Facilitating Multicore Bounded Model Checking with Stateless Explicit-State Exploration

Bounded Model Checking (BMC) converts a verification problem within a user-specified bound into satisfiability checks of propositional formulas. As the bound deepens, the formulas become larger in size and harder to solve. In this paper, we propose a hybrid approach in which stateless explicit-state exploration (SESE) is integrated into the BMC process to improve the scalability and performance of BMC for the verification of properties expressed in Linear Temporal Logic (LTL). Specifically, SESE is utilized to traverse, under the constraints of Bounded-Context Switching (BCS), the state space of a system design and memorize legal execution paths. These paths are classified according to heuristic state predicates into path clusters, which are then encoded into propositional formulas representing, together with the encoded formula for an LTL property, independent BMC instances. Such BMC instances are solved with SMT solvers running on mutilcores in parallel. Once a counterexample is found for one of the instances, the entire model checking (SESE as well as BMC) terminates. This hybrid checking procedure progresses in an incremental fashion until either a counterexample is found or the user-specified bound is reached. We have implemented this proposed hybrid approach in a tool called Garakabu2 with Yices 2 as its back-end solver. The experimental results show that Garakabu2 outperforms significantly the state-of-the-art BMC methods implemented in SAL for both safety and liveness properties.