Checking Safety by Inductive Generalization of Counterexamples to Induction

Scaling verification to large circuits requires some form of abstraction relative to the asserted property. We describe a safety analysis of finite-state systems that generalizes from counterexamples to the inductiveness of the safety specification to inductive invariants. It thus abstracts the system's state space relative to the property. The analysis either strengthens a safety specification to be inductive or discovers a counterexample to its correctness. The analysis is easily made parallel. We provide experimental data showing how the analysis time decreases with the number of processes on several hard problems.

[1]  Andreas Zeller,et al.  Yesterday, my program worked. Today, it does not. Why? , 1999, ESEC/FSE-7.

[2]  Mary Sheeran,et al.  Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.

[3]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[4]  Kenneth L. McMillan,et al.  Automatic Abstraction without Counterexamples , 2003, TACAS.

[5]  Zohar Manna,et al.  Verification Constraint Problems with Strengthening , 2006, ICTAC.

[6]  Fabio Somenzi,et al.  Automatic invariant strengthening to prove properties in bounded model checking , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[7]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[8]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[9]  Harald Ruess,et al.  Bounded Model Checking and Induction: From Refutation to Verification (Extended Abstract, Category A) , 2003, CAV.

[10]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[11]  Fabio Somenzi,et al.  Prime clauses for fast enumeration of satisfying assignments to Boolean circuits , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[12]  A. Tarski A LATTICE-THEORETICAL FIXPOINT THEOREM AND ITS APPLICATIONS , 1955 .

[13]  Daniel Kroening,et al.  Word level predicate abstraction and refinement for verifying RTL Verilog , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[14]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[15]  Moshe Y. Vardi,et al.  SAT-based Induction for Temporal Safety Properties , 2005, BMC@CAV.

[16]  Michael S. Hsiao,et al.  Fast illegal state identification for improving SAT-based induction , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[17]  Kenneth L. McMillan,et al.  Applying SAT Methods in Unbounded Symbolic Model Checking , 2002, CAV.

[18]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.