Global Guidance for Local Generalization in Model Checking

TL;DR

This paper introduces a systematic method to enhance local reasoning in SMT-based model checking by integrating explicit global guidance, significantly improving effectiveness and stability in verifying infinite state systems.

Contribution

The paper proposes three novel rules for global guidance in IC3-style algorithms, extending the SMT-IC3 paradigm and implementing them in the SPACER solver.

Findings

GSPACER outperforms SPACER and global reasoning alone in effectiveness.

GSPACER is insensitive to interpolation, unlike previous methods.

The approach improves stability and success rate in model checking.

Abstract

SMT-based model checkers, especially IC3-style ones, are currently the most effective techniques for verification of infinite state systems. They infer global inductive invariants via local reasoning about a single step of the transition relation of a system, while employing SMT-based procedures, such as interpolation, to mitigate the limitations of local reasoning and allow for better generalization. Unfortunately, these mitigations intertwine model checking with heuristics of the underlying SMT-solver, negatively affecting stability of model checking. In this paper, we propose to tackle the limitations of locality in a systematic manner. We introduce explicit global guidance into the local reasoning performed by IC3-style algorithms. To this end, we extend the SMT-IC3 paradigm with three novel rules, designed to mitigate fundamental sources of failure that stem from locality. We instantiate these rules for the theory of Linear Integer Arithmetic and implement them on top of SPACER solver in Z3. Our empirical results show that GSPACER, SPACER extended with global guidance, is significantly more effective than both SPACER and sole global reasoning, and, furthermore, is insensitive to interpolation.