Semantics, Decision Procedures, and Abstraction Refinement for Symbolic Trajectory Evaluation

Abstract: The rapid growth in hardware complexity has led to a need for formal verification of hardware designs to prevent bugs from entering the final silicon. Model-checking is a verification method in which a model of a system is checked against a property, describing the desired behaviour of the system over time. Today, all major hardware companies use model-checkers in order to reduce the number of bugs in their designs. Symbolic Trajectory Evaluation (STE) is a model-checking technique for hardware. STE uses abstraction, meaning that details of the circuit behaviour are removed from the circuit model. This improves the capacity limits of the method, but has as down-side that certain properties cannot be proved if the wrong abstraction is chosen. STE is limited to properties ranging over a finite number of time-steps. Generalised Symbolic Trajectory Evaluation (GSTE) is an extension of STE that can deal with properties ranging over unbounded time. This thesis describes several important contributions to research on STE and GSTE. First of all, the thesis describes a SAT-based method for abstraction refinement in STE. A main drawback of STE is that the user needs to spend time on finding the right abstraction. Often, a great deal of time is spent on such manual abstraction refinement. To address this problem, we have invented a method for assisting STE users with manual abstraction refinement. As a case study, we have demonstrated the usefulness of the algorithm by showing how to refine and verify an STE specification of a Content-Addressable Memory (CAM). Furthermore, the thesis describes faithful semantics for STE and GSTE. The reason for developing these semantics is that we have discovered that the existing semantics for STE and GSTE do not correspond to the proving power of the corresponding model-checking algorithms. We believe that the semantics are an important contribution for at least two reasons. First of all, a faithful semantics makes STE and GSTE more accessible to novice users: a faithful semantics enables users to understand the abstraction used in STE and GSTE, without having to understand the details of the model-checking algorithm. Secondly, a faithful semantics can be used as basis for research on new model-checking algorithms and other tools for STE and GSTE. To illustrate this, building upon our faithful semantics for STE, we have developed the third contribution of this thesis: a new SAT-based model-checking algorithm for STE. In the thesis, we demonstrate on a series of benchmarks that our new algorithm outperforms other SAT-based model-checking algorithms for STE.