Book ChapterDOI
Quantifiers on Demand
Arie Gurfinkel,Sharon Shoham,Yakir Vizel +2 more
- pp 248-266
TLDR
A new algorithm, Quic3, is presented, that extends IC3 to infer universally quantified invariants over the combined theory of LIA and Arrays, and carefully manages quantified generalization and quantifier instantiation.Abstract:
Automated program verification is a difficult problem. It is undecidable even for transition systems over Linear Integer Arithmetic (LIA). Extending the transition system with theory of Arrays, further complicates the problem by requiring inference and reasoning with universally quantified formulas. In this paper, we present a new algorithm, Quic3, that extends IC3 to infer universally quantified invariants over the combined theory of LIA and Arrays. Unlike other approaches that use either IC3 or an SMT solver as a black box, Quic3 carefully manages quantified generalization (to construct quantified invariants) and quantifier instantiation (to detect convergence in the presence of quantifiers). While Quic3 is not guaranteed to converge, it is guaranteed to make progress by exploring longer and longer executions. We have implemented Quic3 within the Constrained Horn Clause solver engine of Z3 and experimented with it by applying Quic3 to verifying a variety of public benchmarks of array manipulating C programs.read more
Citations
More filters
Book ChapterDOI
Quantified Invariants via Syntax-Guided Synthesis
TL;DR: An enumerative search that discovers quantified invariants in stages that identifies potentially useful facts about individual elements and generalizes them to hypotheses about entire ranges and shows that FreqHorn advances state-of-the-art on a wide range of public array-handling programs.
Book ChapterDOI
RustHorn: CHC-Based Verification for Rust Programs
TL;DR: In this paper, the authors propose a translation of pointer-manipulating Rust programs into constrained Horn clauses, which clears away pointers and heaps by leveraging ownership, and formalize the translation for a simplified core of Rust.
Book ChapterDOI
RustHorn: CHC-based Verification for Rust Programs (full version).
TL;DR: In this article, a translation of pointer-manipulating Rust programs into constrained Horn clauses (CHCs) is proposed, which clears away pointers and memories by leveraging ownership and proves its correctness.
Book ChapterDOI
Inferring Inductive Invariants from Phase Structures
TL;DR: In this article, the authors propose an approach to automatically find inductive invariants automatically for infinite-state systems such as distributed protocols, where the user annotates the system with a set of invariants to relieve the user from this labor-intensive and challenging task.
Book ChapterDOI
Induction with Generalization in Superposition Reasoning
TL;DR: The strength of the technique is demonstrated by showing that many interesting mathematical properties of natural numbers and lists can be proved automatically using this extension of automating induction in superposition-based reasoning.
References
More filters
Book ChapterDOI
Z3: an efficient SMT solver
TL;DR: Z3 is a new and efficient SMT Solver freely available from Microsoft Research that is used in various software verification and analysis applications.
Book ChapterDOI
Construction of Abstract State Graphs with PVS
Susanne Graf,Hassen Saïdi +1 more
TL;DR: This paper proposes a method for the automatic construction of an abstract state graph of an arbitrary system using the Pvs theorem prover.
Proceedings ArticleDOI
SAT-based model checking without unrolling
TL;DR: Experimental studies show that induction is a powerful tool for generalizing the unreachability of given error states: it can refine away many states at once, and it is effective at focusing the proof search on aspects of the transition system relevant to the property.
Journal Article
Lazy abstraction with interpolants
TL;DR: In this paper, a model checker for infinite-state sequential programs, based on Craig interpolation and the lazy abstraction paradigm, is described. But it is not a model checking tool for program analysis.
Proceedings ArticleDOI
Predicate abstraction for software verification
Cormac Flanagan,Shaz Qadeer +1 more
TL;DR: A novel feature of this approach is that it infers universally-quantified loop invariants, which are crucial for verifying programs that manipulate unbounded data such as arrays, and presents heuristics for generating appropriate predicates for each loop automatically.