Application of Lifting in Partial Design Analysis Marc Herbstritt - - PowerPoint PPT Presentation
Application of Lifting in Partial Design Analysis Marc Herbstritt (joint work with Vanessa Struve and Bernd Becker) Institute of Computer Science Albert-Ludwigs-University Freiburg im Breisgau, Germany Presentation at IEEE MTV 2007, Dec 06
(joint work with Vanessa Struve and Bernd Becker)
Institute of Computer Science Albert-Ludwigs-University Freiburg im Breisgau, Germany
Presentation at IEEE MTV 2007, Dec 06 2007
www.avacs.org
1
Introduction
2
Preliminaries BMC of Blackbox Designs using 01X-Logic Lifting
3
01X-Brute-Force Lifting Lifting Strategies for 01X-Logic Experimental Results
4
Automated Blackbox Synthesis Combinational Equivalence Checking of Blackbox Designs Example Blackbox Synthesis
5
Conclusions
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Formal Verification of Circuits
→ Correctness of implementation wrt. its specification → Combinational Equivalence Checking:
“Golden” reference circuit vs. implementation
→ Model Checking
Model Checking: Does circuit fulfill (temporal) properties? Bounded Model Checking (BMC) to falsify properties
Blackbox Designs
→ partial circuit implementations, e.g., in early design phase → BMC of blackbox designs feasible by using 01X-logic and/or QBF (MTV’05, MTV’06, EuroCAST’07)
Lifting
→ Simplification of counterexamples obtained from BMC
This work → Simplification of 01X-counterexamples by 01X-Lifting → Automated Blackbox Synthesis by 01X-Lifting
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Formal Verification of Circuits
→ Correctness of implementation wrt. its specification → Combinational Equivalence Checking:
“Golden” reference circuit vs. implementation
→ Model Checking
Model Checking: Does circuit fulfill (temporal) properties? Bounded Model Checking (BMC) to falsify properties
Blackbox Designs
→ partial circuit implementations, e.g., in early design phase → BMC of blackbox designs feasible by using 01X-logic and/or QBF (MTV’05, MTV’06, EuroCAST’07)
Lifting
→ Simplification of counterexamples obtained from BMC
This work → Simplification of 01X-counterexamples by 01X-Lifting → Automated Blackbox Synthesis by 01X-Lifting
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Formal Verification of Circuits
→ Correctness of implementation wrt. its specification → Combinational Equivalence Checking:
“Golden” reference circuit vs. implementation
→ Model Checking
Model Checking: Does circuit fulfill (temporal) properties? Bounded Model Checking (BMC) to falsify properties
Blackbox Designs
→ partial circuit implementations, e.g., in early design phase → BMC of blackbox designs feasible by using 01X-logic and/or QBF (MTV’05, MTV’06, EuroCAST’07)
Lifting
→ Simplification of counterexamples obtained from BMC
This work → Simplification of 01X-counterexamples by 01X-Lifting → Automated Blackbox Synthesis by 01X-Lifting
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Formal Verification of Circuits
→ Correctness of implementation wrt. its specification → Combinational Equivalence Checking:
“Golden” reference circuit vs. implementation
→ Model Checking
Model Checking: Does circuit fulfill (temporal) properties? Bounded Model Checking (BMC) to falsify properties
Blackbox Designs
→ partial circuit implementations, e.g., in early design phase → BMC of blackbox designs feasible by using 01X-logic and/or QBF (MTV’05, MTV’06, EuroCAST’07)
Lifting
→ Simplification of counterexamples obtained from BMC
This work → Simplification of 01X-counterexamples by 01X-Lifting → Automated Blackbox Synthesis by 01X-Lifting
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Bounded Model Checking (BMC) of sequential systems
BMC(k) = I(s0) ·
(k−1)
T(si, xi, s(i+1)) · P(sk)
whereby: I(s0): initial states predicate T(si, xi, s(i+1)): transition relation P(sk): predicate for property (AG p) Application of BMC Check finite unfoldings of depth k, start with k = 0 Convert BMC(k) into SAT-formula → apply SAT-solver Stop if counterexample is found, otherwise increment k
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
q0 q1 p
box Black− Y
q′
0 = q0 + y + Z
q′
1 = q0 + q1
p = q0 ⊕ q1 Property: AG(¬p)
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
q0 q1 p
box Black−
Y
step y q0 q1 p — 1
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
q0 q1 p
box Black−
Y
step y q0 q1 p — 1 1 1 1 1
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
q0 q1 p
box Black−
Y
step y q0 q1 p — 1 1 1 1 1 2 1 1 1
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
1
01X-BB-BMC: BMC of Blackbox Designs using 01X-Logic
2
Blackbox outputs are unknown
⇒ use logical value X, i.e., X = unknown whether 0 or 1 ⇒ use additional variable Z, and assign Z = X
3
01X-Logic
NOT01X(a) a 1 1 X X AND01X(a, b) a b 1 X 1 1 X X X X
4
Deciding satisfiability for 01X-BB-BMC → Apply two-valued encoding and solve purely propositional SAT problem (see Herbstritt et al. MTV’07, MTV’06, EuroCAST’07)
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Two-valued encoding for 01X-Logic (see Jain et al. VTS’00) Mapping of 01X-values to tuples of propositional values
01X-value z encoding (z0, z1) (1,0) 1 (0,1) X (0,0)
Synthesis transformation using propositional operations
NOT01X(a) = [a1, a0] AND01X(a, b) = [a0 + b0, a1 · b1] OR01X(a, b) = [a0 · b0, a1 + b1]
Transformation preserves uniform encoding of value X
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Lifting: Simplification of BMC-counterexamples (see Ravi/Somenzi TACAS’04) Brute-Force-Lifting for Complete Designs:
1: procedure BRUTEFORCELIFTING(ˆ
F, o, A)
2:
F′′ ← substitute o with o in ˆ F
3:
for each(literal l ∈ A)
4:
F′ ← F′′ ∧ (A \ l)
5:
if (SATSOLVE( F′ ) = SATISFIABLE) then
6:
A ← A \ l
7:
end if
8:
end for
9:
return A
10: end procedure
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Example Formula: (a + b) · (a + c + d) · (a + b + c) Solution: {a, b, c, d} Lifting with different order Order a < b < c < d : {b, c} is irreducible solution Order b < a < c < d : {a, c, d} is irreducible solution
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Pair Lifting (PL) 01X-variable a is encoded by a tuple (a0, a1). Lift both variables a0 and a1 in parallel. a not lifted → remains as fully specified 01X-value. Pair-Split Lifting (PSL) In contrast to PL: lifting only a0 or a1 is allowed. Bisection of 01X-value a → a can be 0 or X, but definitely not 1. Single-Encoding-Variable Lifting (SEVL) If only one of the two variables a0 or a1 are assigned, lift these variables first. May be used as preprocessing.
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Pair Lifting (PL) 01X-variable a is encoded by a tuple (a0, a1). Lift both variables a0 and a1 in parallel. a not lifted → remains as fully specified 01X-value. Pair-Split Lifting (PSL) In contrast to PL: lifting only a0 or a1 is allowed. Bisection of 01X-value a → a can be 0 or X, but definitely not 1. Single-Encoding-Variable Lifting (SEVL) If only one of the two variables a0 or a1 are assigned, lift these variables first. May be used as preprocessing.
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Pair Lifting (PL) 01X-variable a is encoded by a tuple (a0, a1). Lift both variables a0 and a1 in parallel. a not lifted → remains as fully specified 01X-value. Pair-Split Lifting (PSL) In contrast to PL: lifting only a0 or a1 is allowed. Bisection of 01X-value a → a can be 0 or X, but definitely not 1. Single-Encoding-Variable Lifting (SEVL) If only one of the two variables a0 or a1 are assigned, lift these variables first. May be used as preprocessing.
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
VLIW ALU: 4 functional units FU0, FU1, FU2, FU3. Parameterizable in word-width (2,4,16,...) Error in FU3: OR instead of XOR. Blackboxes: FU0 and FU1 are blackbox’ed.
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
width # var. # ass. PL PSL SEVL 2 756 686 616 650 6 4 1124 1054 984 1018 6 16 3332 3262 3190 3226 6 24 4804 4734 4662 4698 6 32 6276 6206 6134 6170 6 40 7748 7678 7606 7742 6 48 9220 9150 9078 9114 6 # var.: number of variables # ass.: number of assigned variables in SAT-solution PL/PLS/SEVL: number of liftable variables
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
x1 x2x3 x4 f S x1 x2x3 x4 i1 f BB i2
Now: Combinational Equivalence Checking of Blackbox Designs Input-Exact-Check proves realizability of f BB (see Scholl/Becker DAC’01)
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
∀i1 ∀i2 ∃oBB : cond′ = ∀i1 ∀i2 ∃oBB : ∀x1, . . . , x4 :
. . . = ∀i1 ∀i2 ∃oBB : ∀x1, . . . , x4 :
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 f S x3 1 1 1 1 1 1 1 1 x3 x3 x3 x4 x4 x4 x4 x1 x1 x1 x1 x2 x2 x2 x2 x2 x2 x2 x2 1 1 1 1 1 1 1 1 1 1 1 1 1 1 i1 i2 i2 1 1
f BB
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
x1 x2 x3 x4 f S f BB (01X) X 1 X 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X 1 1 1 1 X 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Problem: Identification of Blackbox function QBF-solver proves existence of blackbox function
extracted automatically. Solution
1
Use 01X-logic to identify cubes that depend on blackbox
2
Use 01X-lifting to constrain blackbox outputs from X to 0
3
Use 01X-lifting to simplify cubes → covering similar cubes
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Problem: Identification of Blackbox function QBF-solver proves existence of blackbox function
extracted automatically. Solution
1
Use 01X-logic to identify cubes that depend on blackbox
2
Use 01X-lifting to constrain blackbox outputs from X to 0
3
Use 01X-lifting to simplify cubes → covering similar cubes
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
x1 x2 x3 x4 f S f BB (01X) X 1 X 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X 1 1 1 1 X 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
x1 x2 x3 x4 f S f BB (01X) X 1 (X → 0 due to 01X-Lifting) 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X 1 1 1 1 X 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
x1 x2 x3 x4 f S f BB (01X) X {1, X} (1 → {1, X} due to 01X-Lifting) 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X 1 1 1 1 X 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
x1 x2 x3 x4 f S f BB (01X) (X → 0 due to f BB(0, 0, 0, X) = 0) {1, X} 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X 1 1 1 1 X 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
x1 x2 x3 x4 f S f BB (01X) {1, X} 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 (X → 1 due to 01X-Lifting) 1 1 1 1 X 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
x1 x2 x3 x4 f S f BB (01X) {1, X} 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 {0, X} 1 1 (0 → 0, X due to 01X-Lifting) 1 1 1 1 X 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
x1 x2 x3 x4 f S f BB (01X) {1, X} 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 {0, X} 1 1 1 1 1 1 1 (X → 1 due to f BB(0, 1, 1, X) = 1) 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
1
Find x? = (x1, x2, x3, x4) for which f BB(x?) = X01X.
2
Weaken the satisfiability constraint to allow f M(x?) ∈ {001X, X01X}.
3
Find c for oBB such that f M
|oBB←c(x?) = 0, i.e., substitution of
c for oBB makes f BB equal to f S for x?.
4
Try to lift variables from x? such that some xi can have value X01X. Let’s denote by x?,ext such a lifted assignment. For this assignment it also holds that f M
|oBB←c(x?,ext) = 0,
meaning that f BB is equal to f S when using value c for oBB. Iterate this step.
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Conclusions Adapation of Lifting to BMC of Blackbox Designs Experimental Results for VLIW ALU Automated Blackbox Synthesis using 01X-Lifting Future Work Implementation of automated blackbox synthesis scheme. Automated synthesis for sequential circuits.
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Conclusions Adapation of Lifting to BMC of Blackbox Designs Experimental Results for VLIW ALU Automated Blackbox Synthesis using 01X-Lifting Future Work Implementation of automated blackbox synthesis scheme. Automated synthesis for sequential circuits.
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions
Acknowledgements Tobias Nopper and Christoph Scholl for helpful discussions. References Jain et al., “Testing, Verification, and Diagnosis in the Presence of Unknowns”, VTS’00 Ravi, Somenzi, “Minimal Assignments for Bounded Model Checking”, TACAS’04 Scholl, Becker, “Checking Equivalence for Partial Implementations”, DAC’01 Herbstritt, Becker, “On SAT-based Bounded Invariant Checking of Blackbox Designs”, MTV’05 Herbstritt, Becker, Scholl “Advanced SAT-Techniques for Bounded Model Checking of Blackbox Designs”, MTV’06 Herbstritt, Becker, “On Combining 01X-Logic and QBF”, EuroCAST’07