© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University

© Anvesh Komuravelli IC3/PDR (

© Anvesh Komuravelli IC3/PDR (

© Anvesh Komuravelli IC3/PDR (

© Anvesh Komuravelli IC3/PDR Strengthen P ! reachable states

© Anvesh Komuravelli IC3/PDR BMC + Interpolation (McMillan ‘03) k-reachable? (k-1) k-reachable? (k-1) … If abstract counterexample found, start all over again with a bigger k Many improvements followed Approximate Forward-Reachability!

© Anvesh Komuravelli IC3/PDR Forward-Reachability in a nutshell Initial States Over-approximations Also, w.l.o.g., assume that : No counterexample of length (k-1) from F n No counterexample of length (k-1)+1 from F n-1 … No counterexample of length (k-1) from F n No counterexample of length (k-1)+1 from F n-1 …

© Anvesh Komuravelli IC3/PDR Formalizing BMC + Interpolation RuleConditionTransition Init − Unfold Refine Unsafe return UNSAFE Safe return SAFE Abstract Transition System

© Anvesh Komuravelli IC3/PDR Formalizing BMC + Interpolation RuleConditionTransition Init − Unfold Refine Unsafe return UNSAFE Safe return SAFE Abstract Transition System State triple

© Anvesh Komuravelli IC3/PDR Formalizing BMC + Interpolation RuleConditionTransition Init − Unfold Refine Unsafe return UNSAFE Safe return SAFE Downsides Blow-up in SAT formula size as k gets big Resolution proof of UNSAT is non-trivial to obtain Abstract Transition System

© Anvesh Komuravelli IC3/PDR … ? ? A different search strategy Let us restrict to 1-reachable queries

© Anvesh Komuravelli IC3/PDR ? … A different search strategy Let us restrict to 1-reachable queries

© Anvesh Komuravelli IC3/PDR A different search strategy Let us restrict to 1-reachable queries …

© Anvesh Komuravelli IC3/PDR A different search strategy Let us restrict to 1-reachable queries

© Anvesh Komuravelli IC3/PDR Formalizing the new search strategy RuleConditionTransition Init − Unfold Candidate Decide Conflict Unsafe return UNSAFE Safe return SAFE

© Anvesh Komuravelli IC3/PDR Formalizing the new search strategy RuleConditionTransition Init − Unfold Candidate Decide Conflict Unsafe return UNSAFE Safe return SAFE Checks k-reachability by explicit state backward search !

© Anvesh Komuravelli IC3/PDR CDCL – Local Interpolants Given Find Use algorithms to minimize cores (MUS)

© Anvesh Komuravelli IC3/PDR … CDCL – Local Interpolants Given Find t

© Anvesh Komuravelli IC3/PDR … Strengthen F i+1 CDCL – Local Interpolants Given Find

© Anvesh Komuravelli IC3/PDR … Strengthen F i+1 CDCL – Local Interpolants Hence,

© Anvesh Komuravelli IC3/PDR … Strengthen F i CDCL – Local Interpolants Hence,

© Anvesh Komuravelli IC3/PDR RuleConditionTransition Init − Unfold Candidate Decide Conflict Unsafe return UNSAFE Safe return SAFE Formalizing the new search strategy

© Anvesh Komuravelli IC3/PDR … Forward Propagation t is bad for F i+2 as well! Can we reuse φ? t

© Anvesh Komuravelli IC3/PDR Forward Inductive Propagation Given Find

© Anvesh Komuravelli IC3/PDR Forward Inductive Propagation Given Find unsat

© Anvesh Komuravelli IC3/PDR Forward Inductive Propagation Given Find unsat

© Anvesh Komuravelli IC3/PDR RuleConditionTransition Init − Unfold Candidate Decide Conflict Induction Unsafe return UNSAFE Safe return SAFE Formalizing the new search strategy

© Anvesh Komuravelli IC3/PDR … Forward Propagation Block φ or s at F i+2, F i+3, …

© Anvesh Komuravelli IC3/PDR … Long Counterexamples! k m … Block φ or s at F i+2, F i+3, …

© Anvesh Komuravelli IC3/PDR RuleConditionTransition Init − Unfold Candidate Decide Conflict Induction Unsafe return UNSAFE Safe return SAFE Formalizing the new search strategy

© Anvesh Komuravelli IC3/PDR cube Generalizing Predecessors Given Find

© Anvesh Komuravelli IC3/PDR cube Generalizing Predecessors Given Find cube

© Anvesh Komuravelli IC3/PDR Generalizing Predecessors Given Find T T − − − … − − − − − − … − − − Ternary Simulation …

© Anvesh Komuravelli IC3/PDR … ? Generalizing Predecessors

© Anvesh Komuravelli IC3/PDR … ? Generalizing Predecessors

© Anvesh Komuravelli IC3/PDR … … Generalizing Predecessors

© Anvesh Komuravelli IC3/PDR RuleConditionTransition Init − Unfold Candidate Decide Conflict Induction Unsafe return UNSAFE Safe return SAFE Formalizing the new search strategy

© Anvesh Komuravelli IC3/PDR RuleConditionTransition Init − Unfold Candidate Decide Conflict Induction Unsafe return UNSAFE Safe return SAFE IC3/PDR !

© Anvesh Komuravelli IC3/PDR To summarize… 1-step reachability queries Generalizing Predecessors Local Interpolants Forward Inductive Propagation Reusing Counterexamples 1-step reachability queries Generalizing Predecessors Local Interpolants Forward Inductive Propagation Reusing Counterexamples F i is in CNF

© Anvesh Komuravelli IC3/PDR To summarize… Competitive with variants of McMillan’s Interpolation 3 rd place in HWMCC’10 – competing with well-established tools Well received by hardware industry Implemented in Berkeley’s ABC tool Extensions to progress and CTL properties Extensions to LRA – implemented in Z3 Competitive with variants of McMillan’s Interpolation 3 rd place in HWMCC’10 – competing with well-established tools Well received by hardware industry Implemented in Berkeley’s ABC tool Extensions to progress and CTL properties Extensions to LRA – implemented in Z3

© Anvesh Komuravelli IC3/PDR F i is in CNF Efficient Implementation of IC3/PDR SAT Context C …

© Anvesh Komuravelli IC3/PDR Decide/Conflict Rules Assumptions A YN Ternary Simulation

© Anvesh Komuravelli IC3/PDR least j ≥ i such that If none, add to F ∞ MUS extraction to get Conflict Rule ✗ Additionally, pushing the clause to higher levels

© Anvesh Komuravelli IC3/PDR Induction Rule Similar to Conflict Rule, with repeated checks!

© Anvesh Komuravelli IC3/PDR Extending to First-order Theories can do some theory-generalization can do some theory-generalization Local Interpolants ? LRA : Linear combination of literals (Hoder and Bjorner, 2012) ∞ state ∞ state Generalizing Predecessors

© Anvesh Komuravelli IC3/PDR References 1.SAT-Based Model Checking without Unrolling, Bradley, VMCAI 2011 2.Efficient Implementation of Property Directed Reachability, Een, Mishchenko and Brayton, FMCAD 2011 3.An Incremental Approach to checking Progress Properties, Bradley et al., FMCAD 2011 4.Understanding IC3, Bradley, SAT 2012 5.Generalized Property Directed Reachability, Hoder and Bjorner, SAT 2012 6.Incremental, Inductive CTL Model Checking, Hassan et al., CAV 2012 1.SAT-Based Model Checking without Unrolling, Bradley, VMCAI 2011 2.Efficient Implementation of Property Directed Reachability, Een, Mishchenko and Brayton, FMCAD 2011 3.An Incremental Approach to checking Progress Properties, Bradley et al., FMCAD 2011 4.Understanding IC3, Bradley, SAT 2012 5.Generalized Property Directed Reachability, Hoder and Bjorner, SAT 2012 6.Incremental, Inductive CTL Model Checking, Hassan et al., CAV 2012

