Generalized Counterexamples to Liveness Properties

Abstract-We consider generalized counterexamples in the context of liveness property checking. A generalized counterexample comprises only a subset of values necessary to establish the existence of a concrete counterexample. While useful in various ways even for safety properties, the length of a generalized liveness counterexample may be exponentially shorter than that of a concrete counterexample, entailing significant potential algorithmic benefits. One application of this concept extends the k-LIVENESS proof technique of [1] to enable failure detection. The resulting algorithm is simple, and poses negligible overhead to k-LIVENESS in practice. We additionally propose dedicated algorithms to search for generalized liveness counterexamples, and to manipulate generalized counterexamples to and from concrete ones. Experiments confirm the capability of these techniques to detect failures more efficiently than existing techniques for various benchmarks

IC3-Guided Abstraction

Abstract-Localization is a powerful automated abstraction-refinement technique to reduce the complexity of property checking. This process is often guided by SATbased bounded model checking, using counterexamples obtained on the abstract model, proofs obtained on the original model, or a combination of both to select irrelevant logic. In this paper, we propose the use of bounded invariants obtained during an incomplete IC3 run to derive higher-quality abstractions for complex problems. Experiments confirm that this approach yields significantly smaller abstractions in many cases, and that the resulting abstract models are often easier to verify

Formal Property Verification by Abstraction Refinement with Formal, Simulation and Hybrid Engines

and BDD-based symbolic image computation to find an error trace on the subcircuit. RFN also computes a forward fixpoint using post-image computation to verify the unreachability property on the subcircuit. If the property is True for the subcircuit, RFN reports that the property is True for the original design and terminates. Otherwise it proceeds to Step 3. In Step 3 we want to find error traces on real-world designs. RFN utilizes the error trace found on the subcircuit to guide sequential ATPG to search for an error trace on the original design. If an error trace of the original design is found, RFN reports that the property is False, prints out the error trace and terminates. Otherwise RFN proceeds to Step 4. In Step 4 we select a set E of registers that are in the original model but not in the abstract model to refine the abstract model. The refined abstract model will be the current abstract model augmented with the set E of registers plus their transitive fanins up to register ..