1 / 13

Cut-Based Inductive Invariant Computation: Enhancing Verification and Synthesis

This study delves into the significance of inductive invariants in verification and synthesis, aiming to prevent spurious counter-examples, expedite SAT processing, and enhance various algorithms. The presented approach involves selecting invariant candidates strategically, proving these invariants, and showcasing experimental outcomes in both synthesis and verification domains. By leveraging n-clauses to express candidate invariants and employing a scalable hierarchical method for their verification, this research paves the way for future advancements in refining industrial benchmarks and integrating induction strengthening engines into equivalence and model checkers.

boylea
Download Presentation

Cut-Based Inductive Invariant Computation: Enhancing Verification and Synthesis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cut-Based Inductive Invariant Computation Michael Case1,2 Alan Mishchenko1 Robert Brayton1 1 UC Berkeley 2 IBM Systems and Technology Group, Austin, TX

  2. Overview • Motivation • Previous work • Inductive invariants • Selecting invariant candidates • Proving inductive invariants • Experimental results • Conclusions and future work

  3. Motivation • Inductive invariants in verification • Prevent spurious counter-examples to induction • Speed up SAT and improve SAT-based algorithms • Interpolation, functional dependency, etc • Inductive invariants in synthesis • Represent over-approximation of reachable states • Can be used as care set during logic optimization

  4. P  Q unreachable Q P P P P reachable Q complete state space Preventing Spurious C-Examples • Spurious c-examples are Achilles' heel of induction • Remedy: Induction strengthening • For example, property P  Q may be provable by induction, even if properties P and Q are not

  5. Previous Work on Induction Strengthening • Van Eijk’s approach (TCAD’00) • Use candidate equivalences • If not enough, add dangling nodes (nodes after retiming) • Mike Case’s approach (FMCAD’07) • Use implications that cover counter-examples • Aaron Bradley’s approach (FMCAD’07) • Use minimal clauses derive from counter-examples • Proposed approach • Create properties based on groups of signals in the network

  6. P Q n Y X Inductive Invariants • If property P is hard to prove, the goal is to find a new property Q that strengthens P • Q is an inductive invariant

  7. P Q n Y X Selecting Invariant Candidates • Perform two rounds of simulation: • Combinational (C) • Random primary inputs and register outputs • Sequential (S) • Random primary inputs and reachable states at register outputs • Collect combinations in Y-space of n appearing in C but not in S • These are likely due to unreachable states • Consider one combination, say, (0110) • Q(y) = y1  y2  y3  y4 • Q(y) is likely true only in unreachable states • Its complement is a candidate inductive invariant • Q(y) = y1  y2  y3  y4

  8. Example of Candidate Invariants a b c d Combinational Simulation Data Sequential Simulation Data f e g

  9. Proving Inductive Invariants • Collecting candidate inductive invariants • Constants (1-clauses) • Implications (2-clauses) • Values of signals at n-cuts (n-clauses) • Values of signals at n randomly selected nodes (n-clauses) • Proving inductive invariants • Use k-step induction • Check invariants in the initialized k-frames • Assume invariants true in the uninitialized k-frames, and prove them in the k+1st frame

  10. Experiment Overview • Implemented invariant computation in ABC and in IBM’s SixthSense tool • Used in synthesis • Lead to 1-3% improvement in AIG nodes • Overall results are marginal • Used in verification • Observe strengthening on some properties • Overall results are not impressive • Used to improve several algorithms • Interpolation, functional dependency, etc • Overall results are promising

  11. Experimental Results

  12. Conclusions • Developed a new method for expressing candidate invariants using n-clauses • Created a scalable hierarchical approach to proving the candidate invariants, which trades off computational effort for the number and expressiveness of invariants generated • Performed initial experiments to evaluate the usefulness of inductive invariants

  13. Future Work • Run further experiments and finetune using industrial benchmarks • Integrate the induction strengthening engine into equivalence checkers and model checkers • Use the computed invariant clause sets as don’t-cares for circuit restructuring in technology-dependent synthesis

More Related