bounded model checking
play

Bounded Model Checking bmc Revision: 1.11 1 - PowerPoint PPT Presentation

Jan 23, 2023 •229 likes •521 views

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model checking historically not the first symbolic model checking approach scales better than original BDD based techniques mostly incomplete in

  1. Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] • uses SAT for model checking – historically not the first symbolic model checking approach – scales better than original BDD based techniques • mostly incomplete in practice – validity of a formula can often not be proven – focus on counter example generation – only counter example up to certain length (the bound k ) are searched Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  2. Bounded Model Checking Safety bmc Revision: 1.11 2 checking safety property G p for a bound k as SAT problem: s s 1 s l s s k 0 l +1 ∨ ∨ ∨ ∨ ¬ ¬ ¬ ¬ ¬ p p p p p k _ I ( s 0 ) ∧ T ( s 0 , s 1 ) ∧···∧ T ( s k − 1 , s k ) ∧ ¬ p ( s i ) i = 0 check occurrence of ¬ p in the first k states Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  3. Bounded Model Checking Liveness bmc Revision: 1.11 3 generic counter example trace of length k for liveness F p s s 1 s l s s k 0 l +1 ¬ ¬ ¬ ¬ ¬ p p p p p k k _ ^ I ( s 0 ) ∧ T ( s 0 , s 1 ) ∧···∧ T ( s k , s k + 1 ) ∧ s l = s k + 1 ∧ ¬ p ( s i ) l = 0 i = 0 (however we recently showed that liveness can always be reformulated as safety [BiereArthoSchuppan02]) Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  4. Time Frame Expansion in HW bmc Revision: 1.11 4 sequential inputs feedback loop combinational logic states outputs sequential circuit Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  5. Time Frame Expansion in HW bmc Revision: 1.11 5 inputs states states outputs break sequential loop Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  6. Time Frame Expansion in HW bmc Revision: 1.11 6 inputs inputs states states states outputs outputs added 1st copy Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  7. Time Frame Expansion in HW bmc Revision: 1.11 7 inputs inputs inputs states states states states outputs outputs outputs added 2nd copy Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  8. Time Frame Expansion in HW bmc Revision: 1.11 8 inputs inputs inputs inputs states states states states states outputs outputs outputs outputs added 3rd copy Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  9. Time Frame Expansion in HW bmc Revision: 1.11 9 inputs inputs inputs inputs inputs states states states states states states outputs outputs outputs outputs outputs added 4th copy Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  10. Time Frame Expansion in HW bmc Revision: 1.11 10 inputs observed signals Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  11. Bounded Model Checking Safety in HW bmc Revision: 1.11 11 inputs !prop0 !prop1 !prop2 !prop3 !prop4 failed find inputs for which failed becomes true Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  12. Bounded Model Checking Liveness in HW bmc Revision: 1.11 12 inputs !prop0 !prop1 !prop2 !prop3 !prop4 CMP sel failed find inputs for which failed becomes true Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  13. Completeness in Bounded Model Checking bmc Revision: 1.11 13 • find bounds on the maximal length of counter examples – also called completeness threshold – exact bounds are hard to find ⇒ approximations • induction – use inductive invariants as we have seen before – generalization of inductive invariants: pseudo induction • use SAT for quantifier elimination as with BDDs (later) – then model checking becomes fixpoint calculation Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  14. Measuring Distances bmc Revision: 1.11 14 Distance: length of shortest path between two states δ ( s , t ) ≡ min { n | ∃ s 0 ,..., s n [ s = s 0 , t = s n and T ( s i , s i + 1 ) for 0 ≤ i < n ] } (distance can be infinite if s and t are not connected) Diameter: maximal distance between two connected states d ( T ) ≡ max { δ ( s , t ) | T ∗ ( s , t ) } with T ∗ defined as the transitive reflexive hull of T . Radius: maximal distance of a reachable state from the initial states r ( T , I ) ≡ max { δ ( s , t ) | T ∗ ( s , t ) and I ( s ) and δ ( s , t ) ≤ δ ( s ′ , t ) for all s ′ with I ( s ′ ) } (minimal number of steps to reach an arbitrary state in BFS) Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  15. Diameter Example bmc Revision: 1.11 15 initial states unreachable states 9 0 1 5 6 7 8 2 3 states with distance 1 from initial states 4 single state with distance 2 from initial states diameter 4, radius 2 ( reachable diameter 3, distance from 0 to 4 or max. distance between 2,3,4) Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  16. Completeness Threshold for Safety bmc Revision: 1.11 16 • a bad state is reached in at most r ( T , I ) steps from the initial states – a bad state is a state violating the invariant to be proven • thus, the radius is a completeness threshold for safety properties • for safety properties the max. k for doing bounded model checking is r ( T , I ) • if no counter example of this length can be found the safety property holds Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  17. How to determine the radius? bmc Revision: 1.11 17 reformulation: the radius is the max. length r of a path leading from an initial state to a state t , such there is no other path from an initial state to t with length less than r . Thus radius r is the minimal number which makes the following formula valid: r ^ ∀ s 0 ,..., s r + 1 [ ( I ( s 0 ) ∧ T ( s i , s i + 1 )) → i = 0 n − 1 ^ ∃ n ≤ r [ ∃ t 0 ,..., t n [ I ( t 0 ) ∧ T ( t i , t i + 1 ) ∧ t n = s r + 1 ] ] ] i = 0 after replacing ∃ n ≤ r ··· by W r n = 0 ··· we get a Quantified Boolean Formula (QBF), which is much harder to prove un/satisfiable (PSPACE complete). Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  18. Visualization of Reformulation bmc Revision: 1.11 18 initial states ∀ s −1 s +1 s 0 s 1 s r r r ( = ) s +1 t r r ∃ t −1 t t 1 0 r (we allow t i + 1 to be identical to t i in the lower path) Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  19. Reoccurrence Radius/Diameter bmc Revision: 1.11 19 • we can not find the real radius / diameter with SAT efficiently • over approximation idea: – drop requirement that there is no shorter path – enforce different (no reoccurring) states on single path instead reoccurrence diameter: length of the longest path without reoccurring states reoccurrence radius: length of the longest initialized path without reoccurring states Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  20. Determination of Reoccurrence Diameter bmc Revision: 1.11 20 reformulation: the reoccurrence radius is the length of the longest path from initial states without reoccurring states (one may further assume that only the first state is an initial state) The reoccurring radius is the minimal r which makes the following formula valid: r ^ _ ∀ s 0 ,..., s r + 1 [ ( I ( s 0 ) ∧ T ( s i , s i + 1 )) → s i = s j ] i = 0 0 ≤ i < j ≤ r + 1 this is a propositional formula and can be checked by SAT (exercise: reoccurrence radius/diameter is an upper bound on real radius/diameter) Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  21. Bad Example for Reoccurrence Radius bmc Revision: 1.11 21 0 n 1 2 radius 1, reoccurrence radius n Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  22. Bounded Semantics with Loop bmc Revision: 1.11 22 (E)LTL formula in NNF let the path π be a ( k , l ) lasso π | p ∈ L ( π ( i )) = i k p iff π | p �∈ L ( π ( i )) = i k ¬ p iff π | π | k f and π | = i = i = i k f ∧ g iff k g π | = l � if i = k k f π | = i k X f iff = i + 1 π | f else k = j π | j = min ( i , l ) π | = i V k k G f iff k f = j π | j = min ( i , l ) π | W k = i k F f iff k f Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

  23. Bounded Semantics without Loop bmc Revision: 1.11 23 ELTL formula in NNF there is no l for which path π is a ( k , l ) lasso π | p ∈ L ( π ( i )) = i k p iff π | p �∈ L ( π ( i )) = i k ¬ p iff π | π | k f and π | = i = i = i k f ∧ g iff k g false � if i = k π | = i k X f iff = i + 1 π | f else k false π | = i k G f iff = j π | j = i π | = i W k k F f iff k f Systemtheory 2 – Formal Systems 2 – #342201 – SS 2006 – Armin Biere – JKU Linz

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Handling Loops in Bounded Model Checking of C Programs via k- Induction Lucas Cordeiro Joint

Handling Loops in Bounded Model Checking of C Programs via k- Induction Lucas Cordeiro Joint

Handling Loops in Bounded Model Checking of C Programs via k- Induction Lucas Cordeiro Joint work with Jeremy Morse, Mikhail Ramalho, Herberto Rocha, Hussama Ismail, Raimundo Barreto, Denis Nicole, and Bernd Fischer Bounded Model Checking

553 views • 37 slides
Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Model Checking C Model checking: normally applied to formal state transition systems checks safety and

439 views • 17 slides
Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model

Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model

Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model Checking PhD School Keijo Heljanko Aalto University Keijo.Heljanko@tkk.fi Bounded Model Checking Tutorial, Part II, Keijo Heljanko 1/49 Co-Author

588 views • 55 slides
Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model

Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model

Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model Checking PhD School Keijo Heljanko Aalto University Keijo.Heljanko@tkk.fi Bounded Model Checking Tutorial, Part I, Keijo Heljanko 1/54 Co-Author

717 views • 54 slides
SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software

SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software

SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva b.fischer@ecs.soton.ac.uk Bounded Model Checking (BMC) Basic Idea: check negation of given property

957 views • 33 slides
ECBS 2013 SMT-Bounded Model Checking of C++ Programs Mikhail Ramalho, Mauro Freitas , Felipe

ECBS 2013 SMT-Bounded Model Checking of C++ Programs Mikhail Ramalho, Mauro Freitas , Felipe

ECBS 2013 SMT-Bounded Model Checking of C++ Programs Mikhail Ramalho, Mauro Freitas , Felipe Sousa, Hendrio Marques, Lucas Cordeiro, Bernd Fischer Bounded Model Checking (BMC) Idea: check negation of given property up to given depth property

702 views • 34 slides
Bounded Model Checking Julien Schmaltz Institute for Computing and Information Sciences Radboud

Bounded Model Checking Julien Schmaltz Institute for Computing and Information Sciences Radboud

Bounded Model Checking Julien Schmaltz Institute for Computing and Information Sciences Radboud University Nijmegen The Netherlands julien@cs.ru.nl April 15, 2009 J. Schmaltz Bounded Model Checking Agenda coming lectures ... Part I:

954 views • 56 slides
CBMC: Bounded Model Checking for ANSI-C Version 1.0, 2010 Outline Preliminaries BMC Basics

CBMC: Bounded Model Checking for ANSI-C Version 1.0, 2010 Outline Preliminaries BMC Basics

CBMC: Bounded Model Checking for ANSI-C Version 1.0, 2010 Outline Preliminaries BMC Basics Completeness Solving the Decision Problem CBMC: Bounded Model Checking for ANSI-C http://www.cprover.org/ 2 Preliminaries We aim at the

789 views • 75 slides
CBMC: Bounded Model Checking for ANSI-C Preliminaries BMC Basics Completeness Version 1.0, 2010

CBMC: Bounded Model Checking for ANSI-C Preliminaries BMC Basics Completeness Version 1.0, 2010

Outline CBMC: Bounded Model Checking for ANSI-C Preliminaries BMC Basics Completeness Version 1.0, 2010 Solving the Decision Problem CBMC: Bounded Model Checking for ANSI-C http://www.cprover.org/ 2 Preliminaries Example: SHS if if (

666 views • 7 slides
Bounded Model Checking of Hybrid Systems From Qualitative to Quantitative Certificates and from

Bounded Model Checking of Hybrid Systems From Qualitative to Quantitative Certificates and from

Bounded Model Checking of Hybrid Systems From Qualitative to Quantitative Certificates and from Falsification to Verification Martin Frnzle 1 joint work with A. Eggers, C. Herde, T. Teige (all Oldenburg), N. Kalinnik, S. Kupferschmid, T.

919 views • 71 slides
Big-Step Bounded Model Checking for So6ware Nishant Sinha ,

Big-Step Bounded Model Checking for So6ware Nishant Sinha ,

Big-Step Bounded Model Checking for So6ware Nishant Sinha , IBM Research Labs Bangalore, India Example: NULL dereference N.foo . M.M T.T

511 views • 33 slides
CDA 5416 Computer System Verification Bounded Model Checking Hao Zheng Department of Computer

CDA 5416 Computer System Verification Bounded Model Checking Hao Zheng Department of Computer

CDA 5416 Computer System Verification Bounded Model Checking Hao Zheng Department of Computer Science and Engineering University of South Florida H. Zheng (CSE USF) CDA 5416 CAV 1 / 26 Introduction Model Checking is used for exhaustive

438 views • 28 slides
Bounded Model Checking Henrik Torland Klev November 2019 1 Introduction My initial idea was to

Bounded Model Checking Henrik Torland Klev November 2019 1 Introduction My initial idea was to

Bounded Model Checking Henrik Torland Klev November 2019 1 Introduction My initial idea was to use chapter 10 SAT-based Model Checking of [1] as a basis for this presentation. However, said chapter turned out to be more of a

264 views • 12 slides
SMT-based Software Model Checking: Experimental Comparison of Four Algorithms Matthias Dangl

SMT-based Software Model Checking: Experimental Comparison of Four Algorithms Matthias Dangl

SMT-based Software Model Checking: Experimental Comparison of Four Algorithms Matthias Dangl Joint work with Dirk Beyer University of Passau, Germany SMT-based Software Model Checking Bounded Model Checking ( Cbmc , CPAchecker , Esbmc ,

496 views • 26 slides
Advanced SAT-Techniques for Bounded Model Checking of Blackbox Designs Marc Herbstritt (joint

Advanced SAT-Techniques for Bounded Model Checking of Blackbox Designs Marc Herbstritt (joint

Advanced SAT-Techniques for Bounded Model Checking of Blackbox Designs Marc Herbstritt (joint work with Bernd Becker and Christoph Scholl) Institute of Computer Science Albert-Ludwigs-University Freiburg im Breisgau, Germany Presentation at

997 views • 54 slides
BMCMT Bounded Model Checking of TLA + Specifications with SMT Jure Kukovec Igor Konnov Thanh

BMCMT Bounded Model Checking of TLA + Specifications with SMT Jure Kukovec Igor Konnov Thanh

BMCMT Bounded Model Checking of TLA + Specifications with SMT Jure Kukovec Igor Konnov Thanh Hai Tran work in progress TLA + Community Event Oxford, UK, July 2018 APALACHE Abstraction-based Parameterized TLA + Checker A.1 TLA + patterns

864 views • 58 slides
Parameter Synthesis with IC3 A. Cimatti, A. Griggio , S. Mover, S. Tonetta FBK, Trento, Italy

Parameter Synthesis with IC3 A. Cimatti, A. Griggio , S. Mover, S. Tonetta FBK, Trento, Italy

FMCAD 2013 Parameter Synthesis with IC3 A. Cimatti, A. Griggio , S. Mover, S. Tonetta FBK, Trento, Italy Motivations and Contributions Parametric descriptions of systems arise in many domains E.g. software, cyber-physical systems, task

375 views • 23 slides
bmclib A Baseboard Management Controller library One library to rule them all? Juliano Martinez

bmclib A Baseboard Management Controller library One library to rule them all? Juliano Martinez

Fosdem 2019 bmclib A Baseboard Management Controller library One library to rule them all? Juliano Martinez Joel Rebello Baseboard Management Controller A BMC is a system on chip that integrates various computer components in a single

401 views • 14 slides
Introduction to SAT and SMT Solvers Interfacing Yosys and SMT Solvers for BMC and more using

Introduction to SAT and SMT Solvers Interfacing Yosys and SMT Solvers for BMC and more using

Introduction to SAT and SMT Solvers Interfacing Yosys and SMT Solvers for BMC and more using SMT-LIB 2.5 Clifford Wolf 1 Abstract Bounded model checking and other SAT-based formal methods are an important part of todays digital design

773 views • 52 slides
Be sure you have signed-in Team registration is open http://www.purdue.edu/dp/bdmce/

Be sure you have signed-in Team registration is open http://www.purdue.edu/dp/bdmce/

Be sure you have signed-in Team registration is open http://www.purdue.edu/dp/bdmce/ Questions can be emailed to bmc@purdue.edu Competition Statistics 31 st year One of the oldest competitions in the US Purdue: 1987

363 views • 23 slides
U.S. Department of Housing and Urban Development Office of Housing Counseling Facilitated by

U.S. Department of Housing and Urban Development Office of Housing Counseling Facilitated by

U.S. Department of Housing and Urban Development Office of Housing Counseling Facilitated by Booth Management Consulting 7230 Lee Deforest Drive, Suite 202 Columbia, MD 21046 Understanding Financial Management Systems February 19, 2019 2pm

779 views • 41 slides
FBOSS: Building Switch Software at Scale Sean Choi, Sean Choi, Boris Burkov, Alex Eckert, Tian

FBOSS: Building Switch Software at Scale Sean Choi, Sean Choi, Boris Burkov, Alex Eckert, Tian

FBOSS: Building Switch Software at Scale Sean Choi, Sean Choi, Boris Burkov, Alex Eckert, Tian Fang, Saman Kazemkhani, Rob Sherwood, Ying Zhang, James Zeng Motivation Scale of Facebook Community 2.23B Monthly 1.3B Monthly 1B Monthly 1.5B

442 views • 28 slides
On Variable Selection in SAT-LP-based Bounded Model Checking of Linear Hybrid Automata Marc

On Variable Selection in SAT-LP-based Bounded Model Checking of Linear Hybrid Automata Marc

On Variable Selection in SAT-LP-based Bounded Model Checking of Linear Hybrid Automata Marc Herbstritt (joint work with Bernd Becker, Erika Abrah am, Christian Herde) Institute of Computer Science Albert-Ludwigs-University Freiburg im

568 views • 33 slides
Bounded Model Checking of MPL Systems via Predicate Abstractions FORMATS 2019 Muhammad Syifaul

Bounded Model Checking of MPL Systems via Predicate Abstractions FORMATS 2019 Muhammad Syifaul

Bounded Model Checking of MPL Systems via Predicate Abstractions FORMATS 2019 Muhammad Syifaul Mufid 1 , 3 Dieky Adzkiya 2 Alessandro Abate 1 1 Department of Computer Science, University of Oxford, UK 2 Department of Mathematics, ITS Surabaya,

1.35k views • 55 slides

More recommend