SAT-Reach : A Bounded Model Checker for Affine Hybrid Systems

Abstract

Bounded model checking (BMC) is well-known to be undecidable even for simple hybrid systems. Existing work targeted for a wide class of non-linear hybrid systems reduces the BMC problem to the satisfiability problem of an satisfiability modulo theory formula encoding the hybrid system dynamics. Consequently, the satisfiability of the formula is deduced with a δ-decision procedure. However, the encoded formula can be complex for large automaton and for deep exploration causing the decision procedure to be inefficient. Additionally, a generalized decision procedure can be inefficient for hybrid systems with simple dynamics. In this article, we propose a BMC algorithm built upon the foundation of the counter example guided abstraction refinement (CEGAR) technique and targeted for hybrid systems with piecewise affine dynamics, modeled as a hybrid automaton. In particular, our algorithm begins by searching an abstract counterexample in the discrete state-space of the automaton. We check whether a discovered abstract counterexample is spurious or real by a two-tier refinement of the state-space guided by the abstract counterexample. The primary refinement is through symbolic reachability analysis and the following refinement is via a search of a real counterexample by the trajectory splicing method, guided in turn by the outcome of reachability analysis. We show that our algorithm reaps the benefits of the CEGAR technique by directing the exploration in the regions of interest and pruning search space that is irrelevant to the property under consideration. In addition, an optimization by memoizing the computed symbolic states during reachability analysis has been proposed for efficiency. The proposed algorithm is implemented in the tool SAT-Reach, and we compare its performance with dReach , XSpeed , Flow* , SpaceEx, and a pattern database heuristic-guided search algorithm. Experiments demonstrate the efficacy of our algorithm.