[PPT] - Boolean Abstraction for Temporal Logic Satisfiability A. Cimatti 1 , PowerPoint Presentation

SLIDE 1

Boolean Abstraction for Temporal Logic Satisfiability

A. Cimatti1, M. Roveri1, V. Schuppan1, S. Tonetta2

1FBK-irst, Trento, Italy 2University of Lugano, Faculty of Informatics, Lugano, Switzerland

CAV’07, July 3–7, 2007, Berlin, Germany

SLIDE 2

Motivation

2

⇒ Property-based system design (PROSYD): work at the level of requirements. ⇒ In model checking, focus is on dealing with complexity in the model. ⇒ Satisfiability of large temporal formulas can be hard. (e.g., [Rozier, Vardi (SPIN’07)])

c 2007 V. Schuppan

SLIDE 3

Boolean Abstraction

4

(well-known in SMT community)

∧ ∨ ¬ ⇔ ⇒ ∨

F G

∧

U

⇒ ∧

X

∨

G X

¬

temporal formula

∧ ∨ ¬ ⇔ ⇒ ∨

U

⇒ ∧

combination Boolean temporal formula

c 2007 V. Schuppan

SLIDE 5

Boolean Abstraction

5

(well-known in SMT community)

A1 A2 A3 A4

∧ ∨ ¬ ⇔ ⇒ ∨ ∧ ∨ ¬ ⇔ ⇒ ∨

F G

∧

U

⇒ ∧

X

∨

G X

¬

temporal formula

∧ ∨ ¬ ⇔ ⇒ ∨

A2

U

⇒ ∧

combination Boolean fresh proposition temporal formula Boolean formula abstract

c 2007 V. Schuppan

SLIDE 6

Boolean Abstraction

6

(well-known in SMT community)

A1 A2 A3 A4

∧ ∨ ¬ ⇔ ⇒ ∨ ∧ ∨ ¬ ⇔ ⇒ ∨

F G

∧

U

⇒ ∧

X

∨

G X

¬

temporal formula

∧ ∨ ¬ ⇔ ⇒ ∨

A2

U

⇒ ∧

combination Boolean fresh proposition temporal formula Boolean formula abstract false? = yes unsatisfiable

c 2007 V. Schuppan

SLIDE 7

Boolean Abstraction

7

(well-known in SMT community)

A1 A2 A3 A4

∧ ∨ ¬ ⇔ ⇒ ∨ ∧ ∨ ¬ ⇔ ⇒ ∨

F G

∧

U

⇒ ∧

X

∨

G X

¬

temporal formula

∧ ∨ ¬ ⇔ ⇒ ∨

A2

U

⇒ ∧

combination Boolean fresh proposition temporal formula A1 A3 ¬A 4 Boolean formula abstract false? = no yes unsatisfiable extract prime implicant prime implicant Boolean

c 2007 V. Schuppan

SLIDE 8

Boolean Abstraction

8

(well-known in SMT community)

A1 A2 A3 A4

∧ ∨ ¬ ⇔ ⇒ ∨ ∧ ∨ ¬ ⇔ ⇒ ∨

F G

∧

U

⇒ ∧

X

∨

G X

¬

temporal formula

∧ ∨ ¬ ⇔ ⇒ ∨

A2

U

⇒ ∧

combination Boolean fresh proposition temporal formula A1 A3

F G

∧

U

⇒ ∧

X

∨

G

¬A 4 Boolean formula abstract false? = no yes unsatisfiable extract prime implicant prime implicant Boolean concretize temporal prime implicant ¬

c 2007 V. Schuppan

SLIDE 9

Boolean Abstraction

9

(well-known in SMT community)

A1 A2 A3 A4

∧ ∨ ¬ ⇔ ⇒ ∨ ∧ ∨ ¬ ⇔ ⇒ ∨

F G

∧

U

⇒ ∧

X

∨

G X

¬

temporal formula

∧ ∨ ¬ ⇔ ⇒ ∨

A2

U

⇒ ∧

combination Boolean fresh proposition temporal formula A1 A3

F G

∧

U

⇒ ∧

X

∨

G

¬A 4 Boolean formula abstract false? = no yes unsatisfiable extract prime implicant check satisfiability prime implicant Boolean concretize temporal prime implicant ¬

c 2007 V. Schuppan

SLIDE 10

Boolean Abstraction

10

(well-known in SMT community)

A1 A2 A3 A4

∧ ∨ ¬ ⇔ ⇒ ∨ ∧ ∨ ¬ ⇔ ⇒ ∨

F G

∧

U

⇒ ∧

X

∨

G X

¬

temporal formula

∧ ∨ ¬ ⇔ ⇒ ∨

A2

U

⇒ ∧

combination Boolean fresh proposition temporal formula A1 A3

F G

∧

U

⇒ ∧

X

∨

G

¬A 4 SAT? yes satisfiable Boolean formula abstract false? = no yes unsatisfiable extract prime implicant check satisfiability prime implicant Boolean concretize temporal prime implicant ¬

c 2007 V. Schuppan

SLIDE 11

Boolean Abstraction

11

(well-known in SMT community)

A1 A2 A3 A4

∧ ∨ ¬ ⇔ ⇒ ∨ ∧ ∨ ¬ ⇔ ⇒ ∨

F G

∧

U

⇒ ∧

X

∨

G X

¬

temporal formula

∧ ∨ ¬ ⇔ ⇒ ∨

A2

U

⇒ ∧

combination Boolean fresh proposition temporal formula A1 A3

F G

∧

U

⇒ ∧

X

∨

G

¬A 4 prime implicant remove SAT? no yes satisfiable Boolean formula abstract false? = no yes unsatisfiable extract prime implicant check satisfiability prime implicant Boolean concretize temporal prime implicant ¬

c 2007 V. Schuppan

SLIDE 12

Pure Literal Simplification — Propositional Logic

13

[Davis, Putnam (1960); Dunham, Fridshal, Sward (1959)]

Assume a propositional formula φ in CNF: (l1,1 ∨...∨l1,n1 ∨ p)∧...∧(lk,1 ∨...∨lk,nk ∨ p)

φ1 : p occurs only positively

∧ φ2

no occurrence of p

Then: φ is satisfiable iff p∧φ is satisfiable. (And similarly if p occurs only negatively in φ1.)

c 2007 V. Schuppan

SLIDE 14

Pure Literal Simplification — PSL

14

Extend notion of pure literal to PSL (see paper). Let φ be a PSL formula such that p is pure positive in φ. Then: φ is satisfiable iff (Gp)∧φ is satisfiable. (And similarly if p is pure negative in φ.) (Modal logic K : [Pan, Sattler, Vardi (J. Applied Non-Classical Logics 2006)])

c 2007 V. Schuppan

SLIDE 15

Boolean Abstraction and Pure Literal Simplification

15

∧ ∨ ¬ ⇔ ⇒ ∨ ∧ ∨ ¬ ⇔ ⇒ ∨

F G

∧

F G

∧

U

⇒ ∧

U

⇒ ∧

X

∨

G X

∨

G

A1 A1 A2 A3 A3 A4 ¬A 4 ¬

¬

X

temporal formula Boolean formula Boolean prime implicant temporal prime implicant abstract yes unsatisfiable false? no = extract prime implicant concretize check satisfiability satisfiable yes SAT? no remove prime implicant

(Pure literal) Simplification

c 2007 V. Schuppan

SLIDE 16

Unsatisfiable Cores

17

Assume φ ≡ (Gp) ∧ (F¬p) ∧ ((Xp) ∨ (XXp)) Prime implicants: (Gp) ∧ (F¬p) ∧ (Xp) (Gp) ∧ (F¬p) ∧ (XXp) They share unsatisfiable part ⇒ no need to check both! Given {φi | i ∈ I} with V

i∈I φi unsatisfiable,

any {φj | j ∈ J ⊆ I} with V

j∈J φj unsatisfiable is an unsatisfiable core.

c 2007 V. Schuppan

SLIDE 18

Boolean Abstraction and Unsat Core Extraction

18

∧ ∨ ¬ ⇔ ⇒ ∨ ∧ ∨ ¬ ⇔ ⇒ ∨

F G

∧

F G

∧

U

⇒ ∧

U

⇒ ∧

X

∨

G X

∨

G

A1 A1 A2 A3 A3 A4 ¬A 4 ¬

¬

X

temporal formula Boolean formula Boolean prime implicant temporal prime implicant abstract yes unsatisfiable false? no = extract prime implicant concretize check satisfiability satisfiable yes SAT? no remove prime implicant

Extract/remove unsat core(s)

c 2007 V. Schuppan

SLIDE 19

Activation Variables

19

Propositional case: [Lynce, Marques-Silva (SAT’04)]

1. Assume prime implicant V

i∈I φi.

2. Introduce one fresh, Boolean activation variable Ai per φi.
3. Build B¨

uchi automaton B for

^

i∈I

(Ai → φi) Let J ⊆ I. B has fair path from some initial state with {Aj | j ∈ J} true iff

V

j∈J φ j is satisfiable.

Independent of how B¨ uchi automaton is constructed!

c 2007 V. Schuppan

SLIDE 20

Extracting Unsatisfiable Cores with BDD-based Solvers

20

Let B be a B¨ uchi automaton for V

i∈I(Ai → φi).

1. Let S be the set of states in B that are the start of a fair path

(e.g., Emerson-Lei).

2. Restrict S to initial states in B.
3. Project S onto {Ai | i ∈ I}.
4. Complement S.

Now S contains the set of unsatisfiable cores of V

i∈I φi.

(We obtain all unsatisfiable cores.)

c 2007 V. Schuppan

SLIDE 21

Extracting Unsatisfiable Cores with SAT-based Solvers

21

Let B be a B¨ uchi automaton for V

i∈I(Ai → φi).

1. Let k ← 0.
2. Encode feasibility of loop-free path of length k in B.
3. Check satisfiability assuming {Ai | i ∈ I} is true at time 0.
4. If unsat, obtain conflict in terms of assumptions {Aj | j ∈ J ⊆ I}

at time 0.

5. Otherwise, increase k and repeat.

Now {φj | j ∈ J} contains an unsatisfiable core of V

i∈I φi.

(We obtain one unsatisfiable core.)

c 2007 V. Schuppan

SLIDE 22

Experiments

23

Benchmarks on PSL satisfiability (Used in [Cimatti, Roveri, Semprini, Tonetta (FMCAD’06); Cimatti, Roveri, Tonetta (TACAS’07)])

1. Fill typical patterns extracted from industrial specifications [Ben-David,

Orni (2005)] with random regular expressions.

2. Generate benchmarks by aggregating patterns from step 1 into the fol-

lowing shapes: – large conjunction, – (large conjunction) implies (large conjunction), – (large conjunction) iff (large conjunction), – random Boolean combination. We’d love to have challenging realistic benchmarks from industry.

c 2007 V. Schuppan

SLIDE 24

Experiments

24

Implementation – Basis: NuSMV – Translation from PSL to automata: [Cimatti, Roveri, Tonetta (TACAS’07)] – BDD-based solver: backward Emerson-Lei, dynamic reordering baseline for BDD-based approaches – SAT-based solver: incremental and complete SBMC with MiniSat [Heljanko, Junttila, Latvala (CAV’05)] baseline for SAT-based approaches Resources – Time out: 120 seconds – Memory out: 768 MB Download http://sra.itc.it/people/roveri/cav07-bapsl/

c 2007 V. Schuppan

SLIDE 25

Results

25

Boolean abstraction vs. not

SAT BDD

to 100 10 1 0.1 to 100 10 1 0.1

Baseline [seconds] Boolean abstraction [seconds]

to 100 10 1 0.1 to 100 10 1 0.1

Baseline [seconds] Boolean abstraction [seconds]

unsat sat

c 2007 V. Schuppan

SLIDE 26

Results

26

Pure literal simplification vs. not (without Boolean abstraction)

SAT BDD

to 100 10 1 0.1 to 100 10 1 0.1

Baseline [sec] Baseline, pure lit. [sec]

to 100 10 1 0.1 to 100 10 1 0.1

Baseline [sec] Baseline, pure lit. [sec]

unsat sat

c 2007 V. Schuppan

SLIDE 27

Results

27

Pure literal rule vs. not (with Boolean abstraction)

SAT BDD

to 100 10 1 0.1 to 100 10 1 0.1

Bool. abs. [sec]
Bool. abs., pure lit. [sec]

to 100 10 1 0.1 to 100 10 1 0.1

Bool. abs. [sec]
Bool. abs., pure lit. [sec]

unsat sat

c 2007 V. Schuppan

SLIDE 28

Results

28

Unsat core extraction vs. not

SAT BDD run time

to 100 10 1 0.1 to 100 10 1 0.1

Bool. abs. [sec]
Bool. abs., core extr. [sec]

to 100 10 1 0.1 to 100 10 1 0.1

Bool. abs. [sec]
Bool. abs., core extr. [sec]

search space

1000 100 10 1 1000 100 10 1

Bool. abs. [# prime impl.]
Bool. abs., core extr. [# prime impl.]

1000 100 10 1 1000 100 10 1

Bool. abs. [# prime impl.]
Bool. abs., core extr. [# prime impl.]

c 2007 V. Schuppan

SLIDE 29

The End

29

Introduce Boolean abstraction for PSL. ⇒ Very helpful with BDD-based, unclear with SAT-based solvers. ⇒ SAT- and BDD-based approaches complementary. Extend pure literal simplification to PSL. ⇒ Very helpful, more so when applied to prime implicants. Extract unsatisfiable cores from solvers. ⇒ Reduces search space, though at the cost of run time. Much room for improvement: – Optimize extraction of unsatisfiable cores. – Reuse partial results between prime implicants. – Improve prioritization of prime implicants. – ... (and some more) ...

Thanks!

c 2007 V. Schuppan

SLIDE 30

Backup-Slides

30

K e e p

u

t ! B a c k u p s l i d e s

c 2007 V. Schuppan

SLIDE 31

Pure Literal Simplification — PSL

31

1. p(¬p) is a positive (negative) occurrence of p.
2. A positive occurrence of p in φ,r is a positive (negative) occurrence of

p in Xφ φ∨ψ ψ∨φ φ∧ψ ψ∧φ φ U ψ ψ U φ φ R ψ ψ R φ r ✸ → ψ s ✸ → φ r | → ψ s | → φ (and analogously for a negative occurrence of p). p is pure positive (negative) in φ iff all occurrences of p in φ are positive (negative).

c 2007 V. Schuppan

SLIDE 32

Complete Simple Bounded Model Checking

32

[Heljanko, Junttila, Latvala (CAV’05)]

1 k ← 0; 2 while true do 3 check for contradiction at length k; 4 if contradiction then return no fair path exists fi 5 check for non-redundant path of length k; 6 if no non-redundant path then return no fair path exists fi 7 check for fair lasso-shaped path of length k; 8 if fair lasso-shaped path then return fair path exists fi 9 k++; 10

d

Note: all constraints added in lines 3, 5 for k are present at lines 3, 5, 7 for k′ > k.

c 2007 V. Schuppan

SLIDE 33

Extracting Unsatisfiable Cores with SAT-based Solvers

33

literals assumed CNF "UNSAT" + conflict "SAT" + assignment SAT solver

c 2007 V. Schuppan

SLIDE 34

Extracting Unsatisfiable Cores with SAT-based Solvers

34

literals assumed CNF "UNSAT" + conflict "SAT" + assignment

∧

j φ j such that is unsat

∧

i Ai → φi SAT solver {A } at time step 0 j at time step 0 i {A } no contradiction up to time step k

(We obtain one unsatisfiable core.)

c 2007 V. Schuppan

SLIDE 35

Results

35

Pure literal simplification at top + prime implicant levels vs.

nly at top

SAT BDD

to 100 10 1 0.1 to 100 10 1 0.1

top [seconds] top + prime implicant [seconds]

to 100 10 1 0.1 to 100 10 1 0.1

top [seconds] top + prime implicant [seconds]

unsat sat

c 2007 V. Schuppan

SLIDE 36

Results

36

SAT vs. BDD

without Boolean abstraction with Boolean abstraction

to 100 10 1 0.1 to 100 10 1 0.1

BDD (pure lit.) [seconds] SAT (pure lit.) [seconds]

to 100 10 1 0.1 to 100 10 1 0.1

BDD (BA, pure lit.) [sec.] SAT (BA, pure lit.) [seconds]

unsat sat

c 2007 V. Schuppan

Boolean Abstraction for Temporal Logic Satisfiability

CAV’07, July 3–7, 2007, Berlin, Germany

Motivation

⇒ Property-based system design (PROSYD): work at the level of requirements. ⇒ In model checking, focus is on dealing with complexity in the model. ⇒ Satisfiability of large temporal formulas can be hard. (e.g., [Rozier, Vardi (SPIN’07)])

Contents

Boolean Abstraction

Boolean Abstraction

Boolean Abstraction

Boolean Abstraction

Boolean Abstraction

Boolean Abstraction

Boolean Abstraction

Boolean Abstraction

Contents

Pure Literal Simplification — Propositional Logic

Pure Literal Simplification — PSL

Boolean Abstraction and Pure Literal Simplification

Contents

Unsatisfiable Cores

Boolean Abstraction and Unsat Core Extraction

Activation Variables

Extracting Unsatisfiable Cores with BDD-based Solvers

Extracting Unsatisfiable Cores with SAT-based Solvers

Contents

Experiments

Experiments

Results

Boolean abstraction vs. not

Results

Pure literal simplification vs. not (without Boolean abstraction)

Results

Pure literal rule vs. not (with Boolean abstraction)

Results

Unsat core extraction vs. not

The End

Thanks!

Backup-Slides

K e e p

t ! B a c k u p s l i d e s

Pure Literal Simplification — PSL

Complete Simple Bounded Model Checking

Extracting Unsatisfiable Cores with SAT-based Solvers

Extracting Unsatisfiable Cores with SAT-based Solvers

∧

∧

Results

Pure literal simplification at top + prime implicant levels vs.

Results

SAT vs. BDD