interpolation and sat-based model checking.pdfVIP

Interpolation and SAT-based Model Checking K. L. McMillan Cadence Berkeley Labs Abstract. We consider a fully SAT-based method of unbounded sym- bolic model checking based on computing Craig interpolants. In bench- mark studies using a set of large industrial circuit verification instances, this method is greatly more efficient than BDD-based symbolic model checking, and compares favorably to some recent SAT-based model check- ing methods on positive instances. 1 Introduction Symbolic model checking [8, 9] is a method of verifying temporal properties of finite (and sometimes infinite) state systems that relies on a symbolic represen- tation of sets, typically as Binary Decision Diagrams [7] (BDD’s). By contrast, bounded model checking [4] can falsify temporal properties by posing the exis- tence of a counterexample of k steps or fewer as a Boolean satisfiability (SAT) problem. Using a modern SAT solver, this method is efficient in producing coun- terexamples [10, 6]. However, it cannot verify properties unless an upper bound is known on the depth of the state space, which is not generally the case. This paper presents a purely SAT-based method of unbounded model check- ing. It exploits a SAT solver’s ability to produce refutations. In bounded model checking, a refutation is a proof that there is no counterexample of k steps or fewer. Such a proof implies nothing about the truth of the property in general, but does contain information about the reachable states of the model. In partic- ular, given a partition of a set of clauses into a pair of subsets (A, B), and a proof by resolution that the clauses are unsatisfiable, we can generate an interpolant in linear time [20]. An interpolant [11] for the pair (A, B) is a formula P with the following properties: