Bounded model checking

Symbolic model checking with Binary Decision Diagrams (BDDs) has been successfully used in the last decade for formally verifying finite state systems such as sequential circuits and protocols. Since its introduction in the beginning of the 90’s, it has been integrated in the quality assurance process of several major hardware companies. The main bottleneck of this method is that BDDs may grow exponentially, and hence the amount of available memory restricts the size of circuits that can be verified efficiently. In this article we survey a technique called Bounded Model Checking (BMC), which uses a propositional SAT solver rather than BDD manipulation techniques. Since its introduction in 1999, BMC has been well received by the industry. It can find many logical errors in complex systems that can not be handled by competing techniques, and is therefore widely perceived as a complementary technique to BDD-based model checking. This observation is supported by several independent comparisons that have been published in the last few years.

[1]  Pierre Wolper,et al.  Reasoning about infinite computation paths , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[2]  Czech Republickrajicek Interpolation Theorems, Lower Bounds for Proof Systems, and Independence Results for Bounded Arithmetic , 2007 .

[3]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[4]  Arne Borälv,et al.  The Industrial Success of Verification Tools Based on Stålmarck's Method , 1997, CAV.

[5]  Joao Marques-Silva,et al.  GRASP: A Search Algorithm for Propositional Satisfiability , 1999, IEEE Trans. Computers.

[6]  Robert K. Brayton,et al.  DAG-aware AIG rewriting: a fresh look at combinational logic synthesis , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[7]  Per Bjesse,et al.  Finding Bugs in an Alpha Microprocessor Using Satisfiability Solvers , 2001, CAV.

[8]  Marco Bozzano,et al.  Verifying Industrial Hybrid Systems with MathSAT , 2005, BMC@CAV.

[9]  Hantao Zhang,et al.  SATO: An Efficient Propositional Prover , 1997, CADE.

[10]  David A. Basin,et al.  QUBOS: Deciding Quantified Boolean Logic Using Propositional Satisfiability Solvers , 2002, FMCAD.

[11]  Niklas Sörensson,et al.  Temporal induction by incremental SAT solving , 2003, BMC@CAV.

[12]  Martin Fränzle,et al.  Efficient Proof Engines for Bounded Model Checking of Hybrid Systems , 2005, FMICS.

[13]  Joël Ouaknine,et al.  Completeness and Complexity of Bounded Model Checking , 2004, VMCAI.

[14]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[15]  Stephan Merz,et al.  Model Checking , 2000 .

[16]  Christoph Scholl,et al.  Advanced Unbounded Model Checking Based on AIGs, BDD Sweeping, And Quantifier Scheduling , 2006, 2006 Formal Methods in Computer Aided Design.

[17]  Ofer Shtrichman Pruning Techniques for the SAT-Based Bounded Model Checking Problem , 2001 .

[18]  Marco Schaerf,et al.  An Algorithm to Evaluate Quantified Boolean Formulae , 1998, AAAI/IAAI.

[19]  Ilkka Niemelä,et al.  BMC via on-the-fly determinization , 2003, Electron. Notes Theor. Comput. Sci..

[20]  Kenneth L. McMillan,et al.  Applying SAT Methods in Unbounded Symbolic Model Checking , 2002, CAV.

[21]  Parosh Aziz Abdulla,et al.  Symbolic Reachability Analysis Based on SAT-Solvers , 2000, TACAS.

[22]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[23]  Ilkka Niemelä,et al.  Bounded LTL model checking with stable models , 2001, Theory and Practice of Logic Programming.

[24]  Sharad Malik,et al.  Validating SAT solvers using an independent resolution-based checker: practical implementations and other applications , 2003, 2003 Design, Automation and Test in Europe Conference and Exhibition.

[25]  Hilary Putnam,et al.  A Computing Procedure for Quantification Theory , 1960, JACM.

[26]  Joonyoung Kim,et al.  On solving stack-based incremental satisfiability problems , 2000, Proceedings 2000 International Conference on Computer Design.

[27]  Viktor Schuppan,et al.  Liveness Checking as Safety Checking , 2002, FMICS.

[28]  Andreas Kuehlmann Dynamic transition relation simplification for bounded property checking , 2004, IEEE/ACM International Conference on Computer Aided Design, 2004. ICCAD-2004..

[29]  Armin Biere,et al.  Compressing BMC Encodings with QBF , 2007, BMC@FLoC.

[30]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[31]  Martin Lange,et al.  Bounded Model Checking for Weak Alternating Büchi Automata , 2006, CAV.

[32]  Kenneth L. McMillan,et al.  Automatic Abstraction without Counterexamples , 2003, TACAS.

[33]  Gilles Audemard,et al.  Bounded Model Checking for Timed Systems , 2002, FORTE.

[34]  Timo Soininen,et al.  Extending and implementing the stable model semantics , 2000, Artif. Intell..

[35]  Daniel Kroening,et al.  Efficient Computation of Recurrence Diameters , 2003, VMCAI.

[36]  Fabio Somenzi,et al.  Automatic invariant strengthening to prove properties in bounded model checking , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[37]  Gianpiero Cabodi,et al.  Boosting the Role of Inductive Invariants in Model Checking , 2007, 2007 Design, Automation & Test in Europe Conference & Exhibition.

[38]  C. A. J. van Eijk,et al.  Sequential equivalence checking without state space traversal , 1998, DATE.

[39]  Gianpiero Cabodi,et al.  Exploiting Target Enlargement and Dynamic Abstraction within Mixed BDD and SAT Invariant Checking , 2005, BMC@CAV.

[40]  Donald W. Loveland,et al.  A machine program for theorem-proving , 2011, CACM.

[41]  Viktor Schuppan,et al.  Efficient reduction of finite state model checking to reachability analysis , 2004, International Journal on Software Tools for Technology Transfer.

[42]  Joao Marques-Silva,et al.  The Impact of Branching Heuristics in Propositional Satisfiability Algorithms , 1999, EPIA.

[43]  Armin Biere,et al.  A satisfiability procedure for quantified Boolean formulae , 2003, Discret. Appl. Math..

[44]  Timo Latvala,et al.  Incremental and Complete Bounded Model Checking for Full PLTL , 2005, CAV.

[45]  Armin Biere,et al.  Verifiying Safety Properties of a Power PC Microprocessor Using Symbolic Model Checking without BDDs , 1999, CAV.

[46]  M ClarkeEdmund,et al.  Another Look at LTL Model Checking , 1997 .

[47]  Marco Benedetti,et al.  A performance-driven QBF-based iterative logic array representation with applications to verification, debug and test , 2007, 2007 IEEE/ACM International Conference on Computer-Aided Design.

[48]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[49]  Ofer Shtrichman Tuning SAT Checkers for Bounded Model Checking , 2000, CAV 2000.

[50]  E. Clarke,et al.  Symbolic model checking using SAT procedures instead of BDDs , 1999, Proceedings 1999 Design Automation Conference (Cat. No. 99CH36361).

[51]  Fabio Somenzi,et al.  Termination Criteria for Bounded Model Checking: Extensions and Comparison , 2005, BMC@CAV.

[52]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[53]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[54]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[55]  Joao Marques-Silva,et al.  GRASP-A new search algorithm for satisfiability , 1996, Proceedings of International Conference on Computer Aided Design.

[56]  Nachum Dershowitz,et al.  Bounded Model Checking with QBF , 2005, SAT.

[57]  Andreas Kuehlmann,et al.  Equivalence checking using cuts and heaps , 1997, DAC.

[58]  J. P. Marques,et al.  GRASP : A Search Algorithm for Propositional Satisfiability , 1999 .

[59]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[60]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[61]  Olivier Coudert,et al.  A unified framework for the formal verification of sequential circuits , 1990, 1990 IEEE International Conference on Computer-Aided Design. Digest of Technical Papers.

[62]  Bart Selman,et al.  Pushing the Envelope: Planning, Propositional Logic and Stochastic Search , 1996, AAAI/IAAI, Vol. 2.

[63]  Joonyoung Kim,et al.  SATIRE: A new incremental satisfiability engine , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[64]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[65]  Keijo Heljanko,et al.  Bounded Reachability Checking with Process Semantics , 2001, CONCUR.

[66]  Armin Biere,et al.  Combining Decision Diagrams and SAT Procedures for Efficient Symbolic Model Checking , 2000, CAV.

[67]  Moshe Y. Vardi From Church and Prior to PSL , 2008, 25 Years of Model Checking.

[68]  Monika Maidl Using model checking for system verification , 2000 .

[69]  Harald Ruess,et al.  Bounded Model Checking and Induction: From Refutation to Verification (Extended Abstract, Category A) , 2003, CAV.

[70]  William Craig,et al.  Linear reasoning. A new form of the Herbrand-Gentzen theorem , 1957, Journal of Symbolic Logic.

[71]  Armin Biere,et al.  A survey of recent advances in SAT-based formal verification , 2005, International Journal on Software Tools for Technology Transfer.

[72]  Kenneth L. McMillan,et al.  An interpolating theorem prover , 2005, Theor. Comput. Sci..

[73]  Robert P. Kurshan,et al.  An Analysis of SAT-Based Model Checking Techniques in an Industrial Environment , 2005, CHARME.

[74]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[75]  Mary Sheeran,et al.  Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.

[76]  Piergiorgio Bertoli,et al.  A SAT Based Approach for Solving Formulas over Boolean and Linear Mathematical Propositions , 2002, CADE.

[77]  Ilkka Niemelä,et al.  Bounded LTL model checking with stable models , 2003, Theory Pract. Log. Program..

[78]  Karem A. Sakallah,et al.  SAT-based sequential depth computation , 2003, ASP-DAC '03.

[79]  Edmund M. Clarke,et al.  Another Look at LTL Model Checking , 1994, Formal Methods Syst. Des..

[80]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[81]  Armando Tacchella,et al.  Benefits of Bounded Model Checking at an Industrial Setting , 2001, CAV.

[82]  A. Prasad Sistla,et al.  The complexity of propositional linear temporal logics , 1982, STOC '82.

[83]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[84]  Pierre Wolper,et al.  Reasoning About Infinite Computations , 1994, Inf. Comput..

[85]  Armin Biere,et al.  Simple Bounded LTL Model Checking , 2004, FMCAD.

[86]  Koen Claessen,et al.  SAT-Based Verification without State Space Traversal , 2000, FMCAD.

[87]  Ofer Strichman,et al.  SAT Based Abstraction-Refinement Using ILP and Machine Learning Techniques , 2002, CAV.

[88]  G. S. Tseitin On the Complexity of Derivation in Propositional Calculus , 1983 .

[89]  Robert P. Kurshan,et al.  Verification Technology Transfer , 2008, 25 Years of Model Checking.

[90]  Zohar Manna,et al.  Checking Safety by Inductive Generalization of Counterexamples to Induction , 2007, Formal Methods in Computer Aided Design (FMCAD'07).

[91]  Doron A. Peled,et al.  Combining partial order reductions with on-the-fly model-checking , 1994, Formal Methods Syst. Des..

[92]  Daniel Kroening,et al.  Verification of Boolean programs with unbounded thread creation , 2007, Theor. Comput. Sci..

[93]  Madan Musuvathi,et al.  A Combination Method for Generating Interpolants , 2005, CADE.

[94]  Aarti Gupta,et al.  Efficient SAT-based unbounded symbolic model checking using circuit cofactoring , 2004, IEEE/ACM International Conference on Computer Aided Design, 2004. ICCAD-2004..

[95]  Ilkka Niemelä,et al.  Logic programs with stable model semantics as a constraint programming paradigm , 1999, Annals of Mathematics and Artificial Intelligence.

[96]  Allen Van Gelder Verifying Propositional Unsatisfiability: Pitfalls to Avoid , 2007, SAT.

[97]  G. Stålmarck,et al.  Modeling and Verifying Systems and Software in Propositional Logic , 1990 .

[98]  Malay K. Ganai,et al.  Robust Boolean reasoning for equivalence checking and functional property verification , 2002, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[99]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[100]  Bart Selman,et al.  Planning as Satisfiability , 1992, ECAI.

[101]  Pavel Pudlák,et al.  Lower bounds for resolution and cutting plane proofs and monotone computations , 1997, Journal of Symbolic Logic.

[102]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[103]  Joël Ouaknine,et al.  Computational challenges in bounded model checking , 2005, International Journal on Software Tools for Technology Transfer.

[104]  Jacob A. Abraham,et al.  Property Checking via Structural Analysis , 2002, CAV.