Download presentation

Presentation is loading. Please wait.

Published byClinton Chapman Modified about 1 year ago

1
SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB

2
Synchronous Observer Program Obs ok

3

4

5

6

7
I B

8
I B

9
I B

10
I B

11
IB i I(s 0 ) and path([s 0..s i ]) and B(s i ) Satisfying a formula

12
IB I B IB IB

13
If system is bad Finds a shortest countermodel Error trace for debugging

14
But when can we stop? I when contradictory? i

15
Not quite, but I when contradictory loop-free i

16
And symmetrically when contradictory loop-free B

17
Algorithm 1 i:= 0 if not Sat I ornot Sat B then return True i i if Sat then return error trace i := i+1 ; I B i

18
Tighten termination (Alg. 2) i:= 0 if not Sat ornot Sat B then return True if Sat then return error trace i := i+1 ; I i all (not I) i all (not B) I B i

19
Avoid iteration from zero (Alg. 3) i := some constant which can be greater than zero not (all P) I i I all (not I) i+1 Ball (not B) i+1 if Sat then return error trace if not Sator not Sat then return True i:= i+1

20
Base I

21
I

22
Step

23

24
Base B

25
B

26
Step

27

28
Complete method i := some constant which can be greater than zero not (all P) I i I all (not I) i+1 Ball (not B) i+1 if Sat then return error trace if not Sator not Sat then return True i:= i+1

29
Strengthen i := some constant which can be greater than zero not (all P) I i I all (not I) i+1 Ball (not B) i+1 if Sat then return error trace if not Sator not Sat then return True i:= i+1

30
Another way to strengthen Invent a lemma, L(s) that we believe to hold in the reachable states Prove Q(s) = P(s) and L(s) If both P and L hold in the reachable states, this can reduce induction depth

31
Choosing lemmas? Domain knowledge Analysis of the program Strongest possibility is the characterization of the reachable states Van Eijk’s method uses relations between signals as lemmas

32
Reachability analysis Standard approach to safety property verification using Binary Decision Diagrams (BDDs) Generate larger and larger subset of the reachable states. Stop when no new states added Check whether intersects with bad states

33
Reachability analysis Standard algorithms can be adapted to use a SAT-solver. Need to be able to deal with quantifiers in a way that doesn’t just blow up A fascinating research area!

34
References (bounded model checking) A. Biere, A. Cimatti, E.M. Clarke, M. Fujita and Y. Zhu. Symbolic model checking using SAT procedures instead of BDDs. In Proc. 36th Design Automation Conference, P. Bjesse, T. Leonard and A. Mokkedem. Finding bugs in an Alpha microprocessor using satisfiability solvers. In Proc. 13th Int. Conf. On Computer Aided Verification, 2001.

35
References (induction with SAT-solvers) M. Sheeran, S. Singh and G. Stålmarck. Checking safety properties using induction and a SAT-solver. In Proc. 3rd Int. Conf. On Formal Methods in Computer Aided Design, LNCS, Springer Verlag, P. Bjesse and K. Claessen. SAT-based verification without state space traversal. In Proc. 3rd Int. Conf. On Formal Methods in Computer Aided Design, LNCS, Springer Verlag, 2000.

36
References (SAT-based reachability analysis) P. A. Abdulla, P. Bjesse and N. Een. Symbolic reachability analysis based on SAT-solvers. In Proc. TACAS’00. P. F. Williams, A. Biere, E. M. Clarke and A. Gupta. Combining decision diagrams and SAT procedures for efficient symbolic model checking. In CAV’00. A. Gupta, Z. Yang and P. Ashar, SAT-based image computation with application in reachability analysis for verification. In FMCAD’00.

37
SAT

38
ARITH BMC IND RA …

39
The future? Increasingly powerful proof engines Integration in system development tools Combining different engines or methods (for example BDDs and SAT or interactive and automatic methods) Use of formal methods in test pattern generation

Similar presentations

© 2016 SlidePlayer.com Inc.

All rights reserved.

Ads by Google