Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Abstraction Refinement for Bounded Model Checking Anubhav Gupta, CMU Ofer Strichman, Technion Highly Jet Lagged.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Abstraction Refinement for Bounded Model Checking Anubhav Gupta, CMU Ofer Strichman, Technion Highly Jet Lagged."— Presentation transcript:

1 1 Abstraction Refinement for Bounded Model Checking Anubhav Gupta, CMU Ofer Strichman, Technion Highly Jet Lagged

2 2 Bounded Model Checking (BMC) Search for bugs in executions of a bounded length Generates a propositional formula that is satisfiable if and only if there is a counterexample of length k Extremely efficient SAT-solvers are available

3 3 BMC SAT SatUnsat No Yes BUG NO BUG Incremental Solver BMC - Implementation

4 4 Abstraction for BDD-based Model Checking Abstraction How to identify ? Model Checking complexity is proportional to BDD size Smaller BDD

5 5 Counterexample Guided Abstraction Refinement (CEGAR) MC No Pass BUG TRUE Fail Yes

6 6 Inside a SAT-Solver Davis-Putnam- Logemann-Loveland (DPLL) procedure Decisions Boolean Constraint Propagation (BCP) Conflict Analysis, Backtrack Search Tree

7 7 Decisions Identify a good variable and assign it a value Many Variable Selection Heuristics Give preference to variables that are involved in conflicts Order is continuously updated Like abstraction-refinement These heuristics try to reduce the size of the search tree

8 8 BCP Identify assignments implied by unit- clause rule 90% of run-time in solver spent on BCP Time spent on BCP is proportional to the size of the CNF

9 9 Conflict Analysis and Backtrack Identify variable assignments responsible for infeasibility of current search path Ensures that assignments are locally consistent Prune away irrelevant parts of the search tree

10 10 Abstraction for BMC Abstraction Smaller CNF

11 11 Why Abstraction for BMC ? Variable selection can focus on important variables Solver can ignore local conflicts that are irrelevant to the property BCP is faster on smaller CNF How to identify ? Abstraction

12 12 CEGAR for BMC Apply CEGAR to BMC Refinement SAT-solvers produce proofs of unsatisfiability Have been used successively for refinement in CEGAR for model checking Proofs provide an efficient and inexpensive refinement mechanism for CEGAR on BMC

13 13 Counterexample Guided Bounded Model Checking (CG-BMC) SAT Sat Unsat No Yes BUG NO BUG SAT Sat

14 14 CG-BMC Abstract model: model that refutes previously seen spurious counterexamples Forces solver to find full abstract trace before attempting to refute it Solver is not lost in local conflicts Most of the BCP is performed on smaller abstract model Abstract Model Concrete Model

15 15 A more robust CG-BMC The following scenario was observed on some benchmarks: Current abstract model is sufficient to prove the property Proving the property on abstract model is hard BMC on abstract model is slow There exists an easier proof using additional constraints from concrete model BMC on concrete model is faster CG-BMC gets stuck on abstract model Solution: Timeouts

16 16 CG-BMC with Timeouts (CG-BMC-T) SAT Sat Unsat No Yes BUG NO BUG SAT Time Sat Time CG-BMC

17 17 Related Work Refining the SAT decision ordering for bounded model checking, Wang et al., DAC 2004 Variables in current abstract model are given preference in variable splitting order Static Method: Always decide first on variables in abstract model Dynamic Method: Switch to default solver-heuristic after a threshold number of backtracks Solver works on the whole CNF BCP is expensive Potential for irrelevant conflicts

18 18 Our CG-BMC Implementation SAT Sat Unsat No Yes BUG NO BUG SAT Sat Incremental Solver1 Incremental Solver2

19 19 Experiments PicoJava Benchmarks – derived from compositional verification of ICU (Source: Ken McMillan) Implementation on top of zChaff Comparison with BMC and Wang et al. Timeout = 2hrs Max Depth ( K ) = 60 Measured run-time and number of backtracks

20 20 CG-BMC vs. BMC (Run-time)

21 21 CG-BMC vs. BMC (Backtracks)

22 22 CG-BMC vs. Wang et al. (Run-time)

23 23 CG-BMC vs. Wang et al. (Backtracks)

24 24 Conclusions Abstraction refinement makes BMC faster Reduction in number of backtracks Reduction in BCP time

25 25 Future Work CG-BMC inside a SAT- solver Abstraction levels for clauses Ignore clauses in lower levels until all higher levels are satisfied Move clauses up (and down) across levels Application to SAT- solving in general......

26 26 Questions ?

27 27 BCP - Implementation Watched Literals Keep pointers to 2 unassigned literals in every clause Unit-clause: only 1 literal is unassigned If variable v is assigned, go over all clauses that are watched by v and update watched pointers Time spent on BCP is proportional to the number of clauses containing v (~ size of CNF)

28 28

Download ppt "1 Abstraction Refinement for Bounded Model Checking Anubhav Gupta, CMU Ofer Strichman, Technion Highly Jet Lagged."

Similar presentations

Model Checking Base on Interoplation

Model Checking Base on Interoplation
Automated abstraction refinement II Heuristic aspects Ken McMillan Cadence Berkeley Labs.

Automated abstraction refinement II Heuristic aspects Ken McMillan Cadence Berkeley Labs.
The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.

The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.
Exploiting SAT solvers in unbounded model checking

Exploiting SAT solvers in unbounded model checking
A practical and complete approach to predicate abstraction Ranjit Jhala UCSD Ken McMillan Cadence Berkeley Labs.

A practical and complete approach to predicate abstraction Ranjit Jhala UCSD Ken McMillan Cadence Berkeley Labs.
Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.

Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Presented by Monissa Mohan 1.  A highly optimized BCP algorithm  Two watched literals  Fast Backtracking  Efficient Decision Heuristic  Focused on.

Presented by Monissa Mohan 1.  A highly optimized BCP algorithm  Two watched literals  Fast Backtracking  Efficient Decision Heuristic  Focused on.
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
1 Local Restarts in SAT Solvers Vadim Ryvchin and Ofer Strichman Technion, Haifa, Israel.

1 Local Restarts in SAT Solvers Vadim Ryvchin and Ofer Strichman Technion, Haifa, Israel.
SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)

SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)
Proofs from SAT Solvers Yeting Ge ACSys NYU Nov 20 2007.

Proofs from SAT Solvers Yeting Ge ACSys NYU Nov
Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View SAT.

Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View SAT.
1/30 SAT Solver Changki PSWLAB SAT Solver Daniel Kroening, Ofer Strichman.

1/30 SAT Solver Changki PSWLAB SAT Solver Daniel Kroening, Ofer Strichman.
IBM Labs in Haifa © 2005 IBM Corporation Adaptive Application of SAT Solving Techniques Ohad Shacham and Karen Yorav Presented by Sharon Barner.

IBM Labs in Haifa © 2005 IBM Corporation Adaptive Application of SAT Solving Techniques Ohad Shacham and Karen Yorav Presented by Sharon Barner.
Interpolants from Z3 proofs Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.

Interpolants from Z3 proofs Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)

Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)
Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.

Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.
Proof-based Abstraction Presented by Roman Gershman Ken McMillan, Nina Amla.

Proof-based Abstraction Presented by Roman Gershman Ken McMillan, Nina Amla.

Similar presentations

Ads by Google