Efficient reachability analysis for verification of asynchronous systems
Download
1 / 23

Efficient Reachability Analysis for Verification of Asynchronous Systems - PowerPoint PPT Presentation


  • 103 Views
  • Uploaded on

Efficient Reachability Analysis for Verification of Asynchronous Systems. Nishant Sinha. Outline. Formal Verification: Motivation Reachability for Asynchronous Systems Partitioned Transition Relations Efficient Reachability Techniques MBFS and Saturation Saturation: Experimental Results

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Efficient Reachability Analysis for Verification of Asynchronous Systems' - dory


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Efficient reachability analysis for verification of asynchronous systems

Efficient Reachability Analysis for Verification of Asynchronous Systems

Nishant Sinha


Outline
Outline Asynchronous Systems

  • Formal Verification: Motivation

  • Reachability for Asynchronous Systems

    • Partitioned Transition Relations

  • Efficient Reachability Techniques

    • MBFS and Saturation

  • Saturation: Experimental Results

  • Conclusions


Formal verification introduction
Formal Verification: Introduction Asynchronous Systems

  • Use methods from formal logic

    • Show validity of properties on systems

      • Formal requirements hold on a design

      • Software, circuits, protocol models

    • Alternative to simulation, testing

      • Not all behaviors covered

  • Model checking

    • Verify concurrent systems

    • Introduced by Clarke et al. (1981)

    • An automated technique


Model checking
Model Checking Asynchronous Systems

  • Finite state-transition model M, Property 

  • Determine if M satisfies

  • Properties like:

    • req is always followed by ack

    • No error state is reachable from the initial state

  • Involves Reachability analysis

    • Generate reachable set of states

    • State space explosion

2K

....

K


Asynchronous systems
Asynchronous Systems Asynchronous Systems

  • Concurrent Systems

    • Consist of several execution units

  • Synchronous

    • All units take an execution step together

  • Asynchronous

    • Units may execute independent of each other

    • Interleaved semantics of execution

    • E.g. Concurrent software, asynchronous circuits

  • Goal: Efficient model checking of asynchronous systems

Reduced

State-Space

Symbolic


Symbolic model checking

(!a Asynchronous SystemsÆ a’)

(a Æ !a’)

 (a Æ a’)

a0

1

s0

s1

N(a,a’) =

a

0

1

a’

1

1

Symbolic Model Checking

  • Use Ordered Binary Decision Diagrams (BDDs)

    • Canonical, compact, operate on state sets

  • Encode the system model M with BDDs

    • States encoded by boolean variables V

    • Transition relation also as BDD N(V,V’)

t3

t1

s1

s0

a < a’

t2

a

1

0

a’

a’

0

1

0

1

0

1

1

1


Partial order reduction
Partial-Order Reduction Asynchronous Systems

  • Alternative model checking approach

    • Useful if order of execution of transitions is irrelevant

  • Sufficient to visit a subset of actual reachable state space

  • Focus of this talk

    • Full state space reachability using BDDs

Choose a representative

set of paths

s0s0’

b

a

a

s0

s1

s0s1’

s1s0’

a

b

b

s0’

s1’

s1s1’


Reachability analysis
Reachability Analysis Asynchronous Systems

  • One-step reachability:

    • Given a set of states S

    • Find which states S’ can be reached in one step

  • Iteratively apply one-step reachability

    • Until no new states are visited

  • Breadth-first exploration of graph

R0

R1

R2

= R3

b

b

b

c

c

c

a

a

a

e

e

e

f

f

f

d

d

d

g

g

g


The bigger picture

? Asynchronous Systems

The Bigger Picture

I1

Combinational

Circuit

I2

Combinational

Circuit

Delay

Delay

o1

o2

o1 = 0

o2 = 0

o1 = 0

o2 = 1

o1 = 1

o2 = 0

o1 = 1

o2 = 1


Symbolic reachability image computation
Symbolic Reachability : Image Computation Asynchronous Systems

  • Image of a set of states S

    • Transition relation N: one-step reachability

    • Basic operation, hence must be efficient

  • Symbolic image computation: S(V), N(V,V’) BDDs

    • Img(S,N) = [ 9v2 V (S(V) Æ N(V,V’) )]

  • Reachability (starting from initial S0):

    • Reach(S,N) = S [ Img(S,N)

    • Fixpoint: S. Reach(S,N)

  • Efficiency problem: Large N(V,V’)

    • Large intermediate BDD sizes in image computation


Illustration intermediate bdd sizes
Illustration: Intermediate BDD Sizes Asynchronous Systems

#States

#BddNodes

Dining

Philosophers

model

Iterations


Partitioned transition relations
Partitioned Transition Relations Asynchronous Systems

  • Introduced by Burch et al. (BCL91)

  •  : Conjunction (Æ) or Disjunction ()

    • N(V,V’) = N1 N2 Nk

    • Typically, each Ni much smaller than N

  • Asynchronous systems with interleaving semantics:

    • N(V,V’) = N1 N2 Nk

    • Ni: only the ith unit executes

    • Img(S, N) = ViImg(S,Ni)

N1

N2

N3

[BCL91]J.R. Burch, E.M. Clarke, and D.E. Long. Symbolic model checking with partitioned transition relations. In A. Halaas and P.B. Denyer, editors, International Conference on Very Large Scale Integration, pages 49-58, Edinburgh, Scotland, 1991. North-Holland.


Bdd blowup
BDD blowup Asynchronous Systems

  • Must consider different intermediate combinations of reachable states of concurrent units

    • Even if they are independent

    • Adds to intermediate BDD sizes

  • Idea: Explore each unit separately to avoid such correlation [BCL91]

    • Modified Breadth-First Search (MBFS)

[BCL91]J.R. Burch, E.M. Clarke, and D.E. Long. Symbolic model checking with partitioned transition relations. In A. Halaas and P.B. Denyer, editors, International Conference on Very Large Scale Integration, pages 49-58, Edinburgh, Scotland, 1991. North-Holland.


Modified breadth first search mbfs
Modified Breadth-First Search (MBFS) Asynchronous Systems

  • Given a disjunctive partition: N1,...,Nk

    • Compute local fixpoints: S. Reach(S,Ni)

    • Stop when: 8 i. Reach(S,Ni) = S

  • Lower intermediate BDD sizes

  • Chaotic fixpoint iterationstrategy

    • Family of functions: {Reach(S,Ni) j i · k}

    • Apply functions in arbitrary order till convergence

    • Must apply each function sufficiently often

  • Observation: MBFS strategy may not be able to avoid blowups in some cases

N1*

N2*

N3*


Illustration bdd blowup in mbfs
Illustration: BDD Blowup in MBFS Asynchronous Systems

...

N2

N3

s1

(11)

s0

(00)

s = (v2, v1, ...)

N1, N2, N3, ...

N1

N1

s2

(01)

s3

(10)

N1, N2

N1, N2

BDD

explosion

v2

v2

v2

N3

MBFS

MBFS

MBFS

1

0

N1

0

N2

v1

0

v1

0

1

1

1

1

N1

1

(s0)

(s0,s2)

(s0,s1,s2)

(s0,s1,s2,s3)


Saturation new approach
Saturation: New approach Asynchronous Systems

  • Assume fixed variable ordering on BDDs:

    v1 < v2 ... < vk

  • Define

    • High(Ni): “least” variable that Ni might change

    • Low(Ni): “greatest” variable that Ni might change

  • Order transition relations by [High(Ni), Low(Ni)] :

    • NjÁ Ni

    • Nj changes only “lower” BDD variables than Ni

v2

1

N2

0

v1

N1 Á N2

N1

1

1


Saturation contd
Saturation (Contd.) Asynchronous Systems

  • Saturate (Ni)

    do

    Compute S. Reach(S,Ni) /* states reachable by only Ni */

    8 NjÁ Ni. Saturate (Nj) /*explore all NjÁ Ni */

    Until S does not change

    • Visits all possible reachable states using “lower” transition relations than Ni

  • Overall Strategy: K partitions

    • For i= 1 to K. Saturate(Ni)

N3*

N2*

N1*


Saturation discussion
Saturation: Discussion Asynchronous Systems

  • Advantages

    • Exploits independence of concurrent units

    • Lower intermediate BDD sizes than MBFS

    • Faster reachability computation in many cases

  • Drawbacks

    • May lead to spurious iterations

    • Relies heavily on good variable ordering


Experimental results
Experimental Results Asynchronous Systems

  • Implemented Saturation approach in NuSMV model checker

    • Handles designs of industrial strength

OOR: out of resources

Comparison with NuSMV with default options


Experimental results contd
Experimental Results (contd.) Asynchronous Systems

  • Implemented MBFS approach in NuSMV

Comparison with MBFS


Experimental results contd1
Experimental Results (contd.) Asynchronous Systems

Iterations

Kanban(20): Comparison of Intermediate BDD sizes


Conclusions
Conclusions Asynchronous Systems

  • Efficient methods to compute reachable states of asynchronous systems

    • Based on disjunctive partitions

    • MBFS

    • Alternative approach: Saturation

  • Experimentally validated on several examples

  • Future research

    • Heuristics for obtaining good BDD variable ordering automatically

    • Combining Saturation with Partial Order Reduction


Questions
Questions Asynchronous Systems

?