Skip to content
zafer-esen edited this page Sep 16, 2025 · 4 revisions

TriCera [1] is an automated, open-source verification tool for C programs based on the concept of Constrained Horn Clauses (CHCs). In order to handle programs operating on heap, TriCera applies a novel theory of heaps [2], which enables the tool to hand off most of the required heap reasoning directly to the underlying CHC solver.

TriCera has a web interface with many examples.

What inputs are supported?

A large subset of C (2011), extended with features that are useful for verification.

What properties can be verified?

TriCera attempts to verify both implicit and explicit safety properties. Explicit properties are specified using assert and assume statements, or through ACSL-style contracts.

Implicitly, TriCera attempts to verify several memory-safety properties:

  • all pointer-dereferences are checked for type safety,
  • array accesses are checked to be within array bounds,
  • (optionally) memory leaks are detected by ensuring all allocated memory on the heap is freed at program exit.

TriCera was recently extended [3] to support more expressive properties: sum, max, min and univeral / existential properties over arrays. This work is not on the main branch of TriCera yet; however support is planned.

What are the tool’s main techniques for the supported (input, property) pairs?

TriCera translates (input, property) pairs into a set of Constrained Horn Clauses (CHCs). The output is then processed and solved by a CHC solver, such as Eldarica [4] or Spacer [5]. These CHC solvers, when they do not time out, return either sat / unsat accompanied by either a solution or a counterexample. A solution contains all program invariants, and a counterexample is a trace through the program leading to the violated property (i.e., assertion).

The CHCs produced by TriCera can be printed in the standard SMT-LIB format, or in Prolog.

TriCera supports automatic inference of function contracts and loop invariants, and can print these in ACSL syntax.

What external tools are used? (e.g., compilers, SMT solvers)

TriCera uses Eldarica as its main CHC solver by default; however, any CHC solver that supports the used theories can be used on the CHCs produced by TriCera.

What is the tool’s URL?

https://github.com/uuverifiers/tricera

TriCera also has a web interface.

Examples

Many examples can be found on TriCera's web interface. Please note that the web interface currently does not display inferred contracts.

There are also slides available online about TriCera from [1].

While these examples can be explored online, the -acsl and -inv options (used to view inferred ACSL annotations and invariants) are currently only available when running TriCera from the command line. Support for these options is also planned to be added to the web interface in a future update.

Other relevant information

TriCera uses the currently non-standard theory of heaps [2] in its output CHCs. The external tool heap2array can be used to translate its output to a standard one that uses the theory of arrays. This allows other CHC solvers that do not support the theory of heaps to be used by TriCera.

References

[1] Zafer Esen, Philipp Rümmer, "Tricera: Verifying C Programs Using the Theory of Heaps", FMCAD 2022: 380-391.

[2] Zafer Esen, Philipp Rümmer, "An SMT-LIB Theory of Heaps", SMT 2022: 38-53

[3] Jesper Amilon, Zafer Esen, Dilian Gurov, Christian Lidström, Philipp Rümmer, "Automatic Program Instrumentation for Automatic Verification", CAV 2023: 281-304.

[4] Hossein Hojjat, Philipp Rümmer, "The ELDARICA Horn Solver", FMCAD 2018:1-7

[5] Anvesh Komuravelli, Arie Gurfinkel, Sagar Chaki, Edmund M. Clarke, "Automatic Abstraction in SMT-Based Unbounded Software Model Checking", CAV 2013: 846-862

Clone this wiki locally