Yakir Vizel 1,2 and Orna Grumberg 1 1.Computer Science Department, The Technion, Haifa, Israel. 2.Architecture, System Level and Validation Solutions, Intel Development Center, Haifa, Israel

Introduction Model checking Forward Reachability Analysis Bounded Model Checking Interpolation Interpolation Interpolation-Sequence Interpolation-Sequence Based Model Checking Experimental Results

Given a system and a specification, does the system satisfy the specification. SystemAGq MC ? The specification is given in temporal logic – e.g. LTL. We deal with specifications of the form AGq.

…… S n S 2 S1S1 S1S1 INIT BAD ¬q Formal Methods in Computer Aided Design, Austin, Texas

Does the system have a counterexample of length k?

INIT I3I3 I3I3 BAD ¬q I1I1 I1I1 I2I2 I2I2 S1S1 S 1 S2S2 S 2 S3S3 S 3 7

Formal Methods in Computer Aided Design, Austin, Texas

9 Given the following BMC formula. A B I

A1A1 A2A2 A3A3 AkAk A k+1 I1I1 I2I2 I3I3 I k-1 IkIk The same BMC formula partitioned in a different manner:

Can easily be computed. For 1 ≤ j < n A = A 1 … A j B = A j+1 … A n I j is the interpolant for the pair (A,B)

Formal Methods in Computer Aided Design, Austin, Texas

I 1,1

A way to do reachability analysis using a SAT solver. Uses the original BMC loop and adds an inclusion check for full verification. Similar sets to those computed by Forward Reachability Analysis but over- approximated.

Use BMC to search for bugs. Partition the checked BMC formula and extract the interpolation sequence
I 1,N I N-1,N I 2,N I N,N

INIT S1S1 S1S1 S2S2 S2S2 S3S3 S3S3 I1I1 I1I1 I2I2 I2I2 I3I3 I3I3 BAD ¬q I 1,1 I 2,2 I 1,2 I1I1 I1I1 I2I2 I2I2 I 3,3 I 2,3 I 1,3

The computation itself is different. Uses basic interpolation. Successive calls to BMC for the same bound. Not incremental. The sets computed are different.
S1S1 S1S1 I1I1 I1I1 J1J1 J1J1

Formal Methods in Computer Aided Design, Austin, Texas

Experiments were conducted on two future CPU designs from Intel (two different architectures/tocks)

Formal Methods in Computer Aided Design, Austin, Texas

Formal Methods in Computer Aided Design, Austin, Texas

Spec#VarsBound (Ours) Bound (M) #Int (Ours) #Int (M) #BMC (Ours) #BMC (M) Time [s] (Ours) Time [s] (M) F1F F2F F3F F4F F5F F6F F7F F8F

False properties is always faster. True properties – results vary. Heavier properties favor ISB where the easier favor IB. Some properties cannot be verified by one method but can be verified by the other and vise-versa.

A new SAT-based method for unbounded model checking. BMC is used for falsification. Simulating forward reachability analysis for verification. Method was successfully applied to industrial sized systems.

Thank You!

