Automatic abstraction without counterexamples. (2003)

by K L McMillan, N Amla
Venue:In Garavel, H., & Hatcliff, J. (Eds.), Proceedings of TACAS’03,
Add To MetaCart
Results 1 - 10 of 134

Interpolation and SAT-based model checking

by K. L. Mcmillan , 2003
"... Abstract. We consider a fully SAT-based method of unbounded symbolic model checking based on computing Craig interpolants. In benchmark studies using a set of large industrial circuit verification instances, this method is greatly more efficient than BDD-based symbolic model checking, and compares f ..."
Abstract - Cited by 285 (11 self) - Add to MetaCart
Abstract. We consider a fully SAT-based method of unbounded symbolic model checking based on computing Craig interpolants. In benchmark studies using a set of large industrial circuit verification instances, this method is greatly more efficient than BDD-based symbolic model checking, and compares favorably to some recent SAT-based model checking methods on positive instances. 1
(Show Context)

Bounded model checking

by Armin Biere , 2009
"... Besides Equivalence Checking [KK97, KPKG02] the most important industrial application of SAT is currently Bounded Model Checking (BMC) [BCCZ99]. Both techniques are used for formal hardware verification in the context of electronic design automation (EDA), but have successfully been applied to many ..."
Abstract - Cited by 165 (3 self) - Add to MetaCart
Besides Equivalence Checking [KK97, KPKG02] the most important industrial application of SAT is currently Bounded Model Checking (BMC) [BCCZ99]. Both techniques are used for formal hardware verification in the context of electronic design automation (EDA), but have successfully been applied to many other domains as well. In this chapter, we focus on BMC. In practice, BMC is mainly used for falsification resp. testing, which is concerned with violations of temporal properties. However, the original paper on BMC [BCCZ99] already discussed extensions that can prove properties. A considerable part of this chapter discusses these complete extensions, which are often called “unbounded ” model checking techniques, even though they are build upon the same principles as plain BMC. Two further related applications, in which BMC becomes more and more important, are automatic test case generation for closing coverage holes, and disproving redundancy in designs. Most of the techniques discussed in this chapter transfer to this more general setting as well, even though our focus is on property

Picosat essentials

by Armin Biere - Journal on Satisfiability, Boolean Modeling and Computation (JSAT
"... In this article we describe and evaluate optimized compact data structures for watching literals. Experiments with our SAT solver PicoSAT show that this low-level optimization not only saves memory, but also turns out to speed up the SAT solver considerably. We also discuss how to store proof traces ..."
Abstract - Cited by 140 (16 self) - Add to MetaCart
In this article we describe and evaluate optimized compact data structures for watching literals. Experiments with our SAT solver PicoSAT show that this low-level optimization not only saves memory, but also turns out to speed up the SAT solver considerably. We also discuss how to store proof traces compactly in memory and further unique features of PicoSAT including an aggressive restart schedule. Keywords: SAT solver, watched literals, occurrence lists, proof traces, restarts
(Show Context)

An interpolating theorem prover

by K. L. Mcmillan - In TACAS , 2004
"... Abstract. We present a method of deriving Craig interpolants from proofs in the quantifier-free theory of linear inequality and uninterpreted function symbols, and an interpolating theorem prover based on this method. The prover has been used for predicate refinement in the Blast software model chec ..."
Abstract - Cited by 101 (11 self) - Add to MetaCart
Abstract. We present a method of deriving Craig interpolants from proofs in the quantifier-free theory of linear inequality and uninterpreted function symbols, and an interpolating theorem prover based on this method. The prover has been used for predicate refinement in the Blast software model checker, and can also be used directly for model checking infinite-state systems, using interpolation-based image approximation. 1
(Show Context)

A survey of recent advances in SAT-based formal verification

by Mukul R. Prasad, Armin Biere, Aarti Gupta - STTT , 2005
"... Dramatic improvements in SAT solver technology over the last decade and the growing need for more efficient and scalable verification solutions have fueled research in verification methods based on SAT solvers. This paper presents a survey of the latest developments in SAT-based formal verificatio ..."
Abstract - Cited by 67 (9 self) - Add to MetaCart
Dramatic improvements in SAT solver technology over the last decade and the growing need for more efficient and scalable verification solutions have fueled research in verification methods based on SAT solvers. This paper presents a survey of the latest developments in SAT-based formal verification, including incomplete methods such as bounded model checking and complete methods for model checking. We focus on how the surveyed techniques formulate the verification problem as a SAT problem and how they exploit crucial aspects of a SAT solver, such as application-specific heuristics and conflict-driven learning. Finally,wesummarizethenoteworthy achievements in this area so far and note the major challenges in making this technology more pervasive in industrial design verification flows.

Deciding bit-vector arithmetic with abstraction

by Randal E. Bryant, Daniel Kroening, Joël Ouaknine, Sanjit A. Seshia, Ofer Strichman, Bryan Brady - IN PROC. TACAS 2007 , 2007
"... We present a new decision procedure for finite-precision bitvector arithmetic with arbitrary bit-vector operations. Our procedure alternates between generating under- and over-approximations of the original bit-vector formula. An under-approximation is obtained by a translation to propositional log ..."
Abstract - Cited by 58 (24 self) - Add to MetaCart
We present a new decision procedure for finite-precision bitvector arithmetic with arbitrary bit-vector operations. Our procedure alternates between generating under- and over-approximations of the original bit-vector formula. An under-approximation is obtained by a translation to propositional logic in which some bit-vector variables are encoded with fewer Boolean variables than their width. If the underapproximation is unsatisfiable, we use the unsatisfiable core to derive an over-approximation based on the subset of predicates that participated in the proof of unsatisfiability. If this over-approximation is satisfiable, the satisfying assignment guides the refinement of the previous underapproximation by increasing, for some bit-vector variables, the number of Boolean variables that encode them. We present experimental results that suggest that this abstraction-based approach can be considerably more efficient than directly invoking the SAT solver on the original formula as well as other competing decision procedures.

Applications of Craig interpolants in model checking

by K L Mcmillan - In Proceedings of TACAS 2005 [TAC05
"... Abstract. A Craig interpolant for a mutually inconsistent pair of formulas (A, B) is a formula that is (1) implied by A, (2) inconsistent with B, and (3) expressed over the common variables of A and B. An interpolant can be efficiently derived from a refutation of A ∧ B, for certain theories and pr ..."
Abstract - Cited by 50 (0 self) - Add to MetaCart
Abstract. A Craig interpolant for a mutually inconsistent pair of formulas (A, B) is a formula that is (1) implied by A, (2) inconsistent with B, and (3) expressed over the common variables of A and B. An interpolant can be efficiently derived from a refutation of A ∧ B, for certain theories and proof systems. We will discuss a number of applications of this concept in finite-and infinite-state model checking.
(Show Context)

On Computing Minimum Unsatisfiable Cores

by I. Lynce, J. Marques-Silva , 2003
"... Certifying the correctness of a SAT solver is straightforward for satisfiable instances of SAT. Given a ..."
Abstract - Cited by 48 (3 self) - Add to MetaCart
Certifying the correctness of a SAT solver is straightforward for satisfiable instances of SAT. Given a

Interpolant-based transition relation approximation

by Ranjit Jhala, K. L. Mcmillan - In CAV 05: Computer-Aided Verification, LNCS 3576 , 2005
"... Abstract. In predicate abstraction, exact image computation is problematic, requiring in the worst case an exponential number of calls to a decision procedure. For this reason, software model checkers typically use a weak approximation of the image. This can result in a failure to prove a property, ..."
Abstract - Cited by 47 (4 self) - Add to MetaCart
Abstract. In predicate abstraction, exact image computation is problematic, requiring in the worst case an exponential number of calls to a decision procedure. For this reason, software model checkers typically use a weak approximation of the image. This can result in a failure to prove a property, even given an adequate set of predicates. We present an interpolant-based method for strengthening the abstract transition relation in case of such failures. This approach guarantees convergence given an adequate set of predicates, without requiring an exact image computation. We show empirically that the method converges more rapidly than an earlier method based on counterexample analysis. 1
(Show Context)

Dynamic Transition Relation Simplification for Bounded Property Checking

by Andreas Kuehlmann , 2004
"... Bounded Model Checking (BMC) is an incomplete property checking method that is based on a finite unfolding of the transition relation to disprove the correctness of a set of properties or to prove them for a limited execution lengths from the initial states. Current BMC techniques repeatedly concate ..."
Abstract - Cited by 40 (2 self) - Add to MetaCart
Bounded Model Checking (BMC) is an incomplete property checking method that is based on a finite unfolding of the transition relation to disprove the correctness of a set of properties or to prove them for a limited execution lengths from the initial states. Current BMC techniques repeatedly concatenate the original transition relation to unfold the circuit with increasing depths. In this paper we present a new method that is based on a dual unfolding scheme. The first unfolding is non-initialized and progressively simplifies concatenated frames of the transition relation. The tail of the simplified frames are then applied in the second unfolding, which starts from the initial state and checks the properties. We use a circuit graph representation for all functions and performs simplification by merging vertices that are functionally equivalent under given input constraints. In the non-initialized unfolding, previous time frames progressively tighten these constraints thus leading to an asymptotic simplification of the transition relation. As a side benefit, our method can find inductive invariants constructively by detecting when vertices are functionally equivalent across time frames. This information is then used to further simplify the transition relation and, in some cases, prove unbounded correctness of properties. Our experiments using industrial property checking problems demonstrate that the presented method significantly improves the efficiency of BMC.