Harnessing SMT-Based Bounded Model Checking through Stateless Explicit-State Exploration

We propose a hybrid approach to improving the verification performance of SMT-based bounded model checking for LTL properties. In this approach, stateless explicit-state exploration is utilized to traverse, under the constraints of bounded context switches, the state space of a system design and memorize legal execution paths. These paths are classified according to certain predicates into path clusters, which are then encoded into propositional formulas representing, together with the encoded formula for an LTL property, independent BMC instances. Such BMC instances are solved with SMT solvers running on mutilcores in parallel. Once a counterexample is found for one of the instances, the entire model checking terminates. This hybrid checking procedure progresses in an incremental fashion until either a counterexample is found or the user-specified bound is reached. We have implemented this proposed hybrid approach in a tool called Garakabu2 with CVC4 as its backend solver. The experimental results show that Garakabu2 often outperforms the state-of-the-art pure BMC methods implemented in SAL infinite bounded model checker for both safety and liveness properties.