HomuSat is a fully-automated tool for HFL model checking. HFL model checking is the problem of deciding whether a given finite-state labeled transition system (LTS) satisfies a given formula of higher-order modal fixpoint logic (HFL).
OCaml version >= 4.04.0
For compilation, just type:
$ make
OCamlMakefile (included) will hopefully take care of everything needed.
Execution with a specific input file can be done by either of the commands below:
$ ./homusat < [filename]
$ ./homusat -f [filename]
Below is an example input file:
%HES
S =_\nu <a>(F (<b>S));
F =_\mu \lambda X. X \lor <c>S \lor <a>(F (<b>X));
%LTS
initial state: q0
transitions:
q0 c -> q0.
q0 a -> q1.
q1 b -> q2.
q2 a -> q0.
In an input file, please specify an HFL formula that expresses the property you want to check in the form of an HES under the label %HES. An HES is expressed as a sequence of fixpoint equations separated by ;. A fixpoint equation is an equation of the form F =_x φ, where F is a left-hand side variable, x is a fixpoint operator (either \mu or \nu), and φ is an HFL formula. To specify a right-hand side formula φ, you can use variables (a sequence of alphabets), constants (\true and \false), logical connectives (\lor and \land), modal operators (<a>φ and [a]φ), and lambda abstractions (\lambda X.φ).
An LTS is specified under the label %LTS by an initial state and a (possibly empty) sequence of transitions. Transitions should be separated by periods. Each transition p a -> q expresses that there is an edge from the state p to the state q with the label (action) a.
You can write comments in C-style (that is, in the form of either //... or /*...*/).
You can find various input files under the directory bench. The benchmark problems used in the experiments in our APLAS 2019 paper are found in bench/exp.
-
-v [n]: set verbosity level ton(default value is0) -
-f [s]: set input file name tos(stdin is used by default) -
-t [f]: set time-out tofseconds (default value is10.0) -
-l [n]: set maximum loop count ton(default value is1,000,000) -
-d: enable debug mode (give each variable a unique display name)
See the main developer's fork for the latest (but possibly unstable) version.