On Variable Selection in SAT-LP-based Bounded Model Checking of - - PowerPoint PPT Presentation

On Variable Selection in SAT-LP-based Bounded Model Checking of Linear Hybrid Automata Marc Herbstritt

(joint work with Bernd Becker, Erika ´ Abrah´ am, Christian Herde)

Institute of Computer Science Albert-Ludwigs-University Freiburg im Breisgau, Germany

Presentation at DDECS 2007 April 13 2007

www.avacs.org

Relation to DDECS

Relation to DDECS

Diagnostics Systems

Relation to DDECS

Diagnostics Systems Linear Hybrid Automata

Relation to DDECS

Diagnostics Systems Bounded Model Checking Linear Hybrid Automata

Context

⇒ Automated analysis of complex systems is mandatory ⇒ Especially safety-critical ones ⇒ Real-world scenarios embed discrete control in continuous environments ⇒ Modeling relies on hybrid automata ⇒ Bounded Model Checking for correctness analysis

Overview

1

Bounded Model Checking for Linear Hybrid Automata

2

Variable counters for SAT-LP / Solvability Estimation

3

Train Example

4

Evaluation

5

Final LP-time Heuristics

6

Conclusions

Hybrid automaton (Thermostat controller)

• ff

˙ x ≤ 0 x ≥ xmin

x=xmin

• n

˙ x ≥ 0 x ≤ xmax

x=xmax

• x=xmax

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 5 / 16

BMC of Linear Hybrid Automata

Counterexamples of length k described by first-order logic formulas over (R, +, <, 0, 1): ϕk(s0, . . . , sk) : Init(s0) ∧ Trans(s0, s1) ∧ . . . ∧ Trans(sk−1, sk) ∧ Bad(sk) ϕk is satisfiable ⇐ ⇒ exists run of length k leading to an unsafe state ⇒ Check ϕk incrementally for k = 0, 1, . . . using a suitable solver

[BMC for discrete systems: Biere et al. (TACAS 1999)]

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 6 / 16

SAT-LP-Solver: HySAT (eager SMT approach)

UNSAT SAT SAT−solver LP−solver ψ

Boolean abstraction

(In)equation set

unsat inconsistent consistent

Explanation

complete LP−consistent solution

[Fr¨ anzle/Herde, FMICS 2004]

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 7 / 16

SAT-LP-Solver: HySAT (eager SMT approach)

1: procedure HYSAT(Ψ) 2:

(ϕ, π) ←ABSTRACTION(Ψ)

3:

while ( true ) do

4:

if ( DECIDENEXTBRANCH(α) ) then

5:

while ( DEDUCE() == CONFLICT ) do

6:

(blevel, learnedClause) ←ANALYZECONFLICT()

7:

if ( blevel ≤ 0 ) then return UNSAT

8: 9:

// partial SAT solution

10:

ψ ←

• v∈VA∧α(v)=1 π(v)
• // activated constraints

11:

if ( LPSOLVE(ψ) == INCONSISTENT ) then

12:

(blevel, µ) ←ANALYZECONFLICT(ψ) //µ is MIS

13:

if (blevel ≤ 0) then return UNSAT

14:

else

15:

// all variables are assigned

16:

return SAT

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 7 / 16

SAT-LP-Solver: HySAT (eager SMT approach)

DECIDENEXTBRANCH(α)

GP (General Purpose): VSIDS-like, i.e., counter for activity in conflicts (increased for literals in conflict clauses) FWD (Forward): Forward computations [init → bad] preferenced BWD (Backward): Backward computations [bad → init] preferenced

HySAT Performance

HYSAT Benchmark GP FWD BWD CPU 77.78 117.85 28.30 train5 #LP 15593 29962 3824 CPU 498.22 75.57 >1000 car #LP 168023 18592 —

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 7 / 16

HySAT extended by counters

What is the focus within SAT-LP?

conflict-free partial assignments: ⇒ counter BS(l) for literals in partial assignments (typically not considered in pure SAT) boolean conflicts in abstraction ϕ: ⇒ counter BC(l) for boolean conflicts (as in VSIDS) conflicts in real-valued domain: ⇒ counter LPC(l) for literals in minimal infeasible subsets

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 8 / 16

HySAT extended by counters

1: procedure HYSAT(Ψ) 2: (ϕ, π) ←ABSTRACTION(Ψ) 3: while ( true ) do 4: if ( DECIDENEXTBRANCH(α) ) then 5: while ( DEDUCE() == CONFLICT ) do 6: (blevel, learnedClause) ←ANALYZECONFLICT() 7: for all (l ∈ learnedClause) do BC(l)+ = cBC 8: if ( blevel ≤ 0 ) then return UNSAT 9: 10: // partial SAT solution 11: for all (l ∈ Λ(α)) do BS(l)+ = cBS 12: ψ ← “V

v∈VA∧α(v)=1 π(v)

” // activated constraints 13: if ( LPSOLVE(ψ) == INCONSISTENT ) then 14: (blevel, µ) ←ANALYZECONFLICT(ψ) //µ is MIS 15: for all (l ∈ µ) do LPC(l)+ = cLPC 16: if (blevel ≤ 0) then return UNSAT 17: else 18: // all variables are assigned 19: return SAT

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 8 / 16

Solvability Estimation

Solvability estimation as heuristics to prevent local minima (Herbstritt/Becker, SAT’03).

Mass of (Un)Satisfiability

Compute mass of satisfiability (MS) and unsatisfiability (MU), resp.: MU ←

• l∈L

(BC(l) + LPC(l)) MS ←

• l∈L

BS(l)

Belief switching

When MU ≥ MS then Belief-UNSAT, else Belief-SAT.

Belief-dependent Variable Selection

l′ ← arg max(BS(l) − BC(l) − LPC(l)) : Belief − SAT arg min(BS(l) − BC(l) − LPC(l)) : Belief − UNSAT

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 9 / 16

Solvability Estimation

Solvability estimation as heuristics to prevent local minima (Herbstritt/Becker, SAT’03).

Mass of (Un)Satisfiability

Compute mass of satisfiability (MS) and unsatisfiability (MU), resp.: MU ←

• l∈L

(BC(l) + LPC(l)) MS ←

• l∈L

BS(l)

Belief switching

When MU ≥ MS then Belief-UNSAT, else Belief-SAT.

Belief-dependent Variable Selection

l′ ← arg max(BS(l) − BC(l) − LPC(l)) : Belief − SAT arg min(BS(l) − BC(l) − LPC(l)) : Belief − UNSAT

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 9 / 16

Solvability Estimation

Solvability estimation as heuristics to prevent local minima (Herbstritt/Becker, SAT’03).

Mass of (Un)Satisfiability

Compute mass of satisfiability (MS) and unsatisfiability (MU), resp.: MU ←

• l∈L

(BC(l) + LPC(l)) MS ←

• l∈L

BS(l)

Belief switching

When MU ≥ MS then Belief-UNSAT, else Belief-SAT.

Belief-dependent Variable Selection

l′ ← arg max(BS(l) − BC(l) − LPC(l)) : Belief − SAT arg min(BS(l) − BC(l) − LPC(l)) : Belief − UNSAT

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 9 / 16

Train Distance Control

c Fr¨ anzle/Herde, FMICS 2004

System overview

n trains running on the same track trains cannot overtake each train has a collision avoidance controller controller has four control modes

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 10 / 16

Train Distance Control

c Fr¨ anzle/Herde, FMICS 2004

Control Modes

1

Mode 1 (Free Run): No neighbouring train ⇒ de-/increase velocity

2

Mode 2 (Forward Proximity): Distance below 500m ⇒ decrease velocity proportional to intrusion depth

3

Mode 3 (Backward Proximity): Train approach from behind ⇒ increase velocity

4

Mode 4 (Two-sided Proximity): Acceleration according to sum of control forces

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 10 / 16

Train Distance Control

F

c Fr¨ anzle/Herde, FMICS 2004

Control Modes

1

Mode 1 (Free Run): No neighbouring train ⇒ de-/increase velocity

2

Mode 2 (Forward Proximity): Distance below 500m ⇒ decrease velocity proportional to intrusion depth

3

Mode 3 (Backward Proximity): Train approach from behind ⇒ increase velocity

4

Mode 4 (Two-sided Proximity): Acceleration according to sum of control forces

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 10 / 16

Train Distance Control

F

c Fr¨ anzle/Herde, FMICS 2004

Control Modes

1

Mode 1 (Free Run): No neighbouring train ⇒ de-/increase velocity

2

Mode 2 (Forward Proximity): Distance below 500m ⇒ decrease velocity proportional to intrusion depth

3

Mode 3 (Backward Proximity): Train approach from behind ⇒ increase velocity

4

Mode 4 (Two-sided Proximity): Acceleration according to sum of control forces

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 10 / 16

Train Distance Control

F F

c Fr¨ anzle/Herde, FMICS 2004

Control Modes

1

Mode 1 (Free Run): No neighbouring train ⇒ de-/increase velocity

2

Mode 2 (Forward Proximity): Distance below 500m ⇒ decrease velocity proportional to intrusion depth

3

Mode 3 (Backward Proximity): Train approach from behind ⇒ increase velocity

4

Mode 4 (Two-sided Proximity): Acceleration according to sum of control forces

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 10 / 16

Evaluation

Evaluation for different counter increments cBS, cBC, cLPC for the train example:

CPU times LPC BS 11500 11700 11900 12100 12300 12500 12700 12900 13100 13300 13500 BC LP Calls

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 11 / 16

Evaluation

Evaluation for different counter increments cBS, cBC, cLPC for the train example:

CPU times LPC BS 11500 11700 11900 12100 12300 12500 12700 12900 13100 13300 13500 BC LP Calls

LPC BS

BC

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 11 / 16

Evaluation

Evaluation for different counter increments cBS, cBC, cLPC for the train example:

20000 40000 60000 80000 100000 100 200 300 400 500

number of LP-calls CPU time

min-CPU(cat4) max-CPU(cat4) min-LP(cat4) max-LP(cat4)

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 11 / 16

Evaluation

Lessons learned

guard variables of real-valued constraints have to be noticeably weighted ambiguity between time used by the LP-solver and number of LP-calls:

1

solving of a large number of LPs with small time resources

2

solving of a small number of LPs with huge time resources

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 11 / 16

Heuristics LPEasy and LPHard

LPEasy and LPHard

Differentation between easily solvable LPs and hard-to-solve LPs Use different counter increments for LPC(l):ab

LPEasy LPHard γLP < φLP: c′

LPC = 2 · cLPC

c′

LPC = cLPC

• therwise:

c′

LPC = cLPC c′ LPC = 2 · cLPC

aγLP := time used for the last LP-call bφLP := average time used by all previous LP-calls c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 12 / 16

Heuristics LPEasy and LPHard

Performance for train example.

100 200 300 400 500 600 700 800 900 1000 5 10 15 20 25 30

Time [s]

Unfolding depth k

Train Example

GP FWD BWD

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 12 / 16

Heuristics LPEasy and LPHard

Performance for train example.

100 200 300 400 500 600 700 800 900 1000 5 10 15 20 25 30

Time [s]

Unfolding depth k

Train Example

GP FWD BWD LPEasy(250) LPHard(250)

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 12 / 16

Heuristics LPEasy and LPHard

Performance for car example.

200 400 600 800 1000 5 10 15 20 25 30 35

Time [s]

Unfolding depth k

Car Example

GP FWD BWD LPEasy(300) LPHard(250)

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 12 / 16

Conclusions and Future Work

Conclusions

Introduction of variable counters that focus on semantics of SAT-LP Evaluation for several counter increments using solvability estimation Derivation of heuristics that take LP-time into account LP-time heuristics perform very well

Future Work

Investigation on difference between LPEasy and LPHard ...

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 13 / 16

Questions ⇒ Answers

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 14 / 16

References

Alur et al., “The Algorithmic Analysis of Hybrid Systems”, TCS’95. Herbstritt, Becker, “Conflict-Based Selection of Branching Rules”, SAT’03. Fr¨ anzle, Herde, “Efficient Proof Engines for Bounded Model Checking

• f Hybrid Systems”, FMICS’04.

´ Abrah´ am et al., “Optimizing Bounded Model Checking for Linear Hybrid Systems”, VMCAI’05.

c Marc Herbstritt (University Freiburg) Variable Selection in SAT-LP-based BMC of LHA DDECS’07 15 / 16