Coverage in interpolation-based model checking

Coverage is a means to quantify the quality of a system specification, and is frequently applied to assess progress in system validation. Coverage is a standard measure in testing, but is very difficult to compute in the context of formal verification. We present efficient algorithms for identifying those parts of the system that are covered by a given property. Our algorithm is integrated into state-of-the-art SAT-based Model Checking using Craig interpolation. The key insight of our algorithm is to re-use previously computed inductive invariants and counterexamples. This re-use permits a quick conclusion of the vast majority of tests, and enables the computation of a coverage measure with 96% accuracy with only 5x the runtime of the Model Checker.

[1]  Orna Kupferman,et al.  Sanity Checks in Formal Verification , 2006, CONCUR.

[2]  Rolf Drechsler,et al.  Estimating Functional Coverage in Bounded Model Checking , 2007, 2007 Design, Automation & Test in Europe Conference & Exhibition.

[3]  Harry Foster,et al.  Principles of verifiable RTL design - a functional coding style supporting verification processes in Verilog , 2000 .

[4]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[5]  Sanjit A. Seshia,et al.  A Theory of Mutations with Applications to Vacuity, Coverage, and Fault Tolerance , 2008, 2008 Formal Methods in Computer-Aided Design.

[6]  Robert P. Kurshan,et al.  A Practical Approach to Coverage in Model Checking , 2001, CAV.

[7]  William Craig,et al.  Linear reasoning. A new form of the Herbrand-Gentzen theorem , 1957, Journal of Symbolic Logic.

[8]  Timothy Kam,et al.  Coverage estimation for symbolic model checking , 1999, DAC '99.

[9]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[10]  Ansuman Banerjee,et al.  Formal methods for analyzing the completeness of an assertion suite against a high-level fault model , 2005, 18th International Conference on VLSI Design held jointly with 4th International Conference on Embedded Systems Design.

[11]  Stephan Merz,et al.  Model Checking , 2000 .

[12]  Koen Claessen A Coverage Analysis for Safety Property Lists , 2007, Formal Methods in Computer Aided Design (FMCAD'07).

[13]  Edmund M. Clarke,et al.  Efficient generation of counterexamples and witnesses in symbolic model checking , 1995, DAC '95.

[14]  Daniel Kroening,et al.  Interpolant Strength , 2010, VMCAI.

[15]  Orna Kupferman,et al.  Coverage metrics for formal verification , 2003, International Journal on Software Tools for Technology Transfer.

[16]  Orna Kupferman,et al.  Coverage metrics for temporal logic model checking* , 2001, Formal Methods Syst. Des..

[17]  Kurt Keutzer,et al.  Coverage Metrics for Functional Validation of Hardware Designs , 2001, IEEE Des. Test Comput..

[18]  Orna Kupferman,et al.  Coverage of Implementations by Simulating Specifications , 2002, IFIP TCS.

[19]  Rolf Drechsler,et al.  Estimating functional coverage in bounded model checking , 2007 .