Efficient reachability analysis for verification of asynchronous systems
Download
1 / 23

Efficient Reachability Analysis for Verification of Asynchronous Systems - PowerPoint PPT Presentation


  • 102 Views
  • Uploaded on

Efficient Reachability Analysis for Verification of Asynchronous Systems. Nishant Sinha. Outline. Formal Verification: Motivation Reachability for Asynchronous Systems Partitioned Transition Relations Efficient Reachability Techniques MBFS and Saturation Saturation: Experimental Results

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Efficient Reachability Analysis for Verification of Asynchronous Systems' - dory


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Efficient reachability analysis for verification of asynchronous systems

Efficient Reachability Analysis for Verification of Asynchronous Systems

Nishant Sinha


Outline
Outline Asynchronous Systems

  • Formal Verification: Motivation

  • Reachability for Asynchronous Systems

    • Partitioned Transition Relations

  • Efficient Reachability Techniques

    • MBFS and Saturation

  • Saturation: Experimental Results

  • Conclusions


Formal verification introduction
Formal Verification: Introduction Asynchronous Systems

  • Use methods from formal logic

    • Show validity of properties on systems

      • Formal requirements hold on a design

      • Software, circuits, protocol models

    • Alternative to simulation, testing

      • Not all behaviors covered

  • Model checking

    • Verify concurrent systems

    • Introduced by Clarke et al. (1981)

    • An automated technique


Model checking
Model Checking Asynchronous Systems

  • Finite state-transition model M, Property 

  • Determine if M satisfies

  • Properties like:

    • req is always followed by ack

    • No error state is reachable from the initial state

  • Involves Reachability analysis

    • Generate reachable set of states

    • State space explosion

2K

....

K


Asynchronous systems
Asynchronous Systems Asynchronous Systems

  • Concurrent Systems

    • Consist of several execution units

  • Synchronous

    • All units take an execution step together

  • Asynchronous

    • Units may execute independent of each other

    • Interleaved semantics of execution

    • E.g. Concurrent software, asynchronous circuits

  • Goal: Efficient model checking of asynchronous systems

Reduced

State-Space

Symbolic


Symbolic model checking

(!a Asynchronous SystemsÆ a’)

(a Æ !a’)

 (a Æ a’)

a0

1

s0

s1

N(a,a’) =

a

0

1

a’

1

1

Symbolic Model Checking

  • Use Ordered Binary Decision Diagrams (BDDs)

    • Canonical, compact, operate on state sets

  • Encode the system model M with BDDs

    • States encoded by boolean variables V

    • Transition relation also as BDD N(V,V’)

t3

t1

s1

s0

a < a’

t2

a

1

0

a’

a’

0

1

0

1

0

1

1

1


Partial order reduction
Partial-Order Reduction Asynchronous Systems

  • Alternative model checking approach

    • Useful if order of execution of transitions is irrelevant

  • Sufficient to visit a subset of actual reachable state space

  • Focus of this talk

    • Full state space reachability using BDDs

Choose a representative

set of paths

s0s0’

b

a

a

s0

s1

s0s1’

s1s0’

a

b

b

s0’

s1’

s1s1’


Reachability analysis
Reachability Analysis Asynchronous Systems

  • One-step reachability:

    • Given a set of states S

    • Find which states S’ can be reached in one step

  • Iteratively apply one-step reachability

    • Until no new states are visited

  • Breadth-first exploration of graph

R0

R1

R2

= R3

b

b

b

c

c

c

a

a

a

e

e

e

f

f

f

d

d

d

g

g

g


The bigger picture

? Asynchronous Systems

The Bigger Picture

I1

Combinational

Circuit

I2

Combinational

Circuit

Delay

Delay

o1

o2

o1 = 0

o2 = 0

o1 = 0

o2 = 1

o1 = 1

o2 = 0

o1 = 1

o2 = 1


Symbolic reachability image computation
Symbolic Reachability : Image Computation Asynchronous Systems

  • Image of a set of states S

    • Transition relation N: one-step reachability

    • Basic operation, hence must be efficient

  • Symbolic image computation: S(V), N(V,V’) BDDs

    • Img(S,N) = [ 9v2 V (S(V) Æ N(V,V’) )]

  • Reachability (starting from initial S0):

    • Reach(S,N) = S [ Img(S,N)

    • Fixpoint: S. Reach(S,N)

  • Efficiency problem: Large N(V,V’)

    • Large intermediate BDD sizes in image computation


Illustration intermediate bdd sizes
Illustration: Intermediate BDD Sizes Asynchronous Systems

#States

#BddNodes

Dining

Philosophers

model

Iterations


Partitioned transition relations
Partitioned Transition Relations Asynchronous Systems

  • Introduced by Burch et al. (BCL91)

  •  : Conjunction (Æ) or Disjunction ()

    • N(V,V’) = N1 N2 Nk

    • Typically, each Ni much smaller than N

  • Asynchronous systems with interleaving semantics:

    • N(V,V’) = N1 N2 Nk

    • Ni: only the ith unit executes

    • Img(S, N) = ViImg(S,Ni)

N1

N2

N3

[BCL91]J.R. Burch, E.M. Clarke, and D.E. Long. Symbolic model checking with partitioned transition relations. In A. Halaas and P.B. Denyer, editors, International Conference on Very Large Scale Integration, pages 49-58, Edinburgh, Scotland, 1991. North-Holland.


Bdd blowup
BDD blowup Asynchronous Systems

  • Must consider different intermediate combinations of reachable states of concurrent units

    • Even if they are independent

    • Adds to intermediate BDD sizes

  • Idea: Explore each unit separately to avoid such correlation [BCL91]

    • Modified Breadth-First Search (MBFS)

[BCL91]J.R. Burch, E.M. Clarke, and D.E. Long. Symbolic model checking with partitioned transition relations. In A. Halaas and P.B. Denyer, editors, International Conference on Very Large Scale Integration, pages 49-58, Edinburgh, Scotland, 1991. North-Holland.


Modified breadth first search mbfs
Modified Breadth-First Search (MBFS) Asynchronous Systems

  • Given a disjunctive partition: N1,...,Nk

    • Compute local fixpoints: S. Reach(S,Ni)

    • Stop when: 8 i. Reach(S,Ni) = S

  • Lower intermediate BDD sizes

  • Chaotic fixpoint iterationstrategy

    • Family of functions: {Reach(S,Ni) j i · k}

    • Apply functions in arbitrary order till convergence

    • Must apply each function sufficiently often

  • Observation: MBFS strategy may not be able to avoid blowups in some cases

N1*

N2*

N3*


Illustration bdd blowup in mbfs
Illustration: BDD Blowup in MBFS Asynchronous Systems

...

N2

N3

s1

(11)

s0

(00)

s = (v2, v1, ...)

N1, N2, N3, ...

N1

N1

s2

(01)

s3

(10)

N1, N2

N1, N2

BDD

explosion

v2

v2

v2

N3

MBFS

MBFS

MBFS

1

0

N1

0

N2

v1

0

v1

0

1

1

1

1

N1

1

(s0)

(s0,s2)

(s0,s1,s2)

(s0,s1,s2,s3)


Saturation new approach
Saturation: New approach Asynchronous Systems

  • Assume fixed variable ordering on BDDs:

    v1 < v2 ... < vk

  • Define

    • High(Ni): “least” variable that Ni might change

    • Low(Ni): “greatest” variable that Ni might change

  • Order transition relations by [High(Ni), Low(Ni)] :

    • NjÁ Ni

    • Nj changes only “lower” BDD variables than Ni

v2

1

N2

0

v1

N1 Á N2

N1

1

1


Saturation contd
Saturation (Contd.) Asynchronous Systems

  • Saturate (Ni)

    do

    Compute S. Reach(S,Ni) /* states reachable by only Ni */

    8 NjÁ Ni. Saturate (Nj) /*explore all NjÁ Ni */

    Until S does not change

    • Visits all possible reachable states using “lower” transition relations than Ni

  • Overall Strategy: K partitions

    • For i= 1 to K. Saturate(Ni)

N3*

N2*

N1*


Saturation discussion
Saturation: Discussion Asynchronous Systems

  • Advantages

    • Exploits independence of concurrent units

    • Lower intermediate BDD sizes than MBFS

    • Faster reachability computation in many cases

  • Drawbacks

    • May lead to spurious iterations

    • Relies heavily on good variable ordering


Experimental results
Experimental Results Asynchronous Systems

  • Implemented Saturation approach in NuSMV model checker

    • Handles designs of industrial strength

OOR: out of resources

Comparison with NuSMV with default options


Experimental results contd
Experimental Results (contd.) Asynchronous Systems

  • Implemented MBFS approach in NuSMV

Comparison with MBFS


Experimental results contd1
Experimental Results (contd.) Asynchronous Systems

Iterations

Kanban(20): Comparison of Intermediate BDD sizes


Conclusions
Conclusions Asynchronous Systems

  • Efficient methods to compute reachable states of asynchronous systems

    • Based on disjunctive partitions

    • MBFS

    • Alternative approach: Saturation

  • Experimentally validated on several examples

  • Future research

    • Heuristics for obtaining good BDD variable ordering automatically

    • Combining Saturation with Partial Order Reduction


Questions
Questions Asynchronous Systems

?


ad