model checking using smt and theory of lists
play

Model Checking Using SMT and Theory of Lists Aleksandar Milicevic 1 - PowerPoint PPT Presentation

Jun 15, 2023 •289 likes •945 views

Motivation Approach Software Model Checking Evaluation Summary Model Checking Using SMT and Theory of Lists Aleksandar Milicevic 1 Hillel Kugler 2 1 Massachusetts Institute of Technology Cambridge, MA 2 Microsoft Research Cambridge, UK Third

  1. Motivation Approach Software Model Checking Evaluation Summary Model Checking Using SMT and Theory of Lists Aleksandar Milicevic 1 Hillel Kugler 2 1 Massachusetts Institute of Technology Cambridge, MA 2 Microsoft Research Cambridge, UK Third NASA Formal Methods Symposium, April 18, 2011 Model Checking Using SMT and Theory of Lists Milicevic, Kugler 1

  2. Motivation Approach Software Model Checking Evaluation Summary Solving Planning Problems Rush Hour puzzle Goal: drive the red car out of the jam Model Checking Using SMT and Theory of Lists Milicevic, Kugler 2

  3. Motivation Approach Software Model Checking Evaluation Summary Solving Planning Problems Rush Hour puzzle Goal: drive the red car out of the jam solve using a satisfiability solver Model Checking Using SMT and Theory of Lists Milicevic, Kugler 2

  4. Motivation Approach Software Model Checking Evaluation Summary Solving Planning Problems Rush Hour puzzle Goal: drive the red car out of the jam solve using a satisfiability solver problem: number of necessary steps is not known Model Checking Using SMT and Theory of Lists Milicevic, Kugler 2

  5. Motivation Approach Software Model Checking Evaluation Summary Software Model Checking without Loop Unrolling int N) { void selectSort ( int [ ] a , for ( int j =0; j < N − 1; j ++) { int min = j ; for ( int i = j +1; i < N; i ++) Selection Sort algorithm i f ( a [ min ] > a [ i ] ) min = i ; int t = a [ j ] ; Goal: verify for all int arrays a [ j ] = a [ min ] ; of size up to N a [ min ] = t ; } for ( int j =0; j < N − 1; j ++) assert a [ j ] < = a [ j +1]; } Model Checking Using SMT and Theory of Lists Milicevic, Kugler 3

  6. Motivation Approach Software Model Checking Evaluation Summary Software Model Checking without Loop Unrolling int N) { void selectSort ( int [ ] a , for ( int j =0; j < N − 1; j ++) { int min = j ; for ( int i = j +1; i < N; i ++) Selection Sort algorithm i f ( a [ min ] > a [ i ] ) min = i ; int t = a [ j ] ; Goal: verify for all int arrays a [ j ] = a [ min ] ; of size up to N a [ min ] = t ; } for ( int j =0; j < N − 1; j ++) assert a [ j ] < = a [ j +1]; } verify using model checking with satisfiability solving Model Checking Using SMT and Theory of Lists Milicevic, Kugler 3

  7. Motivation Approach Software Model Checking Evaluation Summary Software Model Checking without Loop Unrolling int N) { void selectSort ( int [ ] a , for ( int j =0; j < N − 1; j ++) { int min = j ; for ( int i = j +1; i < N; i ++) Selection Sort algorithm i f ( a [ min ] > a [ i ] ) min = i ; int t = a [ j ] ; Goal: verify for all int arrays a [ j ] = a [ min ] ; of size up to N a [ min ] = t ; } for ( int j =0; j < N − 1; j ++) assert a [ j ] < = a [ j +1]; } verify using model checking with satisfiability solving problem: number of necessary loop unrollings is not known Model Checking Using SMT and Theory of Lists Milicevic, Kugler 3

  8. Motivation Approach Software Model Checking Evaluation Summary Software Model Checking without Loop Unrolling int N) { void selectSort ( int [ ] a , for ( int j =0; j < N − 1; j ++) { int min = j ; for ( int i = j +1; i < N; i ++) Selection Sort algorithm i f ( a [ min ] > a [ i ] ) min = i ; int t = a [ j ] ; Goal: verify for all int arrays a [ j ] = a [ min ] ; of size up to N a [ min ] = t ; } for ( int j =0; j < N − 1; j ++) assert a [ j ] < = a [ j +1]; } verify using model checking with satisfiability solving problem: number of necessary loop unrollings is not known moreover, the number of loop unrollings is not independent of N Model Checking Using SMT and Theory of Lists Milicevic, Kugler 3

  9. Motivation Approach Software Model Checking Evaluation Summary Use Lists to Model State Transitions cons states tail ... head nil Model Checking Using SMT and Theory of Lists Milicevic, Kugler 4

  10. Motivation Approach Software Model Checking Evaluation Summary Use Lists to Model State Transitions cons states tail ... head nil The length of the list is not explicitly bounded Model Checking Using SMT and Theory of Lists Milicevic, Kugler 4

  11. Motivation Approach Software Model Checking Evaluation Summary Use Lists to Model State Transitions cons states tail ... head nil The length of the list is not explicitly bounded Specify what the list should look like, not how long it should be. Model Checking Using SMT and Theory of Lists Milicevic, Kugler 4

  12. Motivation Approach Software Model Checking Evaluation Summary Use Lists to Model State Transitions cons states tail ... head nil The length of the list is not explicitly bounded Specify what the list should look like, not how long it should be. To solve the rush hour puzzle: use a list to model a sequence of car movements don’t have to specify the number of steps Model Checking Using SMT and Theory of Lists Milicevic, Kugler 4

  13. Motivation Approach Software Model Checking Evaluation Summary Use Lists to Model State Transitions cons states tail ... head nil The length of the list is not explicitly bounded Specify what the list should look like, not how long it should be. To solve the rush hour puzzle: use a list to model a sequence of car movements don’t have to specify the number of steps To solve a software model-checking problem: use a list to model a program trace don’t have to specify the number of loop unrollings Model Checking Using SMT and Theory of Lists Milicevic, Kugler 4

  14. Motivation Approach Software Model Checking Evaluation Summary Background: Bounded Model Checking ... s 1 s 2 s k Model Checking Using SMT and Theory of Lists Milicevic, Kugler 5

  15. Motivation Approach Software Model Checking Evaluation Summary Background: Bounded Model Checking θ ( s 1 ) ... s 1 s 1 s 2 s k Initial state constraint: θ ( s 1 ) Model Checking Using SMT and Theory of Lists Milicevic, Kugler 5

  16. Motivation Approach Software Model Checking Evaluation Summary Background: Bounded Model Checking θ ( s 1 ) ρ ( s 1 , s 2 ) ρ ( s 2 , s 3 ) ρ ( s k − 1 , s k ) ... s 1 s 1 s 2 s k Initial state constraint: θ ( s 1 ) Transition constraint: ρ ( s 1 , s 2 ) ∧ ρ ( s 2 , s 3 ) ∧···∧ ρ ( s k − 1 , s k ) Model Checking Using SMT and Theory of Lists Milicevic, Kugler 5

  17. Motivation Approach Software Model Checking Evaluation Summary Background: Bounded Model Checking P ( s 1 ) P ( s 2 ) ¬ P ( s k ) θ ( s 1 ) ρ ( s 1 , s 2 ) ρ ( s 2 , s 3 ) ρ ( s k − 1 , s k ) ... ... s 1 s 1 s 1 s 2 s 2 s k s k Initial state constraint: θ ( s 1 ) Transition constraint: ρ ( s 1 , s 2 ) ∧ ρ ( s 2 , s 3 ) ∧···∧ ρ ( s k − 1 , s k ) Safety Property constraint: P ( s 1 ) ∧ P ( s 2 ) ∧···∧ P ( s k − 1 ) ∧¬ P ( s k ) Model Checking Using SMT and Theory of Lists Milicevic, Kugler 5

  18. Motivation Approach Software Model Checking Evaluation Summary Translation to SMT cons states tail ... head nil Model Checking Using SMT and Theory of Lists Milicevic, Kugler 6

  19. Motivation Approach Software Model Checking Evaluation Summary Translation to SMT Available operations : cons states - is nil(lst) tail - is cons(lst) ... head nil - head(lst) - tail(lst) Model Checking Using SMT and Theory of Lists Milicevic, Kugler 6

  20. Motivation Approach Software Model Checking Evaluation Summary Translation to SMT Available operations : cons states - is nil(lst) tail - is cons(lst) ... head nil - head(lst) - tail(lst) tupletype State = [v1: INT, v2: INT, ...] datatype StateList = nil | cons(head: State, tail: StateList) def states: StateList Model Checking Using SMT and Theory of Lists Milicevic, Kugler 6

  21. Motivation Approach Software Model Checking Evaluation Summary Translation to SMT Available operations : cons states - is nil(lst) tail - is cons(lst) ... head nil - head(lst) - tail(lst) tupletype State = [v1: INT, v2: INT, ...] datatype StateList = nil | cons(head: State, tail: StateList) def states: StateList def check tr: StateList → bool Model Checking Using SMT and Theory of Lists Milicevic, Kugler 6

  22. Motivation Approach Software Model Checking Evaluation Summary Translation to SMT Available operations : cons states - is nil(lst) tail - is cons(lst) ... head nil - head(lst) - tail(lst) tupletype State = [v1: INT, v2: INT, ...] datatype StateList = nil | cons(head: State, tail: StateList) def states: StateList def check tr: StateList → bool assert forall lst: StateList if (is cons(lst) and is cons(tail(lst))) then ρ (head(lst), head(tail(lst))) and check tr(tail(lst)) and Model Checking Using SMT and Theory of Lists Milicevic, Kugler 6

  23. Motivation Approach Software Model Checking Evaluation Summary Translation to SMT Available operations : cons states - is nil(lst) tail - is cons(lst) ... head nil - head(lst) - tail(lst) tupletype State = [v1: INT, v2: INT, ...] datatype StateList = nil | cons(head: State, tail: StateList) def states: StateList def check tr: StateList → bool assert forall lst: StateList if (is cons(lst) and is cons(tail(lst))) then ρ (head(lst), head(tail(lst))) and check tr(tail(lst)) and if ( not P (tail(lst))) then is nil(tail(tail(lst))) else is cons(tail(tail(lst))) Model Checking Using SMT and Theory of Lists Milicevic, Kugler 6

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking Checking Checking for Timed Automata Timed Automata Coll C l C ll b llabora orators: t ors: Peter Bulychev, Alexandre David Axel Legay, Marius

725 views • 59 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model checking historically not the first symbolic model checking approach scales better than original BDD based techniques mostly incomplete in

521 views • 28 slides
CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms for ( U ) Counter Examples and witnesses Symbolic Model Checking (Thursday) Binary Decision Trees

740 views • 40 slides
Scalable Multi-Core Model Checking Alfons Laarman ( alfons@laarman.com ), Theory joint work with

Scalable Multi-Core Model Checking Alfons Laarman ( alfons@laarman.com ), Theory joint work with

Scalable Multi-Core Model Checking Alfons Laarman ( alfons@laarman.com ), Theory joint work with Jaco van de Pol and Tom van Dijk . 1 / 19 Scalable Multi-Core Model Checking Multi-Core Model Checking Research questions Can model checking

725 views • 61 slides
Valex Dynamic Type Checking and Desugaring Theory of Programming Languages Computer Science

Valex Dynamic Type Checking and Desugaring Theory of Programming Languages Computer Science

Introduction Booleans Branching Str-Char-Sym Lists Predicates Valex Dynamic Type Checking and Desugaring Theory of Programming Languages Computer Science Department Wellesley College Introduction Booleans Branching Str-Char-Sym Lists

171 views • 13 slides
Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of

Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of

Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of compiling one into the other? Both have very different models of time How do they compare? We have seen two widely used temporal logics Relative

510 views • 10 slides
Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL Other interesting books: Model Checking by Clarke, Grumberg, and Peled Principles of Model Checking by Baier and Katoen 3 Course

636 views • 11 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

628 views • 34 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

777 views • 31 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

301 views • 8 slides
Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is Model Checking? Model checking is an automated technique that, given a finite-state model of a system and a logical property , systematically

484 views • 36 slides
Model Checking: the Interval Way Alberto Molinari ( j.w. with L. Bozzelli, A. Montanari, A. Peron,

Model Checking: the Interval Way Alberto Molinari ( j.w. with L. Bozzelli, A. Montanari, A. Peron,

Model Checking: the Interval Way Alberto Molinari ( j.w. with L. Bozzelli, A. Montanari, A. Peron, P. Sala ) University of Udine Department of Mathematics, Computer Science, and Physics (DMIF) July 27, 2018 MODEL CHECKING Model checking : the

701 views • 38 slides
Automated Reasoning LTL Model Checking Alan Bundy Automated Reasoning LTL Model Checking

Automated Reasoning LTL Model Checking Alan Bundy Automated Reasoning LTL Model Checking

Automated Reasoning LTL Model Checking Alan Bundy Automated Reasoning LTL Model Checking Lecture 9, page 1 Introduction So far we have looked at theorem proving Powerful, especially where good sets of rewrite rules or decision procedures

639 views • 26 slides
Hoare Logic and Model Checking Model Checking Lecture 7: Introduction and background Dominic

Hoare Logic and Model Checking Model Checking Lecture 7: Introduction and background Dominic

Hoare Logic and Model Checking Model Checking Lecture 7: Introduction and background Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group, University of Cambridge Academic year

972 views • 41 slides
Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/

Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/

Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/ Was popular in semiconductor industry via Cadence SMV Could handle large models A re-implementation of the SMV model checker: Good

110 views • 10 slides
CS 251 Fall 2019 CS 251 Spring 2020 Topics Principles of Programming Languages Principles

CS 251 Fall 2019 CS 251 Spring 2020 Topics Principles of Programming Languages Principles

CS 251 Fall 2019 CS 251 Spring 2020 Topics Principles of Programming Languages Principles of Programming Languages Ben Wood Ben Wood Lexical vs dynamic scope Lexical Scope Closures implement lexical scope. Design

410 views • 9 slides
Pragmatic Typestate Verification with Permissions

Pragmatic Typestate Verification with Permissions

Pragmatic Typestate Verification with Permissions with Kevin Bierhoff, with Kevin Bierhoff, Nels Beckman, Sven

1.13k views • 84 slides
IT350 Web &amp; Internet Programming Fall 2015 Set 2: Introduction to HTML5 Introduction and

IT350 Web &amp; Internet Programming Fall 2015 Set 2: Introduction to HTML5 Introduction and

IT350 Web &amp; Internet Programming Fall 2015 Set 2: Introduction to HTML5 Introduction and Editing HTML5 HTML 5 (HyperText Markup Language 5) A markup language that specifies the structure and content of documents Separates

784 views • 23 slides
Skip Lists CS-323 Lecture 07 Spring 2010 Emory University/Dr. Joan A. Smith Looking for Efficiency

Skip Lists CS-323 Lecture 07 Spring 2010 Emory University/Dr. Joan A. Smith Looking for Efficiency

Data Structures &amp; Algorithms Skip Lists CS-323 Lecture 07 Spring 2010 Emory University/Dr. Joan A. Smith Looking for Efficiency Dynamic (supports inserts and deletes) Efficient ==&gt; guaranteed logarithmic time for execution Treaps

582 views • 16 slides
Today Prolog interpreter algorithms Beyond Pure Prolog: meta-predicates Closed

Today Prolog interpreter algorithms Beyond Pure Prolog: meta-predicates Closed

1 Today Prolog interpreter algorithms Beyond Pure Prolog: meta-predicates Closed World Assumption &amp; Negation as Failure. Alan Smaill Logic Programming Nov 09 2009 2 Algorithms for definite clause interpreter We have seen

430 views • 20 slides
Marker-Based Filtering of Bilingual Phrase Pairs for SMT nez Andy Way Felipe S

Marker-Based Filtering of Bilingual Phrase Pairs for SMT nez Andy Way Felipe S

Marker-Based Filtering of Bilingual Phrase Pairs for SMT nez Andy Way Felipe S anchez-Mart Dept. Llenguatges i Sistemes Inform` NCLT, School of Computing atics Universitat dAlacant Dublin City University E-03071

720 views • 17 slides
Integrating LiDAR data into the Integrating LiDAR data into the workflow of cartographic workflow

Integrating LiDAR data into the Integrating LiDAR data into the workflow of cartographic workflow

Integrating LiDAR data into the Integrating LiDAR data into the workflow of cartographic workflow of cartographic representation. representation. OCAD AG OCAD AG Mhlegasse 36 CH-6340 Baar / Schweiz www.ocad.com Integrating LiDAR data into a

249 views • 24 slides
EBAs vision for payments in 2020 Wolfgang Ehrmann, Euro Banking Association Daniel Szmukler,

EBAs vision for payments in 2020 Wolfgang Ehrmann, Euro Banking Association Daniel Szmukler,

EBAs vision for payments in 2020 Wolfgang Ehrmann, Euro Banking Association Daniel Szmukler, Euro Banking Association Jan Paul van Pul, ABN AMRO Bank Javier Santamaria, Banco Santander Moderator: Gilbert Lichter, Euro Banking Association

667 views • 22 slides

More recommend