Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Published byNickolas Jordan Modified over 9 years ago

Similar presentations

Presentation on theme: "Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha."— Presentation transcript:

1 Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha

2 2 Outline  Formal Verification: Motivation  Reachability for Asynchronous Systems Partitioned Transition Relations  Efficient Reachability Techniques MBFS and Saturation  Saturation: Experimental Results  Conclusions

3 3 Formal Verification: Introduction  Use methods from formal logic Show validity of properties on systems Formal requirements hold on a design Software, circuits, protocol models Alternative to simulation, testing Not all behaviors covered  Model checking Verify concurrent systems Introduced by Clarke et al. (1981) An automated technique

4 4 Model Checking  Finite state-transition model M, Property   Determine if M satisfies   Properties  like: req is always followed by ack No error state is reachable from the initial state  Involves Reachability analysis Generate reachable set of states State space explosion 2K2K.... K

5 5 Asynchronous Systems  Concurrent Systems Consist of several execution units  Synchronous All units take an execution step together  Asynchronous Units may execute independent of each other Interleaved semantics of execution E.g. Concurrent software, asynchronous circuits  Goal: Efficient model checking of asynchronous systems Symbolic Reduced State-Space

6 6 Symbolic Model Checking  Use Ordered Binary Decision Diagrams (BDDs) Canonical, compact, operate on state sets  Encode the system model M with BDDs States encoded by boolean variables V Transition relation also as BDD N(V,V’) s1s1 s0s0 t1t1 t2t2 t3t3 s0s1s0s1 a01a01 (!a Æ a’)  (a Æ !a’)  (a Æ a’) N(a,a’) = a a’ 1 0 1 11 01 1 a 1 0 1 1 a < a’ 0 0

7 7 Partial-Order Reduction s0s0’s0s0’ s0s1’s0s1’ s1s0’s1s0’ s1s1’s1s1’ Choose a representative set of paths  Alternative model checking approach Useful if order of execution of transitions is irrelevant  Sufficient to visit a subset of actual reachable state space  Focus of this talk Full state space reachability using BDDs a a b b s0s0 s1s1 s0’s0’s1’s1’ b a

8 8 Reachability Analysis  One-step reachability: Given a set of states S Find which states S’ can be reached in one step  Iteratively apply one-step reachability Until no new states are visited  Breadth-first exploration of graph e a d g b c f R0R0 R1R1 R2R2 e a d g b c f e a d g b c f = R 3

9 9 The Bigger Picture Combinational Circuit Delay o1o1 o 1 = 0 o 2 = 0 o 1 = 1 o 2 = 0 o 1 = 0 o 2 = 1 o 1 = 1 o 2 = 1 ? I1I1 Combinational Circuit Delay o2o2 I2I2

10 10 Symbolic Reachability : Image Computation  Image of a set of states S Transition relation N: one-step reachability Basic operation, hence must be efficient  Symbolic image computation: S(V), N(V,V’) BDDs Img(S,N) = [ 9 v 2 V (S(V) Æ N(V,V’) )]  Reachability (starting from initial S 0 ): Reach(S,N) = S [ Img(S,N) Fixpoint: S. Reach(S,N)Fixpoint: S. Reach(S,N)  Efficiency problem: Large N(V,V’) Large intermediate BDD sizes in image computation

11 11 Illustration: Intermediate BDD Sizes # BddNodes # States Dining Philosophers model Iterations

12 12 Partitioned Transition Relations  Introduced by Burch et al. (BCL91)   : Conjunction ( Æ ) or Disjunction () N(V,V’) = N 1  N 2   N k Typically, each N i much smaller than N  Asynchronous systems with interleaving semantics: N(V,V’) = N 1  N 2   N k N i : only the i th unit executes Img(S, N) = V i Img(S,N i ) [BCL91] J.R. Burch, E.M. Clarke, and D.E. Long. Symbolic model checking with partitioned transition relations. In A. Halaas and P.B. Denyer, editors, International Conference on Very Large Scale Integration, pages 49-58, Edinburgh, Scotland, 1991. North-Holland. N1N1 N2N2 N3N3

13 13 BDD blowup  Must consider different intermediate combinations of reachable states of concurrent units Even if they are independent Adds to intermediate BDD sizes  Idea: Explore each unit separately to avoid such correlation [BCL91] Modified Breadth-First Search (MBFS) [BCL91] J.R. Burch, E.M. Clarke, and D.E. Long. Symbolic model checking with partitioned transition relations. In A. Halaas and P.B. Denyer, editors, International Conference on Very Large Scale Integration, pages 49-58, Edinburgh, Scotland, 1991. North-Holland.

14 14 Modified Breadth-First Search (MBFS)  Given a disjunctive partition: N 1,...,N k Compute local fixpoints: S. Reach(S,N i ) Stop when: 8 i. Reach(S,N i ) = S  Lower intermediate BDD sizes  Chaotic fixpoint iteration strategy Family of functions: {Reach(S,N i ) j i · k} Apply functions in arbitrary order till convergence Must apply each function sufficiently often  Observation: MBFS strategy may not be able to avoid blowups in some cases N1*N1* N2*N2* N3*N3*

15 15 s = (v 2, v 1,... ) N 1, N 2, N 3,... Illustration: BDD Blowup in MBFS s 1 (11) s 0 (00) N2N2 s 2 (01) s 3 (10) N1N1 N1N1 N 1, N 2 v2v2 v1v1 1 0 0 MBFS N 1, N 2 N1N1 v2v2 1 0 MBFS N2N2 N3N3... v2v2 v1v1 1 0 1 1 N1N1 1 MBFS N3N3 BDD explosion (s 0 ) (s 0,s 2 )(s 0,s 1,s 2 ) (s 0,s 1,s 2,s 3 )

16 16 Saturation: New approach  Assume fixed variable ordering on BDDs: v 1 < v 2... < v k  Define High(N i ): “least” variable that N i might change Low(N i ): “greatest” variable that N i might change  Order transition relations by [High(N i ), Low(N i )] : N j Á N i N j changes only “lower” BDD variables than N i v2v2 v1v1 1 0 1 1 N2N2 N1N1 N 1 Á N 2

17 17 Saturation (Contd.)  Saturate (N i ) do Compute S. Reach(S,N i ) /* states reachable by only N i */ 8 N j Á N i. Saturate (N j ) /*explore all N j Á N i */ Until S does not change Visits all possible reachable states using “lower” transition relations than N i  Overall Strategy: K partitions For i= 1 to K. Saturate(N i ) N3*N3* N2*N2* N1*N1*

18 18 Saturation: Discussion  Advantages Exploits independence of concurrent units Lower intermediate BDD sizes than MBFS Faster reachability computation in many cases  Drawbacks May lead to spurious iterations Relies heavily on good variable ordering

19 19 Experimental Results  Implemented Saturation approach in NuSMV model checker Handles designs of industrial strength Comparison with NuSMV with default options OOR: out of resources

20 20 Experimental Results (contd.)  Implemented MBFS approach in NuSMV Comparison with MBFS

21 21 Experimental Results (contd.) Iterations Kanban(20): Comparison of Intermediate BDD sizes

22 22 Conclusions  Efficient methods to compute reachable states of asynchronous systems Based on disjunctive partitions MBFS Alternative approach: Saturation  Experimentally validated on several examples  Future research Heuristics for obtaining good BDD variable ordering automatically Combining Saturation with Partial Order Reduction

23 23 Questions ?

Download ppt "Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha."

Similar presentations

Model Checking Base on Interoplation

Model Checking Base on Interoplation
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.

Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)

SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)
Hardware and Petri nets Symbolic methods for analysis and verification.

Hardware and Petri nets Symbolic methods for analysis and verification.
Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.

Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.

Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.
ECE 667 - Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.

ECE Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.
Syntax-driven partitioning for model-checking of Esterel programs Eric Vecchié - INRIA Aoste.

Syntax-driven partitioning for model-checking of Esterel programs Eric Vecchié - INRIA Aoste.
SYMBOLIC MODEL CHECKING: 10 20 STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.

SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.
CS 267: Automated Verification Lecture 7: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking.

CS 267: Automated Verification Lecture 7: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Syntax-driven partitioning for model-checking of Esterel programs Eric Vecchié - INRIA Tick.

Syntax-driven partitioning for model-checking of Esterel programs Eric Vecchié - INRIA Tick.
Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)

Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)

Similar presentations

Ads by Google