[PPT] - Advanced SAT-Techniques for Bounded Model Checking of Blackbox PowerPoint Presentation

SLIDE 1

Advanced SAT-Techniques for Bounded Model Checking of Blackbox Designs Marc Herbstritt

(joint work with Bernd Becker and Christoph Scholl)

Institute of Computer Science Albert-Ludwigs-University Freiburg im Breisgau, Germany

Presentation at IEEE MTV 2006, Dec 04 2006

www.avacs.org

SLIDE 2

Overview

1

Introduction

2

Blackbox BMC using 01X-Logic Example Basic algorithm Improvements Experimental Results

3

Blackbox BMC using QBF Example Basic modelling Additional Constraints Final QBF Formula Experimental Results

4

Conclusions

SLIDE 3

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Background

Formal Verification of Circuits

→ Checking correctness between specification and implementation

Model Checking

→ Specification given by a set of (temporal) properties → Model Checking to prove that circuit model fulfills the properties → Bounded Model Checking to falsify properties

Blackbox Designs

→ describe partial circuit implementations → occur naturally in early design phase → can be used for abstraction, e.g. in diagnosis

This work:

→ Bounded Model Checking of Blackbox Designs (BB-BMC) → Improving BB-BMC based on 01X-logic → More concise formulation for BB-BMC using QBF

SLIDE 4

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Background

Formal Verification of Circuits

→ Checking correctness between specification and implementation

Model Checking

→ Specification given by a set of (temporal) properties → Model Checking to prove that circuit model fulfills the properties → Bounded Model Checking to falsify properties

Blackbox Designs

→ describe partial circuit implementations → occur naturally in early design phase → can be used for abstraction, e.g. in diagnosis

This work:

→ Bounded Model Checking of Blackbox Designs (BB-BMC) → Improving BB-BMC based on 01X-logic → More concise formulation for BB-BMC using QBF

SLIDE 5

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Background

Formal Verification of Circuits

→ Checking correctness between specification and implementation

Model Checking

→ Specification given by a set of (temporal) properties → Model Checking to prove that circuit model fulfills the properties → Bounded Model Checking to falsify properties

Blackbox Designs

→ describe partial circuit implementations → occur naturally in early design phase → can be used for abstraction, e.g. in diagnosis

This work:

→ Bounded Model Checking of Blackbox Designs (BB-BMC) → Improving BB-BMC based on 01X-logic → More concise formulation for BB-BMC using QBF

SLIDE 6

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Background

Formal Verification of Circuits

→ Checking correctness between specification and implementation

Model Checking

→ Specification given by a set of (temporal) properties → Model Checking to prove that circuit model fulfills the properties → Bounded Model Checking to falsify properties

Blackbox Designs

→ describe partial circuit implementations → occur naturally in early design phase → can be used for abstraction, e.g. in diagnosis

This work:

→ Bounded Model Checking of Blackbox Designs (BB-BMC) → Improving BB-BMC based on 01X-logic → More concise formulation for BB-BMC using QBF

SLIDE 7

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Applications of Blackbox Designs: ISCAS c3540

BCD−ADD MUX MUX

A B Shifter

MUX MUX

ALU

C3540: ALU with binary and BCD arithmetic, logic and shift operations.

BCD−SUB (Source: Hansen, Yalcin, Hayes − Unveiling the ISCAS85 Benchmarks, IEEE Design&Test, 1999)

1

Abstraction: Hide components that are not necessary

2

Verification of Partial Designs: E.g. in early design stage

3

Error Diagnosis: Localisation of error

SLIDE 8

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Applications of Blackbox Designs: ISCAS c3540

BCD−ADD MUX MUX

A B Shifter

MUX MUX

ALU

BCD−SUB

p(A,B,+,bin) =

enc(A,bin) + enc(B,bin) ?

1

Abstraction: Hide components that are not necessary

2

Verification of Partial Designs: E.g. in early design stage

3

Error Diagnosis: Localisation of error

SLIDE 9

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Applications of Blackbox Designs: ISCAS c3540

enc(A, ) + enc(B, ) ?

but only on encoding

Blackbox Blackbox

MUX MUX

A B

MUX MUX

ALU Blackbox

Property is not dependent

bin bin bin

n BCD−units and Shifter,
p(A,B,+, ) =

binary

1

Abstraction: Hide components that are not necessary

2

Verification of Partial Designs: E.g. in early design stage

3

Error Diagnosis: Localisation of error

SLIDE 10

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Applications of Blackbox Designs: ISCAS c3540

Blackbox Blackbox

MUX MUX

A B

MUX MUX

ALU

Implementation of Shifter and BCD−SUB unit not finished

BCD−ADD

p(A,B,+,bin) =

enc(A,bin) + enc(B,bin) ?

1

Abstraction: Hide components that are not necessary

2

Verification of Partial Designs: E.g. in early design stage

3

Error Diagnosis: Localisation of error

SLIDE 11

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Applications of Blackbox Designs: ISCAS c3540

MUX MUX

A B

MUX MUX

ALU Blackbox

BCD−SUB

Shifter

within the blackbox region Check whether error lies

1

Abstraction: Hide components that are not necessary

2

Verification of Partial Designs: E.g. in early design stage

3

Error Diagnosis: Localisation of error

SLIDE 12

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Blackbox BMC using 01X-Logic: Example

q0 q1 p

box Black− Y

q′

0 = q0 + y + Z

q′

1 = q0 + q1

p = q0 ⊕ q1 Property: AG(¬p)

SLIDE 13

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Blackbox BMC using 01X-Logic: Example

q0 q1 p

box Black−

1

X

Y

step y q0 q1 p — 1

SLIDE 14

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Blackbox BMC using 01X-Logic: Example

q0 q1 p

box Black−

1

X

1 1

Y

step y q0 q1 p — 1 1 1 1 1

SLIDE 15

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Blackbox BMC using 01X-Logic: Example

q0 q1 p

box Black−

1 1 1

X

Y

step y q0 q1 p — 1 1 1 1 1 2 1 1 1

SLIDE 16

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

01X-BB-BMC: Basics

1

Blackbox outputs are unknown

⇒ use logical value X, i.e., X = unknown whether 0 or 1 ⇒ use additional variable Z, and assign Z = X

2

01X-Logic

NOT01X(a) a 1 1 X X AND01X(a, b) a b 1 X 1 1 X X X X

3

Deciding satisfiability for 01X-BB-BMC (see Herbstritt et

al. MTV’05)

1

integrate deduction rules of 01X-logic at high-level into structural SAT-solver: (f = g · h, g = 1, h = X) ⇒ f = X, or

2

apply two-valued encoding and solve purely propositional SAT problem

SLIDE 17

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

01X-BB-BMC: Two-valued encoding

Two-valued encoding for 01X-Logic (see Jain et al. VTS’00) Mapping of 01X-values to tuples of propositional values

01X-value z encoding (z0, z1) (1,0) 1 (0,1) X (0,0)

Synthesis transformation using propositional operations

nly

⇒ NOT01X(a) = [a1, a0] ⇒ AND01X(a, b) = [a0 + b0, a1 · b1]

Transformation preserves uniform encoding of value X

SLIDE 18

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

01X-BB-BMC: Two-valued encoding

Transformation example using AIGs

0x811a678 2 @ DL 0 0x811a5c8 2 @ DL 0 L 0x811a620 2 @ DL 0 R p-t00002-0 0x8115dd8 2 @ DL0 L 0x811a508 2 @ DL 0 R p-t00002-1 0x8116298 2 @ DL0 L 0x811a560 2 @ DL 0 R 0x810fe58 2 @ DL 0 L 0x811a438 2 @ DL 0 R p-t00000-1 0x810e300 2 @ DL0 L 0x810f860 2 @ DL 0 R 0x81135c0 2 @ DL 0 L 0x811a378 2 @ DL 0 R q0-t00000-1 0x810ec80 2 @ DL0 L q1-t00000-0 0x810f140 2 @ DL0 R 0x8110330 2 @ DL 0 L 0x8113500 2 @ DL 0 R 0x8116f60 2 @ DL 0 L 0x811a2b8 2 @ DL 0 R 0x8110138 2 @ DL 0 L 0x81101f8 2 @ DL 0 R 0x8111478 2 @ DL 0 L 0x81134a8 2 @ DL 0 R p-t00001-0 0x810d4c0 2 @ DL0 L 0x81100e0 2 @ DL 0 R p-t00001-1 0x810d980 2 @ DL0 L 0x8110088 2 @ DL 0 R 0x810ff08 2 @ DL 0 L 0x810ffb8 2 @ DL 0 R R q0-t00000-0 0x810e7c0 2 @ DL0 L L q1-t00000-1 0x810f600 2 @ DL0 R 0x810ff60 2 @ DL 0 L 0x8110020 2 @ DL 0 R L R R L 0x8110d08 2 @ DL 0 L 0x8110dc8 2 @ DL 0 R 0x81132d0 2 @ DL 0 L 0x8113380 2 @ DL 0 R R q1-t00001-0 0x81105e8 2 @ DL0 L R q1-t00001-1 0x8110aa8 2 @ DL0 L q0-t00001-0 0x8111730 2 @ DL0 L 0x8113278 2 @ DL 0 R q0-t00001-1 0x8111bf0 2 @ DL0 L 0x8113210 2 @ DL 0 R Z-t00000-0 0x81120b0 2 @ DL0 L 0x81131b8 2 @ DL 0 R L x-t00000-0 0x8112a30 2 @ DL0 R Z-t00000-1 0x8112570 2 @ DL0 L 0x8113150 2 @ DL 0 R L x-t00000-1 0x8112ef0 2 @ DL0 R 0x8116d78 2 @ DL 0 L 0x8116e38 2 @ DL 0 R 0x8117b40 2 @ DL 0 L 0x811a260 2 @ DL 0 R L 0x8116d20 2 @ DL 0 R L 0x8116cb8 2 @ DL 0 R 0x81164f8 2 @ DL 0 L 0x81165a8 2 @ DL 0 R R L R L 0x8116550 2 @ DL 0 L 0x8116c50 2 @ DL 0 R R L R L 0x8117938 2 @ DL 0 L 0x8117a08 2 @ DL 0 R 0x811a058 2 @ DL 0 L 0x811a128 2 @ DL 0 R R q1-t00002-0 0x8117218 2 @ DL0 L R q1-t00002-1 0x81176d8 2 @ DL0 L q0-t00002-0 0x8117e08 2 @ DL0 L 0x811a000 2 @ DL 0 R q0-t00002-1 0x81182c8 2 @ DL0 L 0x8119f98 2 @ DL 0 R Z-t00001-0 0x8118788 2 @ DL0 L 0x8119f30 2 @ DL 0 R L x-t00001-0 0x8119108 2 @ DL0 R Z-t00001-1 0x8118c48 2 @ DL0 L 0x8119ec8 2 @ DL 0 R L x-t00001-1 0x81195c8 2 @ DL0 R 0x810feb0 2 @ DL 0 L 0x811a4a0 2 @ DL 0 R p-t00000-0 0x810de40 2 @ DL0 L 0x810fdf0 2 @ DL 0 R 0x8113628 2 @ DL 0 L 0x811a3e0 2 @ DL 0 R L R 0x81102c8 2 @ DL 0 L 0x8113568 2 @ DL 0 R 0x8116f08 2 @ DL 0 L 0x811a320 2 @ DL 0 R 0x8110190 2 @ DL 0 L 0x8110260 2 @ DL 0 R 0x8111420 2 @ DL 0 L 0x8113450 2 @ DL 0 R L R L R 0x8110d70 2 @ DL 0 L 0x8110e30 2 @ DL 0 R 0x8113328 2 @ DL 0 L 0x81133e8 2 @ DL 0 R R L R L L R L R 0x8116de0 2 @ DL 0 L 0x8116ea0 2 @ DL 0 R 0x8117ad8 2 @ DL 0 L 0x811a1f8 2 @ DL 0 R L R L R 0x81179a0 2 @ DL 0 L 0x8117a70 2 @ DL 0 R 0x811a0c0 2 @ DL 0 L 0x811a190 2 @ DL 0 R R L R L L R L R

transformed

0x8115b10 2 @ DL 0 p-t00002 0x8114a90 2 @ DL0 L 0x8115ab8 2 @ DL 0 R 0x810cc60 2 @ DL 0 L 0x8115a60 2 @ DL 0 R p-t00000 0x810b548 2 @ DL0 L 0x810cc08 2 @ DL 0 R 0x810cbb0 2 @ DL 0 L 0x8115a08 2 @ DL 0 R q0-t00000 0x810abe8 2 @ DL0 L q1-t00000 0x810ae48 2 @ DL0 R 0x810c820 2 @ DL 0 L 0x810cb58 2 @ DL 0 R 0x8115628 2 @ DL 0 L 0x81159a0 2 @ DL 0 R 0x810c760 2 @ DL 0 L 0x810c7b8 2 @ DL 0 R 0x810c938 2 @ DL 0 L 0x810cb00 2 @ DL 0 R p-t00001 0x810bc68 2 @ DL0 L 0x810c708 2 @ DL 0 R L R 0x810c648 2 @ DL 0 L 0x810c6a0 2 @ DL 0 R L R L R 0x810c878 2 @ DL 0 L 0x810c8d0 2 @ DL 0 R 0x810ca40 2 @ DL 0 L 0x810ca98 2 @ DL 0 R R q1-t00001 0x810ba08 2 @ DL0 L R L q0-t00001 0x810b7a8 2 @ DL0 L 0x810c9e8 2 @ DL 0 R L R Z-t00000 0x810c3a8 2 @ DL0 L 0x810c990 2 @ DL 0 R L x-t00000 0x810a988 2 @ DL0 R 0x8115568 2 @ DL 0 L 0x81155c0 2 @ DL 0 R 0x8115740 2 @ DL 0 L 0x8115938 2 @ DL 0 R L 0x8115500 2 @ DL 0 R L R 0x8115440 2 @ DL 0 L 0x8115498 2 @ DL 0 R R L R L 0x8115680 2 @ DL 0 L 0x81156d8 2 @ DL 0 R 0x8115878 2 @ DL 0 L 0x81158d0 2 @ DL 0 R R q1-t00002 0x8114830 2 @ DL0 L R L q0-t00002 0x81145d0 2 @ DL0 L 0x8115810 2 @ DL 0 R L R Z-t00001 0x81151b0 2 @ DL0 L 0x81157a8 2 @ DL 0 R L x-t00001 0x8114370 2 @ DL0 R

not transformed

SLIDE 19

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

01X-BB-BMC: Structural SAT-Solver on AIGs

Our implementation relies on a SAT-Solver working with And/Inv-Graphs (AIGs) (see Kuehlmann et al. TCAD’02) AIGs: network consisting only of AND-gates and NOT-gates Efficient DPLL-implementation on top of AIGs:

⇒ Boolean Constraint Propagation ⇒ Non-chronological backtracking ⇒ Conflict learning

Drawback in the context of 01X-logic Misguiding of the variable selection.

SLIDE 20

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

01X-BB-BMC: Misguiding variable selection

AND

* * 1

AND

* * 1

AND

* * 1

01X-value ’0’ at 01X-AIG-nodes has encoding (0,1) due to encoding of AND01X:

two propositional justifications

when SAT-solver is not aware

f encoding, justification of

01X-value can be delayed

SLIDE 21

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

01X-BB-BMC: Improvements

*

01X−AND

* *

1

left right Encoded−01X−AND reference semantical cross

Adding semantical cross-reference between AIG-nodes that correspond to an encoded 01X-AIG-node Improved Variable Selection ⇒ whenever left and right have to be justified, after justifying left, immediately try to justify right (and vice versa) ⇒ merge this scheme with greedy selection of deepest justifications

SLIDE 22

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

01X-BB-BMC: Improvements

*

01X−AND

* *

* * 1

AND

* * 1

SLIDE 29

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

01X-BB-BMC: Experimental Results

Time Solver Solved Total #Solved / #Total blind 01X-BB-BMC (MTV’05) 964 17165 2712 / 2730 improved 01X-BB-BMC 386 12084 2717 / 2730 2730 different BB-BMC problems derived from s1269 and PicoJava/biu from VIS benchmark suite blackboxes of different size (5%, 10%, and 20% of circuit area) multiple blackboxes (1, 2, and 3) CPU time improvement by a factor of ∼ 2.5 more instances solved: 5

SLIDE 30

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Blackbox BMC using QBF: Example

Black− box

q0 q2 q1 q3 p

1 _

Y

q′ = q0 + Z q′

1

= q0 · Z q′

2

= 1 q′

3

= q2 p′ = y · q3 · (q1 + q0) Property: AG(¬p)

SLIDE 31

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Blackbox BMC using QBF: Example

Black− box

q0 q2 q1 q3 p

1 _

X

Y

step y q0 q1 q2 q3 p —

SLIDE 32

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Blackbox BMC using QBF: Example

Black− box

q0 q2 q1 q3 p

1 _

X X 1

Y

step y q0 q1 q2 q3 p — 1 — X 1

SLIDE 33

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Blackbox BMC using QBF: Example

Black− box

q0 q2 q1 q3 p

1 _

X X X 1 1

Y

step y q0 q1 q2 q3 p — 1 — X 1 2 1 X X 1 1

SLIDE 34

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Blackbox BMC using QBF: Example

Black− box

q0 q2 q1 q3 p

1 _

X X X 1 1 X ?

Y

step y q0 q1 q2 q3 p — 1 — X 1 2 — X X 1 1 3 1 X X 1 1 X

⇒ No counterexample can be found using 01X-logic!

SLIDE 35

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Blackbox BMC using QBF: Example

Black− box

q0 q2 q1 q3 p

1 _

X X X 1 1 X ?

Y

. . . but a counterexample can be found when using a more concise formalism ⇒ Quantified Boolean Formulas Let’s see how this works . . .

SLIDE 36

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

QBF-BB-BMC: Basic Modelling

Use propositional variable Z(i,j) for output j of blackbox BBi Counterexample has to be valid for all possible blackbox behaviours ⇒ variables Z(i,j) are universally quantified (∀) Counterexample states the existence of a series of input assignments leading to a state that violates the property ⇒ primary inputs x0, x1, . . . , xn are existentially quantified (∃)

SLIDE 37

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

QBF-BB-BMC: Input-Output-Consistency

IOC(β, d) is a predicate that assures that timed instantiations of all combinational blackboxes behave uniform within different time frames (for β-many blackboxes and unfolding depth d).

1 1 1 1 . . . . . . . . . . . . BB xi

n−1

xi

1

xi si

k−1

si

0 si 1

BB xj

n−1

xj

1

sj

0 sj 1

sj

k−1

xj

SLIDE 38

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

QBF-BB-BMC: Final QBF Formula

ϕCE

d

:= ∃x0 ∃s0 ∃χ0

0 ∀γ0 0 . . . ∃χ0 β−1 ∀γ0 β−1

∃x1 ∃s1 ∃χ1

0 ∀γ1 0 . . . ∃χ1 β−1 ∀γ1 β−1

. . . ∃xd−1 ∃sd−1 ∃χd−1 ∀γd−1 . . . ∃χd−1

β−1 ∀γd−1 β−1

∃sd : IOC(β, d) →

I(s0) · TB(s0, sd−1) · (¬P(sd))

SLIDE 39

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

QBF-BB-BMC: Final QBF Formula

Sequence of input assignments ϕCE

d

:= ∃x0 ∃s0 ∃χ0

0 ∀γ0 0 . . . ∃χ0 β−1 ∀γ0 β−1

∃x1 ∃s1 ∃χ1

0 ∀γ1 0 . . . ∃χ1 β−1 ∀γ1 β−1

. . . ∃xd−1 ∃sd−1 ∃χd−1 ∀γd−1 . . . ∃χd−1

β−1 ∀γd−1 β−1

∃sd : IOC(β, d) →

I(s0) · TB(s0, sd−1) · (¬P(sd))

SLIDE 40

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

QBF-BB-BMC: Final QBF Formula

Sequence of states ϕCE

d

:= ∃x0 ∃s0 ∃χ0

0 ∀γ0 0 . . . ∃χ0 β−1 ∀γ0 β−1

∃x1 ∃s1 ∃χ1

0 ∀γ1 0 . . . ∃χ1 β−1 ∀γ1 β−1

. . . ∃xd−1 ∃sd−1 ∃χd−1 ∀γd−1 . . . ∃χd−1

β−1 ∀γd−1 β−1

∃sd : IOC(β, d) →

I(s0) · TB(s0, sd−1) · (¬P(sd))

SLIDE 41

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

QBF-BB-BMC: Final QBF Formula

Blackbox input assignments (dependent on current state and primary inputs) ϕCE

d

:= ∃x0 ∃s0 ∃χ0

0 ∀γ0 0 . . . ∃χ0 β−1 ∀γ0 β−1

∃x1 ∃s1 ∃χ1

0 ∀γ1 0 . . . ∃χ1 β−1 ∀γ1 β−1

. . . ∃xd−1 ∃sd−1 ∃χd−1 ∀γd−1 . . . ∃χd−1

β−1 ∀γd−1 β−1

∃sd : IOC(β, d) →

I(s0) · TB(s0, sd−1) · (¬P(sd))

SLIDE 42

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

QBF-BB-BMC: Final QBF Formula

Universal quantification of blackbox outputs (due to falsification of realizability) ϕCE

d

:= ∃x0 ∃s0 ∃χ0

0 ∀γ0 0 . . . ∃χ0 β−1 ∀γ0 β−1

∃x1 ∃s1 ∃χ1

0 ∀γ1 0 . . . ∃χ1 β−1 ∀γ1 β−1

. . . ∃xd−1 ∃sd−1 ∃χd−1 ∀γd−1 . . . ∃χd−1

β−1 ∀γd−1 β−1

∃sd : IOC(β, d) →

I(s0) · TB(s0, sd−1) · (¬P(sd))

SLIDE 43

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

QBF-BB-BMC: Example revisited

Black− box

q0 q2 q1 q3 p

1 _

Input-Output-Consistency must be taken into account!

i 0 =0

Z

i 0 =1

Z = dc y1 = dc y1 = 1 y2 = 1 y2 = 1 y2 = 1 y2

0 = dc

y

(0,0,0,0,0) (0,0,1,1,0) (1,0,1,0,0) (0,0,1,0,0) (1,0,1,1,0) (1,0,1,1,0) (1,1,1,1,0) (0,0,1,1,1) (1,1,1,1,1) (1,0,1,1,1) (1,0,1,1,1) (1,1,1,1,1) ! IOC ! IOC ! IOC

SLIDE 50

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

QBF-BB-BMC: Experimental Results

Solver Time #Solved/#Total 2clsQ 16828 0 / 28 GRL 16220 1 / 28

penQbf

16826 0 / 28 preQuantor 571 0 / 28 Qbfl 16792 0 / 28 Quaffle 16380 0 / 28 QUANTOR 906 0 / 28 QUANTOR hc 900 0 / 28 qube3.0 16216 1 / 28 qube4.0 15828 1 / 28 qube5.0 20 28 / 28 semprop 16229 1 / 28 sKizzo-0.9-abs 9183 0 / 28 sKizzo-0.9-grn 2191 0 / 28 sKizzo-0.9.std 10761 0 / 28 SQBF 11359 0 / 28 sSolve 16808 0 / 28 ssolve+ut 16809 0 / 28 ssolve-ut 16809 0 / 28 WalkQSAT 16227 1 / 28 yQuaffle 16699 0 / 28

28 hard instances sent to QBFEVAL’06. Only qube5.0 was able to solve the instances: ⇒ transformation into non-prenex QBF ⇒ efficient pre-processing

SLIDE 51

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Conclusions and Future Work

Conclusions Overview of different approaches for BB-BMC problems Improved BB-BMC using 01X-logic Provided more concise counterexample formulation using QBF Resulting QBF formulas are hard-to-handle for state-of-the-art QBF solvers Future Work Combining 01X-Logic and QBF formulation Providing a taxonomy of QBF formulations to trade off expressiveness vs. computational complexity Better testbench using semantic components for blackboxing

SLIDE 52

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Conclusions and Future Work

Conclusions Overview of different approaches for BB-BMC problems Improved BB-BMC using 01X-logic Provided more concise counterexample formulation using QBF Resulting QBF formulas are hard-to-handle for state-of-the-art QBF solvers Future Work Combining 01X-Logic and QBF formulation Providing a taxonomy of QBF formulations to trade off expressiveness vs. computational complexity Better testbench using semantic components for blackboxing

SLIDE 53

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Questions ⇒ Answers

SLIDE 54

Introduction Blackbox BMC using 01X-Logic Blackbox BMC using QBF Conclusions

Acknowledgements and References

Acknowledgements Massimo Narizzano, Luca Pulina and Armando Tacchella for providing the short track results of the QBF Evaluation 2006 Tobias Nopper and Stefan Disch for fruitful discussions References Jain et al., “Testing, Verification, and Diagnosis in the Presence of Unknowns”, VTS’00 Kuehlmann et al., “Robust Boolean Reasoning for Equivalence Checking and Functional Property Verification”, TCAD’02 Scholl, Becker, “Checking Equivalence for Partial Implementations”, DAC’01 Herbstritt, Becker, “On SAT-based Bounded Invariant Checking of Blackbox Designs”, MTV’05