advanced sat-techniques for bounded model checking of ...herbstri/publications/hbs_2006-slides.pdf!...
Post on 07-Jun-2019
216 Views
Preview:
TRANSCRIPT
Advanced SAT-Techniques for BoundedModel Checking of Blackbox Designs
Marc Herbstritt(joint work with Bernd Becker and Christoph Scholl)
Institute of Computer ScienceAlbert-Ludwigs-University
Freiburg im Breisgau, Germany
Presentation at IEEE MTV 2006, Dec 04 2006
www.avacs.org
Overview
1 Introduction
2 Blackbox BMC using 01X-LogicExampleBasic algorithmImprovementsExperimental Results
3 Blackbox BMC using QBFExampleBasic modellingAdditional ConstraintsFinal QBF FormulaExperimental Results
4 Conclusions
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Background
Formal Verification of Circuits→ Checking correctness between specification and
implementationModel Checking→ Specification given by a set of (temporal) properties→ Model Checking to prove that circuit model fulfills the
properties→ Bounded Model Checking to falsify properties
Blackbox Designs→ describe partial circuit implementations→ occur naturally in early design phase→ can be used for abstraction, e.g. in diagnosis
This work:→ Bounded Model Checking of Blackbox Designs (BB-BMC)→ Improving BB-BMC based on 01X-logic→ More concise formulation for BB-BMC using QBF
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Background
Formal Verification of Circuits→ Checking correctness between specification and
implementationModel Checking→ Specification given by a set of (temporal) properties→ Model Checking to prove that circuit model fulfills the
properties→ Bounded Model Checking to falsify properties
Blackbox Designs→ describe partial circuit implementations→ occur naturally in early design phase→ can be used for abstraction, e.g. in diagnosis
This work:→ Bounded Model Checking of Blackbox Designs (BB-BMC)→ Improving BB-BMC based on 01X-logic→ More concise formulation for BB-BMC using QBF
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Background
Formal Verification of Circuits→ Checking correctness between specification and
implementationModel Checking→ Specification given by a set of (temporal) properties→ Model Checking to prove that circuit model fulfills the
properties→ Bounded Model Checking to falsify properties
Blackbox Designs→ describe partial circuit implementations→ occur naturally in early design phase→ can be used for abstraction, e.g. in diagnosis
This work:→ Bounded Model Checking of Blackbox Designs (BB-BMC)→ Improving BB-BMC based on 01X-logic→ More concise formulation for BB-BMC using QBF
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Background
Formal Verification of Circuits→ Checking correctness between specification and
implementationModel Checking→ Specification given by a set of (temporal) properties→ Model Checking to prove that circuit model fulfills the
properties→ Bounded Model Checking to falsify properties
Blackbox Designs→ describe partial circuit implementations→ occur naturally in early design phase→ can be used for abstraction, e.g. in diagnosis
This work:→ Bounded Model Checking of Blackbox Designs (BB-BMC)→ Improving BB-BMC based on 01X-logic→ More concise formulation for BB-BMC using QBF
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Applications of Blackbox Designs: ISCAS c3540
BCD−ADD
MUX
MUX
A
B
Shifter
MUX
MUX
ALU
C3540: ALU with binary and BCD arithmetic, logic and shift operations.
BCD−SUB
(Source: Hansen, Yalcin, Hayes − Unveiling the ISCAS85 Benchmarks, IEEE Design&Test, 1999)
1 Abstraction: Hide components that are not necessary2 Verification of Partial Designs: E.g. in early design stage3 Error Diagnosis: Localisation of error
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Applications of Blackbox Designs: ISCAS c3540
BCD−ADD
MUX
MUX
A
B
Shifter
MUX
MUX
ALU
BCD−SUB
op(A,B,+,bin) =enc(A,bin) + enc(B,bin) ?
1 Abstraction: Hide components that are not necessary2 Verification of Partial Designs: E.g. in early design stage3 Error Diagnosis: Localisation of error
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Applications of Blackbox Designs: ISCAS c3540
enc(A, ) + enc(B, ) ?
but only on encoding
Blackbox
Blackbox
MUX
MUX
A
B
MUX
MUX
ALUBlackbox
Property is not dependent
bin binbin
on BCD−units and Shifter,
op(A,B,+, ) =
binary
1 Abstraction: Hide components that are not necessary2 Verification of Partial Designs: E.g. in early design stage3 Error Diagnosis: Localisation of error
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Applications of Blackbox Designs: ISCAS c3540
Blackbox
Blackbox
MUX
MUX
A
B
MUX
MUX
ALU
Implementation of Shifter andBCD−SUB unit not finished
BCD−ADD
op(A,B,+,bin) =enc(A,bin) + enc(B,bin) ?
1 Abstraction: Hide components that are not necessary2 Verification of Partial Designs: E.g. in early design stage3 Error Diagnosis: Localisation of error
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Applications of Blackbox Designs: ISCAS c3540
MUX
MUX
A
B
MUX
MUX
ALU
BlackboxBCD−SUB
Shifter
within the blackbox regionCheck whether error lies
1 Abstraction: Hide components that are not necessary2 Verification of Partial Designs: E.g. in early design stage3 Error Diagnosis: Localisation of error
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Blackbox BMC using 01X-Logic: Example
q0
q1
pbox
Black−
Y
q′0 = q0 + y + Z q′1 = q0 + q1 p = q0 ⊕ q1
Property: AG(¬p)
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Blackbox BMC using 01X-Logic: Example
q0
q1
pbox
Black−
0
0
1
X
Y
step y q0 q1 p0 — 0 1 0
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Blackbox BMC using 01X-Logic: Example
q0
q1
pbox
Black−
01
X
1
1
Y
step y q0 q1 p0 — 0 1 01 1 1 1 0
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Blackbox BMC using 01X-Logic: Example
q0
q1
pbox
Black−
1
1
0
1
X
Y
step y q0 q1 p0 — 0 1 01 1 1 1 02 0 1 1 1
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
01X-BB-BMC: Basics
1 Blackbox outputs are unknown⇒ use logical value X, i.e., X = unknown whether 0 or 1⇒ use additional variable Z, and assign Z = X
2 01X-LogicNOT01X(a)a0 11 0X X
AND01X(a, b)
ab 0 1 X
0 0 0 01 0 1 XX 0 X X
3 Deciding satisfiability for 01X-BB-BMC (see Herbstritt etal. MTV’05)
1 integrate deduction rules of 01X-logic at high-level intostructural SAT-solver: (f = g · h, g = 1, h = X) ⇒ f = X, or
2 apply two-valued encoding and solve purely propositionalSAT problem
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
01X-BB-BMC: Two-valued encoding
Two-valued encoding for 01X-Logic (see Jain et al. VTS’00)Mapping of 01X-values to tuples of propositional values
01X-value z encoding (z0, z1)
0 (1,0)1 (0,1)X (0,0)
Synthesis transformation using propositional operationsonly⇒ NOT01X(a) = [a1, a0]⇒ AND01X(a, b) = [a0 + b0, a1 · b1]
Transformation preserves uniform encoding of value X
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
01X-BB-BMC: Two-valued encoding
Transformation example using AIGs
0x811a678 2 @ DL 0
0x811a5c8 2 @ DL 0
L
0x811a620 2 @ DL 0
R
p-t00002-00x8115dd82 @ DL0
L
0x811a508 2 @ DL 0
R
p-t00002-10x81162982 @ DL0
L
0x811a560 2 @ DL 0
R
0x810fe58 2 @ DL 0
L
0x811a438 2 @ DL 0
R
p-t00000-10x810e3002 @ DL0
L
0x810f860 2 @ DL 0
R
0x81135c0 2 @ DL 0
L0x811a378 2 @ DL 0
R
q0-t00000-10x810ec802 @ DL0
Lq1-t00000-00x810f1402 @ DL0
R
0x8110330 2 @ DL 0
L
0x8113500 2 @ DL 0
R
0x8116f60 2 @ DL 0
L
0x811a2b8 2 @ DL 0
R
0x8110138 2 @ DL 0
L
0x81101f8 2 @ DL 0
R
0x8111478 2 @ DL 0
L
0x81134a8 2 @ DL 0
R
p-t00001-00x810d4c02 @ DL0
L
0x81100e0 2 @ DL 0
R
p-t00001-10x810d9802 @ DL0
L
0x8110088 2 @ DL 0
R
0x810ff08 2 @ DL 0
L
0x810ffb8 2 @ DL 0
R
R
q0-t00000-00x810e7c02 @ DL0
LLq1-t00000-10x810f6002 @ DL0
R
0x810ff60 2 @ DL 0
L
0x8110020 2 @ DL 0
R
L
RR
L
0x8110d08 2 @ DL 0
L
0x8110dc8 2 @ DL 0
R
0x81132d0 2 @ DL 0
L
0x8113380 2 @ DL 0
R
R
q1-t00001-00x81105e82 @ DL0
L R
q1-t00001-10x8110aa82 @ DL0
L
q0-t00001-00x81117302 @ DL0
L0x8113278 2 @ DL 0
R
q0-t00001-10x8111bf02 @ DL0
L0x8113210 2 @ DL 0
R
Z-t00000-00x81120b02 @ DL0
L
0x81131b8 2 @ DL 0
R
L
x-t00000-00x8112a302 @ DL0
R
Z-t00000-10x81125702 @ DL0
L
0x8113150 2 @ DL 0
R
L
x-t00000-10x8112ef02 @ DL0
R
0x8116d78 2 @ DL 0
L
0x8116e38 2 @ DL 0
R
0x8117b40 2 @ DL 0
L
0x811a260 2 @ DL 0
R
L
0x8116d20 2 @ DL 0
R L
0x8116cb8 2 @ DL 0
R
0x81164f8 2 @ DL 0
L
0x81165a8 2 @ DL 0
R
R
L
R
L
0x8116550 2 @ DL 0
L
0x8116c50 2 @ DL 0
R
R
L
R
L
0x8117938 2 @ DL 0
L
0x8117a08 2 @ DL 0
R
0x811a058 2 @ DL 0
L
0x811a128 2 @ DL 0
R
R
q1-t00002-00x81172182 @ DL0
L R
q1-t00002-10x81176d82 @ DL0
L
q0-t00002-00x8117e082 @ DL0
L
0x811a000 2 @ DL 0
R
q0-t00002-10x81182c82 @ DL0
L
0x8119f98 2 @ DL 0
R
Z-t00001-00x81187882 @ DL0
L
0x8119f30 2 @ DL 0
R
L
x-t00001-00x81191082 @ DL0
R
Z-t00001-10x8118c482 @ DL0
L
0x8119ec8 2 @ DL 0
R
L
x-t00001-10x81195c82 @ DL0
R
0x810feb0 2 @ DL 0
L
0x811a4a0 2 @ DL 0
R
p-t00000-00x810de402 @ DL0
L
0x810fdf0 2 @ DL 0
R
0x8113628 2 @ DL 0
L0x811a3e0 2 @ DL 0
R
L
R
0x81102c8 2 @ DL 0
L
0x8113568 2 @ DL 0
R
0x8116f08 2 @ DL 0
L
0x811a320 2 @ DL 0
R
0x8110190 2 @ DL 0
L
0x8110260 2 @ DL 0
R
0x8111420 2 @ DL 0
L
0x8113450 2 @ DL 0
R
LR LR
0x8110d70 2 @ DL 0
L
0x8110e30 2 @ DL 0
R
0x8113328 2 @ DL 0
L
0x81133e8 2 @ DL 0
R
R LR L
L
R
L
R
0x8116de0 2 @ DL 0
L
0x8116ea0 2 @ DL 0
R
0x8117ad8 2 @ DL 0
L
0x811a1f8 2 @ DL 0
R
LRL R
0x81179a0 2 @ DL 0
L
0x8117a70 2 @ DL 0
R
0x811a0c0 2 @ DL 0
L
0x811a190 2 @ DL 0
R
R LRL L RL R
transformed
0x8115b10 2 @ DL 0
p-t000020x8114a902 @ DL0
L
0x8115ab8 2 @ DL 0
R
0x810cc60 2 @ DL 0
L
0x8115a60 2 @ DL 0
R
p-t000000x810b5482 @ DL0
L
0x810cc08 2 @ DL 0
R
0x810cbb0 2 @ DL 0
L0x8115a08 2 @ DL 0
R
q0-t000000x810abe82 @ DL0
Lq1-t000000x810ae482 @ DL0
R
0x810c820 2 @ DL 0
L
0x810cb58 2 @ DL 0
R
0x8115628 2 @ DL 0
L
0x81159a0 2 @ DL 0
R
0x810c760 2 @ DL 0
L
0x810c7b8 2 @ DL 0
R
0x810c938 2 @ DL 0
L
0x810cb00 2 @ DL 0
R
p-t000010x810bc682 @ DL0
L
0x810c708 2 @ DL 0
RL R
0x810c648 2 @ DL 0
L
0x810c6a0 2 @ DL 0
R
L
R
L
R
0x810c878 2 @ DL 0
L
0x810c8d0 2 @ DL 0
R
0x810ca40 2 @ DL 0
L
0x810ca98 2 @ DL 0
R
R
q1-t000010x810ba082 @ DL0
L RL
q0-t000010x810b7a82 @ DL0
L0x810c9e8 2 @ DL 0
R
L
R
Z-t000000x810c3a82 @ DL0
L
0x810c990 2 @ DL 0
R
L
x-t000000x810a9882 @ DL0
R
0x8115568 2 @ DL 0
L
0x81155c0 2 @ DL 0
R
0x8115740 2 @ DL 0
L
0x8115938 2 @ DL 0
R
L
0x8115500 2 @ DL 0
RL R
0x8115440 2 @ DL 0
L
0x8115498 2 @ DL 0
R
R
L
R
L
0x8115680 2 @ DL 0
L
0x81156d8 2 @ DL 0
R
0x8115878 2 @ DL 0
L
0x81158d0 2 @ DL 0
R
R
q1-t000020x81148302 @ DL0
LR L
q0-t000020x81145d02 @ DL0
L
0x8115810 2 @ DL 0
R LR
Z-t000010x81151b02 @ DL0
L
0x81157a8 2 @ DL 0
R
L
x-t000010x81143702 @ DL0
R
not transformed
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
01X-BB-BMC: Structural SAT-Solver on AIGs
Our implementation relies on a SAT-Solver working withAnd/Inv-Graphs (AIGs) (see Kuehlmann et al. TCAD’02)AIGs: network consisting only of AND-gates andNOT-gatesEfficient DPLL-implementation on top of AIGs:⇒ Boolean Constraint Propagation⇒ Non-chronological backtracking⇒ Conflict learning
Drawback in the context of 01X-logic
Misguiding of the variable selection.
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
01X-BB-BMC: Misguiding variable selection
AND
*
00
*0
1
AND
*
00
*0
1
AND
*
00
*0
1
01X-value ’0’ at01X-AIG-nodes has encoding(0,1)due to encoding of AND01X:two propositionaljustificationswhen SAT-solver is not awareof encoding, justification of01X-value can be delayed
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
01X-BB-BMC: Improvements
*
001
X−A
ND
* *
0 1
0 0
left right
En
cod
ed−0
1X−A
ND
referencesemantical cross
Adding semantical cross-reference between AIG-nodesthat correspond to an encoded 01X-AIG-node
Improved Variable Selection
⇒ whenever left and right have to be justified, after justifyingleft, immediately try to justify right (and vice versa)
⇒ merge this scheme with greedy selection of deepestjustifications
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
01X-BB-BMC: Improvements
*
001
X−A
ND
* *
0 1
0 0
left right
En
cod
ed−0
1X−A
ND
referencesemantical cross
Adding semantical cross-reference between AIG-nodesthat correspond to an encoded 01X-AIG-node
Improved Variable Selection
⇒ whenever left and right have to be justified, after justifyingleft, immediately try to justify right (and vice versa)
⇒ merge this scheme with greedy selection of deepestjustifications
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
01X-BB-BMC: Improvements
AND
*
0
*
1
AND
**
AND
**
0
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
01X-BB-BMC: Improvements
AND
*
0
*
10
AND
*
0
*
AND
*
0
*
1 10
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
01X-BB-BMC: Improvements
AND
*
0
*
10
AND
*
0
*
AND
*
0
*
10
10
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
01X-BB-BMC: Improvements
AND
*
0
*
10
AND
*
0
*
1AND
*
0
*0
10 0
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
01X-BB-BMC: Improvements
AND
*
0
*
10
AND
*
0
*0
1AND
*
0
*0
10 0
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
01X-BB-BMC: Improvements
AND
*
0
*0
10
AND
*
0
*0
10AND
*
0
*0
10
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
01X-BB-BMC: Experimental Results
TimeSolverSolved Total #Solved / #Total
blind 01X-BB-BMC (MTV’05) 964 17165 2712 / 2730improved 01X-BB-BMC 386 12084 2717 / 2730
2730 different BB-BMC problems derived from s1269 andPicoJava/biu from VIS benchmark suiteblackboxes of different size (5%, 10%, and 20% of circuitarea)multiple blackboxes (1, 2, and 3)CPU time improvement by a factor of ∼ 2.5more instances solved: 5
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Blackbox BMC using QBF: Example
Black−box
q0
q2
q1
q3
p1_
Y
q′0 = q0 + Zq′1 = q0 · Zq′2 = 1q′3 = q2
p′ = y · q3 · (q1 + q0)
Property: AG(¬p)
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Blackbox BMC using QBF: Example
Black−box
q0
q2
q1
q3
p1_0
0
0
X 0
0
Y
step y q0 q1 q2 q3 p0 — 0 0 0 0 0
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Blackbox BMC using QBF: Example
Black−box
q0
q2
q1
q3
p1_
0
0
X X
0
1
Y
step y q0 q1 q2 q3 p0 — 0 0 0 0 01 — X 0 1 0 0
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Blackbox BMC using QBF: Example
Black−box
q0
q2
q1
q3
p1_
0
X X
X
1
1Y
step y q0 q1 q2 q3 p0 — 0 0 0 0 01 — X 0 1 0 02 1 X X 1 1 0
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Blackbox BMC using QBF: Example
Black−box
q0
q2
q1
q3
p1_
X X
X
1
1
X?
Y
step y q0 q1 q2 q3 p0 — 0 0 0 0 01 — X 0 1 0 02 — X X 1 1 03 1 X X 1 1 X
⇒ No counterexample can befound using 01X-logic!
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Blackbox BMC using QBF: Example
Black−box
q0
q2
q1
q3
p1_
X X
X
1
1
X?
Y
. . . but a counterexample can befound when using a more conciseformalism⇒ Quantified Boolean Formulas
Let’s see how this works . . .
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
QBF-BB-BMC: Basic Modelling
Use propositional variable Z(i,j) for output j of blackbox BBi
Counterexample has to be valid for all possible blackboxbehaviours
⇒ variables Z(i,j) are universally quantified (∀)
Counterexample states the existence of a series of inputassignments leading to a state that violates the property
⇒ primary inputs x0, x1, . . . , xn are existentially quantified (∃)
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
QBF-BB-BMC: Input-Output-Consistency
IOC(β, d) is a predicate that assures that timed instantiations ofall combinational blackboxes behave uniform within differenttime frames (for β-many blackboxes and unfolding depth d).
010
01
01
01
0
. . . . . . . . . . . .
BB
xin−1xi
1xi
0sik−1si
0 si1
BB
xjn−1xj
1sj0 sj
1sj
k−1 xj0
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
QBF-BB-BMC: Final QBF Formula
ϕCEd := ∃x0
∃s0∃χ0
0 ∀γ00 . . . ∃χ0
β−1 ∀γ0β−1
∃x1∃s1
∃χ10 ∀γ1
0 . . . ∃χ1β−1 ∀γ1
β−1
. . .
∃xd−1∃sd−1
∃χd−10 ∀γd−1
0 . . . ∃χd−1β−1 ∀γd−1
β−1
∃sd :
IOC(β, d) →(
I(s0) · TB(s0, sd−1) · (¬P(sd)))
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
QBF-BB-BMC: Final QBF Formula
Sequence of input assignments
ϕCEd := ∃x0
∃s0∃χ0
0 ∀γ00 . . . ∃χ0
β−1 ∀γ0β−1
∃x1∃s1
∃χ10 ∀γ1
0 . . . ∃χ1β−1 ∀γ1
β−1
. . .
∃xd−1∃sd−1
∃χd−10 ∀γd−1
0 . . . ∃χd−1β−1 ∀γd−1
β−1
∃sd :
IOC(β, d) →(
I(s0) · TB(s0, sd−1) · (¬P(sd)))
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
QBF-BB-BMC: Final QBF Formula
Sequence of states
ϕCEd := ∃x0
∃s0∃χ0
0 ∀γ00 . . . ∃χ0
β−1 ∀γ0β−1
∃x1∃s1
∃χ10 ∀γ1
0 . . . ∃χ1β−1 ∀γ1
β−1
. . .
∃xd−1∃sd−1
∃χd−10 ∀γd−1
0 . . . ∃χd−1β−1 ∀γd−1
β−1
∃sd :
IOC(β, d) →(
I(s0) · TB(s0, sd−1) · (¬P(sd)))
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
QBF-BB-BMC: Final QBF Formula
Blackbox input assignments (dependent on current state andprimary inputs)
ϕCEd := ∃x0
∃s0∃χ0
0 ∀γ00 . . . ∃χ0
β−1 ∀γ0β−1
∃x1∃s1
∃χ10 ∀γ1
0 . . . ∃χ1β−1 ∀γ1
β−1
. . .
∃xd−1∃sd−1
∃χd−10 ∀γd−1
0 . . . ∃χd−1β−1 ∀γd−1
β−1
∃sd :
IOC(β, d) →(
I(s0) · TB(s0, sd−1) · (¬P(sd)))
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
QBF-BB-BMC: Final QBF Formula
Universal quantification of blackbox outputs (due tofalsification of realizability)
ϕCEd := ∃x0
∃s0∃χ0
0 ∀γ00 . . . ∃χ0
β−1 ∀γ0β−1
∃x1∃s1
∃χ10 ∀γ1
0 . . . ∃χ1β−1 ∀γ1
β−1
. . .
∃xd−1∃sd−1
∃χd−10 ∀γd−1
0 . . . ∃χd−1β−1 ∀γd−1
β−1
∃sd :
IOC(β, d) →(
I(s0) · TB(s0, sd−1) · (¬P(sd)))
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
QBF-BB-BMC: Example revisited
Black−box
q0
q2
q1
q3
p1_
Y
ϕCE2 is true (depth=2), i.e.,
(y0, y1, y2) = (−,−, 1) is acounterexample.
. . . how come?
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
QBF-BB-BMC: Example revisited
Tuples are (q0, q1, q2, q3, p). All traces reach a state with p = 1.Left edges: Zj
i = 0, i.e., BB output j at time step i is 0 (right edges: Zji = 1).
(0,0,0,0,0)
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
QBF-BB-BMC: Example revisited
Tuples are (q0, q1, q2, q3, p). All traces reach a state with p = 1.Left edges: Zj
i = 0, i.e., BB output j at time step i is 0 (right edges: Zji = 1).
i0 =0Z i
0 =1Z0 = dcy
(0,0,0,0,0)
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
QBF-BB-BMC: Example revisited
Tuples are (q0, q1, q2, q3, p). All traces reach a state with p = 1.Left edges: Zj
i = 0, i.e., BB output j at time step i is 0 (right edges: Zji = 1).
i0 =0Z i
0 =1Z0 = dcy
(0,0,0,0,0)
(1,0,1,0,0)(0,0,1,0,0)
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
QBF-BB-BMC: Example revisited
Tuples are (q0, q1, q2, q3, p). All traces reach a state with p = 1.Left edges: Zj
i = 0, i.e., BB output j at time step i is 0 (right edges: Zji = 1).
i0 =0Z i
0 =1Z
= dcy1 = dcy1
0 = dcy
(0,0,0,0,0)
(0,0,1,1,0)
(1,0,1,0,0)(0,0,1,0,0)
(1,0,1,1,0) (1,0,1,1,0) (1,1,1,1,0)
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
QBF-BB-BMC: Example revisited
Tuples are (q0, q1, q2, q3, p). All traces reach a state with p = 1.Left edges: Zj
i = 0, i.e., BB output j at time step i is 0 (right edges: Zji = 1).
i0 =0Z i
0 =1Z
= dcy1 = dcy1
= 1y2 = 1y2 = 1y2 = 1y2
0 = dcy
(0,0,0,0,0)
(0,0,1,1,0)
(1,0,1,0,0)
(1,0,1,1,1)
(0,0,1,0,0)
(1,0,1,1,0) (1,0,1,1,0) (1,1,1,1,0)
(0,0,1,1,1) (1,0,1,1,1) (1,1,1,1,1) (1,0,1,1,1) (1,1,1,1,1) (1,0,1,1,1) (1,1,1,1,1)
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
QBF-BB-BMC: Example revisited
Input-Output-Consistency must be taken into account!
i0 =0Z i
0 =1Z
= dcy1 = dcy1
= 1y2 = 1y2 = 1y2 = 1y2
0 = dcy
(0,0,0,0,0)
(0,0,1,1,0)
(1,0,1,0,0)(0,0,1,0,0)
(1,0,1,1,0) (1,0,1,1,0) (1,1,1,1,0)
(0,0,1,1,1) (1,1,1,1,1) (1,0,1,1,1) (1,0,1,1,1) (1,1,1,1,1)! IOC ! IOC ! IOC
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
QBF-BB-BMC: Experimental Results
Solver Time #Solved/#Total2clsQ 16828 0 / 28GRL 16220 1 / 28openQbf 16826 0 / 28preQuantor 571 0 / 28Qbfl 16792 0 / 28Quaffle 16380 0 / 28QUANTOR 906 0 / 28QUANTOR hc 900 0 / 28qube3.0 16216 1 / 28qube4.0 15828 1 / 28qube5.0 20 28 / 28semprop 16229 1 / 28sKizzo-0.9-abs 9183 0 / 28sKizzo-0.9-grn 2191 0 / 28sKizzo-0.9.std 10761 0 / 28SQBF 11359 0 / 28sSolve 16808 0 / 28ssolve+ut 16809 0 / 28ssolve-ut 16809 0 / 28WalkQSAT 16227 1 / 28yQuaffle 16699 0 / 28
28 hard instances sent toQBFEVAL’06.Only qube5.0 was able tosolve the instances:⇒ transformation into
non-prenex QBF⇒ efficient pre-processing
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Conclusions and Future Work
ConclusionsOverview of different approaches for BB-BMC problemsImproved BB-BMC using 01X-logicProvided more concise counterexample formulation usingQBFResulting QBF formulas are hard-to-handle forstate-of-the-art QBF solvers
Future WorkCombining 01X-Logic and QBF formulationProviding a taxonomy of QBF formulations to trade offexpressiveness vs. computational complexityBetter testbench using semantic components forblackboxing
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Conclusions and Future Work
ConclusionsOverview of different approaches for BB-BMC problemsImproved BB-BMC using 01X-logicProvided more concise counterexample formulation usingQBFResulting QBF formulas are hard-to-handle forstate-of-the-art QBF solvers
Future WorkCombining 01X-Logic and QBF formulationProviding a taxonomy of QBF formulations to trade offexpressiveness vs. computational complexityBetter testbench using semantic components forblackboxing
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Questions ⇒ Answers
Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions
Acknowledgements and References
Acknowledgements
Massimo Narizzano, Luca Pulina and Armando Tacchella for providing theshort track results of the QBF Evaluation 2006Tobias Nopper and Stefan Disch for fruitful discussions
References
Jain et al., “Testing, Verification, and Diagnosis in the Presence of Unknowns”,VTS’00Kuehlmann et al., “Robust Boolean Reasoning for Equivalence Checking andFunctional Property Verification”, TCAD’02Scholl, Becker, “Checking Equivalence for Partial Implementations”, DAC’01Herbstritt, Becker, “On SAT-based Bounded Invariant Checking of BlackboxDesigns”, MTV’05
top related