Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant Synthesis

Silvio Ghilardi; Silvio Ranise

doi:10.2168/LMCS-6(4:10)2010

Silvio Ghilardi ; Silvio Ranise - Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant Synthesis

lmcs:966 - Logical Methods in Computer Science, December 21, 2010, Volume 6, Issue 4 - https://doi.org/10.2168/LMCS-6(4:10)2010

Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant SynthesisArticle

Authors: Silvio Ghilardi ; Silvio Ranise

The safety of infinite state systems can be checked by a backward reachability procedure. For certain classes of systems, it is possible to prove the termination of the procedure and hence conclude the decidability of the safety problem. Although backward reachability is property-directed, it can unnecessarily explore (large) portions of the state space of a system which are not required to verify the safety property under consideration. To avoid this, invariants can be used to dramatically prune the search space. Indeed, the problem is to guess such appropriate invariants. In this paper, we present a fully declarative and symbolic approach to the mechanization of backward reachability of infinite state systems manipulating arrays by Satisfiability Modulo Theories solving. Theories are used to specify the topology and the data manipulated by the system. We identify sufficient conditions on the theories to ensure the termination of backward reachability and we show the completeness of a method for invariant synthesis (obtained as the dual of backward reachability), again, under suitable hypotheses on the theories. We also present a pragmatic approach to interleave invariant synthesis and backward reachability so that a fix-point for the set of backward reachable states is more easily obtained. Finally, we discuss heuristics that allow us to derive an implementation of the techniques in the model checker MCMT, showing remarkable speed-ups on a significant set of safety problems extracted from a variety of sources.

Comment: Accepted for publication in Logical Methods in Computer Science

https://doi.org/10.2168/LMCS-6(4:10)2010

Source: arXiv.org:1010.1872

Volume: Volume 6, Issue 4

Published on: December 21, 2010

Imported on: May 17, 2010

Keywords: Computer Science - Logic in Computer Science, D.2.4, F.3.1, I.2.2

Licence: arXiv.org - Non-exclusive license to distribute

Funding:

Source : OpenAIRE Graph

Automated Validation of Trust and Security of Service-oriented Architectures; Funder: European Commission; Code: 216471

Classifications

Mathematics Subject Classification 2020¹

Sources:

[1] zbMATH Open.

Bibliographic References

72 Documents citing this article

Dennis Peuter;Philipp Marohn;Viorica Sofronie-Stokkermans, 2025, On the Verification of Parametric Systems, Lecture notes in computer science, pp. 201-221, 10.1007/978-3-031-97537-0_12.

Marco Montali, 2025, Automated Reasoning for Data-Aware Petri Nets, Lecture notes in computer science, pp. 1-17, 10.1007/978-3-031-94634-9_1.

Gianluca Redondi;Alessandro Cimatti;Alberto Griggio;Kenneth L. Mcmillan, 2024, Invariant Checking for SMT-Based Systems with Quantifiers, ACM Transactions on Computational Logic, 25, 4, pp. 1-37, 10.1145/3686153, https://doi.org/10.1145/3686153.

Cole Vick;Kenneth L. McMillan, 2023, Synthesizing History and Prophecy Variables for Symbolic Model Checking, Lecture notes in computer science, pp. 320-340, 10.1007/978-3-031-24950-1_15.

Nicolas Féral;Alain Giorgetti, 2023, A Gentle Introduction to Verification of Parameterized Reactive Systems, pp. 34-50, 10.1007/978-3-031-27534-0_3, https://hal.science/hal-04238447.

Thomas Pani;Georg Weissenbacher;Florian Zuleger, 2023, Thread-modular counter abstraction: automated safety and termination proofs of parameterized software by reduction to sequential program verification, Formal Methods in System Design, 64, 1-3, pp. 108-145, 10.1007/s10703-023-00439-6, https://doi.org/10.1007/s10703-023-00439-6.

Alessandro Cimatti;Alberto Griggio;Gianluca Redondi, 2022, Verification of SMT Systems with Quantifiers, Institutional Research Information System (Università degli Studi di Trento), pp. 154-170, 10.1007/978-3-031-19992-9_10, https://link.springer.com/chapter/10.1007/978-3-031-19992-9_10#citeas.

Aman Goel;Karem A. Sakallah, 2022, Regularity and quantification: a new approach to verify distributed protocols, Innovations in Systems and Software Engineering, 19, 4, pp. 359-377, 10.1007/s11334-022-00460-8.

Diego Calvanese;Silvio Ghilardi;Alessandro Gianola;Marco Montali;Andrey Rivkin, 2022, Combination of Uniform Interpolants via Beth Definability, Journal of Automated Reasoning, 66, 3, pp. 409-435, 10.1007/s10817-022-09627-1, https://doi.org/10.1007/s10817-022-09627-1.

Silvio Ghilardi;Alessandro Gianola;Marco Montali;Andrey Rivkin, 2022, Petri net-based object-centric processes with read-only data, Information Systems, 107, pp. 102011, 10.1016/j.is.2022.102011.

Alessandro Cimatti;Alberto Griggio;Gianluca Redondi, 2021, Universal Invariant Checking of Parametric Systems with Quantifier-free SMT Reasoning, Lecture notes in computer science, pp. 131-147, 10.1007/978-3-030-79876-5_8, https://doi.org/10.1007/978-3-030-79876-5_8.

Aman Goel;Karem Sakallah, 2021, On Symmetry and Quantification: A New Approach to Verify Distributed Protocols, arXiv (Cornell University), pp. 131-150, 10.1007/978-3-030-76384-8_9, http://arxiv.org/abs/2103.14831.

Danilo Bruschi;Andrea Di Pasquale;Silvio Ghilardi;Andrea Lanzi;Elena Pagani, 2021, A Formal Verification of ArpON – A Tool for Avoiding Man-in-the-Middle Attacks in Ethernet Networks, IEEE Transactions on Dependable and Secure Computing, 19, 6, pp. 4082-4098, 10.1109/tdsc.2021.3118448, https://doi.org/10.1109/tdsc.2021.3118448.

Anh Truong, 2020, Automated Analysis of Access Control Policies Based on Model Checking, SN Computer Science, 1, 6, 10.1007/s42979-020-00307-8, https://doi.org/10.1007/s42979-020-00307-8.

Diego Calvanese;Silvio Ghilardi;Alessandro Gianola;Marco Montali;Andrey Rivkin, 2020, SMT-based verification of data-aware processes: a model-theoretic approach, Archivio Istituzionale della Ricerca (Universita Degli Studi Di Milano), 30, 3, pp. 271-313, 10.1017/s0960129520000067, http://hdl.handle.net/2434/730867.

Elaheh Ordoni;Jutta Mulle;Klemens Bohm, 2020, Verification of Data-Value-Aware Processes and a Case Study on Spectrum Auctions, 2020 IEEE 22nd Conference on Business Informatics (CBI), pp. 181-190, 10.1109/cbi49978.2020.00027.

Nouraldin Jaber;Swen Jacobs;Christopher Wagner;Milind Kulkarni;Roopsha Samanta, 2020, Parameterized Verification of Systems with Global Synchronization and Guards, Lecture notes in computer science, pp. 299-323, 10.1007/978-3-030-53288-8_15, https://doi.org/10.1007/978-3-030-53288-8_15.

Silvio Ghilardi;Alessandro Gianola;Marco Montali;Andrey Rivkin, 2020, Petri Nets with Parameterised Data, View, pp. 55-74, 10.1007/978-3-030-58666-9_4, https://link.springer.com/chapter/10.1007%2F978-3-030-58666-9_4.

Silvio Ghilardi;Elena Pagani, 2020, Higher-Order Quantifier Elimination, Counter Simulations and Fault-Tolerant Systems, Journal of Automated Reasoning, 65, 3, pp. 425-460, 10.1007/s10817-020-09578-5, https://doi.org/10.1007/s10817-020-09578-5.

Sylvain Conchon;David Declerck;Fatiha Zaïdi, 2020, Parameterized Model Checking on the TSO Weak Memory Model, Journal of Automated Reasoning, 64, 7, pp. 1307-1330, 10.1007/s10817-020-09565-w.

Anh Truong, 2019, Adventures in the Analysis of Access Control Policies, Lecture notes in computer science, pp. 467-482, 10.1007/978-3-030-35653-8_31.

Dennis Peuter;Viorica Sofronie-Stokkermans, 2019, On Invariant Synthesis for Parametric Systems, arXiv (Cornell University), pp. 385-405, 10.1007/978-3-030-29436-6_23, http://arxiv.org/abs/1905.12524.

Diego Calvanese;Silvio Ghilardi;Alessandro Gianola;Marco Montali;Andrey Rivkin, 2019, From Model Completeness to Verification of Data Aware Processes, View, pp. 212-239, 10.1007/978-3-030-22102-7_10.

Diego Calvanese;Silvio Ghilardi;Alessandro Gianola;Marco Montali;Andrey Rivkin, 2019, Formal Modeling and SMT-Based Parameterized Verification of Data-Aware BPMN, View, pp. 157-175, 10.1007/978-3-030-26619-6_12.

Diego Calvanese;Silvio Ghilardi;Alessandro Gianola;Marco Montali;Andrey Rivkin, 2019, Proceedings of the Second International Workshop on Automated Reasoning: Challenges, Applications, Directions, Exemplary Achievements, Electronic Proceedings in Theoretical Computer Science, 311, pp. 53-58, 10.4204/eptcs.311.9, https://doi.org/10.4204/eptcs.311.9.

Khai Kim Quoc Dinh;Anh Truong, 2019, Automated Security Analysis of Authorization Policies with Contextual Information, Lecture notes in computer science, pp. 107-139, 10.1007/978-3-662-58808-6_5.

Mnacho Echenim;Nicolas Peltier;Yanis Sellami, 2019, Ilinva: Using Abduction to Generate Loop Invariants, arXiv (Cornell University), pp. 77-93, 10.1007/978-3-030-29007-8_5, http://arxiv.org/abs/1906.11033.

Sylvain Conchon;Mattias Roux, 2019, Reasoning About Universal Cubes in MCMT, pp. 270-285, 10.1007/978-3-030-32409-4_17, https://hal.science/hal-02420588.

Alessandro Cimatti;Ivan Stojic;Stefano Tonetta, 2018, Formal Specification and Verification of Dynamic Parametrized Architectures, Lecture notes in computer science, pp. 625-644, 10.1007/978-3-319-95582-7_37, https://doi.org/10.1007/978-3-319-95582-7_37.

Yongjian Li;Kaiqiang Duan;David N. Jansen;Jun Pang;Lijun Zhang;et al., 2018, An Automatic Proving Approach to Parameterized Verification, Open Repository and Bibliography (University of Luxembourg), 19, 4, pp. 1-25, 10.1145/3232164, https://orbilu.uni.lu/handle/10993/37865.

Aleksandr Karbyshev;Nikolaj Bjørner;Shachar Itzhaky;Noam Rinetzky;Sharon Shoham, 2017, Property-Directed Inference of Universal Invariants or Proving Their Absence, Journal of the ACM, 64, 1, pp. 1-33, 10.1145/3022187.

Antti Siirtola, 2017, Refinement Checking Parameterised Quorum Systems, University of Oulu Repository (University of Oulu), 4963, pp. 39-48, 10.1109/acsd.2017.15.

Daniel Ricardo dos Santos;Silvio Ranise, 2017, On Run-Time Enforcement of Authorization Constraints in Security-Sensitive Workflows, Lecture notes in computer science, pp. 203-218, 10.1007/978-3-319-66197-1_13.

Danilo Bruschi;Andrea Di Pasquale;Silvio Ghilardi;Andrea Lanzi;Elena Pagani, 2017, Formal Verification of ARP (Address Resolution Protocol) Through SMT-Based Model Checking - A Case Study -, Lecture notes in computer science, pp. 391-406, 10.1007/978-3-319-66845-1_26.

Dirk Beyer;Matthias Dangl;Philipp Wendler, 2017, A Unifying View on SMT-Based Software Verification, Journal of Automated Reasoning, 60, 3, pp. 299-335, 10.1007/s10817-017-9432-6, https://doi.org/10.1007/s10817-017-9432-6.

Jochen Hoenicke;Rupak Majumdar;Andreas Podelski, 2017, Thread modularity at many levels: a pearl in compositional verification, ACM SIGPLAN Notices, 52, 1, pp. 473-485, 10.1145/3093333.3009893.

Silvio Ghilardi;Elena Pagani, 2017, Counter Simulations via Higher Order Quantifier Elimination: a preliminary report, Electronic Proceedings in Theoretical Computer Science, 262, pp. 39-53, 10.4204/eptcs.262.5, https://doi.org/10.4204/eptcs.262.5.

Sylvain Conchon;Amit Goel;Sava Krstic;Rupak Majumdar;Mattias Roux, 2017, FAR-Cubicle — A new reachability algorithm for Cubicle, arXiv (Cornell University), pp. 172-175, 10.23919/fmcad.2017.8102256, http://arxiv.org/abs/1811.08131.

Anh Truong;Dai Hai Ton That, 2016, Solving the User-Role Reachability Problem in ARBAC with Role Hierarchy, pp. 3-10, 10.1109/acomp.2016.011, https://cea.hal.science/cea-01809216.

Giorgio Delzanno, 2016, A unified view of parameterized verification of abstract models of broadcast communication, CINECA IRIS Institutial Research Information System (University of Genoa), 18, 5, pp. 475-493, 10.1007/s10009-016-0412-7, http://hdl.handle.net/11567/893506.

Jochen Hoenicke;Rupak Majumdar;Andreas Podelski, 2016, Thread modularity at many levels: a pearl in compositional verification, Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, pp. 473-485, 10.1145/3009837.3009893.

Oded Padon;Neil Immerman;Sharon Shoham;Aleksandr Karbyshev;Mooly Sagiv, 2016, Decidability of inferring inductive invariants, Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 217-231, 10.1145/2837614.2837640.

Oded Padon;Neil Immerman;Sharon Shoham;Aleksandr Karbyshev;Mooly Sagiv, 2016, Decidability of inferring inductive invariants, ACM SIGPLAN Notices, 51, 1, pp. 217-231, 10.1145/2914770.2837640, https://doi.org/10.1145/2914770.2837640.

Parosh A. Abdulla;Giorgio Delzanno, 2016, Parameterized verification, CINECA IRIS Institutial Research Information System (University of Genoa), 18, 5, pp. 469-473, 10.1007/s10009-016-0424-3, http://hdl.handle.net/11567/859078.

Roderick Bloem;Swen Jacobs;Ayrat Khalimov;Igor Konnov;Sasha Rubin;et al., 2016, Decidability in Parameterized Verification, ACM SIGACT News, 47, 2, pp. 53-64, 10.1145/2951860.2951873.

A. Karbyshev;N. Bjørner;S. Itzhaky;N. Rinetzky;S. Shoham, 2015, Property-Directed Inference of Universal Invariants or Proving Their Absence, Lecture notes in computer science, pp. 583-602, 10.1007/978-3-319-21690-4_40.

Antti Siirtola;Juha Kortelainen, 2015, Multi-parameterised compositional verification of safety properties, Information and Computation, 244, pp. 23-48, 10.1016/j.ic.2015.08.002.

Antti Siirtola;Keijo Heljanko, 2015, Parametrised Modal Interface Automata, ACM Transactions on Embedded Computing Systems, 14, 4, pp. 1-25, 10.1145/2776892.

Clara Bertolissi;Daniel Ricardo dos Santos;Silvio Ranise, 2015, Automated Synthesis of Run-time Monitors to Enforce Authorization Policies in Business Processes, Institutional Research Information System (Università degli Studi di Trento), pp. 297-308, 10.1145/2714576.2714633.

Francesco Alberti;Silvio Ghilardi;Natasha Sharygina, 2015, Decision Procedures for Flat Array Properties, Journal of Automated Reasoning, 54, 4, pp. 327-352, 10.1007/s10817-015-9323-7.

Roderick Bloem;Swen Jacobs;Ayrat Khalimov;Igor Konnov;Sasha Rubin;et al., 2015, Decidability of Parameterized Verification, Synthesis lectures on distributed computing theory, 6, 1, pp. 1-170, 10.2200/s00658ed1v01y201508dct013, https://doi.org/10.2200/s00658ed1v01y201508dct013.

Silvio Ranise;Anh Truong;Riccardo Traverso, 2015, Parameterized model checking for security policy analysis, International Journal on Software Tools for Technology Transfer, 18, 5, pp. 559-573, 10.1007/s10009-015-0410-1.

Sylvain Conchon;Alain Mebsout;Fatiha Zaïdi, 2015, Certificates for Parameterized Model Checking, Lecture notes in computer science, pp. 126-142, 10.1007/978-3-319-19249-9_9.

Antti Siirtola, 2014, Parametrised Interface Automata, 2014 14th International Conference on Application of Concurrency to System Design, pp. 176-185, 10.1109/acsd.2014.26.

Antti Siirtola, 2014, Bounds2: A Tool for Compositional Multi-parametrised Verification, Lecture notes in computer science, pp. 599-604, 10.1007/978-3-642-54862-8_52, https://doi.org/10.1007/978-3-642-54862-8_52.

Francesco Alberti;Roberto Bruttomesso;Silvio Ghilardi;Silvio Ranise;Natasha Sharygina, 2014, An extension of lazy abstraction with interpolation for programs with arrays, Formal Methods in System Design, 45, 1, pp. 63-109, 10.1007/s10703-014-0209-9.

Francesco Alberti;Silvio Ghilardi;Natasha Sharygina, 2014, Monotonic Abstraction Techniques: from Parametric to Software Model Checking, Electronic Proceedings in Theoretical Computer Science, 168, pp. 1-11, 10.4204/eptcs.168.1, https://doi.org/10.4204/eptcs.168.1.

Sagar Chaki;James Edmondson, 2014, Toward parameterized verification of synchronous distributed applications, Proceedings of the 2014 International SPIN Symposium on Model Checking of Software, pp. 109-112, 10.1145/2632362.2632368.

Antti Siirtola;Keijo Heljanko, 2013, Parametrised Compositional Verification with Multiple Process and Data Types, 2013 13th International Conference on Application of Concurrency to System Design, 2280, pp. 60-69, 10.1109/acsd.2013.9.

Clara Bertolissi;Silvio Ranise, 2013, Verification of Composed Array-Based Systems with Applications to Security-Aware Workflows, Lecture notes in computer science, pp. 40-55, 10.1007/978-3-642-40885-4_4.

Mnacho Echenim;Nicolas Peltier, 2013, Instantiation Schemes for Nested Theories, 14, 2, pp. 1-34, 10.1145/2480759.2480763, https://hal.science/hal-00933873.

Silvio Ranise;Anh Truong;Alessandro Armando, 2013, Boosting Model Checking to Analyse Large ARBAC Policies, Lecture notes in computer science, pp. 273-288, 10.1007/978-3-642-38004-4_18.

Sylvain Conchon;Amit Goel;Sava Krstic;Alain Mebsout;Fatiha Zaidi, 2013, Invariants for finite instances and beyond, pp. 61-68, 10.1109/fmcad.2013.6679392, https://hal.science/hal-00924640.

Alessandro Armando;Silvio Ranise, 2012, Automated Analysis of Infinite State Workflows with Access Control Policies, Lecture notes in computer science, pp. 157-174, 10.1007/978-3-642-29963-6_12.

Francesco Alberti;Roberto Bruttomesso;Silvio Ghilardi;Silvio Ranise;Natasha Sharygina, 2012, Lazy Abstraction with Interpolants for Arrays, Lecture notes in computer science, pp. 46-61, 10.1007/978-3-642-28717-6_7.

Roberto Bruttomesso;Alessandro Carioni;Silvio Ghilardi;Silvio Ranise, 2012, Automated Analysis of Parametric Timing-Based Mutual Exclusion Algorithms, Lecture notes in computer science, pp. 279-294, 10.1007/978-3-642-28891-3_28.

Silvio Ranise;Alessandro Armando, 2012, On the Automated Analysis of Safety in Usage Control: A New Decidability Result, Lecture notes in computer science, pp. 15-28, 10.1007/978-3-642-34601-9_2.

Sylvain Conchon;Amit Goel;Sava Krstić;Alain Mebsout;Fatiha Zaïdi, 2012, Cubicle: A Parallel SMT-Based Model Checker for Parameterized Systems, Lecture notes in computer science, pp. 718-724, 10.1007/978-3-642-31424-7_55.

Taylor T. Johnson;Sayan Mitra, 2012, Parametrized Verification of Distributed Cyber-Physical Systems: An Aircraft Landing Protocol Case Study, 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems, pp. 161-170, 10.1109/iccps.2012.24.

Alessandro Carioni;Silvio Ghilardi;Silvio Ranise, 2011, Automated Termination in Model Checking Modulo Theories, Lecture notes in computer science, pp. 110-124, 10.1007/978-3-642-24288-5_11.

Francesco Alberti;Alessandro Armando;Silvio Ranise, 2011, ASASP: Automated Symbolic Analysis of Security Policies, Lecture notes in computer science, pp. 26-33, 10.1007/978-3-642-22438-6_4.

Giorgio Delzanno;Ahmed Rezine, 2011, A lightweight regular model checking approach for parameterized systems, International Journal on Software Tools for Technology Transfer, 14, 2, pp. 207-222, 10.1007/s10009-011-0213-y.

Sources : OpenCitations, OpenAlex & Crossref

Share and export

Consultation statistics

This page has been seen 42585 times.

This article's PDF has been downloaded 578 times.