Proof certificates for SMT-based model checkers for infinite-state systems

Mebsout, Alain; Tinelli, Cesare

doi:10.1109/fmcad.2016.7886669

Cited by 16 publications

(11 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We start from a benchmark suite that is a superset of the benchmarks used in the previous experiments. This suite contains 660 models, and includes all models that yield a valid result (530 in total) from previous Lustre model checking papers [59,119] and 130 industrial models yielding valid results derived from an infusion pump system [3] and other sources [59,121]. As this paper is concerned with analysis problems involving multiple MIVCs, we include only models that had more than 4 MIVCs (46 models in total).…”

Section: Methodsmentioning

confidence: 99%

“…For this purpose, we have collected a large set of benchmarks from different sources. Our experiments are conducted on a set of benchmarks containing 660 Lustre models, 530 from [59,119] and 130 industrial models derived from [3] and other sources [59,121]. This evaluation shows promising results about the IVC techniques.…”

Section: Chaptermentioning

confidence: 99%

“…The IVC idea shares many similarities with approaches for computing minimal invariant sets for inductive proofs (such as is performed for inductive proof certificates [48,59]).…”

Section: Proof/lemma Minimizationmentioning

confidence: 99%

See 2 more Smart Citations

Inductive Validity Cores

Ghassabani

Whalen

Gacek

et al. 2021

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Symbolic model checkers can construct proofs of properties over very complex models. However, the results reported by the tool when a proof succeeds do not generally provide much insight to the user. It is often useful for users to have traceability information related to the proof: which portions of the model were necessary to construct it. This traceability information can be used to diagnose a variety of modeling problems such as overconstrained axioms and underconstrained properties, and can also be used to measure completeness of a set of requirements over a model. We propose the notion of inductive validity cores (IVCs), which are intended to trace a property to a minimal set of model elements necessary for proof. Such cores are not unique, and algorithms for efficiently producing both single IVC and all IVCs are presented. IVCs can be used for several interesting analyses, including regression analysis for testing/proof, determination of the minimum (as opposed to minimal) number of model elements necessary for proof, the diversity examination of model elements leading to proof, and analyzing fault tolerance.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Chaptermentioning

confidence: 99%

See 1 more Smart Citation

Inductive Validity Cores

Ghassabani

Whalen

Gacek

et al. 2021

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

show abstract

“…These tools are JKind model checker and Graphviz. JKind is a software tool that we used to conduct cyberattack scenarios against the PARMS [40]. The model checker keeps checking repeatedly if a given finite-state model of a system meets a given security property of importance.…”

Section: Attack Graph Generationmentioning

confidence: 99%

Attack Graph Modeling for Implantable Pacemaker

2020

View full text Add to dashboard Cite

Remote health monitoring systems are used to audit implantable medical devices or patients’ health in a non-clinical setting. These systems are prone to cyberattacks exploiting their critical vulnerabilities. Thus, threatening patients’ health and confidentiality. In this paper, a pacemaker automatic remote monitoring system (PARMS) is modeled using architecture analysis and design language (AADL), formally characterized, and checked using the JKind model checker tool. The generated attack graph is visualized using the Graphviz tool, and classifies security breaches through the violation of the security features of significance. The developed attack graph showed the essentiality of setting up appropriate security measures in PARMS.

show abstract

“…In SMC kinduction is equivalent to induction: any k-inductive property P can be strengthened to an inductive property Q [6,16]. Even though in the worst case Q is exponentially larger than P [6], this is rarely observed in practice [26]. Furthermore, the SAT queries get very hard as k increases and usually succeed only for rather small values of k. A recent work [16] shows that strong induction can be integrated in Pdr.…”

Section: Introductionmentioning

confidence: 99%

Interpolating Strong Induction

Krishnan

Vizel

Gurfinkel

2019

Computer Aided Verification

View full text Add to dashboard Cite

The principle of strong induction, also known as k-induction is one of the first techniques for unbounded SAT-based Model Checking (SMC). While elegant and simple to apply, properties as such are rarely k-inductive and when they can be strengthened, there is no effective strategy to guess the depth of induction. It has been mostly displaced by techniques that compute inductive strengthenings based on interpolation and property directed reachability (Pdr). In this paper, we present kAvy, an SMC algorithm that effectively uses k-induction to guide interpolation and Pdr-style inductive generalization. Unlike pure k-induction, kAvy uses Pdr-style generalization to compute and strengthen an inductive trace. Unlike pure Pdr, kAvy uses relative k-induction to construct an inductive invariant. The depth of induction is adjusted dynamically by minimizing a proof of unsatisfiability. We have implemented kAvy within the Avy Model Checker and evaluated it on HWMCC instances. Our results show that kAvy is more effective than both Avy and Pdr, and that using k-induction leads to faster running time and solving more instances. Further, on a class of benchmarks, called shift, kAvy is orders of magnitude faster than Avy, Pdr and k-induction.

show abstract

Proof certificates for SMT-based model checkers for infinite-state systems

Cited by 16 publications

References 19 publications

Inductive Validity Cores

Inductive Validity Cores

Attack Graph Modeling for Implantable Pacemaker

Interpolating Strong Induction

Contact Info

Product

Resources

About