Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exploration of Large State Spaces Armando Tacchella Lab - Software Engineering DIST – Università di Genova.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Exploration of Large State Spaces Armando Tacchella Lab - Software Engineering DIST – Università di Genova."— Presentation transcript:

1 Exploration of Large State Spaces Armando Tacchella Lab - Software Engineering DIST – Università di Genova

2 Scenario  Applications  Formal verification  Planning  Issues  Is there a bug in the design?  Is there a plan to reach the goal?

3 Formal verification  Modulo 4 counter  Bug: it is not possible to reach s 00 starting from s 01 or s 10  The bug can be discovered, e.g., by trying to reach s 00 either from s 01 or s 10 00 01 10 11 00 01 10 11 00 01 10

4 Why formal verification? Implementation Bugs Presented at DAC2001 by: Bob Bentley, Intel Corp.

5 Planning  Blocks world  A block can be:  on top of another block  on top of the table  Blocks can be moved from a source to a destination  The goal is to rebuild the tower upside-down  The plan is the sequence of moves to the goal 1 5 2 34

6 Common model  Set of states (configurations)  Transitions between states  Set of initial states  Set of final states  Is there a path from some initial state to some final state?  Solving a reachability problem on a graph

7 Reachability  Graph representation  each node is a state  each arc is a transition  One ore more sources (initial states)  One ore more targets (final states)  Reachability can be solved with standard graph algorithms  Optimization on the path length can be done using, e.g., Djikstra algorithm

8 Representing states  States are encoded using vectors of boolean variables  State variable x = { x 1,...,x N }  A state is an assignment of boolean values {0,1} to a state variable  State s = { v 1,...,v N } where v i  {0,1}

9 How large is the state space?  2 N states (and 2 2N transitions) at most  In real sized problems N is easily >100  How large is 2 100 ?  Consider that 2 100 ns ~ 3·10 12 yr  Classical graph representations may not be feasible in practice!

10 Symbolic encoding  Use boolean formulas to encode:  Initial states I(x)  Transitions T(x, x’)  Final states F(x)  Given two states s,t  I(s) = 1 exactly when s is an initial state  T(s,t) = 1 exactly when there is a transition between s and t  F(s) = 1 exactly when s is a final state

11 A glimpse into Boolean logic...  Every variable (x1, x2,...) is a formula  If F and G are formulas  F is a formula (negation of F)  F+G (disjunction), F·G (conjunction), F  G (implication) are formulas  Consider the following abbreviations:

12 Symbolic encoding (example) 00 01 10 11 000 001 010011 100 101 110 111 Counter modulo N  2 N nodesT N  O(N 2 ) symbols

13 Bounded symbolic reachability  Reaching a final state from an initial one with a path of length at most k (nodes)  If R(s 1,...,s k )=1 then the sequence s 1,...,s k has the following properties (i  {1,...,k}):  I(s 1 )=1  T(s i,s i+1 )=1 for all s i  F(s i )=1 for some s i

14 Symbolic reachability (example) 00 01 10 11 Modulo 4 counter (bugged) 10 00 Initial state s 10, final state s 00 R(x 1,x 2,x 3 ) = 0 for all values of x 1,x 2,x 3  s 00 is unreachable from s 10

15 Solving symbolic reachability  Symbolic encondings enable handling of large state spaces  Bounded symbolic reachability amounts to finding s 1,...,s k s.t. R(s 1,...,s k )=1  Decide whether the boolean formula R is satisfiable or not (a.k.a. SAT problem)  There is no free lunch: SAT is NP-hard!  Is this a limitation?

16 A glimpse into complexity...  Two resources: TIME (omitted) and SPACE  P = polynomial, EXP = exponential  N = non-deterministic  co = complement of NPco-NP P PSPACEEXP Bounded symbolic reachability and SAT Symbolic reachability and Q-SAT Reachability

17 Solving SAT: preliminaries  Formulas in Conjunctive Normal Form:  The formula is a set (conjunction) of clauses  Each clause is a set (disjunction) of literals  A literal is a variable or the negation of a variable  Given any formula F it is always possible to produce F’ in CNF s.t. F’ is satisfiable exactly when F is satisfiable and |F’|=poly(|F|)

18 Formulas and CNF (example) T 4 (x,x’) x  y  x+y (x·y)  x+y T 4 (x,x’) in CNF 

19 Solving SAT: search algorithm Search(F) Simplify(F) if F=  return 1 if  F return 0 l  ChooseLiteral(F) if Search(F  {l}) then return 1 else return Search(F  {-l}) Simplify(F) while  l : {l}  F do for each C  F : l  C F = F/{C} for each C  F : -l  C F = F/{C}  {C/{-l}} end

20 Search process (example)

21 Solving SAT: in practice  The performance of the search algorithm critically depends on  the particular ChooseLiteral heuristic  the amount of simplification performed  the smartness of the backtracking schema  No silver bullet, but state-of-the-art SAT solvers can solve industrial scale problems with thousands of variables!

22 Research issues  Bounded symbolic reachability via SAT  performs very well on bug-finding  when the error trace is short, or  the diameter of the search space is small  Nevertheless  since there can be up to 2 N states, it may not be feasible for general symbolic reachability, and  it can become impractical even for error traces of reasonable lengths

23 Research issues (ctd.)  Tools for reasoning with boolean formulas  are routinely used in reasearch and industry  reach good performance and capacity standards  Nevertheless  most of them is special purpose (disposable code)  they are difficult (if not impossible) to integrate into existing systems  most often they are unsupported, undocumented, not robust enough for time/safety/money-critical applications

24 Lab core research  Encodings for (bounded) symbolic reachability exploiting quantified Boolean formulas  compact and (possibly) effective, but  challenging: solving Q-SAT is PSPACE-hard!  A toolkit for reasoning with Boolean formulas  handles quantified Boolean formulas  features a component-based architecture  Integrates several services, e.g., enumeration of assignments, logic minimization, …  is reasonably efficient w.r.t. special purpose tools

25 Formal verification projects  FIRB: Knowledge Level Automated Software Engineering ( ends in 2005)  PRIN: Advanced Reasoning Systems for the representation and Formal Verification of Complex Systems (ends in 2004)  INTEL: SAT Solvers for Symbolic Model Checking and Formal Verification (2001-2003)

26 Planning projects  ASI-DOVES: Enabling On-board Autonomy: A platform for the Development of Verified Software (ends in 2004)  ASI-SACSO: Safety Critical Software for planning space robotics (ends in 2004)  ASI-GMES: Un Sistema Innovativo per la gestione di Costellazioni di Satelliti e la sua Applicazione alla Tutela Ambientale (proposta)  RoboCare: Sistema multi-agente con componenti fisse e robotiche mobili intelligenti (fine nel 2005)

27 FIRB Knowledge Level Automated Software Engineering 4 Milioni di Euro DIT Università di Trento DIS Università “ La Sapienza ” Delisa-Delta Dator Trento DIST Università di Genova IRST Istituto Trentino di Cultura

28 FIRB (objectives)  A Knowledge Level Automated Software Engineering methodology,  A requirement actor and goal oriented framework  Theories and techniques for the code analysis  A concept demonstrator prototype, integrating the developed techniques  The application of the prototype to a case study

29 FIRB (activities)  Development of a methodology based on the goal/actors paradigm  Automated Reasoning for validation and verification of software (QBF, BMC, SAT...)  Automated Planning for software development automation  Natural language processing for documentation analysis  Analysis and Testing of systems based on the goal/actors paradigm

30 Lab activies on FIRB  Development of a planning language for the goal/actor framework  Study and development of planning techniques based on SAT  Study and development of planning techniques based on QBF  Development of a Tool for formal verification

31 Ricerca tesisti per FIRB  Buone conoscenze di :  Informatica di base (algoritmi e strutture dati)  Linguaggi C/C++ standard  Lingua Inglese  Disponibiltà:  A lavorare sodo in un team giovane e in crescita  A trascorrere periodi a Trento durante la tesi  Ad iniziare la tesi a Settembre/Ottobre 2003  Programma:  Formazione iniziale a Genova durante la tesi  Completemento attività presso ITC/IRST di Trento con contratto di collaborazione annuale

Download ppt "Exploration of Large State Spaces Armando Tacchella Lab - Software Engineering DIST – Università di Genova."

Similar presentations

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
50.530: Software Engineering

50.530: Software Engineering
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:

Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:
The Theory of NP-Completeness

The Theory of NP-Completeness
Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.

Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.
© The McGraw-Hill Companies, Inc., 2005 8 - 1 Chapter 8 The Theory of NP-Completeness.

© The McGraw-Hill Companies, Inc., Chapter 8 The Theory of NP-Completeness.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)

Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)
Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.

Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.
1 Boolean Satisfiability in Electronic Design Automation (EDA ) By Kunal P. Ganeshpure.

1 Boolean Satisfiability in Electronic Design Automation (EDA ) By Kunal P. Ganeshpure.
Heuristics for Efficient SAT Solving As implemented in GRASP, Chaff and GSAT.

Heuristics for Efficient SAT Solving As implemented in GRASP, Chaff and GSAT.
1 Deciding separation formulas with SAT Ofer Strichman Sanjit A. Seshia Randal E. Bryant School of Computer Science, Carnegie Mellon University.

1 Deciding separation formulas with SAT Ofer Strichman Sanjit A. Seshia Randal E. Bryant School of Computer Science, Carnegie Mellon University.
Presented by Ed Clarke Slides borrowed from P. Chauhan and C. Bartzis

Presented by Ed Clarke Slides borrowed from P. Chauhan and C. Bartzis
GRASP-an efficient SAT solver Pankaj Chauhan. 6/19/201515-398: GRASP and Chaff2 What is SAT? Given a propositional formula in CNF, find an assignment.

GRASP-an efficient SAT solver Pankaj Chauhan. 6/19/ : GRASP and Chaff2 What is SAT? Given a propositional formula in CNF, find an assignment.
The Theory of NP-Completeness

The Theory of NP-Completeness
Sanjit A. Seshia and Randal E. Bryant Computer Science Department

Sanjit A. Seshia and Randal E. Bryant Computer Science Department
Analysis of Algorithms CS 477/677

Analysis of Algorithms CS 477/677
GRASP SAT solver Presented by Constantinos Bartzis Slides borrowed from Pankaj Chauhan J. Marques-Silva and K. Sakallah.

GRASP SAT solver Presented by Constantinos Bartzis Slides borrowed from Pankaj Chauhan J. Marques-Silva and K. Sakallah.

Similar presentations

Ads by Google