SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB.

Slides:



Advertisements
Similar presentations
Model Checking Base on Interoplation
Advertisements

Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.
Applications of Craig Interpolation to Model Checking K. L. McMillan Cadence Berkeley Labs.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
SAT-based Bounded and Unbounded Model Checking Edmund M. Clarke Carnegie Mellon University Joint research with C. Bartzis, A. Biere, P. Chauhan, A. Cimatti,
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
Satisfiability Modulo Theories (An introduction)
SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)
Hardware and Petri nets Symbolic methods for analysis and verification.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
UIUC CS 497: Section EA Lecture #2 Reasoning in Artificial Intelligence Professor: Eyal Amir Spring Semester 2004.
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
Aaron Bradley University of Colorado, Boulder
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
Compatibility between shared variable valuations in timed automaton network model- checking Zhao Jianhua, Zhou Xiuyi, Li Xuandong, Zheng Guoliang Presented.
Towards More Efficient SAT-Based Model Checking Joao Marques-Silva Electronics & Computer Science University of Southampton LAA C&V Workshop, Isaac Newton.
© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Strichman Carnegie Mellon University.
PROOF TRANSLATION AND SMT LIB CERTIFICATION Yeting Ge Clark Barrett SMT 2008 July 7 Princeton.
1 Completeness and Complexity of Bounded Model Checking Ed Clarke Daniel Kroening Joel Ouaknine Carnegie Mellon University, Pittsburgh, USA Ofer Strichman.
Bounded Model Checking EECS 290A Sequential Logic Synthesis and Verification.
Equivalence Checking Sean Weaver.
Sanjit A. Seshia and Randal E. Bryant Computer Science Department
Formal Verification Group © Copyright IBM Corporation 2008 IBM Haifa Labs SAT-based unbounded model checking using interpolation Based on a paper “Interpolation.
1 Model Checking Orna Grumberg Technion Haifa, Israel Taiwan, October 8, 2009.
4/21/2005JHJ1 Structure-dependent Sequential Equivalence Checking EE290A UC Berkeley Spring 2005.
Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM-HRL.
Computing Over­Approximations with Bounded Model Checking Daniel Kroening ETH Zürich.
1 Completeness and Complexity of Bounded Model Checking.
CS 267: Automated Verification Lecture 13: Bounded Model Checking Instructor: Tevfik Bultan.
Automated Extraction of Inductive Invariants to Aid Model Checking Mike Case DES/CHESS Seminar EECS Department, UC Berkeley April 10, 2007.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
7/13/2003BMC A SAT-Based Approach to Abstraction Refinement in Model Checking Bing Li, Chao Wang and Fabio Somenzi University of Colorado at Boulder.
1 Completeness and Complexity of Bounded Model Checking.
SAT-based Model Checking Yakir Vizel Computer Science Department, Technion, Israel Based on slides from K.L. McMillan, A.R. Bradley and Yakir Vizel.
Enhancing and Integrating Model Checking Engines Robert Brayton Alan Mishchenko UC Berkeley June 15, 2009.
1 Probabilistic Model Checking of Systems with a Large State Space: A Stratified Approach Shou-pon Lin Advisor: Nicholas F. Maxemchuk Department of Electrical.
On the Relation between SAT and BDDs for Equivalence Checking Sherief Reda Rolf Drechsler Alex Orailoglu Computer Science & Engineering Dept. University.
Cut-Based Inductive Invariant Computation Michael Case 1,2 Alan Mishchenko 1 Robert Brayton 1 Robert Brayton 1 1 UC Berkeley 2 IBM Systems and Technology.
Author: Alex Groce, Daniel Kroening, and Flavio Lerda Computer Science Department, Carnegie Mellon University Pittsburgh, PA Source: R. Alur and.
Predicate Abstraction. Abstract state space exploration Method: (1) start in the abstract initial state (2) use to compute reachable states (invariants)
1 Distributed BDD-based Model Checking Orna Grumberg Technion, Israel Joint work with Tamir Heyman, Nili Ifergan, and Assaf Schuster CAV00, FMCAD00, CAV01,
SAT-Based Model Checking Without Unrolling Aaron R. Bradley.
Theory-Aided Model Checking of Concurrent Transition Systems Guy Katz, Clark Barrett, David Harel New York University Weizmann Institute of Science.
Toward Unbounded Model Checking for Region Automata Fang Yu, Bow-Yaw Wang Institute of Information Science Academia Sinica, Taiwan.
CS357 Lecture 13: Symbolic model checking without BDDs Alex Aiken David Dill 1.
Property-Guided Shape Analysis S.Itzhaky, T.Reps, M.Sagiv, A.Thakur and T.Weiss Slides by Tomer Weiss Submitted to TACAS 2014.
Bounded Model Checking A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic Model Checking without BDDs, TACAS’99 Presented by Daniel Choi Provable Software.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 Alan Mishchenko Research Update June-September 2008.
1 Computing Abstractions by integrating BDDs and SMT Solvers Alessandro Cimatti Fondazione Bruno Kessler, Trento, Italy Joint work with R. Cavada, A. Franzen,
CS 1813 Discrete Mathematics, Univ Oklahoma Copyright © 2000 by Rex Page 1 Lecture 17 CS 1813 – Discrete Mathematics How Does It Work in the Real World?
On the Relation Between Simulation-based and SAT-based Diagnosis CMPE 58Q Giray Kömürcü Boğaziçi University.
Speaker: Nansen Huang VLSI Design and Test Seminar (ELEC ) March 9, 2016 Simulation-Based Equivalence Checking.
SAT-based verification in brief Mary Sheeran, Chalmers.
Presentation Title 2/4/2018 Software Verification using Predicate Abstraction and Iterative Refinement: Part Bug Catching: Automated Program Verification.
Symbolic model checking with SAT/SMT
Introduction to Formal Verification
Abstraction and Refinement for Large Scale Model Checking
Planning as model checking, (OBDDs)
Enhancing PDR/IC3 with Localization Abstraction
Property Directed Reachability with Word-Level Abstraction
Introduction to Formal Verification
Automated Extraction of Inductive Invariants to Aid Model Checking
Translating Linear Temporal Logic into Büchi Automata
Scalability in Model Checking
Presentation transcript:

SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB

Synchronous Observer Program Obs ok

I B

I B

I B

I B

IB i I(s 0 ) and path([s 0..s i ]) and B(s i ) Satisfying a formula

IB I B IB IB

If system is bad Finds a shortest countermodel Error trace for debugging

But when can we stop? I when contradictory? i

Not quite, but I when contradictory loop-free i

And symmetrically when contradictory loop-free B

Algorithm 1 i:= 0 if not Sat I ornot Sat B then return True i i if Sat then return error trace i := i+1 ; I B i

Tighten termination (Alg. 2) i:= 0 if not Sat ornot Sat B then return True if Sat then return error trace i := i+1 ; I i all (not I) i all (not B) I B i

Avoid iteration from zero (Alg. 3) i := some constant which can be greater than zero not (all P) I i I all (not I) i+1 Ball (not B) i+1 if Sat then return error trace if not Sator not Sat then return True i:= i+1

Base I

I

Step

Base B

B

Step

Complete method i := some constant which can be greater than zero not (all P) I i I all (not I) i+1 Ball (not B) i+1 if Sat then return error trace if not Sator not Sat then return True i:= i+1

Strengthen i := some constant which can be greater than zero not (all P) I i I all (not I) i+1 Ball (not B) i+1 if Sat then return error trace if not Sator not Sat then return True i:= i+1

Another way to strengthen Invent a lemma, L(s) that we believe to hold in the reachable states Prove Q(s) = P(s) and L(s) If both P and L hold in the reachable states, this can reduce induction depth

Choosing lemmas? Domain knowledge Analysis of the program Strongest possibility is the characterization of the reachable states Van Eijk’s method uses relations between signals as lemmas

Reachability analysis Standard approach to safety property verification using Binary Decision Diagrams (BDDs) Generate larger and larger subset of the reachable states. Stop when no new states added Check whether intersects with bad states

Reachability analysis Standard algorithms can be adapted to use a SAT-solver. Need to be able to deal with quantifiers in a way that doesn’t just blow up A fascinating research area!

References (bounded model checking) A. Biere, A. Cimatti, E.M. Clarke, M. Fujita and Y. Zhu. Symbolic model checking using SAT procedures instead of BDDs. In Proc. 36th Design Automation Conference, P. Bjesse, T. Leonard and A. Mokkedem. Finding bugs in an Alpha microprocessor using satisfiability solvers. In Proc. 13th Int. Conf. On Computer Aided Verification, 2001.

References (induction with SAT-solvers) M. Sheeran, S. Singh and G. Stålmarck. Checking safety properties using induction and a SAT-solver. In Proc. 3rd Int. Conf. On Formal Methods in Computer Aided Design, LNCS, Springer Verlag, P. Bjesse and K. Claessen. SAT-based verification without state space traversal. In Proc. 3rd Int. Conf. On Formal Methods in Computer Aided Design, LNCS, Springer Verlag, 2000.

References (SAT-based reachability analysis) P. A. Abdulla, P. Bjesse and N. Een. Symbolic reachability analysis based on SAT-solvers. In Proc. TACAS’00. P. F. Williams, A. Biere, E. M. Clarke and A. Gupta. Combining decision diagrams and SAT procedures for efficient symbolic model checking. In CAV’00. A. Gupta, Z. Yang and P. Ashar, SAT-based image computation with application in reachability analysis for verification. In FMCAD’00.

SAT

ARITH BMC IND RA …

The future? Increasingly powerful proof engines Integration in system development tools Combining different engines or methods (for example BDDs and SAT or interactive and automatic methods) Use of formal methods in test pattern generation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.