of predicate abstraction A. Cimatti, J. Dubrovin, T. Junttila, M. - - PowerPoint PPT Presentation

of predicate abstraction
SMART_READER_LITE
LIVE PREVIEW

of predicate abstraction A. Cimatti, J. Dubrovin, T. Junttila, M. - - PowerPoint PPT Presentation

Oct 12, 2022 326 likes •586 views

Structure-aware computation of predicate abstraction A. Cimatti, J. Dubrovin, T. Junttila, M. Roveri Fondazione Bruno Kessler, Trento, Italy Helsinki Institute of Technology, Finland Predicate abstraction: symbolic view Concrete state as

slide-1
SLIDE 1

Structure-aware computation

  • f predicate abstraction
  • A. Cimatti, J. Dubrovin, T. Junttila, M. Roveri

Fondazione Bruno Kessler, Trento, Italy Helsinki Institute of Technology, Finland

slide-2
SLIDE 2
slide-3
SLIDE 3

3 Structure-aware abstraction FMCAD'09, Austin, TX

Predicate abstraction: symbolic view

‡ Concrete state as assignment to X variables

± booleans, bit vectors, realsLQWHJHUV«

‡ Concrete program as SMT formula CR(X, X') ‡ Abstract state as assignment to boolean variables Pi ‡ Predicates as SMT formulae i(X) ‡ Abstraction function Abstr(X X' P P') as “i Pi |i(X) ‡ Computing predicate abstraction:

± Obtain a boolean representation for AR(P,P') ± Amenable to symbolic model checking

‡ AR(P,P') = Ö X X'.(CR(X, X') ““i Pi |i(X) ““i Pi' |i(X') )

slide-4
SLIDE 4

From Q-SMT to Boolean

xx xx xx xx xx xx xx

ÌX X'

  • (X X' P P')
  • B(P P')

Abstract

‡ Predicate Abstraction

± at the core of many verification approaches ± often a bottleneck

4 Structure-aware abstraction FMCAD'09, Austin, TX

slide-5
SLIDE 5

Avoid Monolithic Computation

xx xx xx xx xx xx xx

ÌX X'

  • (X X' P P')
  • B(P P')
xx xx xx xx xx xx x xx xx xx xx xx xx xx xx

ÌV3 ÌV2 ÌV1

5 Structure-aware abstraction FMCAD'09, Austin, TX

Reduce

slide-6
SLIDE 6

Structure-aware predicate abstraction

‡ New procedure for predicate abstraction ‡ Exploits the available problem structure ‡ At the high level

± structure of system being abstracted ± modules, scope of variables, nature of transitions

‡ At the low level

± structure of quantified formula ± reduce scope of quantification

6 Structure-aware abstraction FMCAD'09, Austin, TX

slide-7
SLIDE 7

High level framework

‡ System structured in several components ‡ Asynchronously composed via interleaving ‡ Transitions:

± local transitions ± synchronizing transitions ± timed transitions

‡ Variables

± local ± write-one / read-many ± write-many / read-many

‡ Some features common also to

± software programs ± concurrent systems

7 Structure-aware abstraction FMCAD'09, Austin, TX

Invariants: x in [10, 20] 607”[ [” Flow condition: der(x) in [1.1, 1.3] SMT: x + 1.1Â/”[[”[Â/ Global: the same / for all components!

slide-8
SLIDE 8

Predicate abstraction procedure

‡ Ingredients

± disjunctively partitioning the concrete program ± inlining ± clustering ± blocking and restricting models ± value sampling

8 Structure-aware abstraction FMCAD'09, Austin, TX

slide-9
SLIDE 9
slide-10
SLIDE 10

Abstracting one transition

‡ During transitions, several components may not change ‡ In local transitions

± only active process is modified ± ORF ORF[ [«

‡ synchronizing transitions

± similarly, only active processes change

‡ timed transitions

± discrete locations do not change

‡ Lots of potential for inlining

10 Structure-aware abstraction FMCAD'09, Austin, TX

slide-11
SLIDE 11

Rules for inlining

‡ ÌX.( • (u=.)) rewrites to ÌX.([u / .])

± where u in X, and not in .

‡ ÌX.( • T<.)) rewrites to T<.) • ÌX.([q / .])

± where . propositional, and q not in .

‡ ÌX.( • ( <.)) rewrites to ÌX.([ / .]) • ( <.))

± where . propositional but has vars in X

11 Structure-aware abstraction FMCAD'09, Austin, TX

slide-12
SLIDE 12

Practical Limitations

‡ Variable in one component may be referred to in flow conditions of other components

± this indirectly influences its behaviour.

‡ Predicates can introduce correlations that are not directly present in the original system

± e.g. (x + y < 10) connects x and y

12 Structure-aware abstraction FMCAD'09, Austin, TX

slide-13
SLIDE 13

Clustering

‡ ÌX.(-1(X1 P) • -2(X2 P) • «• -n(Xn P) ) ‡ Each variable in X occurs in at most one of the clusters Xi ‡ Each cluster can be dealt with independently ‡ Trade one big quantification for many (hopefully smaller) quantifications

(ÌX1.-1(X1 P)) • (ÌX2.-2(X2 P)) • «• (ÌXn.-n(Xn P))

13 Structure-aware abstraction FMCAD'09, Austin, TX

slide-14
SLIDE 14

Blocking and Restricting Models

‡ When computing -B(P) V ÌX.-(X P) ‡ Replace ÌX.-(X P) with ÌX.(¬-B(P) • -(X P)) ‡ Rationale

± boolean reasoning cheaper than SMT reasoning ± models in -B have already been visited ± force exploration to other models within ¬-B

‡ When computing

± -B0(P) • ÌX1.-1(X1 P) • ÌX2.-2(X2 P) • «• ÌXn. -n(Xn P)

‡ We can use previously computed conjuncts to prune quantification

± ÌX1.( -1(X1 P) • ¬-B0(P)) ± ÌX2.( -2(X2 P) • ¬-B01(P)) ± ÌX3.( -3(X3 P) • ¬-B012(P))

‡ Restrict to models still worth exploration

14 Structure-aware abstraction FMCAD'09, Austin, TX

slide-15
SLIDE 15

Variable Sampling

‡ "Quasi clustering": a single w prevents clustering

± Ì X.(-1(w X1 P) • -2(w X2 P) • «• -n(w Xn P))

‡ Pick one value c for w, replace, and cluster

± Ì X\w.(-1,w/c(X1 P) • -2,w/c(X2 P) • «• -n,w/c(Xn P)

‡ Result: underapproximation -w/c(P)

± computed one cofactor with respect to w = c ± we have to cover the case Z•F ± Ì X.(w • c • -1(w X1 P) • -2(w X2 P) • «• -n(w Xn P))

‡ The process can be iterated

± need to block already covered models ± need to find a suitable sequence of instantiations

15 Structure-aware abstraction FMCAD'09, Austin, TX

slide-16
SLIDE 16

Sampling-driven quantification

SamplingAllSMT(Phi, X, W) { res := False; (sat, mu) := SMTSolve(Phi); while sat do c := PickValue(mu, W); new := AllSMT(not res and Phi[W / c]); res := res or new; (sat, mu) := SMTSolve(Phi and not res); end while return res; }

16 Structure-aware abstraction FMCAD'09, Austin, TX

slide-17
SLIDE 17

Implementation

‡ Extended NuSMV

± empowered with SMT functionalities ± types: reals, integers, bit-YHFWRUV«

‡ MathSAT SMT solver used as backend ‡ High level simplifications

± network of automata ± python script to generate disjunctive partitioned representation

‡ Low level simplifications as rewriter over quantified formulae ‡ Abstraction based on AllSMT version of MathSAT

17 Structure-aware abstraction FMCAD'09, Austin, TX

slide-18
SLIDE 18

Experimental Set up

‡ Two classes of problems

± from HyTech distribution ± randomly generated networks of automata

‡ Compared Algorithms

± mono ± + partitioning ± + clustering ± + v-sampling

18 Structure-aware abstraction FMCAD'09, Austin, TX

slide-19
SLIDE 19

Results on Hytech models

19 Structure-aware abstraction FMCAD'09, Austin, TX

slide-20
SLIDE 20

Results on Random LHA's

20 Structure-aware abstraction FMCAD'09, Austin, TX

slide-21
SLIDE 21

Related Work

‡ Imprecise techniques

± Cartesian Abstraction

‡ Boolean Quantification

± BDD-based ± SAT-based

‡ Monolithic SMT-based predicate abstraction

± AllSMT [CAV06] ± BDD + SMT [FMCAD07]

‡ Software model checking: BLAST, SATABS

± Partitioning transition by transition in CFG ± Forward image computations by inlining unmodified variables

‡ Avoid abstraction computation

± Directly compute abstract violations [FM09] ± No need for AllSMT functionality

21 Structure-aware abstraction FMCAD'09, Austin, TX

slide-22
SLIDE 22

Conclusions

‡ A structure-aware procedure for the exact computation of predicate abstraction ‡ Exploit high level structure

± transition partitioning ± variable scope

‡ Exploit low level structure

± formula quantification, clustering ± value sampling

‡ Significant speed-ups

22 Structure-aware abstraction FMCAD'09, Austin, TX

slide-23
SLIDE 23

Future Work

‡ Comprehensive comparison with other methods

± Experiment with BDD-based abstraction

‡ Measure impact on CEGAR loop ‡ Application to post-image computation

± Reachability in abstract space

‡ Full incrementality

23 Structure-aware abstraction FMCAD'09, Austin, TX

slide-24
SLIDE 24

24 Structure-aware abstraction FMCAD'09, Austin, TX