Undergraduate work. Symbolic Model Checking Using Additive Decomposition by. Himanshu Jain. Joint work with Supratik Chakraborty

Similar documents
Model checking the basic modalities of CTL with Description Logic

Non-linear Quantification Scheduling in Image Computation

Lecture 2: Symbolic Model Checking With SAT

Efficient Guided Symbolic Reachability Using Reachability Expressions

State-Space Exploration. Stavros Tripakis University of California, Berkeley

Sequential Equivalence Checking without State Space Traversal

1 Algebraic Methods. 1.1 Gröbner Bases Applied to SAT

Applications of Craig Interpolants in Model Checking

Symbolic Trajectory Evaluation (STE): Orna Grumberg Technion, Israel

Counterexample-Guided Abstraction Refinement

Double Header. Model Checking. Model Checking. Overarching Plan. Take-Home Message. Spoiler Space. Topic: (Generic) Model Checking

Model Checking: An Introduction

Counterexample-Driven Model Checking

EECS 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization

Software Verification using Predicate Abstraction and Iterative Refinement: Part 1

On Boolean Encodings of Transition Relation for Parallel Compositions of Transition Systems

Revising Specifications with CTL Properties using Bounded Model Checking

SBMC : Symmetric Bounded Model Checking

GROEBNER BASES COMPUTATION IN BOOLEAN RINGS

Boolean decision diagrams and SAT-based representations

Computation Tree Logic (CTL)

Model Checking. Boris Feigin March 9, University College London

Bounded Model Checking with SAT/SMT. Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39

CS357: CTL Model Checking (two lectures worth) David Dill

Sequential Equivalence Checking - I

The Eager Approach to SMT. Eager Approach to SMT

Bounded LTL Model Checking with Stable Models

Verification using Satisfiability Checking, Predicate Abstraction, and Craig Interpolation. Himanshu Jain THESIS ORAL TALK

Binary Decision Diagrams and Symbolic Model Checking

Equivalence Checking of Sequential Circuits

Overview. Discrete Event Systems Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?

An Efficient Decision Procedure for Functional Decomposable Theories Based on Dual Constraints

MODEL CHECKING. Arie Gurfinkel

SAT-Based Verification of Safe Petri Nets

Model Checking. Temporal Logic. Fifth International Symposium in Programming, volume. of concurrent systems in CESAR. In Proceedings of the

A Generalization of Cobham s Theorem to Automata over Real Numbers 1

Lecture Notes on Emptiness Checking, LTL Büchi Automata

Linear Temporal Logic and Büchi Automata

IC3, PDR, and Friends

QBF Encoding of Temporal Properties and QBF-based Verification

Verification Using Temporal Logic

COMPRESSED STATE SPACE REPRESENTATIONS - BINARY DECISION DIAGRAMS

Progress on the State Explosion Problem in Model Checking

Verifying Safety Properties of a PowerPC TM Microprocessor Using Symbolic Model Checking without BDDs

A Generalization of Cobham s Theorem to Automata over Real Numbers

KeYmaera: A Hybrid Theorem Prover for Hybrid Systems

Formal Methods Lecture VII Symbolic Model Checking

Unbounded, Fully Symbolic Model Checking of Timed Automata using Boolean Methods

SAT-Solving: From Davis- Putnam to Zchaff and Beyond Day 3: Recent Developments. Lintao Zhang

Lecture Notes on Model Checking

Reducing CTL-live Model Checking to Semantic Entailment in First-Order Logic (Version 1)

Temporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.

Abstraction in Program Analysis & Model Checking. Abstraction in Model Checking. Motivations & Results

SAT in Formal Hardware Verification

Detecting Spurious Counterexamples Efficiently in Abstract Model Checking

Binary Decision Diagrams

Learning Abstractions for Model Checking

Reduced Ordered Binary Decision Diagrams

Parameterized Complexity Results for Symbolic Model Checking of Temporal Logics

Symbolic Model Checking of Domain Models. for Autonomous Spacecrafts

Interpolant-based Transition Relation Approximation

IMITATOR: A Tool for Synthesizing Constraints on Timing Bounds of Timed Automata

Postprint.

Completeness and Complexity of Bounded Model Checking

Detecting Support-Reducing Bound Sets using Two-Cofactor Symmetries 1

Verifying Randomized Distributed Algorithms with PRISM

Compressing BMC Encodings with QBF

Property Checking By Logic Relaxation

arxiv: v1 [cs.lo] 29 May 2014

Formal Verification Methods 1: Propositional Logic

Crash course Verification of Finite Automata CTL model-checking

Implication-Based Approximating Bounded Model Checking

Symbolic Data Structure for sets of k-uples of integers

Formal Verification of Mobile Network Protocols

PLEASE DO NOT REMOVE THIS PAGE

PSPACE-completeness of LTL/CTL model checking

W.-P. de Roever, H. Langmaack, and A. Pnueli (Eds.): COMPOS 97, LNCS 1536, pp , Springer-Verlag Berlin Heidelberg 1998

Reduced Ordered Binary Decision Diagrams

Fast DQBF Refutation

A brief history of model checking. Ken McMillan Cadence Berkeley Labs

Optimal Metric Planning with State Sets in Automata Representation [3]

Predicate Abstraction in Protocol Verification

Constraint Solving for Program Verification: Theory and Practice by Example

Symbolic Model Checking without BDDs

UCLID: Deciding Combinations of Theories via Eager Translation to SAT. SAT-based Decision Procedures

An Interpolating Theorem Prover

The State Explosion Problem

Basing Decisions on Sentences in Decision Diagrams

Partial model checking via abstract interpretation

Relating Counterexamples to Test Cases in CTL Model Checking Specifications

Symbolic Model Checking with ROBDDs

Quantified Boolean Formulas: Complexity and Expressiveness

New Complexity Results for Some Linear Counting Problems Using Minimal Solutions to Linear Diophantine Equations

Tutorial 1: Modern SMT Solvers and Verification

IC3 and Beyond: Incremental, Inductive Verification

Representations of All Solutions of Boolean Programming Problems

Introduction. Büchi Automata and Model Checking. Outline. Büchi Automata. The simplest computation model for infinite behaviors is the

Combinational Equivalence Checking using Boolean Satisfiability and Binary Decision Diagrams

Probabilistic verification and approximation schemes

SAT-based Combinational Equivalence Checking

Transcription:

Undergraduate work Symbolic Model Checking Using Additive Decomposition by Himanshu Jain Joint work with Supratik Chakraborty

Organization of the Talk Basics Motivation Related work Decomposition scheme Using the decomposition Future work

Basics Kripke structure CTL formula v v 1 2 0 1 1 1 1 0 Figure 1: Kripke structure Consider a formula f = (v 1 v 2 ) Specification: v 1 v 2 = AFf

Motivation Symbolic representation techniques (BDDs) have been shown to handle state transition graphs with 10 120 states. ([3]) For many practical circuits the problem of memory explosion exists. One of the causes for memory explosion is quantification over next state which arises in pre-image computation N(V ) = V (T(V, V ) R(V ))

Related Work Specialized algorithm for pre-image computation [6]. Also known as AndAbstract operation in BDD packages. Partitioned transition relations [3] Quantifier scheduling [5] Quantifier elimination in sequential circuits [8], [1]

Related Work contd. For sequential circuits v i f i(v, I) Transition relation n i=1 (v i f i(v, I)) EXZ = I(Z(f 1,...,f n )) [7] Replacement of quantification by substitution is a useful optimization [8] Works well only if number of input variables are less

Related work contd. Chakraborty et al. [4] came up with a new decomposition scheme. They decompose a Kripke structure into a set of components. For now assume we have a monolithic transition relation T(V, V ).

Component of a Kripke structure Each state has exactly one outgoing transition which is present in original Kripke struture 0 1 1 0 0 1 1 0 1 1 0 0 1 1 0 0 Kripke Structure Component Figure 2: Component example For a component v i = f i(v ) In above example v 1 = v 1 v 2 and v 2 = 0

Properties of a component Pre-image of a set of states Z(V ) is given by EXZ = Z(f 1,...,f n ) No quantification is involved when doing pre-image computation on a component. Note vector composition is needed. Costly operation in a BDD based implementation. Path quantifiers A and E are same for a component. How do we generate a component? Is it costly?

Decomposition of a Kripke structure Is a set of components of a given Kripke structure. Complete decomposition Minimal decomposition Partial decomposition

Number of components Minimal decomposition requires exactly maximum outdegree number of components 1 2 3 4 f M 1 2 3 4 f C 1 1 2 3 4 f C 2 Figure 3: Minimal number of components

Related work Chakraborty et al. [4] showed how to do reachability analysis (EF) computation using partial decomposition. We show how to do complete CTL model checking using partial decomposition. Our algorithm will generate a minimal decomposition only in the worst case. For sequential circuits (ISCAS89) number of components generated were than 4. From now on we will concentrate on calculation of AXZ operator.

Example 1 AXZ = {3, 4} AX 1 Z = {3, 4} AX 2 Z = {1, 3, 4} 1 2 3 4 f M 1 2 3 4 C 1 1 2 3 4 C 2 Figure 4: AXZ calculation using minimal decomposition

Important results Given a Kripke structure M = (S, T, L). Let a minimal decomposition of M be {C 1,...,C k }. EXZ = k i=1 EXi Z AXZ = k i=1 AXi Z = k i=1 EXi Z Do these results seem familiar? Disjunctive partitioning [3]

Using minimal decomposition (Pro) We can do CTL model checking. Number of components needed is exactly equal to maximum outdegree. Only one component needs to remain in memory at a time.

Using a minimal decomposition (Cons) We need to generate a minimal decomposition in the begining itself. It is costly if the maximum outdegree is large. We will give an algorithm that generates a minimal decomposition in the worst case.

Basic intuition Do we need to generate both C 1 and C 2 for finding AXZ? Can we generate C 1 directly?

Important result Given a partial decomposition D and a set of states Z. We wan t to calculate set of states satisfying AXZ. Say D has m components. Note m can be 0. In worst case we will need to generate one more component to compute AXZ.

Example 2 ~f 1 2 ~f ~f 3 4 f M 1 1 2 3 4 2 3 4 f f Component 1 Component 2 Figure 5: Preferred transitions AXZ = {3, 4} AX 1 Z = {3, 4} and AX 2 Z = {3, 4}

Handling m = 0 case Given M and a set of states Z and an empty decomposition of M. How do we generate the first component C 1 such that AXZ = AX 1 Z? Calculate a set of preferred transitions. P(V, V ) = T(V, V ) Z(V ) When generating C 1 try to pick transitions from preferred set of transitions.

CTL model checking algorithm Every CTL operator can be expressed as a least fixed point or greatest fixed point of AXZ. For each AXZ calculation create a new component. Bound on number of components? We have better way to utilize previously generated components. We stop when a minimal decomposition has been generated.

Component generation Given a preferred set of transitions P(V, V ) and transition relation T(V, V ). Generate a component C giving priority to preferred transitions. Basic idea express v n as a function of h n (X) where X = v 1,...,v n, v 1,...,v n 1. h n (X) = P(X, 0) T(X, 1) Substite h n (X) in preferred set of transitions and transition relation. Iterate.

Future work Efficient algorithm for component generation. Efficient algorithm for vector composition. Implemention using Boolean Decision Diagrams [2], Reduced Boolean Circuits [1].

Any questions Suggestions? Comments?

Thank you

References [1] P. A. Abdulla, P. Bjesse, and N. Een. Symbolic reachability analysis based on sat-solver. In TACAS, 2000. [2] H. R. Andersen and H. Hulgaard. Boolean expression diagrams. In LICS: IEEE Symposium on Logic in Computer Science, 1997. [3] J.R. Burch, E.M. Clarke, and D.E. Long. Symbolic model checking with partitioned transition relations. In A. Halaas and P.B. Denyer, editors, International Conference on Very Large Scale Integration, pages 49 58, Edinburgh, Scotland, 1991. North-Holland. [4] S. Chakraborty and A. Trivedi. Symbolic reachability analysis using additive decomposition. Submitted to TACAS 2004. [5] P. Chauhan, E. M. Clarke, S. Jha, J. Kukula, T. Shiple, H. Veith, and D. Wang. Non-linear quantification scheduling for efficient image computation. In ICCAD, pages 293 298, 2001.

[6] Edmund M. Clarke, Orna Grumberg, and Doron A. Peled. Model Checking. MIT Press, Cambridge, MA, 1999. [7] Filkorn T. Functional extension of symbolic model checking. In Proc. Computer Aided Verification (CAV), Lecture Notes in Computer Science, pages 225 232, 1991. [8] P. F. Williams, A. Biere, E. M. Clarke, and A. Gupta. Combining decision diagrams and SAT procedures for efficient symbolic model checking. In Proc. Computer Aided Verification (CAV), volume 1855 of Lecture Notes in Computer Science, Chicago, U.S.A., July 2000. Springer-Verlag.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback