Symbolic Model Checking without BDDs

  • Armin Biere
  • Alessandro Cimatti
  • Edmund Clarke
  • Yunshan Zhu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1579)


Symbolic Model Checking [3], [14] has proven to be a powerful technique for the verification of reactive systems. BDDs [2] have traditionally been used as a symbolic representation of the system. In this paper we show how boolean decision procedures, like Stålmarck’s Method [16] or the Davis & Putnam Procedure [7], can replace BDDs. This new technique avoids the space blow up of BDDs, generates counterexamples much faster, and sometimes speeds up the verification. In addition, it produces counterexamples of minimal length. We introduce a bounded model checking procedure for LTL which reduces model checking to propositional satisfiability.We show that bounded LTL model checking can be done without a tableau construction. We have implemented a model checker BMC, based on bounded model checking, and preliminary results are presented.


Model Check Propositional Formula Kripke Structure Liveness Property Symbolic Model Check 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    Arne Borälv. The industrial success of verification tools based on Stålmarck’s Method. In Orna Grumberg, editor, International Conference on Computer-Aided Verification (CAV’97), number 1254 in LNCS. Springer-Verlag, 1997.Google Scholar
  2. [2]
    R. E. Bryant. Graph-based algorithms for boolean function manipulation. IEEE Transactions on Computers, 35(8):677–691, 1986.zbMATHCrossRefGoogle Scholar
  3. [3]
    J. R. Burch, E. M. Clarke, and K. L. McMillan. Symbolic model checking: 1020 states and beyond. Information and Computation, 98:142–170, 1992.zbMATHCrossRefMathSciNetGoogle Scholar
  4. [4]
    E. Clarke and E. A. Emerson. Design and synthesis of synchronization skeletons using branching time temporal logic. In Proceedings of the IBM Workshop on Logics of Programs, volume 131 of LNCS, pages 52–71. Springer-Verlag, 1981.Google Scholar
  5. [5]
    E. Clarke, O. Grumberg, and K. Hamaguchi. Another look at LTL model checking. In David L. Dill, editor, Computer Aided Verification, 6th International Conference (CAV’94), volume 818 of LNCS, pages 415–427. Springer-Verlag, June 1994.Google Scholar
  6. [6]
    Edmund M. Clarke, Orna Grumberg, and David E. Long. Model checking and abstraction. ACM Transactions on Programming Languages and Systems, 16(5):1512–1542, 1994.CrossRefGoogle Scholar
  7. [7]
    M. Davis and H. Putnam. A computing procedure for quantification theory. Journal of the Association for Computing Machinery, 7:201–215, 1960.zbMATHMathSciNetGoogle Scholar
  8. [8]
    E. A. Emerson and C.-L. Lei. Modalities for model checking: Branching time strikes back. Science of Computer Programming, 8:275–306, 1986.CrossRefMathSciNetGoogle Scholar
  9. [9]
    F. Giunchiglia and R. Sebastiani. Building decision procedures for modal logics from propositional decision procedures-the case study of modal K. In Proc. of the 13th Conference on Automated Deduction, Lecture Notes in Artificial Intelligence. Springer-Verlag, 1996.Google Scholar
  10. [10]
    D. S. Johnson and M. A. Trick, editors. The second DIMACS implementation challenge, DIMACS Series in Discrete Mathematics and Theoretical Computer Science, 1993. (see
  11. [11]
    H. Kautz and B. Selman. Pushing the envelope: planning, propositional logic, and stochastic search. In Proc. AAAI’96, Portland, OR, 1996.Google Scholar
  12. [12]
    O. Lichtenstein and A. Pnueli. Checking that finite state concurrent programs satisfy their linear specification. In Poceedings of the Twelfth Annual ACM Symposium on Principles of Programming Languages, pages 97–107, 1985.Google Scholar
  13. [13]
    A. J. Martin. The design of a self-timed circuit for distributed mutual exclusion. In H. Fuchs, editor, Proceedings of the 1985 Chapel Hill Conference on Very Large Scale Integration, 1985.Google Scholar
  14. [14]
    K. L. McMillan. Symbolic Model Checking: An Approach to the State Explosion Problem. Kluwer Academic Publishers, 1993.Google Scholar
  15. [15]
    A. P. Sistla and E. M. Clarke. The complexity of propositional linear temporal logics. Journal of Assoc. Comput. Mach., 32(3):733–749, 1985.zbMATHMathSciNetGoogle Scholar
  16. [16]
    G. Stålmarck and M. Säflund. Modeling and verifying systems and software in propositional logic. In B. K. Daniels, editor, Safety of Computer Control Systems (SAFECOMP’ 90), pages 31–36. Pergamon Press, 1990.Google Scholar
  17. [17]
    P. R. Stephan, R. K. Brayton, and A. L. Sangiovanni-Vincentelli. Combinational test generation using satisfiability. Technical Report M92/112, Departement of Electrical Engineering and Computer Science, University of California at Berkley, October 1992.Google Scholar
  18. [18]
    H. Zhang. SATO: An efficient propositional prover. In International Conference on Automated Deduction (CADE’97), number 1249 in LNAI, pages 272–275. Springer-Verlag, 1997.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Armin Biere
    • 1
  • Alessandro Cimatti
    • 2
  • Edmund Clarke
    • 1
  • Yunshan Zhu
    • 1
  1. 1.Computer Science DepartmentCarnegie Mellon UniversityPittsburghUSA
  2. 2.Istituto per la Ricerca Scientifica e Tecnologica (IRST)Povo (TN)Italy

Personalised recommendations