97 research outputs found
A Faithful Semantics for Generalised Symbolic Trajectory Evaluation
Generalised Symbolic Trajectory Evaluation (GSTE) is a high-capacity formal
verification technique for hardware. GSTE uses abstraction, meaning that
details of the circuit behaviour are removed from the circuit model. A
semantics for GSTE can be used to predict and understand why certain circuit
properties can or cannot be proven by GSTE. Several semantics have been
described for GSTE. These semantics, however, are not faithful to the proving
power of GSTE-algorithms, that is, the GSTE-algorithms are incomplete with
respect to the semantics.
The abstraction used in GSTE makes it hard to understand why a specific
property can, or cannot, be proven by GSTE. The semantics mentioned above
cannot help the user in doing so. The contribution of this paper is a faithful
semantics for GSTE. That is, we give a simple formal theory that deems a
property to be true if-and-only-if the property can be proven by a GSTE-model
checker. We prove that the GSTE algorithm is sound and complete with respect to
this semantics
Applicability of fair simulation
AbstractIn this paper we compare four notions of fair simulation: direct [9], delay [12], game [19], and exists [16]. Our comparison refers to three main aspects: The time complexity of constructing the fair simulation, the ability to use it for minimization, and the relationship between the fair simulations and universal branching-time logics. We developed a practical application that is based on this comparison. The application is a new implementation for the assume-guarantee modular framework presented By Grumberg at al. in [ACM Transactions on Programming Languages and Systems (TOPLAS), 16 (1994) 843]. The new implementation significantly improves the complexity of the framework
3-Valued abstraction: More precision at less cost
AbstractThis paper investigates both the precision and the model checking efficiency of abstract models designed to preserve branching time logics w.r.t. a 3-valued semantics. Current abstract models use ordinary transitions to over approximate the concrete transitions, while they use hyper transitions to under approximate the concrete transitions. In this work, we refer to precision measured w.r.t. the choice of abstract states, independently of the formalism used to describe abstract models. We show that current abstract models do not allow maximal precision. We suggest a new class of models and a construction of an abstract model which is most precise w.r.t. any choice of abstract states. As before, the construction of such models might involve an exponential blowup, which is inherent by the use of hyper transitions. We therefore suggest an efficient algorithm in which the abstract model is constructed during model checking, by need. Our algorithm achieves maximal precision w.r.t. the given property while remaining quadratic in the number of abstract states. To complete the picture, we incorporate it into an abstraction-refinement framework
Applying Software Model Checking Techniques For Behavioral UML Models
Abstract. This work presents a novel approach for the verification of Behavioral UML models, by means of software model checking. We propose adopting software model checking techniques for verification of UML models. We translate UML to verifiable C code which preserves the high level structure of the models, and abstracts details that are not needed for verification. We combine of static analysis and bounded model checking for verifying LTL safety properties and absence of livelocks. We implemented our approach on top of the bounded software model checker CBMC. We compared it to an IBM research tool that verifies UML models via a translation to IBM's hardware model checker RuleBasePE. Our experiments show that our approach is more scalable and more robust for finding long counterexamples. We also demonstrate the usefulness of several optimizations that we introduced into our tool
Lazy abstraction and SAT-based reachability in hardware model checking
In this work we present a novel lazy abstraction refinement technique for hardware model checking, integrated with the SAT-based algorithm IC3. In contrast to most SAT-based model checking algorithms, IC3 avoids unrolling of the transition relation. Instead, it applies local checks, while computing over-approximated sets of reachable states. We find IC3 most suitable for lazy abstraction, since each one of its local checks requires different information from the checked model. Similarly to IC3, our algorithm obtains a series of overapproximated sets of states. However, when constructing the series, different abstractions are used for different sets. If an abstract counterexample is obtained, we either find a corresponding concrete one, or apply refinement to eliminate all counterexamples of the same length. Refinement makes the abstractions more precise as needed, and where needed. After refinement, the computation resumes from the same step where it was interrupted. The result is an incremental abstraction refinement algorithm where the abstraction is lazy. We implemented our algorithm, called L-IC3, and compared it with the original IC3 on large industrial hardware designs. We obtained significant speedups of up to two orders of magnitude
A Generic Framework for Reasoning about Dynamic Networks of Infinite-State Processes
We propose a framework for reasoning about unbounded dynamic networks of
infinite-state processes. We propose Constrained Petri Nets (CPN) as generic
models for these networks. They can be seen as Petri nets where tokens
(representing occurrences of processes) are colored by values over some
potentially infinite data domain such as integers, reals, etc. Furthermore, we
define a logic, called CML (colored markings logic), for the description of CPN
configurations. CML is a first-order logic over tokens allowing to reason about
their locations and their colors. Both CPNs and CML are parametrized by a color
logic allowing to express constraints on the colors (data) associated with
tokens. We investigate the decidability of the satisfiability problem of CML
and its applications in the verification of CPNs. We identify a fragment of CML
for which the satisfiability problem is decidable (whenever it is the case for
the underlying color logic), and which is closed under the computations of post
and pre images for CPNs. These results can be used for several kinds of
analysis such as invariance checking, pre-post condition reasoning, and bounded
reachability analysis.Comment: 29 pages, 5 tables, 1 figure, extended version of the paper published
in the the Proceedings of TACAS 2007, LNCS 442
Assume, Guarantee or Repair
We present Assume-Guarantee-Repair (AGR) – a novel framework which not only verifies that a program satisfies a set of properties, but also repairs the program in case the verification fails. We consider communicating programs – these are simple C-like programs, extended with synchronous communication actions over communication channels. Our method, which consists of a learning-based approach to assume-guarantee reasoning, performs verification and repair simultaneously. In every iteration, AGR either makes another step towards proving that the (current) system satisfies the specification, or alters the system in a way that brings it closer to satisfying the specification. We manage handling infinite-state systems by using a finite abstract representation, and reduce the semantic problems in hand – satisfying complex specifications that also contain first-order constraints – to syntactic ones, namely membership and equivalence queries for regular languages. We implemented our algorithm and evaluated it on various examples. Our experiments present compact proofs of correctness and quick repairs
Antichains for the Automata-Based Approach to Model-Checking
We propose and evaluate antichain algorithms to solve the universality and
language inclusion problems for nondeterministic Buechi automata, and the
emptiness problem for alternating Buechi automata. To obtain those algorithms,
we establish the existence of simulation pre-orders that can be exploited to
efficiently evaluate fixed points on the automata defined during the
complementation step (that we keep implicit in our approach). We evaluate the
performance of the algorithm to check the universality of Buechi automata using
the random automaton model recently proposed by Tabakov and Vardi. We show that
on the difficult instances of this probabilistic model, our algorithm
outperforms the standard ones by several orders of magnitude
- …