Presentation is loading. Please wait.

Presentation is loading. Please wait.

*Carnegie Mellon University † IBM Exploiting Positive Equality in a Logic of Equality with Uninterpreted Functions Exploiting Positive Equality in a Logic.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "*Carnegie Mellon University † IBM Exploiting Positive Equality in a Logic of Equality with Uninterpreted Functions Exploiting Positive Equality in a Logic."— Presentation transcript:

1 *Carnegie Mellon University † IBM Exploiting Positive Equality in a Logic of Equality with Uninterpreted Functions Exploiting Positive Equality in a Logic of Equality with Uninterpreted Functions http://www.cs.cmu.edu/~bryant Randal E. Bryant* Steven German † Miroslav Velev*

2 – 2 – Outline Application Domain Verify correctness of a pipelined processor Based on Burch-Dill correspondence checking Burch & Dill CAV ‘94 Verification Task Abstracted representation of data manipulation Must decide validity of formula in logic of Equality with Uninterpreted Functions (EUF) New Contribution Exploit properties of formulas to reduce verification complexity Significant performance improvement when modeling microprocessor operation

3 – 3 – Reg. File IF/ID Instr Mem +4 PC ID/EX ALUALU EX/WB = = Rd Ra Rb Imm Op Adat Control Bdat Microprocessor Modeling Simplified RISC pipeline Described at RTL level Words viewed as bit vectors Bit-level functionality

4 – 4 – Abstracting Data View Data as Symbolic “Terms” No particular properties or operations Except for equations: x = y Can store in memories & registers Can select with multiplexors ITE: If-Then-Else operation x0x0 x1x1 x2x2 x n-1 x  TFTF x y p ITE(p, x, y) TFTF x y T x TFTF x y F y

5 – 5 – Abstraction Via Uninterpreted Functions For any Block that Transforms or Evaluates Data: Replace with generic, unspecified function Assume functional consistency x = y  f(x) = f(y) Reg. File IF/ID Instr Mem +4 PC ID/EX ALUALU EX/WB = = Rd Ra Rb Imm Op Adat Control F1F1 F2F2 F3F3

6 – 6 – Decision Problem Logic of Equality with Uninterpreted Functions (EUF) Domain Values Solid lines Uninterpreted functions If-Then-Else operation Truth Values Dashed Lines Uninterpreted predicates Logical connectives EquationsTask Determine whether formula is universally valid True for all interpretations of variables and function symbols

7 – 7 – Some History Ackermann, 1954 Quantifier-free decision problem can be decided based on finite instantiations Automatic Theorem Proving Tradition of using uninterpreted functions when modeling hardware E.g., Warren Hunt, 1985 Burch & Dill, CAV ‘94 Automatic decision procedure »Davis-Putnam enumeration »Congruence closure to enforce functional consistency Verified single-issue DLX »Simple 5-stage RISC pipeline Becomes less effective for more complex processors »Burch, DAC ‘96 & FMCAD ‘96

8 – 8 – Previous Attempts to Use BDDs Hojati, et al., IWLS ‘97 Generate binary encodings of limited-range integer variables Hit exponential blow-up Goel, et al., CAV ‘98 Encode equality relation among variables as propositional variables Results not compelling Velev & Bryant, FMCAD ‘98 Work with modified RTL model Replace memory & function blocks with special behavioral blocks Exponential blow-up for processor with branch or load/store instructions

9 – 9 – Why Did BDDs Fail? Result of Load instruction used in address computation Similar effect for branch instruction Impossible to have good BDD variable ordering Variables encoding addresses must precede those encoding data Leads to circular constraints on ordering Data Memory Address Data Address Data Pipeline Logic

10 – 10 – Decision Problem Example #1 h xy =  =  g g g h

11 – 11 – EUF Syntax Logic of Equality with Uninterpreted FunctionsTerms ITE(F, T 1, T 2 ) If-then-else f (T 1, …, T k ) Function applicationFormulas  F, F 1  F 2, F 1  F 2 Boolean connectives T 1 = T 2 Equation p (T 1, …, T k ) Predicate application Special Cases v Domain variable (order-0 function) a Propositional variable (order-0 predicate)

12 – 12 – PEUF Syntax Logic of Positive Equality with Uninterpreted Functions Formulas (General)  F, F 1  F 2, F 1  F 2 GT 1 = GT 2 p (PT 1, …, PT k ) P-Formulas (Special) F PF 1  PF 2, PF 1  PF 2 PT 1 = PT 2 Key Properties P-formulas cannot be negated & cannot control ITEs P-terms only used as funct. args. and in positive equations Applications of p-function symbols occur only in p-terms G-Terms (General) ITE(F, GT 1, GT 2 ) f g (PT 1, …, PT k ) P-Terms (Special) GT ITE(F, PT 1, PT 2 ) f p (PT 1, …, PT k )

13 – 13 – Analyzing Example #1 h xy =  =  g g g h P-Function Symbols g, h G-Function Symbols Appear in negated equation x, y G-terms P-terms P-formulas Formulas

14 – 14 – Example #2 h xy = = g g g h T F

15 – 15 – Analyzing Example #2 ITE control must be formula “Interesting” things happen when false G-terms P-terms P-formula Formula h xy = = g g g h T F

16 – 16 – Maximally Diverse Interpretations P-Function Symbols Equal results only for equal arguments G-Function Symbols Potentially yield equal results for unequal argumentsProperty Formula valid only if true under all maximally diverse interpretations h xy =  =  g g g h TermsEqual? xy Potentially g (x)g (y) Only if x = y g (x)y No g (g (x))g (y) No g (g (x))g (x) No

17 – 17 – Justification of Maximal Diversity Property h xy =  =  g g g h Create Worst Case for Validity Falsify positive equation Create Worst Case for Validity Falsify positive equation Function applications yield distinct results Create Worst Case for Validity Falsify positive equation Function applications yield distinct results Function arguments distinct Key Argument For every interpretation I, there is a maximally diverse interpretation I such that I [ F ]  I [ F ]

18 – 18 – Equations in Processor Verification Data TypesEquations Register IdsControl stalling & forwarding + Addresses for register file Instruction AddressOnly top-level verification condition Program DataOnly top-level verification condition Reg. File IF/ID Instr Mem +4 PC ID/EX ALUALU EX/WB = = Rd Ra Rb Imm Op Adat Control

19 – 19 – Modeling Memories Conventional Expansion of Memory Operations Effects of writes represented as nested ITEs Initial memory state represented by uninterpreted function f M Write( a 1, d 1 ); Write( a 2, d 2 ); Write( a 3, d 3 ); Read( a ) T F f M = d 3 d 2 d 1 == a 1 a 2 a 3 T F T F aProblem Equations over addresses control ITEs Addresses must be g-terms OK for register file, but not for data memory

20 – 20 – Data Memory Modeling Generic State Machine Memory state represented as term Initial state given by variable v M Write operation causes arbitrary state change Uninterpreted function f u Read operation function of address & state Uninterpreted function f r Memory State fufu frfr Raddr Waddr Wdata Rdata Read Write

21 – 21 – Data Memory Modeling (Cont.) No equations over addresses! Can keep as p-termsLimitations Does not capture full semantics of memory Only works when processor preserves program order for: Writes relative to each other Reads relative to writes f u d 3 d 2 d 1 a 1 a 2 a 3 a f u f u f r v M Write( a 1, d 1 ); Write( a 2, d 2 ); Write( a 3, d 3 ); Read( a )

22 – 22 – Function Symbols in Processor Verification G-Function Symbols Register Ids 20--25% of function applications P-Function Symbols Program data Data & instruction addresses Opcodes 75--80% of function applicationsEffect Breaks dependency loop that caused exponential blow-up

23 – 23 – Decision Procedure Steps Eliminate function applications Assign limited ranges to domain variables Encode domain variables as bit vectors Translate into propositional logic h xy =  =  h g g g

24 – 24 – fff x1x1 x2x2 x3x3 vf 1 vf 2 TFTF = = = TFTF vf 3 TFTF Eliminating Function Applications Replacing Application Introduce new domain variable Nested ITE structure maintains functional consistency

25 – 25 – Exploiting Positive Equality Property P-function symbol f Introduce variables vf 1, …, vf n during elimination Consider only diverse interpretations for variables vf 1, …, vf n vf i  v for any other variable vExample Assuming vf 1  vf 2 : x1x1 x2x2 vf 1 vf 2 TFTF = = iff x 1 =x 2

26 – 26 – ff vf 1 vf 2 Compare: Ackermann’s Method Replacing Application Introduce new domain variable Enforce functional consistency by global constraints Unclear how to generate diverse interpretations x1x1 x2x2 F ==   

27 – 27 – h xy =  =  h g g g Eliminating Function Symbol g

28 – 28 – Eliminate Function Symbol h Final Form Only domain and propositional variables

29 – 29 – Instantiating Variables Can assign fixed interpretations to variables arising from eliminating p-function applications Need to consider only two different cases y = 0 vs. y = 1 x y vg 1 vg 2 vg 3 vh 1 vh 2 {2}{3}{4}{5}{6} {0} {0,1}

30 – 30 – Evaluating Formula Actual implementation uses BDD evaluation = = x y vg 1 vg 2 vg 3 vh 1 vh 2 = = =  =   T F T F T F T F {0} {0,1} {2}{3}{4}{5}{6} y=0 F F 4 4 ITE(y=0,2,3) 2 T y=0 5 ITE(y=0,5,6) y=0 y0y0 T

31 – 31 – Pnueli, et al., CAV ‘99 Similarities Examine structure of equations Whether used in positive or negative form Exploit structure to limit variable domains Differences in Their Approach Examine equation structure after function applications eliminated Use Ackermann’s method to eliminate function applications

32 – 32 – Ackermann’s Method Example Many more equations 2  8 P-formula / P-term structure destroyed h xy =  =  g g g h 

33 – 33 – Comparison to Pnueli, et al. Relative Advantage of Their Method Better at exploiting equation structure among g-terms Worse at exploiting structure among p-terms

34 – 34 – Experimental Results Verify Modified RTL Circuits Replace memories, latches, and function blocks by special functional models. Bryant & Velev, FMCAD ‘98 Small modification to generate fixed bit patterns for p- function block Simplified MIPS Processor Reg-Reg, and Reg-Immediate only Before:48 s / 7 MBAfter:6 s / 2 MB RR, RI + Load/Store Before:Space-Out After:12 s / 1.8 MB RR, RI, L/S, Branch Before:Space-Out After:169 s / 7.5 MB

35 – 35 – Conclusion Exploiting Positive Equality Greatly reduces number of interpretations to consider Our function elimination scheme provides encoding mechanism Enables verification of complete processor using BDDs Ongoing Work New implementation using pure term-level models Velev & Bryant, CHARME ‘99 Single-issue DLX now takes 0.15 s. Dual-issue DLX takes 35 s.

Download ppt "*Carnegie Mellon University † IBM Exploiting Positive Equality in a Logic of Equality with Uninterpreted Functions Exploiting Positive Equality in a Logic."

Similar presentations

Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.

Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀

SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀
Architecture-dependent optimizations Functional units, delay slots and dependency analysis.

Architecture-dependent optimizations Functional units, delay slots and dependency analysis.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
SYMBOLIC MODEL CHECKING: 10 20 STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.

SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.
Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.

Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.
6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.

6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.
Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.

Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.
Carnegie Mellon University Formal Verification Using Infinite-State Models Formal Verification Using Infinite-State Models

Carnegie Mellon University Formal Verification Using Infinite-State Models Formal Verification Using Infinite-State Models
1 RISC Pipeline Han Wang CS3410, Spring 2010 Computer Science Cornell University See: P&H Chapter 4.6.

1 RISC Pipeline Han Wang CS3410, Spring 2010 Computer Science Cornell University See: P&H Chapter 4.6.
Class Presentation on Binary Moment Diagrams by Krishna Chillara Base Paper: “Verification of Arithmetic Circuits using Binary Moment Diagrams” by.

Class Presentation on Binary Moment Diagrams by Krishna Chillara Base Paper: “Verification of Arithmetic Circuits using Binary Moment Diagrams” by.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
Carnegie Mellon University Boolean Satisfiability with Transitivity Constraints Boolean Satisfiability with Transitivity Constraints

Carnegie Mellon University Boolean Satisfiability with Transitivity Constraints Boolean Satisfiability with Transitivity Constraints
Carnegie Mellon University Decision Procedures Customized for Formal Verification Decision Procedures Customized for Formal Verification

Carnegie Mellon University Decision Procedures Customized for Formal Verification Decision Procedures Customized for Formal Verification
Equivalence Checking Using Cuts and Heaps Andreas Kuehlmann Florian Krohm IBM Thomas J. Watson Research Center Presented by: Zhenghua Qi.

Equivalence Checking Using Cuts and Heaps Andreas Kuehlmann Florian Krohm IBM Thomas J. Watson Research Center Presented by: Zhenghua Qi.
1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.

1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.
Ofer Strichman, Technion 1 Decision Procedures in First Order Logic Part III – Decision Procedures for Equality Logic and Uninterpreted Functions.

Ofer Strichman, Technion 1 Decision Procedures in First Order Logic Part III – Decision Procedures for Equality Logic and Uninterpreted Functions.
1 Deciding separation formulas with SAT Ofer Strichman Sanjit A. Seshia Randal E. Bryant School of Computer Science, Carnegie Mellon University.

1 Deciding separation formulas with SAT Ofer Strichman Sanjit A. Seshia Randal E. Bryant School of Computer Science, Carnegie Mellon University.
SAT-Based Decision Procedures for Subsets of First-Order Logic

SAT-Based Decision Procedures for Subsets of First-Order Logic
Sanjit A. Seshia and Randal E. Bryant Computer Science Department

Sanjit A. Seshia and Randal E. Bryant Computer Science Department

Similar presentations

Ads by Google