Download presentation
Presentation is loading. Please wait.
Published byElwin Moore Modified over 6 years ago
1
Abstraction and Refinement for Large Scale Model Checking
Chao Wang Department of Electrical and Computer Engineering, University of Colorado at Boulder, Fine-Grain Abstraction Conventional methods: Latch as an “abstraction atom”. Once a latch is in the abstract model, all the gates in its fan in logic cone are also included. However, not all these gates might be necessary. We partition the circuit into cluster of gates and treat each cluster as an “atom”. Only necessary logics/gates are added to the abstract model; abstraction granularity can be adjusted by controlling the cluster size. Introduction A big gap exists between the capacity of the model checkers and the size of the real-world designs. Abstraction and refinement is a technique to bridge this gap. The goal of this thesis is to seek good algorithms based on abstraction and refinement that enable model checking techniques on the industrial-scale designs. Efficient Computation in Abs-Ref In the iterative process, verification result from previous step can be carried to the next To reduce the search space (Zoom-In) To speed up the verification (Strength-Reduction) To decompose the search space (Disjunctively) Global Guidance for Abs-Ref Local guidance: single ACE (abstract counter-example). Might lead to biased / sub-optimal refinement result (to the wrong direction). We use SORs to capture all the shortest ACEs. An example of SORs: Property (AG p) means “p holds on all the reachable states”. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 (1) Current abstraction (2) SORs (synchronous onion rings) !p SORs are the intersection of the forward and backward reachable onion rings. SORs are used for both concretization test and guidance for refinement. As the refinement goes on, the number of abstract edges in the SORs decreases monotonically. Experimental Results Fine-Grain Abstraction: Observe cases where 99% of the fan in cone gates are not necessary for the final proof. (Unnecessarily Including them in the abstract model made even the abstract model intractable.) (2)Global guidance (New): More efficient than local guidance P a safety property of the form (AG p); M an over-approximated abstraction of M. ACEs (Abstract Counter Examples) may or may not be CCE. CCE (Concrete Counter Example) is a real error trace on M. Model-Check( ) symbolic model checking on M+ Concretize-ACEs( ) re-construct the ACEs on M Compute-Refinement( ) --- refine the abstract model Abstraction/Refinement Iterative process to verify “M P”. (i.e., property P holds on model M.) Abstraction-Refinement(M,P) { 1 M+ = Initial-Abstraction(M,P) while (1) { ACEs = Model-Check(M+,P) if (ACEs is empty) return PASS CCE = Concretize-ACEs(M,ACEs) if (CCE not empty) return FAIL M+ = Compute-Refinement ( ) } } (3)Carrying information to the next: Speed up the verification Game Theoretic Refinement We pick refinement variables (latches / gates) by playing a two-player reachability game on M+. Player1 tries to force M+ through the SORs to !p states; Player2 tries to avoid that. They play by controlling invisible variables – variables abstracted away from M+. Both edges are spurious; f and g are invisible. Should refine with “g” instead of “f” ! Why? Because if player2 control g ( assign g=1), Play1 can not go through these edges. 3 4 1 Add g to abs. model Play2 control g Add f to abs. model Play2 control f What “Good” Means? Higher abstraction efficiency! Maximum efficiency depends on the locality of the property P on M. The job of Abs-Ref is to exploit this locality as much as possible. A good algorithm can efficiently come close to or even reach the maximum abstraction efficiency. Conclusion With the help of the proposed research (fine-grain abstraction, refinement under global guidance, and efficient computation in Abs-Ref), model checking techniques can be used on otherwise intractable industrial-scale circuits (e.g. with latches).
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.