1 / 22

Underapproximation for Model-Checking Based on Random Cryptographic Constructions

Underapproximation for Model-Checking Based on Random Cryptographic Constructions. Arie Matsliah (presenting) and Ofer Strichman. Introduction. Motivation: Efficient “bug-hunters” for heavy verification instances Underapproximation: M, M’ – Kripke structures

craig-mcgee
Download Presentation

Underapproximation for Model-Checking Based on Random Cryptographic Constructions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Underapproximation for Model-Checking Based on Random Cryptographic Constructions Arie Matsliah (presenting) and Ofer Strichman

  2. Introduction Motivation: • Efficient “bug-hunters” for heavy verification instances Underapproximation: • M, M’ – Kripke structures • M’underapproximatesM if for every LTL formula φ: Mφ → M’φ • M’ has a subset of the behaviors of M Our goal: • Automatic and efficient underapproximation-based model checking

  3. Model-checking with underapproximation Refine: add behaviors • Potentially good for falsification, not verification. ? M’φ M M’ Model- checker M’φ φ fail

  4. What makes Model Checking hard? • The time complexity of model checking depends exponentially on the number of inputs Natural approach for Underapproximation: reduce # of inputs. M’ M inputs inputs outputs outputs

  5. Reducing the number of inputs • An underlying assumption: “The values of some of the inputs are immaterial for exposing the bug” • A simple technique for underapproximation: fixing inputs. • Pick those inputs manually (using high-level information). • Fix their value. • A similar process which is automatic and complete is ineffective. • Our method: reduce # inputs without fixing any.

  6. Our contribution Underapproximation which: • Reduces the number of inputs • Maintains a measurable and uniform degree of freedom to the original inputs • Based on adding circuitry to the model. • Can be applied to any form of verification new inputs inputs outputs C M’ original inputs M outputs

  7. Main idea - Universality • A (combinatorial) circuit C is k-universal if • any valuation of at most k of its outputs ... • ...can be reached under some assignment to its inputs. • Example: 2-universal circuit inputs outputs 00 0 0 0 10 1 0 1 01 0 1 1 11 1 1 0 • Why universality? • if #(important inputs) ≤ k, then k-universal circuit is enough inputs C outputs

  8. Universality of some naïve methods M’ C Fixing some of the inputs to constants  0-universal 0 1 1 0 inputs outputs M Merge groups of inputs together  1-universal M’ C inputs outputs M

  9. Inspiration - Pseudo Random Generators (PRGs) random string Generator f f f f f f f pseudorandom string PRG construction [NW 94]: • the circuit has certain properties • f is “hard to invert” Our construction: • the circuit is random • f is a XOR function looks random for any poly-time algorithm

  10. Using universal circuits new inputs C M’ original inputs M outputs

  11. Constructing universal circuits A random matrix inputs (inputs of M’) i6 i5 i4 i2 i3 i1 i6 i5 i4 i2 i3 i1 1 1 1 o1 1 1 1 o2 C 1 1 1 o3 1 1 1 o4 1 1 o5 1 1 1 o6 o6 o7 o5 o4 o2 o3 o1 1 1 1 o7 outputs (inputs of M) mod 2

  12. How universal is C? • Lemma:if every k rows in A are linearly independent– C is k-universal • Proof (for k=3, n=7, m=6): A’ A i6 i6 i5 i5 i4 i4 i2 i3 i2 i3 i1 i1 1 1 1 1 1 1 o2 o1 1 1 1 1 1 1 o4 o2 1 1 1 1 1 1 o7 o3 1 1 1 o4 1 1 o5 A’ 1 1 1 o6 1 1 1 o7 A’ has full rank  all 23 values covered

  13. How universal is C? • Lemma:for k=O(m/log n), with high probability, every k rows in A are linearly independent • Proof (for k=3, n=7, m=6): A’ A i6 i6 i5 i5 i4 i4 i2 i3 i2 i3 i1 i1 A1 1 1 1 1 1 1 o1 o1 1 1 1 1 1 1 o4 o2 A4 1 1 1 1 1 1 o6 o3 1 1 1 o4 Pr[A1 is in span(A4,A6)] ≤ 22/26 for general k,m,n: Pr[ … ] ≤ 2-m+k-1  Apply Union Bound 1 1 o5 A6 1 1 1 o6 1 1 1 o7

  14. How universal is C? • Lemma:for k=O(m/log n), with high probability, every k rows in A are linearly independent • Lemma:if everykrows inAare linearly independent–Cis k-universal • Corollary:for k=O(m/log n), with high probability, C isk-universal Sample values:

  15. Better bounds for k k cannot be larger than m • What if we relax the requirement? • Lemma:for any ε > 0 and k ≤ m - log m – log (1/ε), each subset ofk outputs is coveredwith probability 1-ε  for any k ≤ m - log m – 7, each subset ofk outputs is coveredwith probability ~0.99 Sample values: m 20 30 40 50 70 100 200 500 800 1000 k 7 18 28 37 57 86 185 484 783 983

  16. What now?... • The main contribution of the work is theoretical: • Showing relevance of universality to model-checking. • Proving universality properties of PRG-like circuits. • Experiments show that indeed universality matters. • The challenge: from theory to practice.

  17. Experiments • Implemented in IBM RuleBase PE • 17 BMC instances with known bugs • For each design with n inputs, we generated a new design with m inputs, for m = n/2, n/3, n/5, n/10 • We compared the following methods: • Our: Our circuit with m inputs. • Orig: No underapproximation • Fix: Fixing n-m inputs to some constant. • Set: Partitioning the inputs to m sets. All inputs in the same set are mapped to a single input.

  18. Run-times -13.6% -17.5% -22.7% -47.1%4.7% 50.2%

  19. Run-times 6.2% 7.2% 105.9% 140.6% -13.6% -17.5% -22.7% -47.1%

  20. probability of each input to be included in the fanin inputs The effect of m and p • Tested 4 heaviest designs with various m and p’s • Depth in which bug was found, was increased in this many designs: p m

  21. Mk M2 M1 C M0 Future work • Attach the circuit C to the unrolled model • Refinement strategies • Construct universal circuitswithout XORs • Construct universal circuitsdeterministically • Experiments with (unbounded) model-checking + simulation

  22. Thank you!

More Related