Download - © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University
© Anvesh KomuravelliIC3/PDR
Overview of IC3/PDR
Anvesh Komuravelli
Carnegie Mellon University
© Anvesh KomuravelliIC3/PDR
(<k)-reachable?
SAT-Based Bounded Model Checking (BMC)
Is there an execution leading to error in < k steps, beginning in I ?
© Anvesh KomuravelliIC3/PDR
(<k)-reachable?
BMC + k-Induction
k-inductive?
Is there an execution leading to error in < k steps, beginning in I ?
Is there an execution leading to error in k steps, beginning in P ?
© Anvesh KomuravelliIC3/PDR
(<k)-reachable?
Downside of k-Induction
k-inductive?
P may not be inductive for any k !
© Anvesh KomuravelliIC3/PDR
Strengthen P !
reachable states
© Anvesh KomuravelliIC3/PDR
BMC + Interpolation (McMillan ‘03)
k-reachable?
(k-1)
k-reachable?
(k-1)
…
If abstract counterexample found, start all over again with a bigger k
Many improvements followed
Approximate Forward-Reachability!
© Anvesh KomuravelliIC3/PDR
Forward-Reachability in a nutshell
Initial States
Over-approximations
Also, w.l.o.g., assume that :
No counterexample of length (k-1) from Fn
No counterexample of length (k-1)+1 from Fn-1
…
© Anvesh KomuravelliIC3/PDR
Formalizing BMC + Interpolation
Rule Condition Transition
Init −
Unfold
Refine
Unsafe return UNSAFE
Safe return SAFE
Abstract Transition System
© Anvesh KomuravelliIC3/PDR
Formalizing BMC + Interpolation
Rule Condition Transition
Init −
Unfold
Refine
Unsafe return UNSAFE
Safe return SAFE
Abstract Transition SystemState triple
© Anvesh KomuravelliIC3/PDR
Formalizing BMC + Interpolation
Rule Condition Transition
Init −
Unfold
Refine
Unsafe return UNSAFE
Safe return SAFE
Downsides
• Blow-up in SAT formula size as k gets big• Resolution proof of UNSAT is non-trivial to obtain
Abstract Transition System
© Anvesh KomuravelliIC3/PDR
…
??
A different search strategy
Let us restrict to 1-reachable queries
© Anvesh KomuravelliIC3/PDR
? …
A different search strategy
Let us restrict to 1-reachable queries
© Anvesh KomuravelliIC3/PDR
A different search strategy
Let us restrict to 1-reachable queries
…
© Anvesh KomuravelliIC3/PDR
A different search strategy
Let us restrict to 1-reachable queries
© Anvesh KomuravelliIC3/PDR
Formalizing the new search strategy
Rule Condition Transition
Init −
Unfold
Candidate
Decide
Conflict
Unsafe return UNSAFE
Safe return SAFE
© Anvesh KomuravelliIC3/PDR
Formalizing the new search strategy
Rule Condition Transition
Init −
Unfold
Candidate
Decide
Conflict
Unsafe return UNSAFE
Safe return SAFE
Checks k-reachability by explicit state backward search !
© Anvesh KomuravelliIC3/PDR
CDCL – Local Interpolants
Given
Find
Use algorithms to minimize cores (MUS)
© Anvesh KomuravelliIC3/PDR
…
CDCL – Local Interpolants
Given
Find
t
© Anvesh KomuravelliIC3/PDR
…
Strengthen Fi+1
CDCL – Local Interpolants
Given
Find
© Anvesh KomuravelliIC3/PDR
…
Strengthen Fi+1
CDCL – Local Interpolants
Hence,
© Anvesh KomuravelliIC3/PDR
…
Strengthen Fi
CDCL – Local Interpolants
Hence,
© Anvesh KomuravelliIC3/PDR
Rule Condition Transition
Init −
Unfold
Candidate
Decide
Conflict
Unsafe return UNSAFE
Safe return SAFE
Formalizing the new search strategy
© Anvesh KomuravelliIC3/PDR
…
Forward Propagation
t is bad for Fi+2 as well!Can we reuse φ?
t
© Anvesh KomuravelliIC3/PDR
Forward Inductive Propagation
Given
Find
© Anvesh KomuravelliIC3/PDR
Forward Inductive Propagation
Given
Find
unsat
© Anvesh KomuravelliIC3/PDR
Forward Inductive Propagation
Given
Find
unsat
© Anvesh KomuravelliIC3/PDR
Rule Condition Transition
Init −
Unfold
Candidate
Decide
Conflict
Induction
Unsafe return UNSAFE
Safe return SAFE
Formalizing the new search strategy
© Anvesh KomuravelliIC3/PDR
…
Forward Propagation
Block φ or s at Fi+2, Fi+3, …
© Anvesh KomuravelliIC3/PDR
…
Long Counterexamples!
k
m
…
Block φ or s at Fi+2, Fi+3, …
© Anvesh KomuravelliIC3/PDR
Rule Condition Transition
Init −
Unfold
Candidate
Decide
Conflict
Induction
Unsafe return UNSAFE
Safe return SAFE
Formalizing the new search strategy
© Anvesh KomuravelliIC3/PDR
cube
Generalizing Predecessors
Given Find
© Anvesh KomuravelliIC3/PDR
cube
Generalizing Predecessors
Given Find
cube
© Anvesh KomuravelliIC3/PDR
Generalizing Predecessors
Given
Find
T
−−−
…
−−−
−−−
…−−
−
Ternary Simulation
…
© Anvesh KomuravelliIC3/PDR
…
?
Generalizing Predecessors
© Anvesh KomuravelliIC3/PDR
…
?
Generalizing Predecessors
© Anvesh KomuravelliIC3/PDR
…
…
Generalizing Predecessors
© Anvesh KomuravelliIC3/PDR
Rule Condition Transition
Init −
Unfold
Candidate
Decide
Conflict
Induction
Unsafe return UNSAFE
Safe return SAFE
Formalizing the new search strategy
© Anvesh KomuravelliIC3/PDR
Rule Condition Transition
Init −
Unfold
Candidate
Decide
Conflict
Induction
Unsafe return UNSAFE
Safe return SAFE
IC3/PDR !
© Anvesh KomuravelliIC3/PDR
To summarize…
1-step reachability queriesGeneralizing PredecessorsLocal InterpolantsForward Inductive PropagationReusing Counterexamples
Fi is in CNF
© Anvesh KomuravelliIC3/PDR
To summarize…
• Competitive with variants of McMillan’s Interpolation• 3rd place in HWMCC’10 – competing with well-established tools• Well received by hardware industry• Implemented in Berkeley’s ABC tool• Extensions to progress and CTL properties• Extensions to LRA – implemented in Z3
© Anvesh KomuravelliIC3/PDR
Fi is in CNF
Efficient Implementation of IC3/PDR
SAT Context C
…
© Anvesh KomuravelliIC3/PDR
Decide/Conflict Rules
Assumptions A
Y N
Ternary Simulation
© Anvesh KomuravelliIC3/PDR
least j ≥ i such that
If none, add to F∞
MUS extraction to get
Conflict Rule
✗
Additionally,
pushing the clause to higher levels
© Anvesh KomuravelliIC3/PDR
Induction Rule
Similar to Conflict Rule, with repeated checks!
© Anvesh KomuravelliIC3/PDR
Extending to First-order Theories
can do sometheory-generalization
Local Interpolants ?
LRA : Linear combination of literals (Hoder and Bjorner, 2012)
∞state
Generalizing Predecessors
© Anvesh KomuravelliIC3/PDR
References
1. SAT-Based Model Checking without Unrolling, Bradley, VMCAI 20112. Efficient Implementation of Property Directed Reachability, Een,
Mishchenko and Brayton, FMCAD 20113. An Incremental Approach to checking Progress Properties, Bradley et al.,
FMCAD 20114. Understanding IC3, Bradley, SAT 20125. Generalized Property Directed Reachability, Hoder and Bjorner, SAT 20126. Incremental, Inductive CTL Model Checking, Hassan et al., CAV 2012