Bounded model checking

Symbolic model checking with Binary Decision Diagrams (BDDs) has been successfully used in the last decade for formally verifying finite state systems such as sequential circuits and protocols. Since its introduction in the beginning of the 90's, it has been integrated in the quality assurance process of several major hardware companies. The main bottleneck of this method is that BDDs may grow exponentially, and hence the amount of available memory re- stricts the size of circuits that can be verified efficiently. In this article we survey a technique called Bounded Model Checking (BMC), which uses a propositional SAT solver rather than BDD manipulation techniques. Since its introduction in 1999, BMC has been well received by the industry. It can find many logical er- rors in complex systems that can not be handled by competing techniques, and is therefore widely perceived as a complementary technique to BDD-based model checking. This observation is supported by several independent comparisons that have been published in the last few years.

[1]  Ilkka Niemelä,et al.  Bounded LTL model checking with stable models , 2003, Theory Pract. Log. Program..

[2]  Karem A. Sakallah,et al.  SAT-based sequential depth computation , 2003, ASP-DAC '03.

[3]  Mary Sheeran,et al.  Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.

[4]  Piergiorgio Bertoli,et al.  A SAT Based Approach for Solving Formulas over Boolean and Linear Mathematical Propositions , 2002, CADE.

[5]  Bart Selman,et al.  Planning as Satisfiability , 1992, ECAI.

[6]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[7]  Ofer Shtrichman Pruning Techniques for the SAT-Based Bounded Model Checking Problem , 2001 .

[8]  Mary Sheeran,et al.  A Tutorial on Stålmarck's Proof Procedure for Propositional Logic , 2000, Formal Methods Syst. Des..

[9]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[10]  Arne Borälv,et al.  The Industrial Success of Verification Tools Based on Stålmarck's Method , 1997, CAV.

[11]  Bart Selman,et al.  Pushing the Envelope: Planning, Propositional Logic and Stochastic Search , 1996, AAAI/IAAI, Vol. 2.

[12]  Joonyoung Kim,et al.  SATIRE: A new incremental satisfiability engine , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[13]  Per Bjesse,et al.  Finding Bugs in an Alpha Microprocessor Using Satisfiability Solvers , 2001, CAV.

[14]  Hilary Putnam,et al.  A Computing Procedure for Quantification Theory , 1960, JACM.

[15]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[16]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[17]  Hantao Zhang,et al.  SATO: An Efficient Propositional Prover , 1997, CADE.

[18]  Olivier Coudert,et al.  A unified framework for the formal verification of sequential circuits , 1990, 1990 IEEE International Conference on Computer-Aided Design. Digest of Technical Papers.

[19]  Jan Krajícek,et al.  Interpolation theorems, lower bounds for proof systems, and independence results for bounded arithmetic , 1997, Journal of Symbolic Logic.

[20]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[21]  Gianpiero Cabodi,et al.  Exploiting Target Enlargement and Dynamic Abstraction within Mixed BDD and SAT Invariant Checking , 2005, BMC@CAV.

[22]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[23]  Pierre Wolper,et al.  Reasoning About Infinite Computations , 1994, Inf. Comput..

[24]  A. Kuehlmann Dynamic transition relation simplification for bounded property checking , 2004, ICCAD 2004.

[25]  Armin Biere,et al.  Simple Bounded LTL Model Checking , 2004, FMCAD.

[26]  Ofer Strichman,et al.  SAT Based Abstraction-Refinement Using ILP and Machine Learning Techniques , 2002, CAV.

[27]  Koen Claessen,et al.  SAT-Based Verification without State Space Traversal , 2000, FMCAD.

[28]  William Craig,et al.  Linear reasoning. A new form of the Herbrand-Gentzen theorem , 1957, Journal of Symbolic Logic.

[29]  E. Clarke,et al.  Symbolic model checking using SAT procedures instead of BDDs , 1999, Proceedings 1999 Design Automation Conference (Cat. No. 99CH36361).

[30]  Ilkka Niemelä,et al.  Logic programs with stable model semantics as a constraint programming paradigm , 1999, Annals of Mathematics and Artificial Intelligence.

[31]  Armin Biere,et al.  A satisfiability procedure for quantified Boolean formulae , 2003, Discret. Appl. Math..

[32]  G. Stålmarck,et al.  Modeling and Verifying Systems and Software in Propositional Logic , 1990 .

[33]  Armin Biere,et al.  Verifiying Safety Properties of a Power PC Microprocessor Using Symbolic Model Checking without BDDs , 1999, CAV.

[34]  Malay K. Ganai,et al.  Robust Boolean reasoning for equivalence checking and functional property verification , 2002, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[35]  Armando Tacchella,et al.  Benefits of Bounded Model Checking at an Industrial Setting , 2001, CAV.

[36]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[37]  Ofer Shtrichman Tuning SAT Checkers for Bounded Model Checking , 2000, CAV 2000.

[38]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[39]  Edmund M. Clarke,et al.  Another Look at LTL Model Checking , 1994, Formal Methods Syst. Des..

[40]  Marco Schaerf,et al.  An Algorithm to Evaluate Quantified Boolean Formulae , 1998, AAAI/IAAI.

[41]  Harald Ruess,et al.  Bounded Model Checking and Induction: From Refutation to Verification (Extended Abstract, Category A) , 2003, CAV.

[42]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[43]  Ilkka Niemelä,et al.  BMC via on-the-fly determinization , 2003, Electron. Notes Theor. Comput. Sci..

[44]  Pierre Wolper,et al.  Reasoning about infinite computation paths , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[45]  Joël Ouaknine,et al.  Completeness and Complexity of Bounded Model Checking , 2004, VMCAI.

[46]  Joao Marques-Silva,et al.  GRASP: A Search Algorithm for Propositional Satisfiability , 1999, IEEE Trans. Computers.

[47]  Niklas Sörensson,et al.  Temporal induction by incremental SAT solving , 2003, BMC@CAV.

[48]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[49]  C. A. J. van Eijk,et al.  Sequential equivalence checking without state space traversal , 1998, DATE.

[50]  Donald W. Loveland,et al.  A machine program for theorem-proving , 2011, CACM.

[51]  Viktor Schuppan,et al.  Efficient reduction of finite state model checking to reachability analysis , 2004, International Journal on Software Tools for Technology Transfer.

[52]  Keijo Heljanko,et al.  Bounded Reachability Checking with Process Semantics , 2001, CONCUR.

[53]  Sharad Malik,et al.  Validating SAT solvers using an independent resolution-based checker: practical implementations and other applications , 2003, 2003 Design, Automation and Test in Europe Conference and Exhibition.

[54]  Joao Marques-Silva,et al.  GRASP-A new search algorithm for satisfiability , 1996, Proceedings of International Conference on Computer Aided Design.

[55]  Andreas Kuehlmann,et al.  Equivalence checking using cuts and heaps , 1997, DAC.

[56]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[57]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[58]  Jacob A. Abraham,et al.  Property Checking via Structural Analysis , 2002, CAV.

[59]  Doron A. Peled Combining Partial Order Reductions with On-the-fly Model-Checking , 1994, CAV.

[60]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[61]  Kenneth L. McMillan,et al.  Automatic Abstraction without Counterexamples , 2003, TACAS.

[62]  Gilles Audemard,et al.  Bounded Model Checking for Timed Systems , 2002, FORTE.

[63]  Timo Soininen,et al.  Extending and implementing the stable model semantics , 2000, Artif. Intell..

[64]  Kenneth L. McMillan An interpolating theorem prover , 2005, Theor. Comput. Sci..

[65]  Kenneth L. McMillan,et al.  Applying SAT Methods in Unbounded Symbolic Model Checking , 2002, CAV.

[66]  Parosh Aziz Abdulla,et al.  Symbolic Reachability Analysis Based on SAT-Solvers , 2000, TACAS.

[67]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[68]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[69]  M. Ganai,et al.  Efficient SAT-based unbounded symbolic model checking using circuit cofactoring , 2004, ICCAD 2004.

[70]  Joao Marques-Silva,et al.  The Impact of Branching Heuristics in Propositional Satisfiability Algorithms , 1999, EPIA.

[71]  Simon L. Peyton Jones,et al.  Imperative functional programming , 1993, POPL '93.

[72]  Viktor Schuppan,et al.  Liveness Checking as Safety Checking , 2002, FMICS.