1 / 26

260 likes | 397 Views

A View from the Engine Room: Computational Support for Symbolic Model Checking. Randal E. Bryant. Carnegie Mellon University. http://www.cs.cmu.edu/~bryant. Outline. Boolean Reasoning as Engine for Model Checking BDDs & SAT An Evaluation of SAT Current capabilities & limitations

Download Presentation
## Carnegie Mellon University

**An Image/Link below is provided (as is) to download presentation**
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.
Content is provided to you AS IS for your information and personal use only.
Download presentation by click this link.
While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

**A View from the Engine Room: Computational Support for**Symbolic Model Checking Randal E. Bryant Carnegie Mellon University http://www.cs.cmu.edu/~bryant**Outline**• Boolean Reasoning as Engine for Model Checking • BDDs & SAT • An Evaluation of SAT • Current capabilities & limitations • Making further progress • Beyond SAT • Enhancing DPLL to do more than find single solution**The Origins of Symbolic Model Checking**• 1987 notes by Ken McMillan • Backward traversal of Petri net state space • Realized that reachability could be performed via symbolic Boolean manipulation**Role of Boolean Manipulation in MC**• Contributions of BDDs to Model Checking • Separate problem from implementation • BDDs provide clean API to model checker • Performed well for many examples • The Emergence of SAT • Initially for bounded model checking [Biere, et al., ’96] • More recently for full model checking • SAT enumeration [McMillan ’02] • Interpolation-based abstraction-refinement [McMillan ’03] • Important Point • Advances in Boolean manipulation drive progress in model checking**Conventional Wisdom on SAT**• BDDs vs. DPLL • DPLL better than BDDs for straight SAT • Especially problems with large numbers of variables • Best Research Strategy is to Keep Refining DPLL • Certainly has lead to big improvements! • Claim • This wisdom is overly simplistic**Comparing Parity Trees**• Compare linear chain of XORs to randomly trees • Known hard problem for resolution-based SAT solvers • 16 n-input trees for different values of n**Parity: Exhaustive Testing**• Testing 109 cases is no big deal**Parity: DPLL (ca. 2002 Limmat)**• Known difficult problem for DPLL**Parity: DPLL (MiniSAT)**• Recent SAT solvers have made remarkable progress**Parity: BDDs**• Trivial problem for BDDs**Associativity Testing**• Typical of arithmetic verification problems • Evaluate for different argument word sizes int addL (int x, int y, int z) { return (x+y)+z; } int addR(int x, int y) (int x, int y, int z) { return x+(y+z); } ? = int mulL (int x, int y, int z) { return (x*y)*z; } int mulR(int x, int y) (int x, int y, int z) { return x*(y*z); } ? =**Associativity of Addition**• Easy for BDDs • Recent DPLL handle readily**Associativity of Multiplication**• BDDs better than DPLL**Associativity of Multiplication**• Both worse than exhaustive**Progress in SAT Research**• Evolution of DPLL • Incremental advances yielding more than incremental improvements • Encourages continued incrementing • Downside • Gene pool of SAT solvers diminishing • All use DPLL, nonchronological backtracking, 2-literal watching … • New approaches must overcome high performance standard • Claim • We need to be looking beyond incremental changes**Breaking Free**• Raise the Bar on Benchmarks • Identify challenge benchmarks • Examples • Arithmetic problems • Breaking cryptosystems or secure hashes • Combinatorial optimization • Parameterize to allow scaling analysis • Acknowledge Value of Niche Solvers • Don’t worry about problems that current solvers handle well**BDD/DPLL Hybrids**• Very Different Approaches • DPLL: Search for one solution from top down • BDDs: Encode all solutions from bottom up • Significant Recent Effort • BDD preprocessing for SAT solver [Jin & Somenzi, ’04] • DPLL on ZDD-represented clause sets [Aloul, et al., ’01] • Satisfy conjunction of BDDs [Damiano & Kukula, ’03, Franco et al., ’04] • Evaluation • Incomplete • Can help when one approach (BDD / DPLL) much better than other • But what about problems that neither does well?**Beyond SAT**• Dealing With Quantifiers • DPLL as QBF solver has had limited success • Strength for BDDs • Especially with deep, alternating quantifier nesting • E.g., model checking • Unsatisfiability • Impressive progress on generating proofs and unsat cores • Using scaffolding from DPLL • Many applications • E.g., refinement steps in model checking • No counterpart with BDDs**F**X . . . G Y Y . . . . . . Challenge Problem: Quantifier Elimination • Core Problem For Model Checking • Bit-level: Relational product • Predicate abstraction • Flanagan & Qadeer, ’02, Lahiri, Bryant, Cook, ’03 • Methods • BDDs: quantifier elimination • Use early quantification • DPLL: SAT enumeration • Plaisted, ’00, Gupta, et al., ’00, McMillan ’02, Clarke et al., ’03 G = X F **x1, x2, x3, x4, x5, x6**[ (x1 x2 x3 x4x5 x6) (x1 x2 x3 x4x5 x6) ] Current State (x2 y2) (y2 y1) (x4 x6 y1) x3y4 x4y3 x5y6x6y5 Transition Constraints Quantifier Elimination Example • Example from Predicate Abstraction • Lahiri, Bryant, Cook, ’03 • G = X F • Current state variables X • Next state variables Y** (y1 y2 y3 y4y5 y6)**Set Enumeration • Run SAT checker over formula • Generate blocking clause for each newly generated element (x2 y2) (y2 y1) (x4 x6 y1) x3y4 x4y3 x5y6x6y5 [ (x1 x2 x3 x4x5 x6) (x1 x2 x3 x4x5 x6) ]**Compressing Set Representation**• Disjunct set elements to form BDD • Extract prime implicants from BDD • Experience: 10X reduction in number of terms BDD Rep.**SAT Enumeration Observations**• Performance • Better than BDDs when |X| >>|Y| • Only have to enumerate for unique assignments to Y • Improvements • Attempt to enlarge solution as enumerate [McMillan ’02] • Build into DPLL search loop • Lahiri, Nieuwenhuis, Oliveras, ’06 • Handle successful cases similarly to failures • Make solver stop before it assigns values to all variables • Implemented? • Observation • Enumerative methods seem inelegant**Conclusions**• 25MC = 20OBDD • Boolean methods have driven much of the progress in model checking • BDDs & SAT • SAT Progress • Impressive, but still room for improvement • Beyond SAT • Quantifiers • Unsatisfiability

More Related