To Split or to Conjoin: The Question in Image Computation 1 {mooni, University of Colorado at Boulder 2 Synopsys.

Slides:

Advertisements

Similar presentations

Model Checking Base on Interoplation

Advertisements

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

1 Title Page Implicit and Explicit Reachable State Space Exploration Of Esterel Logical Circuits Advisor :

Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

Hardware and Petri nets Symbolic methods for analysis and verification.

Querying Workflow Provenance Susan B. Davidson University of Pennsylvania Joint work with Zhuowei Bao, Xiaocheng Huang and Tova Milo.

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

CS357 Lecture: BDD basics David Dill 1. 2 BDDs (Boolean/binary decision diagrams) BDDs are a very successful representation for Boolean functions. A BDD.

Hash-Based Indexes The slides for this text are organized into chapters. This lecture covers Chapter 10. Chapter 1: Introduction to Database Systems Chapter.

Database Management Systems 3ed, R. Ramakrishnan and J. Gehrke1 Hash-Based Indexes Chapter 11.

Chapter 11 (3 rd Edition) Hash-Based Indexes Xuemin COMP9315: Database Systems Implementation.

ECE Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Syntax-driven partitioning for model-checking of Esterel programs Eric Vecchié - INRIA Aoste.

Reachability Analysis for AMS Verification using Hybrid Support Function and SMT- based Method Honghuang Lin, Peng Li Dept. of ECE, Texas A&M University.

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)

A Robust Algorithm for Approximate Compatible Observability Don’t Care (CODC) Computation Nikhil S. Saluja University of Colorado Boulder, CO Sunil P.

1 Hash-Based Indexes Yanlei Diao UMass Amherst Feb 22, 2006 Slides Courtesy of R. Ramakrishnan and J. Gehrke.

TH EDA NTHU-CS VLSI/CAD LAB 1 Re-synthesis for Reliability Design Shih-Chieh Chang Department of Computer Science National Tsing Hua University.

Bounded Model Checking EECS 290A Sequential Logic Synthesis and Verification.

Sanjit A. Seshia and Randal E. Bryant Computer Science Department

Reachability Analysis 290N: The Unknown Component Problem Lecture 14.

4/19/2005JHJ1 Structure-independent Sequential Equivalence Checking EE290A UC Berkeley Spring 2005.

Efficient Reachability Checking using Sequential SAT G. Parthasarathy, M. K. Iyer, K.-T.Cheng, Li. C. Wang Department of ECE University of California –

Reachability Analysis using AIGs (instead of BDDs?) 290N: The Unknown Component Problem Lecture 23.

Computation Engines: BDDs and SAT (part 2) 290N: The Unknown Component Problem Lecture 8.

ECE Synthesis & Verification - L211 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Verification Equivalence checking.

Solving Boolean Satisfiability (SAT) Problem Using the Unate Recursive Paradigm Priyank Kalla, Maciej Ciesielski Dept. of Elec. & Comp. Engineering University.

Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM-HRL.

ECE Synthesis & Verification - Lecture 10 1 ECE 697B (667) Spring 2006 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Binary.

ECE 667 Synthesis & Verification - BDD 1 ECE 667 ECE 667 Synthesis and Verification of Digital Systems Binary Decision Diagrams (BDD)

ECE 667 Synthesis and Verification of Digital Systems

Computing with Finite Automata (part 2) 290N: The Unknown Component Problem Lecture 10.

Foundations of Reachability Analysis EECS 290A Sequential Logic Synthesis and Verification Lecture 1.

Fast Spectral Transforms and Logic Synthesis DoRon Motter August 2, 2001.

7/13/2003BMC A SAT-Based Approach to Abstraction Refinement in Model Checking Bing Li, Chao Wang and Fabio Somenzi University of Colorado at Boulder.

Identifying Reversible Functions From an ROBDD Adam MacDonald.

Télécom 2A – Algo Complexity (1) Time Complexity and the divide and conquer strategy Or : how to measure algorithm run-time And : design efficient algorithms.

Algorithmic Software Verification V &VI. Binary decision diagrams.

SAGA: Array Storage as a DB with Support for Structural Aggregations SSDBM 2014 June 30 th, Aalborg, Denmark 1 Yi Wang, Arnab Nandi, Gagan Agrawal The.

Database Management Systems 3ed, R. Ramakrishnan and J. Gehrke1 Hash-Based Indexes Chapter 11 Modified by Donghui Zhang Jan 30, 2006.

Database Management Systems 3ed, R. Ramakrishnan and J. Gehrke1 Indexed Sequential Access Method.

On the Relation between SAT and BDDs for Equivalence Checking Sherief Reda Rolf Drechsler Alex Orailoglu Computer Science & Engineering Dept. University.

- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -

1 Verification of FSM Equivalence Goal: Verify that two sequential circuit implementations always produce the same sequence of outputs given the same sequence.

Verification & Validation By: Amir Masoud Gharehbaghi

A Decomposition Algorithm to Structure Arithmetic Circuits Ajay K. Verma, Philip Brisk, Paolo Ienne Ecole Polytechnique Fédérale de Lausanne (EPFL) International.

Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL

1 Distributed BDD-based Model Checking Orna Grumberg Technion, Israel Joint work with Tamir Heyman, Nili Ifergan, and Assaf Schuster CAV00, FMCAD00, CAV01,

Calculus-Based Optimization AGEC 317 Economic Analysis for Agribusiness and Management.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

1 Using Don’t Cares - full_simplify command Major command in SIS - uses SDC, ODC, XDC Key Questions: How do we represent XDC to a network? How do we relate.

2009/6/30 CAV Quantifier Elimination via Functional Composition Jie-Hong Roland Jiang Dept. of Electrical Eng. / Grad. Inst. of Electronics Eng.

Binary Decision Diagrams Prof. Shobha Vasudevan ECE, UIUC ECE 462.

Symbolic Model Checking of Software Nishant Sinha with Edmund Clarke, Flavio Lerda, Michael Theobald Carnegie Mellon University.

Complexity Relief Techniques for Model Checking METU, Aug SOFTWARE VERIFICATION WORKSHOP Hüsnü Yenigün Sabanci University Informatics Institute,

Hierarchical Image Computation with Dynamic Conjunction Scheduling Christoph Meinel and Christian Stangier FB IV - Informatik University of Trier Dagstuhl,

Hybrid BDD and All-SAT Method for Model Checking

D1 Miwa Makoto Chikayama & Taura Lab

Enhancing PDR/IC3 with Localization Abstraction

Introduction to Formal Verification

FPGA Glitch Power Analysis and Reduction

Research Status of Equivalence Checking at Zhejiang University

Discrete Controller Synthesis

State Abstraction Techniques for the Verification of Reactive Circuits

Fast Min-Register Retiming Through Binary Max-Flow

Presentation transcript:

To Split or to Conjoin: The Question in Image Computation 1 {mooni, University of Colorado at Boulder 2 Synopsys Inc. 3 Cadence Inc. In-Ho Moon 1, James Kukula 2 Kavita Ravi 3, Fabio Somenzi 1

2 Outline Introduction Image Computation Methods  Transition Relation Method  Transition Function Method Transition Relation vs. Function Methods Hybrid Image Computation Experimental Results Conclusions

3 Introduction Model Checking  The most widely used method in formal verification  Does the system (implementation) satisfy the property (specification)?  State space explosion BDD explosion in symbolic model checking  The explosion occurs mostly in intermediate BDDs during conjunctions in image/preimage computations. Image/Preimage Computations  Finding all successor/predecessor states from the given states at once, respectively  The key steps in symbolic model checking

4 Contribution Model Checking Reachability Analysis Image/Preimage Computations BDD Operations Symbolic

5 Image Computation Two approaches  Transition Relation Method [ICCAD90, DAC91] Conjunctions  Transition Function Method [IFIP89, ICCAD90] Recursive splitting Transition relation method is superior to transition function method in most cases In some cases, transition function method is more efficient than transition relation method.  Especially, in most cases of approximate reachability analysis.  Questions Why is that? What if we combine the two methods?

6 Transition Relation Method Image Computation  Img(T(x,w,y), C(x)) =  x,w. (  T i (x,w,y)  C(x)) Preimage Computation  Pre(T(x,w,y), C(y)) =  y,w. (  T i (x,w,y)  C(y)) Early Quantification   u. ( f(u, v)  g(v) ) = (  u. f(u, v) )  g(v)  Img(T, C) =  v 1. ( T 1  ···   v k. (T k  C)) 1  i  k

7 Transition Function Method Image Computation [IFIP89, ICCAD90]  Input Splitting  Output Splitting Preimage Computation  Simultaneous Substitution [CAV91]  Sequential Substitution [PhD92]  Domain Cofactoring [ICCAD98]

8 Transition Function Method (Cont’d) Input Splitting  Img(f(x,w), C(x)) = Img(f v, C v ) + Img(f v’, C v’ ) f = (f 1, …, f m ) : function vector v : splitting variable (x or w) Occurs most frequently in the supports [Cho96]  Constant Functions Img((f 1 =1, …, f m ), C) = y 1  Img((f 2, …, f m ), C) Img((f 1 =0, …, f m ), C) = y 1 ’  Img((f 2, …, f m ), C)  Terminal Cases Img(f, 0) = 0 Img(|f|  1, C) = 1 where f is non-constant & C  0 From the implementation point of view, we don’t need y variables in the transition function method.

9 Transition Function Method (Cont’d) Domain Cofactoring  Pre(f, C) = v Pre(f v, C) + v’ Pre(f v’, C) v : splitting variable (x)  Constant Functions Pre((f 1 =1, …, f m ), C) = Pre((f 2, …, f m ), C y 1 ) Pre((f 1 =0, …, f m ), C) = Pre((f 2, …, f m ), C y 1 ’ )  Terminal Cases Pre(f, 1) = 1 Pre(f, 0) = 0 Pre(|f|=0, C) = C  Optimization Drop f j if y j  support(C(y))

10 Transition Relation vs. Function Methods Transition Relation Methods  Based on conjunction  Needs two sets of state variables  Good : much faster in most cases  Bad : intermediate BDDs may grow very large Transition Function Methods  Based on splitting  Needs one set of state variables  Good : takes much less memory in most cases  Bad : may have too many recursive calls Question : Can we combine the merits of both methods?

11 Conjoin Hybrid Image Computation Static Hybrid Dynamic Hybrid Split

12 Dependence Matrix  m : the number of functions  n : the number of variables  d ij = 1 : i-th function depends on j-th variable n m = ( ) / (4 x 4) = 12 / 16 = 0.75 d1d2d3dmd1d2d3dm Quantify Conjunction From Average Variable Lifetime =  1  j  n (m - i j + 1) m  n

13 Examples (32-bit rotator & multiplier) No good quantification schedule Needs splitting Good quantification schedule May be easy for conjunctions

14 Example (hw_top & one submachine) Explains why splitting is better than conjunction in approximate reachability.

15 To Split or to Conjoin Variable lifetime  Conjoin if    Split otherwise Min/Max decision depth  Min : splitting may help for even small  Max : to avoid too deep recursions  Decide only between min and max depth

16 Experimental Results - 1 Time in Reachability Analysis

17 Experimental Results - 2 Time in Approximate Reachability Analysis

18 Experimental Results - 3 Time in Model Checking  Without Reachability Analysis

19 Conclusions We have presented a hybrid image method  Combining the conjunction and splitting approaches  Dynamic decision whether to split or to conjoin based on variable lifetime from the dependence matrix  Much more robust than either pure method The analysis of dependence matrix explains why splitting is better than conjunction in approximate reachability Future Work  Improve decision strategy  Analyze why the results for preimage were not as good as those for image

20 Range Computation Converting Image to Range Computation  Img(f, C) = Img(f  C, 1) = Img(f  C)   : constrain operator [CMD89b] Optimization Techniques  Decomposition due to disjoint support Img(f) = Img(f A ) Img(f B ) if support(f A )  support(f B ) = Ø  Identical and complementary components Img((f 1,f 2 )) = y1  y2 iff f 1 = f 2 = y1  y2 iff f 1 = f 2 ’  Identical subproblems Image cache

21 To Split or to Conjoin Variable lifetime  Conjoin if    Split otherwise Min/Max decision depth  Min : splitting may help for even small  Max : to avoid too deep recursions  Decide only between min and max depth Other considerations  Keep splitting only with improvement  Conjoin with big

22 Optimizations in Hybrid Method Essential Variables  C = e  C where e is a cube  Guarantee BddSize(T  e) < BddSize(T)  Dynamic turning on/off Combining Input and Output Splitting  Input splitting by default  Output splitting only when a function is a cube or the complement of a cube. Converting image to range computation  BddSize(T  C)  BddSize(T)  N  Dynamic turning on/off

23 Implementation of Hybrid Method Keeps only Transition Function  Build relations when to switch to conjoin  Overhead on building relations Keeps only Transition Relation  Splitting on transition relation  Cannot use the optimization techniques  Good for non-determinism Keeps both Transition Function and Relation  Splitting on both at the same time  Utilize the optimization techniques  Performs the best in most cases