Papers by Alessandro Cimatti
Lecture Notes in Computer Science, 2015
Lecture Notes in Computer Science, 2017
In this paper we present an abstraction-refinement approach to Satisfiability Modulo the theory o... more In this paper we present an abstraction-refinement approach to Satisfiability Modulo the theory of transcendental functions, such as exponentiation and trigonometric functions. The transcendental functions are represented as uninterpreted in the abstract space, which is described in terms of the combined theory of linear arithmetic on the rationals with uninterpreted functions, and are incrementally axiomatized by means of upper-and lower-bounding piecewise-linear functions. Suitable numerical techniques are used to ensure that the abstractions of the transcendental functions are sound even in presence of irrationals. Our experimental evaluation on benchmarks from verification and mathematics demonstrates the potential of our approach, showing that it compares favorably with delta-satisfiability/interval propagation and methods based on theorem proving. This work was funded in part by the H2020-FETOPEN-2016-2017-CSA project SC 2 (712689). We thank James Davenport and Erika Abraham for useful discussions.
Lecture Notes in Computer Science, 2017
Model checking invariant properties of designs, represented as transition systems, with non-linea... more Model checking invariant properties of designs, represented as transition systems, with non-linear real arithmetic (NRA), is an important though very hard problem. On the one hand NRA is a hard-to-solve theory; on the other hand most of the powerful model checking techniques lack support for NRA. In this paper, we present a counterexample-guided abstraction refinement (CEGAR) approach that leverages linearization techniques from differential calculus to enable the use of mature and efficient model checking algorithms for transition systems on linear real arithmetic (LRA) with uninterpreted functions (EUF). The results of an empirical evaluation confirm the validity and potential of this approach.
Lecture Notes in Computer Science, 2019
COMPASS (COrrectness, Modeling and Performance of AeroSpace Systems) is an international research... more COMPASS (COrrectness, Modeling and Performance of AeroSpace Systems) is an international research effort aiming to ensure system-level correctness, safety, dependability and performability of onboard computer-based aerospace systems. In this paper we present COMPASS 3.0, which brings together the results of various development projects since the original inception of COMPASS. Improvements have been made both to the frontend, supporting an updated modeling language and user interface, as well as to the backend, by adding new functionalities and improving the existing ones. New features include Timed Failure Propagation Graphs, contract-based analysis, hierarchical fault tree generation, probabilistic analysis of non-deterministic models and statistical model checking.
Verification is an essential step of the hardware design lifecycle. Usually verification is done ... more Verification is an essential step of the hardware design lifecycle. Usually verification is done at the gate level (Boolean level). We present verilog2smv, a tool that generates word-level model checking problems from Verilog designs augmented with assertions. A key aspect of our tool is that memories in the designs are treated without any form of abstraction. verilog2smv can be used for RTL verification by chaining with a word-level model checker like NUXMV. To this extent, we present also some experimental results over Verilog verification benchmarks, using verilog2smv+NUXMV as a tool-chain.
Springer eBooks, 2023
The development of modern railways applications must be supported by trusted tools, able to cover... more The development of modern railways applications must be supported by trusted tools, able to cover the whole development process. In this paper we report on the research challenges underlying a comprehensive toolset for the design of computer-based interlocking systems. Following a VV development process, the framework adopts a clear separation between the abstract interlocking logic and the instantiations characterizing the single stations. The challenges include the definition of adequate specification languages, the generation of executable code and simulation infrastructure, traceability, test case generation, and formal verification. Keywords: Railways interlocking systems • Model-based design • Formal verification • Automated test case generation • Reverse engineering This invited contribution is based on the keynote presentation given by Alessandro Cimatti at the 2022 F-IDE workshop, affiliated with SEFM'22, Berlin (DE).
Proceedings of the ... AAAI Conference on Artificial Intelligence, Mar 4, 2015
In many practical domains, planning systems are required to reason about durative actions. A comm... more In many practical domains, planning systems are required to reason about durative actions. A common assumption in the literature is that the executor is allowed to decide the duration of each action. However, this assumption may be too restrictive for applications. In this paper, we tackle the problem of temporal planning with uncontrollable action durations. We show how to generate robust plans, that guarantee goal achievement despite the uncontrollability of the actual duration of the actions. We extend the state-space temporal planning framework, integrating recent techniques for solving temporal problems under uncertainty. We discuss different ways of lifting the total order plans generated by the heuristic search to partial order plans, showing (in)completeness results for each of them. We implemented our approach on top of COLIN, a stateof-the-art planner. An experimental evaluation over several benchmark problems shows the practical feasibility of the proposed approach.
Springer eBooks, 2006
Many approaches for Satisfiability Modulo Theory (SMT(T)) rely on the integration between a SAT s... more Many approaches for Satisfiability Modulo Theory (SMT(T)) rely on the integration between a SAT solver and a decision procedure for sets of literals in the background theory T (T-solver). When T is the combination T 1 ∪ T 2 of two simpler theories, the approach is typically handled by means of Nelson-Oppen's (NO) theory combination schema in which two specific T-solvers deduce and exchange (disjunctions of) interface equalities. In recent papers we have proposed a new approach to SMT(T 1 ∪ T 2), called Delayed Theory Combination (DTC). Here part or all the (possibly very expensive) task of deducing interface equalities is played by the SAT solver itself, at the potential cost of an enlargement of the boolean search space. In principle this enlargement could be up to exponential in the number of interface equalities generated. In this paper we show that this estimate was too pessimistic. We present a comparative analysis of DTC vs. NO for SMT(T 1 ∪ T 2), which shows that, using stateof-the-art SAT-solving techniques, the amount of boolean branches performed by DTC can be upper bounded by the number of deductions and boolean branches performed by NO on the same problem. We prove the result for different deduction capabilities of the T-solvers and for both convex and non-convex theories.
Decision procedures for expressive logics such as linear arithmetic, bitvectors, uninterpreted fu... more Decision procedures for expressive logics such as linear arithmetic, bitvectors, uninterpreted functions, arrays or combinations of theories are becoming increasingly important in various areas of hardware and software development and verification such as test pattern generation, equivalence checking, assertion based verification and model checking. In particular, the need for bit-precise reasoning is an important target for research into decision procedures. In this thesis we will describe work on creating an efficient decision procedure for Satisfiability Modulo the Theory of fixed-width bit-vectors, and how such a solver can be used in a real-world application. We will also introduce some extensions of the basic decision procedure allowing for optimisation, and compact representation of constraints in a SMT solver, showing how these can be succinctly and elegantly described as a theory allowing for the extension with minimal changes to SMT solvers.
Electronic Communication of The European Association of Software Science and Technology, Feb 27, 2012
Altarica is a language used to describe critical systems. In this paper we present a novel approa... more Altarica is a language used to describe critical systems. In this paper we present a novel approach to the analysis of Altarica models, based on a translation into an extended version of NuSMV. This approach opens up the possibility to carry out functional verification and safety assessment with symbolic techniques. An experimental evaluation on a set of industrial case studies demonstrates the advantages of the approach over currently available tools.
Formal Methods in System Design
In this paper, we consider the problem of model checking fair transition systems expressed symbol... more In this paper, we consider the problem of model checking fair transition systems expressed symbolically in the framework of Satisfiability Modulo Theories. This problem, referred to as Verification Modulo Theories, is tackled by combining two key elements from the legacy of Ed Clarke: SAT-based verification and abstraction refinement. We show how fundamental SAT-based algorithms have been lifted to deal with the extended expressiveness with a tight integration of abstraction within a CEGAR loop. In turn, the case of nonlinear theories is based on a CEGAR loop over the linear case. These two elements have also deeply impacted the development of the NuSMV model checker, born from a joint project between FBK and CMU, and its successor nuXmv, whose core integrates SMT-based techniques for VMT.
Theory and Applications of Satisfiability Testing – SAT 2018, 2018
Incremental linearization is a conceptually simple, yet effective, technique that we have recentl... more Incremental linearization is a conceptually simple, yet effective, technique that we have recently proposed for solving SMT problems over nonlinear real arithmetic constraints. In this paper, we show how the same approach can be applied successfully also to the harder case of nonlinear integer arithmetic problems. We describe in detail our implementation of the basic ideas inside the MathSAT SMT solver, and evaluate its effectiveness with an extensive experimental analysis over all nonlinear integer benchmarks in SMT-LIB. Our results show that Math-SAT is very competitive with (and often outperforms) state-of-the-art SMT solvers based on alternative techniques. This work was funded in part by the H2020-FETOPEN-2016-2017-CSA project SC 2 (712689). 3 In the following, we only consider quantifier-free theories, and we abuse the accepted notation by omitting the "QF " prefix in the names of the theories.
2018 20th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC), 2018
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a first-ord... more Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a first-order formula with respect to some theory or combination of theories. In this paper, we overview our recent approach called Incremental Linearization, which successfully tackles the problems of SMT over the theories of nonlinear arithmetic over the reals (NRA), nonlinear arithmetic over the integers (NIA) and their combination, and of NRA augmented with transcendental (exponential and trigonometric) functions (NTA). Moreover, we showcase some of the experimental results and outline interesting future directions.
Lecture Notes in Computer Science
Formal languages are increasingly used to describe the functional requirements of circuits. Altho... more Formal languages are increasingly used to describe the functional requirements of circuits. Although formal requirements can be hard to understand and subtle, they are seldom the object of verification. In this paper we present our requirement analysis tool, RAT. Our tool supports quality assurance of formal specifications. A designer can interactively explore the requirements' semantics and automatically check the specification against assertions (which must be satisfied) and possibilities (which describe allowed corner-case behavior). Using RAT, a designer can also investigate the realizability of a specification. RAT was successfully examined in several industrial projects.
ACM Transactions on Computational Logic, 2018
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a first-ord... more Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a first-order formula with respect to some theory or combination of theories; Verification Modulo Theories (VMT) is the problem of analyzing the reachability for transition systems represented in terms of SMT formulae. In this article, we tackle the problems of SMT and VMT over the theories of nonlinear arithmetic over the reals (NRA) and of NRA augmented with transcendental (exponential and trigonometric) functions (NTA). We propose a new abstraction-refinement approach for SMT and VMT on NRA or NTA, called Incremental Linearization . The idea is to abstract nonlinear multiplication and transcendental functions as uninterpreted functions in an abstract space limited to linear arithmetic on the rationals with uninterpreted functions. The uninterpreted functions are incrementally axiomatized by means of upper- and lower-bounding piecewise-linear constraints. In the case of transcendental functions, ...
Adaptive Agents and Multi-Agents Systems, May 9, 2016
Temporal Epistemic Logic is used to reason about the evolution of knowledge over time. A notable ... more Temporal Epistemic Logic is used to reason about the evolution of knowledge over time. A notable example is the temporal epistemic logic KL1, which is used to model what a reasoner can infer about the state of a dynamic system by using available observations. Applications of KL1 span from security (verification of cryptography protocols and information flow) to diagnostic systems (fault detection and diagnosability). In this paper, we tackle the verification of KL1 properties under observational semantics, by proposing an effective approach that is able to deal with both finite and infinite state systems. The denotation of the epistemic atoms is computed in a lazy way, driven by the counterexamples obtained from model checking an abstraction of the property. We analyze the approach on a comprehensive set of finite-and infinite-state benchmarks from the literature, evaluate the effectiveness of various optimizations, and demonstrate that our approach outperforms existing approaches.
Uploads
Papers by Alessandro Cimatti