Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Slides:



Advertisements
Similar presentations
Model Checking Base on Interoplation
Advertisements

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.
Partial Order Reduction: Main Idea
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)
Hardware and Petri nets Symbolic methods for analysis and verification.
Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.
ECE Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.
Syntax-driven partitioning for model-checking of Esterel programs Eric Vecchié - INRIA Aoste.
SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.
CS 267: Automated Verification Lecture 7: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Syntax-driven partitioning for model-checking of Esterel programs Eric Vecchié - INRIA Tick.
Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)
3/25  Monday 3/31 st 11:30AM BYENG 210 Talk by Dana Nau Planning for Interactions among Autonomous Agents.
Penn ESE 535 Spring DeHon 1 ESE535: Electronic Design Automation Day 13: March 4, 2009 FSM Equivalence Checking.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Traversal techniques for concurrent systems Marc Solé & Enric Pastor Departament of Computer Architecture UPC
ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
Sanjit A. Seshia and Randal E. Bryant Computer Science Department
Reachability Analysis using AIGs (instead of BDDs?) 290N: The Unknown Component Problem Lecture 23.
Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.
5/6/2004J.-H. R. Jiang1 Functional Dependency for Verification Reduction & Logic Minimization EE290N, Spring 2004.
Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM-HRL.
Efficient Hybrid Reachability Analysis for Asynchronous Concurrent Systems E. Pastor and M.A. Peña Department of Computer Architecture Technical University.
Computing Over­Approximations with Bounded Model Checking Daniel Kroening ETH Zürich.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
CS 267: Automated Verification Lecture 13: Bounded Model Checking Instructor: Tevfik Bultan.
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.
Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.
Fast Spectral Transforms and Logic Synthesis DoRon Motter August 2, 2001.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
Model Checking and Related Techniques
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Regular Model Checking Ahmed Bouajjani,Benget Jonsson, Marcus Nillson and Tayssir Touili Moran Ben Tulila
1 Introduction to SMV and Model Checking Mostly by: Ken McMillan Cadence Berkeley Labs Small parts by: Brandon Eames ISIS/Vanderbilt.
R. Banach, School of Computer Science, University of Manchester, UK M. Bozzano, Fondazione Bruno Kessler, FBK-IRST, Trento, Italy 11. FSAP and the Model.
1 Automatic Non-interference Lemmas for Parameterized Model Checking Jesse Bingham, Intel DEG FMCAD 2008.
1 Automatic Refinement and Vacuity Detection for Symbolic Trajectory Evaluation Orna Grumberg Technion Haifa, Israel Joint work with Rachel Tzoref.
Author: Graham Hughes, Tevfik Bultan Computer Science Department, University of California, Santa Barbara, CA 93106, USA Source: International Journal.
Cost-Optimal Symbolic Pattern Database Planning with State Trajectory and Preference Constraints Stefan Edelkamp University of Dortmund.
Algorithmic Software Verification V &VI. Binary decision diagrams.
CS 267: Automated Verification Lecture 3: Fixpoints and Temporal Properties Instructor: Tevfik Bultan.
1 Predicate Abstraction and Refinement for Verifying Hardware Designs Himanshu Jain Joint work with Daniel Kroening, Natasha Sharygina, Edmund M. Clarke.
On the Relation between SAT and BDDs for Equivalence Checking Sherief Reda Rolf Drechsler Alex Orailoglu Computer Science & Engineering Dept. University.
- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -
Verification & Validation By: Amir Masoud Gharehbaghi
/ PSWLAB S PIN Search Optimization from “THE SPIN MODEL CHECKER” by G. Holzmann Presented by Hong,Shin 23 th Nov SPIN Search.
1 Distributed BDD-based Model Checking Orna Grumberg Technion, Israel Joint work with Tamir Heyman, Nili Ifergan, and Assaf Schuster CAV00, FMCAD00, CAV01,
Quality Assurance in the Presence of Variability Kim Lauenroth, Andreas Metzger, Klaus Pohl Institute for Computer Science and Business Information Systems.
Bounded Model Checking A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic Model Checking without BDDs, TACAS’99 Presented by Daniel Choi Provable Software.
On Partitioning and Symbolic Model Checking FM 2005 Subramanian Iyer, UT-Austin Debashis Sahoo, Stanford E. Allen Emerson, UT-Austin Jawahar Jain, Fujitsu.
/ PSWLAB Thread Modular Model Checking by Cormac Flanagan and Shaz Qadeer (published in Spin’03) Hong,Shin Thread Modular Model.
Compositional Verification for System-on-Chip Designs SRC Student Symposium Paper 16.5 Nishant Sinha Edmund Clarke Carnegie Mellon University.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 Computing Abstractions by integrating BDDs and SMT Solvers Alessandro Cimatti Fondazione Bruno Kessler, Trento, Italy Joint work with R. Cavada, A. Franzen,
Symbolic Model Checking of Software Nishant Sinha with Edmund Clarke, Flavio Lerda, Michael Theobald Carnegie Mellon University.
Basic concepts of Model Checking
Formal Methods: Model Checkers and Theorem Provers
Hybrid BDD and All-SAT Method for Model Checking
Abstraction and Refinement for Large Scale Model Checking
Planning as model checking, (OBDDs)
Over-Approximating Boolean Programs with Unbounded Thread Creation
Discrete Controller Synthesis
Presentation transcript:

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha

2 Outline  Formal Verification: Motivation  Reachability for Asynchronous Systems Partitioned Transition Relations  Efficient Reachability Techniques MBFS and Saturation  Saturation: Experimental Results  Conclusions

3 Formal Verification: Introduction  Use methods from formal logic Show validity of properties on systems Formal requirements hold on a design Software, circuits, protocol models Alternative to simulation, testing Not all behaviors covered  Model checking Verify concurrent systems Introduced by Clarke et al. (1981) An automated technique

4 Model Checking  Finite state-transition model M, Property   Determine if M satisfies   Properties  like: req is always followed by ack No error state is reachable from the initial state  Involves Reachability analysis Generate reachable set of states State space explosion 2K2K.... K

5 Asynchronous Systems  Concurrent Systems Consist of several execution units  Synchronous All units take an execution step together  Asynchronous Units may execute independent of each other Interleaved semantics of execution E.g. Concurrent software, asynchronous circuits  Goal: Efficient model checking of asynchronous systems Symbolic Reduced State-Space

6 Symbolic Model Checking  Use Ordered Binary Decision Diagrams (BDDs) Canonical, compact, operate on state sets  Encode the system model M with BDDs States encoded by boolean variables V Transition relation also as BDD N(V,V’) s1s1 s0s0 t1t1 t2t2 t3t3 s0s1s0s1 a01a01 (!a Æ a’)  (a Æ !a’)  (a Æ a’) N(a,a’) = a a’ a a < a’ 0 0

7 Partial-Order Reduction s0s0’s0s0’ s0s1’s0s1’ s1s0’s1s0’ s1s1’s1s1’ Choose a representative set of paths  Alternative model checking approach Useful if order of execution of transitions is irrelevant  Sufficient to visit a subset of actual reachable state space  Focus of this talk Full state space reachability using BDDs a a b b s0s0 s1s1 s0’s0’s1’s1’ b a

8 Reachability Analysis  One-step reachability: Given a set of states S Find which states S’ can be reached in one step  Iteratively apply one-step reachability Until no new states are visited  Breadth-first exploration of graph e a d g b c f R0R0 R1R1 R2R2 e a d g b c f e a d g b c f = R 3

9 The Bigger Picture Combinational Circuit Delay o1o1 o 1 = 0 o 2 = 0 o 1 = 1 o 2 = 0 o 1 = 0 o 2 = 1 o 1 = 1 o 2 = 1 ? I1I1 Combinational Circuit Delay o2o2 I2I2

10 Symbolic Reachability : Image Computation  Image of a set of states S Transition relation N: one-step reachability Basic operation, hence must be efficient  Symbolic image computation: S(V), N(V,V’) BDDs Img(S,N) = [ 9 v 2 V (S(V) Æ N(V,V’) )]  Reachability (starting from initial S 0 ): Reach(S,N) = S [ Img(S,N) Fixpoint: S. Reach(S,N)Fixpoint: S. Reach(S,N)  Efficiency problem: Large N(V,V’) Large intermediate BDD sizes in image computation

11 Illustration: Intermediate BDD Sizes # BddNodes # States Dining Philosophers model Iterations

12 Partitioned Transition Relations  Introduced by Burch et al. (BCL91)   : Conjunction ( Æ ) or Disjunction () N(V,V’) = N 1  N 2   N k Typically, each N i much smaller than N  Asynchronous systems with interleaving semantics: N(V,V’) = N 1  N 2   N k N i : only the i th unit executes Img(S, N) = V i Img(S,N i ) [BCL91] J.R. Burch, E.M. Clarke, and D.E. Long. Symbolic model checking with partitioned transition relations. In A. Halaas and P.B. Denyer, editors, International Conference on Very Large Scale Integration, pages 49-58, Edinburgh, Scotland, North-Holland. N1N1 N2N2 N3N3

13 BDD blowup  Must consider different intermediate combinations of reachable states of concurrent units Even if they are independent Adds to intermediate BDD sizes  Idea: Explore each unit separately to avoid such correlation [BCL91] Modified Breadth-First Search (MBFS) [BCL91] J.R. Burch, E.M. Clarke, and D.E. Long. Symbolic model checking with partitioned transition relations. In A. Halaas and P.B. Denyer, editors, International Conference on Very Large Scale Integration, pages 49-58, Edinburgh, Scotland, North-Holland.

14 Modified Breadth-First Search (MBFS)  Given a disjunctive partition: N 1,...,N k Compute local fixpoints: S. Reach(S,N i ) Stop when: 8 i. Reach(S,N i ) = S  Lower intermediate BDD sizes  Chaotic fixpoint iteration strategy Family of functions: {Reach(S,N i ) j i · k} Apply functions in arbitrary order till convergence Must apply each function sufficiently often  Observation: MBFS strategy may not be able to avoid blowups in some cases N1*N1* N2*N2* N3*N3*

15 s = (v 2, v 1,... ) N 1, N 2, N 3,... Illustration: BDD Blowup in MBFS s 1 (11) s 0 (00) N2N2 s 2 (01) s 3 (10) N1N1 N1N1 N 1, N 2 v2v2 v1v MBFS N 1, N 2 N1N1 v2v2 1 0 MBFS N2N2 N3N3... v2v2 v1v N1N1 1 MBFS N3N3 BDD explosion (s 0 ) (s 0,s 2 )(s 0,s 1,s 2 ) (s 0,s 1,s 2,s 3 )

16 Saturation: New approach  Assume fixed variable ordering on BDDs: v 1 < v 2... < v k  Define High(N i ): “least” variable that N i might change Low(N i ): “greatest” variable that N i might change  Order transition relations by [High(N i ), Low(N i )] : N j Á N i N j changes only “lower” BDD variables than N i v2v2 v1v N2N2 N1N1 N 1 Á N 2

17 Saturation (Contd.)  Saturate (N i ) do Compute S. Reach(S,N i ) /* states reachable by only N i */ 8 N j Á N i. Saturate (N j ) /*explore all N j Á N i */ Until S does not change Visits all possible reachable states using “lower” transition relations than N i  Overall Strategy: K partitions For i= 1 to K. Saturate(N i ) N3*N3* N2*N2* N1*N1*

18 Saturation: Discussion  Advantages Exploits independence of concurrent units Lower intermediate BDD sizes than MBFS Faster reachability computation in many cases  Drawbacks May lead to spurious iterations Relies heavily on good variable ordering

19 Experimental Results  Implemented Saturation approach in NuSMV model checker Handles designs of industrial strength Comparison with NuSMV with default options OOR: out of resources

20 Experimental Results (contd.)  Implemented MBFS approach in NuSMV Comparison with MBFS

21 Experimental Results (contd.) Iterations Kanban(20): Comparison of Intermediate BDD sizes

22 Conclusions  Efficient methods to compute reachable states of asynchronous systems Based on disjunctive partitions MBFS Alternative approach: Saturation  Experimentally validated on several examples  Future research Heuristics for obtaining good BDD variable ordering automatically Combining Saturation with Partial Order Reduction

23 Questions ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.