Skip to content

feat(symbolic): k-induction, IC3/CHC, smart mode, set ops, strings, traces#8

Merged
danwt merged 1 commit intomainfrom
danwt/claude/symbolic-mc-phase2
Feb 12, 2026
Merged

feat(symbolic): k-induction, IC3/CHC, smart mode, set ops, strings, traces#8
danwt merged 1 commit intomainfrom
danwt/claude/symbolic-mc-phase2

Conversation

@danwt
Copy link
Owner

@danwt danwt commented Feb 12, 2026

Summary

Complete symbolic model checking phase 2, adding all remaining verification modes and encoding capabilities:

  • Set operations (union/intersect/diff/subset) for ExplodedSet encoding — enables TwoPhaseCommit
  • String variable encoding via string table interning — enables TCommit_Simple
  • Const-dependent type inference from AST type expressions (resolves 0..MAX when MAX is a const)
  • k-induction (--k-induction K): base case BMC + K-step inductive strengthening
  • IC3/CHC (--ic3): unbounded verification via Z3's Spacer engine, using raw z3-sys fixedpoint API with explicit forall quantification
  • Smart mode (--smart): automatic strategy cascade (induction → k-induction K=2..5 → IC3 → BMC)
  • Trace action identification: counterexample traces now show which action fired at each step
  • Fix: k-induction CTI correctly returns Unknown instead of InvariantViolation

Verification

  • All 119 existing tests pass
  • cargo fmt --check clean, zero warnings on specl-symbolic
  • Counter: verified by all modes (inductive, k-induction K=3, IC3, smart)
  • TCommit_Simple: verified by inductive, k-induction K=2, IC3, smart
  • TwoPhaseCommit (MAX_RM=1): verified by BMC depth 5, IC3, smart(IC3)
  • ProcessStates: verified by IC3

Test plan

  • cargo test --workspace --exclude specl-tla — 119 tests pass
  • cargo fmt --check — clean
  • Counter: --k-induction 3, --ic3, --smart all OK
  • TCommit_Simple: --ic3, --smart all OK
  • TwoPhaseCommit: --symbolic --depth 5, --ic3, --smart all OK
  • Trace action identification shows correct action names with parameters

🤖 Generated with Claude Code

@danwt @claude
claude: feat(symbolic): add k-induction, IC3/CHC, smart mode, set ops…
9d1398b 
…, strings, traces

Complete symbolic model checking phase 2:

- Set operations: union/intersect/diff/subset for ExplodedSet encoding.
  Enables TwoPhaseCommit verification.
- String variable encoding: intern string literals as bounded integers
  via a string table. Enables TCommit_Simple verification.
- Const-dependent type inference: resolve 0..MAX ranges from AST
  type expressions when the type checker compiles them to bare Int.
- k-induction: base case (BMC to depth K) + inductive step with K
  consecutive states. CLI: --k-induction K
- IC3/CHC: unbounded verification via Z3's Spacer engine using raw
  z3-sys fixedpoint API with explicit forall quantification.
  CLI: --ic3
- Smart mode: automatic strategy cascade (induction -> k-induction
  K=2..5 -> IC3 -> BMC fallback). CLI: --smart
- Trace action identification: counterexample traces now show which
  action (with parameters) fired at each step.
- Fix: k-induction inductive step failure (CTI) returns Unknown,
  not InvariantViolation.

New files: k_induction.rs, fixedpoint.rs, ic3.rs, smart.rs
Dependencies: z3-sys 0.10.4, specl-syntax (for AST type expressions)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@danwt danwt merged commit 4aa886e into main Feb 12, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@danwt