Symbolic Guided Search for CTL Model Checking

1
Symbolic Guided Search for CTL Model Checking

• Roderick Bloem(University of Colorado at
  Boulder),
• Kavita Ravi(Cadence Design Systems),
• Fabio Somenzi(University of Colorado at Boulder)

2
Overview

• Motivation
• Guided Search
• Under- and Overapproximations
• Nested Fixpoints
• Experimental Results
• Example greatest common divisor

3
Motivation

• Setting Symbolic Model Checking, using CTL.
• CTL is evaluated using fixpoints
• Problem BDD blowup in fixpoint computations

4
Example

• Gcd is an algorithm to compute the greatest
  common divisor using Euclids algorithm.
• We check the property (start AF finish).
• This is a greatest fixpoint.
• It is hard wide registers.

5
Gcd
6
BDD explosion during fixpoint
Breadth-First Search
iterations
Time 1100s.
7
Guided Search

• A least fixpoint is computed using
  underapproximations to transition relation T.
• Let T1,,Tn be underapproximations to the
  transition relation, with Tn T, and let R E(p
  U q). Let
• l R1 E(p U q) using T1
• l Ri1 E(p U Ri ) using Ti1
• Then Rn R.
• Similarly, overapproximations can be used for
  greatest fixpoints.

8
Underapproximations for Least Fixpoints
Roderick Bloem This slide will contain an
animation that shows how underapproximations
(red, green, blue) can be used to compute an
exact LFP. O.K. Let me know if you need any
assistance Carla Otten
p
9
Hints

• A hint is an assertion on the system. It can be
  used for underapproximation
• T T h,
• or for overapproximation
• T T h.

10
Hints

• Hints are chosen to simplify the system.
  Examples
• Use a simple mode of operation
• Sequencing registers
• Narrowing the data path

11
Benefits of Guided Search

• 1. Simplifies transition relation
• 2. Explores regular subsets of the state space
• 3. Reuses computed information
• 4. Possible termination without using full
  transition relation.

12
Hints for Gcd

• We force the MSBs of the registers to zero, and
  free them one by one
• h1 (x71 0 y71 0),
• h2 (x72 0 y72 0),
• h3 (x73 0 y73 0),
• hn true.

13
Hints for Gcd
14
Hints for Gcd
Time 1100s for BFS, 22s for Guided Search.
15
Local and Global Hints

• CTL formulas are nested fixpoints. Two ways to
  apply hints1. Locally Evaluate each
  subformula separately, using all
  hints.2. Globally Evaluate the entire formula
  once per hint, storing intermediate
  results.Global hints work only for ACTL/ECTL
  formulae.

16
Speedup with Guided Search
17
Conclusions

• We introduced Guided Search for CTL
• backward search,
• least and greatest fixpoints,
• nested fixpoints.
• Guided Search avoids BDD blowup byavoiding hard
  to represent regionsof the state space and
  simplifying the transition relation.