1 / 14

Advanced Interpolation and Induction Techniques for Verification

Explore improved interpolation methods, check termination by induction, and compare interpolation algorithms for efficient verification. Experiment with backward interpolation and enhance inductive proving for better results.

lduran
Download Presentation

Advanced Interpolation and Induction Techniques for Verification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Research Update June-September 2008 Alan Mishchenko

  2. Outline • Improved interpolation • command “int” • New choice computation • command “dch” (not covered in this talk) • New inductive prover • command “scorr”

  3. Interpolation: Basics • Input: Sequential AIG with single output representing a property • Property holds when the output is 0 • Method: Over-approximate reachability analysis • Using over-approximations, instead of exact sets of reachable states • Output: Proof that the property holds • Implementation: A sequence of SAT calls on unrolled time-frames that is similar to bounded model checking A B R1 R2 R3 Rn Ik L P=1 Ik+1

  4. Interpolation: Experiments (Done in collaboration with Roland Jiang, National Taiwan University.) • Checking termination using induction • Quit, if interpolant is a k-step-inductive invariant • Compare two interpolation algorithms • McMillan’s vs. Pudlak’s • Backward interpolation • Interpolate the last time frame, instead of the first • Compare two different proofs • Proof logger in ABC vs. proof logger in MiniSat-1.14p

  5. Checking Termination by Induction (This idea was suggested by Ken McMillan, Cadence Research Labs.) • Traditional approach: Check termination by checking Boolean containment of Ik+1 in Ik • If so, a fixed-point is reached • New approach: Check termination by checking whether Ik is an inductive invariant • If so, iteration can stop because (i) Ik contains all reachable states and (ii) the property holds for all states in Ik • Improvement: Use k-step induction where k increases proportionally to the effort applied in the interpolation procedure

  6. McMillan’s Root clauses Clause of A gets OR of global literals Clause of B gets constant 1 Learned clauses Variable of A gets OR of interpolants Variable of B or C gets AND of interpolants Pudlak’s Root clauses Clause of A gets constant 0 Clause of B gets constant 1 Learned clauses Variable of A gets OR of interpolants Variable B gets AND of interpolants Variable of C gets MUX controlled by this variable Two Interpolation Procedures

  7. Backward Interpolation • Instead of interpolating init-state and the first time frame, interpolate negated property and the last frame • Unroll circuit backward rather than forward It was found experimentally that backward interpolation rarely has better runtime

  8. ABC Uses a sequence of learned clauses Is largely independent of the SAT solver Doubles the runtime of SAT solver because the proof is re-derived using backward BCP MiniSat-1.14p Records the steps of conflict analysis SAT solver should be heavily modified Has little runtime overhead but may use more memory Two Proof Logging Procedures It was found experimentally that using proof-logging in ABC results in a faster interpolation procedure

  9. Interpolation Results The table reports runtime of command “int” in ABC, which implements Ken McMillan’s unbounded model checking procedure. The runtime is in seconds on an IBM laptop with a 1.6GHz Pentium 4 CPU and 2GB of RAM. Timeout was set to 300 seconds. Default interpolation parameters: inductive check (K=2), original transition relation (no self-loop), forward interpolation, proof-logging engine in ABC.

  10. SAT-1 SAT-3 SAT-1 A A A B B B SAT-4 SAT-2 SAT-2 C C C D D D Inductive Prover: Basics Inductive Case Base Case ? Candidate equivalences: {A,B}, {C,D} ? Proving internal equivalences in a topological order in frame K ? ? PIk 0 0 PI1 C ? D A Assuming internal equivalences to in uninitialized frames 0 through K-1 ? B PI1 0 0 PI0 C D Initial state A B Proving internal equivalences in initialized frames 0 through K-1 PI0 Symbolic state

  11. Inductive Prover: Experiments • Simulation of additional timeframes • Counter-examples to induction can be simulated over several timeframes, resulting in additional refinement • Skipping SAT calls for some cand. equivalences • Can skip an equivalence if its cone-of-influence did not change after the last iteration of refinement • Improved implementation • Better AIG to CNF conversion • Better candidate equivalence class manipulation • More flexible simulation

  12. Inductive Prover: Results • Using a large test-case taken at random from resynthesis/retiming/resynthesis benchmarks (R. Jiang et al, ICCAD’07) • Running three versions of ABC on a laptop • Old prover (September 2007) • 171 sec • Improved old prover (September 2008) • 94 sec • New prover (September 2008) • 31 sec

  13. Inductive Prover: Next Steps • Support external sequential constraints • Use constrained instead of random simulation • Add uniqueness constraints on demand • May increase inductive power for hard properties • Use aggressive filtering of cand. equivalences • May speed up SEC after seq. synthesis when most of the circuit structure did not change (e.g. clock-gating)

  14. Future Work • Incorporate stand-alone speculative reduction into the verification engine • May extend the scope of hard problems solved • Bring command “dprove” up to the standards of industrial model checker • Implement generation of counter-examples after interpolation and BDD-based reachability • Combine clock-gating and ODC-based synthesis • Combines seq. and comb. synthesis to simultaneously reduce power and area • Re-implement CEC engine using new ideas • Tune for circuits with little or no common structure

More Related