“…The key insight, due to Katelman, is that the rewriting semantics can be used symbolically to generate desired test inputs, not on a device's concrete states, but on states that are partly symbolic (contain logical variables) and partly concrete. Broadly speaking, this is an instance of the symbolic reachability analysis of rewrite theories I have discussed in Section 3.3; but for hardware verification the approach, first outlined in [257] and more fully developed in [256], has a number of unique features including: (i) the use of SAT solvers to symbolically solve Boolean constraints; (ii) support for user-guided random generation of partial instantiations; and (iii) a flexible strategy language, in which a hardware designer can specify in a declarative, high-level way the kind of test that needs to be generated. The effectiveness of this approach for generating sophisticated tests on real hardware designs, and for finding unknown bugs in such designs, has been demonstrated for medium-sized Verilog designs, including the I 2 C-Bus Master Controller, and a microprocessor design [251,256].…”