MCMT: Model Checker Modulo Theories

Last Release: version 2.8 -- Last Update: 11/07/2018

MCMT is a model checker for infinite state systems based on the integration of Satisfiability Modulo Theories (SMT) solving and backward reachability. In its actual implementation, MCMT is capable of model checking invariant (safety) properties of a large class of infinite state systems called array-based systems.

Download

MCMT is distributed "as is" without warranty of any kind; it is free for non-commercial use. It is possible to download the executables for Linux (both 32/64 bit) together with some examples. The executables for the old versions 2.5.2, 2.0 and 1.1.1 are still here, here and here.

Instructions

You can run MCMT via command line; for detailed explanations, please, have a look at the User Manual. MCMT must be linked to the SMT solver Yices.

Experiments

We run MCMT on various examples: parametrized mutual exclusion and cache coherence protocols, timed systems, imperative programs, etc. These experiments show the great flexibility of the tool. All the files for these examples are included in the distribution (in each file, a brief description of the source and the meaning of the example is supplied). Table with experimental statistics (concerning the old version 1.0) are available here. Further case studies have been analyzed:

  • Parameterized Timed Systems: some benchmarks in this area (Fischer mutual exclusion, csma, etc.) are available in the distribution;

  • Mutual exclusion, deadlock freedom and waiting time bounds for Fischer and Lynch-Shavit algorithms: see the related paper here;

  • Fault Tolerant Systems: reliable broadcast algorithms from Chandra-Toueg papers have been studied with MCMT; see here and here for more information;

  • ARP Internet protocol: the protocol, as well as known attacks, has been analyzed with MCMT, see here for more information;

  • Imperative programs: these benchmarks concern standard functions on strings and unbounded arrays (like copying, comparing, searching, etc.) where the abstraction and acceleration features of version 2.0 are exploited; benchmarks files are available in the distribution.

  • Database driven systems: these benchmarks are supported in the new version 2.8 (see the User Manual and the benchmarks in the distribution).

Related Tools

The tools ArCa and ArCa_Sat analyze model-checking and satisfiability problems involving arrays and cardinality constraints; see here for more information. The prototype ArCa_Sim produces counters simulations for such problems, click here for download.

The tool Booster is an integrated framework: it supplies a front-end to a C fragment and is able to run different copies of MCMT, trying in parallel the most promising settings. Booster is recommended for people interested in software model checking applications (contact T. Alberti for more information).

The tool ASASP analyzes security access policies within the model checking modulo theories framework. SAFARI (no longer maintained) is a re-implementation of MCMT, comprising abstraction/refinement capabilities. Cubicle implements the array-based MCMT framework in a parallel architecture.

Aknowledgements

The tool is currently developed and maintained by Silvio Ghilardi. Other people were involved in the history of the tool. Silvio Ranise was part of the MCMT project since the very beginning, co-founded it and contributed to it until he left for an FBK position. Thanks are due to R. Bruttomesso and F. Alberti for various help in the developement of past versions of the tool.

Main Publications