Computing Over-Approximations with Bounded Model Checking

Computing Over-Approximations with Bounded Model Checking

Bounded Model Checking (BMC) searches for counterexamples to a property φ with a bounded length k. If no such counterexample is found, k is increased. This process terminates when k exceeds the completeness threshold CT (i.e., k is sufficiently large to ensure that no counterexample exists) or when the SAT procedure exceeds its time or memory bounds. However, the completeness threshold is too l...

Model Checking LTL Properties over C Programs with Bounded Traces

Context-bounded model checking has been used successfully to verify safety properties in multi-threaded systems automatically, even if they are implemented in low-level programming languages such as C. In this paper, we describe and experiment with an approach to extend context-bounded software model checking to safety and liveness properties expressed in linear-time temporal logic (LTL). Our a...

Bounded Model Checking with QBF

Current algorithms for bounded model checking (BMC) use SAT methods for checking satisfiability of Boolean formulas. These BMC methods suffer from a potential memory explosion problem. Methods based on the validity of Quantified Boolean Formulas (QBF) allow an exponentially more succinct representation of the checked formulas, but have not been widely used, because of the lack of an efficient d...

Lazy Theorem Proving for Bounded Model Checking over Infinite Domains

Bounded Transaction Model Checking

Industrial cache coherence protocol models often have too many reachable states, preventing full reachability analysis even for small model instances (number of processors, addresses, etc.). Several partial search debugging methods are, therefore, employed, including lossy state compression using hash compaction, and bounded model checking (BMC, or equivalently, depth-bounded search). We show t...