Verification of Infinite State Systems by Compositional Model Checking

  • K. L. McMillan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1703)


A method of compositional verification is presented that uses the combination of temporal case splitting and data type reductions to reduce types of infinite or unbounded range to small finite types, and arrays of infinite or unbounded size to small fixed-size arrays. This supports the verification by model checking of systems with unbounded resources and uninterpreted functions. The method is illustrated by application to an implementation of Tomasulo’s algorithm, for arbitrary or infinite word size, register file size, number of reservation stations and number of execution units.


Model Check Abstract Model Linear Temporal Logic Abstract Interpretation Reservation Station 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    R. Alur, T. A. Henzinger, F. Mang, S. Qadeer, S. K. Rajamani, and S. Tasiran. Mocha: Modularity in model checking. In A. J. Hu and M. Y. Vardi, editors, CAV’ 98, number 1427 in LNCS, pages 521–525. Springer-Verlag.Google Scholar
  2. 2.
    S. Berezin, A. Biere, E. Clarke, and Y. Zhu. Combining symbolic model checking with uninterpreted functions for out-of-order processor verification. In FMCAD’ 98, number 1522 in LNCS, pages 351–368. Springer, 1998.Google Scholar
  3. 3.
    R. E. Bryant and C.-J. Seger. Formal verification of digital circuits using symbolic ternary system models. In R. Kurshan and E. M. Clarke, editors, Workshop on Computer-Aided Verification, New Brunswick, New Jersey, June 1990.Google Scholar
  4. 4.
    J. R. Burch and D. L. Dill. Automatic verification of pipelined microprocessor control. In Computer-Aided Verification (CAV’ 94). Springer-Verlag, 1994.Google Scholar
  5. 5.
    P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In 4th POPL, pages 238–252. ACM Press, 1977.Google Scholar
  6. 6.
    A. Eiriksson. Formal design of 1M-gate ASICs. In FMCAD’ 98, number 1522 in LNCS, pages 49–63. Springer, 1998.Google Scholar
  7. 7.
    R. Hojati and R. K. Brayton. Automatic datapath abstraction of hardware systems. In CAV ‘95, number 939 in LNCS, pages 98–113. Springer-Verlag, 1995.Google Scholar
  8. 8.
    R. Hojati, A. Isles, D. Kirkpatrick, and R. K. Brayton. Verification using uninterpreted functions and finite instantiations. In FMCAD’ 96, volume 1166 of LNCS, pages 218–232. Springer, 1996.Google Scholar
  9. 9.
    C. Ip and D. Dill. Better verification through symmetry. Formal Methods in System Design, 9(1-2):41–75, Aug. 1996.Google Scholar
  10. 10.
    R. B. Jones, D. L. Dill, and J. R. Burch. Efficient validity checking for processor verification. In ICCAD’ 95, 1995.Google Scholar
  11. 11.
    R. S. Lazić and A. W. Roscoe. Verifying determinism of concurrent systems which use unbounded arrays. Technical Report PRG-TR-2-98, Oxford Univ. Computing Lab., 1998.Google Scholar
  12. 12.
    D. E. Long. Model checking, abstraction, and compositional verification. Tecnical report CMU-CS-93-178, CMU School of Comp. Sci., July 1993. Ph.D. Thesis.Google Scholar
  13. 13.
    K. L. McMillan. Verification of an implementation of tomasulo’s algorithm by compositional model checking. In CAV’ 98, number 1427 in LNCS, pages 100–121. Springer-Verlag, 1998.Google Scholar
  14. 14.
    J. U. Skakkabaek, R. B. Jones, and D. L. Dill. Formal verification of out-of-order execution using incremental flushing. In CAV’ 98, number 1427 in LNCS, pages 98–109. Springer-Verlag, 1998.Google Scholar
  15. 15.
    R. M. Tomasulo. An efficient algorithm for exploiting multiple arithmetic units. IBM J. of Research and Development, 11(1):25–33, Jan. 1967.Google Scholar
  16. 16.
    T. E. Truman. A Methodology for the Design and Implementation of Communication Protocols for Embedded Wireless Systems. PhD thesis, Dept. of EECS, University of CA, Berkeley, May 1998.Google Scholar
  17. 17.
    M. Velev and R. E. Bryant. Bit-level abstraction in the verification of pipelined microprocessors by correspondence checking. In FMCAD ‘98, number 1522 in LNCS, pages 18–35. Springer, 1998.Google Scholar
  18. 18.
    P. Wolper. Epressing interesting properties of programs in propositional temporal logic. In 13th ACM POPL, pages 184–193, 1986.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • K. L. McMillan
    • 1
  1. 1.Cadence Berkeley LabsUSA

Personalised recommendations