Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trading-off SAT search and Variable Quantifications for effective Unbounded Model Checking G. Cabodi P. Camurati L. Garcia M. Murciano S. Nocco S. Quer.

Published byAubrie Simpson Modified over 9 years ago

Similar presentations

Presentation on theme: "Trading-off SAT search and Variable Quantifications for effective Unbounded Model Checking G. Cabodi P. Camurati L. Garcia M. Murciano S. Nocco S. Quer."— Presentation transcript:

1 Trading-off SAT search and Variable Quantifications for effective Unbounded Model Checking G. Cabodi P. Camurati L. Garcia M. Murciano S. Nocco S. Quer Politecnico di Torino Torino, Italy

2  Background  Motivations  Core  Contribution A: Divide  Contribution B: & Conquer  Contribution C: Integrated Approach (Bwd + ITP)  Experimental Results  Conclusions  Future Works Outline

3 Background: UMC as a Reachability Problem Counterexample trace Buggy states Initial states

4 Buggy states Initial states R fwd R bwd R fwd : Reached from (fix-point) : Can reach (fix-point) R bwd Background: UMC as a Reachability Problem

5 Background: SAT based UMC  k-induction [Sheeran2000]  All-solution SAT [McMillan2002, Kang2003, Ganai2004]  Circuit based quantification [Williams2000, Abdulla2000]  Abstraction & Refinement  Localization reduction [Kurshan1994]  Predicate abstraction [Clarke2003, Jain2004]  Craig Interpolation [Graig1957, McMillan2003]

6 Interpolant [Craig1957]  Given A  B = 0  A' = ITP (A, B) A   A' A'  B = 0 A' refers only to common.variables of A and B Interpolant

7  A' can be derived in linear time from the refutation proof of A  B [Pudlak1997, Krajicek1997] Interpolant [Craig1957]  Given A  B = 0  A' = ITP (A, B) A   A' A'  B = 0 A' refers only to common.variables of A and B

8 A B Resolution graph AND-OR circuit 1 One gate for each graph node Null clause A' = ITP (A,B) A  B is UNSAT CNF Clauses Interpolant [Craig1957]  Given A  B = 0  A' = ITP (A, B) A   A' A'  B = 0 A' refers only to common.variables of A and B

9 Interpolant [McMillan2003]  Interpolant as Image Operator  Over-approximation  Variable quantification  Works whenever a representation of backward reachable space is given  A  From  T (forward)  B  Paths to failure states (backward)  A'  Over-approximated Image (Img + )  Img + is called adequate w.r.t. B

10 Img + PI V V'V' To From T

11 Img + PI V V'V' To + (V') = Img + (From,T) = Approx[  (V,PI) From(V)  T(V,PI,V')] To From To + T

12 Img + - Adequate To + adequate w.r.t. B when if To is outside B then To + is outside B as well B PI V V'V' To From To + T To + = ITP (From  T, B)

13 Fwd approximate reachable states computed by adequate Img + do not intersect Bwd reachable states R bwd R I RiRi B Img (R i,T) Img + - Adequate Img + Adq (R i,T, R bwd )

14 R I RiRi B ≤k≤k R k, bwd Img + - k-Adequate Img (R i,T) When R bwd it is not known it is replaced by backward circuit unrolling of increasing depth k Img + Adq (R i,T, R k,bwd )

15 Interpolant Model Checking do Cone = CircuitUnroll (B, T, k) res = FiniteRun (I, T, Cone) k = k + 1 while (res = undecided) FiniteRun (I, T, Cone) if (SAT ( I Λ T Λ Cone)) return (reachable) R = I while (true) Img + = Img + Adq (T, R, Cone) if (Img + = undefined) return (undecided) if (Img +  R) return (unreachable) R = R ν Img +

16 Interpolant Model Checking do Cone = CircuitUnroll (B, T, k) res = FiniteRun (I, T, Cone) k = k + 1 while (res = undecided) Abstraction & Refinement loop FiniteRun (I, T, Cone) if (SAT ( I Λ T Λ Cone)) return (reachable) R = I while (true) Img + = Img + Adq (T, R, Cone) if (Img + = undefined) return (undecided) if (Img +  R) return (unreachable) R = R ν Img +

17 Interpolant Model Checking do Cone = CircuitUnroll (B, T, k) res = FiniteRun (I, T, Cone) k = k + 1 while (res = undecided) Approximated Reachability loop FiniteRun (I, T, Cone) if (SAT ( I Λ T Λ Cone)) return (reachable) R = I while (true) Img + = Img + Adq (T, R, Cone) if (Img + = undefined) return (undecided) if (Img +  R) return (unreachable) R = R ν Img +

18 Interpolant Model Checking do Cone = CircuitUnroll (B, T, k) res = FiniteRun (I, T, Cone) k = k + 1 while (res = undecided) Img + (R i,T) k-adequate (T, F) FiniteRun (I, T, Cone) if (SAT ( I Λ T Λ Cone)) return (reachable) R = I while (true) Img + = Img + Adq (T, R, Cone) if (Img + = undefined) return (undecided) if (Img +  R) return (unreachable) R = R ν Img +

19 Interpolant Model Checking do Cone = CircuitUnroll (B, T, k) res = FiniteRun (I, T, Cone) k = k + 1 while (res = undecided) FiniteRun (I, T, Cone) if (SAT ( I Λ T Λ Cone)) return (reachable) R = I while (true) Img + = Img + Adq (T, R, Cone) if (Img + = undefined) return (undecided) if (Img +  R) return (unreachable) R = R ν Img + Bound increment BMC check find a trace (Overapproximated) Fix-point reached

20 Motivations  Refutation proofs follow SAT solver runs  SAT heuristics do NOT target resolution graph (and unsatisfiable core) minimization  Not unique (depend on SAT heuristics)  Difficult UNSAT instances  Large interpolants  Interpolant circuits need aggressive optimizations (BDD/SAT sweeping + logic synthesis)  Highly redundant  AND-OR circuits (just negations on inputs) are not optimal

21 Contributions  Partitioned Adequate Image Computation A Divide & Conquer Approach  Across different methods Compute partial state sets Use to restrict search space  Within Partitioned Adequate Image (interpolant)

22 Contributions  Partitioned Adequate Image Computation A Divide & Conquer Approach  Across different methods Compute partial state sets Use to restrict search space  Within Partitioned Adequate Image (interpolant) R3R3 R2R2 R1R1 R0R0 R3R3 R2R2 R1R1 R0R0 10 Circuit View State Set View Contribution A/1

23 Contributions  Partitioned Adequate Image Computation A Divide & Conquer Approach  Across different methods Compute partial state sets Use to restrict search space  Within Partitioned Adequate Image (interpolant) R3R3 R2R2 R1R1 R0R0 Circuit View R3R3 R2R2 R1R1 R0R0 R3R3 R2R2 R1R1 R0R0 v Partitioned Circuit View Contribution A/2

24 Contributions  Partitioned Adequate Image Computation A Divide & Conquer Approach  Across different methods Compute partial state sets Use to restrict search space  Within Partitioned Adequate Image (interpolant) R3R3 R2R2 R1R1 R0R0 R3R3 R2R2 R1R1 R0R0 v Partitioned Circuit + State Set v R3R3 R2R2 R1R1 R0R0 Contribution B

25 Contributions  Backward & Interpolation An integrated Approach  Compute (partial) backward state sets by Circuit quantification SAT- enumeration  Check backward fix point (SAT)  Eventually forward interpolant (using partitioned image) R3R3 R2R2 R1R1 R0R0 Circuit View R3R3 R2R2 R1R1 R0R0 v R3R3 R2R2 R1R1 R0R0 Circuit + State View Contribution C

26 LazyE (Cone) G = Cone forall v ∈ PI tmp =  v G if (|tmp| < th · |G|) G = tmp return (G) Contribution A/1: Partial Quantification 0 1 0 1 0 0 1 1 Quantify variable if size under control otherwise keep unquantified Cone  v1v0 Cone

27 LazyE (Cone) G = Cone forall v ∈ PI tmp =  v G if (|tmp| < th · |G|) G = tmp return (G) Contribution A/1: Partial Quantification  v1v0 Cone Try  PI Cone if (not all quantification accepted) work not finished  operator on circuit by OR-ing cofactors exponential blow-up, unless tight sharing (by SAT/BDD sweeping)

28 10 AIG 2 BDD 10 Quantification on BDDs BDD 2 AIG LazyEBDD (Cone) (ConeBdd, CutV, CutF) = AIG2BDD (Cone) G = ANDEBDD (ConeBdd, CutVari, CutFi) if (|G| < th · |Cone|) return (BDD2AIG(G)) else return (Cone) Contribution A/1: Partial Quantification Adopting BDDs Quantify variable if size under control otherwise keep unquantified

29 10 BDD 2 AIG LazyEBDD (Cone) (ConeBdd, CutV, CutF) = AIG2BDD (Cone) G = ANDEBDD (ConeBdd, CutVari, CutFi) if (|G| < th · |Cone|) return (BDD2AIG(G)) else return (Cone) Contribution A/1: Partial Quantification Adopting BDDs Early Quantification Schedule 10 10 10 10 10 BDDs with Cut Points AIG 2 BDD Quantification on BDDs

30 LazyESubset (Cone) G = Cone σ = SAT (Cone) forall v ∈ PI tmp =  v G if (|tmp| < th · |G|) G = tmp else G = G| Ѡ i=σ[vi] return (G) 0 1 0 1 0 0 1 1 Contribution A/1: Partial Quantification with Subsetting Quantify variable if size under control otherwise set to constant 0/1 value Cone

31 LazyESubset (Cone) G = Cone σ = SAT (Cone) forall v ∈ PI tmp =  v G if (|tmp| < th · |G|) G = tmp else G = G| Ѡ i=σ[vi] return (G) 1 0 1 0 1 1 Contribution A/1: Partial Quantification with Subsetting Quantify variable if size under control otherwise set to constant 0/1 value Result is subset of a state set R ¯ k,bwd  R k,bwd =  PI Cone 0 0 Cone

32 Contribution A/1  If we are very lucky we move from R3R3 R2R2 R1R1 Circuit unrolling (Cone) R0R0

33 R3R3 R2R2 R1R1 R0R0 Contribution A/1 R3R3 R2R2 R1R1 R0R0 10  If we are very lucky we move from  to State set (Back) Circuit unrolling (Cone)

34 Contribution A/1  If we are NOT very lucky we move from R3R3 R2R2 R1R1 Circuit unrolling (Cone) R0R0

35 Contribution A/1  If we are NOT very lucky we move from  to R3R3 R2R2 R1R1 Circuit unrolling (Cone) R0R0

36 Contribution A/1 Cone Back ¯  If we are NOT very lucky we move from  to R3R3 R2R2 R1R1 Circuit unrolling (Cone) R0R0

37 Contribution A/1 v Cone ¯ Simplify (Cone,  Back ¯ ) (by redundancy removal)  If we are NOT very lucky we move from  to R3R3 R2R2 R1R1 Circuit unrolling (Cone) R0R0 Back ¯

38 Contribution A/2: Cone 0 v Cone 1 Cone = Cone 1 v Cone 2 v Cone 3 v … v Cone n

39 Contribution A/2: Cone 0 v Cone 1 Cone = Cone 1 v Cone 2 v Cone 3 v … v Cone n F F F F V V V Circuit unrollings are disjunction of circuit unrollings

40 Contribution B: How to Conquer I RiRi F T TT T T Img + Adq (I, T, Cone) Img (I, T) Cone

41 Img + Adq (I, T, Cone) Contribution B: How to Conquer I RiRi F T TT T T Img (I, T) Disjunction of Cones Cone Img + Adq (I, T, Cone)= Img + Adq (I, T, Cone 1 v Cone 2 )

42 Img + Adq (I, T, Cone)= Img + Adq (I, T, Cone 1 v Cone 2 ) = Img + Adq (I,T,Cone 1 )  Img + Adq (I,T,Cone 2 ) Img + Adq (I, T, Cone) Contribution B: How to Conquer I RiRi F T TT T T Img (I, T) Cone Conjunction of Images

43 Img + Adq (I, T, Cone)= Img + Adq (I, T, Cone 1 v Cone 2 ) = Img + Adq (I,T,Cone 1 )  Img + Adq (I,T,Cone 2 ) Contribution B: How to Conquer I RiRi F T TT T T Img (I, T) Cone 1 Cone 2 Img + Adq (I, T, Cone)

44 = Img + Adq (I, T, Cone 1 v Cone 2 ) = Img + Adq (I,T,Cone 1 )  Img + Adq (I,T,Cone 2 ) Contribution B: How to Conquer I RiRi F T TT T T Img (I, T) Cone 1 Img + Adq (I, T, Cone)

45 = Img + Adq (I, T, Cone 1 v Cone 2 ) = Img + Adq (I,T,Cone 1 )  Img + Adq (I,T,Cone 2 ) Contribution B: How to Conquer I RiRi F T TT T T Img (I, T) Cone 1 Img + Adq (I, T, Cone 1 )

46 Img + Adq (I, T, Cone)= Img + Adq (I, T, Cone 1 v Cone 2 ) = Img + Adq (I,T,Cone 1 )  Img + Adq (I,T,Cone 2 ) Contribution B: How to Conquer I RiRi F T TT T T Img (I, T) Cone 2

47 Img + Adq (I, T, Cone)= Img + Adq (I, T, Cone 1 v Cone 2 ) = Img + Adq (I,T,Cone 1 )  Img + Adq (I,T,Cone 2 ) Contribution B: How to Conquer I RiRi F T TT T T Img (I, T) Cone 2 Img + Adq (I, T, Cone 2 )

48 Contribution B: How to Conquer I RiRi T T Img (I, T) Img + Adq (I, T, Cone) Img + Adq (I, T, Cone 1 ) Img + Adq (I, T, Cone)= Img + Adq (I, T, Cone 1 v Cone 2 ) = Img + Adq (I,T,Cone 1 )  Img + Adq (I,T,Cone 2 ) Img + Adq (I, T, Cone 2 ) F TT T

49 IntegratedMC (I, T, F) set initial values do res = undecided Cone k = Cone k−1 (T) if (SAT(I  (Cone k v BckR¯ ))) return (reachable) fp = CheckFP (Cone k, BckR¯, Cone 0..k−1 ) if (fp = true) return (unreachable) (Cone k, BckR¯) = LazyE/BDD/Subset (Cone k, BckR¯) if (fp = undecided) Cone¯ = Simplify (Cone, ¬BckR¯) res = FiniteRun2 (I, T, Cone¯, BckR¯) increase bound while (res = undecided) Contribution C: Backward + Interpolation

50 Backward Reachability Section Interpolant Section Contribution C: Backward + Interpolation IntegratedMC (I, T, F) set initial values do res = undecided Cone k = Cone k−1 (T) if (SAT(I  (Cone k v BckR¯ ))) return (reachable) fp = CheckFP (Cone k, BckR¯, Cone 0..k−1 ) if (fp = true) return (unreachable) (Cone k, BckR¯) = LazyE/BDD/Subset (Cone k, BckR¯) if (fp = undecided) Cone¯ = Simplify (Cone, ¬BckR¯) res = FiniteRun2 (I, T, Cone¯, BckR¯) increase bound while (res = undecided) Loop by Increasing Back Unrolling BMC checks for Cex

51 Contribution C: Backward + Interpolation IntegratedMC (I, T, F) set initial values do res = undecided Cone k = Cone k−1 (T) if (SAT(I  (Cone k v BckR¯ ))) return (reachable) fp = CheckFP (Cone k, BckR¯, Cone 0..k−1 ) if (fp = true) return (unreachable) (Cone k, BckR¯) = LazyE/BDD/Subset (Cone k, BckR¯) if (fp = undecided) Cone¯ = Simplify (Cone, ¬BckR¯) res = FiniteRun2 (I, T, Cone¯, BckR¯) increase bound while (res = undecided) Composition

52 Contribution C: Backward + Interpolation IntegratedMC (I, T, F) set initial values do res = undecided Cone k = Cone k−1 (T) if (SAT(I  (Cone k v BckR¯ ))) return (reachable) fp = CheckFP (Cone k, BckR¯, Cone 0..k−1 ) if (fp = true) return (unreachable) (Cone k, BckR¯) = LazyE/BDD/Subset (Cone k, BckR¯) if (fp = undecided) Cone¯ = Simplify (Cone, ¬BckR¯) res = FiniteRun2 (I, T, Cone¯, BckR¯) increase bound while (res = undecided) I SAT ? reachable

53 Contribution C: Backward + Interpolation IntegratedMC (I, T, F) set initial values do res = undecided Cone k = Cone k−1 (T) if (SAT(I  (Cone k v BckR¯ ))) return (reachable) fp = CheckFP (Cone k, BckR¯, Cone 0..k−1 ) if (fp = true) return (unreachable) (Cone k, BckR¯) = LazyE/BDD/Subset (Cone k, BckR ¯) if (fp = undecided) Cone¯ = Simplify (Cone, ¬BckR¯) res = FiniteRun2 (I, T, Cone¯, BckR¯) increase bound while (res = undecided) FP ? unreachable CheckFP = SAT + All Solution SAT

54 Contribution C: Backward + Interpolation IntegratedMC (I, T, F) set initial values do res = undecided Cone k = Cone k−1 (T) if (SAT(I  (Cone k v BckR¯ ))) return (reachable) fp = CheckFP (Cone k, BckR¯, Cone 0..k−1 ) if (fp = true) return (unreachable) (Cone k, BckR¯) = LazyE/BDD/Subset (Cone k, BckR¯) if (fp = undecided) Cone¯ = Simplify (Cone, ¬BckR¯) res = FiniteRun2 (I, T, Cone¯, BckR¯) increase bound while (res = undecided) v Lazy Circuit Quantification (partial and with subsetting)

55 Contribution C: Backward + Interpolation IntegratedMC (I, T, F) set initial values do res = undecided Cone k = Cone k−1 (T) if (SAT(I  (Cone k v BckR¯ ))) return (reachable) fp = CheckFP (Cone k, BckR¯, Cone 0..k−1 ) if (fp = true) return (unreachable) (Cone k, BckR¯) = LazyE/BDD/Subset (Cone k, BckR¯) if (fp = undecided) Cone¯ = Simplify (Cone, ¬BckR¯) res = FiniteRun2 (I, T, Cone¯, BckR¯) increase bound while (res = undecided) v False Result (Easy to check)

56 Contribution C: Backward + Interpolation IntegratedMC (I, T, F) set initial values do res = undecided Cone k = Cone k−1 (T) if (SAT(I  (Cone k v BckR¯ ))) return (reachable) fp = CheckFP (Cone k, BckR¯, Cone 0..k−1 ) if (fp = true) return (unreachable) (Cone k, BckR¯) = LazyE/BDD/Subset (Cone k, BckR¯) if (fp = undecided) Cone¯ = Simplify (Cone, ¬BckR¯) res = FiniteRun2 (I, T, Cone¯, BckR¯) increase bound while (res = undecided) v Redundancy removal with partial state sets as don’t care Undecided Result (Hard to check)

57 Contribution C: Backward + Interpolation IntegratedMC (I, T, F) set initial values do res = undecided Cone k = Cone k−1 (T) if (SAT(I  (Cone k v BckR¯ ))) return (reachable) fp = CheckFP (Cone k, BckR¯, Cone 0..k−1 ) if (fp = true) return (unreachable) (Cone k, BckR¯) = LazyE/BDD/Subset (Cone k, BckR¯) if (fp = undecided) Cone¯ = Simplify (Cone, ¬BckR¯) res = FiniteRun2 (I, T, Cone¯, BckR¯) increase bound while (res = undecided) v Interpolation with partial state sets as don’t care Partitioned cones-images

58 Contribution C: Backward + Interpolation IntegratedMC (I, T, F) set initial values do res = undecided Cone k = Cone k−1 (T) if (SAT(I  (Cone k v BckR¯ ))) return (reachable) fp = CheckFP (Cone k, BckR¯, Cone 0..k−1 ) if (fp = true) return (unreachable) (Cone k, BckR¯) = LazyE/BDD/Subset (Cone k, BckR¯) if (fp = undecided) Cone¯ = Simplify (Cone, ¬BckR¯) res = FiniteRun2 (I, T, Cone¯, BckR¯) increase bound while (res = undecided) v

59  When backward analysis incomplete, do forward interpolants  Use partitioned adequate image  Whenever state sets (complete or subset) are computed, keep them Contribution C: … To Sum up F R - k,bwd Use as don’t care for next steps

60  Home made software on top of CUDD and Minisat  Experiments  With a Dual Core Pentium, 3 GHz, 3 GB  On Model Ckecking Competition Benchmarks plus some ISCAS, VIS and IBM  Results to compare  Standard Interpolant-based Verification (mainly) and others techniques  Presented Algorithm Experimental Results

61 Statistics on Partitioning: Two Examples  1 Iteration on eijkbs3271.blif 37820  10383 11779 7551 6219 4937 3599 2222 1057 357 351 348 351 351 351 351 349 349 348 351 341 346 341 346 12 12 100 3 3 3 3 3 3 3 3 3 3 3 3 5 1 3 3 3 3 3 3 3 3 3 3 3 3 10 96 98 96 98 84 102 99 103 100 100 100 100 100 92 103 100 100 100 92 99 100 334 334 313 313 353 353 1617 9000 (over: 1.794527, peak: 0.311449)  1 Iteration on Industrial_D1 (query19.blif) 106591  14408 13728 13130 12478 11893 11256 9415 8711 6321 5697 4392 3826 2544 125 1 3 346 746 2135 3212 5000 6902 7535 8158 10007 10636 (over: 1.619321, peak: 0.135171)

62 Statistics on Partitioning: Cone Size 11 cones with 300000 nodes

63 Statistics on Partitioning: # Partition In 19 cases we partition the cone in 10 sub-cones

64 Statistics on Partitioning: Over Size In 567 cases all partitions were from 10 to 20% larger than the original cone

65 Statistics on Partitioning: Peak Size In 87 cases the size of the largest partition is 50 - 60% of the original cone

66 Standard Interpolant vs New Algorithm

67 Time limit: 900 seconds

68 Standard Interpolant vs New Algorithm Winning Experiments (below main diagonal)

69 Standard Interpolant vs New Algorithm Easy Benchmarks

70 Standard Interpolant vs New Algorithm 20 Properties not solved before

71 Termination Obtained by Interpolation Model #PI #FF #NodesOriginal MethodNew Method Time [s] Method Bound Time [s] Bound intel_0063453503265195,80ITP9197,729 intel_02435235757106344,47ITP15454,4715 intel_0295595648816- 620,0918 vis.blackjack-inv510339793359,29BDD10110,0211 nusmv.tcas^3.B146169291487,38ITP637,027 vis.coherence^3.E62912142439,24INV10236,711 vis.pm.palu142202347- 390,145 vis.ns3 1 211033598606,45ITP783,757 vis.ns3 2 2110335981004,25ITP7149,927 IndustrialB 1 121903324- 17,0817 IndustrialB 2 121936782- 154,2111 IndustrialB 3 1530915921341,60ITP949,769 IndustrialB 4 184165409- 265,495 IndustrialB 5 184254391- 457,179 IndustrialC 1 21116109891,27BDD1298,1012 IndustrialC 2 673512021950,08ITP1598,5515 IndustrialC 3 963593692- 719,2415 IndustrialD 1 119761075478,90ITP37375,2537 IndustrialD 2 1389721727157,35ITP35378,9135 IndustrialD 5 963556360- 507,2710 IndustrialD 6 9135363485408,67ITP10771,4910

72 Termination Obtained by Interpolation Model #PI #FF #NodesOriginal MethodNew Method Time [s] Method Bound Time [s] Bound intel_0063453503265195,80ITP9197,729 intel_02435235757106344,47ITP15454,4715 intel_0295595648816- 620,0918 vis.blackjack-inv510339793359,29BDD10110,0211 nusmv.tcas^3.B146169291487,38ITP637,027 vis.coherence^3.E62912142439,24INV10236,711 vis.pm.palu142202347- 390,145 vis.ns3 1 211033598606,45ITP783,757 vis.ns3 2 2110335981004,25ITP7149,927 IndustrialB 1 121903324- 17,0817 IndustrialB 2 121936782- 154,2111 IndustrialB 3 1530915921341,60ITP949,769 IndustrialB 4 184165409- 265,495 IndustrialB 5 184254391- 457,179 IndustrialC 1 21116109891,27BDD1298,1012 IndustrialC 2 673512021950,08ITP1598,5515 IndustrialC 3 963593692- 719,2415 IndustrialD 1 119761075478,90ITP37375,2537 IndustrialD 2 1389721727157,35ITP35378,9135 IndustrialD 5 963556360- 507,2710 IndustrialD 6 9135363485408,67ITP10771,4910 Standard Interpolant Inductive Invariant BDD-based Reachability Time limit: 7200 seconds

73 Termination Obtained with Bwd Reached Model #PI #FF #NodesOriginal MethodNew Method Time [s] Method Bound Time [s] Bound vis.vsaR176623211131,25BDD12371,666 vis.pm.am29012613624161764,57CBQ383,402 vis.pm.FPMult1721513471865,51ITP385,492 vis.feistel682966821392,09INV15749,6513 eijk.bs32712630525461391,00ITP17327,3313 eijk.bs6669835064879- 132,045 eijk.bs3384436893069- 532,077 IndustrialA 1 59926571761,86ITP1171,927 IndustrialA 2 3725045211192,51CBQ7517,214 IndustrialA 3 5133312751933,09CBQ8470,078 IndustrialC 4 1053775279- 415,6219 IndustrialC 5 1386081003720,15CBQ6315,636 IndustrialD 3 25884987124,54ITP4525,5567 IndustrialD 4 211163879795,25ITP9103,419

74 Termination Obtained with Bwd Reached Model #PI #FF #NodesOriginal MethodNew Method Time [s] Method Bound Time [s] Bound vis.vsaR176623211131,25BDD12371,666 vis.pm.am29012613624161764,57CBQ383,402 vis.pm.FPMult1721513471865,51ITP385,492 vis.feistel682966821392,09INV15749,6513 eijk.bs32712630525461391,00ITP17327,3313 eijk.bs6669835064879- 132,045 eijk.bs3384436893069- 532,077 IndustrialA 1 59926571761,86ITP1171,927 IndustrialA 2 3725045211192,51CBQ7517,214 IndustrialA 3 5133312751933,09CBQ8470,078 IndustrialC 4 1053775279- 415,6219 IndustrialC 5 1386081003720,15CBQ6315,636 IndustrialD 3 25884987124,54ITP4525,5567 IndustrialD 4 211163879795,25ITP9103,419 Circuit-based Quantification

75  Domain  Unbounded Model Checking  Target  Improve Interpolant Verification  Method  Divide and Conquer (Backward Cone versus Backward State Sets)  Integration of Interpolant and Backward Verification Conclusions

76  More tuning for the partitioning procedure  More understanding of pros and cons of the method  Better experimental setting and results analysis Future Works

77 Thank you !

Download ppt "Trading-off SAT search and Variable Quantifications for effective Unbounded Model Checking G. Cabodi P. Camurati L. Garcia M. Murciano S. Nocco S. Quer."

Similar presentations

Model Checking Base on Interoplation

Model Checking Base on Interoplation
The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.

The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.
Exploiting SAT solvers in unbounded model checking

Exploiting SAT solvers in unbounded model checking
The Synthesis of Cyclic Circuits with SAT and Interpolation By John Backes and Marc Riedel ECE University of Minnesota.

The Synthesis of Cyclic Circuits with SAT and Interpolation By John Backes and Marc Riedel ECE University of Minnesota.
Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.

Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.
Applications of Craig Interpolation to Model Checking K. L. McMillan Cadence Berkeley Labs.

Applications of Craig Interpolation to Model Checking K. L. McMillan Cadence Berkeley Labs.
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Proofs from SAT Solvers Yeting Ge ACSys NYU Nov 20 2007.

Proofs from SAT Solvers Yeting Ge ACSys NYU Nov
Aaron Bradley University of Colorado, Boulder

Aaron Bradley University of Colorado, Boulder
Towards More Efficient SAT-Based Model Checking Joao Marques-Silva Electronics & Computer Science University of Southampton LAA C&V Workshop, Isaac Newton.

Towards More Efficient SAT-Based Model Checking Joao Marques-Silva Electronics & Computer Science University of Southampton LAA C&V Workshop, Isaac Newton.
Reduction of Interpolants for Logic Synthesis John Backes Marc Riedel University of Minnesota Dept.

Reduction of Interpolants for Logic Synthesis John Backes Marc Riedel University of Minnesota Dept.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Proof-based Abstraction Presented by Roman Gershman Ken McMillan, Nina Amla.

Proof-based Abstraction Presented by Roman Gershman Ken McMillan, Nina Amla.
Interpolants [Craig 1957] G(y,z) F(x,y)

Interpolants [Craig 1957] G(y,z) F(x,y)
On-The-Fly Resolve Trace Minimization Ohad Shacham and Karen Yorav IBM Haifa Research Laboratory.

On-The-Fly Resolve Trace Minimization Ohad Shacham and Karen Yorav IBM Haifa Research Laboratory.
1 Linear-time Reductions of Resolution Proofs Omer Bar-Ilan Oded Fuhrmann Shlomo Hoory Ohad Shacham Ofer Strichman Technion.

1 Linear-time Reductions of Resolution Proofs Omer Bar-Ilan Oded Fuhrmann Shlomo Hoory Ohad Shacham Ofer Strichman Technion.
Efficient Reachability Checking using Sequential SAT G. Parthasarathy, M. K. Iyer, K.-T.Cheng, Li. C. Wang Department of ECE University of California –

Efficient Reachability Checking using Sequential SAT G. Parthasarathy, M. K. Iyer, K.-T.Cheng, Li. C. Wang Department of ECE University of California –
Reachability Analysis using AIGs (instead of BDDs?) 290N: The Unknown Component Problem Lecture 23.

Reachability Analysis using AIGs (instead of BDDs?) 290N: The Unknown Component Problem Lecture 23.
Formal Verification Group © Copyright IBM Corporation 2008 IBM Haifa Labs SAT-based unbounded model checking using interpolation Based on a paper “Interpolation.

Formal Verification Group © Copyright IBM Corporation 2008 IBM Haifa Labs SAT-based unbounded model checking using interpolation Based on a paper “Interpolation.
ECE 667 - Synthesis & Verification - L211 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Verification Equivalence checking.

ECE Synthesis & Verification - L211 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Verification Equivalence checking.

Similar presentations

Ads by Google