Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant Synthesis

Silvio Ghilardi; Silvio Ranise

doi:10.2168/LMCS-6(4:10)2010

Silvio Ghilardi ; Silvio Ranise - Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant Synthesis

lmcs:966 - Logical Methods in Computer Science, December 21, 2010, Volume 6, Issue 4 - https://doi.org/10.2168/LMCS-6(4:10)2010

Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant SynthesisArticle

Authors: Silvio Ghilardi ; Silvio Ranise

The safety of infinite state systems can be checked by a backward reachability procedure. For certain classes of systems, it is possible to prove the termination of the procedure and hence conclude the decidability of the safety problem. Although backward reachability is property-directed, it can unnecessarily explore (large) portions of the state space of a system which are not required to verify the safety property under consideration. To avoid this, invariants can be used to dramatically prune the search space. Indeed, the problem is to guess such appropriate invariants. In this paper, we present a fully declarative and symbolic approach to the mechanization of backward reachability of infinite state systems manipulating arrays by Satisfiability Modulo Theories solving. Theories are used to specify the topology and the data manipulated by the system. We identify sufficient conditions on the theories to ensure the termination of backward reachability and we show the completeness of a method for invariant synthesis (obtained as the dual of backward reachability), again, under suitable hypotheses on the theories. We also present a pragmatic approach to interleave invariant synthesis and backward reachability so that a fix-point for the set of backward reachable states is more easily obtained. Finally, we discuss heuristics that allow us to derive an implementation of the techniques in the model checker MCMT, showing remarkable speed-ups on a significant set of safety problems extracted from a variety of sources.

https://doi.org/10.2168/LMCS-6(4:10)2010

Source: arXiv.org:1010.1872

Volume: Volume 6, Issue 4

Published on: December 21, 2010

Imported on: May 17, 2010

Keywords: Computer Science - Logic in Computer Science,D.2.4, F.3.1, I.2.2

Licence: arXiv.org - Non-exclusive license to distribute

Funding:

Source : OpenAIRE Graph

Automated Validation of Trust and Security of Service-oriented Architectures; Funder: European Commission; Code: 216471

Bibliographic References

68 Documents citing this article

Cole Vick;Kenneth L. McMillan, Lecture notes in computer science, Synthesizing History and Prophecy Variables for Symbolic Model Checking, pp. 320-340, 2023, 10.1007/978-3-031-24950-1_15.

Nicolas Féral;Alain Giorgetti, Lecture notes in computer science, A Gentle Introduction to Verification of Parameterized Reactive Systems, pp. 34-50, 2023, 10.1007/978-3-031-27534-0_3, https://hal.science/hal-04238447/file/1cb65e29-b7e7-4530-8c2c-b37efda3f3ab-author.pdf.

Alessandro Cimatti;Alberto Griggio;Gianluca Redondi, Lecture Notes in Computer Science, Verification of SMT Systems with Quantifiers, pp. 154-170, 2022, 10.1007/978-3-031-19992-9_10.

Aman Goel;Karem A. Sakallah, 2022, Regularity and quantification: a new approach to verify distributed protocols, Innovations in systems and software engineering (Print), 19, 4, pp. 359-377, 10.1007/s11334-022-00460-8.

Danilo Bruschi;Andrea Di Pasquale;Silvio Ghilardi;Andrea Lanzi;Elena Pagani, 2022, A Formal Verification of ArpON – A Tool for Avoiding Man-in-the-Middle Attacks in Ethernet Networks, IEEE transactions on dependable and secure computing, 19, 6, pp. 4082-4098, 10.1109/tdsc.2021.3118448, https://doi.org/10.1109/tdsc.2021.3118448.

Diego Calvanese;Silvio Ghilardi;Alessandro Gianola;Marco Montali;Andrey Rivkin, 2022, Combination of Uniform Interpolants via Beth Definability, Journal of automated reasoning, 66, 3, pp. 409-435, 10.1007/s10817-022-09627-1, https://doi.org/10.1007/s10817-022-09627-1.

Silvio Ghilardi;Alessandro Gianola;Marco Montali;Andrey Rivkin, 2022, Petri net-based object-centric processes with read-only data, Information Systems, 107, pp. 102011, 10.1016/j.is.2022.102011.

Alessandro Cimatti;Alberto Griggio;Gianluca Redondi, Lecture notes in computer science, Universal Invariant Checking of Parametric Systems with Quantifier-free SMT Reasoning, pp. 131-147, 2021, 10.1007/978-3-030-79876-5_8, https://doi.org/10.1007/978-3-030-79876-5_8.

Aman Goel;Karem A. Sakallah, Lecture notes in computer science, On Symmetry and Quantification: A New Approach to Verify Distributed Protocols, pp. 131-150, 2021, 10.1007/978-3-030-76384-8_9, https://doi.org/10.1007/978-3-030-76384-8_9.

Anh Truong, 2020, Automated Analysis of Access Control Policies Based on Model Checking, SN computer science, 1, 6, 10.1007/s42979-020-00307-8, https://doi.org/10.1007/s42979-020-00307-8.

Diego Calvanese;Silvio Ghilardi;Alessandro Gianola;Marco Montali;Andrey Rivkin, 2020, SMT-based verification of data-aware processes: a model-theoretic approach, Archivio Istituzionale della Ricerca (Universita Degli Studi Di Milano), 30, 3, pp. 271-313, 10.1017/s0960129520000067, http://hdl.handle.net/2434/730867.

Elaheh Ordoni;Jutta Mulle;Klemens Bohm, 2020 IEEE 22nd Conference on Business Informatics (CBI), Verification of Data-Value-Aware Processes and a Case Study on Spectrum Auctions, 2020, Antwerp, Belgium, 10.1109/cbi49978.2020.00027.

Nouraldin Jaber;Swen Jacobs;Christopher Wagner;Milind Kulkarni;Roopsha Samanta, Lecture Notes in Computer Science, Parameterized Verification of Systems with Global Synchronization and Guards, pp. 299-323, 2020, 10.1007/978-3-030-53288-8_15, https://doi.org/10.1007/978-3-030-53288-8_15.

Silvio Ghilardi;Alessandro Gianola;Marco Montali;Andrey Rivkin, Lecture Notes in Computer Science, Petri Nets with Parameterised Data, pp. 55-74, 2020, 10.1007/978-3-030-58666-9_4.

Silvio Ghilardi;Elena Pagani, 2020, Higher-Order Quantifier Elimination, Counter Simulations and Fault-Tolerant Systems, Journal of automated reasoning, 65, 3, pp. 425-460, 10.1007/s10817-020-09578-5, https://doi.org/10.1007/s10817-020-09578-5.

Sylvain Conchon;David Declerck;Fatiha Zaïdi, 2020, Parameterized Model Checking on the TSO Weak Memory Model, Journal of Automated Reasoning, 64, 7, pp. 1307-1330, 10.1007/s10817-020-09565-w.

Anh Truong, Lecture notes in computer science, Adventures in the Analysis of Access Control Policies, pp. 467-482, 2019, 10.1007/978-3-030-35653-8_31.

Dennis Peuter;Viorica Sofronie-Stokkermans, arXiv (Cornell University), On Invariant Synthesis for Parametric Systems, pp. 385-405, 2019, 10.1007/978-3-030-29436-6_23, https://arxiv.org/abs/1905.12524.

Diego Calvanese;Silvio Ghilardi;Alessandro Gianola;Marco Montali;Andrey Rivkin, 2019, Proceedings of the Second International Workshop on Automated Reasoning: Challenges, Applications, Directions, Exemplary Achievements, Electronic proceedings in theoretical computer science, 311, pp. 53-58, 10.4204/eptcs.311.9, https://doi.org/10.4204/eptcs.311.9.

Diego Calvanese;Silvio Ghilardi;Alessandro Gianola;Marco Montali;Andrey Rivkin, Lecture Notes in Computer Science, Formal Modeling and SMT-Based Parameterized Verification of Data-Aware BPMN, pp. 157-175, 2019, 10.1007/978-3-030-26619-6_12.

Diego Calvanese;Silvio Ghilardi;Alessandro Gianola;Marco Montali;Andrey Rivkin, Lecture notes in computer science, From Model Completeness to Verification of Data Aware Processes, pp. 212-239, 2019, 10.1007/978-3-030-22102-7_10.

Khai Kim Quoc Dinh;Anh Truong, Lecture Notes in Computer Science, Automated Security Analysis of Authorization Policies with Contextual Information, pp. 107-139, 2019, 10.1007/978-3-662-58808-6_5.

Mnacho Echenim;Nicolas Peltier;Yanis Sellami, Ilinva: Using Abduction to Generate Loop Invariants, pp. 77-93, 2019, 10.1007/978-3-030-29007-8_5, https://hal.science/hal-02323446.

Sylvain Conchon;Mattias Roux, Lecture Notes in Computer Science, Reasoning About Universal Cubes in MCMT, pp. 270-285, 2019, 10.1007/978-3-030-32409-4_17, https://doi.org/10.1007/978-3-030-32409-4_17.

Alessandro Cimatti;Ivan Stojic;Stefano Tonetta, Lecture Notes in Computer Science, Formal Specification and Verification of Dynamic Parametrized Architectures, pp. 625-644, 2018, 10.1007/978-3-319-95582-7_37, https://doi.org/10.1007/978-3-319-95582-7_37.

Yongjian Li;Kaiqiang Duan;David N. Jansen;Jun Pang;Lijun Zhang;et al., 2018, An Automatic Proving Approach to Parameterized Verification, Open Repository and Bibliography (University of Luxembourg), 19, 4, pp. 1-25, 10.1145/3232164, http://orbilu.uni.lu/handle/10993/37865.

Aleksandr Karbyshev;Nikolaj Bjørner;Shachar Itzhaky;Noam Rinetzky;Sharon Shoham, 2017, Property-Directed Inference of Universal Invariants or Proving Their Absence, Journal of the Association for Computing Machinery, 64, 1, pp. 1-33, 10.1145/3022187.

Antti Siirtola, University of Oulu Repository (University of Oulu), Refinement Checking Parameterised Quorum Systems, 2017, Zaragoza, 10.1109/acsd.2017.15, http://urn.fi/urn:nbn:fi-fe2019071223093.

Daniel Ricardo dos Santos;Silvio Ranise, Lecture notes in computer science, On Run-Time Enforcement of Authorization Constraints in Security-Sensitive Workflows, pp. 203-218, 2017, 10.1007/978-3-319-66197-1_13.

Danilo Bruschi;Andrea Di Pasquale;Silvio Ghilardi;Andrea Lanzi;Elena Pagani, Lecture Notes in Computer Science, Formal Verification of ARP (Address Resolution Protocol) Through SMT-Based Model Checking - A Case Study -, pp. 391-406, 2017, 10.1007/978-3-319-66845-1_26.

Dirk Beyer;Matthias Dangl;Philipp Wendler, 2017, A Unifying View on SMT-Based Software Verification, Journal of automated reasoning, 60, 3, pp. 299-335, 10.1007/s10817-017-9432-6, https://doi.org/10.1007/s10817-017-9432-6.

HoenickeJochen;MajumdarRupak;PodelskiAndreas, 2017, Thread modularity at many levels: a pearl in compositional verification, Sigplan Notices, 52, 1, pp. 473-485, 10.1145/3093333.3009893.

Jochen Hoenicke;Rupak Majumdar;Andreas Podelski, Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, Thread modularity at many levels: a pearl in compositional verification, 2017, Paris France, 10.1145/3009837.3009893.

Silvio Ghilardi;Elena Pagani, 2017, Counter Simulations via Higher Order Quantifier Elimination: a preliminary report, arXiv (Cornell University), 262, pp. 39-53, 10.4204/eptcs.262.5.

Sylvain Conchon;Amit Goel;Sava Krstic;Rupak Majumdar;Mattias Roux, FAR-Cubicle — A new reachability algorithm for Cubicle, 2017, Vienna, 10.23919/fmcad.2017.8102256, https://hal.inria.fr/hal-01927220.

Anh Truong;Dai Hai Ton That, Solving the User-Role Reachability Problem in ARBAC with Role Hierarchy, 2016, Can Tho, 10.1109/acomp.2016.011, https://hal-cea.archives-ouvertes.fr/cea-01809216/document.

Giorgio Delzanno, 2016, A unified view of parameterized verification of abstract models of broadcast communication, CINECA IRIS Institutial Research Information System (University of Genoa), 18, 5, pp. 475-493, 10.1007/s10009-016-0412-7, http://hdl.handle.net/11567/893506.

Oded Padon;Neil Immerman;Sharon Shoham;Aleksandr Karbyshev;Mooly Sagiv, Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Decidability of inferring inductive invariants, 2016, St. Petersburg FL USA, 10.1145/2837614.2837640.

Oded Padon;Neil Immerman;Sharon Shoham;Aleksandr Karbyshev;Mooly Sagiv, 2016, Decidability of inferring inductive invariants, SIGPLAN notices, 51, 1, pp. 217-231, 10.1145/2914770.2837640, https://doi.org/10.1145/2914770.2837640.

Parosh A. Abdulla;Giorgio Delzanno, 2016, Parameterized verification, CINECA IRIS Institutial Research Information System (University of Genoa), 18, 5, pp. 469-473, 10.1007/s10009-016-0424-3, http://hdl.handle.net/11567/859078.

Roderick Bloem;Swen Jacobs;Ayrat Khalimov;Igor Konnov;Sasha Rubin;et al., 2016, Decidability in Parameterized Verification, Library Union Catalog of Bavaria, Berlin and Brandenburg (B3Kat Repository), 47, 2, pp. 53-64, 10.1145/2951860.2951873, https://doi.org/10.2200/S00658ED1V01Y201508DCT013.

Aleksandr Karbyshev;Nikolaj Bjørner;Shachar Itzhaky;Noam Rinetzky;Sharon Shoham, Lecture notes in computer science, Property-Directed Inference of Universal Invariants or Proving Their Absence, pp. 583-602, 2015, 10.1007/978-3-319-21690-4_40, https://doi.org/10.1007/978-3-319-21690-4_40.

Antti Siirtola;Juha Kortelainen, 2015, Multi-parameterised compositional verification of safety properties, Information & Computation, 244, pp. 23-48, 10.1016/j.ic.2015.08.002.

Antti Siirtola;Keijo Heljanko, 2015, Parametrised Modal Interface Automata, ACM transactions on embedded computing systems, 14, 4, pp. 1-25, 10.1145/2776892.

Clara Bertolissi;Daniel Ricardo dos Santos;Silvio Ranise, Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, Automated Synthesis of Run-time Monitors to Enforce Authorization Policies in Business Processes, 2015, Singapore Republic of Singapore, 10.1145/2714576.2714633.

Francesco Alberti;Silvio Ghilardi;Natasha Sharygina, 2015, Decision Procedures for Flat Array Properties, reroDoc Digital Library, 54, 4, pp. 327-352, 10.1007/s10817-015-9323-7, http://doc.rero.ch/record/331489/files/10817_2015_Article_9323.pdf.

RoderickBloem;SwenJacobs;AyratKhalimov;IgorKonnov;SashaRubin;et al., 2015, Decidability of Parameterized Verification, Synthesis Lectures on Distributed Computing Theory, 6, 1, pp. 1-170, 10.2200/s00658ed1v01y201508dct013, https://doi.org/10.2200/s00658ed1v01y201508dct013.

Silvio Ranise;Anh Truong;Riccardo Traverso, 2015, Parameterized model checking for security policy analysis, International Journal on Software Tools for Technology Transfer, 18, 5, pp. 559-573, 10.1007/s10009-015-0410-1.

Sylvain Conchon;Alain Mebsout;Fatiha Zaïdi, Lecture Notes in Computer Science, Certificates for Parameterized Model Checking, pp. 126-142, 2015, 10.1007/978-3-319-19249-9_9.

Antti Siirtola, Lecture notes in computer science, Bounds2: A Tool for Compositional Multi-parametrised Verification, pp. 599-604, 2014, 10.1007/978-3-642-54862-8_52, https://doi.org/10.1007/978-3-642-54862-8_52.

Antti Siirtola, 2014 14th International Conference on Application of Concurrency to System Design, Parametrised Interface Automata, 2014, Tunis La Marsa, Tunisia, 10.1109/acsd.2014.26.

Francesco Alberti;Roberto Bruttomesso;Silvio Ghilardi;Silvio Ranise;Natasha Sharygina, 2014, An extension of lazy abstraction with interpolation for programs with arrays, reroDoc Digital Library, 45, 1, pp. 63-109, 10.1007/s10703-014-0209-9, http://doc.rero.ch/record/326403/files/10703_2014_Article_209.pdf.

Francesco Alberti;Silvio Ghilardi;Natasha Sharygina, 2014, Monotonic Abstraction Techniques: from Parametric to Software Model Checking, arXiv (Cornell University), 168, pp. 1-11, 10.4204/eptcs.168.1.

Sagar Chaki;James Edmondson, Proceedings of the 2014 International SPIN Symposium on Model Checking of Software, Toward parameterized verification of synchronous distributed applications, 2014, San Jose CA USA, 10.1145/2632362.2632368.

Antti Siirtola;Keijo Heljanko, 2013 13th International Conference on Application of Concurrency to System Design, Parametrised Compositional Verification with Multiple Process and Data Types, 2013, Barcelona, Spain, 10.1109/acsd.2013.9.

Clara Bertolissi;Silvio Ranise, Lecture Notes in Computer Science, Verification of Composed Array-Based Systems with Applications to Security-Aware Workflows, pp. 40-55, 2013, 10.1007/978-3-642-40885-4_4.

Mnacho Echenim;Nicolas Peltier, 2013, Instantiation Schemes for Nested Theories, 14, 2, pp. 1-34, 10.1145/2480759.2480763, https://hal.science/hal-00933873.

Silvio Ranise;Anh Tuan Truong;Alessandro Armando, Lecture notes in computer science, Boosting Model Checking to Analyse Large ARBAC Policies, pp. 273-288, 2013, 10.1007/978-3-642-38004-4_18.

Sylvain Conchon;Amit Goel;Sava Krstic;Alain Mebsout;Fatiha Zaidi, Invariants for finite instances and beyond, 2013, Portland, OR, 10.1109/fmcad.2013.6679392, https://hal.archives-ouvertes.fr/hal-00924640.

Alessandro Armando;Silvio Ranise, Lecture notes in computer science, Automated Analysis of Infinite State Workflows with Access Control Policies, pp. 157-174, 2012, 10.1007/978-3-642-29963-6_12.

Francesco Alberti;Roberto Bruttomesso;Silvio Ghilardi;Silvio Ranise;Natasha Sharygina, Lecture notes in computer science, Lazy Abstraction with Interpolants for Arrays, pp. 46-61, 2012, 10.1007/978-3-642-28717-6_7.

Roberto Bruttomesso;Alessandro Carioni;Silvio Ghilardi;Silvio Ranise, Lecture notes in computer science, Automated Analysis of Parametric Timing-Based Mutual Exclusion Algorithms, pp. 279-294, 2012, 10.1007/978-3-642-28891-3_28.

Silvio Ranise;Alessandro Armando, Lecture Notes in Computer Science, On the Automated Analysis of Safety in Usage Control: A New Decidability Result, pp. 15-28, 2012, 10.1007/978-3-642-34601-9_2.

Sylvain Conchon;Amit Goel;Sava Krstić;Alain Mebsout;Fatiha Zaïdi, Lecture notes in computer science, Cubicle: A Parallel SMT-Based Model Checker for Parameterized Systems, pp. 718-724, 2012, 10.1007/978-3-642-31424-7_55, https://doi.org/10.1007/978-3-642-31424-7_55.

Taylor T. Johnson;Sayan Mitra, CiteSeer X (The Pennsylvania State University), Parametrized Verification of Distributed Cyber-Physical Systems: An Aircraft Landing Protocol Case Study, 2012, Beijing, China, 10.1109/iccps.2012.24, http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.460.7867.

Alessandro Carioni;Silvio Ghilardi;Silvio Ranise, Lecture notes in computer science, Automated Termination in Model Checking Modulo Theories, pp. 110-124, 2011, 10.1007/978-3-642-24288-5_11.

Francesco Alberti;Alessandro Armando;Silvio Ranise, Lecture notes in computer science, ASASP: Automated Symbolic Analysis of Security Policies, pp. 26-33, 2011, 10.1007/978-3-642-22438-6_4.

Giorgio Delzanno;Ahmed Rezine, 2011, A lightweight regular model checking approach for parameterized systems, International Journal on Software Tools for Technology Transfer, 14, 2, pp. 207-222, 10.1007/s10009-011-0213-y.

Sources : OpenCitations, OpenAlex & Crossref

Share and export

Consultation statistics

This page has been seen 40360 times.

This article's PDF has been downloaded 331 times.