Property Directed Reachability with WordLevel Abstraction YenSheng Ho
Property Directed Reachability with Word-Level Abstraction Yen-Sheng Ho, Alan Mishchenko, Robert Brayton
Word-Level Model Checking Given a word-level (WL) circuit M (e. g. , RTL Verilog) and a safety property p, Does p hold for all reachable states in M? FMCAD 2017 PDR-WLA 2
Unbounded Model Checking • FMCAD 2017 PDR-WLA 3
Property Directed Reachability (PDR) • [1] A. Bradley. Sat-based model checking without unrolling. VMCAI 2011 [2] N. Een et al. Efficient implementation of property directed reachability. FMCAD 2011 FMCAD 2017 PDR-WLA 4
Property Directed Reachability (PDR) Initialize PDR trace Open a new frame Recursively block cubes Propagate blocked cubes CEX? Invariant? Yes No No Proved Falsified FMCAD 2017 Yes PDR-WLA 5
PDR Example The state transition graph of an FSM FMCAD 2017 PDR-WLA 6
PDR Example FMCAD 2017 PDR-WLA 7
PDR Example FMCAD 2017 PDR-WLA 8
PDR Example FMCAD 2017 PDR-WLA 9
PDR Example Inductive invariant FMCAD 2017 PDR-WLA 10
Word-Level Localization Abstraction Signals are replaced with pseudo primary inputs (PPIs) PPIs FMCAD 2017 PDR-WLA 11
Spurious Counterexample If a CEX of an abstraction is NOT a CEX of the original, it is a spurious CEX. Abstraction Original 1 0 1 1 0 0 1 0 FMCAD 2017 0 0 0 1 0 0 0 PDR-WLA 0 12
Refinement An abstraction can be refined by un-abstracting PPIs. Abstraction Refinement Un-abstract PPIs {a, b} FMCAD 2017 PDR-WLA 13
Counter. Example-Guided Abstraction and Refinement (CEGAR) Create abstraction Model Checking No CEX? Yes Spurious? No Proved Refinement Yes Falsified E. Clarke et al. Counterexample-guided abstraction refinement. CAV 2000. FMCAD 2017 PDR-WLA 14
Simple integration of PDR and CEGAR Create WL abstraction Bit-blast PDR No CEX? Yes Spurious? No Proved FMCAD 2017 Refinement Falsified PDR-WLA Yes Simple CEGAR (S-CEGAR) 15
PDR with Word-Level Abstraction (PDR-WLA) Create WL abstraction Bit-blast PDR: Open a new frame Load PDR Trace PDR: Recursively block cubes PDR: Propagate blocked cubes No CEX? Yes Save No Spurious? Yes Refine abstraction with PBR and MFFC FMCAD 2017 PDR-WLA Invariant? No Yes Falsified Proved 16
Example of Re-using PDR Trace Original Abstraction Abstract the leftmost bit FMCAD 2017 PDR-WLA 17
Example of Re-using PDR Trace Next iteration FMCAD 2017 PDR-WLA 18
Correctness of Re-using PDR Trace • FMCAD 2017 PDR-WLA 19
Refinement Goal Given a spurious CEX (cex), un-abstract some PPIs such that cex will be blocked in the next iteration. Strategies Simulation-Based Refinement (SBR) Proof-Based Refinement (PBR) Maximum Fanout Free Cone (MFFC) FMCAD 2017 PDR-WLA 20
Simulation-Based Refinement (SBR) Minimize CEX with ternary simulation Refine concrete-value (care-set) PPIs Abstraction 0 X FMCAD 2017 1 1 X 1 0 Refinement 1 X 0 1 X 0 X PDR-WLA 21
Proof-Based Refinement (PBR) Introduce multiplexers choosing PPIs and the original signals Make assumptions that the original ones are selected Formulate a SAT query that is UNSAT Derive an approximation of the minimum UNSAT core 1 Constant 0 (UNSAT) 1 1 Assumptions 0 1 0 FMCAD 2017 1 1 0 0 1 PI values from cex PDR-WLA 0 1 1 0 22
Comparison of SBR and PBR (1/2) SBR may refine more PPIs than necessary PBR SBR 1 1 1 0 1 0 0 Un-abstract PPIs {a, b, c, d} FMCAD 2017 Un-abstract PPIs {a, b} PDR-WLA 23
Comparison of SBR and PBR (2/2) SBR may take more iterations than necessary PBR SBR 1 1 1 X 1 1 0 X 0 11 X 00 X Un-abstract PPIs {a, b} (need 1 more iteration) FMCAD 2017 Un-abstract PPIs {a, b, c, d} PDR-WLA 24
Maximum Fanout Free Cone (MFFC) The MFFC of a signal s is a subset of its fanin cone, where each path from a signal in the subset to any PO passes through s. Original FMCAD 2017 Without MFFC Abstraction PDR-WLA With MFFC 25
PDR-WLA FMCAD 2017 PDR-WLA 26
Related Work Word-level Bounded Model Checking and/or k-induction • H. Jain et al. Word level predicate abstraction and refinement for verifying rtl verilog. DAC 2005. • Z. S. Andraus et al. Reveal: A formal verification tool for verilog designs. LPAR 2008. • B. A. Brady et al. Learning conditional abstractions. FMCAD 2011. Word-level Unbounded Model Checking • T. Welp and A. Kuehlmann. Property directed reachability for qf bv with mixed type atomic reasoning units. ASP-DAC 2014. • S. Lee and K. A. Sakallah. Unbounded scalable verification based on approximate property-directed reachability and datapath abstraction. CAV 2014. • Y. -S. Ho et al. Efficient uninterpreted function abstraction and refinement for word-level model checking. FMCAD 2016. Bit-level PDR with abstraction • Y. Vizel et al. Lazy abstraction and sat-based reachability in hardware model checking. FMCAD 2012. • K. Fan et al. Automatic abstraction refinement of TR for PDR. ASP-DAC 2016. FMCAD 2017 PDR-WLA 27
Experimental Settings PDR-WLA was implemented and is now available in ABC (command %pdra) S-CEGAR was also implemented for comparison (command %abs) 195 industrial benchmarks Hard signals* are targeted for abstraction *Large adders, multipliers, multiplexers, etc. 3600 second timeout All solved test cases are UNSAT FMCAD 2017 PDR-WLA 28
Comparison of PDR and PDR-WLA Virtual Best #Solved 111 89 129 #Uniquely. Solved 22 18 FMCAD 2017 PDR-WLA 29
Comparison of S-CEGAR and PDR-WLA 29 cases with non-trivial re-use of PDR traces are shown. FMCAD 2017 PDR-WLA 30
Detailed Performance – CPU Time (sec) Test Case #Hard signals 1 2 3 4 5 6 7 8 9 12 13 14 15 16 17 18 1252 1437 1437 1252 1437 133 94 95 82 72 58 11 479 1760 1202 1801 932 2531 1384 %abs SBR +MFFC 171 654 753 %pdra SBR +MFFC 196 3253 327 1530 402 2800 862 538 949 303 897 763 1685 %pdra PBR 145 931 307 583 170 672 411 226 388 242 372 296 259 %pdra PBR +MFFC 165 915 336 597 171 687 415 228 367 225 349 113 817 pdr FMCAD 2017 925 1985 10 2522 1214 851 1152 14 15 391 2061 PDR-WLA 10 9 19 20 2150 1132 354 1684 1731 414 545 125 1343 732 739 507 129 1238 732 2139 78 417 114 2191 862 789 1297 31
Conclusion PDR-WLA addresses word-level unbounded model checking PDR-WLA abstracts with localization PDR-WLA refines with PBR and MFFC PDR-WLA re-uses PDR traces from previous iterations PDR-WLA was implemented and is available in ABC PDR-WLA performed well on industrial benchmarks FMCAD 2017 PDR-WLA 32
Thank you! Yen-Sheng Ho, Alan Mishchenko, Robert Brayton
- Slides: 33