The design of safety-critical systems often requires design space exploration: comparing several system models that differ in terms of design choices, capabilities, and implementations. Model checking can compare different models in such a set, however, it is continuously challenged by the state space explosion problem. Therefore, learning and reusing information from solving related models becomes very important for future checking efforts. For example, reusing variable ordering in BDD-based model checking leads to substantial performance improvement. In this paper, we present a SAT-based algorithm for checking a set of models. Our algorithm, FuseIC3, extends IC3 to minimize time spent in exploring the common state space between related models. Specifically, FuseIC3 accumulates artifacts from the sequence of over-approximated reachable states, called frames, from earlier runs when checking new models, albeit, after careful repair. It uses bidirectional reachability; forward reachability to repair frames, and IC3-type backward reachability to block predecessors to bad states. We extensively evaluate FuseIC3 over a large collection of challenging benchmarks. FuseIC3 is on-average up to 5.48\(\times \) (median 1.75\(\times \)) faster than checking each model individually, and up to 3.67\(\times \) (median 1.72\(\times \)) faster than the state-of-the-art incremental IC3 algorithm. Moreover, we evaluate the performance improvement of FuseIC3 by smarter ordering of models and property grouping using a linear-time hashing approach.

安全关键系统的设计通常需要设计空间探索：比较几个在设计选择、功能和实现方面不同的系统模型。模型检查可以比较这样一个集合中的不同模型，但是，它不断受到状态空间爆炸问题的挑战。因此，从解决相关模型中学习和重用信息对于未来的检查工作变得非常重要。例如，在基于 BDD 的模型检查中重用变量排序可以显着提高性能。在本文中，我们提出了一种基于 SAT 的算法来检查一组模型。我们的算法 FuseIC3 扩展了IC3最大限度地减少探索相关模型之间的公共状态空间所花费的时间。具体来说，FuseIC3在检查新模型时从早期运行的过度近似可达状态序列（称为帧）中累积伪影，尽管经过仔细修复。它使用双向可达性；修复帧的前向可达性，以及阻止前任进入坏状态的IC3型后向可达性。我们在大量具有挑战性的基准测试中广泛评估了 FuseIC3。FuseIC3 的平均速度比单独检查每个模型快 5.48 \(\times \)（中位数 1.75 \(\times \)），最高可达 3.67 \(\times \)（中位数 1.72 \(\times \)) 比最先进的增量IC3算法更快。此外，我们使用线性时间散列方法通过更智能的模型排序和属性分组来评估 FuseIC3 的性能改进。