[PPT] - Better Generalization in IC3 Zyad Hassan Aaron R. Bradley Fabio PowerPoint Presentation

SLIDE 1

Problem Solution Results Analysis Conclusions

Better Generalization in IC3

Zyad Hassan Aaron R. Bradley Fabio Somenzi

Department of Electrical, Computer, and Energy Engineering University of Colorado at Boulder

Oct 23, 2013

Hassan, Bradley, Somenzi Better Generalization in IC3 1/31

SLIDE 2

Problem Solution Results Analysis Conclusions

Outline

1

Problem

2

Solution

3

Results

4

Analysis

5

Conclusions

Hassan, Bradley, Somenzi Better Generalization in IC3 2/31

SLIDE 3

Problem Solution Results Analysis Conclusions

Outline

1

Problem

2

Solution

3

Results

4

Analysis

5

Conclusions

Hassan, Bradley, Somenzi Better Generalization in IC3 3/31

SLIDE 4

Problem Solution Results Analysis Conclusions

IC3 [Bradley 2010,2011]

Model checking algorithm for invariance properties Attempts to construct an inductive strengthening of the property Construction is incremental: derives many simple lemmas Lemmas generation either:

Results in an inductive strengthening Guides the search to a counterexample trace

SAT-based: performs many relatively easy SAT queries

Hassan, Bradley, Somenzi Better Generalization in IC3 4/31

SLIDE 5

Problem Solution Results Analysis Conclusions

Generalization

Key component of IC3 Lifts IC3 from explicit to symbolic More successful generalization ⇔ Fewer individual states examined What does IC3 generalize?

Hassan, Bradley, Somenzi Better Generalization in IC3 5/31

SLIDE 6

Problem Solution Results Analysis Conclusions

Generalization

Key component of IC3 Lifts IC3 from explicit to symbolic More successful generalization ⇔ Fewer individual states examined What does IC3 generalize?

Hassan, Bradley, Somenzi Better Generalization in IC3 5/31

SLIDE 7

Problem Solution Results Analysis Conclusions

Overview of IC3

Prove the property by induction:

All initial states satisfy the property All successors of good states are good

Hassan, Bradley, Somenzi Better Generalization in IC3 6/31

SLIDE 8

Problem Solution Results Analysis Conclusions

Overview of IC3

Prove the property by induction:

All initial states satisfy the property All successors of good states are good

Hassan, Bradley, Somenzi Better Generalization in IC3 6/31

SLIDE 9

Problem Solution Results Analysis Conclusions

Counterexamples to Induction (CTIs): The Troublemakers

00 01 11 10

Hassan, Bradley, Somenzi Better Generalization in IC3 7/31

SLIDE 10

Problem Solution Results Analysis Conclusions

Counterexamples to Induction (CTIs): The Troublemakers

CTI 00 01 11 10

Hassan, Bradley, Somenzi Better Generalization in IC3 7/31

SLIDE 11

Problem Solution Results Analysis Conclusions Hassan, Bradley, Somenzi Better Generalization in IC3 8/31

SLIDE 12

Problem Solution Results Analysis Conclusions Hassan, Bradley, Somenzi Better Generalization in IC3 8/31

SLIDE 13

Problem Solution Results Analysis Conclusions Hassan, Bradley, Somenzi Better Generalization in IC3 8/31

SLIDE 14

Problem Solution Results Analysis Conclusions Hassan, Bradley, Somenzi Better Generalization in IC3 8/31

SLIDE 15

Problem Solution Results Analysis Conclusions

What does IC3 generalize?

A state is unreachable within k steps to A set of states is unreachable within k steps

Hassan, Bradley, Somenzi Better Generalization in IC3 9/31

SLIDE 16

Problem Solution Results Analysis Conclusions

How does generalization work?

For each state-bit: Drop bit Find the smallest superset of states that have no predecessors

utside of it (if exists)

Hassan, Bradley, Somenzi Better Generalization in IC3 10/31

SLIDE 17

Problem Solution Results Analysis Conclusions

Successful Generalization

CTI

111 110 101 100 011

Hassan, Bradley, Somenzi Better Generalization in IC3 11/31

SLIDE 18

Problem Solution Results Analysis Conclusions

Successful Generalization

CTI

111 110 101 100 011

Hassan, Bradley, Somenzi Better Generalization in IC3 11/31

SLIDE 19

Problem Solution Results Analysis Conclusions

Successful Generalization

CTI 11−

111 110 101 100 011

Hassan, Bradley, Somenzi Better Generalization in IC3 11/31

SLIDE 20

Problem Solution Results Analysis Conclusions

Successful Generalization

CTI 11−

111 110 101 100 011

Hassan, Bradley, Somenzi Better Generalization in IC3 11/31

SLIDE 21

Problem Solution Results Analysis Conclusions

Successful Generalization

CTI 1 − −

111 110 101 100 011

Hassan, Bradley, Somenzi Better Generalization in IC3 11/31

SLIDE 22

Problem Solution Results Analysis Conclusions

Failed Generalization

000 011 101 111 110 001 100 CTI 010

Hassan, Bradley, Somenzi Better Generalization in IC3 12/31

SLIDE 23

Problem Solution Results Analysis Conclusions

Failed Generalization

000 011 101 111 110 001 100 CTI 010

Hassan, Bradley, Somenzi Better Generalization in IC3 12/31

SLIDE 24

Problem Solution Results Analysis Conclusions

Failed Generalization 10−

000 011 101 111 110 001 100 CTI 010

Hassan, Bradley, Somenzi Better Generalization in IC3 12/31

SLIDE 25

Problem Solution Results Analysis Conclusions

Failed Generalization 10−

000 011 101 111 110 001 100 CTI 010

Hassan, Bradley, Somenzi Better Generalization in IC3 12/31

SLIDE 26

Problem Solution Results Analysis Conclusions

Failed Generalization − − −

000 011 101 111 110 001 100 CTI 010

Hassan, Bradley, Somenzi Better Generalization in IC3 12/31

SLIDE 27

Problem Solution Results Analysis Conclusions

Ineffective Generalization

Bad State

Hassan, Bradley, Somenzi Better Generalization in IC3 13/31

SLIDE 28

Problem Solution Results Analysis Conclusions

Outline

1

Problem

2

Solution

3

Results

4

Analysis

5

Conclusions

Hassan, Bradley, Somenzi Better Generalization in IC3 14/31

SLIDE 29

Problem Solution Results Analysis Conclusions

Counterexamples to Generalization (CTGs)

CTG

10−

000 011 101 111 110 001 100 CTI 010

Hassan, Bradley, Somenzi Better Generalization in IC3 15/31

SLIDE 30

Problem Solution Results Analysis Conclusions

Counterexamples to Generalization (CTGs) 10−

CTG 000 101 111 110 001 100 CTI 010 011 011

Hassan, Bradley, Somenzi Better Generalization in IC3 15/31

SLIDE 31

Problem Solution Results Analysis Conclusions

Counterexamples to Generalization (CTGs) 1 − −

CTG 000 101 111 110 001 100 CTI 010 011 011

Hassan, Bradley, Somenzi Better Generalization in IC3 15/31

SLIDE 32

Problem Solution Results Analysis Conclusions

Counterexamples to Generalization (CTG)

State preventing some generalization (dropping a specific state-bit) Unlike CTIs, not necessarily backward reachable Blocking CTGs:

Backward reachable: if deep, saves IC3 explicit traversal Neither forward nor backward: never addressed by IC3 but could continue to obstruct generalization

Hassan, Bradley, Somenzi Better Generalization in IC3 16/31

SLIDE 33

Problem Solution Results Analysis Conclusions

ctgDown

Instead of joining CTG with cube, turn attention to CTG Like CTIs, prove unreachable within k steps If successful: generalize CTG, re-attempt CTI generalization If failed: join

Hassan, Bradley, Somenzi Better Generalization in IC3 17/31

SLIDE 34

Problem Solution Results Analysis Conclusions

ctgDown

Instead of joining CTG with cube, turn attention to CTG if limit is not exceeded Like CTIs, prove unreachable within k steps If successful: generalize CTG, re-attempt CTI generalization If failed: or exceeded maxCTGs limit, join, reset maxCTGs limit

Hassan, Bradley, Somenzi Better Generalization in IC3 18/31

SLIDE 35

Problem Solution Results Analysis Conclusions

Resetting Limit After Joins

Hassan, Bradley, Somenzi Better Generalization in IC3 19/31

SLIDE 36

Problem Solution Results Analysis Conclusions

Resetting Limit After Joins

Hassan, Bradley, Somenzi Better Generalization in IC3 19/31

SLIDE 37

Problem Solution Results Analysis Conclusions

Resetting Limit After Joins

Hassan, Bradley, Somenzi Better Generalization in IC3 19/31

SLIDE 38

Problem Solution Results Analysis Conclusions

Resetting Limit After Joins

Hassan, Bradley, Somenzi Better Generalization in IC3 19/31

SLIDE 39

Problem Solution Results Analysis Conclusions

Resetting Limit After Joins

Hassan, Bradley, Somenzi Better Generalization in IC3 19/31

SLIDE 40

Problem Solution Results Analysis Conclusions

Resetting Limit After Joins

Hassan, Bradley, Somenzi Better Generalization in IC3 19/31

SLIDE 41

Problem Solution Results Analysis Conclusions

Resetting Limit After Joins

Hassan, Bradley, Somenzi Better Generalization in IC3 19/31

SLIDE 42

Problem Solution Results Analysis Conclusions

Resetting Limit After Joins

Hassan, Bradley, Somenzi Better Generalization in IC3 19/31

SLIDE 43

Problem Solution Results Analysis Conclusions

Outline

1

Problem

2

Solution

3

Results

4

Analysis

5

Conclusions

Hassan, Bradley, Somenzi Better Generalization in IC3 20/31

SLIDE 44

Problem Solution Results Analysis Conclusions

Experimental Setup

HWMCC’10+11+12 (beemb substituted by beemf) 900s timeout IImc and ABC Light-weight preprocessing 5 random seeds

Hassan, Bradley, Somenzi Better Generalization in IC3 21/31

SLIDE 45

Problem Solution Results Analysis Conclusions

IImc

Standard With ctgDown Family Size Solved Time (s) Solved Gain Time (s) 139 99 99 2524 99 1230 6s 120 19 93466 21 2 94211 beem 86 48 38149 50 2 39594 bob 149 122 25804 120 (2) 28679 intel 60 23 35004 30 7 31153 pdt 350 331 19291 336 5 15469

ther

280 271 11947 274 3 11463 Total 1144 913 226790 930 17 222460

Hassan, Bradley, Somenzi Better Generalization in IC3 22/31

SLIDE 46

Problem Solution Results Analysis Conclusions

ABC

Standard With ctgDown Family Size Solved Time (s) Solved Gain Time (s) 139 99 99 701 99 754 6s 120 23 88401 30 7 82941 beem 86 51 34098 56 5 31191 bob 149 123 24292 124 1 24083 intel 60 23 35665 26 3 34249 pdt 350 329 22162 333 4 18120

ther

280 270 12591 274 4 10359 Total 1144 916 218906 943 27 201417

Hassan, Bradley, Somenzi Better Generalization in IC3 23/31

SLIDE 47

Problem Solution Results Analysis Conclusions

Outline

1

Problem

2

Solution

3

Results

4

Analysis

5

Conclusions

Hassan, Bradley, Somenzi Better Generalization in IC3 24/31

SLIDE 48

Problem Solution Results Analysis Conclusions

Purpose

Confirm reduction in length of explicit backward search Understand effect on various IC3 metrics

Hassan, Bradley, Somenzi Better Generalization in IC3 25/31

SLIDE 49

Problem Solution Results Analysis Conclusions

Depth of CTGs vs. CTIs

0.1 1 10 100 1000 10000 100000 0.1 1 10 100 1000 10000 100000 Average CTI Depth Average CTG Depth Worse Performance Better Performance

Hassan, Bradley, Somenzi Better Generalization in IC3 26/31

SLIDE 50

Problem Solution Results Analysis Conclusions

Effect on Maximum Depth of Priority Queue

1 10 100 1000 10000 1 10 100 1000 10000 IImc with ctgDown IImc Worse Performance Better Performance

Hassan, Bradley, Somenzi Better Generalization in IC3 27/31

SLIDE 51

Problem Solution Results Analysis Conclusions

Effect on Average Clause Size

1 10 1 10 IImc with ctgDown IImc Worse Performance Better Performance

Hassan, Bradley, Somenzi Better Generalization in IC3 28/31

SLIDE 52

Problem Solution Results Analysis Conclusions

Outline

1

Problem

2

Solution

3

Results

4

Analysis

5

Conclusions

Hassan, Bradley, Somenzi Better Generalization in IC3 29/31

SLIDE 53

Problem Solution Results Analysis Conclusions

Conclusions

Useful to divert IC3’s attention to address reason for failure of generalization Not too aggressive handling of CTGs so as not to lose property focus Decreases depth of explicit search

Hassan, Bradley, Somenzi Better Generalization in IC3 30/31

SLIDE 54

Problem Solution Results Analysis Conclusions

The End

Thank you.

Hassan, Bradley, Somenzi Better Generalization in IC3 31/31