Property Directed Reachability for Automated Planning

Property Directed Reachability (PDR) is a very promising recent method for deciding reachability in symbolically represented transition systems. While originally conceived as a model checking algorithm for hardware circuits, it has already been successfully applied in several other areas. This paper is the first investigation of PDR from the perspective of automated planning. Similarly to the planning as satisfiability paradigm, PDR draws its strength from internally employing an efficient SAT-solver. We show that most standard encoding schemes of planning into SAT can be directly used to turn PDR into a planning algorithm. As a non-obvious alternative, we propose to replace the SAT-solver inside PDR by a planning-specific procedure implementing the same interface. This SAT-solver free variant is not only more efficient, but offers additional insights and opportunities for further improvements. An experimental comparison to the state of the art planners finds it highly competitive, solving most problems on several domains.

Download Full-text

A SAT-Based Planning Approach for Finding Logical Attacks on Cryptographic Protocols

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2020100101 ◽

2020 ◽

Vol 14 (4) ◽

pp. 1-21

Author(s):

Noureddine Aribi ◽

Yahia Lebbah

Keyword(s):

Model Checking ◽

State Of The Art ◽

Cryptographic Protocols ◽

Protocol Verification ◽

Planning Problem ◽

Multiparty Communication ◽

Planning Approach ◽

Security Properties ◽

Sat Solver ◽

Security Property

Cryptographic protocols form the backbone of digital society. They are concurrent multiparty communication protocols that use cryptography to achieve security goals such as confidentiality, authenticity, integrity, etc., in the presence of adversaries. Unfortunately, protocol verification still represents a critical task and a major cost to engineer attack-free security protocols. Model checking and SAT-based techniques proved quite effective in this context. This article proposes an efficient automatic model checking approach that exemplifies a security property violation. In this approach, a protocol verification is abstracted as a compact planning problem, which is efficiently solved by a state-of-the-art SAT solver. The experiments performed on some real-world cryptographic protocols succeeded in detecting new logical attacks, violating some security properties. Those attacks encompass both “type flaw” and “replay” attacks, which are difficult to tackle with the existing planning-based approaches.

Download Full-text

Model Checking Coloured Petri Nets - Exploiting Strongly Connected Components

DAIMI Report Series ◽

10.7146/dpb.v26i519.7048 ◽

1997 ◽

Vol 26 (519) ◽

Cited By ~ 26

Author(s):

Allan Cheng ◽

Søren Christensen ◽

Kjeld Høyer Mortensen

Keyword(s):

Model Checking ◽

Petri Nets ◽

The State ◽

Connected Components ◽

Coloured Petri Nets ◽

Transition Systems ◽

Strongly Connected Components ◽

State Spaces ◽

Labelled Transition Systems ◽

Strongly Connected

In this paper we present a CTL-like logic which is interpreted over the state spaces of Coloured Petri Nets. The logic has been designed to express properties of both state and transition information. This is possible because the state spaces are labelled transition systems. We compare the expressiveness of our logic with CTL's. Then, we present a model checking algorithm which for efficiency reasons utilises strongly connected components and formula reduction rules. We present empirical results for non-trivial examples and compare the performance of our algorithm with that of Clarke, Emerson, and Sistla.

Download Full-text

Framework for Generating Configurable SAT Solvers

Journal of Integrated Circuits and Systems ◽

10.29292/jics.v6i1.338 ◽

2011 ◽

Vol 6 (1) ◽

pp. 50-59

Author(s):

Bernardo C. Vieira ◽

Fabrício V. Andrade ◽

Antônio O. Fernandes

Keyword(s):

State Of The Art ◽

The State ◽

Equivalence Checking ◽

Decision Heuristics ◽

Sat Solvers ◽

The Third ◽

Sat Solver ◽

Run Time

The state-of-the-art SAT solvers usually share the same core techniques, for instance: the watched literals structure, conflict clause recording and non-chronological backtracking. Nevertheless, they might differ in the elimination of learnt clauses, as well as in the decision heuristic. This article presents a framework for generating configurable SAT solvers. The proposed framework is composed of the following components: a Base SAT Solver, a Perl Preprocessor, XML files (Solver Description and Heuristics Description files) to describe each heuristic as well as the set of heuristics that the generated solver uses. This solvers may use several techniques and heuristics such as those implemented in BerkMin, and in Equivalence Checking of Dissimilar Circuits, and also in Minisat. In order to demonstrate the effectiveness of the proposed framework, this article also presents three distinct SAT solver instances generated by the framework to address a complex and challenging industry problem: the Combinational Equivalence Checking problem (CEC).The first instance is a SAT solver that uses BerkMin and Dissimilar Circuits core techniques except the learnt clause elimination heuristic that has been adapted from Minisat; the second is another solver that combines BerkMin and Minisat decision heuristics at run-time; and the third is yet another SAT solver that changes the database reducing heuristic at run-time. The experiments demonstrate that the first SAT solver generated is a faster solver than state-of-the-art SAT solver BerkMin for several instances as well as for Minisat in almost every instance.

Download Full-text

Checking Opacity of Vulnerable Critical Systems On-The-Fly

International Journal of Information Technology and Web Engineering ◽

10.4018/ijitwe.2015010101 ◽

2015 ◽

Vol 10 (1) ◽

pp. 1-30 ◽

Cited By ~ 5

Author(s):

Amina Bourouis ◽

Kais Klai ◽

Yamen El Touati ◽

Nejib Ben Hadj-Alouane

Keyword(s):

Model Checking ◽

Efficient Algorithms ◽

The State ◽

Experimental Results ◽

Critical Systems ◽

State Explosion ◽

Transition Systems ◽

State Explosion Problem ◽

Formal Definitions ◽

Security Property

Opacity is a security property capturing a system's ability to keep a subset of its behavior hidden from passive, but knowledgeable, observers. In this paper we use the formal definitions of opacity in three of its forms (simple opacity, -step weak opacity and -step strong opacity), basing on finite Labeled Transition Systems as a model. Then we present efficient algorithms for verifying opacity in all these forms within the context of a hybrid, on-the-fly approach. This approach is based on the construction of a Symbolic Observation Graph (SOG) that allows not only the abstraction of the systems behavior but also the preservation of the structure necessary for conducting opacity checking. Our preliminary experimental results are promising and demonstrate effectiveness facing the state-explosion problem which represents the main drawback of existing model checking techniques.

Download Full-text

LLMC: Verifying High-Performance Software

Computer Aided Verification - Lecture Notes in Computer Science ◽

10.1007/978-3-030-81688-9_32 ◽

2021 ◽

pp. 690-703

Author(s):

Freark I. van der Berg

Keyword(s):

Model Checking ◽

Data Structures ◽

High Performance ◽

State Of The Art ◽

The State ◽

State Model ◽

Test Suite ◽

Model Checker ◽

Unit Tests

AbstractMulti-threaded unit tests for high-performance thread-safe data structures typically do not test all behaviour, because only a single scheduling of threads is witnessed per invocation of the unit tests. Model checking such unit tests allows to verify all interleavings of threads. These tests could be written in or compiled to LLVM IR. Existing LLVM IR model checkers like divine and Nidhugg, use an LLVM IR interpreter to determine the next state. This paper introduces llmc, a multi-core explicit-state model checker of multi-threaded LLVM IR that translates LLVM IR to LLVM IR that is executed instead of interpreted. A test suite of 24 tests, stressing data structures, shows that on average llmc clearly outperforms the state-of-the-art tools divine and Nidhugg.

Download Full-text

A Recursive Shortcut for CEGAR: Application To The Modal Logic K Satisfiability Problem

Proceedings of the Twenty-Sixth International Joint Conference on Artificial Intelligence ◽

10.24963/ijcai.2017/94 ◽

2017 ◽

Cited By ~ 3

Author(s):

Jean-Marie Lagniez ◽

Daniel Le Berre ◽

Tiago de Lima ◽

Valentin Montmirail

Keyword(s):

Model Checking ◽

Modal Logic ◽

State Of The Art ◽

The State ◽

Satisfiability Problem ◽

Abstraction Refinement ◽

Counter Example ◽

Complete Problems ◽

Large Systems ◽

Specific Implementation

Counter-Example-Guided Abstraction Refinement (CEGAR) has been very successful in model checking large systems. Since then, it has been applied to many different problems. It especially proved to be an highly successful practical approach for solving the PSPACE complete QBF problem. In this paper, we propose a new CEGAR-like approach for tackling PSPACE complete problems that we call RECAR (Recursive Explore and Check Abstraction Refinement). We show that this generic approach is sound and complete. Then we propose a specific implementation of the RECAR approach to solve the modal logic K satisfiability problem. We implemented both a CEGAR and a RECAR approach for the modal logic K satisfiability problem within the solver MoSaiC. We compared experimentally those approaches to the state-of-the-art solvers for that problem. The RECAR approach outperforms the CEGAR one for that problem and also compares favorably against the state-of-the-art on the benchmarks considered.

Download Full-text

Chapter 19. Planning and SAT

Frontiers in Artificial Intelligence and Applications - Handbook of Satisfiability ◽

10.3233/faia201003 ◽

2021 ◽

Author(s):

Jussi Rintanen

Keyword(s):

Artificial Intelligence ◽

Model Checking ◽

Bounded Model Checking ◽

Planning Problem ◽

Ai Planning ◽

Transition Systems ◽

Computer Aided ◽

Sat Solver ◽

Main Ideas ◽

Planning Problems

The planning problem in Artificial Intelligence was the first application of SAT to reasoning about transition systems and a direct precursor to the use of SAT in a number of other applications, including bounded model-checking in computer-aided verification. This chapter presents the main ideas about encoding goal reachability problems as a SAT problem, including parallel plans and different forms of constraints for speeding up SAT solving, as well as algorithms for solving the AI planning problem with a SAT solver. Finally, more general planning problems that require the use of QBF or other generalizations of SAT are discussed.

Download Full-text

A Formal Approach to Verify Parameterized Protocols in Mobile Cyber-Physical Systems

Mobile Information Systems ◽

10.1155/2017/5731678 ◽

2017 ◽

Vol 2017 ◽

pp. 1-10 ◽

Cited By ~ 3

Author(s):

Long Zhang ◽

Wenyan Hu ◽

Wanxia Qu ◽

Yang Guo ◽

Sikun Li

Keyword(s):

Model Checking ◽

Petri Net ◽

State Of The Art ◽

Cyber Physical Systems ◽

The State ◽

Safety Properties ◽

Memory Consumption ◽

Formal Approach ◽

New Approach ◽

Physical Systems

Mobile cyber-physical systems (CPSs) are very hard to verify, because of asynchronous communication and the arbitrary number of components. Verification via model checking typically becomes impracticable due to the state space explosion caused by the system parameters and concurrency. In this paper, we propose a formal approach to verify the safety properties of parameterized protocols in mobile CPS. By using counter abstraction, the protocol is modeled as a Petri net. Then, a novel algorithm, which uses IC3 (the state-of-the-art model checking algorithm) as the back-end engine, is presented to verify the Petri net model. The experimental results show that our new approach can greatly scale the verification capabilities compared favorably against several recently published approaches. In addition to solving the instances fast, our method is significant for its lower memory consumption.

Download Full-text

Lingeling Essentials, A Tutorial on Design and Implementation Aspects of the the SAT Solver Lingeling

10.29007/jhd7 ◽

2018 ◽

Author(s):

Armin Biere

Keyword(s):

Data Structures ◽

State Of The Art ◽

Design Principles ◽

The State ◽

Memory Usage ◽

Design And Implementation ◽

Sat Solver ◽

Compact Data Structures ◽

Cache Efficiency ◽

Implementation Aspects

One of the design principles of the state-of-the-art SAT solver Lingeling is to use as compact data structures as possible. These reduce memory usage, increase cache efficiency and thus improve run-time, particularly, when using multiple solver instances on multi-core machines, as in our parallel portfolio solver Plingeling and our cube and conquer solver Treengeling. The scheduler of a dozen inprocessing algorithms is an important aspect of Lingeling as well. In this talk we explain these design and implementation aspects of Lingeling and discuss new direction of solver design.

Download Full-text

BIRD: Engineering an Efficient CNF-XOR SAT Solver and Its Applications to Approximate Model Counting

Proceedings of the AAAI Conference on Artificial Intelligence ◽

10.1609/aaai.v33i01.33011592 ◽

2019 ◽

Vol 33 ◽

pp. 1592-1599 ◽

Cited By ~ 15

Author(s):

Mate Soos ◽

Kuldeep S. Meel

Keyword(s):

Probabilistic Reasoning ◽

State Of The Art ◽

Fundamental Problem ◽

Approximate Model ◽

Affirmative Answer ◽

The State ◽

Boolean Formula ◽

Wide Range ◽

Model Counting ◽

Sat Solver

Given a Boolean formula φ, the problem of model counting, also referred to as #SAT is to compute the number of solutions of φ. Model counting is a fundamental problem in artificial intelligence with a wide range of applications including probabilistic reasoning, decision making under uncertainty, quantified information flow, and the like. Motivated by the success of SAT solvers, there has been surge of interest in the design of hashing-based techniques for approximate model counting for the past decade. We profiled the state of the art approximate model counter ApproxMC2 and observed that over 99.99% of time is consumed by the underlying SAT solver, CryptoMiniSat. This observation motivated us to ask: Can we design an efficient underlying CNF-XOR SAT solver that can take advantage of the structure of hashing-based algorithms and would this lead to an efficient approximate model counter? The primary contribution of this paper is an affirmative answer to the above question. We present a novel architecture, called BIRD, to handle CNF-XOR formulas arising from hashingbased techniques. The resulting hashing-based approximate model counter, called ApproxMC3, employs the BIRD framework in its underlying SAT solver, CryptoMiniSat. To the best of our knowledge, we conducted the most comprehensive study of evaluation performance of counting algorithms involving 1896 benchmarks with computational effort totaling 86400 computational hours. Our experimental evaluation demonstrates significant runtime performance improvement for ApproxMC3 over ApproxMC2. In particular, we solve 648 benchmarks more than ApproxMC2, the state of the art approximate model counter and for all the formulas where both ApproxMC2 and ApproxMC3 did not timeout and took more than 1 seconds, the mean speedup is 284.40 – more than two orders of magnitude.

Download Full-text