SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB
Jan 19, 2016
SAT-based verification: underlying methods
Mary SheeranChalmers University of Technology and
Prover Technology AB
Synchronous Observer
Program Obs
ok
I B
I B
I B
I B
I B
i
I(s0) and path([s0..si]) and B(si)
Satisfying a formula
I B
I B
I B
I B
If system is bad
• Finds a shortest countermodel
• Error trace for debugging
But when can we stop?
I
when
contradictory?
i
Not quite, but
I
when
contradictory
loop-free
i
And symmetrically
when
contradictory
loop-free
B
Algorithm 1
i:= 0
if not Sat I or not Sat
B
then return True
i i
if Sat then return error trace
i := i+1 ;
I B
i
Tighten termination (Alg. 2)
i:= 0
if not Sat or not Sat B
then return True
if Sat then return error trace
i := i+1 ;
I
i
all (not I)
i
all (not B)
I B
i
Avoid iteration from zero (Alg. 3)
i := some constant which can be greater than zero
not (all P)I
i
I all (not I)
i+1
Ball (not B)
i+1
if Sat then return error trace
if not Sat or not Sat
then return True
i:= i+1
Base
I
Base
I
Step
Step
Base
B
Base
B
Step
Step
Complete method
i := some constant which can be greater than zero
not (all P)I
i
I all (not I)
i+1
Ball (not B)
i+1
if Sat then return error trace
if not Sat or not Sat
then return True
i:= i+1
Strengthen
i := some constant which can be greater than zero
not (all P)I
i
I all (not I)
i+1
Ball (not B)
i+1
if Sat then return error trace
if not Sat or not Sat
then return True
i:= i+1
Another way to strengthen
• Invent a lemma, L(s) that we believe to hold in the reachable states
• Prove Q(s) = P(s) and L(s)
• If both P and L hold in the reachable states, this can reduce induction depth
Choosing lemmas?
• Domain knowledge
• Analysis of the program
• Strongest possibility is the characterization of the reachable states
• Van Eijk’s method uses relations between signals as lemmas
Reachability analysis
• Standard approach to safety property verification using Binary Decision Diagrams (BDDs)
• Generate larger and larger subset of the reachable states. Stop when no new states added
• Check whether intersects with bad states
Reachability analysis
• Standard algorithms can be adapted to use a SAT-solver.
• Need to be able to deal with quantifiers in a way that doesn’t just blow up
• A fascinating research area!
References (bounded model checking)
• A. Biere, A. Cimatti, E.M. Clarke, M. Fujita and Y. Zhu. Symbolic model checking using SAT procedures instead of BDDs. In Proc. 36th Design Automation Conference, 1999.
• P. Bjesse, T. Leonard and A. Mokkedem. Finding bugs in an Alpha microprocessor using satisfiability solvers. In Proc. 13th Int. Conf. On Computer Aided Verification, 2001.
References (induction with SAT-solvers)
• M. Sheeran, S. Singh and G. Stålmarck. Checking safety properties using induction and a SAT-solver. In Proc. 3rd Int. Conf. On Formal Methods in Computer Aided Design, LNCS, Springer Verlag, 2000.
• P. Bjesse and K. Claessen. SAT-based verification without state space traversal. In Proc. 3rd Int. Conf. On Formal Methods in Computer Aided Design, LNCS, Springer Verlag, 2000.
References (SAT-based reachability analysis)
• P. A. Abdulla, P. Bjesse and N. Een. Symbolic reachability analysis based on SAT-solvers. In Proc. TACAS’00.
• P. F. Williams, A. Biere, E. M. Clarke and A. Gupta. Combining decision diagrams and SAT procedures for efficient symbolic model checking. In CAV’00.
• A. Gupta, Z. Yang and P. Ashar, SAT-based image computation with application in reachability analysis for verification. In FMCAD’00.
SAT
SAT
ARITH
BMC
IND
RA…
The future?
• Increasingly powerful proof engines
• Integration in system development tools
• Combining different engines or methods (for example BDDs and SAT or interactive and automatic methods)
• Use of formal methods in test pattern generation