SAT-based Induction for Temporal Safety Properties

The work presented in this paper addresses the challenge of fully verifying complex temporal properties on large RTL designs. Windowed induction has been proposed by Sheeran, Singh, and Stalmarck as a technique augmenting Bounded Model Checking for unbounded verification of safety properties. While induction proved to be quite effective for combinational properties, the case of temporal properties was not handled by previously known methods. We introduce explicit induction, a new induction scheme targeted to temporal properties, and to interactive development of inductive proofs. The innovative idea in explicit induction is to make the induction scheme an explicit part of the specification, where it can be easily controlled, using a highly expressive language like ForSpec. We show how explicit induction was implemented with minor modifications in the ForSpec compiler and in Thunder, a bounded model checker. Finally, we describe how explicit induction was used for verifying large control circuits with extensive feedback in the PentiumTM4 processor. The circuits verified by explicit induction are orders of magnitude larger than those verifiable by traditional model checking approaches.

[1]  Stephan Merz,et al.  Model Checking , 2000 .

[2]  Koen Claessen Induction and State Machines , 1999 .

[3]  Orna Kupferman,et al.  Model Checking of Safety Properties , 1999, Formal Methods Syst. Des..

[4]  Mary Sheeran,et al.  Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.

[5]  Ilan Beer,et al.  RuleBase: an industry-oriented formal verification tool , 1996, DAC '96.

[6]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[7]  Orna Kupferman,et al.  Model Checking of Safety Properties , 1999, CAV.

[8]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[9]  Armin Biere,et al.  Verifiying Safety Properties of a Power PC Microprocessor Using Symbolic Model Checking without BDDs , 1999, CAV.

[10]  Randal E. Bryant,et al.  Formal verification by symbolic evaluation of partially-ordered trajectories , 1995, Formal Methods Syst. Des..

[11]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[12]  Armando Tacchella,et al.  Benefits of Bounded Model Checking at an Industrial Setting , 2001, CAV.

[13]  E. Clarke,et al.  Symbolic model checking using SAT procedures instead of BDDs , 1999, Proceedings 1999 Design Automation Conference (Cat. No. 99CH36361).

[14]  Pierre Wolper,et al.  Reasoning About Infinite Computations , 1994, Inf. Comput..

[15]  C. Eisner,et al.  RuleBase: an industry-oriented formal verification tool , 1996, 33rd Design Automation Conference Proceedings, 1996.

[16]  E. Clarke,et al.  Verifying Safety Properties of a PowerPC TM 1 Microprocessor Using Symbolic Model Checking without BDDs , 1999 .