A Solver for Reachability Modulo Theories
نویسندگان
چکیده
Consider a sequential programming language with control flow constructs such as assignments, choice, loops, and procedure calls. We restrict the syntax of expressions in this language to one that can be efficiently decided by a satisfiability-modulo-theories solver. For such a language, we define the problem of deciding whether a program can reach a particular control location as the reachability-modulo-theories problem. This paper describes the architecture of Corral, a semi-algorithm for the reachability-modulo-theories problem. Corral uses novel algorithms for inlining procedures on demand (Stratified Inlining) and abstraction refinement (Hierarchical Refinement). The paper also presents an evaluation of Corral against other related tools. Corral consistently outperforms its competitors on most benchmarks.
منابع مشابه
Corral: A Solver for Reachability Modulo Theories
Consider a sequential programming language with control flow constructs such as assignments, choice, loops, and procedure calls. We restrict the syntax of expressions in this language to one that can be efficiently decided by a satisfiability-modulo-theories solver. For such a language, we define the problem of deciding whether a program can reach a particular control location as the reachabili...
متن کاملOn Bounded Reachability of Programs with Set Comprehensions
We analyze the bounded reachability problem of programs that use abstract data types and set comprehensions. Such programs are common as high-level executable specifications of complex protocols. We prove decidability and undecidability results of restricted cases of the problem and extend the Satisfiability Modulo Theories approach to support analysis of set comprehensions over tuples and bag ...
متن کاملReachability Modulo Theories
Program verifiers that attempt to verify programs automatically pose the verification problem as the decision problem: Does there exist a proof that establishes the absence of errors? In this paper, we argue that program verification should instead be posed as the following decision problem: Does there exist an execution that establishes the presence of an error? We formalize the latter problem...
متن کاملReasoning with Triggers
SMT solvers can decide the satisfiability of ground formulas modulo a combination of built-in theories. Adding a built-in theory to a given SMT solver is a complex and time consuming task that requires internal knowledge of the solver. However, many theories (arrays [13], reachability [11]), can be easily expressed using first-order formulas. Unfortunately, since universal quantifiers are not h...
متن کاملVerifying Heap-Manipulating Programs in an SMT Framework
Automated software verification has made great progress recently, and a key enabler of this progress has been the advances in efficient, automated decision procedures suitable for verification (Boolean satisfiability solvers and satisfiability-modulo-theories (SMT) solvers). Verifying general software, however, requires reasoning about unbounded, linked, heap-allocated data structures, which in...
متن کامل