Presentation is loading. Please wait.

Presentation is loading. Please wait.

Evidence-Based Verification Li Tan Computer Science Department Stony Brook Joint work with Rance Cleaveland Nov. 2002.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Evidence-Based Verification Li Tan Computer Science Department Stony Brook Joint work with Rance Cleaveland Nov. 2002."— Presentation transcript:

1 Evidence-Based Verification Li Tan Computer Science Department Stony Brook Joint work with Rance Cleaveland Nov. 2002

2 Evidence-Based Verification Outline Part I. Evidence-based Verification. 1. Motivations. 2. The general framework. 3. Applications. Part II. Evidence-based Model Checking. 1. Introducing support set as checker-independent evidence. 2. Extracting support set from existing checkers. 3. Post-model-checking analysis based on support sets. 1. Efficiently certifying model-checking result. 2. Generating the diagnostic information. 3. Evaluating the quality of model-checking process. 4. Prototype work on the Concurrency Workbench (CWB-NC).

3 Evidence-Based Verification Automatic Verification Verification algorithm (checker) decides in a fully automatic fashion whether or not a transition system satisfies a property. A simple "Yes/No" may not satisfy users. Why does my design go wrong [CGMZ95]? Could my design satisfy the property trivially [KV99]? Can I trust the verification result [Nam01]?

4 Evidence-Based Verification Understanding the verification result To answer these questions, users may demand, 1. Diagnostic information. A diag. routine usually reuse the proof already computed by a checker, 1. Implementation requires the understanding of checkers. 2. Migrating a diag. routine onto a different checker requires changes on both diag. routine and checker. 3. Proof used for one diagnostic schema may not be suitable for a different schema. 2. Measurement on how well a system has been checked. 3. Evidence to support verification result. Currently we lack of the proof of correctness which is, 1. Independent of the checker, and 2. Able to be verified efficiently.

5 Evidence-Based Verification Checker 1Checker n Verifier Diagnostic schema 1..k Invalid Proof Checker 2 Certification of result Evaluating verification process … … Let the result carry its own certifiable and check- independent proof Portable Proof of Correctness

6 Evidence-Based Verification The general framework Defining abstract proof structures (APS). APS encodes the proof structures of different checkers in a standard form. APS may be used as the certification for correctness of result. APS is rich enough to support a variety of analyses, while still abstract enough to save the space. APS can be verified independently and efficiently. Extracting APS from existing checkers. Extraction should NOT compromise the complexities of checkers. Utilizing support set to perform diagnoses. Certifying verification result. Generating diagnostic information. Measuring the quality of verification process

7 Evidence-Based Verification Part II. Evidence-based Model Checking: An introduction by case study s0s0 b a,b s1s1 s2s2 T

8 Evidence-Based Verification Boolean Equation System=Temporal Property+Transition System

9 Evidence-Based Verification Dependency relation 1/2 ! is a dependency relation supporting an evaluation V for the variables in E if, 1. (Locally sound) for each  i v i =f i, v i is true (false) in V ) {v’|v ! v i } includes a disjunct (conjunct) of f i. 2. (Self contained) v i ! … ! v j ) v j ! v k for some v k,, or v j ’s value is obvious (  v j = true or  v j =false). 3. (Good/Bad loops) a true (false) variable in V j can NOT be in any bad (good) loop. 1. A loop is good (bad) if the shallowest variable is a greatest (least) fixpoint variable.

10 Evidence-Based Verification Dependency relation 2/2 Theorem 1. there exists an dependency relation ! V supporting an evaluation V for E, V is the solution of V. V and ! V may be used as the evidence for the solution of E, but are they also a good choice for model- checking problem encoded in E ? 1. Redundancy in ! V and V, For model-checking problem h s 0, X 0 i ?, 1. Only part of ! V reachable from h s 0, X 0 i is interesting. 2. All the variables in the “interesting” part of ! V share the same value in V 1. ) V can be reduced to a single value. 2. Finding a concise representation for encoding the “interesting” part of ! V.

11 Evidence-Based Verification Support Set

12 Evidence-Based Verification Support Set

13 Evidence-Based Verification Boolean Equation System=Temporal Property+Transition System

14 Evidence-Based Verification Support Sets (Continue) Support set reflects how a checker “reasons” model- checking problem. By properties 1 and 2, support set implies a fixpoint solution for BES. By property 3, support set respects the semantics of fixpoint operators in BES. Theorem 1 [TanCle02] There exists a support set  =, [ E ](X)=r.

15 Evidence-Based Verification Support sets for other temporal logics Boolean equation system (BES)=transition system + temporal property. Model checkers explicitly or implicitly construct BES. Variables in support set stands for pairs of subformula and state in transition system. Decorated support set, where  =, resolves subformulas and states associated with the variables in  In our example,  T ( h s 0, X 0 i )= s 0 ……   ( h s 0, X 0 i )= AF( : a Æ AG : b) ……

16 Evidence-Based Verification Extracting Support Set The extraction is, practical. Support sets can be extracted from a wide range of existing checkers, Boolean-Graph algorithm [And92], Linear Alternation- Free algorithms[CleSte91], On-the-fly algorithms for full  -calculus LAFP [LRS98] and SLP [TanCle02b], Automaton-based model checkers([BhaCle96a] and [KVW00]). efficient. The overhead doesn't affect the original complexities of these checkers. simply. We only need to record the immediate dependency of variables.

17 Evidence-Based Verification Application I: Certifying model-checking results Checking (a) and (b) can be done in linear time. Checking (c) can be reduced to even- loop problem (a O(n log ad) problem[KKV01]). Model checking is a NP Å co-NP problem [EmeJutSis93]. The cost of certifying results < The cost of model checking.

18 Evidence-Based Verification Application II: Generating Tree-like Counterexample [CJLV02] Step 1: Presenting support set as a graph h s 0, X 0 i h s 0, X 1 i h s 0, X 2 i h s 2, X 0 i h s 1, X 0 i h s 1, X 1 i h s 1, X 2 i h s 0, X 3 i h s 0, : b i h s 1, : a i h s 2, X 1 i h s 2, X 2 ih s 2, X 3 ih s 2, X 4 ih s 1, X 3 ih s 1, : b i X 4 =[-] X 3  X 1 =[-] X 0

19 Evidence-Based Verification Step 2: Labelling the graph h s i, : a i has the label a ( h s i, : a i means s i ² : : a) The label of h s i,X j i will be added to its parent h s i, X i i ‘s label if X i, X j is not connected by a modal operator ([-] or ). h s 0, X 0 i h s 0, X 1 i h s 0, X 2 i h s 2, X 0 i h s 1, X 0 i h s 1, X 1 i h s 1, X 2 i h s 0, X 3 i h s 0, : b i h s 1, : a i h s 2, X 1 i h s 2, X 2 ih s 2, X 3 ih s 2, X 4 ih s 1, X 3 ih s 1, : b i b b b b a b a b a

20 Evidence-Based Verification Step 3: Obtaining a skeletion. Remove those edges which make “no progress” on transition system. Remove h s i, X i i ! h s i, X j i such that X i and X j is not connected by a modal operator. Let h s i, X i i have all the transitions of h s i, X i i. h s 0, X 0 i h s 2, X 0 i h s 1, X 0 i h s 1, X 3 i b a b

21 Evidence-Based Verification Generating Tree-like counterexample 4/4 1. T’ is tree-like [CJLV02] 1. The component graph of T’ is a tree 2. Strongly connected components are cycles 2. T’ ² : AF( : a Æ AG : b) = EG(a Ç EF b) 3. T’ Á T b a b T’ b a,b s1s1 s2s2 T s0s0 Á

22 Evidence-Based Verification Application III: Evaluate the quality of MC A positive result may hide the problem T may pass AG(c ) AF b) trivially because c never occurs in T. Is there the status of a state (Minicoverage [CKV01]) or a subformula (Vacuity [KV99]) irrelevant to the result? Coverage problem of support set. Has support set covered all the states and properties?

23 Evidence-Based Verification Evaluate the quality of Model-checking process (Cont.) 1. The support set for s 0 ² AG(c ) AF b) is like, 2. AF b is not covered ) AF b is not checked.

24 Evidence-Based Verification Furture Work I: A Client-Server Model for model checking Server: checkers Inputting system and properties encoded in some temporal logic. Outputting support set. Client: user interface, diagnostic generation, and evidence-verifier. Design Systems and Properties Abstract Proof Structures

25 Evidence-Based Verification Future Work II: Proof-Carrying Code Mobile code [Nec97] carries its own proof attesting to its safeness. Currently compilers are modified to produce the proof for a predefined set of safety rules. Integrate support-set-ready model checkers with compilers. Certifying compiler enjoys the richness of temporal logics.

26 Evidence-Based Verification A Prototype on CWB-NC

27 Evidence-Based Verification Conclusion C heckers produce abstract proof structures as evidence. Support set provides the portable evidence for justifying model-checking result. Extracting support set won't affect the complexities of checkers. Applications of support set. Efficiently certifying the model-checking result. Evaluating the quality of model-checking process. Generating a wide range of diagnostic information. APSs are defined for Model checking, Equiv. checking, and Preordering Checking.

28 Evidence-Based Verification Related Work Mateescu [Mat00] proposed Extended Boolean Graphies(EBG) as the evidence for boolean equation system. The framework works only in alternation-free fragment of  -calculus. Namjoshi [Nam01] proposed a deductive proof as the evidence for  -calculus model checking. The proof need recode the ranking information. Ranking information is not generally available for on-the-fly algorithm, and it costs more space to store this information.

29 Evidence-Based Verification Future Work Applying the framework to symbolic model checking. Essentially support set associates with X a set of variable  (X) as its evidence. Sets can be efficiently encoded in OBDD. Applying the framework to first-order logic model checking. A client-server model for model-checking. Model-checking server takes trans. System and property as input from client, and produces support sets as output. Client generates a variety of diag. Info. from support set. Generating proof-carrying code. Support-set ready model checker can be integrated with the compiler. The support set generated during support-set ready compiler will be translated to the proof for proof-carrying code.

Download ppt "Evidence-Based Verification Li Tan Computer Science Department Stony Brook Joint work with Rance Cleaveland Nov. 2002."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.

Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.

Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.
François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.

François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.
Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.

Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.
Data Abstraction II SWE 619 Software Construction Last Modified, Spring 2009 Paul Ammann.

Data Abstraction II SWE 619 Software Construction Last Modified, Spring 2009 Paul Ammann.
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Evidence-Based Verification Li Tan Computer Science Department Stony Brook Joint work with Rance Cleaveland Augest 2002.

Evidence-Based Verification Li Tan Computer Science Department Stony Brook Joint work with Rance Cleaveland Augest 2002.
CLF: A Concurrent Logical Framework David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins)

CLF: A Concurrent Logical Framework David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins)
1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.

1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.
Evidence-Based Verification Evidence-Based Model Checking Li Tan, Rance Cleaveland Presented by Arnab Ray Computer Science Department Stony Brook July.

Evidence-Based Verification Evidence-Based Model Checking Li Tan, Rance Cleaveland Presented by Arnab Ray Computer Science Department Stony Brook July.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

Similar presentations

Ads by Google