abstraction refinement
play

Abstraction-Refinement Edmund M. Clarke School of Computer Science - PowerPoint PPT Presentation

Jan 14, 2023 •346 likes •813 views

Model Checking and Abstraction-Refinement Edmund M. Clarke School of Computer Science Carnegie Mellon University Intel Pentium FDIV Bug Try 4195835 4195835 / 3145727 * 3145727. In 94 Pentium, it doesnt return 0, but 256. Intel

  1. Model Checking and Abstraction-Refinement Edmund M. Clarke School of Computer Science Carnegie Mellon University

  2. Intel Pentium FDIV Bug  Try 4195835 – 4195835 / 3145727 * 3145727. In 94‟ Pentium, it doesn‟t return 0, but 256.  Intel uses the SRT algorithm for floating point division. Five entries in the lookup table are missing.  Cost: $400 - $500 million  Xudong Zhao‟s Thesis on Word Level Model Checking

  3. Temporal Logic Model Checking  Model checking is an automatic verification technique for finite state concurrent systems.  Developed independently by Clarke and Emerson and by Queille and Sifakis in early 1980‟s.  Specifications are written in propositional temporal logic. (Pnueli 77)  Verification procedure is an intelligent exhaustive search of the state space of the design.

  4. Advantages of Model Checking  No proofs!!! (Algorithmic rather than Deductive)  Fast (compared to other rigorous methods such as theorem proving)  Diagnostic counterexamples  No problem with partial specifications  Logics can easily express many concurrency properties

  5. Main Disadvantage State Explosion Problem: 1,0 0,0 1,1 0,1 2-bit counter n-bit counter has 2 n states

  6. Main Disadvantage (Cont.) a 1 n states, || b 2 m processes c 3 1,a n m states 2,a 1,b 2,b 3,a 1,c 3,b 2,c 3,c

  7. Main Disadvantage (Cont.) State Explosion Problem: Unavoidable in worst case, but steady progress over the past 28 years using clever algorithms, data structures, and engineering

  8. LTL - Linear Time Logic (Pn 77) Determines Patterns on Infinite Traces a Atomic Propositions Boolean Operations Temporal operators “a is true now” a “a is true in the neXt state” X a “a will be true in the F uture” Fa “a will be G lobally true in the future” Ga a U b “a will hold true U ntil b becomes true”

  9. LTL - Linear Time Logic (Pn 77) Determines Patterns on Infinite Traces a Atomic Propositions Boolean Operations Temporal operators “a is true now” a X a “a is true in the neXt state” “a will be true in the F uture” Fa “a will be G lobally true in the future” Ga a U b “a will hold true U ntil b becomes true”

  10. LTL - Linear Time Logic (Pn 77) Determines Patterns on Infinite Traces a Atomic Propositions Boolean Operations Temporal operators “a is true now” a “a is true in the ne X t state” X a Fa “a will be true in the Future” “a will be G lobally true in the future” Ga a U b “a will hold true U ntil b becomes true”

  11. LTL - Linear Time Logic (Pn 77) Determines Patterns on Infinite Traces a a a a a Atomic Propositions Boolean Operations Temporal operators “a is true now” a “a is true in the ne X t state” X a “a will be true in the F uture” Fa Ga “a will be Globally true in the future” a U b “a will hold true U ntil b becomes true”

  12. LTL - Linear Time Logic (Pn 77) Determines Patterns on Infinite Traces a a a a b Atomic Propositions Boolean Operations Temporal operators “a is true now” a “a is true in the ne X t state” X a “a will be true in the F uture” Fa “a will be G lobally true in the future” Ga a U b “a will hold true Until b becomes true”

  13. Branching Time (EC 80, BMP 81)

  14. CTL: Computation Tree Logic “g will possibly become true” EF g

  15. CTL: Computation Tree Logic “g will necessarily become true” AF g

  16. CTL: Computation Tree Logic “g is an invariant” AG g

  17. CTL: Computation Tree Logic “g is a potential invariant” EG g

  18. CTL: Computation Tree Logic CTL (CES83-86) uses the temporal operators AX, AG, AF, AU EX, EG, EF, EU CTL* allows complex nestings such as AXX, AGX, EXF, ...

  19. Model Checking Problem  Let M be a state-transition graph.  Let ƒ be the specification in temporal logic.  Find all states s of M such that M, s |= ƒ . • CTL Model Checking: CE 81; CES 83/86; QS 81/82. • LTL Model Checking: LP 85. • Automata Theoretic LTL Model Checking: VW 86. • CTL* Model Checking: EL 85.

  20. Trivial Example Microwave Oven State-transition graph describes system evolving ~ Start ~ Close over time. ~ Heat ~ Error ~ Start Start ~ Start Close ~ Close Close Heat ~ Heat ~ Heat ~ Error Error ~ Error Start Start Start Close Close Close ~ Heat ~ Heat Heat Error ~ Error ~ Error

  21. Temporal Logic and Model Checking  The oven doesn‟t heat up until the door is closed.  Not heat_up holds until door_closed  (~ heat_up) U door_closed

  22. Model Checking Hardware Description Informal (VERILOG, VHDL, SMV) Specification Transition System Temporal Logic Formula (Automaton, Kripke structure) (CTL, LTL, etc.)

  23. Counterexamples Informal Program or circuit Specification Transition System Temporal Logic Formula (CTL, LTL, etc.) Safety Property: bad state unreachable: satisfied Initial State

  24. Counterexamples Informal Program or circuit Specification Transition System Temporal Logic Formula (CTL, LTL, etc.) Safety Property: bad state unreachable Counterexample Initial State

  25. Counterexamples Informal Program or circuit Specification Transition System Temporal Logic Formula (CTL, LTL, etc.) Safety Property: bad state unreachable Counterexample Initial State

  26. Hardware Example: IEEE Futurebus +  In 1992 we used Model Checking to verify the IEEE Future+ cache coherence protocol.  Found a number of previously undetected errors in the design.  First time that a formal verification tool was used to find errors in an IEEE standard.  Development of the protocol began in 1988, but previous attempts to validate it were informal.

  27. Four Big Breakthroughs on State Space Explosion Problem!  Symbolic Model Checking Burch, Clarke, McMillan, Dill, and Hwang 90; Ken McMillan‟s thesis 92  The Partial Order Reduction Valmari 90 Godefroid 90 Peled 94 (Gerard Holzmann‟s SPIN)

  28. Four Big Breakthroughs on State Space Explosion Problem!  Symbolic Model Checking Burch, Clarke, McMillan, Dill, and Hwang 90; Ken McMillan‟s thesis 92 10 20 states  The Partial Order Reduction Valmari 90 Godefroid 90 Peled 94 (Gerard Holzmann‟s SPIN)

  29. Four Big Breakthroughs on State Space Explosion Problem!  Symbolic Model Checking Burch, Clarke, McMillan, Dill, and Hwang 90; Ken McMillan‟s thesis 92 10 100 states  The Partial Order Reduction Valmari 90 Godefroid 90 Peled 94 (Gerard Holzmann‟s SPIN)

  30. Four Big Breakthroughs on State Space Explosion Problem!  Symbolic Model Checking Burch, Clarke, McMillan, Dill, and Hwang 90; Ken McMillan‟s thesis 92 10 120 states  The Partial Order Reduction Valmari 90 Godefroid 90 Peled 94 (Gerard Holzmann‟s SPIN)

  31. Four Big Breakthroughs on State Space Explosion Problem (Cont.)  Bounded Model Checking  Biere, Cimatti, Clarke, Zhu 99  Using Fast SAT solvers  Can handle thousands of state elements Can the given property fail in k-steps? I(V 0 ) Λ T(V 0 ,V 1 ) Λ … Λ T(V k-1 ,V k ) Λ ( ¬ P(V 0 ) V … V ¬ P(V k )) Property fails Initial state k-steps in some step BMC in practice: Circuit with 9510 latches, 9499 inputs BMC formula has 4 x 10 6 variables, 1.2 x 10 7 clauses Shortest bug of length 37 found in 69 seconds

  32. Four Big Breakthroughs on State Space Explosion Problem (Cont.)  Localization Reduction  Bob Kurshan 1994  Counterexample Guided Abstraction Refinement (CEGAR)  Clarke, Grumberg, Jha, Lu, Veith 2000  Used in most software model checkers

  33. Existential Abstraction Given an abstraction function  : S  S  , the concrete states are grouped and mapped into abstract states: M  Preservation Theorem ?    M

  34. Preservation Theorem  Theorem (Clarke, Grumberg, Long) If property holds on abstract model, it holds on concrete model  Technical conditions  Property is universal i.e., no existential quantifiers  Atomic formulas respect abstraction mapping  Converse implication is not true !

  35. Spurious Behavior “red” “go” AGAF red Spurious Counterexample: “Every path necessarily leads <go><go><go><go> ... back to red.” Artifact of the abstraction !

  36. Automatic Abstraction M  Initial Abstraction Spurious Refinement Spurious counterexample Refinement Validation or Correct ! Counterexample M Original Model

  37. CEGAR C ounter E xample- G uided A bstraction R efinement Initial Abstraction Verification No error Circuit or or bug found Abstract Model Model Program Checker Property holds Counterexample Simulation sucessful Abstraction refinement Refinement Simulator Bug found Spurious counterexample

  38. Future Challenge Is it possible to model check software? According to Wired News on Nov 10, 2005: “ When Bill Gates announced that the technology was under development at the 2002 Windows Engineering Conference, he called it the holy grail of computer science ”

  39. What Makes Software Model Checking Different ?  Large/unbounded base types: int, float, string  User-defined types/classes  Pointers/aliasing + unbounded #‟s of heap -allocated cells  Procedure calls/recursion/calls through pointers/dynamic method lookup/overloading  Concurrency + unbounded #‟s of threads

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SAT based Abstraction-Refinement using ILP and Machine Learning Techniques Edmund Clarke Anubhav

SAT based Abstraction-Refinement using ILP and Machine Learning Techniques Edmund Clarke Anubhav

SAT based Abstraction-Refinement using ILP and Machine Learning Techniques 1 SAT based Abstraction-Refinement using ILP and Machine Learning Techniques Edmund Clarke Anubhav Gupta James Kukula Ofer Strichman SAT based Abstraction-Refinement

822 views • 36 slides
Counterexample Guided Abstraction Refinement (CEGAR) Peyman Rasouli Gianluca Turin 1

Counterexample Guided Abstraction Refinement (CEGAR) Peyman Rasouli Gianluca Turin 1

Counterexample Guided Abstraction Refinement (CEGAR) Peyman Rasouli Gianluca Turin 1 Abstraction Definition of abstraction on Wikipedia: Abstractions may be formed by reducing the information content of a concept or an observable

575 views • 18 slides
Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software

Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software

Outline Introduction Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software Counterexample-Guided Abstraction Refinement Computing Existential Abstractions of Programs Version 1.0, 2010 Checking the

429 views • 12 slides
Abstraction refinement and plan revision for control synthesis under high level specifications

Abstraction refinement and plan revision for control synthesis under high level specifications

Abstraction refinement and plan revision for control synthesis under high level specifications Pierre-Jean Meyer Dimos V. Dimarogonas KTH, Royal Institute of Technology July 12 th 2017 Outline Abstraction-based synthesis Global framework

603 views • 34 slides
Data Invariants, Abstraction and Refinement Practice Curtis Millar CSE, UNSW (and Data61) 24

Data Invariants, Abstraction and Refinement Practice Curtis Millar CSE, UNSW (and Data61) 24

Exercise 2 Specification and Refinement Editor Example Administrivia Software System Design and Implementation Data Invariants, Abstraction and Refinement Practice Curtis Millar CSE, UNSW (and Data61) 24 June 2020 1 Exercise 2

1.06k views • 52 slides
Data Abstraction and Modularity Modular program development Step-wise refinement

Data Abstraction and Modularity Modular program development Step-wise refinement

CS 242 Topics Data Abstraction and Modularity Modular program development Step-wise refinement Interface, specification, and implementation Language support for modularity John Mitchell Procedural abstraction Abstract

234 views • 8 slides
Part III: Abstraction Refinement Javier Esparza Technische Universitt Mnchen Javier Esparza

Part III: Abstraction Refinement Javier Esparza Technische Universitt Mnchen Javier Esparza

Part III: Abstraction Refinement Javier Esparza Technische Universitt Mnchen Javier Esparza Part III: Abstraction Refinement Example 1 ( X 0 ) ( X &gt; 0 ) 2 3 The problem: X := X ( Y &gt; 0 ) Is the error label reachable? ( Y

1.18k views • 82 slides
Data Invariants, Abstraction and Refinement Liam OConnor University of Edinburgh LFCS (and

Data Invariants, Abstraction and Refinement Liam OConnor University of Edinburgh LFCS (and

Data Invariants and ADTs Validation Data Refinement Administrivia Software System Design and Implementation Data Invariants, Abstraction and Refinement Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Data Invariants

1.07k views • 68 slides
Closed-loop Verification of Medical Devices with Model Abstraction and Refinement Zhihao

Closed-loop Verification of Medical Devices with Model Abstraction and Refinement Zhihao

Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) Closed-loop Verification of Medical Devices with Model Abstraction and Refinement Zhihao Jiang, Miroslav Pajic, Rajeev Alur and Rahul Mangharam University

759 views • 22 slides
THETA: a Framework for Abstraction Refinement-Based Model Checking Tams Tth 1 , kos Hajdu

THETA: a Framework for Abstraction Refinement-Based Model Checking Tams Tth 1 , kos Hajdu

THETA: a Framework for Abstraction Refinement-Based Model Checking Tams Tth 1 , kos Hajdu 1,2 , Andrs Vrs 1,2 , Zoltn Micskei 1 , Istvn Majzik 1 1 Budapest University of Technology and Economics Department of Measurement and

786 views • 12 slides
SAT-based Abstraction Refinement for Real-time Systems Stephanie Kemper 1 e Platzer 2 , 3 Andr

SAT-based Abstraction Refinement for Real-time Systems Stephanie Kemper 1 e Platzer 2 , 3 Andr

SAT-based Abstraction Refinement for Real-time Systems Stephanie Kemper 1 e Platzer 2 , 3 Andr 1 Centrum voor Wiskunde en Informatica, Software Engineering, Amsterdam, The Netherlands 2 University of Oldenburg, Department of Computing Science,

773 views • 66 slides
Counterexample-guided Cartesian Abstraction Refinement and Saturated Cost Partitioning for

Counterexample-guided Cartesian Abstraction Refinement and Saturated Cost Partitioning for

Counterexample-guided Cartesian Abstraction Refinement and Saturated Cost Partitioning for Optimal Classical Planning Jendrik Seipp February 28, 2018 University of Basel Planning Find a sequence of actions that achieves a goal. 1/35 Optimal

1.08k views • 85 slides
Predicate Abstraction with SATABS Version 1.0, 2010 Outline Introduction Existential

Predicate Abstraction with SATABS Version 1.0, 2010 Outline Introduction Existential

Predicate Abstraction with SATABS Version 1.0, 2010 Outline Introduction Existential Abstraction Predicate Abstraction for Software Counterexample-Guided Abstraction Refinement Computing Existential Abstractions of Programs Checking the

1.66k views • 162 slides
Software Model Checking and Counter-example Guided Abstraction Refinement Claire Le Goues 1

Software Model Checking and Counter-example Guided Abstraction Refinement Claire Le Goues 1

Software Model Checking and Counter-example Guided Abstraction Refinement Claire Le Goues 1 Motivation: How should we analyze this? * means something we cant analyze (user input, random value) Line 5: the lock is held if and only

886 views • 63 slides
Effective Approaches to Abstraction Refinement for an Explicit Value Analysis Stefan Lwe

Effective Approaches to Abstraction Refinement for an Explicit Value Analysis Stefan Lwe

Effective Approaches to Abstraction Refinement for an Explicit Value Analysis Stefan Lwe SoSy-Lab Software Systems Outline of my Thesis Outline of my Talk Value Analysis by Example Value Analysis by Example Value Analysis by the Numbers

318 views • 27 slides
Counterexample Guided Abstraction Refinement in Blast Reading: Checking Memory Safety with Blast

Counterexample Guided Abstraction Refinement in Blast Reading: Checking Memory Safety with Blast

Counterexample Guided Abstraction Refinement in Blast Reading: Checking Memory Safety with Blast 17-654/17-754 Analysis of Software Artifacts Jonathan Aldrich

400 views • 14 slides
Clinical Lecture Institutes January 15, 2016 Assistant Consulting Professor Department of

Clinical Lecture Institutes January 15, 2016 Assistant Consulting Professor Department of

A Program for the UNC- CH School of Social Works Clinical Lecture Institutes January 15, 2016 Assistant Consulting Professor Department of Psychiatry and Behavioral Sciences Duke University Medical Center brantley65@gmail.com

1.31k views • 104 slides
Data Mining in Bioinformatics Day 8: Feature Selection - Epistasis Detection Karsten Borgwardt

Data Mining in Bioinformatics Day 8: Feature Selection - Epistasis Detection Karsten Borgwardt

Data Mining in Bioinformatics Day 8: Feature Selection - Epistasis Detection Karsten Borgwardt February 18 to March 1, 2013 Machine Learning &amp; Computational Biology Research Group Max Planck Institute Tbingen and Eberhard Karls

818 views • 62 slides
The new medical landscape . Emerging risks 1. Age 2. Sun 3. Air pollutions: surface ozone ,

The new medical landscape . Emerging risks 1. Age 2. Sun 3. Air pollutions: surface ozone ,

School on integrated environmental and health impact assessment (IEHIA) on air pollu=on and climate change in Mediterranean urban se@ngs. ICTP, Trieste Italy, 23-27 April 2018 Climate change, both a risk and a biomarker of human self-inflicted

630 views • 34 slides
Muscle regenerative capacity and aging International Conference on Frailty &amp; Sarcopenia

Muscle regenerative capacity and aging International Conference on Frailty &amp; Sarcopenia

Muscle regenerative capacity and aging International Conference on Frailty &amp; Sarcopenia Research Charlotte A. Peterson Miami, Florida March 1-3, 2018 Satellite cells: Resident muscle stem cells Relaix &amp; Zammit, 2012 Plasmalemma

528 views • 30 slides
Genome-wide Survey of Mixed MicroRNA / Transcription Factor Feed-Forward Regulatory Circuits in

Genome-wide Survey of Mixed MicroRNA / Transcription Factor Feed-Forward Regulatory Circuits in

Genome-wide Survey of Mixed MicroRNA / Transcription Factor Feed-Forward Regulatory Circuits in Human Davide Cor University of Torino and INFN cora@to.infn.it Transcription Factors and miRNAs Regulation of gene expression mainly

502 views • 22 slides
Lecturer: Dr. Joana Salifu Yendork , Department of Psychology Contact Information:

Lecturer: Dr. Joana Salifu Yendork , Department of Psychology Contact Information:

Lecturer: Dr. Joana Salifu Yendork , Department of Psychology Contact Information: jyendork@ug.edu.gh College of Education School of Continuing and Distance Education 2014/2015 2016/2017 Session Overview Several theories have attempted

570 views • 24 slides
Anna Durbin, MD Professor of Medicine &amp; Public Health Kawsar Talaat, MD Assistant Professor

Anna Durbin, MD Professor of Medicine &amp; Public Health Kawsar Talaat, MD Assistant Professor

Anna Durbin, MD Professor of Medicine &amp; Public Health Kawsar Talaat, MD Assistant Professor of Medicine &amp; Public Health Johns Hopkins Vaccine Initiative, Center for Immunization Research Drs. Chida, Durbin, Melia, and Talaat have no

536 views • 49 slides
Histopathology of AKI Peter Boor pboor@ukaachen.de Pathology &amp; Nephrology RWTH Aachen,

Histopathology of AKI Peter Boor pboor@ukaachen.de Pathology &amp; Nephrology RWTH Aachen,

3rd International Symposium on Functional Renal Imaging, 17 th October 2019 Histopathology of AKI Peter Boor pboor@ukaachen.de Pathology &amp; Nephrology RWTH Aachen, Germany Funding: Classification of acute kidney injury (AKI)

861 views • 58 slides

More recommend