Presentation is loading. Please wait.

Presentation is loading. Please wait.

7/13/2003BMC 20031 A SAT-Based Approach to Abstraction Refinement in Model Checking Bing Li, Chao Wang and Fabio Somenzi University of Colorado at Boulder.

Published byAmos Hubbard Modified over 8 years ago

Similar presentations

Presentation on theme: "7/13/2003BMC 20031 A SAT-Based Approach to Abstraction Refinement in Model Checking Bing Li, Chao Wang and Fabio Somenzi University of Colorado at Boulder."— Presentation transcript:

1 7/13/2003BMC 20031 A SAT-Based Approach to Abstraction Refinement in Model Checking Bing Li, Chao Wang and Fabio Somenzi University of Colorado at Boulder

2 7/13/2003BMC 20032 Background Symbolic Model Checking –BDD-based fix-point, good for prove and disprove [Burch et al. 1990] –CNF-based BMC, only good for disprove [Biere et al. 1999] –Use CNF/SAT to prove properties Replace BDD with CNF in fix-point computation –[Abdulla et al. 2000] [Williams et al. 2000] [McMillan 2002] Develop better termination criteria for BMC –Simple path [Sheeran et al. 2000], reverse seq. depth [McMillan CAV’03] Abstraction and Refinement [Kurshan 1994] –BDD + BDD …[Clarke et al. 2000] [Barner et al. 2002]… –BDD + ATPG/SAT [Wang et al. 2001] [Clarke et al. 2002] [Chauhan et al. 2002] [Wang et al. 2003] [McMillan and Amla 2003] –SAT + SAT ? In this paper

3 7/13/2003BMC 20033 An Example BMC is good at bug-hunting, but not good at proving –Longest simple path [Sheeran et al.] (n+1) for forward (n/2) for backward –Reverse seq. depth [McMillan] (n/2) How may abstraction help? –On the abstract model Longest simple path is 3 Reverse sequential depth is 1 –(No guarantee, though!) AC B0B0 B n-1 D0D0 D n-1 ca d1d1 d0d0 b1b1 b0b0

4 7/13/2003BMC 20034 Our Approach -- PureSAT Initial AbstractionstartRefinement SAT on ConcreteFalse CEX SAT on AbstractionTrue no simple path What to expect ? - Win on large/complex abstract models -Complement BDD+SAT (not beat it) -(These conjectures are supported by our experimental results) Eventually, - Switch between PureSAT and BDD+SAT, based on what kind of model we are dealing with and what stage of the proof we are in

5 7/13/2003BMC 20035 Preliminaries Model as an open system  =  V,W,I,T  –I(V): initial states predicate –T(V,W,V’): transition relation (conjunction of gate relations) –P(V): invariant property  linear-time safety property Important concepts –S is reachable in k steps from S’ iff –S and S’ are connected by a simple path of length k iff

6 7/13/2003BMC 20036 Prove/disprove Invariants For each k  N, try to –Disprove  find such a path –Prove  termination criteria –by checking longest simple path I ¬p¬p I States are pair-wise disjoint

7 7/13/2003BMC 20037 Prove/disprove Invariants (cont’d) For each k  N, try to –Disprove  find such a path [Biere et al.] (path from I to ¬P exists) –Prove  termination criteria –by checking longest simple path [Sheeran et al.] (simple path from I exists) (simple path to ¬P exists)

8 7/13/2003BMC 20038 Abstraction Bounded concrete model  bounded abstract model

9 7/13/2003BMC 20039 Abstraction (cont’d) (Over-approximated) abstraction –. Conservative results –True positive –False negative

10 7/13/2003BMC 200310 PureSAT Algorithm boolean PureSAT( ,P ) { 1 L = 0; 2 = CreateInitialAbstraction( ,P ) 3while ( ) { 4 if (!ExistSimplePath( )) 5 return TRUE; 6 if (ExistCex( )) { 7 if (ExistCex( ,P,L )) 8 return FALSE; 9 refinement = GetRefinementFromCA( ); 10 = AddRefinementToAbsModel(, refinement); 11 } 12 L=L+1; 13}

11 7/13/2003BMC 200311 Refinement – problem statement Satisfiable (abstract) Un-satisfiable (concrete) Un-satisfiable (refined) Refinement set

12 7/13/2003BMC 200312 Refinement – UNSAT proof Related algorithms -Compute UNSAT proof/core [Goldberg and Novikov 2003] [Zhang and Malik 2003] - Traverse conflict dependency graph [Chauhan et al. 2002] Our approach -Find the state variables appearing in the conflict dependency graph -Be cautious: Not all of them are necessary for the refinement -For example: Add “V4”; don’t add “V11”! v4 v11

13 7/13/2003BMC 200313 Refinement – gradually adding variables UNSAT core is neither minimum, or minimal But we want the refinement set as small as possible (heuristics) -Gradually adding variables to the refinement set, until it becomes “sufficient” -Add v4 and v5 -If still not sufficient, add v6 -Then, greedily minimize the refinement set v4 v5 v6

14 7/13/2003BMC 200314 Refinement Minimization Greedily dropping redundant variables, one at a time - Drop a variable v, and check again (abs. Counter-examples? ) - If still UNSAT, v is redundant. Otherwise, add v back. - The order of this testing is important; we rank the variables first Relative correlation of v to the abstract model where N common is the number of gates under v that are also in the abstract model N v is the total number of gates under v V4 V5 within one time step

15 7/13/2003BMC 200315 Comparison to Existing Methods Comparison to [Chauhan et al. 2002] - Common 1.Traversal of the conflict dependency graph 2.Refinement minimization - Difference 1.Length-L Cex vs. Prefix of a single Cex (up to the “failure index” step) 2.V refinement from all time steps vs. from the failure index time step 3.Minimization based on “relative correlation” of each variable vs. didn’t Comparison to [McMillan and Amla 2003] - Common 1.Both kill all the Cex in the (unconstrained) BMC instance - Difference 1.A refinement set (incremental) vs. a whole new abstraction (from scratch) - Length-L Cex vs. Cex with (potentially) multiple lengths (  L) - Refinement Minimization to control size vs. didn’t 2.SAT+SAT vs. BDD+SAT

16 7/13/2003BMC 200316 Experimental Setup We compared PureSAT to the following algorithms 1.BMC: An implementation of BMC [Biere et al. 1999] 2.SSS: BMC extended with the checks for simple path [Sheeran et al. 2000] 3.Grab: An Abstraction Refinement algorithm with BDD+SAT [Wang et al. 2003] All are implemented in VIS-2.0, with CUDD and zChaff Run on an 1.7GHz Pentium 4 / 2GB of RAM 26 test cases (verilog models + safety properties) - 19 from industry - 6 from VIS verification benchmarks [ http://vlsi.colorado.edu/~vis] - 1 model, called “lsp” (with a true property) - 12-latch model, 1057 reachable states (longest simple path is of length 1056) BMC and SSS failed to prove it (as expected) Grab proved it in 1 second (as expected) PureSAT proved it in 1 second

17 7/13/2003BMC 200317 Experimental Results

18 7/13/2003BMC 200318 Conclusions and Future Work Conclusions * PureSAT is competitive and promising - For passing properties, PureSAT is better than both BMC and SSS - For failing properties, BMC is the best, PureSAT is better than Grab - PureSAT tends to win on large/complex abstract models * For PureSAT and Grab, the two sets of failures are disjoint Future Work * The major problem is still on the termination detection - Use an incremental SAT solver to carry more information from the abstraction to the concrete model - Adopt techniques like [Kang and Park 2003] [McMillan CAV’2003] on the abstraction

Download ppt "7/13/2003BMC 20031 A SAT-Based Approach to Abstraction Refinement in Model Checking Bing Li, Chao Wang and Fabio Somenzi University of Colorado at Boulder."

Similar presentations

Model Checking Base on Interoplation

Model Checking Base on Interoplation
Automated abstraction refinement II Heuristic aspects Ken McMillan Cadence Berkeley Labs.

Automated abstraction refinement II Heuristic aspects Ken McMillan Cadence Berkeley Labs.
The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.

The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.
Exploiting SAT solvers in unbounded model checking

Exploiting SAT solvers in unbounded model checking
Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.

Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)

SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)
Proofs from SAT Solvers Yeting Ge ACSys NYU Nov 20 2007.

Proofs from SAT Solvers Yeting Ge ACSys NYU Nov
Aaron Bradley University of Colorado, Boulder

Aaron Bradley University of Colorado, Boulder
Towards More Efficient SAT-Based Model Checking Joao Marques-Silva Electronics & Computer Science University of Southampton LAA C&V Workshop, Isaac Newton.

Towards More Efficient SAT-Based Model Checking Joao Marques-Silva Electronics & Computer Science University of Southampton LAA C&V Workshop, Isaac Newton.
SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB.

SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB.
© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University.

© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University.
Reduction of Interpolants for Logic Synthesis John Backes Marc Riedel University of Minnesota Dept.

Reduction of Interpolants for Logic Synthesis John Backes Marc Riedel University of Minnesota Dept.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Proof-based Abstraction Presented by Roman Gershman Ken McMillan, Nina Amla.

Proof-based Abstraction Presented by Roman Gershman Ken McMillan, Nina Amla.
Abstractions. Outline Informal intuition Why do we need abstraction? What is an abstraction and what is not an abstraction A framework for abstractions.

Abstractions. Outline Informal intuition Why do we need abstraction? What is an abstraction and what is not an abstraction A framework for abstractions.
On-The-Fly Resolve Trace Minimization Ohad Shacham and Karen Yorav IBM Haifa Research Laboratory.

On-The-Fly Resolve Trace Minimization Ohad Shacham and Karen Yorav IBM Haifa Research Laboratory.
Bounded Model Checking EECS 290A Sequential Logic Synthesis and Verification.

Bounded Model Checking EECS 290A Sequential Logic Synthesis and Verification.
Sanjit A. Seshia and Randal E. Bryant Computer Science Department

Sanjit A. Seshia and Randal E. Bryant Computer Science Department
Formal Verification Group © Copyright IBM Corporation 2008 IBM Haifa Labs SAT-based unbounded model checking using interpolation Based on a paper “Interpolation.

Formal Verification Group © Copyright IBM Corporation 2008 IBM Haifa Labs SAT-based unbounded model checking using interpolation Based on a paper “Interpolation.

Similar presentations

Ads by Google