216 research outputs found
Safety Model Checking with Complementary Approximations
Formal verification techniques such as model checking, are becoming popular
in hardware design. SAT-based model checking techniques such as IC3/PDR, have
gained a significant success in hardware industry. In this paper, we present a
new framework for SAT-based safety model checking, named Complementary
Approximate Reachability (CAR). CAR is based on standard reachability analysis,
but instead of maintaining a single sequence of reachable- state sets, CAR
maintains two sequences of over- and under- approximate reachable-state sets,
checking safety and unsafety at the same time. To construct the two sequences,
CAR uses standard Boolean-reasoning algorithms, based on satisfiability
solving, one to find a satisfying cube of a satisfiable Boolean formula, and
one to provide a minimal unsatisfiable core of an unsatisfiable Boolean
formula. We applied CAR to 548 hardware model-checking instances, and compared
its performance with IC3/PDR. Our results show that CAR is able to solve 42
instances that cannot be solved by IC3/PDR. When evaluated against a portfolio
that includes IC3/PDR and other approaches, CAR is able to solve 21 instances
that the other approaches cannot solve. We conclude that CAR should be
considered as a valuable member of any algorithmic portfolio for safety model
checking
Intersection and Rotation of Assumption Literals Boosts Bug-Finding
SAT-based techniques comprise the state-of-the-art in functional verification of safety-critical hardware and software, including IC3/PDR-based model checking and Bounded Model Checking (BMC). BMC is the incontrovertible best method for unsafety checking, aka bug-finding. Complementary Approximate Reachability (CAR) and IC3/PDR complement BMC for bug-finding by detecting different sets of bugs. To boost the efficiency of formal verification, we introduce heuristics involving intersection and rotation of the assumption literals used in the SAT encodings of these techniques. The heuristics generate smaller unsat cores and diverse satisfying assignments that help in faster convergence of these techniques, and have negligible runtime overhead. We detail these heuristics, incorporate them in CAR, and perform an extensive experimental evaluation of their performance, showing a 25% boost in bug-finding efficiency of CAR.We contribute a detailed analysis of the effectiveness of these heuristics: their influence on SAT-based bug-finding enables detection of different bugs from BMCbased checking. We find the new heuristics are applicable to IC3/PDR-based algorithms as well, and contribute a modified clause generalization procedure
Automatic Abstraction in SMT-Based Unbounded Software Model Checking
Software model checkers based on under-approximations and SMT solvers are
very successful at verifying safety (i.e. reachability) properties. They
combine two key ideas -- (a) "concreteness": a counterexample in an
under-approximation is a counterexample in the original program as well, and
(b) "generalization": a proof of safety of an under-approximation, produced by
an SMT solver, are generalizable to proofs of safety of the original program.
In this paper, we present a combination of "automatic abstraction" with the
under-approximation-driven framework. We explore two iterative approaches for
obtaining and refining abstractions -- "proof based" and "counterexample based"
-- and show how they can be combined into a unified algorithm. To the best of
our knowledge, this is the first application of Proof-Based Abstraction,
primarily used to verify hardware, to Software Verification. We have
implemented a prototype of the framework using Z3, and evaluate it on many
benchmarks from the Software Verification Competition. We show experimentally
that our combination is quite effective on hard instances.Comment: Extended version of a paper in the proceedings of CAV 201
Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design – FMCAD 2021
The Conference on Formal Methods in Computer-Aided Design (FMCAD) is an annual conference on the theory and applications of formal methods in hardware and system verification. FMCAD provides a leading forum to researchers in academia and industry for presenting and discussing groundbreaking methods, technologies, theoretical results, and tools for reasoning formally about computing systems. FMCAD covers formal aspects of computer-aided system design including verification, specification, synthesis, and testing
- …