tdd: theory decision diagrams...bdd ldd our contributions: •implementation on top of cudd,...
TRANSCRIPT
![Page 1: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/1.jpg)
![Page 2: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/2.jpg)
•NO WARRANTY
•THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS FURNISHED ON AN “AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.
•Use of any trademarks in this presentation is not intended in any way to infringe on the rights of the trademark holder.
•This Presentation may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at [email protected].
•This work was created in the performance of Federal Government Contract Number FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The Government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at 252.227-7013.
2
![Page 3: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/3.jpg)
Linear Decision Diagrams (LDDs)… are Binary Decision Diagrams with nodes labeled by linear inequalities
v
1 0
u
x<10
1 0
y < 5
BDDLDD
Our contributions:• implementation on top of CUDD, including
• support for propositional operations (AND, OR, NOT, ITE)• support for projection (i.e., existential quantification, QELIM) of numeric variables•dynamic variable ordering (DVO)
• benchmark and experiments3
![Page 4: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/4.jpg)
Motivation(1): Predicate + Numeric Abstractions
4
3
Combining PA and NA for Soft MC
Gurfinkel and Chaki
© 2008 Carnegie Mellon University
Predicate and Numeric Abstractions
Predicate Abstraction (PA) (e.g., SDV)
• Typical property: no lock is acquired twice
• Program verification reduced to propositional reasoning with model checker
• Works well for control-driven programs
• Works poorly for data-driven programs
Numeric Abstraction (NA) (e.g, ASTREE)
• Typical property: no arithmetic overflow
• Program verification reduced to arithmetic reasoning
• Works well for data-driven programs
• Works poorly for control-driven programs
How to combine PA and NA to get the best of both?
Pre
cis
ion
Scalability
NA
PA Unrealistic
Gurfinkel & Chaki. Combining Predicate and Numeric Abstraction for Software Model Checking. In FMCAD 2008
![Page 5: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/5.jpg)
Motivation (2): Numeric Decision Diagrams
5
27
Combining PA and NA for Soft MC
Gurfinkel and Chaki
© 2008 Carnegie Mellon University
Numeric Decision Diagrams
(p1&&p2) ||
(x<0 && y=z)
(x>=0 && z>0) ||
(!(x>=0) && y=z)
p1: x>=0, p2: z>0
b1:x>=0, b2:z>0, b3:y=z
b1
b2 b3
1
1-edges are black, 0-edges are red
edges to 0 node are not shown
normalize
NDD elements are
BDDs over Predicate and Numeric Terms
2P → 2N
Gurfinkel & Chaki. Combining Predicate and Numeric Abstraction for Software Model Checking. In FMCAD 2008
![Page 6: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/6.jpg)
Motivation (2): Numeric Decision Diagrams
6
27
Combining PA and NA for Soft MC
Gurfinkel and Chaki
© 2008 Carnegie Mellon University
Numeric Decision Diagrams
(p1&&p2) ||
(x<0 && y=z)
(x>=0 && z>0) ||
(!(x>=0) && y=z)
p1: x>=0, p2: z>0
b1:x>=0, b2:z>0, b3:y=z
b1
b2 b3
1
1-edges are black, 0-edges are red
edges to 0 node are not shown
normalize
NDD elements are
BDDs over Predicate and Numeric Terms
2P → 2N
Gurfinkel & Chaki. Combining Predicate and Numeric Abstraction for Software Model Checking. In FMCAD 2008
Problems with NDDs are:• No reduction w.r.t. the types of constraints• All numeric operations are done path-at-a-time (i.e., exponential in the diagram!!!)
Lesson learned: need diagrams for linear arithmetic with efficient (not path-at-a-time) existential
quantification
![Page 7: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/7.jpg)
Some Other Applications of LDDs
• Represent and manipulate Boolean formulas over linear arithmetic …– to compute predicate abstraction
– to summarize loop-free code
– for program analysis with disjunctive abstract domain
– to combine predicate and numeric abstractions
– for timed automata verification
– …
• LDDs are NOT good for SATISFIABILITY checking– not a substitute for an SMT solver
7
![Page 8: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/8.jpg)
Talk Outline
• The basics– variable ordering, reduction rules, propositional
operations
• Dynamic Variable Ordering
• Quantifier Elimination– existential quantification of a single variable
– heuristics for quantifying multiple variables
• Implementation, Benchmarks, Results
• Conclusion and Future Work
8
![Page 9: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/9.jpg)
Canonizing Linear Inequalities
Linear Inequality: a1 x1 + … + an xn · k
x < 10x + y = 10x + y ¸ 10-x-y · -10
x · 9x + y · 10 Æ x + y ¸ 10-x – y · -10: (x + y · 9)
coefficient variable constant
term
9
´
´
´
´
![Page 10: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/10.jpg)
LDD Node Ordering
{x · 0} {x · 5} {x · 10} {y · 3} {y · 5} {z · 6}
{x · 0} {x · 10} {y · 5} {x · 5} {z · 6} {y · 3} Random:
{x · 0} {x · 10} {x · 5} {y · 5} {y · 3} {z · 6}Term-sorted:
Ordered:
Ordered: {y · 3} {y · 5} {z · 6} {x · 0} {x · 5} {x · 10}
10
![Page 11: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/11.jpg)
Reduction: Different Children
t· 5
Reduces to
Same as BDD
11
![Page 12: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/12.jpg)
Reduction: Imply High
t· 5
Reduces to
t· 9
t· 5
12
![Page 13: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/13.jpg)
Reduction: Imply Low
t· 5
Reduces tot· 9 t· 9
13
![Page 14: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/14.jpg)
Propositional Operations: APPLY
t· 5 t· 9OP
ROLDD ROLDDcommutative binary
operator that distributes over ITE
14
![Page 15: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/15.jpg)
Propositional Operations: APPLY
t· 5
t· 9OP
OP
15
![Page 16: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/16.jpg)
Rudell’s DVO Algorithm for BDDs
0
1
2
3
Level Nodes
a a a
b b
c c c
d d
16*Edges to 0 and 1 are not shown
![Page 17: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/17.jpg)
Example: Changing levels
u
Before
v v
f00 f01 f10 f11
v
After
u u
f00 f10 f01 f11
(u, (v, f11, f10), (v, f01, f00)) is overwritten in place by (v, (u, f11, f01), (u, f10, f00))Trivial new cofactors are reduced, i.e., when f00=f10 or f01=f11Only the diagram rooted at u is changed (both the label and the children are new)
Complexity: linear in the number of nodes labeled with u in the unique table
17
SwapInPlace
![Page 18: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/18.jpg)
Example: Changing levels in ROLDD
u
10
t<= 5 t<= 10
10
ROLDD with order: u, t<=5, t<=10(shown as a tree)
Before Reordering
1
0
1
0
u u
t<= 5
t<= 10 t<= 10
New order: t<=5, t<=10,uNot reduced!
After Reordering
Cannot use BDD reordering for LDD!18
SwapInPlace
![Page 19: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/19.jpg)
Problems extending DVO to LDDs
• Broken ordering constraints
• Broken Imply-high and Imply-low rules
• LDDs are not canonical
19
![Page 20: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/20.jpg)
20
x · 0
x · 1
x · 2
y · 3
y · 4
y · 5
x · 0
x · 1
y · 3
x · 2
y · 4
y · 5
x · 0
x · 1
y · 3
y · 4
x · 2
y · 5
x · 0
x · 1
y · 3
y · 4
y · 5
x · 2
LEVELS
Pairwise Swaps
![Page 21: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/21.jpg)
Two techniques for QELIM
• Black Box: use QELIM for conjunctions as a black box. Apply it to all paths of a diagram– linear in the number of paths == exponential in
the size of the diagram!
– many examples in the literature. (e.g., we used it in NDDs)
• White Box: Extend Fourier-Motzkin QELIM to the DAG of LDD– in the best case, same complexity as BDD
quantification
21
![Page 22: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/22.jpg)
Fourier-Motzkin QELIM
9 y . x-y·5 Æ x-z¸8 Æ y-z·10
x-z¸ 8 Æ x-z ·15
22
FM2(Var y, Formula )while exists constraint c with y in do
remove c from resolve c with remaining constraints in
end while
FM1(Var y, Conjunction )let S be all constraints with yremove S from add all pairwise resolutions of S to
![Page 23: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/23.jpg)
WB_EXISTS1: Example
x-y· 9
23
y
![Page 24: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/24.jpg)
WB_EXISTS1: Example (Cont)
24
x-y>9,
DAG_RESOLVE
x-y· 9,
DAG_RESOLVE
OR
y DAG_RESOLVE (Constraint c, ROLDD f) : ROLDDRecursively resolves c with all constraints in fEach node in f is visited only once
![Page 25: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/25.jpg)
Quantifying out multiple variables
1: EXISTS(LDD f, Vars V)2: res = f;3: while (V != empty) 4: V’ = FIND_DROP_VARS (V, res);5: if (V’ != empty) 6: res = DC(CONS_OF(V’), res);7: V = V \ V’;8: continue;9: 10: u = PICK_VAR (V, res);11: res = WB_EXISTS1(u, res);12: V = V \ {u};13: end while14: return res;
EXISTS1 -- any quantification procedure that can eliminate a single variable. In our implementation, it is the optimized WB_EXISTS1 from previous slides
DC short for DROP_CONS
FIND_DROP_VARS(V, res) – finds all variables in V that have trivial resolutions on all 1-paths of res
PICK_VAR (V, res) -- picks a variable from V to be quantifiedout next
In our implementation, FIND_DROP_VARS and PICK_VARare based on looking at the set of all constraints that are in support of res.
25
![Page 26: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/26.jpg)
The Implementation
26
LDD Engine
CUDDLinear Arith
Theories
TVPI(Q),UTVPI(Q),UTVPI(Z)
adapted to support DVO
with LDDs
![Page 27: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/27.jpg)
Benchmark: Image Computation
• Each test case is constructed– from open source software: CUDD, mplayer, bzip2,...– extracted using LLVM into SSA with optimizations,
aggressive loop-unrolling, and inlining– approximated using UTVPI constraints
• Stats: 850 test cases4KB – 700KB (in SMT-LIB format), 30 – 7,956 variables
27
V R(V, V’)transition relation of a
loop-free program fragment
Test case:
![Page 28: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/28.jpg)
1
10
100
1000
10000
100000
1000000
10000000
100000000
1 10 100 1000 10000 100000 1000000 10000000 100000000
BDD vs. LDD sizes
SVO
DVO
LDD=BDD
LDD=10*BDD
BDD=10*LDD
LDDSizes
BD
DSi
zes
With SVOBDD = LDD : 407 BDD > LDD : 190
LDD > BDD : 253 LDD > 10*BDD : 18Memory Outs : LDD=99 BDD=97
Timeouts : LDD=13 BDD=12
With DVOBDD = LDD : 114 BDD > LDD : 596
LDD > BDD : 140 BDD > 10*LDD : 39Timeouts : LDD=5 BDD=28
28
![Page 29: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/29.jpg)
Overall Results for QELIM
Hard (154 cases) Easy (696 cases)
Alg.Total(sec)
QE(sec)
TO MOTotal(sec)
QE(sec)
TO
BB -- -- 141 0 -- -- 670
WB+SVO 38,739 36,511 21 99 395 80 0
WB+DVO 10,953 3,329 9 0 784 219 0
29
![Page 30: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/30.jpg)
0.001
0.01
0.1
1
10
100
0 100 200 300 400 500 600 700 800 900
Total Time: WB+DVO and WB+SVO
WB+DVO
WB+SVO
TestCases
No
rmal
ized
To
talT
ime
So
rte
d b
y W
B+S
VO
Easy Hard
Easy HardWB+DVO > WB+SVO : 27 1WB+DVO = WB+SVO : 659 9WB+DVO < WB+SVO : 10 144
30
![Page 31: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/31.jpg)
Predicate Abstraction with LDDs
31
V R(V) i (bi pi(V))transition relation of a
loop-free program fragment
predicateBoolean variable
![Page 32: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/32.jpg)
Predicate Abstraction with LDDs
32
V R(V) i (bi pi(V))
0
10
20
30
40
50
60
70
0 200 400 600 800 1000 1200
Ru
nn
ing
tim
e in
se
con
ds
Test Cases
Running Time: MSAT and LDD
MSAT
LDD
![Page 33: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/33.jpg)
Related Work
Decision Diagrams (over linear constraints)– Strehl. Interval Diagram Techniques… 1999– Moller et al. Difference Decision Diagrams. 1999– Larsen et al. Clock Difference Diagrams. 1999
Quantifier Elimination in Large Boolean Formulas– Clarke et al. SATABS: A SAT-Based PA for ANSI-C. 2005– Lahiri et al. SMT Techniques for Fast PA. 2006– Cavada et al. Computing PA by Integrating BDDs and SMT
Solver. 2007– D. Monniaux. A QELIM Algorithm for Linear Real Arith.
2008
33
![Page 34: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/34.jpg)
Future Work
• Predicate Abstractions with LDDs
• An LDD-based Abstract Domain– first step is a disjoint-box domain for variable
range analysis
– designing a widening is the main challenge
• Public release of the library – send email to [email protected] for more info
34
![Page 35: TDD: Theory Decision Diagrams...BDD LDD Our contributions: •implementation on top of CUDD, including •support for propositional operations (AND, OR, NOT, ITE) •support for projection](https://reader035.vdocuments.mx/reader035/viewer/2022062506/5f88ce66c101d27d890e9c2e/html5/thumbnails/35.jpg)
THE END