Presentation is loading. Please wait.

Presentation is loading. Please wait.

Carnegie Mellon University A View from the Engine Room: Computational Support for Symbolic Model Checking Randal E. Bryant.

Published byChristian Owens Modified over 10 years ago

Similar presentations

Presentation on theme: "Carnegie Mellon University A View from the Engine Room: Computational Support for Symbolic Model Checking Randal E. Bryant."— Presentation transcript:

1 Carnegie Mellon University A View from the Engine Room: Computational Support for Symbolic Model Checking http://www.cs.cmu.edu/~bryant Randal E. Bryant

2 – 2 – 25MC Outline Boolean Reasoning as Engine for Model Checking BDDs & SAT An Evaluation of SAT Current capabilities & limitations Making further progress Beyond SAT Enhancing DPLL to do more than find single solution

3 – 3 – 25MC The Origins of Symbolic Model Checking 1987 notes by Ken McMillan Backward traversal of Petri net state space Realized that reachability could be performed via symbolic Boolean manipulation

4 – 4 – 25MC Role of Boolean Manipulation in MC Contributions of BDDs to Model Checking Separate problem from implementation BDDs provide clean API to model checker Performed well for many examples The Emergence of SAT Initially for bounded model checking [Biere, et al., 96] More recently for full model checking SAT enumeration [McMillan 02] Interpolation-based abstraction-refinement [McMillan 03] Important Point Advances in Boolean manipulation drive progress in model checking

5 – 5 – 25MC Recent Progress in SAT Solving

6 – 6 – 25MC Conventional Wisdom on SAT BDDs vs. DPLL DPLL better than BDDs for straight SAT Especially problems with large numbers of variables Best Research Strategy is to Keep Refining DPLL Certainly has lead to big improvements!Claim This wisdom is overly simplistic

7 – 7 – 25MC Comparing Parity Trees Compare linear chain of XORs to randomly trees Known hard problem for resolution-based SAT solvers 16 n-input trees for different values of n

8 – 8 – 25MC Parity: Exhaustive Testing Testing 10 9 cases is no big deal

9 – 9 – 25MC Parity: DPLL (ca. 2002 Limmat) Known difficult problem for DPLL

10 – 10 – 25MC Parity: DPLL (MiniSAT) Recent SAT solvers have made remarkable progress

11 – 11 – 25MC Parity: BDDs Trivial problem for BDDs

12 – 12 – 25MC Associativity Testing Typical of arithmetic verification problems Evaluate for different argument word sizes int addL (int x, int y, int z) { return (x+y)+z; } int addR(int x, int y) (int x, int y, int z) { return x+(y+z); } ?=?= int mulL (int x, int y, int z) { return (x*y)*z; } int mulR(int x, int y) (int x, int y, int z) { return x*(y*z); } ?=?=

13 – 13 – 25MC Associativity of Addition Easy for BDDs Recent DPLL handle readily

14 – 14 – 25MC Associativity of Multiplication BDDs better than DPLL

15 – 15 – 25MC Associativity of Multiplication Both worse than exhaustive

16 – 16 – 25MC Progress in SAT Research Evolution of DPLL Incremental advances yielding more than incremental improvements Encourages continued incrementingDownside Gene pool of SAT solvers diminishing All use DPLL, nonchronological backtracking, 2-literal watching … New approaches must overcome high performance standardClaim We need to be looking beyond incremental changes

17 – 17 – 25MC Breaking Free Raise the Bar on Benchmarks Identify challenge benchmarks Examples Arithmetic problems Breaking cryptosystems or secure hashes Combinatorial optimization Parameterize to allow scaling analysis Acknowledge Value of Niche Solvers Dont worry about problems that current solvers handle well

18 – 18 – 25MC BDD/DPLL Hybrids Very Different Approaches DPLL: Search for one solution from top down BDDs: Encode all solutions from bottom up Significant Recent Effort BDD preprocessing for SAT solver [Jin & Somenzi, 04] DPLL on ZDD-represented clause sets [Aloul, et al., 01] Satisfy conjunction of BDDs [Damiano & Kukula, 03, Franco et al., 04]Evaluation Incomplete Can help when one approach (BDD / DPLL) much better than other But what about problems that neither does well?

19 – 19 – 25MC Beyond SAT Dealing With Quantifiers DPLL as QBF solver has had limited success Strength for BDDs Especially with deep, alternating quantifier nesting E.g., model checkingUnsatisfiability Impressive progress on generating proofs and unsat cores Using scaffolding from DPLL Many applications E.g., refinement steps in model checking No counterpart with BDDs

20 – 20 – 25MC Challenge Problem: Quantifier Elimination Core Problem For Model Checking Bit-level: Relational product Predicate abstraction Flanagan & Qadeer, 02, Lahiri, Bryant, Cook, 03Methods BDDs: quantifier elimination Use early quantification DPLL: SAT enumeration Plaisted, 00, Gupta, et al., 00, McMillan 02, Clarke et al., 03 F............ X Y G...... Y G = X F

21 – 21 – 25MC Quantifier Elimination Example Example from Predicate Abstraction Lahiri, Bryant, Cook, 03 G = X F Current state variables X Next state variables Y xxxxxx [( x 1 x 2 x 3 x 4 x 5 x 6 ) xxxxxx ( x 1 x 2 x 3 x 4 x 5 x 6 ) ] Current State x 1, x 2, x 3, x 4, x 5, x 6 Transition Constraints xyyyxxy ( x 2 y 2 ) ( y 2 y 1 ) ( x 4 x 6 y 1 ) xyxy x 3 y 4 x 4 y 3 xyxy x 5 y 6 x 6 y 5

22 – 22 – 25MC 101010010101 101010100101 100101101010 x1x1 x2x2 x3x3 x4x4 x5x5 x6x6 y1y1 y2y2 y3y3 y4y4 y5y5 y6y6 101010000101 Set Enumeration Run SAT checker over formula Generate blocking clause for each newly generated element ( y 1 y 2 y 3 y 4 y 5 y 6 ) xxxxxx [( x 1 x 2 x 3 x 4 x 5 x 6 ) xxxxxx ( x 1 x 2 x 3 x 4 x 5 x 6 ) ] xyyyxxy ( x 2 y 2 ) ( y 2 y 1 ) ( x 4 x 6 y 1 ) xyxy x 3 y 4 x 4 y 3 xyxy x 5 y 6 x 6 y 5

23 – 23 – 25MC y1y1 y2y2 y3y3 y4y4 y5y5 y6y6 000101 010101 100101 101010 Compressing Set Representation Disjunct set elements to form BDD Extract prime implicants from BDD Experience: 10X reduction in number of terms BDD Rep. y1y1 y2y2 y3y3 y4y4 y5y5 y6y6 0*0101 *00101 101010

24 – 24 – 25MC SAT Enumeration Observations Performance Better than BDDs when |X| >> |Y| Only have to enumerate for unique assignments to YImprovements Attempt to enlarge solution as enumerate [McMillan 02] Build into DPLL search loop Lahiri, Nieuwenhuis, Oliveras, 06 Handle successful cases similarly to failures Make solver stop before it assigns values to all variables Implemented?Observation Enumerative methods seem inelegant

25 – 25 – 25MC Conclusions 25MC = 20OBDD Boolean methods have driven much of the progress in model checking BDDs & SAT SAT Progress Impressive, but still room for improvement Beyond SAT Quantifiers Unsatisfiability

26 Comments?

Download ppt "Carnegie Mellon University A View from the Engine Room: Computational Support for Symbolic Model Checking Randal E. Bryant."

Similar presentations

Model Checking Base on Interoplation

Model Checking Base on Interoplation
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
- 1 - Using an SMT Solver and Craig Interpolation to Detect and Remove Redundant Linear Constraints in Representations of Non-Convex Polyhedra Christoph.

- 1 - Using an SMT Solver and Craig Interpolation to Detect and Remove Redundant Linear Constraints in Representations of Non-Convex Polyhedra Christoph.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
Chapter 1 Image Slides Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Chapter 1 Image Slides Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
SAT-based Bounded and Unbounded Model Checking Edmund M. Clarke Carnegie Mellon University Joint research with C. Bartzis, A. Biere, P. Chauhan, A. Cimatti,

SAT-based Bounded and Unbounded Model Checking Edmund M. Clarke Carnegie Mellon University Joint research with C. Bartzis, A. Biere, P. Chauhan, A. Cimatti,
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Satisfiability modulo the Theory of Bit Vectors

Satisfiability modulo the Theory of Bit Vectors
Analysis of Algorithms

Analysis of Algorithms
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
Addition Facts 1 - 20.

Addition Facts
Formal Models of Computation Part II The Logic Model

Formal Models of Computation Part II The Logic Model
31.03.2011-ZMQS- 1. 2 31.03.2011 -ZMQS- 3 31.03.2011.

ZMQS ZMQS
Robust Window-based Multi-node Technology- Independent Logic Minimization Jeff L.Cobb Kanupriya Gulati Sunil P. Khatri Texas Instruments, Inc. Dept. of.

Robust Window-based Multi-node Technology- Independent Logic Minimization Jeff L.Cobb Kanupriya Gulati Sunil P. Khatri Texas Instruments, Inc. Dept. of.
Sep 16, 2013 Lirong Xia Computational social choice The easy-to-compute axiom.

Sep 16, 2013 Lirong Xia Computational social choice The easy-to-compute axiom.
ABC Technology Project

ABC Technology Project
1 Designing Hash Tables Sections 5.3, 5.4, 5.5. 2 Designing a hash table 1.Hash function: establishing a key with an indexed location in a hash table.

1 Designing Hash Tables Sections 5.3, 5.4, Designing a hash table 1.Hash function: establishing a key with an indexed location in a hash table.
Ideal Parent Structure Learning School of Engineering & Computer Science The Hebrew University, Jerusalem, Israel Gal Elidan with Iftach Nachman and Nir.

Ideal Parent Structure Learning School of Engineering & Computer Science The Hebrew University, Jerusalem, Israel Gal Elidan with Iftach Nachman and Nir.

Similar presentations

Ads by Google