Presentation is loading. Please wait.

Presentation is loading. Please wait.

Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM-HRL.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM-HRL."— Presentation transcript:

1 Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM-HRL

2 Weizmann Institute  Basic theory of Bounded Model Checking (BMC)  SAT highlights  Tuning SAT checkers for BMC  Results

3 Weizmann Institute The Bounded Model Checking Problem: Safety Given a Safety property AG p, we check if there a state reachable within k cycles, which satisfies  p... s0s0 s1s1 s2s2 s k-1 sksk pp p pp p (Biere, Cimatti, Clarke, Zhu, 1999)

4 Weizmann Institute Reducing the BMC problem to SAT : p is preserved up to cycle k iff  is unsatisfiable:... s0s0 s1s1 s2s2 s k-1 sksk pp p pp p

5 Weizmann Institute Example : a two bit counter p = AG (  l   r). k = 2 00 01 10 11 For k = 2,  is unsatisfiabe. For k = 4  is satisfiable

6 Weizmann Institute Why SAT? Smart DFS search - potentially will get faster to a satisfying sequence (counter example) No exponential space - growth “Satisfiability checking is a ‘luck-based technology’”

7 Weizmann Institute Results (Sec.) * * * = exceeds 10,000 sec.

8 Weizmann Institute Tuning SAT for BMC (1/3) 1. Use the variable dependency graph for smarter orderings. 2. Exploit information on  ’s structure to restrict the state-space. 3. Restrict Decide() to a small set of variables.

9 Weizmann Institute A (CNF) dependency graph D (V,E): A partitioning C 1..C n : Claim:For AGp, there exist a partition C 0..C k s.t.  i,j if (C i,C j )  E’ then |i-j| = 1. A clustered dependency graph D’(V’, E’): C0C0 C1C1 C2C2 CkCk C3C3 C k-1 V0V0 V1V1 V2V2 VkVk V3V3 V k-1 Clustered dependency graphs If u  C i, v  C j and (u,v)  E then (C i, C j )  E’...

10 Weizmann Institute The Davis-Putnam procedure Given  in CNF: (x,y,z),(-x,y),(-y,z),(-x,-y,-z) Decide() Deduce() Diagnose()  X XX XX 

11 Weizmann Institute Decide() criteria: On which variable to split? - satisfies the most clauses (DLIS) - satisfies the shortest clause - only positive or negative (‘pure literal rule’) - most frequent : :

12 Weizmann Institute The local effect of assignments 2. AGp: Each clause in  contains variables from max. 2 cycles. 1. A ‘chain reaction’ in neighboring variables, due to: (x, y, z)(x, y, u)(x, y, z)(x, y, u) x = F y = T satisfies two clauses (x, y) x = F y = T (2) the decision criteria in Decide() (1) unit clauses in Deduce() Strong Weak

13 Weizmann Institute Clashing clouds... I0I0 ~Pk~Pk With general-purpose Decide() strategies, local sets of variables are satisfied a-synchronically

14 Weizmann Institute General-purpose Vs. tailor-made Decide() strategies...  :...  (x 5 = ( y 4  z 5  u 4 )) ... x 5 = T y 4 = F z 5 = F u 4 = T General purpose Back- track x 5 = T y 4 = F z 5 = F u 4 = T Use  ‘s structure to resolve conflicts on a more local level... Tailor made Back- track

15 Weizmann Institute A head on attack... I0I0 PkPk Riding on unreachable states...  should satisfy I 0 I0I0 Riding on legal executions...  should satisfy  P k PkPk

16 Weizmann Institute A combined heuristic I0I0 PkPk Trigger BFS with

17 Weizmann Institute Given an order, guess a value  Dynamic decision  Constant value  Previous value  ‘Flat’ computation ... x 5 = 0 x 7 = ? x 9 = 0 ‘Flat’ computationPrevious value x 2 = 1 y 7 = 0 z 2 = 0 y 3 = 1 x 2 = 0 y 7 = 0 z 2 = 0 y 3 = 1

18 Weizmann Institute Tuning SAT for BMC (2/3) 1. Use the variable dependency graph for smarter orderings. 2. Exploit information on  ’s structure to restrict the state-space. 3. Restrict Decide() to a small set of variables.

19 Weizmann Institute  ’s structure can be used for adding conflicting clauses. If x 3 =T, y 7 = F, z 5 = T leads to a conflict, then   (  x 3  y 7   z 5 ) is satisfiable iff  is satisfiable. The new clause can be seen as a constraint on the search-space conflicting clauses: Exploiting  ’s structure in AGp formulas

20 Weizmann Institute If x 3 =T, y 7 = F, z 5 = T leads to a conflict, then so will x 2 =T, y 6 = F, z 4 = T Therefore, we can also add: (  x 2  y 6   z 4 )  (  x 1  y 5   z 3 )  (  x 0  y 4   z 2 ) and... (  x 4  y 8   z 6 ) ...  (  x k-4  y k   z k-2 ) Yet,  is not fully symmetric because of I 0. We first have to check, by simulating an assignment, if the replicated clause indeed leads to a conflict. Exploiting  ’s structure in AGp formulas

21 Weizmann Institute Tuning SAT for BMC (3/3) 1. Use the variable dependency graph for smarter orderings. 2. Exploit information on  ’s structure to restrict the state-space. 3. Restrict Decide() to a small set of variables.

22 Weizmann Institute Restricting Decide() Restricting Decide() to a smaller set of variables , that uniquely determines the satisfiability of  :  Model variables (~ 15 % of  ’s variables)  Input variables (~ 5 % of  ’s variables) Less variables to Decide() implies more variables to Deduce()

23 Weizmann Institute Results (Sec.) * * * = exceeds 10,000 sec.

24 Weizmann Institute The Conclusion Many of the (BDD) hard cases can be more efficiently solved with the optimized SAT procedure.

25 Weizmann Institute... s0s0 s1s1 s2s2 s k-1 sksk pp pp pp pp Given a Liveness property p: (e.g. AGAF p: “always, eventually signal_a = signal_b”) Is there a loop in the first k cycles, that non of its states satisfy p ? The Bonded Model Checking Problem: Liveness

26 Weizmann Institute Traditional Model-Checking with BDDs The reachable state-space is represented by a BDD (We stop ‘adding’ cycles when arriving to a fix-point). The property is evaluated recursively, by iterative fix point computations on the state-space. The size of the BDD is typically the bottle-neck of Model- Checking.

27 Weizmann Institute Reducing the BMC problem to SAT (3/3): For Liveness properties, add a disjunction of possible loops:... s0s0 s1s1 s2s2 s k-1 sksk pp pp pp pp

28 Weizmann Institute How big should K be? 1. The Diameter d: for all reachable states s,t, for which t is reachable from s, there exist a path from s to t with at most d-1 intermediate steps. 2. The Recurrence diameter rd: the least number r s.t. at most r consecutive states in a path are different. rd is an upper bound for d, that can be expressed as a propositional formula:

29 Weizmann Institute If is unsatisfiable, then Ifthen k  rd The ‘-diameter’ flag in BMC: And therefor:

30 Weizmann Institute General SAT... k vars.. AGp

31 Weizmann Institute Bounded cone of influence: K v u z y x 0123 u 2 - u 5, z 5, y 4 -y 5 are not used 45

32 Weizmann Institute Bounded cone of influence has Bounded effect: K The portion of variables that B-COI can remove is decreasing when K increases

33 Weizmann Institute The reachable states in k steps are captured by: The property p fails in one of the cycles 1..k: Reducing the BMC problem to SAT (1/3):

34 Weizmann Institute A k-unfolding of the variable dependency graph... k vars..

35 Weizmann Institute VkVk V k-1 V1V1 V0V0 12345678 9... 1110... VkVk V k-1 V1V1 V0V0 1K+1 2... K+2... 3 K

36 Weizmann Institute

37

38

39

Download ppt "Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM-HRL."

Similar presentations

Model Checking Base on Interoplation

Model Checking Base on Interoplation
Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.

Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Complexity ©D.Moshkovits 1 Where Can We Draw The Line? On the Hardness of Satisfiability Problems.

Complexity ©D.Moshkovits 1 Where Can We Draw The Line? On the Hardness of Satisfiability Problems.
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
Proofs from SAT Solvers Yeting Ge ACSys NYU Nov 20 2007.

Proofs from SAT Solvers Yeting Ge ACSys NYU Nov
Counting the bits Analysis of Algorithms Will it run on a larger problem? When will it fail?

Counting the bits Analysis of Algorithms Will it run on a larger problem? When will it fail?
Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View SAT.

Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View SAT.
Heuristics for Efficient SAT Solving As implemented in GRASP, Chaff and GSAT.

Heuristics for Efficient SAT Solving As implemented in GRASP, Chaff and GSAT.
1/30 SAT Solver Changki PSWLAB SAT Solver Daniel Kroening, Ofer Strichman.

1/30 SAT Solver Changki PSWLAB SAT Solver Daniel Kroening, Ofer Strichman.
IBM Labs in Haifa © 2005 IBM Corporation Adaptive Application of SAT Solving Techniques Ohad Shacham and Karen Yorav Presented by Sharon Barner.

IBM Labs in Haifa © 2005 IBM Corporation Adaptive Application of SAT Solving Techniques Ohad Shacham and Karen Yorav Presented by Sharon Barner.
The Theory of NP-Completeness

The Theory of NP-Completeness
1 NP-Complete Problems. 2 We discuss some hard problems:  how hard? (computational complexity)  what makes them hard?  any solutions? Definitions 

1 NP-Complete Problems. 2 We discuss some hard problems:  how hard? (computational complexity)  what makes them hard?  any solutions? Definitions 
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
© The McGraw-Hill Companies, Inc., 2005 8 - 1 Chapter 8 The Theory of NP-Completeness.

© The McGraw-Hill Companies, Inc., Chapter 8 The Theory of NP-Completeness.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Strichman Carnegie Mellon University.

Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Strichman Carnegie Mellon University.
Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)

Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)
SAT-based Bounded Model Checking

SAT-based Bounded Model Checking

Similar presentations

Ads by Google