BDD vs' Constraint Based Model Checking: An Experimental Evaluation for Asynchronous Concurrent Syst - PowerPoint PPT Presentation

About This Presentation
Title:

BDD vs' Constraint Based Model Checking: An Experimental Evaluation for Asynchronous Concurrent Syst

Description:

Efficient representation for boolean functions ... this could be due to inefficient encoding of booleans in constraint representation ... – PowerPoint PPT presentation

Number of Views:79
Avg rating:3.0/5.0
Slides: 49
Provided by: tevf
Category:

less

Transcript and Presenter's Notes

Title: BDD vs' Constraint Based Model Checking: An Experimental Evaluation for Asynchronous Concurrent Syst


1
BDD vs. Constraint Based Model Checking An
Experimental Evaluation for Asynchronous
Concurrent Systems
  • Tevfik Bultan
  • Department of Computer Science
  • University of California, Santa Barbara
  • bultan_at_cs.ucsb.edu
  • http//www.cs.ucsb.edu/bultan/

2
Outline
  • Concurrency problems
  • Symbolic model checking
  • Functionality required for symbolic model
    checking
  • BDD representation
  • Constraint representation
  • Experimental results
  • Related work
  • Conclusions

3
Program Bakery Data Variables a, b positive
integer Control Variables pc1, pc2 T, W,
C Initial Condition ab0 pc1T1
pc2T2 Events eT1 pc1T pc1W ab1 eW1
pc1W (altb b0) pc1C eC1 pc1C pc1T
a0 eT2 pc2T pc2W ba1 eW2 pc2W
(blta a0) pc2C eC2 pc2C pc2T
b0 BAKERY AG(!(pc1c pc2C))
4
Program Barber Data Variables
cinchair,cleave,bavail, bbusy,bdone positive
integer Control Variables pc1,pc2,pc3
1,2 Initial Condition cinchaircleavebavail
bbusybdone0 pc1pc2pc31 Events eHairCut1
pc11 pc12 cinchairltbavail
cinchaircinchair1 eHairCut2 pc12 pc11
cleaveltbdone cleavecleave1 eNext1 pc21
pc22 bavailbavail1 eNext2 pc22
pc21 bbusyltcinchair bbusybbusy1 eFinis
h1 pc31 pc32 bdoneltbbusy
bdonebdone1 eFinish2 pc32 pc31
bdonecleave
5
BARBER AG(cinchair gtcleave
bavailgtbbusygtbdone cinchairltbavail
bbusyltcinchair cleaveltbdone) BARBER-1
AG(cinchairgtcleave bavailgtbbusygtbdone) BARBE
R-2 AG(cinchairltbavail bbusyltcinchair) BA
RBER-3 AG(cleaveltbdone)
6
ProgramReaders-Writers Data Variables nr, nw
positive integer Initial Condition
nrnw0 Events eReaderEnter nw0
nrnr1 eReaderExit nrgt0 nrnr-1 eWriterEnte
r nr0 nw 0 nwnw1 eWriterExit nwgt0
nwnw-1 READERS-WRITERS AG((nr0 nw0)
nwlt1)
7
Program Bounded-Buffer Parameterized Constant
size positive integer Data Variables available,
produced, consumed positive integer Initial
Condition producedconsumed0 available
size Events eProduce 0ltavailable
producedproduced1 availableavailable-1 eC
onsume availableltsize consumedconsumed1
availableavailable1
8
BOUNDED-BUFFER AG(produced-consumedsize-avai
lable 0ltavailableltsize) BOUNDED-BUFFER-1
AG(produced-consumedsize-available) BOUNDED-B
UFFER-2 AG(0ltavailableltsize) BOUNDED-BUFFER-3
AG(0ltproduced-consumedltsize)
9
Program Circular-Queue Parameterized Constant
size positive integer Data Variables
occupied,head,tail, produced, consumed
positive integer Initial Conditionoccupiedheadt
ail producedconsumed0 Events eProduce
occupiedltsize occupiedoccupied1
producedproduced1 (tailsize tail0
tailltsize tailtail1) eConsume occupiedgt0
occupiedoccupied-1 consumedconsumed1
(headsize head0 headltsize headhead1)
10
CIRCULAR-QUEUE AG(0ltproduced-consumedltsize
produced-consumedoccupied) CIRCULAR-QUEUE-1
AG(0ltproduced-consumedltsize) CIRCULAR-QUEUE
-2 AG(produced-consumedoccupied)
11
Model Checking
  • Given a program and a temporal property p
  • Either show that all the initial states satisfy
    the temporal property p
  • set of initial states ? truth set of p
  • Or find an initial state which does not satisfy
    the property p
  • a state ? set of initial states ? truth set of ?p

12
Temporal Properties ? Fixpoints
  • EF p ? p ? (EX p) ? EX (EX p) ?

1
2
3
13
Temporal Properties ? Fixpoints
  • Note that
  • AG p ? ? EF( ? p )
  • Other temporal operators can also be represented
    as fixpoints
  • AF p , EG p , p AU q , p EU q

14
Tools Required for Model Checking
  • Basic set operations intersection, union, set
    difference
  • to handle ? ? ?
  • Equivalence Checking
  • to check if the fixpoint is reached
  • Relational image computation
  • for precondition operation EX

15
Functionality of a Symbolic Representation
  • Symbolic And(Symbolic,Symbolic)
  • Symbolic Or(Symbolic,Symbolic)
  • Symbolic Not(Symbolic)
  • Boolean Equivalent(Symbolic,Symbolic)
  • Symbolic EX(Symbolic)

16
BDDs
  • Efficient representation for boolean functions
  • Disjunction, conjunction complexity at most
    quadratic
  • Negation complexity constant
  • Equivalence checking complexity constant or
    linear
  • Image computation complexity can be exponential

17
BDD encoding for Integer Variables
  • Systems with bounded integer variables can be
    represented using BDDs
  • Use a binary encoding
  • represent integer x as x0x1x2... xk
  • where x0, x1, x2, ... , xk are binary variables
  • You have to be careful about the variable
    ordering!

18
Integers in SMV
  • SMV represents integers using a binary encoding
  • In the BDD variable ordering current and next
    state bits of an integer variable are interleaved
  • good for x x
  • Bits of different variables are not interleaved
  • What happens when we have x y ?

19
x2 x2 x1 x1 x0 x0 y2 y2
y1 y1 y0 y0
We have to remember every x bit until this point
for x y
20
William Chans Ordering
  • Using a preprocessor converts integer variables
    to boolean variables
  • Interleaves bits of all integer variables in the
    BDD ordering
  • Results with much better performance for systems
    with integer variables

21
Linear Arithmetic Constraints
  • Constraints
  • Constraint representation

? ai xi c
? ai xi ? c
1 ? i ? n
1 ? i ? n
? ? constraintkl
1 ? k ? h
1 ? l ? m
22
Linear Arithmetic Constraints
  • Can be used to represent unbounded integers
  • Disjunction complexity linear
  • Conjunction complexity quadratic
  • Negation complexity can be exponential
  • Equivalence checking complexity can be
    exponential
  • Image computation complexity can be exponential

23
Image Computation in Omega Library
  • Extension of Fourier-Motzkin variable elimination
    for real variables
  • Eliminating one variable from a conjunction of
    constraints may double the number of constraints
  • Integer variables complicate the problem even
    further

24
Fourier-Motzkin Variable Elimination
  • Given two constraints ? ? bz and az ? ? we have
  • a? ? abz ? b?
  • We can eliminate z as
  • ?z . a? ? abz ? b? if and only if a? ? b?
  • Every upper and lower bound pair can generate a
    separate constraint, the number of constraints
    can double for each eliminated variable


real shadow
25
Integers are More Complicated
  • If z is integer
  • ?z . a? ? abz ? b? if a? (a - 1)(b - 1) ?
    b?
  • Remaining solutions can be characterized using
    periodicity constraints in the following form
  • ?z . ? i bz

dark shadow
26
Consider the constraints
?y . 0 ? 3y x ? 7 ? 1? x 2y ? 5
We get the following bounds for y
2x ? 6y
6y ? 2x 14
6y ? 3x - 3
3x - 15 ? 6y
When we combine 2 lower bounds with 2 upper
bounds we get four constraints
0 ? 14 , 3 ? x , x ? 29 , 0 ? 12
Result is 3 ? x ? 29
27
y
x 5 ? 2y
2y ? x 1
x ? 3y
3y ? x 7
29
3
x
dark shadow
real shadow
28
Systems with Bounded Integer Variables
  • BDDs and constraint representations are both
    applicable
  • Which one is better?

29
Experiments
  • Intel Pentium PC (500MHz, 128MByte main memory)
  • Three approaches are compared
  • SMV
  • SMV with Chans interleaved variable ordering
  • Omega library model checker

30
(No Transcript)
31
(No Transcript)
32
(No Transcript)
33
(No Transcript)
34
(No Transcript)
35
(No Transcript)
36
(No Transcript)
37

38
BAKERY AG(!(pc1c pc2C))
BARBER AG(cinchair gtcleave bavailgtbbusygtbdon
e cinchairltbavail bbusyltcinchair
cleaveltbdone) BARBER-1 AG(cinchairgtcleave
bavailgtbbusygtbdone) BARBER-2
AG(cinchairltbavail bbusyltcinchair) BARBER-3
AG(cleaveltbdone)
READERS-WRITERS AG((nr0 nw0) nwlt1)
BOUNDED-BUFFER AG(produced-consumedsize-availabl
e 0ltavailableltsize) BOUNDED-BUFFER-1
AG(produced-consumedsize-available) BOUNDED-BUFFE
R-2 AG(0ltavailableltsize) BOUNDED-BUFFER-3
AG(0ltproduced-consumedltsize)
CIRCULAR-QUEUE AG(0ltproduced-consumedltsize
produced-consumedoccupied) CIRCULAR-QUEUE-1
AG(0ltproduced-consumedltsize) CIRCULAR-QUEUE-2
AG(produced-consumedoccupied)
39
SMV (interleaved)
Omega
Each integer variable is restricted to 0 ? i ?
1024
40
SMV (interleaved)
Omega
Each integer variable is restricted to 0 ? i ?
1024
Size of the buffer is restricted to 0 ? size ? 16
41
Constraint-Based VerificationNot a New Idea
  • Cooper 71 used a decision procedure for
    Presburger arithmetic to verify sequential
    programs represented in a block form
  • Cousot and Halbwachs 78 used real arithmetic
    constraints to discover invariants of sequential
    programs

42
Constraint-Based Verification
  • Halbwachs 93 constraint based delay analysis
    in synchronous programs
  • Halbwachs et al. 94 verification of linear
    hybrid systems using constraint representations
  • Alur et al. 96 HyTech, a model checker for
    hybrid systems

43
Constraint-Based Verification
  • Boigelot and Wolper 94 symbolic verification
    with periodic sets
  • Bultan et al. 97, 99 used Presburger
    arithmetic constraints for model checking
    concurrent systems
  • Delzanno and Podelski 99 built a model checker
    using constraint logic programming framework

44
BDD-Based Verification
  • Bryant 86 Reduced ordered BDDs
  • Coudert et al. 90 BDD-based verification
  • Burch et al. 90 Symbolic model checking
  • McMillan 93 SMV

45
Combining BDDs and Constraints
  • Chan et al. 97 combining BDD representation
    with a constraint solver (it can handle nonlinear
    constraints but the transition system is
    restricted)
  • Bultan et al. 98, 00 combining different
    symbolic representations in one model checker
    (combined BDDs and linear arithmetic constraints
    in a disjunctive form)

46
Automata-Based Representations
  • Klarlund et al. 95 MONA, an automata
    manipulation tool for verification
  • Wolper and Boigelot verification using
    automata as a symbolic representation
  • Kukula et al. 98 application of automata based
    verification to hardware verification

47
Automata vs. Constraint Representation
  • Kukula et al. 98 comparison of automata and
    constraint-based verification
  • comparison based on reachability analysis
  • no clear winner
  • on some cases automata based approach seems to
    show asymptotic advantage
  • this could be due to inefficient encoding of
    booleans in constraint representation

48
Conclusions
  • Constraint-based representations can be more
    efficient for integer variables with large
    domains
  • BDD-based model checking is more robust
  • Constraint-based model checkers can handle
    infinite state systems
  • Constraint-based model checking suffers from
    inefficient representation of variables with
    small domains
  • I believe there is room for improvement for
    constraint-based model checking techniques
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "BDD vs' Constraint Based Model Checking: An Experimental Evaluation for Asynchronous Concurrent Syst" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!