Introduction to Bounded Model Checking Armin Biere FATS Seminar

More documents

Recommendations

Info

Induction with SAT BMC 19 [SinghSheeranStalmarck’00] • more specifically k-induction – does there exist k such that the following formula is unsatisfiable B(s0) ∧ ··· ∧ B(sk−1) ∧ T (s0,s1) ∧ ··· ∧ T (sk−1,sk) ∧ B(sk) ∧ ^ 0≤i< j≤k – if unsatisfiable and BMC(k) unsatisfiable then bad state unreachable • bound on k: length of longest cycle free path = reoccurrence diameter • k = 0 check whether ¬B tautological (propositionally) • k = 1 check whether ¬B inductive for T si = s j Introduction to Bounded Model Checking – FATS Seminar ETH 2009 Armin Biere – FMV – JKU Linz
Interpolation in Model Checking BMC 20 [McMillan’03] • SAT based technique to overapproximate frontiers Img(S C) – currently most effective technique to show that bad states are unreachable – better than BDDs and k-induction in many cases [HWMCC’08] • starts from a resolution proof refutation of a BMC problem with bound k + 1 S C(s0) ∧ T (s0,s1) ∧ T (s1,s2) ∧ ··· ∧ T (s k,s k+1) ∧ B(s k+1) – result is a characteristic function f (s1) over variables of the second state s1 – these states do not reach the bad state s k+1 in k steps – any state reachable from S C satisfies f : S C(s0) ∧ T (s0,s1) ⇒ f (s1) • k is bounded by the diameter (exponentially smaller than longest cycle free path) Introduction to Bounded Model Checking – FATS Seminar ETH 2009 Armin Biere – FMV – JKU Linz
Page 1 and 2: Introduction to Bounded Model Check
Page 3 and 4: What is Model Checking? Model Check
Page 5 and 6: Forward Fixpoint: Initial and Bad S
Page 7 and 8: Forward Fixpoint: Step 2 Model Chec
Page 9 and 10: Forward Fixpoint: Bad State Reached
Page 11 and 12: Forward Least Fixpoint Algorithm fo
Page 13 and 14: Linear Size BDD for Bit-Vector Comp
Page 15 and 16: Unrolling of Forward Least Fixpoint
Page 17 and 18: Bounded Model Checking BMC [BiereCi
Page 19: Bounded Model Checking State of the
Page 23 and 24: Mining Inductive Invariants BMC 22
Page 25 and 26: Simple Path Constraints Symbolic Al
Page 27 and 28: Symbolic ADCs for Large Domains Sym
Page 29 and 30: Lemmas on Demand for Satisfiability
Page 31 and 32: Lemmas on Demand for Extensional Ar
Page 33 and 34: Combining Over- and Under-Approxima
Page 35 and 36: All Different Objects (ADOs) Symbol
Page 45 and 46: Implementation Details Symbolic All
Page 47 and 48: Mixed Approach versus Refine Only S
Page 49 and 50: SAT Solver Progress (SAT’06 Race

Introduction to Bounded Model Checking Armin Biere FATS Seminar

Create successful ePaper yourself

Delete template?

Save as template?