Loading in 5 sec....

Efficient Reachability Analysis for Verification of Asynchronous SystemsPowerPoint Presentation

Efficient Reachability Analysis for Verification of Asynchronous Systems

- By
**dory** - Follow User

- 102 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about ' Efficient Reachability Analysis for Verification of Asynchronous Systems' - dory

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### Efficient Reachability Analysis for Verification of Asynchronous Systems

Nishant Sinha

Outline Asynchronous Systems

- Formal Verification: Motivation
- Reachability for Asynchronous Systems
- Partitioned Transition Relations

- Efficient Reachability Techniques
- MBFS and Saturation

- Saturation: Experimental Results
- Conclusions

Formal Verification: Introduction Asynchronous Systems

- Use methods from formal logic
- Show validity of properties on systems
- Formal requirements hold on a design
- Software, circuits, protocol models

- Alternative to simulation, testing
- Not all behaviors covered

- Show validity of properties on systems
- Model checking
- Verify concurrent systems
- Introduced by Clarke et al. (1981)
- An automated technique

Model Checking Asynchronous Systems

- Finite state-transition model M, Property
- Determine if M satisfies
- Properties like:
- req is always followed by ack
- No error state is reachable from the initial state

- Involves Reachability analysis
- Generate reachable set of states
- State space explosion

2K

....

K

Asynchronous Systems Asynchronous Systems

- Concurrent Systems
- Consist of several execution units

- Synchronous
- All units take an execution step together

- Asynchronous
- Units may execute independent of each other
- Interleaved semantics of execution
- E.g. Concurrent software, asynchronous circuits

- Goal: Efficient model checking of asynchronous systems

Reduced

State-Space

Symbolic

(!a Asynchronous SystemsÆ a’)

(a Æ !a’)

(a Æ a’)

a0

1

s0

s1

N(a,a’) =

a

0

1

a’

1

1

Symbolic Model Checking- Use Ordered Binary Decision Diagrams (BDDs)
- Canonical, compact, operate on state sets

- Encode the system model M with BDDs
- States encoded by boolean variables V
- Transition relation also as BDD N(V,V’)

t3

t1

s1

s0

a < a’

t2

a

1

0

a’

a’

0

1

0

1

0

1

1

1

Partial-Order Reduction Asynchronous Systems

- Alternative model checking approach
- Useful if order of execution of transitions is irrelevant

- Sufficient to visit a subset of actual reachable state space
- Focus of this talk
- Full state space reachability using BDDs

Choose a representative

set of paths

s0s0’

b

a

a

s0

s1

s0s1’

s1s0’

a

b

b

s0’

s1’

s1s1’

Reachability Analysis Asynchronous Systems

- One-step reachability:
- Given a set of states S
- Find which states S’ can be reached in one step

- Iteratively apply one-step reachability
- Until no new states are visited

- Breadth-first exploration of graph

R0

R1

R2

= R3

b

b

b

c

c

c

a

a

a

e

e

e

f

f

f

d

d

d

g

g

g

? Asynchronous Systems

The Bigger PictureI1

Combinational

Circuit

I2

Combinational

Circuit

Delay

Delay

o1

o2

o1 = 0

o2 = 0

o1 = 0

o2 = 1

o1 = 1

o2 = 0

o1 = 1

o2 = 1

Symbolic Reachability : Image Computation Asynchronous Systems

- Image of a set of states S
- Transition relation N: one-step reachability
- Basic operation, hence must be efficient

- Symbolic image computation: S(V), N(V,V’) BDDs
- Img(S,N) = [ 9v2 V (S(V) Æ N(V,V’) )]

- Reachability (starting from initial S0):
- Reach(S,N) = S [ Img(S,N)
- Fixpoint: S. Reach(S,N)

- Efficiency problem: Large N(V,V’)
- Large intermediate BDD sizes in image computation

Illustration: Intermediate BDD Sizes Asynchronous Systems

#States

#BddNodes

Dining

Philosophers

model

Iterations

Partitioned Transition Relations Asynchronous Systems

- Introduced by Burch et al. (BCL91)
- : Conjunction (Æ) or Disjunction ()
- N(V,V’) = N1 N2 Nk
- Typically, each Ni much smaller than N

- Asynchronous systems with interleaving semantics:
- N(V,V’) = N1 N2 Nk
- Ni: only the ith unit executes
- Img(S, N) = ViImg(S,Ni)

N1

N2

N3

[BCL91]J.R. Burch, E.M. Clarke, and D.E. Long. Symbolic model checking with partitioned transition relations. In A. Halaas and P.B. Denyer, editors, International Conference on Very Large Scale Integration, pages 49-58, Edinburgh, Scotland, 1991. North-Holland.

BDD blowup Asynchronous Systems

- Must consider different intermediate combinations of reachable states of concurrent units
- Even if they are independent
- Adds to intermediate BDD sizes

- Idea: Explore each unit separately to avoid such correlation [BCL91]
- Modified Breadth-First Search (MBFS)

[BCL91]J.R. Burch, E.M. Clarke, and D.E. Long. Symbolic model checking with partitioned transition relations. In A. Halaas and P.B. Denyer, editors, International Conference on Very Large Scale Integration, pages 49-58, Edinburgh, Scotland, 1991. North-Holland.

Modified Breadth-First Search (MBFS) Asynchronous Systems

- Given a disjunctive partition: N1,...,Nk
- Compute local fixpoints: S. Reach(S,Ni)
- Stop when: 8 i. Reach(S,Ni) = S

- Lower intermediate BDD sizes
- Chaotic fixpoint iterationstrategy
- Family of functions: {Reach(S,Ni) j i · k}
- Apply functions in arbitrary order till convergence
- Must apply each function sufficiently often

- Observation: MBFS strategy may not be able to avoid blowups in some cases

N1*

N2*

N3*

Illustration: BDD Blowup in MBFS Asynchronous Systems

...

N2

N3

s1

(11)

s0

(00)

s = (v2, v1, ...)

N1, N2, N3, ...

N1

N1

s2

(01)

s3

(10)

N1, N2

N1, N2

BDD

explosion

v2

v2

v2

N3

MBFS

MBFS

MBFS

1

0

N1

0

N2

v1

0

v1

0

1

1

1

1

N1

1

(s0)

(s0,s2)

(s0,s1,s2)

(s0,s1,s2,s3)

Saturation: New approach Asynchronous Systems

- Assume fixed variable ordering on BDDs:
v1 < v2 ... < vk

- Define
- High(Ni): “least” variable that Ni might change
- Low(Ni): “greatest” variable that Ni might change

- Order transition relations by [High(Ni), Low(Ni)] :
- NjÁ Ni
- Nj changes only “lower” BDD variables than Ni

v2

1

N2

0

v1

N1 Á N2

N1

1

1

Saturation (Contd.) Asynchronous Systems

- Saturate (Ni)
do

Compute S. Reach(S,Ni) /* states reachable by only Ni */

8 NjÁ Ni. Saturate (Nj) /*explore all NjÁ Ni */

Until S does not change

- Visits all possible reachable states using “lower” transition relations than Ni

- Overall Strategy: K partitions
- For i= 1 to K. Saturate(Ni)

N3*

N2*

N1*

Saturation: Discussion Asynchronous Systems

- Advantages
- Exploits independence of concurrent units
- Lower intermediate BDD sizes than MBFS
- Faster reachability computation in many cases

- Drawbacks
- May lead to spurious iterations
- Relies heavily on good variable ordering

Experimental Results Asynchronous Systems

- Implemented Saturation approach in NuSMV model checker
- Handles designs of industrial strength

OOR: out of resources

Comparison with NuSMV with default options

Experimental Results (contd.) Asynchronous Systems

- Implemented MBFS approach in NuSMV

Comparison with MBFS

Experimental Results (contd.) Asynchronous Systems

Iterations

Kanban(20): Comparison of Intermediate BDD sizes

Conclusions Asynchronous Systems

- Efficient methods to compute reachable states of asynchronous systems
- Based on disjunctive partitions
- MBFS
- Alternative approach: Saturation

- Experimentally validated on several examples
- Future research
- Heuristics for obtaining good BDD variable ordering automatically
- Combining Saturation with Partial Order Reduction

Questions Asynchronous Systems

?

Download Presentation

Connecting to Server..