Multiple-Counterexample Guided Iterative Abstraction Refinement: An Industrial Evaluation

In this paper, we describe a completely automated framework for iterative abstraction refinement that is fully integrated into a formal-verification environment. This environment consists of three basic software tools: Forecast, a BDD-based model checker, Thunder, a SAT-based bounded model checker, and MCE, a technology for multiple-counterexample analysis. In our framework, the initial abstraction is chosen relative to the property under verification. The abstraction is model checked by Forecast; in case of failure, a counter example is returned. Our framework includes an abstract counterexample analyzer module that applies techniques for bounded model checking to check whether the abstract counter example holds in the concrete model. If it does, it is extended to a concrete counter example. This important capability is provided as a separate tool that also addresses one of the major problems of verification by manual abstraction. If the counter example is spurious, we use a novel refinement heuristic based on MCE to guide the refinement. After the part of the abstract model to be refined is chosen, our refinement algorithm computes a new abstraction that includes as much logic as possible without adding too many new variables, therefore striking a balance between refining the abstraction and keeping its size manageable. We demonstrate the effectiveness of our framework on challenging Intel designs that were not amenable to BDD-based model-checking approaches.

[1]  D. R. Fulkerson,et al.  Maximal Flow Through a Network , 1956 .

[2]  Alberto L. Sangiovanni-Vincentelli,et al.  An Iterative Approach to Language Containment , 1993, CAV.

[3]  Ofer Strichman,et al.  SAT Based Abstraction-Refinement Using ILP and Machine Learning Techniques , 2002, CAV.

[4]  G. Hachtel,et al.  Tearing based automatic abstraction for CTL model checking , 1996, ICCAD 1996.

[5]  Moshe Y. Vardi,et al.  Prioritized Traversal: Efficient Reachability Analysis for Verification and Falsification , 2000, CAV.

[6]  Henrik Reif Andersen,et al.  Stepwise CTL Model Checking of State/Event Systems , 1999, CAV.

[7]  Avner Landver,et al.  The ForSpec Temporal Logic: A New Temporal Property-Specification Language , 2002, TACAS.

[8]  Stephan Merz,et al.  Model Checking , 2000 .

[9]  Orna Kupferman,et al.  Model Checking of Safety Properties , 1999, Formal Methods Syst. Des..

[10]  Pierre Wolper,et al.  An Automata-Theoretic Approach to Automatic Program Verification (Preliminary Report) , 1986, LICS.

[11]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[12]  Fabio Somenzi,et al.  Logic synthesis and verification algorithms , 1996 .

[13]  Moshe Y. Vardi An Automata-Theoretic Approach to Linear Temporal Logic , 1996, Banff Higher Order Workshop.

[14]  Abelardo Pardo,et al.  Tearing based automatic abstraction for CTL model checking , 1996, Proceedings of International Conference on Computer Aided Design.

[15]  Gila Kamhi,et al.  Efficient Debugging in a Formal Verification Environment , 2001, CHARME.

[16]  Jae-Young Jang,et al.  Iterative abstraction-based CTL model checking , 2000, DATE '00.

[17]  Vlad Rusu,et al.  On Proving Safety Properties by Integrating Static Analysis, Theorem Proving and Abstraction , 1999, TACAS.

[18]  Bela Bollobas,et al.  Graph theory , 1979 .

[19]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[20]  Armando Tacchella,et al.  Benefits of Bounded Model Checking at an Industrial Setting , 2001, CAV.

[21]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[22]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[23]  Balakrishnan Krishnamurthy,et al.  An Improved Min-Cut Algonthm for Partitioning VLSI Networks , 1984, IEEE Transactions on Computers.

[24]  Per Bjesse,et al.  Finding Bugs in an Alpha Microprocessor Using Satisfiability Solvers , 2001, CAV.

[25]  Jiang Long,et al.  Formal property verification by abstraction refinement with formal, simulation and hybrid engines , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[26]  Jiang Long,et al.  Smart simulation using collaborative formal and simulation engines , 2000, IEEE/ACM International Conference on Computer Aided Design. ICCAD - 2000. IEEE/ACM Digest of Technical Papers (Cat. No.00CH37140).

[27]  Daniel Geist,et al.  Symbolic Localization Reduction with Reconstruction Layering and Backtracking , 2002, CAV.

[28]  Kedar S. Namjoshi,et al.  Syntactic Program Transformations for Automatic Abstraction , 2000, CAV.

[29]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[30]  Abelardo Pardo,et al.  Incremental CTL model checking using BDD subsetting , 1998, Proceedings 1998 Design and Automation Conference. 35th DAC. (Cat. No.98CH36175).

[31]  Abelardo Pardo,et al.  Automatic Abstraction Techniques for Propositional µ-calculus Model Checking , 1997, CAV.

[32]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[33]  David L. Dill,et al.  Counterexample-guided choice of projections in approximate symbolic model checking , 2000, IEEE/ACM International Conference on Computer Aided Design. ICCAD - 2000. IEEE/ACM Digest of Technical Papers (Cat. No.00CH37140).

[34]  R. Rudell Dynamic variable ordering for ordered binary decision diagrams , 1993, Proceedings of 1993 International Conference on Computer Aided Design (ICCAD).

[35]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[36]  Faron Moller Logics for concurrency: structure versus automata , 1996, CSUR.