416 research outputs found
Safety Model Checking with Complementary Approximations
Formal verification techniques such as model checking, are becoming popular
in hardware design. SAT-based model checking techniques such as IC3/PDR, have
gained a significant success in hardware industry. In this paper, we present a
new framework for SAT-based safety model checking, named Complementary
Approximate Reachability (CAR). CAR is based on standard reachability analysis,
but instead of maintaining a single sequence of reachable- state sets, CAR
maintains two sequences of over- and under- approximate reachable-state sets,
checking safety and unsafety at the same time. To construct the two sequences,
CAR uses standard Boolean-reasoning algorithms, based on satisfiability
solving, one to find a satisfying cube of a satisfiable Boolean formula, and
one to provide a minimal unsatisfiable core of an unsatisfiable Boolean
formula. We applied CAR to 548 hardware model-checking instances, and compared
its performance with IC3/PDR. Our results show that CAR is able to solve 42
instances that cannot be solved by IC3/PDR. When evaluated against a portfolio
that includes IC3/PDR and other approaches, CAR is able to solve 21 instances
that the other approaches cannot solve. We conclude that CAR should be
considered as a valuable member of any algorithmic portfolio for safety model
checking
Triggered Clause Pushing for IC3
We propose an improvement of the famous IC3 algorithm for model checking
safety properties of finite state systems. We collect models computed by the
SAT-solver during the clause propagation phase of the algorithm and use them as
witnesses for why the respective clauses could not be pushed forward. It only
makes sense to recheck a particular clause for pushing when its witnessing
model falsifies a newly added clause. Since this trigger test is both
computationally cheap and sufficiently precise, we can afford to keep clauses
pushed as far as possible at all times. Experiments indicate that this strategy
considerably improves IC3's performance.Comment: 4 page
Unbounded Scalable Hardware Verification.
Model checking is a formal verification method that has been successfully applied to real-world hardware and software designs. Model checking tools, however, encounter the so-called state-explosion problem, since the size of the state spaces of such designs is exponential in the number of their state elements. In this thesis, we address this problem by exploiting the power of two complementary approaches: (a) counterexample-guided abstraction and refinement (CEGAR) of the design's datapath; and (b) the recently-introduced incremental induction algorithms for approximate reachability. These approaches are well-suited for the verification of control-centric properties in hardware designs consisting of wide datapaths and complex control logic. They also handle most complex design errors in typical hardware designs. Datapath abstraction prunes irrelevant bit-level details of datapath elements, thus greatly reducing the size of the state space that must be analyzed and allowing the verification to be focused on the control logic, where most errors originate. The induction-based approximate reachability algorithms offer the potential of significantly reducing the number of iterations needed to prove/disprove given properties by avoiding the implicit or explicit enumeration of reachable states. Our implementation of this verification framework, which we call the Averroes system, extends the approximate reachability algorithms at the bit level to first-order logic with equality and uninterpreted functions. To facilitate this extension, we formally define the solution space and state space of the abstract transition system produced by datapath abstraction. In addition, we develop an efficient way to represent sets of abstract solutions involving present- and next-states and a systematic way to project such solutions onto the space of just the present-state variables. To further increase the scalability of the Averroes verification system, we introduce the notion of structural abstraction, which extends datapath abstraction with two optimizations for better classification of state variables as either datapath or control, and with efficient memory abstraction techniques. We demonstrate the scalability of this approach by showing that Averroes significantly outperforms bit-level verification on a number of industrial benchmarks.PhDComputer Science and EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/133375/1/suholee_1.pd
Sciduction: Combining Induction, Deduction, and Structure for Verification and Synthesis
Even with impressive advances in automated formal methods, certain problems
in system verification and synthesis remain challenging. Examples include the
verification of quantitative properties of software involving constraints on
timing and energy consumption, and the automatic synthesis of systems from
specifications. The major challenges include environment modeling,
incompleteness in specifications, and the complexity of underlying decision
problems.
This position paper proposes sciduction, an approach to tackle these
challenges by integrating inductive inference, deductive reasoning, and
structure hypotheses. Deductive reasoning, which leads from general rules or
concepts to conclusions about specific problem instances, includes techniques
such as logical inference and constraint solving. Inductive inference, which
generalizes from specific instances to yield a concept, includes algorithmic
learning from examples. Structure hypotheses are used to define the class of
artifacts, such as invariants or program fragments, generated during
verification or synthesis. Sciduction constrains inductive and deductive
reasoning using structure hypotheses, and actively combines inductive and
deductive reasoning: for instance, deductive techniques generate examples for
learning, and inductive reasoning is used to guide the deductive engines.
We illustrate this approach with three applications: (i) timing analysis of
software; (ii) synthesis of loop-free programs, and (iii) controller synthesis
for hybrid systems. Some future applications are also discussed
An Analysis of the Million Module March algorithm applied to the ATRON robotic platform
The Million Module March algorithm is a locomotion planning algorithm for self-reconfiguring robotic systems. It was first introduced by Robert Fitch and Zack Butler. It has already been proven to successfully plan movement for a kinematic abstraction whose traits are very different from the kinematic traits of the ATRON system. In this work we further examine this algorithm, and an adaptation of it to the ATRON robotic system. We examine a two dimensional proof of the reachability of connected configurations of sliding squares, and expand the proof to the three dimensional SlidingCube model of a self-reconfiguring robot. Using this proof, we explore in greater detail the theoretical basis of the Million Module March algorithm. We then modify the simulator used in the original Million Module March works to simulate the ATRON platform, and run a series of experiments. Ultimately, it is determined that the algorithm does not consistently perform as desired on the ATRON platform. We demonstrate that this performance is due to the inability of ATRON\u27s kinematics to guarantee reachability of connected configurations, and that therefore no similar algorithm of sublinear complexity can be guaranteed to perform as desired
Stable Model Counting and Its Application in Probabilistic Logic Programming
Model counting is the problem of computing the number of models that satisfy
a given propositional theory. It has recently been applied to solving inference
tasks in probabilistic logic programming, where the goal is to compute the
probability of given queries being true provided a set of mutually independent
random variables, a model (a logic program) and some evidence. The core of
solving this inference task involves translating the logic program to a
propositional theory and using a model counter. In this paper, we show that for
some problems that involve inductive definitions like reachability in a graph,
the translation of logic programs to SAT can be expensive for the purpose of
solving inference tasks. For such problems, direct implementation of stable
model semantics allows for more efficient solving. We present two
implementation techniques, based on unfounded set detection, that extend a
propositional model counter to a stable model counter. Our experiments show
that for particular problems, our approach can outperform a state-of-the-art
probabilistic logic programming solver by several orders of magnitude in terms
of running time and space requirements, and can solve instances of
significantly larger sizes on which the current solver runs out of time or
memory.Comment: Accepted in AAAI, 201
Symbolic Algorithms for Qualitative Analysis of Markov Decision Processes with B\"uchi Objectives
We consider Markov decision processes (MDPs) with \omega-regular
specifications given as parity objectives. We consider the problem of computing
the set of almost-sure winning states from where the objective can be ensured
with probability 1. The algorithms for the computation of the almost-sure
winning set for parity objectives iteratively use the solutions for the
almost-sure winning set for B\"uchi objectives (a special case of parity
objectives). Our contributions are as follows: First, we present the first
subquadratic symbolic algorithm to compute the almost-sure winning set for MDPs
with B\"uchi objectives; our algorithm takes O(n \sqrt{m}) symbolic steps as
compared to the previous known algorithm that takes O(n^2) symbolic steps,
where is the number of states and is the number of edges of the MDP. In
practice MDPs have constant out-degree, and then our symbolic algorithm takes
O(n \sqrt{n}) symbolic steps, as compared to the previous known
symbolic steps algorithm. Second, we present a new algorithm, namely win-lose
algorithm, with the following two properties: (a) the algorithm iteratively
computes subsets of the almost-sure winning set and its complement, as compared
to all previous algorithms that discover the almost-sure winning set upon
termination; and (b) requires O(n \sqrt{K}) symbolic steps, where K is the
maximal number of edges of strongly connected components (scc's) of the MDP.
The win-lose algorithm requires symbolic computation of scc's. Third, we
improve the algorithm for symbolic scc computation; the previous known
algorithm takes linear symbolic steps, and our new algorithm improves the
constants associated with the linear number of steps. In the worst case the
previous known algorithm takes 5n symbolic steps, whereas our new algorithm
takes 4n symbolic steps
- …