Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient SAT-based Techniques for Predicate Abstraction Efficient SAT-based Techniques for Predicate Abstraction Shuvendu K. Lahiri Joint work with Thomas.

Published byTyler Rooney Modified over 10 years ago

Similar presentations

Presentation on theme: "Efficient SAT-based Techniques for Predicate Abstraction Efficient SAT-based Techniques for Predicate Abstraction Shuvendu K. Lahiri Joint work with Thomas."— Presentation transcript:

1 Efficient SAT-based Techniques for Predicate Abstraction Efficient SAT-based Techniques for Predicate Abstraction Shuvendu K. Lahiri Joint work with Thomas Ball, Randy Bryant, Byron Cook, Robert Nieuwenhuis, Albert Oliveras Microsoft Research, Redmond

2 – 2 – Program Analysis and Abstraction Unbounded State Space Unbounded integers, arrays, heap State exploration may not terminateAbstraction Construct an overapproximation of program behavior Abstract domain/operators ensures that the analysis terminates

3 – 3 – Automatic Predicate Abstraction Graf & Saïdi, CAV 97 Underlying framework Abstract Interpretation, Cousot & Cousot 77Idea Given set of predicates P = {P 1, …, P k } Formulas describing properties of system state Finite Abstraction ss Abstraction (s) = subset of {P 1, …, P k } holds on s At most 2 k abstract states

4 – 4 – Predicate Abstraction in Practice Boolean Program from C programs SLAM Software Model Checking BLAST, MAGIC, … Loop invariant synthesis for arrays and lists ESC-JAVA,.. Distributed Protocol Verification UCLID, Murphi, …

5 – 5 – Definitions Predicates Literals in some theory T P = {x = 1, x = y, x < y + 2, f(x) = f(y) + 2,..}Formula Boolean combination of predicates (x = 1 x < y + 2)

6 – 6 – Fundamental Operation: Predicate Cover P: Set of predicates : Formula : Formula F P ( ) Predicate cover of P Weakest expression over P that implies A minterm over P A conjunction of predicates P i or their negations their negations F P ( ) Partitioning defined by the predicates

7 – 7 – F P ( ) Example Minterms over P x y x 2 x < y x 2 x y x = 2 x < y x = 2 P : {x < y, x = 2} : y > 1 : y > 1

8 – 8 – Traditional approaches F P ( ) Predicate cover of P Weakest expression over P that implies Partitioning defined by the predicates P: Set of predicates : Formula : Formula Check which minterms imply Check which minterms imply Use a decision procedure to check the implication Exponential number of Decision Procedure Calls

9 – 9 – Traditional approaches Large number of decision procedure calls P Worst case exponential in P Exponential behavior often seen in practice Each decision procedure call can be expensive Limits scalability F P ( ) invoked a few thousand times during a single software verification run Tools have to sacrifice precision for efficiency

10 – 10 – Overview of the talk Two approaches to predicate abstraction Symbolic Decision Procedures Satisfiability Modulo Theory (SMT) based Symbolic decision procedures (SDP) [Lahiri, Ball, Cook CAV05] SMT-based predicate abstraction Eager [Lahiri, Bryant, Cook CAV03] DPLL(T) based [Lahiri, Oliveras, Nieuwenhuis CAV06]Results Challenges ahead

11 – 11 – Predicate Abstraction using Symbolic Decision Procedures

12 – 12 – Overview of SDP Symbolic Decision Procedures Predicate abstraction SDP for Equality Logic Combining SDP for two theories

13 – 13 – Computing F P ( ) F P distributes over conjunction F P ( 1 2 ) = F P ( 1 ) F P ( 2 ) Suffices to compute F P (e 1 e 2 …. e n ) Each e i is an atomic expression First convert to an equivalent conjunctive normal form (CNF) Rest of the talk, assume n = 1 (simplicity) Concentrate on computing F P (e)

14 – 14 – Decision Procedure (DP) Input A set G = {g 1,…, g m } of atomic expressions An atomic expression eOutput Is G e valid?Equivalently Is g 1.. g m e UNSAT? Is G { e} UNSAT?

15 – 15 – Symbolic Decision Procedure (SDP) Input A set G = {g 1,….,g m } of atomic expressions An atomic expression eOutput Representation for {G | G G, and G { e} is UNSAT} Symbolic Decision Procedure One run of SDP(G,e) represents an exponential (2 |G| ) number of runs of DP(G,e)

16 – 16 – Predicate Abstraction and SDP PBar = { p | p P } SDP(P PBar, e) represents F P (e) SDP(P PBar, e) represents F P (e) F P (e) all minterms over P PBar that imply e SDP(P PBar, e) {G | G P PBar, and G { e} is UNSAT}

17 – 17 – Overview of SDP Symbolic Decision Procedures Predicate abstraction SDP for Equality Logic Combining SDP for two theories

18 – 18 – A Decision Procedure for Equality Logic Atomic expressions x = y, x y Inference Rules (R) Reflexivity, Symmetry, Transitivity Contradiction x = y, x y Inference rule generates a new expression from existing expressions

19 – 19 – A Decision Procedure for Equality Logic Atomic expressions x = y, x y Inference Rules (R) Reflexivity, Symmetry, Transitivity Contradiction x = y, x y Inference rule generates a new expression from existing expressions a = bb = c a c a = c a c

20 – 20 – A Decision Procedure for Equality Logic Atomic expressions x = y, x y Inference Rules (R) Reflexivity, Symmetry, Transitivity Contradiction x = y, x y Inference rule generates a new expression from existing expressions R R R G { e} Contains Yes UNSAT SAT lg(|G|)

21 – 21 – Symbolic DP for Equality Logic Modifications Introduce a Boolean variable [g] for each expression g in G Add true for e Construct a shared expression for the derivations a = bb = c a c [a = b][b = c]true a = dd = c [a = d][d = c] G = {a=b,b=c,a=d,d=c}; e : (a = c) e : (a = c)

22 – 22 – Symbolic DP for Equality Logic a = bb = c a c a = c a c [a = b][b = c]true a = dd = c [a = d][d = c] G = {a=b,b=c,a=d,d=c}; e : (a = c) e : (a = c) Modifications Introduce a Boolean variable [g] for each expression g in G Add true for e Construct a shared expression for the derivations

23 – 23 – Symbolic DP for Equality Logic Modifications Introduce a Boolean variable [g] for each expression g in G Add true for e Construct a shared expression for the derivationsSDP(G,e) The expression representing after lg(|G|) steps a = bb = c a c a = c a c [a = b][b = c]true a = dd = c [a = d][d = c] G = {a=b,b=c,a=d,d=c}; e : (a = c) e : (a = c)

24 – 24 – Symbolic DP for Equality Logic Output A shared Boolean expression with [.] variables in the leaves a = bb = c a c a = c a c [a = b][b = c]true a = dd = c [a = d][d = c] G = {a=b,b=c,a=d,d=c}; e : (a = c) e : (a = c)

25 – 25 – SDP for Equality Logic Expression representing after lg(|G|) steps Shared expression for {G | G G, and DP(G,e) is UNSAT} Shared expression can be computed in polynomial time Derivations repeated for lg(|G|) steps Each step has at most |V| 2 atomic expressions V: number of vars in G

26 – 26 – SDP for other theories Bounded-depth Saturating Theory T Decision procedure for T can be implemented by saturation G Provide a function Depth: G Nat, to denote the max. depth to iterate R R R G { e} Contains Yes UNSAT SAT Depth(G) No

27 – 27 – SDP for other theories Equality with Uninterpreted Functions (EUF) Expressions: f(x) = f(g(y)), x = f(z) Depth(G) < 3m m is the number of terms in G Polynomial Complexity of SDP Difference Logic (DIFF) Expressions: x y + c Depth(G) < lg(|G|) Pseudo Polynomial Complexity of SDP Depends on the size of constants in G

28 – 28 – Overview of SDP Predicate Abstraction Symbolic Decision Procedures Predicate abstraction SDP for Equality Logic Combining SDP for two theories

29 – 29 – Combining SDPs for two theories Extend Nelson-Oppen method for combining decision procedures for two theories T 1, T 2 [Nelson, Oppen TOPLAS 79] The decision procedures communicate via equalities over shared variables Given SDP 1 and SDP 2 for theories T 1, T 2 Disjoint signatures, convex theories Each theory generates derivations of all equalities between variables Complexity of the resultant SDP (for T 1 T 2 ) only increases linearly in the number of variables

30 – 30 – Combining SDP for two theories SDP 1 SDP 2 SDP 1 { x=y } G1G1 G2G2 G1G1 N : number of shared variables

31 – 31 – Combining SDP for theories Combined SDP for EUF + DIFF Pseudo Polynomial complexity Important fragment of most program verification queries (especially in SLAM)

32 – 32 – SDP to Predicate Abstraction Output of SDP is an Expression DAG Represents F P (e) Can be used directly to construct Boolean programs (with intermediate variables) To compute explicit expression for F P (e) Construct a Binary Decision Diagram (BDD) from SDP, and enumerate prime-implicants BDDs crucial for exploiting the shared representation

33 – 33 – Evaluation SLAM benchmarks Generated 665 predicate abstraction queries from device driver verification Decision Procedure (Zapato) based approach: 27904sec SDP based approach: 273s 100X speedup

34 – 34 – Challenges SDP for other interesting theories and combinations Non-convex theories Theory of pointers Incremental SDPs Useful for combining SDPs Output sensitive predicate abstraction? Complexity is polynomial in the number of minterms in the output

35 – 35 – Conclusion Predicate abstraction via symbolic decision procedures Polynomial algorithms for useful theories Modular combination of Symbolic Decision Procedures for theories Can design SDP for each theory in isolation Simple prototype implementation Promising results on SLAM queries

36 – 36 – Overview of the talk Two approaches to predicate abstraction Symbolic Decision Procedures Satisfiability Modulo Theory (SMT) based Symbolic decision procedures (SDP) [Lahiri, Ball, Cook CAV05] SMT-based predicate abstraction Eager [Lahiri, Bryant, Cook CAV03] DPLL(T) based [Lahiri, Oliveras, Nieuwenhuis CAV06]Results Challenges ahead

37 – 37 – SMT-based predicate abstraction

38 – 38 – Satifiability Modulo Theories (SMT) SMT Decide satisfiability of a (ground) first-order formula with respect to a background theory T Example (EUF) g(a) = c (f(g(a)) f(c) g(a) = d) c dSMT-solvers Leverages efficient Boolean search of Boolean satifiability (SAT) solvers

39 – 39 – SMT for predicate abstraction Input A formula, a set of predicates P over a theory TOutput G P ( ): External predicate cover of Same as F P ( ) Main Idea Main Idea [Lahiri et al. CAV03, Clarke et al. FMSD 04] Introduce fresh Boolean variables B = { b 1,.., b n } Construct the formula ( i ( b i P i )) Enumerate all the models over B

40 – 40 – Eager SMT techniques Methodology Translates a (ground) formula into equisatisfiable Boolean formula Use off-the-shelf SAT solvers to check the satisfiability Equisatisfiable Translation ( X, B ) ( X, B ) bool ( A, B ) bool ( A, B ) Variables introduced during translation

41 – 41 – Predicate abstraction using eager SMT techniques Methodology [Lahiri, Bryant, Cook CAV03] Translates a (ground) formula into Boolean formula Use off-the-shelf BDD or SAT solvers to perform AllSAT over B Implemented in UCLID Uses SATQE (Kroening) Equisatisfiable Translation ( i ( b i P i )) bool ( A, B ) bool ( A, B ) Equisatisfiable Translation + Preserves solutions over Boolean variables Variables introduced during translation

42 – 42 – Advantage over explicit approach Single Call to SAT-based Quantification Engine Removes exponential number of calls to theorem prover Learning in Incremental SAT Retains conflict clauses across different solutions Each theorem prover calls is independent Leverage future advances in SAT Without any change to the framework

43 – 43 – Evaluation Compared with a black-box decision procedure based approach Das, Dill and Park, CAV99 SLAM benchmarks Device driver verification Eager SMT technique improves 50-100X on many benchmarks Distributed protocol verification (UCLID) Lahiri, Bryant VMCAI04 Decision procedure (SVC/CVC) unable to finish on most examples

44 – 44 – Lazy SMT techniques Integrate a theory T-solver with SAT solver Lazily rule out T-inconsistent Boolean models using theory solver CVC-Lite, Verifun, MathSAT, Barcelogic,… Barcelogic Tool R. Nieuwenhuis and A. Oliveras CAV05 Optimizations (based on DPLL(T)) Check partial Boolean models for T-inconsistency Upon T-inconsistency, use the explanation as a conflicting clause and perform backjump Theory (unit) propagation to generate implied facts

45 – 45 – Predicate abstraction using lazy methods Lahiri, Nieuwenhuis, Oliveras CAV06 Enumerate all the models over B for [] [ ( i ( b i P i )) ] while is T-satisfiable do M := T-model for using SMT-solver M := project M onto B Consider M as a conflicting clause Perform conflict analysis to generate backjump clause Optionally add backjump clause Backjump and continue return all models over B

46 – 46 – Experimental results SLAM benchmarks ~5seconds on 665 benchmarks > 100X improvement on SDP based approach Hardware and protocol benchmarks Hardware and protocol benchmarks [UCLID] 7 set of benchmarks 22X – 143X improvement over Eager-SMT based approach Linked list verification Linked list verification [Lahiri, Qadeer POPL06] 4 set of benchmarks 31X – 40X improvement over Eager-SMT based approach SDP-based technique not applied on the latter two classes Need support for (sound) quantifier-reasoning

47 – 47 – Hardware and protocol benchmarks Theory propagation crucial for benchmarks with arithmetic Theory propagation crucial for benchmarks with arithmetic E.g. 17X slowdown in OOO without it Reusing lemmas and clauses improves 1.5X – 3X on most examples Reusing lemmas and clauses improves 1.5X – 3X on most examples BenchmarksPredsEager(secs)Lazy(secs) # minterms # cubes Aodv216574.62916458 Bakery3224511426294 BRP223.50.13024 Cache_ibm16341.3326123 Cache_ibm22611192322381022 Dlx2333513308082704 OOO259213610728242 # cubes: Number of prime-implicants in the BDD for the minterms

48 – 48 – Incremental refinement of approximations

49 – 49 – Questions?

50 – 50 –

51 – 51 – Overview Predicate Abstraction Symbolic Decision Procedures (SDP) Predicate abstraction SDP for Equality Logic Combining SDP for two theories Implementation and Results Related Work

52 – 52 – Zap Overview [Ball, Lahiri, Musuvathi] Many automated program analysis tools require symbolic reasoning e.g. Unit-testing, model checking, static analysis, … Support symbolic operations for such tools Support richer operations, apart from validity checking Support useful theories for program analysis Leverage advances in SAT solving and theorem proving Zap theorem prover MUTT unit-testing Zing model checking Boogie static analysis SLAM/SDV

53 – 53 – Symbolic Reasoning for Automated Software Analysis Validity / Satisfiability Validity / Satisfiability Model generation Model generation Useful in test case generation Quantifier elimination Quantifier elimination Image operation in model checking Abstract interpretation operations Abstract interpretation operations abstract transformers, join, widen Interpolants Interpolants For abstraction-refinement

54 – 54 – Interesting Theories Theories Equality with uninterpreted functions (EUF) Linear Arithmetic Arrays Bounded Integers Lists Sets Combine the symbolic operations for different theories

55 – 55 – Symbolic Reasoning for Automated Software Analysis Validity / Satisfiability Validity / Satisfiability Model generation Model generation Useful in test case generation Quantifier elimination Quantifier elimination Image operation in model checking Abstract interpretation operations Abstract interpretation operations abstract transformers, join, widen Interpolants Interpolants For abstraction-refinement

56 – 56 – F P ( ) F P ( )

57 – 57 – Evaluation SLAM benchmarks Generated 665 predicate abstraction queries from device driver verification Decision Procedure based approach: 27904sec SDP based approach: 273s 100X speedup Synthetic benchmark Comparison with UCLID More than 100X speedup

58 – 58 – Related Work Decision Procedure Based Calls a decision procedure to check implication with each minterm [Das & Dill], [Saidi & Shankar],… Boolean Quantifier Elimination Based [Lahiri, Bryant, Cook, CAV 03, Clarke et al., FMSD 04] Performs predicate abstraction by quantifier elimination Reduces restricted first-order quantifier elimination to Boolean quantifier elimination

59 – 59 – Experimental Setup Symbolic Method Incremental SAT-based method SATQE : Simple extension to Zchaff »Built by Daniel Kroening at CMU Explicit Method Algorithm of Das, Dill & Park, CAV99 Avoids exponential worst case in many cases in practice Uses SVC as a decision procedure Device Driver Benchmarks from SLAM Toolkit Ball and Rajamani, MSR Queries during C Boolean Program construction

60 – 60 – Evaluation on SLAM-benchmarks BDD based approach worse than SAT on larger benchmarks BDD based approach worse than SAT on larger benchmarks Example#Preds Explicit Explicit Symbolic Symbolic #CallsTime(sec) #Prop- vars SAT-based time (sec) Dr.1019>7576>10001159.9 Dr.1320>7351>100023444.7 Dr.1523>7237>100033668.2 Dr.171530415071056.1 Dr.31320233551257.0

61 – 61 – Symbols

Download ppt "Efficient SAT-based Techniques for Predicate Abstraction Efficient SAT-based Techniques for Predicate Abstraction Shuvendu K. Lahiri Joint work with Thomas."

Similar presentations

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
1 A B C 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52.

1 A B C
Simplifications of Context-Free Grammars

Simplifications of Context-Free Grammars
Variations of the Turing Machine

Variations of the Turing Machine
PDAs Accept Context-Free Languages

PDAs Accept Context-Free Languages
ALAK ROY. Assistant Professor Dept. of CSE NIT Agartala

ALAK ROY. Assistant Professor Dept. of CSE NIT Agartala
1 Knowledge and reasoning – second part Knowledge representation Logic and representation Propositional (Boolean) logic Normal forms Inference in propositional.

1 Knowledge and reasoning – second part Knowledge representation Logic and representation Propositional (Boolean) logic Normal forms Inference in propositional.
AP STUDY SESSION 2.

AP STUDY SESSION 2.
1

1
Sequential Logic Design

Sequential Logic Design
Copyright © 2013 Elsevier Inc. All rights reserved.

Copyright © 2013 Elsevier Inc. All rights reserved.
STATISTICS HYPOTHESES TEST (I)

STATISTICS HYPOTHESES TEST (I)
Satisfiability modulo the Theory of Bit Vectors

Satisfiability modulo the Theory of Bit Vectors
David Burdett May 11, 2004 Package Binding for WS CDL.

David Burdett May 11, 2004 Package Binding for WS CDL.
Create an Application Title 1Y - Youth Chapter 5.

Create an Application Title 1Y - Youth Chapter 5.
CALENDAR.

CALENDAR.
The 5S numbers game..

The 5S numbers game..
A Fractional Order (Proportional and Derivative) Motion Controller Design for A Class of Second-order Systems Center for Self-Organizing Intelligent.

A Fractional Order (Proportional and Derivative) Motion Controller Design for A Class of Second-order Systems Center for Self-Organizing Intelligent.
Media-Monitoring Final Report April - May 2010 News.

Media-Monitoring Final Report April - May 2010 News.
Chapter 7: Steady-State Errors 1 ©2000, John Wiley & Sons, Inc. Nise/Control Systems Engineering, 3/e Chapter 7 Steady-State Errors.

Chapter 7: Steady-State Errors 1 ©2000, John Wiley & Sons, Inc. Nise/Control Systems Engineering, 3/e Chapter 7 Steady-State Errors.

Similar presentations

Ads by Google