Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient Implementation of Property Directed Reachability Niklas Een, Alan Mishchenko, Robert Brayton.

Published byMarco Pegg Modified over 9 years ago

Similar presentations

Presentation on theme: "Efficient Implementation of Property Directed Reachability Niklas Een, Alan Mishchenko, Robert Brayton."— Presentation transcript:

1 Efficient Implementation of Property Directed Reachability Niklas Een, Alan Mishchenko, Robert Brayton

2 6/5/2011Page 2/16IWLS 2011 — UC San Diego, California, USA What is PDR?  PDR (aka IC3) is a new model checking algorithm.  Published by Aaron Bradley on arXiv after being rejected at CAV 2010.  Won third place in HWMCC’10  Can be viewed as approximate reachability.  Relations to interpolation based model checking: − No proof-logging needed − Never have to start over − Simpler implementation (my opinion) − Faster, stronger, better?

3 6/5/2011Page 3/16IWLS 2011 — UC San Diego, California, USA What is our contributition?  Confirm Aaron’s results  Simplify the procedure − No special base case − Simpler cube generalization  Achieve a substantial speedup − Ternary simulation  Detailed pseudo-code

4 6/5/2011Page 4/16IWLS 2011 — UC San Diego, California, USA Verification Model Design/FSM is given as a netlist containing: − AND gates − PIs − Flip-flops with complemented edges, a single output for the (safety) property and some definition of the initial states.

5 6/5/2011Page 5/16IWLS 2011 — UC San Diego, California, USA How it works  Reasons on conjunctions of state variables (cubes)  Proves cubes to be unreachable within k steps  Maintains a trace of all such facts  Properties of the trace: 1. F 0 = ¬ Init 2. F 1 ⊇ F 2 ⊇... ⊇ F N (as sets of cubes) 3.img( ¬ F i ) ⊆ ¬ F i+1 ( ¬ F i = potentially reachable states) 4.F i ⊇ Bad (except for the last frame) Init Bad Init Bad Init Bad Init Bad Init Bad Init Bad F0F0 F1F1 F2F2 F3F3 F4F4 F5F5

6 6/5/2011Page 6/16IWLS 2011 — UC San Diego, California, USA How it works (cont.)  Two phases: − recursively block a point in Bad in the last frame − propagate cubes learned during this process forward Init Bad Init Bad Init Bad Init Bad F0F0 F1F1 F2F2 F3F3 Recursively block Bad Propagate cubes forward Terminates when F i =F i+1

7 6/5/2011Page 7/16IWLS 2011 — UC San Diego, California, USA Stepping through PDR Init Bad Init Bad SAT? Find a bad state (SAT) Enlarge it (ternary sim.) Pre-image blocked? (SAT) Yes! Generalize cube (many SAT) No more bad states  add frame

8 6/5/2011Page 8/16IWLS 2011 — UC San Diego, California, USA Stepping through PDR Init Bad Init Bad Init Bad SAT? 1. Find a bad state (SAT) 2. Enlarge it (ternary sim.) 3. Pre-image blocked? (SAT) 4a. Yes! Generalize cube (many SAT) 4b. No? Get point from SAT model 1. Find a bad state (SAT) 2. Enlarge it (ternary sim.) 3. Pre-image blocked? (SAT) 4a. Yes! Generalize cube (many SAT) 4b. No? Get point from SAT model Is the cube blocked in the new frame? (propagation) SAT? resuming work on this cube No more bad states  add frame (and propagate) no

9 6/5/2011Page 9/16IWLS 2011 — UC San Diego, California, USA The Basic SAT query of PDR  Query: Is the pre-image of a cube s’ blocked by F k ? − SAT?[ ¬ F k ∧ T ∧ s’] … CombinationalLogic s0s0 s1s1 s2s2 s3s3 s n-1 snsn s’ 0 s’ 1 s’ 2 s’ 3 s’ n-1 s’ n x0x0 x1x1 xmxm Bad Example: s’ = (s’ 1 ∧ ¬ s’ 3 ∧ s’ n ) Blocked cubes ”F k ” are added to the SAT-solver in terms of these state variables FkFk s’ 0 s’ 1 =1 s’ 2 s’ 3 =0 s’ n-1 s’ n =1

10 6/5/2011Page 10/16IWLS 2011 — UC San Diego, California, USA Ternary Simulation  Query: Is the pre-image of a cube s blocked? − If no, the SAT-solver returns a model … CombinationalLogic s 0 = 0 s 1 = 1 s 2 = 1 s 3 = 0 s n-1 =1 s n = 0 s’ 0 s’ 1 =1 s’ 2 s’ 3 =0 s’ n-1 s’ n =1 x 0 = 1 x 1 = 0 x m = 1 Bad Example: s’ = (s’ 1 ∧ ¬ s’ 3 ∧ s’ n ) FkFk X X X X X X X X X X X X X X X New proof-obligation: s = (s 2 ∧ ¬ s 3 ∧ ¬ s n )

11 6/5/2011Page 11/16IWLS 2011 — UC San Diego, California, USA The Improved SAT query of PDR  Query: Is the pre-image of a cube s blocked by either F k or s itself? SAT?[ ¬ F k ∧ ¬ s ∧ T ∧ s’] Init Bad Init Bad Init Bad Init Bad F0F0 F1F1 F2F2 F3F3 ss’ SAT?

12 6/5/2011Page 12/16IWLS 2011 — UC San Diego, California, USA Delta Encoding of Trace Init Bad Init Bad Init Bad Init Bad Init Bad Init Bad Init Bad Init Bad Init Bad Init Bad Init Bad Init Bad F0F0 F1F1 F2F2 F3F3 F4F4 F5F5 In the implementation, cubes are only stored in the last frame where they hold.

13 Demo Running PDR on some industrial benchmarks

14 6/5/2011Page 14/16IWLS 2011 — UC San Diego, California, USA Experimental Results on IBM Benchmarks

15 6/5/2011Page 15/16IWLS 2011 — UC San Diego, California, USA Notes on Implementation  PDR can sometimes find very deep counterexamples.  Recursive blocking takes about 80% of the runtime, propagation 20%.  Most of the time in recursive blocking is spent on cube generalization.  Using activation literals or proof-logging reduces cube generalization significantly.  PDR can be implemented using one or many SAT-instances.  When using one instance, it is natural to add F . − Can be used by other engines. − Can be explicitly strengthend by mutual induction test.  Upon creation, derived cubed are placed in the last frame where they hold.

16 6/5/2011Page 16/16IWLS 2011 — UC San Diego, California, USA Concluding Remarks on PDR  Derives interpolants in terms of state cubes. − Because domain so simple: can optimize efficiently − Subsumption and termination becomes syntactic checks  Reasons locally (over one transition only). − Enhances abstraction − Improves chances of finding an inductive invariant.  Never starts over. − Extends the current knowledge at F k as needed.  Very memory efficient.  This is only the beginning...

Download ppt "Efficient Implementation of Property Directed Reachability Niklas Een, Alan Mishchenko, Robert Brayton."

Similar presentations

Basics of Recursion Programming with Recursion

Basics of Recursion Programming with Recursion
Program Analysis using Random Interpretation Sumit Gulwani UC-Berkeley March 2005.

Program Analysis using Random Interpretation Sumit Gulwani UC-Berkeley March 2005.
The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.

The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.
Exploiting SAT solvers in unbounded model checking

Exploiting SAT solvers in unbounded model checking
Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.

Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Addition Facts 1 - 20.

Addition Facts
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
Dr. Alexandra I. Cristea CS 319: Theory of Databases.

Dr. Alexandra I. Cristea CS 319: Theory of Databases.
Dr. Alexandra I. Cristea CS 319: Theory of Databases: C3.

Dr. Alexandra I. Cristea CS 319: Theory of Databases: C3.
Chapter #8: Finite State Machine Design 8

Chapter #8: Finite State Machine Design 8
PRATYAY MUKHERJEE Aarhus University Joint work with

PRATYAY MUKHERJEE Aarhus University Joint work with
Recording Synthesis History for Sequential Verification Robert Brayton Alan Mishchenko UC Berkeley.

Recording Synthesis History for Sequential Verification Robert Brayton Alan Mishchenko UC Berkeley.
Structures. Procedural (Imperative) Languages Procedural languages work on the basis of explicitly telling the computer ‘how to do something’; by using.

Structures. Procedural (Imperative) Languages Procedural languages work on the basis of explicitly telling the computer ‘how to do something’; by using.
Yakir Vizel 1,2 and Orna Grumberg 1 1.Computer Science Department, The Technion, Haifa, Israel. 2.Architecture, System Level and Validation Solutions,

Yakir Vizel 1,2 and Orna Grumberg 1 1.Computer Science Department, The Technion, Haifa, Israel. 2.Architecture, System Level and Validation Solutions,
A Survey of Runtime Verification Jonathan Amir 2004.

A Survey of Runtime Verification Jonathan Amir 2004.
Delta-Oriented Testing for Finite State Machines

Delta-Oriented Testing for Finite State Machines
FRAIGs - A Unifying Representation for Logic Synthesis and Verification - Alan Mishchenko, Satrajit Chatterjee, Roland Jiang, Robert Brayton ERL Technical.

FRAIGs - A Unifying Representation for Logic Synthesis and Verification - Alan Mishchenko, Satrajit Chatterjee, Roland Jiang, Robert Brayton ERL Technical.
Aaron Bradley University of Colorado, Boulder

Aaron Bradley University of Colorado, Boulder
© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University.

© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University.

Similar presentations

Ads by Google