Counterexample-guided abstraction refinement for symbolic model checking

TLDR

The state‑explosion problem hampers symbolic model checking of large hardware designs, and although state‑space abstraction is essential for industrial verification, it is usually manual and can produce spurious counterexamples. This work introduces an automatic iterative abstraction‑refinement methodology that extends symbolic model checking by automatically generating abstract models and refining them based on symbolic analysis of counterexamples. The method automatically constructs an initial abstract model from the program’s control structures, uses symbolic techniques to analyze counterexamples, refines the model accordingly, and is implemented in the aSMV prototype within NuSMV. Experiments on a large Fujitsu IP core with 500 latches and 10,000 lines of SMV code demonstrate the effectiveness of the approach.

Abstract

The state explosion problem remains a major hurdle in applying symbolic model checking to large hardware designs. State space abstraction, having been essential for verifying designs of industrial complexity, is typically a manual process, requiring considerable creativity and insight.In this article, we present an automatic iterative abstraction-refinement methodology that extends symbolic model checking. In our method, the initial abstract model is generated by an automatic analysis of the control structures in the program to be verified. Abstract models may admit erroneous (or "spurious") counterexamples. We devise new symbolic techniques that analyze such counterexamples and refine the abstract model correspondingly. We describe aSMV, a prototype implementation of our methodology in NuSMV. Practical experiments including a large Fujitsu IP core design with about 500 latches and 10000 lines of SMV code confirm the effectiveness of our approach.

References

Page 1

	Year	Citations

Page 1