Advances in SymbolicModel Checking Techniques

A common theme in symbolic model checking is to compute an inductive strengthening of the desired invariant, which forms a proof that no erroneous state can be reached by the system. The original symbolic model checking algorithm computed this inductive strengthening by computing (a hopefully succinct) representation of all reachable states by fixpoint computations and OBDDs. This set of reachable states is, by definition, closed under the transition relation. If no erroneous state is found to be in this set, then it forms an inductive invariant. Symbolic model checking techniques also handle liveness properties using fixpoint computations. More recently, other techniques for computing inductive strengthenings, which are more efficient in practice, have been proposed. These techniques can broadly be classified as ‘abstraction based’ and ‘resolution based’. In this manuscript, we describe and compare three approaches for computing inductive strengthenings. The first approach computes the inductive strengthening over an abstracted version of the system, refining the abstracted system appropriately when the process fails due to loss of information from abstraction. The second approach uses proofs of unsatisfiability from bounded model checking queries to construct the inductive strengthening. The third approach on the other hand tries to construct the inductive strengthening incrementally by considering individual counterexamples to induction.