SMT-based model checkers, especially IC3-style ones, are currently the most effective techniques for verification of infinite state systems. They infer global inductive invariants via local reasoning about a single step of the transition relation of a system, while employing SMT-based procedures, such as interpolation, to mitigate the limitations of local reasoning and allow for better generalization. Unfortunately, these mitigations intertwine model checking with heuristics of the underlying SMT-solver, negatively affecting stability of model checking. In this paper, we propose to tackle the limitations of locality in a systematic manner. We introduce explicit global guidance into the local reasoning performed by IC3-style algorithms. To this end, we extend the SMT-IC3 paradigm with three novel rules, designed to mitigate fundamental sources of failure that stem from locality. We instantiate these rules for the theory of Linear Integer Arithmetic and implement them on top of SPACER solver in Z3. Our empirical results show that GSPACER, SPACER extended with global guidance, is significantly more effective than both SPACER and sole global reasoning, and, furthermore, is insensitive to interpolation.

中文翻译：

---

模型检查中局部泛化的全局指南

基于 SMT 的模型检查器，尤其是 IC3 样式的模型检查器，是目前验证无限状态系统的最有效技术。他们通过对系统转换关系的单个步骤进行局部推理来推断全局归纳不变量，同时采用基于 SMT 的程序（例如插值）来减轻局部推理的局限性并允许更好的泛化。不幸的是，这些缓解措施将模型检查与底层 SMT 求解器的启发式交织在一起，对模型检查的稳定性产生负面影响。在本文中，我们建议以系统的方式解决局部性的局限性。我们在 IC3 风格的算法执行的局部推理中引入了明确的全局指导。为此，我们用三个新规则扩展了 SMT-IC3 范式，旨在减轻源于局部性的基本故障源。我们为线性整数算术理论实例化这些规则，并在 Z3 中的 SPACER 求解器之上实现它们。我们的实证结果表明，用全局引导扩展的 GSPACER 比 SPACER 和单独的全局推理更有效，而且对插值不敏感。