Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automated Extraction of Inductive Invariants to Aid Model Checking

Published byHartono Budiono Modified over 5 years ago

Similar presentations

Presentation on theme: "Automated Extraction of Inductive Invariants to Aid Model Checking"— Presentation transcript:

1 Automated Extraction of Inductive Invariants to Aid Model Checking
Michael L. Case, Alan Mishchenko, and Robert K. Brayton University of California, Berkeley FMCAD 2007

2 Motivation What kind of information will help verification?
Design w/ Safety Property Design w/ Safety Property Additional Design Information Verification Time What kind of information will help verification? How do we know when we’ve given enough information? Is the additional information easily verifiable? November 14, 2007 Mike Case, FMCAD 2007

3 Abstract Present a framework to automatically find/prove this extra design information Local properties (Inductive Invariants) Only considered if they help the verification Limited in number, easy to prove correct Verifying safety properties in a gate-level hardware design Interpolation used as a case study November 14, 2007 Mike Case, FMCAD 2007

4 Outline Forming a reachability approximation
Brief introduction to Interpolation Tailoring reachable approximation for a target application Helping interpolation Proof graph formulation Experimental results November 14, 2007 Mike Case, FMCAD 2007

5 Outline Forming a reachability approximation
Brief introduction to Interpolation Tailoring reachable approximation for a target application Helping interpolation Proof graph formulation Experimental results November 14, 2007 Mike Case, FMCAD 2007

6 Approximating the Reachable States
Prove inductive invariants (local properties that hold  reachable states) Conjunction gives reachability approximation I November 14, 2007 Mike Case, FMCAD 2007

7 Quickly Proving Local Properties
Our previous work Derive a large set of candidate invariants (implications) Proved in a van Eijk-style induction Tries to prove as many properties as possible Do we need to prove all properties? Are some better than others? Tight reachability approx. or just “good enough”? November 14, 2007 Mike Case, FMCAD 2007

8 Outline Forming a reachability approximation
Brief introduction to Interpolation Tailoring reachable approximation for a target application Helping interpolation Proof graph formulation Experimental results November 14, 2007 Mike Case, FMCAD 2007

9 The Interpolation Algorithm
Initialize approximation parameters Reachability: Tighten approximation parameters Image 2 Image 1 frontier := initial states B I Bad state reached? yes Interpolation: no Image 2 frontier += approxImage(frontier) Image 1 Cex reached directly from the initial state? no S B I Fixed Point? no yes yes Property Falsified November 14, 2007 Property Verified Mike Case, FMCAD 2007

10 Problems With Interpolation
Can explore unreachable states No control over the approximate image Often can’t decide if an encountered bad state is reachable Requires frequent restarts Refining the approximation parameters and restarting is the most expensive operation Discards all prior work November 14, 2007 Mike Case, FMCAD 2007

11 Enhancing Interpolation
Possible to avoid the model refinement Show either S or B unreachable  Invariants that are violated in either S or B Suppose we had a tool to find invariants to do this Adding the invariants to our satisfiability solver would prevent S or B from being explored Image 2 Image 1 S B I November 14, 2007 Mike Case, FMCAD 2007

12 Outline Forming a reachability approximation
Brief introduction to Interpolation Tailoring reachable approximation for a target application Helping interpolation Proof graph formulation Experimental results November 14, 2007 Mike Case, FMCAD 2007

13 Targetted Invariant Tool
Given a state S that we want to prove unreachable Find {P} such that Implies that S is unreachable Can be proved with simple (one-step) induction November 14, 2007 Mike Case, FMCAD 2007

14 Initialize approximation parameters
Tighten approximation parameters no frontier := initial states Can we find invariants? yes Bad state reached? yes no frontier += approxImage(frontier) Cex reached directly from the initial state? no Fixed Point? no yes yes Property Falsified Property Verified November 14, 2007 Mike Case, FMCAD 2007

15 Proving A State Unreachable
Previous work proves a large set of states unreachable Proves many small properties Can we limit the invariants to target states of interest? November 14, 2007 Mike Case, FMCAD 2007

16 Outline Forming a reachability approximation
Brief introduction to Interpolation Tailoring reachable approximation for a target application Helping interpolation Proof graph formulation Experimental results November 14, 2007 Mike Case, FMCAD 2007

17 The Proof Graph { P } S { P } S
(a state) (a set of properties) (a set of properties) (a state) S is the reason the inductive proof of the properties does not succeed S is the counterexample in the simple induction proof Proving S unreachable is a necessary condition for proving any property in the set S is why we can’t prove {P} Every property in the set is violated in S Proving any such property implies that S is unreachable {P} are how we will prove S unreachable November 14, 2007 Mike Case, FMCAD 2007

18 Proof Graph Example Input S0 Find properties violated in S0 Prove {P0}
Input S0 Find properties violated in S0 Prove {P0} Cover the new states with properties Prove {P3} Prove {P03} { P } 1 { P } { P } 3 2 S 1 S 2 S 3 { P 2 } { P 3 } { P 1 } November 14, 2007 Mike Case, FMCAD 2007

19 Outline Forming a reachability approximation
Brief introduction to Interpolation Tailoring reachable approximation for a target application Helping interpolation Proof graph formulation Experimental results November 14, 2007 Mike Case, FMCAD 2007

20 Experimental Results ABC logic synthesis system used as software base
Extended through two C++ plugin libraries: Interpolation Proof graph formulation (this work) User can select to use interpolation alone or interpolation + proof graph Refuting error traces is an option Tested on extensively on both academic and industrial benchmarks November 14, 2007 Mike Case, FMCAD 2007

21 “Hard” Academic Benchmarks
Verified 154 academic benchmarks (TIP suite) 18 timeout in 2 hours with standard interpolation 9 of these are “easy” when the proof graph refutes counterexample traces Why are there no false properties here? November 14, 2007 Mike Case, FMCAD 2007

22 “Hard” Industrial Benchmarks
Sequential Equivalence Checking benchmarks 1800 second timeout Problems “hard” for standard interpolation Enabling proof graph dramatically helps runtime 1800 1800 November 14, 2007 Mike Case, FMCAD 2007

23 Summary Motivated need for a tool to show that a selected state is unreachable Constructed such a tool using the proof graph formulation Applied the tool to help interpolation Demonstrated the effectiveness on a variety of benchmarks Thank you. November 14, 2007 Mike Case, FMCAD 2007

Download ppt "Automated Extraction of Inductive Invariants to Aid Model Checking"

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.

The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.
Exploiting SAT solvers in unbounded model checking

Exploiting SAT solvers in unbounded model checking
The Synthesis of Cyclic Circuits with SAT and Interpolation By John Backes and Marc Riedel ECE University of Minnesota.

The Synthesis of Cyclic Circuits with SAT and Interpolation By John Backes and Marc Riedel ECE University of Minnesota.
Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.

Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.

An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
Efficient Implementation of Property Directed Reachability Niklas Een, Alan Mishchenko, Robert Brayton.

Efficient Implementation of Property Directed Reachability Niklas Een, Alan Mishchenko, Robert Brayton.
Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.

Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
Timed Automata.

Timed Automata.
Aaron Bradley University of Colorado, Boulder

Aaron Bradley University of Colorado, Boulder
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB.

SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB.
© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University.

© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
1 Formal Models for Stability Analysis : Verifying Average Dwell Time * Sayan Mitra MIT,CSAIL Research Qualifying Exam 20 th December.

1 Formal Models for Stability Analysis : Verifying Average Dwell Time * Sayan Mitra MIT,CSAIL Research Qualifying Exam 20 th December.
Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.

Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.
Efficient Reachability Checking using Sequential SAT G. Parthasarathy, M. K. Iyer, K.-T.Cheng, Li. C. Wang Department of ECE University of California –

Efficient Reachability Checking using Sequential SAT G. Parthasarathy, M. K. Iyer, K.-T.Cheng, Li. C. Wang Department of ECE University of California –
Inductively Finding a Reachable State Space Over-Approximation EE 290a Project Presentation Mike Case.

Inductively Finding a Reachable State Space Over-Approximation EE 290a Project Presentation Mike Case.
11.7.2005 Computing Over­Approximations with Bounded Model Checking Daniel Kroening ETH Zürich.

Computing Over­Approximations with Bounded Model Checking Daniel Kroening ETH Zürich.

Similar presentations

Ads by Google