1 / 13

Supporting SAT based BMC on Finite Path Models

Supporting SAT based BMC on Finite Path Models. Daniel Geist Mark Ginzburg Yoad Lustig Ishai Rabinovitz Ohad Shacham Rachel Tzoref IBM Haifa Labs. 11-July-2005. Outline. The problem Why consider finite paths The solution – change the translation

rose-jordan
Download Presentation

Supporting SAT based BMC on Finite Path Models

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Supporting SAT based BMC on Finite Path Models Daniel Geist Mark Ginzburg Yoad Lustig Ishai Rabinovitz Ohad Shacham Rachel Tzoref IBM Haifa Labs 11-July-2005

  2. Outline • The problem • Why consider finite paths • The solution – change the translation • Using the improved translation on standard models • Experimental results

  3. The problem - Example • INIT(s0)  (i=1..k TR(si-1,si)( (i=1..k BAD(si)) assume

  4. Why consider finite paths There should be no finite paths • Verification engineer creates finite paths • Reduce model size • Concentrate on suspected parts • Ignore known bugs • Bugs on finite paths are reported: • Due to the limited horizon of bounded model checking techniques: • BMC using SAT • On-the-fly verification • Ignoring bugs on finite paths invalidates BMC monotonicity. • If when running BMC with bound k there is no bug • BMC should not find bug when running with smaller bound So, don’t report bugs on them Well, I don’t care. You may report them or not

  5. The importance of monotonicity – An example • There is a finite path of length k1 • There is a bug on that path on cycle k2 (k1<k2) • The verification engineer runs BMC with bound k3 (k3>k1>k2) • No bug is found • There is a change in the design • Does not change this path • The verification engineer runs BMC with bound k4 (k3>k1>k4>k2) • BMC finds the bug • Verification engineer reaches the wrong conclusion: • There is a bug in the change k2 k4 k1 k3

  6. Why consider finite paths The customer is always right !!!

  7. Naive solutions • Run BMC for k=1, k=2, k=3 …… • Activates the SAT solver many times • Time consuming (in theory and in practice) • Change the translation to check for a path of any length smaller than k • Activates the SAT solver once • On a long formula (quadratic length(

  8. The solution – An improved translation • Add a new Boolean variable to each cycle: AlreadyFailed(si) • Indicates that a bug occurred in cycle i or in an earlier cycle • Add the constraints: • For an initial state: AlreadyFailed(s0)  BAD(s0) • AlreadyFailed(si)  AlreadyFailed(si-1)  BAD(si) • Change the BMC equation: • INIT(s0)  ( i=1..k (TR(si-1,si)  AlreadyFailed(si-1))  ( i=1..k BAD(si)) • Another option: • For an initial state: AlreadyFailed(s0)BAD(s0) • AlreadyFailed(si) AlreadyFailed(si-1)  BAD(si) • Another option for the BMC equation: • INIT(s0)  ( i=1..k (TR(si-1,si)  AlreadyFailed(si-1))  AlreadyFailed(sk)

  9. Comparing old and new translation

  10. Using the improved translation on standard models • BMC is running with bound k=100 • There is a bug on cycle b=56 • Traditional translation: • Need to find a valid assignment to variables in cycles higher than the bug cycle (in our example 56) • This is redundant work. • Improved translation: • Once AlreadyFailed(s56) is set can set AlreadyFailed(si) for 56<i<100 • Probably more efficient

  11. Comparing old and new translation (SAT, k=100)

  12. Methodology • If there may be finite paths (using a constraint, e.g., assume) • Choose one of: • New improved translation with large increment step • Traditional translation with increment step of 1 • If there are no finite paths • Choose one of: • New translation (Good for SAT) • Traditional translation (Good for UnSAT) • Run both in parallel (Good when user has hardware resources)

  13. Questions?

More Related