Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automatic Abstraction Refinement for GSTE Yan Chen, Yujing He, and Fei Xie Portland State University Jin Yang Intel Nov 13, 2007.

Published byClyde Dennis Modified over 9 years ago

Similar presentations

Presentation on theme: "Automatic Abstraction Refinement for GSTE Yan Chen, Yujing He, and Fei Xie Portland State University Jin Yang Intel Nov 13, 2007."— Presentation transcript:

1 Automatic Abstraction Refinement for GSTE Yan Chen, Yujing He, and Fei Xie Portland State University Jin Yang Intel Nov 13, 2007

2 Our Contributions AutoGSTE – An automatic approach to abstraction refinement for GSTE Quickly converge to good abstractions that enable verifications that are not possible before Allow assertion graphs to be high-level w/o adapting too much to circuit implementation 2

3 Outline Overview of (G)STE Quaternary Abstraction and its Imprecision Our Solution – AutoGSTE Counterexample-guided abstraction refinement Model refinement and specification refinement Experiments Conclusion & Future Work 3

4 Symbolic Trajectory Evaluation [Bryant & Seger] Scalability Model checking complexity largely depends on the complexity of the assertion rather than the circuit Pros: Highly efficient Cons: False negatives due to insufficient input constraints R. Tzoref, O. Grumberg, Automatic refinement and vacuity detection for STE, CAV’06 J. Roorda, K. Clarssen, Sat-based assistance to abstraction refinement for STE, CAV’06 Only properties over finite time  GSTE 4

5 Generalized STE [Yang & Seger] ω -regular properties represented by assertion graphs G = { (V, v 0, E, ant, cons) } Non-deterministic execution Fixed-point computation 5

6 GSTE Algorithm 6 Algorithm: GSTE(G, post) (* initialize symbolic simulation *) 1. for each edge e in G 2. if e is from the initial vertex 3. sim(e) := ant(e); 4. put e in EventQueue; 5. else 6. sim(e) := { }; (* perform symbolic simulation *) 7. while EventQueue is not empty 8. get an edge e from the queue, 9. for each successor edge e’ of e begin 10. sim(e’) := sim(e’)  post(sim(e))  ant(e’); 11. if there is a change in sim(e’) 12. put e’ into EventQueue; end (* check consequence *) 13. for each edge e in G 14. if !(sim(e)  cons(e)) return false; 15. return true; end.

7 Outline Overview of (G)STE Quaternary Abstraction and its Imprecision Our Solution – AutoGSTE Counterexample-guided abstraction refinement Model refinement and specification refinement Experiments Conclusion & Future Work 7

8 Quaternary-Value Logic (Unknown) (Conflict) Information Partial OrderPropagation of “Unknown” Two sides of a coin Significantly reduce state spaces by quaternary abstraction Over abstractions cause false negatives  8

9 1 X Causes of False Negative: Quaternary State Set Unions 1 1 1 A B Out 1 0 1X X X Abs. 9 0 1 sim(e’) := sim(e’)  post(sim(e))  ant(e’); 11 Check whether the output is always 1 under certain inputs

10 Causes of False Negative: Existentially Quantified-Out Symbolic Variables c1,c2 is existentially quantified out after every single step simulation 10 [A=c1, B=(!c1|c2)] Out=A|B=c1|(!c1|c2)=1 [A=X, B=X] Out=A|B=X A B Out 1 1 1 0 0 1

11 Outline Overview of (G)STE Quaternary Abstraction and its Imprecision Our Solution – AutoGSTE Counterexample-guided abstraction refinement Model refinement and specification refinement Experiments Conclusion & Future Work 11

12 AutoGSTE: Automatic Abstraction Refinement (1) GSTE Circuit Impl. Assertion Graph Assertion holds Counter Example (2) Counter Example Analysis Assertion fails Causes of Imprecision (3) Abstraction Refinement Refined Abstraction Abstraction refinement: (monotonic) (1) Constraining inputs with symbolic constants/variables (2) Model refinement: introducing precise nodes (3) Spec refinement: assertion graph transformations Causes of imprecision in GSTE’s quaternary abstraction: (1) Under-constrained inputs; (2) Quaternary state set unions; (3) Existentially quantified-out symbolic variables

13 Counter Example Analysis Counter Example [(edge 1,src 1,dest 1 ),…,(edge T, src T,dest T )] Identify “X” nodes in dest T that violates consequent on edge T Backtrack to identify the causes for “X” node N In the end, the following causes will be identified: Output circuit nodes/assertion edges on which Xs are introduced. 13 InputUnionWeak

14 AutoGSTE: Automatic Abstraction Refinement (1) GSTE Circuit Impl. Assertion Graph Assertion holds Counter Example (2) Counter Example Analysis Assertion fails Causes of Imprecision (3) Abstraction Refinement Refined Abstraction Abstraction refinement: (1) Constraining inputs with symbolic constants/variables (2) Model refinement: introducing precise nodes (3) Spec refinement: assertion graph transformations Causes of imprecision in GSTE’s quaternary abstraction: (1) Under-constrained inputs; (2) Quaternary state set unions; (3) Existentially quantified-out symbolic variables

15 Model Refinement Symbolic Indexing (Verifier has to encode it in the specification) Abs. Partition Abs.rew. Finer Partition 15

16 Model Refinement (Cont.) Precise Nodes: Circuit nodes that must always have boolean values by symbolic indexing [Yang and Seger, FMCAD’02] Manually specify precise nodes to eliminate Xs caused by both unions and weaks. AutoGSTE automatically marks precise nodes Mark all the identified nodes as precise Mark one node at a time (control signals first?) 16

17 Specification Refinement Loop unrolling transformations address unions Allow the specification to be high level Dynamically adapt to the real computation flow of the circuit …… 17

18 Automating loop unrolling Unroll each problematic edge to prevent unwanted state set unions Specification Refinement (Cont.) 18 1 2 3 4

19 Case splitting transformations address weaks Symbolic variables symbolically index a set of edges with scalar values Remember the variable values by case splitting Specification Refinement (Cont.) 19

20 Outline Overview of (G)STE Quaternary Abstraction and its Imprecision Our solution – AutoGSTE Counterexample-guided abstraction refinement Model Refinement.vs. Specification Refinement Experiments Conclusion & Future Work 20

21 Experiment: FIFO 21

22 FIFO Model Refinement CircuitMark precise nodes all at onceMark precise nodes one a time FIFO Depth # of Nodes # of Iter. # of P. Nodes Time (Sec.) BDD Nodes # of P. Nodes Time (Sec.) BDD Nodes 3181150.12 10232 30.26 8996 8296170.4 32923 40.81 26708 16476191.1 72189 52.37 58250 247871112.38 131236 66.83 104246 Better than manual analysis! 22

23 FIFO Specification Refinement CircuitGSTE on Original assertion graphSemantic-Preserving Transformation FIFO Depth # of Edges Time (Sec.) BDD Nodes Mem (MB) Result # of Edges Time (Sec.) BDD Nodes Mem (MB) Result 3110.01517Fail310.23617Pass 8260.02517Fail2012.69619Pass 16500.04517Fail78517.3626Pass 24740.07517Fail175354.2639Pass Too complex to do manually! 23

24

25

26

27 Conclusion & Future Work An automatic approach to abstraction refinement for GSTE Quickly converge to good abstractions Future work Identify minimal set of precise nodes Reduce unnecessary loop-unrolling/case-splitting Integrate model refinement and spec refinement 27

Download ppt "Automatic Abstraction Refinement for GSTE Yan Chen, Yujing He, and Fei Xie Portland State University Jin Yang Intel Nov 13, 2007."

Similar presentations

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Continuing Abstract Interpretation We have seen: 1.How to compile abstract syntax trees into control-flow graphs 2.Lattices, as structures that describe.

Continuing Abstract Interpretation We have seen: 1.How to compile abstract syntax trees into control-flow graphs 2.Lattices, as structures that describe.
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.

Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………

Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………
SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)

SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)
1 Constraint Satisfaction Problems A Quick Overview (based on AIMA book slides)

1 Constraint Satisfaction Problems A Quick Overview (based on AIMA book slides)
Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.

Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.

3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.
Parallel Symbolic Execution for Structural Test Generation Matt Staats Corina Pasareanu ISSTA 2010.

Parallel Symbolic Execution for Structural Test Generation Matt Staats Corina Pasareanu ISSTA 2010.
Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani

Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by Intel.

Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by Intel.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

Similar presentations

Ads by Google