1 / 39

Enhancing SAT-Based Verification: Methods for Countermodel and Reachability Analysis

This document explores advanced SAT-based verification techniques developed by Mary Sheeran at Chalmers University of Technology and Prover Technology AB. It covers key methods including synchronous observers, countermodel generation, debugging error traces, and loop-free contradictions. The paper discusses algorithm enhancements for tightening termination conditions and utilizes lemmas to address induction depth. Additionally, it highlights the use of binary decision diagrams (BDDs) and presents references on various approaches in symbolic model checking, demonstrating the evolving landscape of formal verification methods.

gwylan
Télécharger la présentation

Enhancing SAT-Based Verification: Methods for Countermodel and Reachability Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB

  2. Synchronous Observer ok Program Obs

  3. I B

  4. B I

  5. I B

  6. I B

  7. i I B Satisfying a formula I(s0) and path([s0..si]) and B(si)

  8. I B I B I B I B

  9. If system is bad • Finds a shortest countermodel • Error trace for debugging

  10. I But when can we stop? when i contradictory?

  11. I Not quite, but when i loop-free contradictory

  12. And symmetrically when loop-free B contradictory

  13. I i I B Algorithm 1 i:= 0 i i if not Sat or not Sat B then return True then return error trace if Sat i := i+1 ;

  14. I i I B Tighten termination (Alg. 2) i:= 0 i i if not Sat or not Sat all (not I) all (not B) B then return True then return error trace if Sat i := i+1 ;

  15. Avoid iteration from zero (Alg. 3) i := some constant which can be greater than zero i not (all P) then return error trace if Sat I i+1 i+1 if not Sat or not Sat I all (not I) all (not B) B then return True i:= i+1

  16. Base I

  17. Base I

  18. Step

  19. Step

  20. Base B

  21. Base B

  22. Step

  23. Step

  24. Complete method i := some constant which can be greater than zero i not (all P) then return error trace if Sat I i+1 i+1 if not Sat or not Sat I all (not I) all (not B) B then return True i:= i+1

  25. Strengthen i := some constant which can be greater than zero i not (all P) then return error trace if Sat I i+1 i+1 if not Sat or not Sat I all (not I) all (not B) B then return True i:= i+1

  26. Another way to strengthen • Invent a lemma, L(s) that we believe to hold in the reachable states • Prove Q(s) = P(s) and L(s) • If both P and L hold in the reachable states, this can reduce induction depth

  27. Choosing lemmas? • Domain knowledge • Analysis of the program • Strongest possibility is the characterization of the reachable states • Van Eijk’s method uses relations between signals as lemmas

  28. Reachability analysis • Standard approach to safety property verification using Binary Decision Diagrams (BDDs) • Generate larger and larger subset of the reachable states. Stop when no new states added • Check whether intersects with bad states

  29. Reachability analysis • Standard algorithms can be adapted to use a SAT-solver. • Need to be able to deal with quantifiers in a way that doesn’t just blow up • A fascinating research area!

  30. References (bounded model checking) • A. Biere, A. Cimatti, E.M. Clarke, M. Fujita and Y. Zhu. Symbolic model checking using SAT procedures instead of BDDs. In Proc. 36th Design Automation Conference, 1999. • P. Bjesse, T. Leonard and A. Mokkedem. Finding bugs in an Alpha microprocessor using satisfiability solvers. In Proc. 13th Int. Conf. On Computer Aided Verification, 2001.

  31. References (induction with SAT-solvers) • M. Sheeran, S. Singh and G. Stålmarck. Checking safety properties using induction and a SAT-solver. In Proc. 3rd Int. Conf. On Formal Methods in Computer Aided Design, LNCS, Springer Verlag, 2000. • P. Bjesse and K. Claessen. SAT-based verification without state space traversal. In Proc. 3rd Int. Conf. On Formal Methods in Computer Aided Design, LNCS, Springer Verlag, 2000.

  32. References (SAT-based reachability analysis) • P. A. Abdulla, P. Bjesse and N. Een. Symbolic reachability analysis based on SAT-solvers. In Proc. TACAS’00. • P. F. Williams, A. Biere, E. M. Clarke and A. Gupta. Combining decision diagrams and SAT procedures for efficient symbolic model checking. In CAV’00. • A. Gupta, Z. Yang and P. Ashar, SAT-based image computation with application in reachability analysis for verification. In FMCAD’00.

  33. SAT

  34. BMC IND SAT RA … ARITH

  35. The future? • Increasingly powerful proof engines • Integration in system development tools • Combining different engines or methods (for example BDDs and SAT or interactive and automatic methods) • Use of formal methods in test pattern generation

More Related