Bounded Model Checking Using Satisfiability Solving

@article{Clarke2001BoundedMC,
  title={Bounded Model Checking Using Satisfiability Solving},
  author={Edmund M. Clarke and Armin Biere and Richard Raimi and Yunshan Zhu},
  journal={Formal Methods in System Design},
  year={2001},
  volume={19},
  pages={7-34}
}
The phrase model checking refers to algorithms for exploring the state space of a transition system to determine if it obeys a specification of its intended behavior. These algorithms can perform exhaustive verification in a highly automatic manner, and, thus, have attracted much interest in industry. Model checking programs are now being commercially marketed. However, model checking has been held back by the state explosion problem, which is the problem that the number of states in a system… 
View on Springer
aladdin.cs.cmu.edu
756 Citations
Highly Influential Citations
62
Background Citations
230
Methods Citations
277
Results Citations
5

756 Citations

Citation Type

Citation Type

Toward Unbounded Model Checking for Region Automata
TLDR
A new bounded model checker, xBMC, is proposed to solve the reachability problem of dense-time systems and may provide an effective and practical method for timing behavior verification of large systems.
A New Approach to Bounded Model Checking for Branching Time Logics
TLDR
A new approach is suggested to bounded model checking for universal branching-time logic, in which an arbitrary graph is encoded and allowed to choose both the states and edges of the graph and this significantly reduces the size of the counter-example produced by BMC.
Compositional encoding for bounded model checking
TLDR
An automated analyzer is developed which combines complementing model checking techniques (i.e., bounded model checking and explicit onthe-fly model checking) to validate system models against event-based temporal properties and results show the analyzer handles large systems.
Breadth-bounded model checking
TLDR
This paper studies an alternative approach to BMC by restricting the breadth of the transition relation, based on a Highway simulation, which allows us to find violations to properties that lurk deep in a specification, and properties that require lengthy counterexamples.
Bounded Model Checking for Region Automata
For successful software verification, model checkers must be capable of handling a large number of program variables. Traditional, BDD-based model checking is deficient in this regard, but bounded…
Translations to propositional satisfiability
TLDR
An overview of the researchers' experiences translating bounded model checking problems into satisfiability solving, outlining both ideas that seem promising and others that did not prove to be very successful.
Bounded model checking of infinite state systems
TLDR
A new approach to BMC is presented that extends current methods in three ways: instead of a reduction to propositional logic which restricts BMC to finite state systems, this work focuses on infinite state systems and therefore considers more powerful, yet decidable base logics.
Combined Bounded and Symbolic Model Checking for Incomplete Timed Systems
TLDR
The hybrid approach is able to verify incomplete timed systems which are out of the scope for BMC and can neither be solved in reasonable time using SMC and compares favourably with UPPAAL-TIGA when considering timed games as a special case of the unrealisability problem.
Model Checking Using SMT and Theory of Lists
TLDR
This work shows how to avoid explicit loop unrolling by using the SMT Theory of Lists to model feasible, potentially unbounded program traces and argues that this approach is easier to use, and, more importantly, increases the confidence in verification results over the typical bounded approach.
Parallel Model Checking Algorithms for Linear-Time Temporal Logic
TLDR
The current chapter discusses the use of parallelism in order to overcome the challenge of exponential explosion in the number of system states, and reiterates the textbook automata-theoretic approach, which reduces the model checking problem to the graph problem of finding cycles.
...
...

References

SHOWING 1-10 OF 50 REFERENCES
Symbolic Reachability Analysis Based on SAT-Solvers
TLDR
This paper shows how to adapt standard algorithms for symbolic reachability analysis to work with SAT-solvers and shows that even with relatively simple techniques it is possible to verify systems that are known to be hard for BDD-based model checkers.
Symbolic model checking: an approach to the state explosion problem
TLDR
The symbolic model checking technique revealed subtle errors in this protocol, resulting from complex execution sequences that would occur with very low probability in random simulation runs, and an alternative method is developed for avoiding the state explosion in the case of asynchronous control circuits.
Tuning SAT Checkers for Bounded Model Checking
TLDR
It is shown that the unique characteristics of BMC formulas can be exploited for a variety of optimizations in the SAT checking procedure, and proved their efficiency in many of the hard test cases, comparing to both the standard SAT procedure and a BDD-based model checker.
Symbolic Model Checking without BDDs
TLDR
This paper shows how boolean decision procedures, like Stalmarck's Method or the Davis & Putnam Procedure, can replace BDDs, and introduces a bounded model checking procedure for LTL which reduces model checking to propositional satisfiability.
Symbolic Model Checking: 10^20 States and Beyond
Search Algorithms for Satisfiability Problems in Combinational Switching Circuits
TLDR
A configurable search-based algorithm for SAT that can be used for implementing different circuit analysis tools and a new model for path sensitization that permits modeling test pattern generation and timing analysis with linear size representations are introduced.
Model checking and modular verification
TLDR
A framework for compositional verification of finite-state processes based on a subset of the logic CTL for which satisfaction is preserved under composition and a preorder on structures which captures the relation between a component and a system containing the component is described.
Combining Decision Diagrams and SAT Procedures for Efficient Symbolic Model Checking
In this paper we show how to do symbolic model checking using Boolean Expression Diagrams (BEDs), a non-canonical representation for Boolean formulas, instead of Binary Decision Diagrams (BDDs), the…
Algorithms for solving Boolean satisfiability in combinational circuits
TLDR
This paper describes how Boolean satisfiability algorithms can take circuit structure into account when solving instances derived from combinational circuits and provides clear evidence that computed solutions can have significantly less specified variable assignments than those obtained with common SAT algorithms.
Verifying Safety Properties of a PowerPC TM 1 Microprocessor Using Symbolic Model Checking without BDDs
TLDR
This paper presents a bounded version of the cone of inence reduction that works very well for verifying safety properties of a PowerPC microprocessor under design at Motorola's Somerset PowerPC design center.
...
...