Introduction Verification Analysis Summary Combining SAT solving with Integer Programming for Inductive Verification of Lustre Programs 3rd December 2004 Anders Franz´ en Combining SAT and ILP
Introduction Verification Analysis Summary Outline Introduction 1 The Lustre programming language Temporal induction Propositional logic Verification 2 The decision procedure (SAT + Integer Programming) Variants of the basic algorithm Analysis 3 Test plan Comparison with Luke Anders Franz´ en Combining SAT and ILP
Introduction Verification Analysis Summary Outline Introduction 1 The Lustre programming language Temporal induction Propositional logic Verification 2 The decision procedure (SAT + Integer Programming) Variants of the basic algorithm Analysis 3 Test plan Comparison with Luke Anders Franz´ en Combining SAT and ILP
Introduction Verification Analysis Summary Outline Introduction 1 The Lustre programming language Temporal induction Propositional logic Verification 2 The decision procedure (SAT + Integer Programming) Variants of the basic algorithm Analysis 3 Test plan Comparison with Luke Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary Lustre node Counter ( X : bool ) returns ( C : int ); var PC : int; let PC = 0 → pre C; C = if X then PC + 1 else PC; tel node Prop( X : bool ) returns ( OK : bool ); let OK = Counter( X ) ≥ 0; tel Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary Verification by induction Assume property valid at time Prove property valid in n , prove property valid at time initial time point n + 1 X 1 X n X n + 1 ❄ PC 0 PC 1 ❄ ❄ T ✲ ✲ PC n − 1 PC n PC n + 1 T T ✲ ✲ ✲ OK 1 ❄ OK n ! OK n + 1 ? ❄ ❄ Induction incomplete for unbounded integers Lustre with unbounded integers Turing-complete Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary Verification by induction Assume property valid at time Prove property valid in n , prove property valid at time initial time point n + 1 X 1 X n X n + 1 ❄ PC 0 PC 1 ❄ ❄ T ✲ ✲ PC n − 1 PC n PC n + 1 T T ✲ ✲ ✲ OK 1 ❄ OK n ! OK n + 1 ? ❄ ❄ Induction incomplete for unbounded integers Lustre with unbounded integers Turing-complete Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary Verification by induction Assume property valid at time Prove property valid in n , prove property valid at time initial time point n + 1 X 1 X n X n + 1 ❄ PC 0 PC 1 ❄ ❄ T ✲ ✲ PC n − 1 PC n PC n + 1 T T ✲ ✲ ✲ OK 1 ❄ OK n ! OK n + 1 ? ❄ ❄ Induction incomplete for unbounded integers Lustre with unbounded integers Turing-complete Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary Verification by induction Assume property valid at time Prove property valid in n , prove property valid at time initial time point n + 1 X 1 X n X n + 1 ❄ PC 0 PC 1 ❄ ❄ T ✲ ✲ PC n − 1 PC n PC n + 1 T T ✲ ✲ ✲ OK 1 ❄ OK n ! OK n + 1 ? ❄ ❄ Induction incomplete for unbounded integers Lustre with unbounded integers Turing-complete Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary Verification by induction Assume property valid at time Prove property valid in n , prove property valid at time initial time point n + 1 X 1 X n X n + 1 ❄ PC 0 PC 1 ❄ ❄ T ✲ ✲ PC n − 1 PC n PC n + 1 T T ✲ ✲ ✲ OK 1 ❄ OK n ! OK n + 1 ? ❄ ❄ Induction incomplete for unbounded integers Lustre with unbounded integers Turing-complete Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary Propositional logic Short introduction Example A clause is a set of literals. At { p , q } least one literal must be true. A formula is a set of clauses. All clauses must be true. Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary Propositional logic Short introduction Example A clause is a set of literals. At { p , q } least one literal must be true. { p , ¬ q , r } A formula is a set of clauses. {¬ q , ¬ r } All clauses must be true. Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary SAT solving Example Search for a satisfying variable assignment { p , q } { p , ¬ q , r } Choose a variable, and assign {¬ q , ¬ r } at value to it Infer consequences Repeat until all variables assigned, or a conflict found Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary SAT solving Example Search for a satisfying variable assignment { p , q } { p , ¬ q , r } Choose a variable, and assign {¬ q , ¬ r } at value to it Infer consequences p = ⊥ Repeat until all variables assigned, or a conflict found Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary SAT solving Example Search for a satisfying variable assignment { p , q } { p , ¬ q , r } Choose a variable, and assign {¬ q , ¬ r } at value to it Infer consequences p = ⊥ Repeat until all variables assigned, or a conflict found Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary SAT solving Example Search for a satisfying variable assignment { p , q } { p , ¬ q , r } Choose a variable, and assign {¬ q , ¬ r } at value to it Infer consequences p = ⊥ = ⊤ Repeat until all variables q assigned, or a conflict found Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary SAT solving Example Search for a satisfying variable assignment { p , q } { p , ¬ q , r } Choose a variable, and assign {¬ q , ¬ r } at value to it Infer consequences p = ⊥ = ⊤ Repeat until all variables q assigned, or a conflict found r = ⊤ and ⊥ ?? Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary SAT solving Example { p , q } Search for a satisfying variable { p , ¬ q , r } assignment {¬ q , ¬ r } Analyze reason for conflict = ⊥ p Add conflict clause q = ⊤ Backtrack and continue ⊤ and ⊥ ?? r = Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary SAT solving Example { p , q } Search for a satisfying variable { p , ¬ q , r } assignment {¬ q , ¬ r } Analyze reason for conflict = ⊥ p Add conflict clause q = ⊤ Backtrack and continue ⊤ and ⊥ ?? r = Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary SAT solving Example { p , q } Search for a satisfying variable { p , ¬ q , r } assignment {¬ q , ¬ r } Analyze reason for conflict { p } Add conflict clause p = ⊥ Backtrack and continue ⊤ q = r = ⊤ and ⊥ ?? Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary SAT solving Example { p , q } Search for a satisfying variable { p , ¬ q , r } assignment {¬ q , ¬ r } Analyze reason for conflict { p } Add conflict clause Backtrack and continue Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary SAT solving Example { p , q } Search for a satisfying variable { p , ¬ q , r } assignment {¬ q , ¬ r } Analyze reason for conflict { p } Add conflict clause p = ⊤ Backtrack and continue Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary SAT solving Example { p , q } Search for a satisfying variable { p , ¬ q , r } assignment {¬ q , ¬ r } Analyze reason for conflict { p } Add conflict clause p = ⊤ Backtrack and continue ⊥ q = Anders Franz´ en Combining SAT and ILP
Introduction The Lustre programming language Verification Temporal induction Analysis SAT Summary SAT solving Example { p , q } Search for a satisfying variable { p , ¬ q , r } assignment {¬ q , ¬ r } Analyze reason for conflict { p } Add conflict clause p = ⊤ Backtrack and continue ⊥ q = r = ⊥ Anders Franz´ en Combining SAT and ILP
Recommend
More recommend
