sat-based verification: underlying methods mary sheeran chalmers university of technology and prover...
TRANSCRIPT
![Page 1: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/1.jpg)
SAT-based verification: underlying methods
Mary SheeranChalmers University of Technology and
Prover Technology AB
![Page 2: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/2.jpg)
Synchronous Observer
Program Obs
ok
![Page 3: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/3.jpg)
![Page 4: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/4.jpg)
![Page 5: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/5.jpg)
![Page 6: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/6.jpg)
![Page 7: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/7.jpg)
I B
![Page 8: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/8.jpg)
I B
![Page 9: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/9.jpg)
I B
![Page 10: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/10.jpg)
I B
![Page 11: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/11.jpg)
I B
i
I(s0) and path([s0..si]) and B(si)
Satisfying a formula
![Page 12: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/12.jpg)
I B
I B
I B
I B
![Page 13: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/13.jpg)
If system is bad
• Finds a shortest countermodel
• Error trace for debugging
![Page 14: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/14.jpg)
But when can we stop?
I
when
contradictory?
i
![Page 15: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/15.jpg)
Not quite, but
I
when
contradictory
loop-free
i
![Page 16: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/16.jpg)
And symmetrically
when
contradictory
loop-free
B
![Page 17: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/17.jpg)
Algorithm 1
i:= 0
if not Sat I or not Sat
B
then return True
i i
if Sat then return error trace
i := i+1 ;
I B
i
![Page 18: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/18.jpg)
Tighten termination (Alg. 2)
i:= 0
if not Sat or not Sat B
then return True
if Sat then return error trace
i := i+1 ;
I
i
all (not I)
i
all (not B)
I B
i
![Page 19: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/19.jpg)
Avoid iteration from zero (Alg. 3)
i := some constant which can be greater than zero
not (all P)I
i
I all (not I)
i+1
Ball (not B)
i+1
if Sat then return error trace
if not Sat or not Sat
then return True
i:= i+1
![Page 20: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/20.jpg)
Base
I
![Page 21: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/21.jpg)
Base
I
![Page 22: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/22.jpg)
Step
![Page 23: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/23.jpg)
Step
![Page 24: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/24.jpg)
Base
B
![Page 25: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/25.jpg)
Base
B
![Page 26: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/26.jpg)
Step
![Page 27: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/27.jpg)
Step
![Page 28: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/28.jpg)
Complete method
i := some constant which can be greater than zero
not (all P)I
i
I all (not I)
i+1
Ball (not B)
i+1
if Sat then return error trace
if not Sat or not Sat
then return True
i:= i+1
![Page 29: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/29.jpg)
Strengthen
i := some constant which can be greater than zero
not (all P)I
i
I all (not I)
i+1
Ball (not B)
i+1
if Sat then return error trace
if not Sat or not Sat
then return True
i:= i+1
![Page 30: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/30.jpg)
Another way to strengthen
• Invent a lemma, L(s) that we believe to hold in the reachable states
• Prove Q(s) = P(s) and L(s)
• If both P and L hold in the reachable states, this can reduce induction depth
![Page 31: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/31.jpg)
Choosing lemmas?
• Domain knowledge
• Analysis of the program
• Strongest possibility is the characterization of the reachable states
• Van Eijk’s method uses relations between signals as lemmas
![Page 32: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/32.jpg)
Reachability analysis
• Standard approach to safety property verification using Binary Decision Diagrams (BDDs)
• Generate larger and larger subset of the reachable states. Stop when no new states added
• Check whether intersects with bad states
![Page 33: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/33.jpg)
Reachability analysis
• Standard algorithms can be adapted to use a SAT-solver.
• Need to be able to deal with quantifiers in a way that doesn’t just blow up
• A fascinating research area!
![Page 34: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/34.jpg)
References (bounded model checking)
• A. Biere, A. Cimatti, E.M. Clarke, M. Fujita and Y. Zhu. Symbolic model checking using SAT procedures instead of BDDs. In Proc. 36th Design Automation Conference, 1999.
• P. Bjesse, T. Leonard and A. Mokkedem. Finding bugs in an Alpha microprocessor using satisfiability solvers. In Proc. 13th Int. Conf. On Computer Aided Verification, 2001.
![Page 35: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/35.jpg)
References (induction with SAT-solvers)
• M. Sheeran, S. Singh and G. Stålmarck. Checking safety properties using induction and a SAT-solver. In Proc. 3rd Int. Conf. On Formal Methods in Computer Aided Design, LNCS, Springer Verlag, 2000.
• P. Bjesse and K. Claessen. SAT-based verification without state space traversal. In Proc. 3rd Int. Conf. On Formal Methods in Computer Aided Design, LNCS, Springer Verlag, 2000.
![Page 36: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/36.jpg)
References (SAT-based reachability analysis)
• P. A. Abdulla, P. Bjesse and N. Een. Symbolic reachability analysis based on SAT-solvers. In Proc. TACAS’00.
• P. F. Williams, A. Biere, E. M. Clarke and A. Gupta. Combining decision diagrams and SAT procedures for efficient symbolic model checking. In CAV’00.
• A. Gupta, Z. Yang and P. Ashar, SAT-based image computation with application in reachability analysis for verification. In FMCAD’00.
![Page 37: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/37.jpg)
SAT
![Page 38: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/38.jpg)
SAT
ARITH
BMC
IND
RA…
![Page 39: SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649cc55503460f9498e267/html5/thumbnails/39.jpg)
The future?
• Increasingly powerful proof engines
• Integration in system development tools
• Combining different engines or methods (for example BDDs and SAT or interactive and automatic methods)
• Use of formal methods in test pattern generation