1 / 38

Model Checking and Range-equivalent Circuits

Model Checking and Range-equivalent Circuits. Date: 2013. 6. 3 Speaker: Chih-Chung Wang. Outline. Model Checking State Explosion Problem and Solutions Range-equivalent Circuit Minimization Future Work and Discussion. Model Checking.

Download Presentation

Model Checking and Range-equivalent Circuits

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Model Checking and Range-equivalent Circuits Date: 2013. 6. 3 Speaker: Chih-Chung Wang

  2. Outline • Model Checking • State Explosion Problem and Solutions • Range-equivalent Circuit Minimization • Future Work and Discussion

  3. Model Checking • a technique for automatically verifying correctness properties of finite-state systems

  4. Model Checking • The Model-Checking Process • Modeling • Running • Running the Model Checker • Analysis • Analyzing the Results

  5. Transition System • Transition System (TS) • (S, Act, → ,I ,AP ,L) • finite: S, Act, and AP are finite. State Transition Graph (STG) S0 S1 States of Combinational Part S3 S2

  6. Transition System • Reachable State • Induction S4 S5 State Transition Graph (STG) S0 S1 States of Combinational Part S3 S2

  7. Induction • Foundation of verification for 40+ years (Floyd, Hoare) • To prove that S : (I, T) has safety property P, prove: • Base case: • I ⟹ P • Inductive case: • P ∧T ⟹ P’

  8. Induction Fails • Use a stronger assertion, or • Construct an incremental proof, using previously established invariants • Temporal Verification of Reactive Systems: Safety

  9. State Explosion Problem • The size of transition system representations grows exponentially in various components, such as the number of variables in a program graph or the number of components in a concurrent system. • A combinatorial blow up of the state-space • State Explosion Problem or Combinatorial explosion

  10. State Explosion Problem • BDD/SAT-based reachability • exact computation of strongest/weakest strengthening • k-induction • unrolling to strengthen • Interpolation-based model checking • property-focused abstract post-condition • Interpolation and SAT-based Model Checking, Kenneth L. McMillan, CAV 2003 • Incremental Proof • IC3 • SAT-based Model Checking without Unrolling

  11. State Explosion Problem • Symbolic algorithm • avoid ever building the graph for the FSM • represent the graph implicitly using a formula in quantified propositional logic • ex. BDD • Bounded model checking algorithms • unroll the FSM for a fixed number of steps and check whether a property violation can occur in or fewer steps • typically involving encoding the restricted model as an instance of SAT

  12. Symbolic Model Checking • Considering large numbers of states at a single step • binary decision diagrams (BDDs) • avoid ever building the graph • represent the graph implicitly

  13. Symbolic Model Checking • Symbolic Model Checking without BDDs • bounded model checking(BMC) • for the Linear Temporal Logic (LTL) • BSEC

  14. Linear Temporal Logic • Encoding formulae about the future of paths • ◇ “eventually” (eventually in the future) • □“always” (now and forever in the future) • ¬ ,∧ ,∨ , ∃, ∀……

  15. Linear Temporal Logic • LTL model checking

  16. Linear Temporal Logic • safety properties • state that something bad never happens • counterexample • SAT-Based Model Checking Without Unrolling • liveness properties • state that something good keeps happening

  17. Computation Tree Logic • Computation tree logic (CTL): a branching-time logic • ∃, ∀ • model of time is a tree-like structure in which the future is not determined

  18. Fixed-point • : the set of all reachable states at the i-th iteration • The sets of the reachable states in two consecutive iterations are identical • i.e., = initial state fixed-point … reachable states

  19. IC3 • Given: • Over-approximations of stepwise reachability: • , , , . . . , • Approximate “onion skins”: • ⇒ • ∧⇒ • Counterexample to stepwise-relative induction : • ∧∧⇒

  20. IC3 • Find: • Weakest stepwise assumption (maximum ) • ∃⊆¬ such that ∧∧ ∧⇒ • Guaranteed to exist. • Prefer small (ideally minimal) clause . • Proof that is unreachable for + 1 steps.

  21. IC3 • Push forward: • Strengthening stepwise knowledge up to step + 1: • := ∧ for ∈{1, . . . , + 1} • Recuringon the property ¬(at step + 1).

  22. Bounded Sequential Equivalence Checking • A special case of Bounded Model Checking (BMC) • Checking two circuits in different timeframe • Linear Temporal Logic • Bound • Sequential depth • Optimization • Resyn2 • NAR, Node Merging

  23. Bounded Sequential Equivalence Checking • Unrolling unroll

  24. Bounded Sequential Equivalence Checking

  25. Bounded Sequential Equivalence Checking

  26. Range-equivalent Circuit Minimization • Using range to minimize the circuit optimizes the bounded model checking • In model checking, we reduced the repeated reached states from different paths • Range remained – state set remained • Partial Order Reduction • ex. BDD

  27. Range-equivalent Circuit Minimization • Algorithm • Splitting PIs • Removing redundant PIs • Computing RMA • Computing type2 assignments by RMA • Logic implementation • Considering the value assignments • Merging PIs • For each PI, exponential time complexity

  28. Range-equivalent Circuit Minimization • Removing redundant PIs

  29. Range-equivalent Circuit Minimization • Failure in BSEC • Making range-equivalent circuit wastes too much time • about O(n^3) • n: number of PI

  30. Future Work and Discussion • How can we use range in model checking • Which area of model checking? • Discussion • Performance of range • Restriction • Modern techniques in BMC

  31. Discussion • Performance of range • Computing range • Modifying range • Partial range-equivalent circuit • not processing all PI • Optimizing range-equivalent circuit • Structural analysis • Restriction • Output set • Circuit Size • Temporal logic

  32. Discussion • Modern techniques in BMC • Interpolation, IC3, FAIR, IICTL, … • Reachable after k • Finding a (k + 1) counterexample • IC3 • Stepwise induction • Lemma: clause • Functional representation • compromise between the incremental and monolithic strategies

  33. Reference • Website • http://theory.stanford.edu/~arbrad/ • Principles of Model Checking • SAT-based Model Checking without Unrolling • Temporal Verification of Reactive Systems: Safety • Checking Safety by Inductive Generalization of Counterexamples to Induction

  34. Temporal Logic • ◇ • “eventually” (eventually in the future) • □ • “always” (now and forever in the future) • ○ • “next” • U • “until”

More Related