Automatic abstraction in model checking

As technology advances and demand for higher performance increases hardware designs are becoming more and more sophisticated. A typical chip design may contain over ten million switching devices. Since the systems become more and more complex, detecting design errors for systems of such scale becomes extremely difficult. Formal verification methodologies can potentially catch subtle design errors. However, many state-of-the-art formal verification tools suffer from the state explosion problem. This thesis explores abstraction techniques to avoid the state explosion problem. In our methodology, atomic formulas extracted from an SMV-like concurrent program are used to construct abstraction functions . The initial abstract structure is built by using existential abstraction techniques. When the model checker disproves a universal property on the abstract structure, it generates a counterexample. However, this abstract counterexample might be spurious because abstraction is not complete. We provide a new symbolic algorithm to determine whether an abstract counterexample is spurious. When a counterexample is identified to be spurious, the algorithm will compute the shortest prefix of the abstract counterexample that does not correspond to an actual trace in the concrete model. The last abstract state in this prefix is split into less abstract states so that the spurious counterexample is eliminated. Thus, a more refined abstraction function is obtained. It is usually desirable to obtain the coarsest refinement which eliminates the counterexample because this corresponds to the smallest abstract model that avoids the spurious counterexample. We prove, however, that finding the coarsest refinement is NP-hard. Because of this, we use a polynomial-time algorithm which gives a suboptimal but sufficiently good refinement of the abstraction function. The applicability of our heuristic algorithm is confirmed by our experiments. Using the refined abstraction function obtained in this manner, a new abstract model is built and the entire process is repeated. Our methodology is complete for ACTL, i.e., we are guaranteed to either find a valid counterexample or prove that the system satisfies the desired property. On the other hand, this thesis also discusses a new data structure - abstract BDDs. Intuitively, an abstract BDD is obtained from a BDD by collapsing paths that have the same abstract value with respect to some abstraction function. There are many ways to collapse the paths corresponding to different types of abstract BDDs. We identify four types of abstract BDDs : S-type, 0-type, 1-type and ∨ -type abstract BDDs for different applications. In this thesis, we show three applications of abstract BDDs. First, we will show how to check inequivalence between two combinational circuits using S-type and 0-type abstract BDDs. Then, we describe a methodology to generate an initial variable ordering using 0-type abstract BDDs. Finally, we demonstrate how to represent abstract Kripke structures using ∨ -type abstract BDDs. Our experiments clearly show the efficiency of abstract BDDs. We believe that abstract BDDs can be applied to many other applications as well.

[1]  A. Pnueli The Temporal Semantics of Concurrent Programs , 1979, Theor. Comput. Sci..

[2]  Abelardo Pardo,et al.  Incremental CTL model checking using BDD subsetting , 1998, Proceedings 1998 Design and Automation Conference. 35th DAC. (Cat. No.98CH36175).

[3]  R. Bryant,et al.  Verification of Arithmetic Functions with Binary Moment Diagrams , 1994 .

[4]  Armin Biere,et al.  Combining Symbolic Model Checking with Uninterpreted Functions for Out-of-Order Processor Verification , 1998, FMCAD.

[5]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[6]  David L. Dill,et al.  Reducing Manual Abstraction in Formal Verification of Out-of-Order Execution , 1998, FMCAD.

[7]  Jacob A. Abraham,et al.  Indexed BDDs: Algorithmic Advances in Techniques to Represent and Verify Boolean Functions , 1997, IEEE Trans. Computers.

[8]  Fausto Giunchiglia,et al.  NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.

[9]  Orna Grumberg,et al.  Abstract interpretation of reactive systems : abstractions preserving .. , 1994 .

[10]  Kurt Jensen Condensed state spaces for symmetrical Coloured Petri Nets , 1996, Formal Methods Syst. Des..

[11]  Timothy Kam,et al.  Formal verification of pipeline control using controlled token nets and abstract interpretation , 1998, 1998 IEEE/ACM International Conference on Computer-Aided Design. Digest of Technical Papers (IEEE Cat. No.98CB36287).

[12]  Wolfgang Rosenstiel,et al.  Multilevel logic synthesis based on functional decision diagrams , 1992, [1992] Proceedings The European Conference on Design Automation.

[13]  Roberto J. Bayardo,et al.  Using CSP Look-Back Techniques to Solve Exceptionally Hard SAT Instances , 1996, CP.

[14]  Robert K. Brayton,et al.  Automatic Datapath Abstraction In Hardware Systems , 1995, CAV.

[15]  Christoph Meinel,et al.  Application driven variable reordering and an example implementation in reachability analysis , 1999, Proceedings of the ASP-DAC '99 Asia and South Pacific Design Automation Conference 1999 (Cat. No.99EX198).

[16]  I. Wegener,et al.  SIMULATED ANNEALING TO IMPROVE VARIABLE ORDERINGS FOR OBDDsBeate , 1995 .

[17]  Tomás E. Uribe,et al.  Generating Finite-State Abstractions of Reactive Systems Using Decision Procedures , 1998, CAV.

[18]  A. Prasad Sistla,et al.  Automatic verification of finite state concurrent system using temporal logic specifications: a practical approach , 1983, POPL '83.

[19]  M. Fujita,et al.  Sampling schemes for computing OBDD variable orderings , 1998, 1998 IEEE/ACM International Conference on Computer-Aided Design. Digest of Technical Papers (IEEE Cat. No.98CB36287).

[20]  Christoph Meinel,et al.  Speeding up symbolic model checking by accelerating dynamic variable reordering , 2000, Universität Trier, Mathematik/Informatik, Forschungsbericht.

[21]  Randal E. Bryant,et al.  On the Complexity of VLSI Implementations and Graph Representations of Boolean Functions with Application to Integer Multiplication , 1991, IEEE Trans. Computers.

[22]  Orna Grumberg,et al.  Generation of Reduced Models for Checking Fragments of CTL , 1993, CAV.

[23]  Stephan Merz,et al.  Model Checking , 2000 .

[24]  Arun K. Somani,et al.  Abstraction Techniques for Modeling Real-World Interface Chips , 1993, HUG.

[25]  G. Hachtel,et al.  Modular Verification of Multipliers , 1996, FMCAD.

[26]  E.M. Clarke,et al.  Verifying IP-core based system-on-chip designs , 1999, Twelfth Annual IEEE International ASIC/SOC Conference (Cat. No.99TH8454).

[27]  David L. Dill,et al.  Experience with Predicate Abstraction , 1999, CAV.

[28]  Kenneth L. McMillan,et al.  Verification of Infinite State Systems by Compositional Model Checking , 1999, CHARME.

[29]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[30]  Hector J. Levesque,et al.  A New Method for Solving Hard Satisfiability Problems , 1992, AAAI.

[31]  Hector J. Levesque,et al.  Hard and Easy Distributions of SAT Problems , 1992, AAAI.

[32]  Fumiyasu Hirose,et al.  An approach to verify a large scale system-on-a-chip using symbolic model checking , 1998, Proceedings International Conference on Computer Design. VLSI in Computers and Processors (Cat. No.98CB36273).

[33]  Fabio Somenzi,et al.  Symmetry detection and dynamic variable ordering of decision diagrams , 1994, ICCAD '94.

[34]  Wei Li,et al.  The SAT phase transition , 1999, ArXiv.

[35]  Srinivas Devadas,et al.  Automatic generation and verification of sufficient correctness properties for synchronous processors , 1992, ICCAD.

[36]  Natarajan Shankar,et al.  An Integration of Model Checking with Automated Proof Checking , 1995, CAV.

[37]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[38]  Masahiro Fujita,et al.  Spectral Transforms for Large Boolean Functions with Applications to Technology Mapping , 1993, 30th ACM/IEEE Design Automation Conference.

[39]  Zohar Manna,et al.  Automatic Generation of Invariants and Intermediate Assertions , 1997, Theor. Comput. Sci..

[40]  Masahiro Fujita,et al.  Symbolic model checking using SAT procedures instead of BDDs , 1999, DAC '99.

[41]  Joseph Sifakis,et al.  Property Preserving Homomorphisms of Transition Systems , 1983, Logic of Programs.

[42]  Randal E. Bryant,et al.  Exploiting positive equality and partial non-consistency in the formal verification of pipelined microprocessors , 1999, DAC '99.

[43]  Somesh Jha,et al.  Abstract BDDs: A Technique for Using Abstraction in Model Checking , 1999, CHARME.

[44]  Kim G. Larsen,et al.  Verification of Large State/Event Systems Using Compositionality and Dependency Analysis , 1998, Formal Methods Syst. Des..

[45]  E.M. Clarke,et al.  Hybrid decision diagrams. Overcoming the limitations of MTBDDs and BMDs , 1995, Proceedings of IEEE International Conference on Computer Aided Design (ICCAD).

[46]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[47]  Randal E. Bryant,et al.  Exploiting Positive Equality in a Logic of Equality with Uninterpreted Functions , 1999, CAV.

[48]  Shinji Kimura Residue BDD and Its Application to the Verification of Arithmetic Circuits , 1995, 32nd Design Automation Conference.

[49]  Robert K. Brayton,et al.  BDD Variable Ordering for Interacting Finite State Machines , 1994, 31st Design Automation Conference.

[50]  Orna Grumberg,et al.  Abstract interpretation of reactive systems , 1997, TOPL.

[51]  David L. Dill,et al.  Automatic verification of Pipelined Microprocessor Control , 1994, CAV.

[52]  Adrian J. Isles,et al.  Formal verification of pipeline control using controlled token nets and abstract interpretation , 1998, 1998 IEEE/ACM International Conference on Computer-Aided Design. Digest of Technical Papers (IEEE Cat. No.98CB36287).

[53]  Richard Rudell Dynamic variable ordering for ordered binary decision diagrams , 1993, ICCAD.

[54]  Susanne Graf,et al.  Verification of a Distributed Cache Memory by Using Abstractions , 1994, CAV.

[55]  Joseph Sifakis,et al.  Property Preserving Simulations , 1992, CAV.

[56]  Richard Boulton,et al.  Efficiency in a fully-expansive theorem prover , 1993 .

[57]  Natarajan Shankar,et al.  Abstract and Model Check While You Prove , 1999, CAV.

[58]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[59]  Abelardo Pardo Sanchez,et al.  Automatic Abstraction Techniques For Formal Verification Of Digital Systems , 1997 .

[60]  Alberto L. Sangiovanni-Vincentelli,et al.  An Iterative Approach to Language Containment , 1993, CAV.

[61]  David L. Dill,et al.  Better verification through symmetry , 1996, Formal Methods Syst. Des..

[62]  Fabio Somenzi,et al.  Who are the variables in your neighborhood , 1995, ICCAD.

[63]  藤田 昌宏,et al.  Evaluation and Improvements of Boolean Comparison Method Based on Binary Decision Diagrams , 1988 .

[64]  Beate Bollig,et al.  Improving the Variable Ordering of OBDDs Is NP-Complete , 1996, IEEE Trans. Computers.

[65]  Rolf Drechsler,et al.  A genetic algorithm for variable ordering of obdds , 1996 .

[66]  Joseph Sifakis,et al.  Property preserving abstractions for the verification of concurrent systems , 1995, Formal Methods Syst. Des..

[67]  Christoph Meinel,et al.  Sample Method for Minimization of OBDDs , 1998, SOFSEM.

[68]  Robert P. Kurshan,et al.  Analysis of Discrete Event Coordination , 1989, REX Workshop.

[69]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[70]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[71]  E. Allen Emerson,et al.  From Asymmetry to Full Symmetry: New Techniques for Symmetry Reduction in Model Checking , 1999, CHARME.

[72]  Jürgen Dingel,et al.  Model Checking for Infinite State Systems Using Data Abstraction, Assumption-Commitment Style reasoning and Theorem Proving , 1995, CAV.

[73]  Yassine Lakhnech,et al.  Computing Abstractions of Infinite State Systems Compositionally and Automatically , 1998, CAV.

[74]  Randal E. Bryant,et al.  Efficient implementation of a BDD package , 1991, DAC '90.

[75]  Albert R. Wang,et al.  Logic verification using binary decision diagrams in a logic synthesis environment , 1988, [1988] IEEE International Conference on Computer-Aided Design (ICCAD-89) Digest of Technical Papers.

[76]  Edward Solari,et al.  PCI hardware and software: Architecture and design , 1994 .

[77]  D. Dill,et al.  Verification by approximate forward and backward reachability , 1998, 1998 IEEE/ACM International Conference on Computer-Aided Design. Digest of Technical Papers (IEEE Cat. No.98CB36287).

[78]  Parosh Aziz Abdulla,et al.  Verification of Infinite-State Systems by Combining Abstraction and Reachability Analysis , 1999, CAV.

[79]  Rolf Drechsler,et al.  Efficient Representation and Manipulation of Switching Functions Based on Ordered Kronecker Functional Decision Diagrams , 1994, 31st Design Automation Conference.

[80]  A. Prasad Sistla,et al.  Symmetry and model checking , 1993, Formal Methods Syst. Des..

[81]  Bernd Finkbeiner,et al.  Abstraction and Modular Verification of Infinite-State Reactive Systems , 1997, Requirements Targeting Software and Systems Engineering.

[82]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[83]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[84]  John M. Rushby,et al.  Integrated Formal Verification: Using Model Checking with Automated Abstraction, Invariant Generation, and Theorem Proving , 1999, SPIN.

[85]  Masahiro Fujita,et al.  On variable ordering of binary decision diagrams for the application of multi-level logic synthesis , 1991, Proceedings of the European Conference on Design Automation..

[86]  Jae-Young Jang,et al.  Tearing based abstraction for CTL model checking , 1996, ICCAD 1996.

[87]  Hiroshi Sawada,et al.  Minimization of binary decision diagrams based on exchanges of variables , 1991, 1991 IEEE International Conference on Computer-Aided Design Digest of Technical Papers.

[88]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[89]  Pierre Wolper,et al.  Verifying Properties of Large Sets of Processes with Network Invariants , 1990, Automatic Verification Methods for Finite State Systems.

[90]  Edmund M. Clarke,et al.  Model checking, abstraction, and compositional verification , 1993 .

[91]  Hassan. Saidig Automatic Veriication of Parameterized Networks of Processes by Abstraction , 1997 .

[92]  Doron A. Peled,et al.  Using partial-order methods in the formal validation of industrial concurrent programs , 1996, ISSTA '96.

[93]  Randal E. Bryant,et al.  Formal verification of superscalar microprocessors with multicycle functional units, exceptions, and branch prediction , 2000, Proceedings 37th Design Automation Conference.

[94]  Olivier Coudert,et al.  A Performance Study of BDD-Based Model Checking , 1998, FMCAD.

[95]  Henrik Reif Andersen,et al.  Stepwise CTL Model Checking of State/Event Systems , 1999, CAV.

[96]  Vlad Rusu,et al.  On Proving Safety Properties by Integrating Static Analysis, Theorem Proving and Abstraction , 1999, TACAS.