SAT Based Model Checking
Doctoral thesis, 2005
This Thesis is a study of automatic reasoning about finite state machines (FSMs). Two techniques used in hardware verification are presented. In both, the verification is carried out by a translation of the problem into propositional logic. Satisfiability and validity of propositional formulas are decided by the use of a SAT solver. For this reason, the fundamental techniques of a modern SAT solver are also presented.
The material belongs in the research field of symbolic model checking (SMC). The field comprises different methods of verifying (temporal) properties of finite systems, such as hardware designs, with a high degree of automation. The scope of current methods, and the level of automation, is such that SMC is frequently applied in industry.
One way to prove a property of a system is to explicitly enumerate all reachable states, and check the property for each one. This is known as explicit state model checking. SMC, on the other hand, works by reasoning symbolically about the system, using a compact representation of sets of states. There is no direct relation between the size of a set and its representation, which gives SMC the potential of handling systems with very large state spaces.
Conventional SMC is carried out by using binary decision diagrams (BDDs), a canonical representation of boolean functions (i.e. subsets of Booln), to compute and represent subsets of the state space. Although algorithms based on BDDs have been successful in many applications, there are limitations that cannot easily be overcome. In this Thesis, alternative approaches based on SAT are explored, in the hope of removing some of those limitations.
The first paper in the Thesis shows how reachability analysis (computing a representation of the reachable states) can be performed in much the same way as for BDDs, using a non-canonical representation of boolean functions. The method includes a translation from quantified boolean formulas (QBFs) to propositional formulas, and the use of a SAT solver for termination checks.
The second paper shows how safety properties can be proven by means of temporal induction (also known as k-induction). Several improvements are made to previous techniques, in particular by the introduction and novel use of an incremental SAT solver. The performance gain is documented by thorough testing.
The third paper documents in detail how a modern SAT solver is constructed and suggests some extensions. It shows how arbitrary boolean constraints can be added to a SAT solver, and also implements an incremental SAT interface.
The fourth and final paper proposes a solution to the important problem of generating good SAT encodings of domain specific problems. The approach is general in the sense that it is not limited to the typical translation from netlists, often used in hardware verification.