension of the BPMN de-facto standard with the ability of operating over case and persistent data (partitioned into a read-only catalog and a read-write repository), and that balances between expressiveness and the possibility of supporting parameterized verification of safety properties on top of it. In particular, we take inspiration from the literature on verification of artifact systems, and consider verification problems where safety properties are checked irrespectively of the content of the read-only catalog, possibly considering an unbounded number of active cases and tuples in the catalog and repository. Such problems are tackled using fully implemented array-based backward reachability techniques belonging to the well-established tradition of SMT model checking. We also identify relevant classes of DABs for which the backward reachability procedure implemented in the MCMT array-based model checker is sound and complete, and then further strengthen such classes to ensure termination.
△ Less
Submitted 20 June, 2019; v1 submitted 30 May, 2019;
originally announced May 2019.
-
Free Heyting Algebra Endomorphisms: Ruitenburg's Theorem and Beyond
Authors:
Silvio Ghilardi,
Luigi Santocanale
Abstract:
Ruitenburg's Theorem says that every endomorphism f of a finitely generated free Heyting algebra is ultimately periodic if f fixes all the generators but one. More precisely, there is N $\ge$ 0 such that f N +2 = f N , thus the period equals 2. We give a semantic proof of this theorem, using duality techniques and bounded bisimulation ranks. By the same techniques, we tackle investigation of arbit…
▽ More
Ruitenburg's Theorem says that every endomorphism f of a finitely generated free Heyting algebra is ultimately periodic if f fixes all the generators but one. More precisely, there is N $\ge$ 0 such that f N +2 = f N , thus the period equals 2. We give a semantic proof of this theorem, using duality techniques and bounded bisimulation ranks. By the same techniques, we tackle investigation of arbitrary endomorphisms between free algebras. We show that they are not, in general, ultimately periodic. Yet, when they are (e.g. in the case of locally finite subvarieties), the period can be explicitly bounded as function of the cardinality of the set of generators.
△ Less
Submitted 4 January, 2019;
originally announced January 2019.
-
Verification of Data-Aware Processes via Array-Based Systems (Extended Version)
Authors:
Diego Calvanese,
Silvio Ghilardi,
Alessandro Gianola,
Marco Montali,
Andrey Rivkin
Abstract:
We study verification over a general model of artifact-centric systems, to assess (parameterized) safety properties irrespectively of the initial database instance. We view such artifact systems as array-based systems, which allows us to check safety by adapting backward reachability, establishing for the first time a correspondence with model checking based on Satisfiability-Modulo-Theories (SMT)…
▽ More
We study verification over a general model of artifact-centric systems, to assess (parameterized) safety properties irrespectively of the initial database instance. We view such artifact systems as array-based systems, which allows us to check safety by adapting backward reachability, establishing for the first time a correspondence with model checking based on Satisfiability-Modulo-Theories (SMT). To do so, we make use of the model-theoretic machinery of model completion, which surprisingly turns out to be an effective tool for verification of relational systems, and represents the main original contribution of this paper. In this way, we pursue a twofold purpose. On the one hand, we reconstruct (restricted to safety) the essence of some important decidability results obtained in the literature for artifact-centric systems, and we devise a genuinely novel class of decidable cases. On the other, we are able to exploit SMT technology in implementations, building on the well-known MCMT model checker for array-based systems, and extending it to make all our foundational results fully operational.
△ Less
Submitted 27 February, 2019; v1 submitted 29 June, 2018;
originally announced June 2018.
-
Quantifier Elimination for Database Driven Verification
Authors:
Diego Calvanese,
Silvio Ghilardi,
Alessandro Gianola,
Marco Montali,
Andrey Rivkin
Abstract:
Running verification tasks in database driven systems requires solving quantifier elimination problems of a new kind. These quantifier elimination problems are related to the notion of a cover introduced in ESOP 2008 by Gulwani and Musuvathi. In this paper, we show how covers are strictly related to model completions, a well-known topic in model theory. We also investigate the computation of cover…
▽ More
Running verification tasks in database driven systems requires solving quantifier elimination problems of a new kind. These quantifier elimination problems are related to the notion of a cover introduced in ESOP 2008 by Gulwani and Musuvathi. In this paper, we show how covers are strictly related to model completions, a well-known topic in model theory. We also investigate the computation of covers within the Superposition Calculus, by adopting a constrained version of the calculus, equipped with appropriate settings and reduction strategies. In addition, we show that cover computations are computationally tractable for the fragment of the language used in applications to database driven verification. This observation is confirmed by analyzing the preliminary results obtained using the MCMT tool on the verification of data-aware process benchmarks. These benchmarks can be found in the last version of the tool distribution.
△ Less
Submitted 17 June, 2019; v1 submitted 25 June, 2018;
originally announced June 2018.
-
Ruitenburg's Theorem via Duality and Bounded Bisimulations
Authors:
Luigi Santocanale,
Silvio Ghilardi
Abstract:
For a given intuitionistic propositional formula A and a propositional variable x occurring in it, define the infinite sequence of formulae { A \_i | i$\ge$1} by letting A\_1 be A and A\_{i+1} be A(A\_i/x). Ruitenburg's Theorem [8] says that the sequence { A \_i } (modulo logical equivalence) is ultimately periodic with period 2, i.e. there is N $\ge$ 0 such that A N+2 $\leftrightarrow$ A N is pro…
▽ More
For a given intuitionistic propositional formula A and a propositional variable x occurring in it, define the infinite sequence of formulae { A \_i | i$\ge$1} by letting A\_1 be A and A\_{i+1} be A(A\_i/x). Ruitenburg's Theorem [8] says that the sequence { A \_i } (modulo logical equivalence) is ultimately periodic with period 2, i.e. there is N $\ge$ 0 such that A N+2 $\leftrightarrow$ A N is provable in intuitionistic propositional calculus. We give a semantic proof of this theorem, using duality techniques and bounded bisimulations ranks.
△ Less
Submitted 17 April, 2018;
originally announced April 2018.
-
Fixed-point elimination in the Intuitionistic Propositional Calculus (extended version)
Authors:
Silvio Ghilardi,
Maria Joao Gouveia,
Luigi Santocanale
Abstract:
It is a consequence of existing literature that least and greatest fixed-points of monotone polynomials on Heyting algebras-that is, the alge- braic models of the Intuitionistic Propositional Calculus-always exist, even when these algebras are not complete as lattices. The reason is that these extremal fixed-points are definable by formulas of the IPC. Consequently, the $μ$-calculus based on intui…
▽ More
It is a consequence of existing literature that least and greatest fixed-points of monotone polynomials on Heyting algebras-that is, the alge- braic models of the Intuitionistic Propositional Calculus-always exist, even when these algebras are not complete as lattices. The reason is that these extremal fixed-points are definable by formulas of the IPC. Consequently, the $μ$-calculus based on intuitionistic logic is trivial, every $μ$-formula being equiv- alent to a fixed-point free formula. We give in this paper an axiomatization of least and greatest fixed-points of formulas, and an algorithm to compute a fixed-point free formula equivalent to a given $μ$-formula. The axiomatization of the greatest fixed-point is simple. The axiomatization of the least fixed- point is more complex, in particular every monotone formula converges to its least fixed-point by Kleene's iteration in a finite number of steps, but there is no uniform upper bound on the number of iterations. We extract, out of the algorithm, upper bounds for such n, depending on the size of the formula. For some formulas, we show that these upper bounds are polynomial and optimal.
△ Less
Submitted 5 March, 2018;
originally announced March 2018.
-
Counter Simulations via Higher Order Quantifier Elimination: a preliminary report
Authors:
Silvio Ghilardi,
Elena Pagani
Abstract:
Quite often, verification tasks for distributed systems are accomplished via counter abstractions. Such abstractions can sometimes be justified via simulations and bisimulations. In this work, we supply logical foundations to this practice, by a specifically designed technique for second order quantifier elimination. Our method, once applied to specifications of verification problems for parameter…
▽ More
Quite often, verification tasks for distributed systems are accomplished via counter abstractions. Such abstractions can sometimes be justified via simulations and bisimulations. In this work, we supply logical foundations to this practice, by a specifically designed technique for second order quantifier elimination. Our method, once applied to specifications of verification problems for parameterized distributed systems, produces integer variables systems that are ready to be model-checked by current SMT-based tools. We demonstrate the feasibility of the approach with a prototype implementation and first experiments.
△ Less
Submitted 5 December, 2017;
originally announced December 2017.
-
Monadic second order logic as the model companion of temporal logic
Authors:
Silvio Ghilardi,
Samuel J. van Gool
Abstract:
The main focus of this paper is on bisimulation-invariant MSO, and more particularly on giving a novel model-theoretic approach to it. In model theory, a model companion of a theory is a first-order description of the class of models in which all potentially solvable systems of equations and non-equations have solutions. We show that bisimulation-invariant MSO on trees gives the model companion fo…
▽ More
The main focus of this paper is on bisimulation-invariant MSO, and more particularly on giving a novel model-theoretic approach to it. In model theory, a model companion of a theory is a first-order description of the class of models in which all potentially solvable systems of equations and non-equations have solutions. We show that bisimulation-invariant MSO on trees gives the model companion for a new temporal logic, "fair CTL", an enrichment of CTL with local fairness constraints. To achieve this, we give a completeness proof for the logic fair CTL which combines tableaux and Stone duality, and a fair CTL encoding of the automata for the modal μ-calculus. Moreover, we also show that MSO on binary trees is the model companion of binary deterministic fair CTL.
△ Less
Submitted 3 May, 2016;
originally announced May 2016.
-
Counting Constraints in Flat Array Fragments
Authors:
Francesco Alberti,
Silvio Ghilardi,
Elena Pagani
Abstract:
We identify a fragment of Presburger arithmetic enriched with free function symbols and cardinality constraints for interpreted sets, which is amenable to automated analysis. We establish decidability and complexity results for such a fragment and we implement our algorithms. The experiments run in discharging proof obligations coming from invariant checking and bounded model-checking benchmarks s…
▽ More
We identify a fragment of Presburger arithmetic enriched with free function symbols and cardinality constraints for interpreted sets, which is amenable to automated analysis. We establish decidability and complexity results for such a fragment and we implement our algorithms. The experiments run in discharging proof obligations coming from invariant checking and bounded model-checking benchmarks show the practical feasibility of our decision procedure.
△ Less
Submitted 1 February, 2016;
originally announced February 2016.
-
Fixed-point elimination in the intuitionistic propositional calculus
Authors:
Silvio Ghilardi,
Maria Joao Gouveia,
Luigi Santocanale
Abstract:
It is a consequence of existing literature that least and greatest fixed-points of monotone polynomials on Heyting algebras-that is, the algebraic models of the Intuitionistic Propositional Calculus-always exist, even when these algebras are not complete as lattices. The reason is that these extremal fixed-points are definable by formulas of the IPC. Consequently, the $μ$-calculus based on intuiti…
▽ More
It is a consequence of existing literature that least and greatest fixed-points of monotone polynomials on Heyting algebras-that is, the algebraic models of the Intuitionistic Propositional Calculus-always exist, even when these algebras are not complete as lattices. The reason is that these extremal fixed-points are definable by formulas of the IPC. Consequently, the $μ$-calculus based on intuitionistic logic is trivial, every $μ$-formula being equivalent to a fixed-point free formula. We give in this paper an axiomatization of least and greatest fixed-points of formulas, and an algorithm to compute a fixed-point free formula equivalent to a given $μ$-formula. The axiomatization of the greatest fixed-point is simple. The axiomatization of the least fixed-point is more complex, in particular every monotone formula converges to its least fixed-point by Kleene's iteration in a finite number of steps, but there is no uniform upper bound on the number of iterations. We extract, out of the algorithm, upper bounds for such n, depending on the size of the formula. For some formulas, we show that these upper bounds are polynomial and optimal.
△ Less
Submitted 4 January, 2016;
originally announced January 2016.
-
A model-theoretic characterization of monadic second order logic on infinite words
Authors:
Silvio Ghilardi,
Samuel J. van Gool
Abstract:
Monadic second order logic and linear temporal logic are two logical formalisms that can be used to describe classes of infinite words, i.e., first-order models based on the natural numbers with order, successor, and finitely many unary predicate symbols.
Monadic second order logic over infinite words (S1S) can alternatively be described as a first-order logic interpreted in $\mathcal{P}(ω)$, th…
▽ More
Monadic second order logic and linear temporal logic are two logical formalisms that can be used to describe classes of infinite words, i.e., first-order models based on the natural numbers with order, successor, and finitely many unary predicate symbols.
Monadic second order logic over infinite words (S1S) can alternatively be described as a first-order logic interpreted in $\mathcal{P}(ω)$, the power set Boolean algebra of the natural numbers, equipped with modal operators for 'initial', 'next' and 'future' states. We prove that the first-order theory of this structure is the model companion of a class of algebras corresponding to the appropriate version of linear temporal logic (LTL) without until.
The proof makes crucial use of two classical, non-trivial results from the literature, namely the completeness of LTL with respect to the natural numbers, and the correspondence between S1S-formulas and Büchi automata.
△ Less
Submitted 29 April, 2016; v1 submitted 31 March, 2015;
originally announced March 2015.
-
Monotonic Abstraction Techniques: from Parametric to Software Model Checking
Authors:
Francesco Alberti,
Silvio Ghilardi,
Natasha Sharygina
Abstract:
Monotonic abstraction is a technique introduced in model checking parameterized distributed systems in order to cope with transitions containing global conditions within guards. The technique has been re-interpreted in a declarative setting in previous papers of ours and applied to the verification of fault tolerant systems under the so-called "stopping failures" model. The declarative reinterpret…
▽ More
Monotonic abstraction is a technique introduced in model checking parameterized distributed systems in order to cope with transitions containing global conditions within guards. The technique has been re-interpreted in a declarative setting in previous papers of ours and applied to the verification of fault tolerant systems under the so-called "stopping failures" model. The declarative reinterpretation consists in logical techniques (quantifier relativizations and, especially, quantifier instantiations) making sense in a broader context. In fact, we recently showed that such techniques can over-approximate array accelerations, so that they can be employed as a meaningful (and practically effective) component of CEGAR loops in software model checking too.
△ Less
Submitted 13 November, 2014;
originally announced November 2014.
-
Abstraction and Acceleration in SMT-based Model-Checking for Array Programs
Authors:
Francesco Alberti,
Silvio Ghilardi,
Natasha Sharygina
Abstract:
Abstraction (in its various forms) is a powerful established technique in model-checking; still, when unbounded data-structures are concerned, it cannot always cope with divergence phenomena in a satisfactory way. Acceleration is an approach which is widely used to avoid divergence, but it has been applied mostly to integer programs. This paper addresses the problem of accelerating transition rela…
▽ More
Abstraction (in its various forms) is a powerful established technique in model-checking; still, when unbounded data-structures are concerned, it cannot always cope with divergence phenomena in a satisfactory way. Acceleration is an approach which is widely used to avoid divergence, but it has been applied mostly to integer programs. This paper addresses the problem of accelerating transition relations for unbounded arrays with the ultimate goal of avoiding divergence during reachability analysis of abstract programs. For this, we first design a format to compute accelerations in this domain; then we show how to adapt the so-called 'monotonic abstraction' technique to efficiently handle complex formulas with nested quantifiers generated by the acceleration preprocessing. Notably, our technique can be easily plugged-in into abstraction/refinement loops, and strongly contributes to avoid divergence: experiments conducted with the MCMT model checker attest the effectiveness of our approach on programs with unbounded arrays, where acceleration and abstraction/refinement technologies fail if applied alone.
△ Less
Submitted 3 October, 2013; v1 submitted 16 April, 2013;
originally announced April 2013.
-
Quantifier-Free Interpolation of a Theory of Arrays
Authors:
Roberto Bruttomesso,
Silvio Ghilardi,
Silvio Ranise
Abstract:
The use of interpolants in model checking is becoming an enabling technology to allow fast and robust verification of hardware and software. The application of encodings based on the theory of arrays, however, is limited by the impossibility of deriving quantifier- free interpolants in general. In this paper, we show that it is possible to obtain quantifier-free interpolants for a Skolemized vers…
▽ More
The use of interpolants in model checking is becoming an enabling technology to allow fast and robust verification of hardware and software. The application of encodings based on the theory of arrays, however, is limited by the impossibility of deriving quantifier- free interpolants in general. In this paper, we show that it is possible to obtain quantifier-free interpolants for a Skolemized version of the extensional theory of arrays. We prove this in two ways: (1) non-constructively, by using the model theoretic notion of amalgamation, which is known to be equivalent to admit quantifier-free interpolation for universal theories; and (2) constructively, by designing an interpolating procedure, based on solving equations between array updates. (Interestingly, rewriting techniques are used in the key steps of the solver and its proof of correctness.) To the best of our knowledge, this is the first successful attempt of computing quantifier- free interpolants for a variant of the theory of arrays with extensionality.
△ Less
Submitted 26 April, 2012; v1 submitted 11 April, 2012;
originally announced April 2012.
-
From Strong Amalgamability to Modularity of Quantifier-Free Interpolation
Authors:
Roberto Bruttomesso,
Silvio Ghilardi,
Silvio Ranise
Abstract:
The use of interpolants in verification is gaining more and more importance. Since theories used in applications are usually obtained as (disjoint) combinations of simpler theories, it is important to modularly re-use interpolation algorithms for the component theories. We show that a sufficient and necessary condition to do this for quantifier-free interpolation is that the component theories hav…
▽ More
The use of interpolants in verification is gaining more and more importance. Since theories used in applications are usually obtained as (disjoint) combinations of simpler theories, it is important to modularly re-use interpolation algorithms for the component theories. We show that a sufficient and necessary condition to do this for quantifier-free interpolation is that the component theories have the 'strong (sub-)amalgamation' property. Then, we provide an equivalent syntactic characterization, identify a sufficient condition, and design a combined quantifier-free interpolation algorithm capable of handling both convex and non-convex theories, that subsumes and extends most existing work on combined interpolation.
△ Less
Submitted 24 April, 2012; v1 submitted 16 March, 2012;
originally announced March 2012.
-
Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant Synthesis
Authors:
Silvio Ghilardi,
Silvio Ranise
Abstract:
The safety of infinite state systems can be checked by a backward reachability procedure. For certain classes of systems, it is possible to prove the termination of the procedure and hence conclude the decidability of the safety problem. Although backward reachability is property-directed, it can unnecessarily explore (large) portions of the state space of a system which are not required to verif…
▽ More
The safety of infinite state systems can be checked by a backward reachability procedure. For certain classes of systems, it is possible to prove the termination of the procedure and hence conclude the decidability of the safety problem. Although backward reachability is property-directed, it can unnecessarily explore (large) portions of the state space of a system which are not required to verify the safety property under consideration. To avoid this, invariants can be used to dramatically prune the search space. Indeed, the problem is to guess such appropriate invariants. In this paper, we present a fully declarative and symbolic approach to the mechanization of backward reachability of infinite state systems manipulating arrays by Satisfiability Modulo Theories solving. Theories are used to specify the topology and the data manipulated by the system. We identify sufficient conditions on the theories to ensure the termination of backward reachability and we show the completeness of a method for invariant synthesis (obtained as the dual of backward reachability), again, under suitable hypotheses on the theories. We also present a pragmatic approach to interleave invariant synthesis and backward reachability so that a fix-point for the set of backward reachable states is more easily obtained. Finally, we discuss heuristics that allow us to derive an implementation of the techniques in the model checker MCMT, showing remarkable speed-ups on a significant set of safety problems extracted from a variety of sources.
△ Less
Submitted 21 December, 2010; v1 submitted 9 October, 2010;
originally announced October 2010.
