Presentation is loading. Please wait.

Presentation is loading. Please wait.

To Split or to Conjoin: The Question in Image Computation 1 {mooni, University of Colorado at Boulder 2 Synopsys.

Published byJack Whitehead Modified over 8 years ago

Similar presentations

Presentation on theme: "To Split or to Conjoin: The Question in Image Computation 1 {mooni, University of Colorado at Boulder 2 Synopsys."— Presentation transcript:

1 To Split or to Conjoin: The Question in Image Computation 1 {mooni, fabio}@colorado.edu University of Colorado at Boulder 2 kukula@synopsys.com Synopsys Inc. 3 kravi@cadence.com Cadence Inc. In-Ho Moon 1, James Kukula 2 Kavita Ravi 3, Fabio Somenzi 1

2 2 Outline Introduction Image Computation Methods  Transition Relation Method  Transition Function Method Transition Relation vs. Function Methods Hybrid Image Computation Experimental Results Conclusions

3 3 Introduction Model Checking  The most widely used method in formal verification  Does the system (implementation) satisfy the property (specification)?  State space explosion BDD explosion in symbolic model checking  The explosion occurs mostly in intermediate BDDs during conjunctions in image/preimage computations. Image/Preimage Computations  Finding all successor/predecessor states from the given states at once, respectively  The key steps in symbolic model checking

4 4 Contribution Model Checking Reachability Analysis Image/Preimage Computations BDD Operations Symbolic

5 5 Image Computation Two approaches  Transition Relation Method [ICCAD90, DAC91] Conjunctions  Transition Function Method [IFIP89, ICCAD90] Recursive splitting Transition relation method is superior to transition function method in most cases In some cases, transition function method is more efficient than transition relation method.  Especially, in most cases of approximate reachability analysis.  Questions Why is that? What if we combine the two methods?

6 6 Transition Relation Method Image Computation  Img(T(x,w,y), C(x)) =  x,w. (  T i (x,w,y)  C(x)) Preimage Computation  Pre(T(x,w,y), C(y)) =  y,w. (  T i (x,w,y)  C(y)) Early Quantification   u. ( f(u, v)  g(v) ) = (  u. f(u, v) )  g(v)  Img(T, C) =  v 1. ( T 1  ···   v k. (T k  C)) 1  i  k

7 7 Transition Function Method Image Computation [IFIP89, ICCAD90]  Input Splitting  Output Splitting Preimage Computation  Simultaneous Substitution [CAV91]  Sequential Substitution [PhD92]  Domain Cofactoring [ICCAD98]

8 8 Transition Function Method (Cont’d) Input Splitting  Img(f(x,w), C(x)) = Img(f v, C v ) + Img(f v’, C v’ ) f = (f 1, …, f m ) : function vector v : splitting variable (x or w) Occurs most frequently in the supports [Cho96]  Constant Functions Img((f 1 =1, …, f m ), C) = y 1  Img((f 2, …, f m ), C) Img((f 1 =0, …, f m ), C) = y 1 ’  Img((f 2, …, f m ), C)  Terminal Cases Img(f, 0) = 0 Img(|f|  1, C) = 1 where f is non-constant & C  0 From the implementation point of view, we don’t need y variables in the transition function method.

9 9 Transition Function Method (Cont’d) Domain Cofactoring  Pre(f, C) = v Pre(f v, C) + v’ Pre(f v’, C) v : splitting variable (x)  Constant Functions Pre((f 1 =1, …, f m ), C) = Pre((f 2, …, f m ), C y 1 ) Pre((f 1 =0, …, f m ), C) = Pre((f 2, …, f m ), C y 1 ’ )  Terminal Cases Pre(f, 1) = 1 Pre(f, 0) = 0 Pre(|f|=0, C) = C  Optimization Drop f j if y j  support(C(y))

10 10 Transition Relation vs. Function Methods Transition Relation Methods  Based on conjunction  Needs two sets of state variables  Good : much faster in most cases  Bad : intermediate BDDs may grow very large Transition Function Methods  Based on splitting  Needs one set of state variables  Good : takes much less memory in most cases  Bad : may have too many recursive calls Question : Can we combine the merits of both methods?

11 11 Conjoin Hybrid Image Computation Static Hybrid Dynamic Hybrid Split

12 12 Dependence Matrix  m : the number of functions  n : the number of variables  d ij = 1 : i-th function depends on j-th variable n m = (4+4+3+1) / (4 x 4) = 12 / 16 = 0.75 d1d2d3dmd1d2d3dm Quantify Conjunction From Average Variable Lifetime =  1  j  n (m - i j + 1) m  n

13 13 Examples (32-bit rotator & multiplier) No good quantification schedule Needs splitting Good quantification schedule May be easy for conjunctions

14 14 Example (hw_top & one submachine) Explains why splitting is better than conjunction in approximate reachability.

15 15 To Split or to Conjoin Variable lifetime  Conjoin if  0.5 +   Split otherwise Min/Max decision depth  Min : splitting may help for even small  Max : to avoid too deep recursions  Decide only between min and max depth

16 16 Experimental Results - 1 Time in Reachability Analysis

17 17 Experimental Results - 2 Time in Approximate Reachability Analysis

18 18 Experimental Results - 3 Time in Model Checking  Without Reachability Analysis

19 19 Conclusions We have presented a hybrid image method  Combining the conjunction and splitting approaches  Dynamic decision whether to split or to conjoin based on variable lifetime from the dependence matrix  Much more robust than either pure method The analysis of dependence matrix explains why splitting is better than conjunction in approximate reachability Future Work  Improve decision strategy  Analyze why the results for preimage were not as good as those for image

20 20 Range Computation Converting Image to Range Computation  Img(f, C) = Img(f  C, 1) = Img(f  C)   : constrain operator [CMD89b] Optimization Techniques  Decomposition due to disjoint support Img(f) = Img(f A ) Img(f B ) if support(f A )  support(f B ) = Ø  Identical and complementary components Img((f 1,f 2 )) = y1  y2 iff f 1 = f 2 = y1  y2 iff f 1 = f 2 ’  Identical subproblems Image cache

21 21 To Split or to Conjoin Variable lifetime  Conjoin if  0.5 +   Split otherwise Min/Max decision depth  Min : splitting may help for even small  Max : to avoid too deep recursions  Decide only between min and max depth Other considerations  Keep splitting only with improvement  Conjoin with big

22 22 Optimizations in Hybrid Method Essential Variables  C = e  C where e is a cube  Guarantee BddSize(T  e) < BddSize(T)  Dynamic turning on/off Combining Input and Output Splitting  Input splitting by default  Output splitting only when a function is a cube or the complement of a cube. Converting image to range computation  BddSize(T  C)  BddSize(T)  N  Dynamic turning on/off

23 23 Implementation of Hybrid Method Keeps only Transition Function  Build relations when to switch to conjoin  Overhead on building relations Keeps only Transition Relation  Splitting on transition relation  Cannot use the optimization techniques  Good for non-determinism Keeps both Transition Function and Relation  Splitting on both at the same time  Utilize the optimization techniques  Performs the best in most cases

Download ppt "To Split or to Conjoin: The Question in Image Computation 1 {mooni, University of Colorado at Boulder 2 Synopsys."

Similar presentations

Model Checking Base on Interoplation

Model Checking Base on Interoplation
Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
1 Title Page Implicit and Explicit Reachable State Space Exploration Of Esterel Logical Circuits Advisor :

1 Title Page Implicit and Explicit Reachable State Space Exploration Of Esterel Logical Circuits Advisor :
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.

Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
Hardware and Petri nets Symbolic methods for analysis and verification.

Hardware and Petri nets Symbolic methods for analysis and verification.
Querying Workflow Provenance Susan B. Davidson University of Pennsylvania Joint work with Zhuowei Bao, Xiaocheng Huang and Tova Milo.

Querying Workflow Provenance Susan B. Davidson University of Pennsylvania Joint work with Zhuowei Bao, Xiaocheng Huang and Tova Milo.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
CS357 Lecture: BDD basics David Dill 1. 2 BDDs (Boolean/binary decision diagrams) BDDs are a very successful representation for Boolean functions. A BDD.

CS357 Lecture: BDD basics David Dill 1. 2 BDDs (Boolean/binary decision diagrams) BDDs are a very successful representation for Boolean functions. A BDD.
Hash-Based Indexes The slides for this text are organized into chapters. This lecture covers Chapter 10. Chapter 1: Introduction to Database Systems Chapter.

Hash-Based Indexes The slides for this text are organized into chapters. This lecture covers Chapter 10. Chapter 1: Introduction to Database Systems Chapter.
Database Management Systems 3ed, R. Ramakrishnan and J. Gehrke1 Hash-Based Indexes Chapter 11.

Database Management Systems 3ed, R. Ramakrishnan and J. Gehrke1 Hash-Based Indexes Chapter 11.
Chapter 11 (3 rd Edition) Hash-Based Indexes Xuemin COMP9315: Database Systems Implementation.

Chapter 11 (3 rd Edition) Hash-Based Indexes Xuemin COMP9315: Database Systems Implementation.
ECE 667 - Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.

ECE Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
Syntax-driven partitioning for model-checking of Esterel programs Eric Vecchié - INRIA Aoste.

Syntax-driven partitioning for model-checking of Esterel programs Eric Vecchié - INRIA Aoste.
Reachability Analysis for AMS Verification using Hybrid Support Function and SMT- based Method Honghuang Lin, Peng Li Dept. of ECE, Texas A&M University.

Reachability Analysis for AMS Verification using Hybrid Support Function and SMT- based Method Honghuang Lin, Peng Li Dept. of ECE, Texas A&M University.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)

Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)

Similar presentations

Ads by Google