Interpolation-Sequence Based Model Checking - PowerPoint PPT Presentation
Title:
Interpolation-Sequence Based Model Checking
Description:
Architecture, System Level and Validation Solutions, Intel Development ... cannot be verified by one method but can be verified by the other and vise-versa. ... – PowerPoint PPT presentation
Number of Views:23
Avg rating:3.0/5.0
Title: Interpolation-Sequence Based Model Checking
1
Interpolation-Sequence Based Model Checking
- Yakir Vizel1,2
- and
- Orna Grumberg1
- Computer Science Department, The Technion, Haifa,
Israel. - Architecture, System Level and Validation
Solutions, Intel Development Center, Haifa, Israel
2
Outline
- Introduction
- Model checking
- Forward Reachability Analysis
- Bounded Model Checking
- Interpolation
- Interpolation
- Interpolation-Sequence
- Interpolation-Sequence Based Model Checking
- Experimental Results
3
Introduction
4
Model Checking
- Given a system and a specification, does the
system satisfy the specification.
System
AGq
MC
?
- The specification is given in temporal logic
e.g. LTL. - We deal with specifications of the form AGq.
5
Forward Reachability Analysis
Sn
S2
BAD q
S1
INIT
6
Bounded Model Checking
- Does the system have a counterexample of length
k?
. . .
7
A Bit of Intuition
S3
S2
S1
INIT
BAD q
I3
I1
I2
INIT
8
Interpolation
9
Interpolation In The Context of Model Checking
- Given the following BMC formula.
I
10
Interpolation-Sequence
- The same BMC formula partitioned in a different
manner
I1
I2
I3
Ik-1
Ik
11
Interpolation-Sequence (2)
- Can easily be computed. For 1 j lt n
- A A1 Ù Ù Aj
- B Aj1 Ù Ù An
- Ij is the interpolant for the pair (A,B)
12
Interpolation-Sequence Based Model Checking
13
Using Interpolation-Sequence
I1,1
I1
I1,2
I2,2
14
Combining Interpolation-Sequence and BMC
- A way to do reachability analysis using a SAT
solver. - Uses the original BMC loop and adds an inclusion
check for full verification. - Similar sets to those computed by Forward
Reachability Analysis but over-approximated.
15
Computing Reachable States with a SAT Solver
- Use BMC to search for bugs.
- Partition the checked BMC formula and extract the
interpolation sequence
I1,N
IN-1,N
IN,N
I2,N
16
The Analogy to Forward Reachability Analysis
S3
S2
S1
INIT
BAD q
I3
I2
I1
I1
I2
INIT
I3,3
I2,3
I1,3
I1,1
I2,2
I1,2
17
McMillans Method
- The computation itself is different.
- Uses basic interpolation.
- Successive calls to BMC for the same bound.
- Not incremental.
- The sets computed are different.
J1
I1
S1
18
Experimental Results
19
Experimental Results
- Experiments were conducted on two future CPU
designs from Intel (two different
architectures/tocks)
20
Experimental Results - Falsification
21
Experimental Results - Verification
22
Experiments Results - Analysis
Spec Vars Bound (Ours) Bound (M) Int (Ours) Int (M) BMC (Ours) BMC (M) Time s (Ours) Time s (M)
F1 3406 16 15 136 80 16 80 970 5518
F2 1753 9 8 45 40 9 40 91 388
F3 1753 16 15 136 94 16 94 473 1901
F4 3406 6 5 21 13 6 13 68 208
F5 1761 2 1 3 2 2 2 5 4
F6 3972 3 1 6 3 3 3 19 14
F7 2197 3 1 6 3 3 3 2544 1340
F8 4894 5 1 15 3 5 3 635 101
23
Analysis
- False properties is always faster.
- True properties results vary. Heavier
properties favor ISB where the easier favor IB. - Some properties cannot be verified by one method
but can be verified by the other and vise-versa.
24
Conclusions
- A new SAT-based method for unbounded model
checking. - BMC is used for falsification.
- Simulating forward reachability analysis for
verification. - Method was successfully applied to industrial
sized systems.
25
Questions?
- Thank You!
