Automated Extraction of Inductive Invariants to Aid Model Checking

Slides:



Advertisements
Similar presentations
1 Verification by Model Checking. 2 Part 1 : Motivation.
Advertisements

The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.
Exploiting SAT solvers in unbounded model checking
The Synthesis of Cyclic Circuits with SAT and Interpolation By John Backes and Marc Riedel ECE University of Minnesota.
Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
Efficient Implementation of Property Directed Reachability Niklas Een, Alan Mishchenko, Robert Brayton.
Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
Timed Automata.
Aaron Bradley University of Colorado, Boulder
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB.
© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
1 Formal Models for Stability Analysis : Verifying Average Dwell Time * Sayan Mitra MIT,CSAIL Research Qualifying Exam 20 th December.
Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.
Efficient Reachability Checking using Sequential SAT G. Parthasarathy, M. K. Iyer, K.-T.Cheng, Li. C. Wang Department of ECE University of California –
Inductively Finding a Reachable State Space Over-Approximation EE 290a Project Presentation Mike Case.
Computing Over­Approximations with Bounded Model Checking Daniel Kroening ETH Zürich.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Automated Extraction of Inductive Invariants to Aid Model Checking Mike Case DES/CHESS Seminar EECS Department, UC Berkeley April 10, 2007.
USING SAT-BASED CRAIG INTERPOLATION TO ENLARGE CLOCK GATING FUNCTIONS Ting-Hao Lin, Chung-Yang (Ric) Huang Graduate Institute of Electrical Engineering,
B. Fernández, D. Darvas, E. Blanco Formal methods appliedto PLC code verification Automation seminar CERN – IFAC (CEA) 02/06/2014.
Aditya V. Nori, Sriram K. Rajamani Microsoft Research India.
Incremental formal verification of hardware Hana Chockler Alexander Ivrii Arie Matsliah Shiri Moran Ziv Nevo IBM Research - Haifa.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Property Directed Reachability (PDR) Using Cubes of Non-state Variables With Property Directed Reachability Using Cubes of Non-state Variables With Property.
Lazy Annotation for Program Testing and Verification Speaker: Chen-Hsuan Adonis Lin Advisor: Jie-Hong Roland Jiang November 26,
Cut-Based Inductive Invariant Computation Michael Case 1,2 Alan Mishchenko 1 Robert Brayton 1 Robert Brayton 1 1 UC Berkeley 2 IBM Systems and Technology.
SAT-Based Model Checking Without Unrolling Aaron R. Bradley.
Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.
PDR: Property Directed Reachability AKA ic3: SAT-Based Model Checking Without Unrolling Aaron Bradley University of Colorado, Boulder University of Colorado,
Synergy: A New Algorithm for Property Checking Bhargav S. Gulavani (IIT Bombay)‏ Yamini Kannan (Microsoft Research India)‏ Thomas A. Henzinger (EPFL)‏
Automated Formal Verification of PLC (Programmable Logic Controller) Programs
CS357 Lecture 13: Symbolic model checking without BDDs Alex Aiken David Dill 1.
1 Alan Mishchenko Research Update June-September 2008.
A Semi-Canonical Form for Sequential Circuits Alan Mishchenko Niklas Een Robert Brayton UC Berkeley Michael Case Pankaj Chauhan Nikhil Sharma Calypto Design.
© Anvesh Komuravelli Spacer Model Checking with Proofs and Counterexamples Anvesh Komuravelli Carnegie Mellon University Joint work with Arie Gurfinkel,
Variable-Time-Frame Gate-Level Abstraction Alan Mishchenko Niklas Een Robert Brayton Alan Mishchenko Niklas Een Robert Brayton UC Berkeley UC Berkeley.
Sequential Equivalence Checking for Clock-Gated Circuits Hamid Savoj Robert Brayton Niklas Een Alan Mishchenko Department of EECS University of California,
Presentation Title 2/4/2018 Software Verification using Predicate Abstraction and Iterative Refinement: Part Bug Catching: Automated Program Verification.
Introduction to Formal Verification
Abstraction and Refinement for Large Scale Model Checking
SS 2017 Software Verification Bounded Model Checking, Outlook
Synthesis for Verification
Solving Linear Arithmetic with SAT-based MC
Formal Methods in Software Engineering 1
Enhancing PDR/IC3 with Localization Abstraction
New Directions in the Development of ABC
Alan Mishchenko Robert Brayton UC Berkeley
A Semi-Canonical Form for Sequential AIGs
Synthesis for Verification
Propositional Calculus: Boolean Algebra and Simplification
Relatively Complete Refinement Type System for Verification of Higher-Order Non-deterministic Programs Hiroshi Unno (University of Tsukuba) Yuki Satake.
Optimal Redundancy Removal without Fixedpoint Computation
Property Directed Reachability with Word-Level Abstraction
Equivalence Checking By Logic Relaxation
Introduction to Formal Verification
Alan Mishchenko University of California, Berkeley
Robert Brayton Alan Mishchenko Department of EECS UC Berkeley
Scalable and Scalably-Verifiable Sequential Synthesis
GLA: Gate-Level Abstraction Revisited
Resolution Proofs for Combinational Equivalence
Proofs of Correctness: An Introduction to Axiomatic Verification
Alan Mishchenko UC Berkeley
Recording Synthesis History for Sequential Verification
Alan Mishchenko UC Berkeley
Improved Design Debugging using Maximum Satisfiability
Verifying Clausal Proofs, DRUPing and Interpolants SAT/SMT Seminar
Presentation transcript:

Automated Extraction of Inductive Invariants to Aid Model Checking Michael L. Case, Alan Mishchenko, and Robert K. Brayton University of California, Berkeley FMCAD 2007

Motivation What kind of information will help verification? Design w/ Safety Property Design w/ Safety Property Additional Design Information Verification Time What kind of information will help verification? How do we know when we’ve given enough information? Is the additional information easily verifiable? November 14, 2007 Mike Case, FMCAD 2007

Abstract Present a framework to automatically find/prove this extra design information Local properties (Inductive Invariants) Only considered if they help the verification Limited in number, easy to prove correct Verifying safety properties in a gate-level hardware design Interpolation used as a case study November 14, 2007 Mike Case, FMCAD 2007

Outline Forming a reachability approximation Brief introduction to Interpolation Tailoring reachable approximation for a target application Helping interpolation Proof graph formulation Experimental results November 14, 2007 Mike Case, FMCAD 2007

Outline Forming a reachability approximation Brief introduction to Interpolation Tailoring reachable approximation for a target application Helping interpolation Proof graph formulation Experimental results November 14, 2007 Mike Case, FMCAD 2007

Approximating the Reachable States Prove inductive invariants (local properties that hold  reachable states) Conjunction gives reachability approximation I November 14, 2007 Mike Case, FMCAD 2007

Quickly Proving Local Properties Our previous work Derive a large set of candidate invariants (implications) Proved in a van Eijk-style induction Tries to prove as many properties as possible Do we need to prove all properties? Are some better than others? Tight reachability approx. or just “good enough”? November 14, 2007 Mike Case, FMCAD 2007

Outline Forming a reachability approximation Brief introduction to Interpolation Tailoring reachable approximation for a target application Helping interpolation Proof graph formulation Experimental results November 14, 2007 Mike Case, FMCAD 2007

The Interpolation Algorithm Initialize approximation parameters Reachability: Tighten approximation parameters Image 2 Image 1 frontier := initial states B I Bad state reached? yes Interpolation: no Image 2 frontier += approxImage(frontier) Image 1 Cex reached directly from the initial state? no S B I Fixed Point? no yes yes Property Falsified November 14, 2007 Property Verified Mike Case, FMCAD 2007

Problems With Interpolation Can explore unreachable states No control over the approximate image Often can’t decide if an encountered bad state is reachable Requires frequent restarts Refining the approximation parameters and restarting is the most expensive operation Discards all prior work November 14, 2007 Mike Case, FMCAD 2007

Enhancing Interpolation Possible to avoid the model refinement Show either S or B unreachable  Invariants that are violated in either S or B Suppose we had a tool to find invariants to do this Adding the invariants to our satisfiability solver would prevent S or B from being explored Image 2 Image 1 S B I November 14, 2007 Mike Case, FMCAD 2007

Outline Forming a reachability approximation Brief introduction to Interpolation Tailoring reachable approximation for a target application Helping interpolation Proof graph formulation Experimental results November 14, 2007 Mike Case, FMCAD 2007

Targetted Invariant Tool Given a state S that we want to prove unreachable Find {P} such that Implies that S is unreachable Can be proved with simple (one-step) induction November 14, 2007 Mike Case, FMCAD 2007

Initialize approximation parameters Tighten approximation parameters no frontier := initial states Can we find invariants? yes Bad state reached? yes no frontier += approxImage(frontier) Cex reached directly from the initial state? no Fixed Point? no yes yes Property Falsified Property Verified November 14, 2007 Mike Case, FMCAD 2007

Proving A State Unreachable Previous work proves a large set of states unreachable Proves many small properties Can we limit the invariants to target states of interest? November 14, 2007 Mike Case, FMCAD 2007

Outline Forming a reachability approximation Brief introduction to Interpolation Tailoring reachable approximation for a target application Helping interpolation Proof graph formulation Experimental results November 14, 2007 Mike Case, FMCAD 2007

The Proof Graph { P } S { P } S (a state) (a set of properties) (a set of properties) (a state) S is the reason the inductive proof of the properties does not succeed S is the counterexample in the simple induction proof Proving S unreachable is a necessary condition for proving any property in the set S is why we can’t prove {P} Every property in the set is violated in S Proving any such property implies that S is unreachable {P} are how we will prove S unreachable November 14, 2007 Mike Case, FMCAD 2007

Proof Graph Example Input S0 Find properties violated in S0 Prove {P0} Input S0 Find properties violated in S0 Prove {P0} Cover the new states with properties Prove {P3} Prove {P03} { P } 1 { P } { P } 3 2 S 1 S 2 S 3 { P 2 } { P 3 } { P 1 } November 14, 2007 Mike Case, FMCAD 2007

Outline Forming a reachability approximation Brief introduction to Interpolation Tailoring reachable approximation for a target application Helping interpolation Proof graph formulation Experimental results November 14, 2007 Mike Case, FMCAD 2007

Experimental Results ABC logic synthesis system used as software base Extended through two C++ plugin libraries: Interpolation Proof graph formulation (this work) User can select to use interpolation alone or interpolation + proof graph Refuting error traces is an option Tested on extensively on both academic and industrial benchmarks November 14, 2007 Mike Case, FMCAD 2007

“Hard” Academic Benchmarks Verified 154 academic benchmarks (TIP suite) 18 timeout in 2 hours with standard interpolation 9 of these are “easy” when the proof graph refutes counterexample traces Why are there no false properties here? November 14, 2007 Mike Case, FMCAD 2007

“Hard” Industrial Benchmarks Sequential Equivalence Checking benchmarks 1800 second timeout Problems “hard” for standard interpolation Enabling proof graph dramatically helps runtime 1800 1800 November 14, 2007 Mike Case, FMCAD 2007

Summary Motivated need for a tool to show that a selected state is unreachable Constructed such a tool using the proof graph formulation Applied the tool to help interpolation Demonstrated the effectiveness on a variety of benchmarks Thank you. November 14, 2007 Mike Case, FMCAD 2007

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.