SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)

Slides:



Advertisements
Similar presentations
Model Checking Base on Interoplation
Advertisements

Automated abstraction refinement II Heuristic aspects Ken McMillan Cadence Berkeley Labs.
The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.
Exploiting SAT solvers in unbounded model checking
Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Abstraction in Model Checking Nishant Sinha. Model Checking Given a: –Finite transition system M –A temporal property p The model checking problem: –Does.
NP-Hard Nattee Niparnan.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………
ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Proofs from SAT Solvers Yeting Ge ACSys NYU Nov
“Using Weighted MAX-SAT Engines to Solve MPE” -- by James D. Park Shuo (Olivia) Yang.
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
Towards More Efficient SAT-Based Model Checking Joao Marques-Silva Electronics & Computer Science University of Southampton LAA C&V Workshop, Isaac Newton.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Strichman Carnegie Mellon University.
Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.
Proof-based Abstraction Presented by Roman Gershman Ken McMillan, Nina Amla.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.
On-The-Fly Resolve Trace Minimization Ohad Shacham and Karen Yorav IBM Haifa Research Laboratory.
1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.
GRASP-an efficient SAT solver Pankaj Chauhan. 6/19/ : GRASP and Chaff2 What is SAT? Given a propositional formula in CNF, find an assignment.
Counterexample Generation for Separation-Logic-Based Proofs Arlen Cox Samin Ishtiaq Josh Berdine Christoph Wintersteiger.
Efficient Reachability Checking using Sequential SAT G. Parthasarathy, M. K. Iyer, K.-T.Cheng, Li. C. Wang Department of ECE University of California –
Formal Verification Group © Copyright IBM Corporation 2008 IBM Haifa Labs SAT-based unbounded model checking using interpolation Based on a paper “Interpolation.
Predicate Abstraction for Software and Hardware Verification Himanshu Jain Model checking seminar April 22, 2005.
Pruning techniques for the SAT-based Bounded Model-Checking problem Ofer Shtrichman Weizmann Institute of Science & IBM - HRL.
Computing Over­Approximations with Bounded Model Checking Daniel Kroening ETH Zürich.
1 Completeness and Complexity of Bounded Model Checking.
1 Abstraction Refinement for Bounded Model Checking Anubhav Gupta, CMU Ofer Strichman, Technion Highly Jet Lagged.
Word Level Predicate Abstraction and Refinement for Verifying RTL Verilog Himanshu Jain Daniel Kroening Natasha Sharygina Edmund Clarke Carnegie Mellon.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
SAT Solver Math Foundations of Computer Science. 2 Boolean Expressions  A Boolean expression is a Boolean function  Any Boolean function can be written.
7/13/2003BMC A SAT-Based Approach to Abstraction Refinement in Model Checking Bing Li, Chao Wang and Fabio Somenzi University of Colorado at Boulder.
On Bridging Simulation and Formal Verification Eugene Goldberg Cadence Research Labs (USA) VMCAI-2008, San Francisco, USA.
Daniel Kroening and Ofer Strichman 1 Decision Procedures in First Order Logic Decision Procedures for Equality Logic Range Allocation.
1 Automatic Refinement and Vacuity Detection for Symbolic Trajectory Evaluation Orna Grumberg Technion Haifa, Israel Joint work with Rachel Tzoref.
Inferring Specifications to Detect Errors in Code Mana Taghdiri Presented by: Robert Seater MIT Computer Science & AI Lab.
Incremental formal verification of hardware Hana Chockler Alexander Ivrii Arie Matsliah Shiri Moran Ziv Nevo IBM Research - Haifa.
Analyzing relational logic Daniel Jackson, MIT WG 2.3 · Newcastle April 2000.
NP-Complete Problems. Running Time v.s. Input Size Concern with problems whose complexity may be described by exponential functions. Tractable problems.
1 Predicate Abstraction and Refinement for Verifying Hardware Designs Himanshu Jain Joint work with Daniel Kroening, Natasha Sharygina, Edmund M. Clarke.
Localization and Register Sharing for Predicate Abstraction Himanshu Jain Franjo Ivančić Aarti Gupta Malay Ganai.
Verification & Validation By: Amir Masoud Gharehbaghi
SAT-Based Model Checking Without Unrolling Aaron R. Bradley.
Bounded Model Checking A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic Model Checking without BDDs, TACAS’99 Presented by Daniel Choi Provable Software.
SAT Solving As implemented in - DPLL solvers: GRASP, Chaff and
Answer Extraction To use resolution to answer questions, for example a query of the form  X C(X), we must keep track of the substitutions made during.
CHARME’03 Predicate abstraction with Minimum Predicates Sagar Chaki*, Ed Clarke*, Alex Groce*, Ofer Strichman** * Carnegie Mellon University ** Technion.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 Computing Abstractions by integrating BDDs and SMT Solvers Alessandro Cimatti Fondazione Bruno Kessler, Trento, Italy Joint work with R. Cavada, A. Franzen,
Presentation Title 2/4/2018 Software Verification using Predicate Abstraction and Iterative Refinement: Part Bug Catching: Automated Program Verification.
Hybrid BDD and All-SAT Method for Model Checking
Hardware Verification
Solving Linear Arithmetic with SAT-based MC
Property Directed Reachability with Word-Level Abstraction
Over-Approximating Boolean Programs with Unbounded Thread Creation
NP-Complete Problems.
Discrete Controller Synthesis
Scalability in Model Checking
Predicate Abstraction
SAT Based Abstraction/Refinement in Model-Checking
GRASP-an efficient SAT solver
Faster Extraction of High-Level Minimal Unsatisfiable Cores
Presentation transcript:

SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)

2 Model Checking Given a: Finite transition system M(S, I, R, L) A temporal property p The model checking problem: Does M satisfy p ?

3 Model Checking Temporal properties: “Always x=y” (G(x=y)) “Every Send is followed immediately by Ack” (G(Send  X Ack)) “Reset can always be reached” (GF Reset) “From some point on, always switch_on” (FG switch_on) “Safety” properties “Liveness” properties

4 Model Checking (safety) I Add reachable states until reaching a fixed-point = bad state

5 Model Checking (safety) I Too many states to handle ! = bad state

6 Abstraction hhhhh Abstraction Function h : S ! S’ S S’

7 Abstraction Function Partition variables into visible( V ) and invisible( I ) variables. The abstract model consists of V variables. I variables are made inputs. The abstraction function maps each state to its projection over V.

8 Abstraction Function h x1 x2 x3 x4 x1 x2 Group concrete states with identical visible part to a single abstract state.

9 Building Abstract Model M’ can be computed efficiently if M is in functional form, e.g. sequential circuits. Abstract x1 x2 x3 x4 x1 x2 i1 i2 i1 i2 x3 x4

10 Existential Abstraction I I

11 Model Checking Abstract Model Preservation Theorem The counterexample may be spurious Converse does not hold

12 Checking the Counterexample Counterexample : (c 1, …,c m ) Each c i is an assignment to V. Simulate the counterexample on the concrete model.

13 Checking the Counterexample Concrete traces corresponding to the counterexample: (Initial State) (Unrolled Transition Relation) (Restriction of V to Counterexample)

14 Abstraction-Refinement Loop Check Counterexample Refine Model CheckAbstract M’, pM, p, h No Bug Pass Fail Bug Real Spurious h’

15 Refinement methods… P Frontier Inputs Invisible Visible (R. Kurshan, 80’s) Localization

16 Generate all counterexamples. Prioritize variables according to their consistency in the counterexamples. X1 x2 x3 x4 (Glusman et al., 2002) Intel’s refinement heuristic Refinement methods…

17 Simulate counterexample on concrete model with SAT If the instance is unsatisfiable, analyze conflict Make visible one of the variables in the clauses that lead to the conflict (Chauhan, Clarke, Kukula, Sapra, Veith, Wang, FMCAD 2002) Abstraction/refinement with conflict analysis Refinement methods…

18 Why spurious counterexample? I I Deadend states Bad States Failure State f

19 Refinement Problem: Deadend and Bad States are in the same abstract state. Solution: Refine abstraction function. The sets of Deadend and Bad states should be separated into different abstract states.

20 Refinement h’ Refinement : h’ h’

21 Refinement Deadend States

22 Refinement Deadend States Bad States

23 Refinement as Separation d1d1 b1b1 b2b2 I V Refinement : Find subset U of I that separates between all pairs of deadend and bad states. Make them visible. Keep U small !

24 Refinement as Separation d1d1 b1b1 b2b I V Refinement : Find subset U of I that separates between all pairs of deadend and bad states. Make them visible. Keep U small !

25 Refinement as Separation The state separation problem Input: Sets D, B Output: Minimal U  I s.t.:  d  D,  b  B,  u  U. d(u)  b(u) The refinement h’ is obtained by adding U to V.

26 Two separation methods ILP-based separation Minimal separating set. Computationally expensive. Decision Tree Learning based separation. Not optimal. Polynomial.

27 Separation with Decision Tree learning (Example) Separating Set : {v 1,v 2,v 4 } DB BDBD 1001 b1b1 d2d2 d1d1 b2b2 v1v1 v4v4 v2v2 01 {d1,b2}{d1,b2}{d2,b1}{d2,b1} DBDB Classification:

28 Separation with 0-1 ILP (Example)

29 Separation with 0-1 ILP One constraint per pair of states. v i = 1 iff v i is in the separating set.

30 Refinement as Learning For systems of realistic size Not possible to generate D and B. Expensive to separate D and B. Solution: Sample D and B Infer separating variables from the samples. The method is still complete: counterexample will eventually be eliminated.

31 Efficient Sampling DB db Let  (D,B) be the smallest separating set of D and B. Q: Can we find it without deriving D and B ? A: Search for smallest d,b such that  (d,b) =  (D,B)

32 Efficient Sampling Direct search towards samples that contain more information. How? Find samples not separated by the current separating set (Sep).

33 Efficient Sampling Recall:  D characterizes the deadend states  B characterizes the bad states  D  B is unsatisfiable Samples that agree on the sep variables: Rename all v i  B to v i ’

34 Efficient Sampling Sep = {} d,b = {} Run SAT solver on  (Sep) STOP unsat Compute Sep:=  (d,b) Add samples to d and b sat Sep is the minimal separating set of D and B

35 The Tool NuSMV Cadence SMV MC Chaff SAT LpSolve Dec Tree Sep

36 Results Property 1

37 Results Property 2 Efficient Sampling together with Decision Tree Learning performs best. Machine Learning techniques are useful in computing good refinements.

38 Current trends (3/3) (Chauhan, Clarke, Kukula, Sapra, Veith, Wang, FMCAD 2002) Abstraction/refinement with conflict analysis

39 The End

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.