Interpolant Compaction In Unbounded Model Checking Danilo - - PowerPoint PPT Presentation

interpolant compaction in
SMART_READER_LITE
LIVE PREVIEW

Interpolant Compaction In Unbounded Model Checking Danilo - - PowerPoint PPT Presentation

Feb 11, 2024 460 likes •884 views

Alpine Verification Meeting 2013, FBK, Trento, Italy. Optimization Techniques For Craig Interpolant Compaction In Unbounded Model Checking Danilo Vendraminetto PhD student at Formal Methods Group, Politecnico di Torino, Torino, Italy. Before

slide-1
SLIDE 1

Optimization Techniques For Craig Interpolant Compaction In Unbounded Model Checking

Danilo Vendraminetto

PhD student at Formal Methods Group, Politecnico di Torino, Torino, Italy. Alpine Verification Meeting 2013, FBK, Trento, Italy.

slide-2
SLIDE 2

Before starting..

 Talk in part based on a paper we presented at

DATE 2013 Conference:

Gianpiero Cabodi, C. Loiacono, D. Vendraminetto.

Optimization techniques for craig interpolant compaction in unbounded model checking. DATE 2013: 1417-1422

slide-3
SLIDE 3

3

Outline

 Motivations & background

 Hardware designs verification  Craig Interpolants in MC  ITP size compaction & scalability

 Contributions

 Redundancy removal and reduction of

 UNSAT proofs  Craig interpolants

 Heuristic procedure for scalable ITP compaction

 Experimental results & Conclusions

slide-4
SLIDE 4

4

Motivations

 Can ITPs compete with IC3 ?  Main limitations of ITP

 BMC-based model (vs. cube/clause-based reachability)  ITPs are highly redundant

IC3 ITP 2-level (AND-OR) characteristic functions Multiple level circuits Single instance of TR TR unrollings

slide-5
SLIDE 5

5

Motivations

 Can ITPs compete with IC3 ?  Main limitations of ITP

 BMC-based model (vs. cube/clause-based reachability)  ITPs are highly redundant

IC3 ITP 2-level (AND-OR) characteristic functions Multiple level circuits Single instance of TR TR unrollings

slide-6
SLIDE 6

6

Bounded Model Checking

 Trading off completeness for productivity

find BUGs !!!

I F T T T CNF clauses

SAT solver

Buggy states Initial states

Gianpiero Cabodi - IBM2011

slide-7
SLIDE 7

7

Interpolation [Craig’57]

 Given AB = 0  A’ = interpolant(A,B)

 A A’  A’B = 0  A’ refers only to common variables of A,B

 Interpolants from proofs

 Given a resolution refutation of AB  A' is derived in linear time and space

[Pudlak,Krajicek’97]

slide-8
SLIDE 8

8

Interpolation [McMillan’03]

 Interpolant as over-approx. image operator

 Over-approximation  Variable quantification

 Works whenever a representation of

backward reachable space is given

 A: From T (FWD)  B: paths to failure states (BWD)  A’: over-approx image

 Approx image is called adequate w.r.t. B

slide-9
SLIDE 9

9

ITP from refutation proof

A B CNF clauses

UNSAT problem (AB = 0)

slide-10
SLIDE 10

10

ITP from refutation proof

A B

Resolution graph

Null clause

slide-11
SLIDE 11

11

ITP from refutation proof

A B

Resolution graph

Null clause

Unsatisfiable core Resolution rule (A  p) (p  B) (A  B)

pivot variable

slide-12
SLIDE 12

12

ITP from refutation proof

A B Null clause

Unsatisfiable core Resolution rule (A  p) (p  B) (A  B)

slide-13
SLIDE 13

13

Interpolant from refutation proof

A B

Resolution graph

Null clause

AND-OR circuit

1 A’ = Interpolant (A,B)

slide-14
SLIDE 14

14

Interpolant from refutation proof

A B

Resolution graph

Null clause

AND-OR circuit

1 A’ = Interpolant (A,B) A gate for each resolution node

slide-15
SLIDE 15

Interpolant rules

 Interpolation is a circuit that follows the

structure of the proof

15

A = (p)(p  q) B = (q  r)(r)

(p) (p  q) (q) (q  r) (r) (r) ^ ^ ^ ^ q =q

slide-16
SLIDE 16

16

W V V’

Image+

From

T

T To+ To

slide-17
SLIDE 17

17

W V V’

Image+

From

T

T To+ To To+(V’) = IMG+(From,T) = Approx((V,W)From(v)T(V,W,V’))

slide-18
SLIDE 18

18

Adequate Image+

From

T

T To+ B To

slide-19
SLIDE 19

19

Adequate Image+

From

T

T To+ B To To+ adequate w.r.t. B

  • if To outside B
  • then To+ outside B
slide-20
SLIDE 20

20

Adequate Image+ by Interpolant

From

T

T To+ B To To+ = interpolant (From T,B)

slide-21
SLIDE 21

21

ITP

Rk,bwd F Fromi T T T T Toi T To+i

Standard ITP: to+i computed from appr. Fromi

A B

slide-22
SLIDE 22

22

Why use adequate IMG+ ?

 FWD approximate reachable states

 computed by adequate IMG+  do not intersect BWD reachable states

Rbwd R+ I F IMG+ adequate

slide-23
SLIDE 23

23

ITP compaction

Proof reduction ITP circuit compaction

Alternative proofs

  • different resolution schemes

BDD/SAT sweeping Const propagation Equivalent proofs

  • redundancy removal

ODC

Refactor rewrite

Resolution

graph

AND-OR

circuit

1

slide-24
SLIDE 24

24

ITP compaction

Proof reduction ITP circuit compaction

Alternative proofs

  • different resolution schemes

BDD/SAT sweeping Const propagation Equivalent proofs

  • redundancy removal

ODC

Refactor rewrite

Resolution

graph

AND-OR

circuit

1

Problem #1:

  • SCALABILITY
slide-25
SLIDE 25

25

Proof reduction

 Recycle-pivots [Bar-Inal & al. HVC08]

C1 (1 2 3) C2 (-2 4) C3 (1 3 4) C4 (-1 -2 5) C6 (2 6) C5 (-2 3 4 5) C7 (3 4 5 6) C1 (1 2 3) C2 (-2 4) C3 (1 3 4) C4 (-1 -2 5) C6 (2 6) C5 (-2 3 4 5) C7 (3 4 5 6)

slide-26
SLIDE 26

C1 (1 2 3) C2 (-2 4) C3 (1 3 4) C4 (-1 -2 5) C6 (2 6) C5 (-2 3 4 5) C7 (3 4 5 6) C2 (-2 4) C3 (-2 4) C6 (2 6) C5 (-2 4) C7 (4 6)

RL = {-2 1} RL = {-2}

RL denotes the Removable-Literals

Proof reduction

26

 Recycle-pivots + restruct proof [Bar-Inal & al.

HVC08]

slide-27
SLIDE 27

27

Our Contribution: exploit proof topology

slide-28
SLIDE 28

28

Our Contribution: exploit proof topology

Proof node chain

 Simpler data structure for proof reduction algorithms

and further techniques

slide-29
SLIDE 29

ITP Circuit Compaction

 Logic synthesis manipulations on the proof

 Constant propagation  BDD-based sweeping (for equivalences)  Observability Don’t Care (lightweight)

29

 Proof into AIG

 ODC (lightweight)  Logic synthesis

 rewrite / refactor, using ABC tool  AIG balance

 ITE-based decomposition (iff necessary)

slide-30
SLIDE 30

Observability don’t care

30

 If A == 0  out = 0 ; no matters f(.) or g(.)

 don’t-care set

A f(x, .. , A) g(x, .. , A)

  • ut
slide-31
SLIDE 31

Observability don’t care

31

 If A == 1  f(.) and g(.) can be simplified

 care set

A f(x, .. , 1) g(x, .. , 1)

  • ut
slide-32
SLIDE 32

ITP ITE decomposition

32

x1 xN ITP

slide-33
SLIDE 33

ITP ITE decomposition

33

x1 xN ITP 1

slide-34
SLIDE 34

ITP ITE decomposition

34

x1 xN ITP 1 Ni

slide-35
SLIDE 35

ITP0

ITP ITE decomposition

35

x1 xN ITP1 1 1

MUX 1 X Ni ITP1 ITP0 ITP

1 0 x1 xN

slide-36
SLIDE 36

Ad-Hoc ITP compaction

36

AigIteDecomp (ITP)

if (max recursions || |ITP| < th) standardLogicSynth (ITP) do search node Ni with highest FO

ITE(Ni,ITP1,ITP0) //compute cofactors; equals to ITP

if (accept (ITE decomp)) //size-based heuristic AigIteDecomp (Ni) AigIteDecomp (ITP1) AigIteDecomp (ITP0) ITP = ITE(Ni,ITP1,ITP0) while max try reached

slide-37
SLIDE 37

37

Experimental results

 Framework: PdTrav

 State-of-the-art academic Model Checker  HWMCC ’07 to ‘12

  • Ranked 1st at 2010 Model Checking Competition – UNSAT

category

 ITP compaction => better MC runs  Experience on IBM & Intel benchmarks

slide-38
SLIDE 38

200 400 600 800 1000 1200 Time [s] Circuit name Best Opt Time Std Itp Time

Experimental results

slide-39
SLIDE 39

39

Conclusions

 ITP-based MC heavily relies on scalability,

i.e. ability to compact ITPs

 We developed effective techniques to

compact ITPs.

 Scalable techniques, applied incrementally

 Best suited as a second engine

 Hard-to-prove properties (hard for IC3)  Explosion of standard interpolation  Can afford extra time (for memory)

slide-40
SLIDE 40

40

Thank you!