Dartagnan is a tool to check state reachability under weak memory models.
- Maven 3.8 or above
- Java 17 or above
- Clang (only to verify C programs)
- Graphviz (only if option
--witness=pngis used)
Docker
The docker contains everything pre-installed to run the tool.
- Build the container:
docker build . -t dartagnan
- Run the container:
docker run -w /home/Dat3M -it dartagnan /bin/bash
From Sources
Set Dat3M's home and the folder to generate output files (the output folder can be something different)
export DAT3M_HOME=<Dat3M's root>
export DAT3M_OUTPUT=$DAT3M_HOME/output
If you are verifying C code, be sure clang is in your PATH.
To build the tool run
mvn clean install -DskipTests
Dartagnan comes with a user interface (not available from the docker container) where it is easy to import, export and modify both the program and the memory model and select the options for the verification engine (see below). You can start the user interface by running
java -jar ui/target/ui.jar
Dartagnan supports programs written in the .c, .litmus formats.
There are three possible results for the verification:
FAIL: the property was violated.PASS: loops have been fully unrolled and the property satisfied.UNKNOWN: no violation was found, but loops have not been fully unrolled (you need to increase the unrolling bound).
You can also run Dartagnan from the console:
java -jar dartagnan/target/dartagnan.jar <CAT file> [--target=<arch>] <program file> [options]
For programs written in .c, value <arch> specifies the programming language or architectures to which the program will be compiled. For programs written in .litmus format, if the --target option is not given, Dartagnan will automatically extract the <arch> from the litmus test header. <arch> must be one of the following:
- c11
- lkmm
- imm
- tso
- power
- arm8
- riscv
- ptx
- vulkan
- opencl
The target architecture is supposed to match (this is responsibility of the user) the intended weak memory model specified by the CAT file.
Further options can be specified using --<option>=<value>. Common options include:
bound: unrolling bound for the BMC (default is 1).property: the properties to be checked. Possible values areprogram_spec(e.g, safety properties as program assertions),termination(i.e., all loops terminate),cat_spec(e.g., data races as specified in the cat file). Default isprogram_spec,cat_spec,termination.solver: specifies which SMT solver to use as a backend. Since we use JavaSMT, several SMT solvers are supported depending on the OS and the used SMT logic (default is Z3).method: specifies which solving method to use. Optionlazy(the default one) uses a customized solver for memory consistency. Optioneagersolves a monolithic formula using SMT solving.
Dartagnan supports input non-determinism using the SVCOMP command __VERIFIER_nondet_X.
You can set up specific bounds for individual loops in the C code by annotating the loop with __VERIFIER_loop_bound(...). For example,
__VERIFIER_loop_bound(2);
while(1) {
...
}
will unroll this loop twice and use the bound passed to the --bound option for all other loops.
Maintainer:
Developers:
Former Developers:
- Florian Furbach
Please feel free to contact us in case of questions or to send feedback.
- Gold and Silver Medal @ SVCOMP 2025
- Gold Medal (x2) @ SVCOMP 2024
- Gold Medal @ SVCOMP 2023
- Distinguished Paper @ OOPSLA 2022
[1] Hernán Ponce de León, Florian Furbach, Keijo Heljanko, Roland Meyer: Portability Analysis for Weak Memory Models. PORTHOS: One Tool for all Models. SAS 2017.
[2] Hernán Ponce de León, Florian Furbach, Keijo Heljanko, Roland Meyer: BMC with Memory Models as Modules. FMCAD 2018.
[3] Natalia Gavrilenko, Hernán Ponce de León, Florian Furbach, Keijo Heljanko, Roland Meyer: BMC for Weak Memory Models: Relation Analysis for Compact SMT Encodings. CAV 2019.
[4] Hernán Ponce de León, Florian Furbach, Keijo Heljanko, Roland Meyer: Dartagnan: Bounded Model Checking for Weak Memory Models (Competition Contribution). TACAS 2020.
[5] Hernán Ponce de León, Thomas Haas, Roland Meyer: Dartagnan: Leveraging Compiler Optimizations and the Price of Precision (Competition Contribution). TACAS 2021.
[6] Hernán Ponce de León, Thomas Haas, Roland Meyer: Dartagnan: SMT-based Violation Witness Validation (Competition Contribution). TACAS 2022.
[7] Thomas Haas, Roland Meyer, Hernán Ponce de León: CAAT: Consistency as a Theory. OOPSLA 2022.
[8] Thomas Haas, René Maseli, Roland Meyer, Hernán Ponce de León: Static Analysis of Memory Models for SMT Encodings. OOPSLA 2023.