1 / 22

Tuning SAT-checkers for Bounded Model-Checking

Tuning SAT-checkers for Bounded Model-Checking. A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM-HRL. Basic theory of Bounded Model Checking (BMC) SAT highlights Tuning SAT checkers for BMC Results. p. p.  p. p. p. s 0. s 1. s 2. s k -1. s k.

lorna
Download Presentation

Tuning SAT-checkers for Bounded Model-Checking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM-HRL Weizmann Institute

  2. Basic theory of Bounded Model Checking (BMC) • SAT highlights • Tuning SAT checkers for BMC • Results Weizmann Institute

  3. p p p p p . . . s0 s1 s2 sk-1 sk The Bounded Model Checking Problem: Safety (Biere, Cimatti, Clarke, Zhu, 1999) Given a Safety property AG p, we check if there a state reachable within k cycles, which satisfies p Weizmann Institute

  4. Reducing the BMC problem to SAT : pis preserved up to cycle k iff is unsatisfiable: p p p p p . . . s0 s1 s2 sk-1 sk Weizmann Institute

  5. 11 00 10 01 Example: a two bit counter p = AG (l  r). k = 2 For k = 2,  is unsatisfiabe. For k = 4  is satisfiable Weizmann Institute

  6. Why SAT? • Smart DFS search - potentially will get faster to a satisfying sequence (counter example) • No exponential space - growth “Satisfiability checking is a ‘luck-based technology’” Weizmann Institute

  7. Tuning SAT for BMC (1/3) 1. Use the variable dependency graph for smarter orderings. 2. Exploit information on ’s structure to restrict the state-space. 3. Restrict Decide() to a small set of variables. Weizmann Institute

  8. X  X X X X The Davis-Putnam procedure Given  in CNF: (x,y,z),(-x,y),(-y,z),(-x,-y,-z) Decide() Deduce() Diagnose() Weizmann Institute

  9. Decide() criteria: On which variable to split?-satisfies the most clauses (DLIS) - satisfies the shortest clause - only positive or negative (‘pure literal rule’) - most frequent : : Weizmann Institute

  10. The local effect of assignments 1. A‘chain reaction’ in neighboring variables, due to: (1) unit clauses in Deduce() Strong (x, y) x = Fy = T (2) the decision criteria in Decide() Weak (x,y,z) (x,y,u) x = Fy = T satisfies two clauses 2. AGp: Each clause in  contains variables from max. 2 cycles. Weizmann Institute

  11. Clashing clouds... With general-purpose Decide() strategies, local sets of variables are satisfied a-synchronically ~Pk I0 Weizmann Institute

  12. x5 = T y4 = F z5 = F u4 = T Back- track Use  ‘s structure to resolve conflicts on a more local level... Tailor made General-purpose Vs. tailor-made Decide() strategies...  : ... (x5 = ( y4z5 u4 ))  ... x5 = T y4 = F z5 = F u4 = T Back- track General purpose Weizmann Institute

  13.  should satisfy  Pk Riding on legal executions... Pk I0 A head on attack...  should satisfy I0 Pk Riding on unreachable states... I0 Weizmann Institute

  14. A combined heuristic Pk I0 Trigger BFS with Weizmann Institute

  15. Given an order, guess a value  Dynamic decision  Constant value  Previous value ‘Flat’ computation  ... x7 = ? x9 = 0 x5 = 0 x2 = 1 y7 = 0 z2 = 0 y3 = 1 x2 = 0 y7 = 0 z2 = 0 y3 = 1 Previous value ‘Flat’ computation Weizmann Institute

  16. Tuning SAT for BMC (2/3) 1. Use the variable dependency graph for smarter orderings. 2. Exploit information on ’s structure to restrict the state-space. 3. Restrict Decide() to a small set of variables. Weizmann Institute

  17. Exploiting ’s structure in AGp formulas ’s structure can be used for adding conflicting clauses. conflicting clauses: • If x3=T, y7 = F, z5 = T leads to a conflict, • then  ( x3  y7  z5) is satisfiable iff is satisfiable. • The new clause can be seen as a constraint on the search-space Weizmann Institute

  18. Exploiting ’s structure in AGp formulas • If x3=T, y7 = F, z5 = T leads to a conflict, then so will • x2=T, y6 = F, z4 = T • Therefore, we can also add: • ( x2  y6  z4)  ( x1  y5  z3)  ( x0  y4  z2) • and... ( x4  y8  z6)  ...  ( xk-4  yk zk-2) • Yet,  is not fully symmetric because of I0. • We first have to check, by simulating an assignment, if • the replicated clause indeed leads to a conflict. Weizmann Institute

  19. Tuning SAT for BMC (3/3) 1. Use the variable dependency graph for smarter orderings. 2. Exploit information on ’s structure to restrict the state-space. 3. Restrict Decide() to a small set of variables. Weizmann Institute

  20. Restricting Decide() Restricting Decide() to a smaller set of variables , that uniquely determines the satisfiability of : • Model variables (~ 15 % of ’s variables) • Input variables (~ 5 % of ’s variables) Less variables to Decide() implies more variables to Deduce() Weizmann Institute

  21. Results (Sec.) * * * = exceeds 10,000 sec. Weizmann Institute

  22. The Conclusion Many of the (BDD) hard cases can be more efficiently solved with the optimized SAT procedure. Weizmann Institute

More Related