Theory-Aided Model Checking of Concurrent Transition Systems Supplementary Material

A derivation tree consists of nodes containing sets of assertions. The root node contains an initial set of assertions and each non-leaf node is labeled by a derivation rule used to derive the children of the node from the node itself. The derivation rules used by the T S solver give rise to a sequence of derivation trees (called a derivation). The initial tree in the derivation contains only a single node with the initial set of assertions. Each subsequent tree in the sequence is obtained from its predecessor by the application of a derivation rule to one of the predecessor’s leaves. A branch terminating with a leaf consisting of the value ⊥ is called a closed branch; if all branches are closed, we say that the derivation tree is closed. A derivation culminating with a closed derivation tree indicates that the initial set of assertions is unsatisfiable. A derivation that leads to a derivation tree containing a leaf node that is not ⊥ and to which no derivation rule can be applied indicates that the initial set of assertions is satisfiable. When such a tree is produced, the derivation terminates. We now describe the actual derivation rules used by the theory. The first rule, used to initiate the traversal of the state space, is the Start rule: