Presentation is loading. Please wait.

Presentation is loading. Please wait.

Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)"— Presentation transcript:

1 Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)

2 Weizmann Institute  Basic theory of Bounded Model Checking (BMC)  SAT highlights  Tuning SAT checkers for BMC  Results

3 Weizmann Institute The Bounded Model Checking Problem: Safety Given a Safety property p: (e.g. AG p : “always signal_a = signal_b”) Is there a state reachable within k cycles, which satisfies  p ?... s0s0 s1s1 s2s2 s k-1 sksk pp p pp p

4 Weizmann Institute... s0s0 s1s1 s2s2 s k-1 sksk pp pp pp pp Given a Liveness property p: (e.g. AGAF p: “always, eventually signal_a = signal_b”) Is there a loop in the first k cycles, that non of its states satisfy p ? The Bonded Model Checking Problem: Liveness

5 Weizmann Institute The reachable states in k steps are captured by: The property p fails in one of the cycles 1..k: Reducing the BMC problem to SAT (1/3):

6 Weizmann Institute Reducing the BMC problem to SAT (2/3): The safety property p is valid up to cycle k iff  is unsatisfiable:... s0s0 s1s1 s2s2 s k-1 sksk pp p pp p

7 Weizmann Institute Reducing the BMC problem to SAT (3/3): For Liveness properties, add a disjunction of possible loops:... s0s0 s1s1 s2s2 s k-1 sksk pp pp pp pp

8 Weizmann Institute Example : a two bit counter p = AG (  l   r). k = 2 00 01 10 11 For k = 2,  is unsatisfiabe. For k = 4  is satisfiable

9 Weizmann Institute Traditional Symbolic Model-Checking with BDDs The reachable state-space is represented by a BDD The property is evaluated recursively, by iterative fix point computations on the reachable state-space. The size of the BDD is typically the bottle-neck of Model- Checking.

10 Weizmann Institute Why SAT? Smart DFS search - potentially will get faster to a satisfying sequence (counter example) No exponential space - growth “Satisfiability checking is a ‘luck-based technology’”

11 Weizmann Institute The Davis-Putnam procedure Given  in CNF: (x,y,z),(-x,y),(-y,z),(-x,-y,-z) Decide() Deduce() Diagnose()  X XX XX 

12 Weizmann Institute Decide() criteria: On which variable to split? - satisfies the most clauses (DLIS) - satisfies the shortest clause - only positive or negative (‘pure literal rule’) - most frequent : :

13 Weizmann Institute Results (Sec.) * * * = exceeds 10,000 sec.

14 Weizmann Institute Tuning SAT for BMC (1/3) 1. Use the variable dependency graph for smarter orderings. 2. Exploit information on  ’s structure to restrict the state-space. 3. Restrict Decide() to a small set of variables.

15 Weizmann Institute Clashing clouds... I0I0 ~Pk~Pk With general-purpose Decide() strategies, local sets of variables are satisfied a-synchronically

16 Weizmann Institute General-purpose Vs. tailor-made Decide() strategies...  :...  (x = ( y 1  y 2  y 3 )) ... x = T y 1 = F y 2 = F y 3 = T General purpose Back- track x = T y 1 = F y 2 = F y 3 = T Use  ‘s structure to resolve conflicts on a more local level...) Tailor made Back- track

17 Weizmann Institute A k-unfolding of the variable dependency graph

18 Weizmann Institute A head on attack... I0I0 PkPk Riding on unreachable states...  should satisfy I 0 I0I0 Riding on legal executions...  should satisfy  P k PkPk

19 Weizmann Institute A combined heuristic I0I0 PkPk Trigger BFS with

20 Weizmann Institute Given an order, guess a value  Dynamic decision  Constant value  Previous value  ‘Flat’ computation ... x 5 = 0 x 7 = ? x 9 = 0 ‘Flat’ computationPrevious value x 2 = 1 y 7 = 0 z 2 = 0 y 3 = 1 x 2 = 0 y 7 = 0 z 2 = 0 y 3 = 1

21 Weizmann Institute Tuning SAT for BMC (2/3) 1. Use the variable dependency graph for smarter orderings. 2. Exploit information on  ’s structure to restrict the state-space. 3. Restrict Decide() to a small set of variables.

22 Weizmann Institute  ’s structure can be used for adding conflicting clauses. If x 3 =T, y 7 = F, z 5 = T leads to a conflict, then   (  x 3  y 7   z 5 ) is satisfiable iff  is satisfiable. The new clause can be seen as a constraint on the state-space conflicting clauses: Exploiting  ’s structure in AGp formulas

23 Weizmann Institute If x 3 =T, y 7 = F, z 5 = T leads to a conflict, then so will x 2 =T, y 6 = F, z 4 = T Therefore, we can also add: (  x 2  y 6   z 4 )  (  x 1  y 5   z 3 )  (  x 0  y 4   z 2 ) and... (  x 4  y 8   z 6 ) ...  (  x k-4  y k   z k-2 ) Yet,  is not fully symmetric because of I 0. We first have to check, by simulating an assignment, if the replicated clause indeed leads to a conflict. Exploiting  ’s structure in AGp formulas

24 Weizmann Institute Tuning SAT for BMC (3/3) 1. Use the variable dependency graph for smarter orderings. 2. Exploit information on  ’s structure to restrict the state-space. 3. Restrict Decide() to a small set of variables.

25 Weizmann Institute Restricting Decide() Restricting Decide() to a smaller set of variables , that uniquely determines the satisfiability of  :  Model variables (~ 15 % of  ’s variables)  Input variables (~ 5 % of  ’s variables) Less variables to Decide() implies more variables to Deduce()

26 Weizmann Institute Results (Sec.) * * * = exceeds 10,000 sec.

27 Weizmann Institute The Conclusion Many of the (BDD) hard cases can be more efficiently solved with the optimized SAT procedure.

28 Weizmann Institute How big should K be? 1. The Diameter d: for all reachable states s,t, for which t is reachable from s, there exist a path from s to t with at most d-1 intermediate steps. 2. The Recurrence diameter rd: the least number r s.t. at most r consecutive states in a path are different. rd is an upper bound for d, that can be expressed as a propositional formula:

29 Weizmann Institute If is unsatisfiable, then Ifthen k  rd The ‘-diameter’ flag in BMC: And therefor:

30 Weizmann Institute Bounded cone of influence: K v u z y x 0123 u 2 - u 5, z 5, y 4 -y 5 are not used 45

31 Weizmann Institute Bounded cone of influence has Bounded effect: K The portion of variables that B-COI can remove is decreasing when K increases

Download ppt "Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)"

Similar presentations

Model Checking Base on Interoplation

Model Checking Base on Interoplation
Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Exploiting SAT solvers in unbounded model checking

Exploiting SAT solvers in unbounded model checking
Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.

Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Complexity ©D.Moshkovits 1 Where Can We Draw The Line? On the Hardness of Satisfiability Problems.

Complexity ©D.Moshkovits 1 Where Can We Draw The Line? On the Hardness of Satisfiability Problems.
Proofs from SAT Solvers Yeting Ge ACSys NYU Nov 20 2007.

Proofs from SAT Solvers Yeting Ge ACSys NYU Nov
Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View SAT.

Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View SAT.
Heuristics for Efficient SAT Solving As implemented in GRASP, Chaff and GSAT.

Heuristics for Efficient SAT Solving As implemented in GRASP, Chaff and GSAT.
1/30 SAT Solver Changki PSWLAB SAT Solver Daniel Kroening, Ofer Strichman.

1/30 SAT Solver Changki PSWLAB SAT Solver Daniel Kroening, Ofer Strichman.
IBM Labs in Haifa © 2005 IBM Corporation Adaptive Application of SAT Solving Techniques Ohad Shacham and Karen Yorav Presented by Sharon Barner.

IBM Labs in Haifa © 2005 IBM Corporation Adaptive Application of SAT Solving Techniques Ohad Shacham and Karen Yorav Presented by Sharon Barner.
The Theory of NP-Completeness

The Theory of NP-Completeness
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Strichman Carnegie Mellon University.

Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Strichman Carnegie Mellon University.
SAT-based Bounded Model Checking

SAT-based Bounded Model Checking
Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.

Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.
Proof-based Abstraction Presented by Roman Gershman Ken McMillan, Nina Amla.

Proof-based Abstraction Presented by Roman Gershman Ken McMillan, Nina Amla.
Willis Lemasters Grant Conklin. Searching a tree recursively one branch at a time, abandoning any branch which does not satisfy the search constraints.

Willis Lemasters Grant Conklin. Searching a tree recursively one branch at a time, abandoning any branch which does not satisfy the search constraints.
1 Boolean Satisfiability in Electronic Design Automation (EDA ) By Kunal P. Ganeshpure.

1 Boolean Satisfiability in Electronic Design Automation (EDA ) By Kunal P. Ganeshpure.

Similar presentations

Ads by Google