1 / 13

Cut-Based Inductive Invariant Computation

Cut-Based Inductive Invariant Computation. Michael Case 1,2 Alan Mishchenko 1 Robert Brayton 1 1 UC Berkeley 2 IBM Systems and Technology Group, Austin, TX. Overview. Motivation Previous work Inductive invariants Selecting invariant candidates Proving inductive invariants

boylea
Download Presentation

Cut-Based Inductive Invariant Computation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cut-Based Inductive Invariant Computation Michael Case1,2 Alan Mishchenko1 Robert Brayton1 1 UC Berkeley 2 IBM Systems and Technology Group, Austin, TX

  2. Overview • Motivation • Previous work • Inductive invariants • Selecting invariant candidates • Proving inductive invariants • Experimental results • Conclusions and future work

  3. Motivation • Inductive invariants in verification • Prevent spurious counter-examples to induction • Speed up SAT and improve SAT-based algorithms • Interpolation, functional dependency, etc • Inductive invariants in synthesis • Represent over-approximation of reachable states • Can be used as care set during logic optimization

  4. P  Q unreachable Q P P P P reachable Q complete state space Preventing Spurious C-Examples • Spurious c-examples are Achilles' heel of induction • Remedy: Induction strengthening • For example, property P  Q may be provable by induction, even if properties P and Q are not

  5. Previous Work on Induction Strengthening • Van Eijk’s approach (TCAD’00) • Use candidate equivalences • If not enough, add dangling nodes (nodes after retiming) • Mike Case’s approach (FMCAD’07) • Use implications that cover counter-examples • Aaron Bradley’s approach (FMCAD’07) • Use minimal clauses derive from counter-examples • Proposed approach • Create properties based on groups of signals in the network

  6. P Q n Y X Inductive Invariants • If property P is hard to prove, the goal is to find a new property Q that strengthens P • Q is an inductive invariant

  7. P Q n Y X Selecting Invariant Candidates • Perform two rounds of simulation: • Combinational (C) • Random primary inputs and register outputs • Sequential (S) • Random primary inputs and reachable states at register outputs • Collect combinations in Y-space of n appearing in C but not in S • These are likely due to unreachable states • Consider one combination, say, (0110) • Q(y) = y1  y2  y3  y4 • Q(y) is likely true only in unreachable states • Its complement is a candidate inductive invariant • Q(y) = y1  y2  y3  y4

  8. Example of Candidate Invariants a b c d Combinational Simulation Data Sequential Simulation Data f e g

  9. Proving Inductive Invariants • Collecting candidate inductive invariants • Constants (1-clauses) • Implications (2-clauses) • Values of signals at n-cuts (n-clauses) • Values of signals at n randomly selected nodes (n-clauses) • Proving inductive invariants • Use k-step induction • Check invariants in the initialized k-frames • Assume invariants true in the uninitialized k-frames, and prove them in the k+1st frame

  10. Experiment Overview • Implemented invariant computation in ABC and in IBM’s SixthSense tool • Used in synthesis • Lead to 1-3% improvement in AIG nodes • Overall results are marginal • Used in verification • Observe strengthening on some properties • Overall results are not impressive • Used to improve several algorithms • Interpolation, functional dependency, etc • Overall results are promising

  11. Experimental Results

  12. Conclusions • Developed a new method for expressing candidate invariants using n-clauses • Created a scalable hierarchical approach to proving the candidate invariants, which trades off computational effort for the number and expressiveness of invariants generated • Performed initial experiments to evaluate the usefulness of inductive invariants

  13. Future Work • Run further experiments and finetune using industrial benchmarks • Integrate the induction strengthening engine into equivalence checkers and model checkers • Use the computed invariant clause sets as don’t-cares for circuit restructuring in technology-dependent synthesis

More Related