Presentation is loading. Please wait.

Presentation is loading. Please wait.

Property Directed Reachability with Word-Level Abstraction

Published byArthur SΓ‘ Castilho Modified over 5 years ago

Similar presentations

Presentation on theme: "Property Directed Reachability with Word-Level Abstraction"β€” Presentation transcript:

1 Property Directed Reachability with Word-Level Abstraction
Yen-Sheng Ho, Alan Mishchenko, Robert Brayton

2 Word-Level Model Checking
Finite State Machine (𝑀) Given a word-level (WL) circuit M (e.g., RTL Verilog) and a safety property p, Does p hold for all reachable states in M? π‘€βŠ¨π† 𝑝 ? FMCAD 2017 PDR-WLA

3 Unbounded Model Checking
We expect either a counterexample (CEX) or an inductive invariant proving the property. A CEX is a sequence of PI assignments that drives the model from an initial state into a bad state. An inductive invariant (Inv) proving the property p satisfies πΌπ‘›π‘–π‘‘βŸΉπΌπ‘›π‘£ πΌπ‘›π‘£βˆ§π‘‡ ⟹ 𝐼𝑛𝑣 β€² 𝐼𝑛𝑣 βŸΉπ‘ FMCAD 2017 PDR-WLA

4 Property Directed Reachability (PDR)
Property Directed Reachability (PDR) [1][2] is the state- of-the-art algorithm for unbounded model checking An important artifact: PDR trace A PDR trace is a list of functions ( 𝑅 0 , 𝑅 1 , …, 𝑅 𝑁 ) Each 𝑅 𝑗 over-approximates the set of states reachable from the initial states within j steps A PDR trace satisfies 𝑅 0 =𝐼𝑛𝑖𝑑 𝑅 𝑗 ⟹ 𝑅 𝑗+1 𝑅 𝑗 βˆ§π‘‡ ⟹ 𝑅 𝑗+1 𝑅 𝑗 βŸΉπ‘ƒ Transition: PDR can be viewed as a procedure that keeps refining the trace until it finds CEX or invariant. Mention: this is a secret ingredient [1] A. Bradley. Sat-based model checking without unrolling. VMCAI 2011 [2] N. Een et al. Efficient implementation of property directed reachability. FMCAD 2011 FMCAD 2017 PDR-WLA

5 Property Directed Reachability (PDR)
Initialize PDR trace Open a new frame Recursively block cubes Propagate blocked cubes CEX? Invariant? No No Transition: PDR is considered the best UMC solver. Yes Yes Falsified Proved FMCAD 2017 PDR-WLA

6 PDR Example The state transition graph of an FSM FMCAD 2017 PDR-WLA

7 PDR Example 𝑅 0 π‘˜=0 𝑅 0 𝑅 1 π‘˜=1 FMCAD 2017 PDR-WLA

8 PDR Example 𝑅 0 π‘˜=0 𝑅 0 𝑅 1 π‘˜=1 𝑅 0 𝑅 1 𝑅 2 π‘˜=2 FMCAD 2017 PDR-WLA

9 PDR Example 𝑅 0 π‘˜=0 𝑅 0 𝑅 1 π‘˜=1 𝑅 0 𝑅 1 𝑅 2 π‘˜=2 𝑅 0 𝑅 1 𝑅 2 𝑅 3 π‘˜=3
FMCAD 2017 PDR-WLA

10 PDR Example 𝑅 0 π‘˜=0 𝑅 0 𝑅 1 π‘˜=1 𝑅 0 𝑅 1 𝑅 2 π‘˜=2 𝑅 0 𝑅 1 𝑅 2 𝑅 3 π‘˜=3
Inductive invariant FMCAD 2017 PDR-WLA

11 Word-Level Localization Abstraction
Signals are replaced with pseudo primary inputs (PPIs) Transition: practical problems are usually too hard to verify directly  need abstraction May need to mention it is a sound abstraction PPIs FMCAD 2017 PDR-WLA

12 Spurious Counterexample
If a CEX of an abstraction is NOT a CEX of the original, it is a spurious CEX. Abstraction Original 1 1 1 Show examples of a spurious CEX Mention the opposite: a real CEX. 1 1 FMCAD 2017 PDR-WLA

13 Refinement An abstraction can be refined by un-abstracting PPIs.
Un-abstract PPIs {a, b} (Mention we need to reject the current cex) FMCAD 2017 PDR-WLA

14 CounterExample-Guided Abstraction and Refinement (CEGAR)
Create abstraction Model Checking CEX? Refinement No Yes Spurious? Yes No Proved Falsified E. Clarke et al. Counterexample-guided abstraction refinement. CAV 2000. FMCAD 2017 PDR-WLA

15 Simple integration of PDR and CEGAR
Create WL abstraction Bit-blast PDR CEX? Refinement No Inefficient integration of PDR Need good refinement strategies Yes Spurious? Yes No Proved Falsified Simple CEGAR (S-CEGAR) FMCAD 2017 PDR-WLA

16 PDR with Word-Level Abstraction (PDR-WLA)
Create WL abstraction Bit-blast PDR: Open a new frame Load PDR: Recursively block cubes PDR Trace PDR: Propagate blocked cubes No CEX? Yes Emphasize re-using PDR traces Save Spurious? No Invariant? No Yes Yes Refine abstraction with PBR and MFFC Falsified Proved FMCAD 2017 PDR-WLA

17 Example of Re-using PDR Trace
Original Abstraction Abstract the leftmost bit FMCAD 2017 PDR-WLA

18 Example of Re-using PDR Trace
Next iteration FMCAD 2017 PDR-WLA

19 Correctness of Re-using PDR Trace
Theorem Let M and A be FSMs where 𝑇 𝑀 ⟹ 𝑇 𝐴 and 𝐼𝑛𝑖 𝑑 𝑀 =𝐼𝑛𝑖 𝑑 𝐴 . Given a property P, if ( 𝑅 0 , 𝑅 1 , …, 𝑅 𝑁 ) is a PDR trace of A w.r.t. P, then ( 𝑅 0 , 𝑅 1 , …, 𝑅 𝑁 ) is a PDR trace of M w.r.t. P. Proof 𝑅 0 =𝐼𝑛𝑖 𝑑 𝐴 𝑅 𝑗 ⟹ 𝑅 𝑗+1 𝑅 𝑗 ∧ 𝑇 𝐴 ⟹ 𝑅 𝑗+1 𝑅 𝑗 βŸΉπ‘ƒ 𝑅 0 =𝐼𝑛𝑖 𝑑 𝑀 𝑅 𝑗 ⟹ 𝑅 𝑗+1 𝑅 𝑗 ∧ 𝑇 𝑀 ⟹ 𝑅 𝑗+1 𝑅 𝑗 βŸΉπ‘ƒ Transition: is it always correct? Yes, under certain conditions. FMCAD 2017 PDR-WLA

20 Refinement Goal Strategies
Given a spurious CEX (cex), un-abstract some PPIs such that cex will be blocked in the next iteration. Strategies Simulation-Based Refinement (SBR) Proof-Based Refinement (PBR) Maximum Fanout Free Cone (MFFC) FMCAD 2017 PDR-WLA

21 Simulation-Based Refinement (SBR)
Minimize CEX with ternary simulation Refine concrete-value (care-set) PPIs Abstraction Refinement 1 1 X 1 1 X 1 X X X FMCAD 2017 PDR-WLA

22 Proof-Based Refinement (PBR)
Introduce multiplexers choosing PPIs and the original signals Make assumptions that the original ones are selected Formulate a SAT query that is UNSAT Derive an approximation of the minimum UNSAT core 1 Constant 0 (UNSAT) 1 1 Idea: spurious CEX cannot fail the property in the original circuit Assumptions 1 1 1 1 1 1 PI values from cex FMCAD 2017 PDR-WLA

23 Comparison of SBR and PBR (1/2)
SBR may refine more PPIs than necessary PBR SBR 1 1 1 1 1 Un-abstract PPIs {a, b, c, d} Un-abstract PPIs {a, b} FMCAD 2017 PDR-WLA

24 Comparison of SBR and PBR (2/2)
SBR may take more iterations than necessary PBR SBR 1 1 1 1οƒ X 1 0οƒ X 1 1οƒ X 0οƒ X 0οƒ X Un-abstract PPIs {a, b} (need 1 more iteration) Un-abstract PPIs {a, b, c, d} FMCAD 2017 PDR-WLA

25 Maximum Fanout Free Cone (MFFC)
The MFFC of a signal s is a subset of its fanin cone, where each path from a signal in the subset to any PO passes through s. Original Abstraction Without MFFC With MFFC FMCAD 2017 PDR-WLA

26 PDR-WLA Revisit the algorithm again
Emphasize again the two main contributions FMCAD 2017 PDR-WLA

27 Related Work Word-level Bounded Model Checking and/or k-induction
H. Jain et al. Word level predicate abstraction and refinement for verifying rtl verilog. DAC 2005. Z. S. Andraus et al. Reveal: A formal verification tool for verilog designs. LPAR B. A. Brady et al. Learning conditional abstractions. FMCAD 2011. Word-level Unbounded Model Checking T. Welp and A. Kuehlmann. Property directed reachability for qf bv with mixed type atomic reasoning units. ASP-DAC 2014. S. Lee and K. A. Sakallah. Unbounded scalable verification based on approximate property-directed reachability and datapath abstraction. CAV Y.-S. Ho et al. Efficient uninterpreted function abstraction and refinement for word-level model checking. FMCAD 2016. Bit-level PDR with abstraction Y. Vizel et al. Lazy abstraction and sat-based reachability in hardware model checking. FMCAD 2012. K. Fan et al. Automatic abstraction refinement of TR for PDR. ASP-DAC 2016. FMCAD 2017 PDR-WLA

28 Experimental Settings
PDR-WLA was implemented and is now available in ABC (command %pdra) S-CEGAR was also implemented for comparison (command %abs) 195 industrial benchmarks Hard signals* are targeted for abstraction *Large adders, multipliers, multiplexers, etc. 3600 second timeout All solved test cases are UNSAT FMCAD 2017 PDR-WLA

29 Comparison of PDR and PDR-WLA
Virtual Best #Solved 111 89 129 #UniquelySolved 22 18 FMCAD 2017 PDR-WLA

30 Comparison of S-CEGAR and PDR-WLA
This shows the effects of re-using traces 29 cases with non-trivial re-use of PDR traces are shown. FMCAD 2017 PDR-WLA

31 Detailed Performance – CPU Time (sec)
Test Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 #Hard signals 1252 1437 133 94 95 82 72 58 2150 1132 pdr 479 1760 1202 1801 932 2531 1384 925 1985 851 1152 354 1684 1731 414 %abs SBR +MFFC 171 654 753 2522 1214 391 2061 545 125 1343 732 739 %pdra SBR +MFFC 196 3253 327 1530 402 2800 862 538 949 303 897 763 1685 507 129 1238 2139 %pdra PBR 145 931 307 583 170 672 411 226 388 242 372 296 259 78 2191 %pdra PBR +MFFC 165 915 336 597 687 415 228 367 225 349 113 817 417 114 789 1297 We selected 20 test cases to show detailed statistics Time, Iterations, |B| Only need to show pdr, SBR, PBR, PBR + MFFC CPU time (Add a row for the number of hard signals) FMCAD 2017 PDR-WLA

32 Conclusion PDR-WLA addresses word-level unbounded model checking PDR-WLA abstracts with localization PDR-WLA refines with PBR and MFFC PDR-WLA re-uses PDR traces from previous iterations PDR-WLA was implemented and is available in ABC PDR-WLA performed well on industrial benchmarks FMCAD 2017 PDR-WLA

33 Yen-Sheng Ho, Alan Mishchenko, Robert Brayton
Thank you! Yen-Sheng Ho, Alan Mishchenko, Robert Brayton

Download ppt "Property Directed Reachability with Word-Level Abstraction"

Similar presentations

The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.

The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.
Exploiting SAT solvers in unbounded model checking

Exploiting SAT solvers in unbounded model checking
Efficient Implementation of Property Directed Reachability Niklas Een, Alan Mishchenko, Robert Brayton.

Efficient Implementation of Property Directed Reachability Niklas Een, Alan Mishchenko, Robert Brayton.
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)

SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)
Β© Anvesh Komuravelli Spacer Automatic Abstraction in SMT-Based Unbounded Software Model Checking Anvesh Komuravelli Carnegie Mellon University Joint work.

Β© Anvesh Komuravelli Spacer Automatic Abstraction in SMT-Based Unbounded Software Model Checking Anvesh Komuravelli Carnegie Mellon University Joint work.
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by Intel.

Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by Intel.
Aaron Bradley University of Colorado, Boulder

Aaron Bradley University of Colorado, Boulder
Β© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University.

Β© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo IvančiΔ‡ Aarti Gupta Ilya Shlyakhter Chao.

Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo IvančiΔ‡ Aarti Gupta Ilya Shlyakhter Chao.
Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.

Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.
Predicate Abstraction for Software and Hardware Verification Himanshu Jain Model checking seminar April 22, 2005.

Predicate Abstraction for Software and Hardware Verification Himanshu Jain Model checking seminar April 22, 2005.
Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.

Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.
11.7.2005 Computing OverΒ­Approximations with Bounded Model Checking Daniel Kroening ETH ZΓΌrich.

Computing OverΒ­Approximations with Bounded Model Checking Daniel Kroening ETH ZΓΌrich.
1 Abstraction Refinement for Bounded Model Checking Anubhav Gupta, CMU Ofer Strichman, Technion Highly Jet Lagged.

1 Abstraction Refinement for Bounded Model Checking Anubhav Gupta, CMU Ofer Strichman, Technion Highly Jet Lagged.
Automated Extraction of Inductive Invariants to Aid Model Checking Mike Case DES/CHESS Seminar EECS Department, UC Berkeley April 10, 2007.

Automated Extraction of Inductive Invariants to Aid Model Checking Mike Case DES/CHESS Seminar EECS Department, UC Berkeley April 10, 2007.
Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.

Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.
7/13/2003BMC 20031 A SAT-Based Approach to Abstraction Refinement in Model Checking Bing Li, Chao Wang and Fabio Somenzi University of Colorado at Boulder.

7/13/2003BMC A SAT-Based Approach to Abstraction Refinement in Model Checking Bing Li, Chao Wang and Fabio Somenzi University of Colorado at Boulder.
Inferring Specifications to Detect Errors in Code Mana Taghdiri Presented by: Robert Seater MIT Computer Science & AI Lab.

Inferring Specifications to Detect Errors in Code Mana Taghdiri Presented by: Robert Seater MIT Computer Science & AI Lab.

Similar presentations

Ads by Google