Approximate Reachability Don't Cares for CTL model checking

Abstract

RDCs (Reachability Don't Cares) can have a dramatic impact on the cost of CTL model checking (J. Yuan et al., 1997). Unfortunately, RDCs, being a global property, are often much more difficult to compute than the satisfying set of typical CTL formulas. We address this problem through the use of Approximate Reachability Don't Cares (ARDCs), computed with the algorithms developed for the VERITAS sequential synthesis package (H. ho et al., 1990; 1996). Approximate reachable states represent an upper bound on the set of true reachable states, and thus a lower bound on the set of unreachable (Don't Care) states. ARDCs can be 10X to 100X (or much more for very large circuits) cheaper to compute than RDCs, and in some cases have the same dramatic effect on CTL model checking as the real RDCs. We also discuss the application of ARDCs to the problem of exact computation of the RDCs themselves. Experiments on industrial benchmarks show that order of magnitude speedups are possible, and occur frequently. The experimental results presented strongly support our claim that ARDCs play a safe and important way out of a serious dilemma: RDCs are necessary for tractable model checking of many large circuits, but the computation of the RDCs themselves is often intractable. We include, and theoretically justify, significant extensions of the VERITAS algorithms, and show that they can be up to an order of magnitude faster, while computing a virtually identical upper bound.