Formal Methods in System Design

, Volume 19, Issue 1, pp 7–34 | Cite as

Bounded Model Checking Using Satisfiability Solving

  • Edmund Clarke
  • Armin Biere
  • Richard Raimi
  • Yunshan Zhu


The phrase model checking refers to algorithms for exploring the state space of a transition system to determine if it obeys a specification of its intended behavior. These algorithms can perform exhaustive verification in a highly automatic manner, and, thus, have attracted much interest in industry. Model checking programs are now being commercially marketed. However, model checking has been held back by the state explosion problem, which is the problem that the number of states in a system grows exponentially in the number of system components. Much research has been devoted to ameliorating this problem.

In this tutorial, we first give a brief overview of the history of model checking to date, and then focus on recent techniques that combine model checking with satisfiability solving. These techniques, known as bounded model checking, do a very fast exploration of the state space, and for some types of problems seem to offer large performance improvements over previous approaches. We review experiments with bounded model checking on both public domain and industrial designs, and propose a methodology for applying the technique in industry for invariance checking. We then summarize the pros and cons of this new technology and discuss future research efforts to extend its capabilities.

model checking processor verification satisfiability bounded model checking cone of influence reduction 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    P.A. Abdulla, P. Bjesse, and N. Een, “Symbolic reachability analysis based on sat-solvers,” in TACAS'00, 6th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, Springer-Verlag, Berlin, 2000.Google Scholar
  2. 2.
    A. Biere, A. Cimatti, E.M. Clarke, M. Fujita, and Y. Zhu, “Symbolic model checking using SAT procedures instead of BDDs,” in Design Automation Conference, (DAC'99), June1999.Google Scholar
  3. 3.
    A. Biere, A. Cimatti, E.M. Clarke, and Y. Zhu, “Symbolic model checking without BDDs,” in TACAS'99, 1999.Google Scholar
  4. 4.
    A. Biere, E.M. Clarke, R. Raimi, and Y. Zhu, “Verifying safety properties of a PowerPC microprocessor using symbolic model checking without BDDs,” in International Conference on Computer-Aided Verification (CAV'99), July 1999.Google Scholar
  5. 5.
    A. Borälv, “The industrial success of verification tools based on Stålmarck's method,” in O. Grumberg (Ed.), International Conference on Computer-Aided Verification (CAV'97), number 1254 in LNCS, Springer-Verlag, Berlin, 1997.Google Scholar
  6. 6.
    R.E. Bryant, “Graph-based algorithms for Boolean function manipulation,” IEEE Transactions on Computers, Vol. 35, No. 8, pp. 677–691, 1986.Google Scholar
  7. 7.
    J.R. Burch, E.M. Clarke, and D. Long, “Representing circuits more efficiently in symbolic model checking,” in Proc. Design Automation Conference, 1991.Google Scholar
  8. 8.
    J.R. Burch, E.M. Clarke, K.L. McMillan, D.L. Dill, and L.J. Hwang, “Symbolic model checking: 1020 states and beyond,” Information and Computation, Vol. 98, No. 2, pp. 142–170, June 1992. Originally presented at the 1990 Symposium on Logic in Computer Science (LICS90).Google Scholar
  9. 9.
    E.M. Clarke and E.A. Emerson, “Design and synthesis of synchronization skeletons using branching time temporal logic,” In Proceedings of the IBM Workshop on Logics of Programs, Springer-Verlag, Berlin, 1981, Vol. 131of LNCS, pp. 52–71.Google Scholar
  10. 10.
    E.M. Clarke, E.A. Emerson, and A.P. Sistla, “Automatic verification of finie-state concurrent systems using temporal logic specifcations,” ACM Transactions on Programming Languages and Systems, Vol. 8, No. 2, pp. 244–263, 1986.Google Scholar
  11. 11.
    E.M. Clarke, O. Grumberg, H. Hiraishi, S. Jha, D.E. Long, K.L. McMillan, and L.A. Ness, “Verification of the futurebux+ cache coherence protocol,” in Proc. 11th Intl. Symp. on Computer Hdwe. Description Lang. and their Applications, April 1993.Google Scholar
  12. 12.
    E.M. Clarke, O. Grumberg, and D.E. Long. “Model checking and abstraction,” in Proc. 19th Ann. ACMSymp. on Principles of Prog. Lang., Jan. 1992.Google Scholar
  13. 13.
    E.M. Clarke, O. Grumberg, and D.E. Long, “Model checking and abstraction,” ACM Transactions on ProgrammingLanguages and Systems, Vol. 16, No. 5, pp. 1512–1542, 1994.Google Scholar
  14. 14.
    E.M. Clarke, O. Grumberg, and D.A. Peled, Model Checking, The MIT Press, Cambridge, MA, 2000.Google Scholar
  15. 15.
    O. Coudert, J.C. Madre, and C. Berthet, “Verifying temporal properties of sequential machines without building their state diagrams,” in Proc. 10th Int'l Computer Aided Verification Conference, 1990, pp. 23–32.Google Scholar
  16. 16.
    M. Davis and H. Putnam, “A computing procedure for quantification theory,” Journal of the Association for Computing Machinery, Vol. 7, pp. 201–215, 1960.Google Scholar
  17. 17.
    F. Giunchiglia and R. Sebastiani, “Building decision procedures for modal logics from propositional decision procedures—-the case study of modal K,” in Proc. of the 13th Conference on Automated Deduction, Lecture Notes in Artificial Intelligence, Springer-Verlag, 1996.Google Scholar
  18. 18.
    O. Grumberg and D.E. Long, “Model checking and modular verification,” ACM Transactions on Programming Languages and Systems, Vol. 6, pp. 843–872, May 1994.Google Scholar
  19. 19.
    D. Jackson, “An intermediate design language and its analysis,” in Proceedings of Foundations of Software Engineering, November 1998.Google Scholar
  20. 20.
    D.S. Johnson and M.A. Trick (Eds.), The second DIMACS implementation challenge, DIMACS Series in Discrete Mathematics and Theoretical Computer Science, 1993. (see http://dimacs. Scholar
  21. 21.
    M. Kaufmann, A. Martin, and C. Pixley, “Design constraints in symbolic model checking,” in Proc. 10th Int'l Computer Aided Verification Conference, June 1998.Google Scholar
  22. 22.
    H. Kautz and B. Selman, “Pushing the envelope: Planning, propositional logic, and stochastic search,” in Proc. AAAI'96, Portland, OR, 1996.Google Scholar
  23. 23.
    R.P. Kurshan, Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach, Princeton University Press, Princeton, New Jersey, 1994, pp. 170–172.Google Scholar
  24. 24.
    T. Larrabee, “Test pattern generation using Boolean satisfiability,” IEEE Transactions on Computer-Aided Design of Integrated Circuits, Vol. 11, pp.4–15, 1992.Google Scholar
  25. 25.
    A.J. Martin, The design of a self-timed circuit for distributed mutual exclusion, in H. Fuchs (Ed.), Proceedings of the 1985 Chapel Hill Conference on Very Large Scale Integration, 1985.Google Scholar
  26. 26.
    K.L. McMillan, Symbolic Model Checking: An Approach to the State Explosion Problem, Kluwer Academic Publishers, Boston, 1993.Google Scholar
  27. 27.
    C. Pixley, “A computational theory and implementation of sequential hardware equivalence,” in CAV'90 DIMACS series, vol. 3, also DIMACS Tech. Report 90-31, pp. 293–320, 1990.Google Scholar
  28. 28.
    D. Plaisted and S. Greenbaum, “A structure-preserving clause form translation,” Journal of Symbolic Computation, Vol. 2, pp. 293–304, 1986.Google Scholar
  29. 29.
    J.P. Quielle and J. Sifakis, “Specification and verification of concurrent systems in CESAR,” in Proc. 5th Int. Symp. in Programming, 1981.Google Scholar
  30. 30.
    R. Raimi and J. Lear, “Analyzing a PowerPC 620 microprocessor silicon failure using model checking,” in Proc. Int'l Test Conference, 1997.Google Scholar
  31. 31.
    R. Ranjan, A. Aziz, R. Brayton, B. Plessier, and C. Pixley, “Efficient BDD algorithms for FSM synthesis and verification,” in Int'l Workshop on Logic Synthesis, 1995.Google Scholar
  32. 32.
    O. Shtrichman, “Tuning sat checkers for bounded model-checking,” in Computer Aided Verification, 12th International Conference (CAV'00), Springer-Verlag, Berlin, 2000.Google Scholar
  33. 33.
    J.P.M. Silva, “Search algorithms for satisfiability problems in combinational switching circuits,” Ph.D. Dissertation, EECS Department,University of Michigan, May 1995.Google Scholar
  34. 34.
    J.P.M. Silva, L.M. Siveira, and J. Marques-Silva, “Algorithms for solving Boolean satisfiability in combinational circuits,” in Design, Automation and Test in Europe (DATE), 1999.Google Scholar
  35. 35.
    G.Stålmarck and M.Säflund, “Modeling and verifying systems and software in propositional logic,” in B.K. Daniels (Ed.), Safety of Computer Control Systems (SAFECOMP'90), Pergamon Press, 1990, pp. 31–36.Google Scholar
  36. 36.
    P.R. Stephan, R.K. Brayton, and A.L. Sangiovanni-Vincentelli, “Combinational test generation using satisfiability,” IEEE Transactions on Computer-Aided Design of Integrated Circuits, Vol. 15, pp. 1167–1176, 1996.Google Scholar
  37. 37.
    P.F. Williams, A. Biere, E.M. Clarke, and A. Gupta, “Combining decision diagrams and sat procedures for efficient symbolic model checking,” in Computer Aided Verification, 12th International Conference (CAV'00), Springer-Verlag, Berlin, 2000.Google Scholar
  38. 38.
    H. Zhang. A Decision Procedure for Propositional Logic. Assoc. for Automated Reasoning Newsletter, Vol. 22, pp. 1–3, 1993.Google Scholar
  39. 39.
    H. Zhang, “SATO: An efficient propositional prover,” in International Conference on Automated Deduction (CADE'97), number 1249 in LNAI, Springer-Verlag, Berlin, 1997, pp. 272–275.Google Scholar

Copyright information

© Kluwer Academic Publishers 2001

Authors and Affiliations

  • Edmund Clarke
    • 1
  • Armin Biere
    • 2
  • Richard Raimi
    • 3
  • Yunshan Zhu
    • 3
  1. 1.Computer Science DepartmentCMUPittsburghUSA
  2. 2.Institute of Computer SystemsETH ZürichZürichSwitzerland
  3. 3.TriMedia Technologies, Inc.Austin

Personalised recommendations