1 / 27

Tuning SAT-checkers for Bounded Model-Checking

Tuning SAT-checkers for Bounded Model-Checking. A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL). Basic theory of Bounded Model Checking (BMC) SAT highlights Tuning SAT checkers for BMC Results. The Bounded Model Checking Problem: Safety.

ownah
Download Presentation

Tuning SAT-checkers for Bounded Model-Checking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL) Weizmann Institute

  2. Basic theory of Bounded Model Checking (BMC) • SAT highlights • Tuning SAT checkers for BMC • Results Weizmann Institute

  3. The Bounded Model Checking Problem: Safety Given a Safety property p: (e.g. AG p : “always signal_a = signal_b”) Is there a state reachable within k cycles, which satisfies p ? p p p p p . . . s0 s1 s2 sk-1 sk Weizmann Institute

  4. The Bonded Model Checking Problem: Liveness Given a Liveness property p: (e.g. AGAF p:“always, eventuallysignal_a = signal_b”) Is there a loop in the first k cycles, that non of its states satisfy p ? p p p p p . . . s0 s1 s2 sk-1 sk Weizmann Institute

  5. Reducing the BMC problem to SAT (1/3): The reachable states in k steps are captured by: The property p fails in one of the cycles 1..k: Weizmann Institute

  6. Reducing the BMC problem to SAT (2/3): The safety property pis valid up to cycle k iff is unsatisfiable: p p p p p . . . s0 s1 s2 sk-1 sk Weizmann Institute

  7. Reducing the BMC problem to SAT (3/3): For Liveness properties, add a disjunction of possible loops: p p p p p . . . s0 s1 s2 sk-1 sk Weizmann Institute

  8. 11 00 10 01 Example: a two bit counter p = AG (l  r). k = 2 For k = 2,  is unsatisfiabe. For k = 4  is satisfiable Weizmann Institute

  9. Traditional Symbolic Model-Checking with BDDs • The reachable state-space is represented by a BDD • The property is evaluated recursively, by iterative fix point computations on the reachable state-space. • The size of the BDD is typically the bottle-neck of Model-Checking. Weizmann Institute

  10. Why SAT? • Smart DFS search - potentially will get faster to a satisfying sequence (counter example) • No exponential space - growth “Satisfiability checking is a ‘luck-based technology’” Weizmann Institute

  11. X  X X X X The Davis-Putnam procedure Given  in CNF: (x,y,z),(-x,y),(-y,z),(-x,-y,-z) Decide() Deduce() Diagnose() Weizmann Institute

  12. Decide() criteria: On which variable to split?-satisfies the most clauses (DLIS) - satisfies the shortest clause - only positive or negative (‘pure literal rule’) - most frequent : : Weizmann Institute

  13. Results (Sec.) * * * = exceeds 10,000 sec. Weizmann Institute

  14. Tuning SAT for BMC (1/3) 1. Use the variable dependency graph for smarter orderings. 2. Exploit information on ’s structure to restrict the state-space. 3. Restrict Decide() to a small set of variables. Weizmann Institute

  15. Clashing clouds... With general-purpose Decide() strategies, local sets of variables are satisfied a-synchronically ~Pk I0 Weizmann Institute

  16. x = T y1 = F y2 = F y3 = T Back- track Use  ‘s structure to resolve conflicts on a more local level...) Tailor made General-purpose Vs. tailor-made Decide() strategies...  : ... (x = ( y1y2 y3 ))  ... x = T y1 = F y2 = F y3 = T Back- track General purpose Weizmann Institute

  17. . . . . . . . . . . . . . . . . vars k A k-unfolding of the variable dependency graph Weizmann Institute

  18.  should satisfy  Pk Riding on legal executions... Pk I0 A head on attack...  should satisfy I0 Pk Riding on unreachable states... I0 Weizmann Institute

  19. A combined heuristic Pk I0 Trigger BFS with Weizmann Institute

  20. Given an order, guess a value  Dynamic decision  Constant value  Previous value ‘Flat’ computation  ... x7 = ? x9 = 0 x5 = 0 x2 = 1 y7 = 0 z2 = 0 y3 = 1 x2 = 0 y7 = 0 z2 = 0 y3 = 1 Previous value ‘Flat’ computation Weizmann Institute

  21. Tuning SAT for BMC (2/3) 1. Use the variable dependency graph for smarter orderings. 2. Exploit information on ’s structure to restrict the state-space. 3. Restrict Decide() to a small set of variables. Weizmann Institute

  22. Exploiting ’s structure in AGp formulas ’s structure can be used for adding conflicting clauses. conflicting clauses: • If x3=T, y7 = F, z5 = T leads to a conflict, • then  ( x3  y7  z5) is satisfiable iff is satisfiable. • The new clause can be seen as a constraint on the state-space Weizmann Institute

  23. Exploiting ’s structure in AGp formulas • If x3=T, y7 = F, z5 = T leads to a conflict, then so will • x2=T, y6 = F, z4 = T • Therefore, we can also add: • ( x2  y6  z4)  ( x1  y5  z3)  ( x0  y4  z2) • and... ( x4  y8  z6)  ...  ( xk-4  yk zk-2) • Yet,  is not fully symmetric because of I0. • We first have to check, by simulating an assignment, if • the replicated clause indeed leads to a conflict. Weizmann Institute

  24. Tuning SAT for BMC (3/3) 1. Use the variable dependency graph for smarter orderings. 2. Exploit information on ’s structure to restrict the state-space. 3. Restrict Decide() to a small set of variables. Weizmann Institute

  25. Restricting Decide() Restricting Decide() to a smaller set of variables , that uniquely determines the satisfiability of : • Model variables (~ 15 % of ’s variables) • Input variables (~ 5 % of ’s variables) Less variables to Decide() implies more variables to Deduce() Weizmann Institute

  26. Results (Sec.) * * * = exceeds 10,000 sec. Weizmann Institute

  27. The Conclusion Many of the (BDD) hard cases can be more efficiently solved with the optimized SAT procedure. Weizmann Institute

More Related