Proving Parameterized Systems Safe by Generalizing Clausal Proofs of Small Instances [chapter]

Michael Dooley, Fabio Somenzi
2016 Lecture Notes in Computer Science  
We describe an approach to proving safety properties of parameterized reactive systems. Clausal inductive proofs for small instances are generalized to quantified formulae, which are then checked against the whole family of systems. Clausal proofs are generated at the bit-level by the IC3 algorithm. The clauses are partitioned into blocks, each of which is represented by a quantified implication formula, whose antecedent is a conjunction of modular linear arithmetic constraints. Each quantified
more » ... formula approximates the set of clauses it represents; good approximations are computed through a process of proof saturation, and through the computation of convex hulls. Candidate proofs are conjunctions of quantified lemmas. For systems with a small-model bound, the proof can often be shown valid for all values of the parameter. When the candidate proof cannot be shown valid, it can still be used to bootstrap finite proofs to permit verification at larger values of the parameter. While the method is incomplete, it produces non-trivial invariants for a suite of benchmarks including hardware circuits and protocols.
doi:10.1007/978-3-319-41528-4_16 fatcat:sqwnvgep6zcijglcfwldoaigxu