Automatic Abstraction Refinement for GSTE - PowerPoint PPT Presentation

About This Presentation

Title:

Automatic Abstraction Refinement for GSTE

Description:

... O. Grumberg, Automatic refinement and vacuity detection for STE, CAV'06. J. Roorda, K. Clarssen, Sat-based assistance to abstraction refinement for STE, CAV'06 ... – PowerPoint PPT presentation

Number of Views:57

Avg rating:3.0/5.0

Slides: 28

Provided by: chen170

Learn more at: https://home.ttic.edu

Category:

more less

Transcript and Presenter's Notes

Title: Automatic Abstraction Refinement for GSTE

1
Automatic Abstraction Refinement for GSTE

Yan Chen, Yujing He, and Fei Xie
Portland State University
Jin Yang
Intel

Nov 13, 2007
2
Our Contributions

AutoGSTE An automatic approach to abstraction
refinement for GSTE
Quickly converge to good abstractions that enable
verifications that are not possible before
Allow assertion graphs to be high-level w/o
adapting too much to circuit implementation

3
Outline

Overview of (G)STE
Quaternary Abstraction and its Imprecision
Our Solution AutoGSTE
Counterexample-guided abstraction refinement
Model refinement and specification refinement
Experiments
Conclusion Future Work

4
Symbolic Trajectory Evaluation Bryant Seger

Scalability
Model checking complexity largely depends on the
complexity of the assertion rather than the
circuit
Pros Highly efficient
Cons
False negatives due to insufficient input
constraints
R. Tzoref, O. Grumberg, Automatic refinement and
vacuity detection for STE, CAV06
J. Roorda, K. Clarssen, Sat-based assistance to
abstraction refinement for STE, CAV06
Only properties over finite time ? GSTE

5
Generalized STE Yang Seger

?-regular properties represented by assertion
graphs
G (V, v0, E, ant, cons)
Non-deterministic execution
Fixed-point computation

6
GSTE Algorithm
Algorithm GSTE(G, post) ( initialize symbolic
simulation ) 1. for each edge e in G 2. if
e is from the initial vertex 3. sim(e)
ant(e) 4. put e in EventQueue 5.
else 6. sim(e) ( perform
symbolic simulation ) 7. while EventQueue is not
empty 8. get an edge e from the queue, 9.
for each successor edge e of e begin 10.
sim(e) sim(e) ? post(sim(e)) ?
ant(e) 11. if there is a change in
sim(e) 12. put e into EventQueue
end ( check consequence ) 13. for each
edge e in G14. if !(sim(e) ? cons(e))
return false 15. return true end.

7
Outline

Overview of (G)STE
Quaternary Abstraction and its Imprecision
Our Solution AutoGSTE
Counterexample-guided abstraction refinement
Model refinement and specification refinement
Experiments
Conclusion Future Work

8
Quaternary-Value Logic

Two sides of a coin
Significantly reduce state spaces by quaternary
abstraction ?
Over abstractions cause false negatives ?

(Conflict)
(Unknown)
Information Partial Order
Propagation of Unknown
9
Causes of False Negative Quaternary State Set
Unions
sim(e) sim(e) ? post(sim(e)) ? ant(e)
Check whether the output is always 1 under
certain inputs
Abs.
A
Out
1
1
X
1
1
B
10
Causes of False Negative Existentially
Quantified-Out Symbolic Variables
AX, BX OutABX
A
Out
B
Ac1, B(!c1c2) OutABc1(!c1c2)1
c1,c2 is existentially quantified out after every
single step simulation
11
Outline

Overview of (G)STE
Quaternary Abstraction and its Imprecision
Our Solution AutoGSTE
Counterexample-guided abstraction refinement
Model refinement and specification refinement
Experiments
Conclusion Future Work

12
AutoGSTE Automatic Abstraction Refinement
Circuit Impl.
Assertion Graph

Abstraction refinement (monotonic)
(1) Constraining inputs with symbolic
constants/variables
(2) Model refinement introducing precise nodes
(3) Spec refinement assertion graph
transformations

(1) GSTE
(3) Abstraction Refinement
Refined Abstraction
Assertion holds
Counter Example
(2) Counter Example Analysis
Causes of Imprecision
Assertion fails
Causes of imprecision in GSTEs quaternary
abstraction (1) Under-constrained inputs (2)
Quaternary state set unions (3) Existentially
quantified-out symbolic variables
13
Counter Example Analysis

Counter Example
(edge1,src1,dest1),,(edgeT, srcT,destT)
Identify X nodes in destT that violates
consequent on edgeT
Backtrack to identify the causes for X node N
In the end, the following causes will be
identified
Output circuit nodes/assertion edges on which Xs
are introduced.

14
AutoGSTE Automatic Abstraction Refinement
Circuit Impl.
Assertion Graph

Abstraction refinement
(1) Constraining inputs with symbolic
constants/variables
(2) Model refinement introducing precise nodes
(3) Spec refinement assertion graph
transformations

Symbolic Indexing (Verifier has to encode it in
the specification)

Abs.
Abs.
rew.
Partition
Finer Partition
rew.
16
Model Refinement (Cont.)

Precise Nodes Circuit nodes that must always
have boolean values by symbolic indexing
Yang and Seger, FMCAD02 Manually specify
precise nodes to eliminate Xs caused by both
unions and weaks.
AutoGSTE automatically marks precise nodes
Mark all the identified nodes as precise
Mark one node at a time (control signals first?)

17
Specification Refinement

Loop unrolling transformations address unions
Allow the specification to be high level
Dynamically adapt to the real computation flow of
the circuit

18
Specification Refinement (Cont.)

Automating loop unrolling
Unroll each problematic edge to prevent unwanted
state set unions

2
1
3
4
19
Specification Refinement (Cont.)

Case splitting transformations address weaks
Symbolic variables symbolically index a set of
edges with scalar values
Remember the variable values by case splitting

20
Outline

Overview of (G)STE
Quaternary Abstraction and its Imprecision
Our solution AutoGSTE
Counterexample-guided abstraction refinement
Model Refinement .vs. Specification Refinement
Experiments
Conclusion Future Work

21
Experiment FIFO
22
FIFO Model Refinement
Better than manual analysis!
23
FIFO Specification Refinement
Too complex to do manually!
24
(No Transcript)
25
(No Transcript)
26
(No Transcript)
27
Conclusion Future Work