1 / 26

Carnegie Mellon University

A View from the Engine Room: Computational Support for Symbolic Model Checking. Randal E. Bryant. Carnegie Mellon University. http://www.cs.cmu.edu/~bryant. Outline. Boolean Reasoning as Engine for Model Checking BDDs & SAT An Evaluation of SAT Current capabilities & limitations

sadah
Download Presentation

Carnegie Mellon University

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A View from the Engine Room: Computational Support for Symbolic Model Checking Randal E. Bryant Carnegie Mellon University http://www.cs.cmu.edu/~bryant

  2. Outline • Boolean Reasoning as Engine for Model Checking • BDDs & SAT • An Evaluation of SAT • Current capabilities & limitations • Making further progress • Beyond SAT • Enhancing DPLL to do more than find single solution

  3. The Origins of Symbolic Model Checking • 1987 notes by Ken McMillan • Backward traversal of Petri net state space • Realized that reachability could be performed via symbolic Boolean manipulation

  4. Role of Boolean Manipulation in MC • Contributions of BDDs to Model Checking • Separate problem from implementation • BDDs provide clean API to model checker • Performed well for many examples • The Emergence of SAT • Initially for bounded model checking [Biere, et al., ’96] • More recently for full model checking • SAT enumeration [McMillan ’02] • Interpolation-based abstraction-refinement [McMillan ’03] • Important Point • Advances in Boolean manipulation drive progress in model checking

  5. Recent Progress in SAT Solving

  6. Conventional Wisdom on SAT • BDDs vs. DPLL • DPLL better than BDDs for straight SAT • Especially problems with large numbers of variables • Best Research Strategy is to Keep Refining DPLL • Certainly has lead to big improvements! • Claim • This wisdom is overly simplistic

  7. Comparing Parity Trees • Compare linear chain of XORs to randomly trees • Known hard problem for resolution-based SAT solvers • 16 n-input trees for different values of n

  8. Parity: Exhaustive Testing • Testing  109 cases is no big deal

  9. Parity: DPLL (ca. 2002 Limmat) • Known difficult problem for DPLL

  10. Parity: DPLL (MiniSAT) • Recent SAT solvers have made remarkable progress

  11. Parity: BDDs • Trivial problem for BDDs

  12. Associativity Testing • Typical of arithmetic verification problems • Evaluate for different argument word sizes int addL (int x, int y, int z) { return (x+y)+z; } int addR(int x, int y) (int x, int y, int z) { return x+(y+z); } ? = int mulL (int x, int y, int z) { return (x*y)*z; } int mulR(int x, int y) (int x, int y, int z) { return x*(y*z); } ? =

  13. Associativity of Addition • Easy for BDDs • Recent DPLL handle readily

  14. Associativity of Multiplication • BDDs better than DPLL

  15. Associativity of Multiplication • Both worse than exhaustive

  16. Progress in SAT Research • Evolution of DPLL • Incremental advances yielding more than incremental improvements • Encourages continued incrementing • Downside • Gene pool of SAT solvers diminishing • All use DPLL, nonchronological backtracking, 2-literal watching … • New approaches must overcome high performance standard • Claim • We need to be looking beyond incremental changes

  17. Breaking Free • Raise the Bar on Benchmarks • Identify challenge benchmarks • Examples • Arithmetic problems • Breaking cryptosystems or secure hashes • Combinatorial optimization • Parameterize to allow scaling analysis • Acknowledge Value of Niche Solvers • Don’t worry about problems that current solvers handle well

  18. BDD/DPLL Hybrids • Very Different Approaches • DPLL: Search for one solution from top down • BDDs: Encode all solutions from bottom up • Significant Recent Effort • BDD preprocessing for SAT solver [Jin & Somenzi, ’04] • DPLL on ZDD-represented clause sets [Aloul, et al., ’01] • Satisfy conjunction of BDDs [Damiano & Kukula, ’03, Franco et al., ’04] • Evaluation • Incomplete • Can help when one approach (BDD / DPLL) much better than other • But what about problems that neither does well?

  19. Beyond SAT • Dealing With Quantifiers • DPLL as QBF solver has had limited success • Strength for BDDs • Especially with deep, alternating quantifier nesting • E.g., model checking • Unsatisfiability • Impressive progress on generating proofs and unsat cores • Using scaffolding from DPLL • Many applications • E.g., refinement steps in model checking • No counterpart with BDDs

  20. F X . . . G Y Y . . . . . . Challenge Problem: Quantifier Elimination • Core Problem For Model Checking • Bit-level: Relational product • Predicate abstraction • Flanagan & Qadeer, ’02, Lahiri, Bryant, Cook, ’03 • Methods • BDDs: quantifier elimination • Use early quantification • DPLL: SAT enumeration • Plaisted, ’00, Gupta, et al., ’00, McMillan ’02, Clarke et al., ’03 G = X F 

  21. x1, x2, x3, x4, x5, x6 [ (x1 x2 x3 x4x5 x6)  (x1 x2 x3 x4x5 x6) ] Current State (x2 y2) (y2 y1) (x4 x6 y1) x3y4 x4y3 x5y6x6y5 Transition Constraints Quantifier Elimination Example • Example from Predicate Abstraction • Lahiri, Bryant, Cook, ’03 • G = X F • Current state variables X • Next state variables Y

  22.  (y1 y2 y3 y4y5 y6) Set Enumeration • Run SAT checker over formula • Generate blocking clause for each newly generated element (x2 y2) (y2 y1) (x4 x6 y1) x3y4 x4y3 x5y6x6y5 [ (x1 x2 x3 x4x5 x6)  (x1 x2 x3 x4x5 x6) ]

  23. Compressing Set Representation • Disjunct set elements to form BDD • Extract prime implicants from BDD • Experience: 10X reduction in number of terms BDD Rep.

  24. SAT Enumeration Observations • Performance • Better than BDDs when |X| >>|Y| • Only have to enumerate for unique assignments to Y • Improvements • Attempt to enlarge solution as enumerate [McMillan ’02] • Build into DPLL search loop • Lahiri, Nieuwenhuis, Oliveras, ’06 • Handle successful cases similarly to failures • Make solver stop before it assigns values to all variables • Implemented? • Observation • Enumerative methods seem inelegant

  25. Conclusions • 25MC = 20OBDD • Boolean methods have driven much of the progress in model checking • BDDs & SAT • SAT Progress • Impressive, but still room for improvement • Beyond SAT • Quantifiers • Unsatisfiability

  26. Comments?

More Related