On Combining 01X-Logic and QBF Marc Herbstritt (joint work with - - PowerPoint PPT Presentation
On Combining 01X-Logic and QBF Marc Herbstritt (joint work with Bernd Becker) Institute of Computer Science Albert-Ludwigs-University Freiburg im Breisgau, Germany Presentation at EuroCAST 2007 Applied Formal Verification Track Feb 14 2007
(joint work with Bernd Becker)
Institute of Computer Science Albert-Ludwigs-University Freiburg im Breisgau, Germany
Presentation at EuroCAST 2007 Applied Formal Verification Track Feb 14 2007
www.avacs.org
Formal Verification of Circuits
→ Checking correctness between specification and implementation
Model Checking
→ Specification given by a set of (temporal) properties → Model Checking to prove that circuit model fulfills the properties → Bounded Model Checking to falsify properties
Blackbox Designs
→ describe partial circuit implementations → occur naturally in early design phase → can be used for abstraction
This work:
→ Bounded Model Checking of Blackbox Designs (BB-BMC) → Merge two approaches for BB-BMC: 01X-logic and QBF → Flexibility to counteract computational complexity of QBF
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 2 / 14
Formal Verification of Circuits
→ Checking correctness between specification and implementation
Model Checking
→ Specification given by a set of (temporal) properties → Model Checking to prove that circuit model fulfills the properties → Bounded Model Checking to falsify properties
Blackbox Designs
→ describe partial circuit implementations → occur naturally in early design phase → can be used for abstraction
This work:
→ Bounded Model Checking of Blackbox Designs (BB-BMC) → Merge two approaches for BB-BMC: 01X-logic and QBF → Flexibility to counteract computational complexity of QBF
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 2 / 14
Formal Verification of Circuits
→ Checking correctness between specification and implementation
Model Checking
→ Specification given by a set of (temporal) properties → Model Checking to prove that circuit model fulfills the properties → Bounded Model Checking to falsify properties
Blackbox Designs
→ describe partial circuit implementations → occur naturally in early design phase → can be used for abstraction
This work:
→ Bounded Model Checking of Blackbox Designs (BB-BMC) → Merge two approaches for BB-BMC: 01X-logic and QBF → Flexibility to counteract computational complexity of QBF
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 2 / 14
Formal Verification of Circuits
→ Checking correctness between specification and implementation
Model Checking
→ Specification given by a set of (temporal) properties → Model Checking to prove that circuit model fulfills the properties → Bounded Model Checking to falsify properties
Blackbox Designs
→ describe partial circuit implementations → occur naturally in early design phase → can be used for abstraction
This work:
→ Bounded Model Checking of Blackbox Designs (BB-BMC) → Merge two approaches for BB-BMC: 01X-logic and QBF → Flexibility to counteract computational complexity of QBF
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 2 / 14
1
Introduction
2
An Example: Equivalence Checking of Blackbox Designs
3
Combining 01X-Logic and QBF
4
Application to Bounded Model Checking of Blackbox Designs
5
Experimental Results
6
Conclusions
BCD−ADD MUX MUX
A B Shifter
MUX MUX
ALU
C3540: ALU with binary and BCD arithmetic, logic and shift operations.
BCD−SUB (Source: Hansen, Yalcin, Hayes − Unveiling the ISCAS85 Benchmarks, IEEE Design&Test, 1999)
1
Abstraction: Hide components that are not necessary
2
Verification of Partial Designs: E.g. in early design stage
3
Error Diagnosis: Localisation of error
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 4 / 14
BCD−ADD MUX MUX
A B Shifter
MUX MUX
ALU
BCD−SUB
enc(A,bin) + enc(B,bin) ?
1
Abstraction: Hide components that are not necessary
2
Verification of Partial Designs: E.g. in early design stage
3
Error Diagnosis: Localisation of error
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 4 / 14
enc(A, ) + enc(B, ) ?
but only on encoding
Blackbox Blackbox
MUX MUX
A B
MUX MUX
ALU Blackbox
Property is not dependent
bin bin bin
binary
1
Abstraction: Hide components that are not necessary
2
Verification of Partial Designs: E.g. in early design stage
3
Error Diagnosis: Localisation of error
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 4 / 14
Blackbox Blackbox
MUX MUX
A B
MUX MUX
ALU
Implementation of Shifter and BCD−SUB unit not finished
BCD−ADD
enc(A,bin) + enc(B,bin) ?
1
Abstraction: Hide components that are not necessary
2
Verification of Partial Designs: E.g. in early design stage
3
Error Diagnosis: Localisation of error
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 4 / 14
MUX MUX
A B
MUX MUX
ALU Blackbox
BCD−SUB
Shifter
within the blackbox region Check whether error lies
1
Abstraction: Hide components that are not necessary
2
Verification of Partial Designs: E.g. in early design stage
3
Error Diagnosis: Localisation of error
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 4 / 14
x1 x2x3 x4 f S x1 x2x3 x4 f BB
1
Can f BB
1
be completed such that f S and f BB
1
are equal,
1
already different?
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 5 / 14
01X-Logic (Jain et al., VTS’00)
Introduce logical value X, i.e., X means unknown Binary encoding of logical values: 01X-value binary encoding (1,0) 1 (0,1) X (0,0) Adapt synthesis operators:
AND01X ((a0, a1), (b0, b1)) := (a0 + b0, a1 · b1) OR01X ((a0, a1), (b0, b1)) := (a0 · b0, a0 + b0) NOT01X ((a0, a1)) := (a1, a0)
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 5 / 14
x1 f
M,0 ENC−OR ENC−AND XEK XEK ENC−XOR ENC−AND ENC−OR ENC−OR ENC−ANDx1
1x
1x
1x x x
1x
2 2 3 3 4 40 0 f
M,1Build miter for f S and f BB
1
Replace blackbox output by new logical value X Encode miter circuit using AND01X, OR01X, and NOT01X Solve propositional problem ⇒ (0, 0, 1, 0) is a counterexample
[f S(0, 0, 1, 0) = 1 = 0 = f BB
1 (0, 0, 1, 0)]
Propositional problem to solve
∃ x0
1x1 1 x0 2x1 2 x0 3x1 3 x0 4x1 4 :
((¬f M,0) · f M,1)(x0
1, x1 1, x0 2, x1 2, x0 3, x1 3, x0 4, x1 4) = 1.
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 5 / 14
x1 x2x3 x4 f S
x1x2x3x4 f S f BB,01X
3
0000 X 0001 X 0010 1 1 0011 1 1 0100 1 1 0101 1 1 0110 1 X 0111 1 X 1000 1 1 1001 1 1 1010 1 1 1011 1 1 1100 1 1 1101 1 1 1110 1 1 1111 1 1
x1 x2x3 x4 f BB
3
No counterexample can be found using 01X-logic.
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 6 / 14
QBF counterexample formulation
Instead of new logical value X, introduce fresh propositional variables Zi for blackbox output i Counterexample (CE): An input assignment such that for all values of the blackbox ouputs Zi, f S and f BB
3
differ.
∃ x1 x2 x3 x4 ∀Z1 : f S(x1, x2, x3, x4) = f BB
3 (x1, x2, x3, x4, Z1)
⇒ (0, 1, 1, 0) is a counterexample.
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 6 / 14
x1 x2x3 x4 f S x1 x2x3 x4 f BB
4 BB BB 1 2
QBF formulation finds counterexample
∃ x1 x2 x3 x4 ∀Z1 Z2 : f S(x1, x2, x3, x4) = f BB
4 (x1, x2, x3, x4, Z1, Z2)
(0, 0, 0, 0) is a counterexample.
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 7 / 14
f BB
4
f BB
4
x1 x2 x3 x4 f S (Z1, Z2-var) (Z1-var + 01X) 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Mixing 01X-Logic and QBF formulation
BB2 can be modelled using 01X-logic ⇒ (0, 0, 0, 0) is CE.
∃ x1 x2 x3 x4 ∀Z1 : f S(x1, x2, x3, x4) = f BB
4 (x1, x2, x3, x4, Z1, X)
But how to combine 01X-logic and QBF?
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 7 / 14
A first shot for mixing 01X-Logic and QBF
Apply the same quantifier to encoding variables: ∃ x0
1x1 1 x0 2x1 2 x0 3x1 3 x0 4x1 4 ∀Z0 1Z1 1 Z0 2Z1 2 : ((¬f M,0) · f M,1) = 1.
This is incorrect, since ... ∀Z0
i Z1 i checks (0, 0), (0, 1), (1, 0), (1, 1), i.e., X01X, 101X, 001X, and
(1, 1) is not an 01X-value! Zi is a propositional variable, not a 01X-variable!
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 7 / 14
Correct Transformation for 01X-Logic and QBF
We know: 001X = (1, 0) 101X = (0, 1) The transformation consists of two steps:
1
∀Zi ⇒ ∀Z0
i ∃Z1 i
2
Now, when Z0
i is assigned, we have to force either 001X or 101X by
adding two clauses: (Z0
i → (¬Z1 i ))
to force 001X ((¬Z0
i ) → Z1 i )
to force 101X
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 7 / 14
QBF for CEC of f S and f BB
4
∃ x0
1x1 1 x0 2x1 2 x0 3x1 3 x0 4x1 4 ∀Z0 1 ∃Z1 1 ∃T :
(((¬f M,0) · f M,1) = 1)CNF· (Z0
1 → (¬Z1 1)) · ((¬Z0 1) → Z1 1).
Pros and cons for mixing 01X-logic and QBF
Pros: Eliminating universal quantified variables Cons: Binary encoding increases number of existential quantified variables
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 7 / 14
Basic Modelling
Use propositional variable Z(i,j) for output j of blackbox BBi Counterexample has to be valid for all possible blackbox behaviours ⇒ variables Z(i,j) are universally quantified (∀) Counterexample states the existence of a series of input assignments leading to a state that violates the property ⇒ primary inputs x0, x1, . . . , xn are existentially quantified (∃)
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 8 / 14
IOC(β, d) is a predicate that assures that timed instantiations of all combinational blackboxes behave uniform within different time frames (for β-many blackboxes and unfolding depth d).
1 1 1 1 . . . . . . . . . . . . BB xi
n−1
xi
1
xi si
k−1
si
0 si 1
BB xj
n−1
xj
1
sj
0 sj 1
sj
k−1
xj
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 9 / 14
Simulation-driven counterexample formulation ϕCE
d
:= ∃x0 ∃s0 ∃χ0
0 ∀γ0 0 . . . ∃χ0 β−1 ∀γ0 β−1
∃x1 ∃s1 ∃χ1
0 ∀γ1 0 . . . ∃χ1 β−1 ∀γ1 β−1
. . . ∃xd−1 ∃sd−1 ∃χd−1 ∀γd−1 . . . ∃χd−1
β−1 ∀γd−1 β−1
∃sd : IOC(β, d) →
Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 10 / 14
Sequence of input assignments ϕCE
d
:= ∃x0 ∃s0 ∃χ0
0 ∀γ0 0 . . . ∃χ0 β−1 ∀γ0 β−1
∃x1 ∃s1 ∃χ1
0 ∀γ1 0 . . . ∃χ1 β−1 ∀γ1 β−1
. . . ∃xd−1 ∃sd−1 ∃χd−1 ∀γd−1 . . . ∃χd−1
β−1 ∀γd−1 β−1
∃sd : IOC(β, d) →
Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 10 / 14
Sequence of states ϕCE
d
:= ∃x0 ∃s0 ∃χ0
0 ∀γ0 0 . . . ∃χ0 β−1 ∀γ0 β−1
∃x1 ∃s1 ∃χ1
0 ∀γ1 0 . . . ∃χ1 β−1 ∀γ1 β−1
. . . ∃xd−1 ∃sd−1 ∃χd−1 ∀γd−1 . . . ∃χd−1
β−1 ∀γd−1 β−1
∃sd : IOC(β, d) →
Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 10 / 14
Blackbox input assignments (dependent on current state and primary inputs) ϕCE
d
:= ∃x0 ∃s0 ∃χ0
0 ∀γ0 0 . . . ∃χ0 β−1 ∀γ0 β−1
∃x1 ∃s1 ∃χ1
0 ∀γ1 0 . . . ∃χ1 β−1 ∀γ1 β−1
. . . ∃xd−1 ∃sd−1 ∃χd−1 ∀γd−1 . . . ∃χd−1
β−1 ∀γd−1 β−1
∃sd : IOC(β, d) →
Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 10 / 14
Universal quantification of blackbox outputs (due to falsification of realizability) ϕCE
d
:= ∃x0 ∃s0 ∃χ0
0 ∀γ0 0 . . . ∃χ0 β−1 ∀γ0 β−1
∃x1 ∃s1 ∃χ1
0 ∀γ1 0 . . . ∃χ1 β−1 ∀γ1 β−1
. . . ∃xd−1 ∃sd−1 ∃χd−1 ∀γd−1 . . . ∃χd−1
β−1 ∀γd−1 β−1
∃sd : IOC(β, d) →
Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 10 / 14
PicoJava/biu from VIS benchmark suite introduced single defects (e.g., IPF = Input Phase Fault) added 3 blackboxes “around” the error for finite unfoldings wrt. BMC, we generated QBFs with different modelling of multiple blackboxes:
all BBs with 01X 1 BB with Zi, 2 BBs with 01X 2 BBs with Zi, 1 BB with 01X 3 BBs with Zi 3 BBs with Zi, but no encoding (MTV’06)
applied combination of QBF pre-processor qubepp and QBF solver qube3.0 (versions as of 2007-01-02 and 2006-11-23, resp.)
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 11 / 14
10 20 30 40 50 60 70 5 10 15 20
Time [s] Unfolding depth k
biu.mv.xl_ao.bb-b003-p020-IPF06-c01
3 BBs with Zi 2 BBs with Zi 1 BB with Zi pure Zi (Zi,Zi,Zi) (01X,Zi,Zi) (Zi,01X,Zi) (Zi,Zi,01X) (01X,01X,Zi) (01X,Zi,01X) (Zi,01X,01X) (01X,01X,01X)
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 11 / 14
0.01 0.1 1 10 100 1 2 3 4 5 6 7 8
Time [s] (logscale) Unfolding depth k
biu.mv.xl_ao.bb-b003-p020-IPF01-c05
3 BBs with Zi 2 BBs with Zi 1 BB with Zi pure Zi (Zi,Zi,Zi) (01X,Zi,Zi) (Zi,01X,Zi) (Zi,Zi,01X) (01X,01X,Zi) (01X,Zi,01X) (Zi,01X,01X) (01X,01X,01X)
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 11 / 14
Conclusions
We have combined 01X-logic and QBF in the context of blackbox designs. This combination enables flexible modelling of multiple blackboxes. Experimental results for BMC of blackbox designs showed the feasibility.
Future Work
Submission of selected QBF examples to QBFEVAL’07. More experimental results will be available in forthcoming technical report. ...
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 12 / 14
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 13 / 14
Acknowledgements
Christoph Scholl, Stefan Disch, and Tobias Nopper for fruitful discussions
References
Jain et al., “Testing, Verification, and Diagnosis in the Presence of Unknowns”, VTS’00 Kuehlmann et al., “Robust Boolean Reasoning for Equivalence Checking and Functional Property Verification”, TCAD’02 Scholl, Becker, “Checking Equivalence for Partial Implementations”, DAC’01 Herbstritt, Becker, “On SAT-based Bounded Invariant Checking of Blackbox Designs”, MTV’05 Herbstritt, Becker, Scholl, “Advanced SAT-Techniques for Bounded Model Checking of Blackbox Designs”, MTV’06
c Marc Herbstritt (University Freiburg) On Combining 01X-Logic and QBF AFV@EuroCAST’07 14 / 14