Industrial Model Checking Based on Satisfiability Solvers

Abstract

Until recently, symbolic model checking was synonymous with fixpoint calculations using Binary Decision Diagrams (BDDs). However, today there are a number of approaches to symbolic model checking that avoid the use of BDDs altogether.

One of the most successful of these new approaches is model checking using satisfiability solvers (SAT-solvers). Although the body of literature on SATbased model checking is small, it is already clear that this approach makes it possible to achieve order of magnitude performance improvements compared to BDD-based model checking, even when relatively unsophisticated algorithms are used.

In this talk, I will present three different approaches to SAT-based model checking, and discuss the experiences we have had at Prover Technology when applying them to industrial problems.

The first of the approaches I will present, Bounded Model Checking (BMC), attempts to reduce the search for counterexamples and witnesses to satisfiability checking. BMC has proved to be a strong technique for finding bugs. The second approach, induction, is a method that extends the BMC analysis in such a way that safety properties also can be proved. The third approach, SAT-based reachability analysis, is a method in which the BDD package used in the standard reachability algorithms is replaced by a SAT-solver and an algorithm for translating quantified boolean formulas.

In addition to giving an introduction to the SAT-based verification algorithms, I will discuss some of the strengths and weaknesses of SAT-solvers compared to BDDs, and the relative performance of the three SAT-based approaches compared to traditional BDD-based model checking.

One of the aims of this talk is to present a “from the trenches” perspective on the use of SAT-based model checking. Industrial problems are rarely as clean and structured as the problems that are encountered in academia, and the demands that are put on a model checker by industrial users are very different from the demands of researchers. I will discuss some of the experiences we have had at Prover Technology when dealing with designs from our customers, and the challenges that we have had to overcome. I will also present two industrial case studies from the domains of safety critical software verification, and industrial hardware verification.