Not quite, but I when contradictory loop-free i
And symmetrically when contradictory loop-free B
Algorithm 1 i:= 0 if not Sat I ornot Sat B then return True i i if Sat then return error trace i := i+1 ; I B i
Tighten termination (Alg. 2) i:= 0 if not Sat ornot Sat B then return True if Sat then return error trace i := i+1 ; I i all (not I) i all (not B) I B i
Avoid iteration from zero (Alg. 3) i := some constant which can be greater than zero not (all P) I i I all (not I) i+1 Ball (not B) i+1 if Sat then return error trace if not Sator not Sat then return True i:= i+1
Complete method i := some constant which can be greater than zero not (all P) I i I all (not I) i+1 Ball (not B) i+1 if Sat then return error trace if not Sator not Sat then return True i:= i+1
Strengthen i := some constant which can be greater than zero not (all P) I i I all (not I) i+1 Ball (not B) i+1 if Sat then return error trace if not Sator not Sat then return True i:= i+1
Another way to strengthen Invent a lemma, L(s) that we believe to hold in the reachable states Prove Q(s) = P(s) and L(s) If both P and L hold in the reachable states, this can reduce induction depth
Choosing lemmas? Domain knowledge Analysis of the program Strongest possibility is the characterization of the reachable states Van Eijk’s method uses relations between signals as lemmas
Reachability analysis Standard approach to safety property verification using Binary Decision Diagrams (BDDs) Generate larger and larger subset of the reachable states. Stop when no new states added Check whether intersects with bad states
Reachability analysis Standard algorithms can be adapted to use a SAT-solver. Need to be able to deal with quantifiers in a way that doesn’t just blow up A fascinating research area!
References (bounded model checking) A. Biere, A. Cimatti, E.M. Clarke, M. Fujita and Y. Zhu. Symbolic model checking using SAT procedures instead of BDDs. In Proc. 36th Design Automation Conference, 1999. P. Bjesse, T. Leonard and A. Mokkedem. Finding bugs in an Alpha microprocessor using satisfiability solvers. In Proc. 13th Int. Conf. On Computer Aided Verification, 2001.
References (induction with SAT-solvers) M. Sheeran, S. Singh and G. Stålmarck. Checking safety properties using induction and a SAT-solver. In Proc. 3rd Int. Conf. On Formal Methods in Computer Aided Design, LNCS, Springer Verlag, 2000. P. Bjesse and K. Claessen. SAT-based verification without state space traversal. In Proc. 3rd Int. Conf. On Formal Methods in Computer Aided Design, LNCS, Springer Verlag, 2000.
References (SAT-based reachability analysis) P. A. Abdulla, P. Bjesse and N. Een. Symbolic reachability analysis based on SAT-solvers. In Proc. TACAS’00. P. F. Williams, A. Biere, E. M. Clarke and A. Gupta. Combining decision diagrams and SAT procedures for efficient symbolic model checking. In CAV’00. A. Gupta, Z. Yang and P. Ashar, SAT-based image computation with application in reachability analysis for verification. In FMCAD’00.
The future? Increasingly powerful proof engines Integration in system development tools Combining different engines or methods (for example BDDs and SAT or interactive and automatic methods) Use of formal methods in test pattern generation