FMCAD’10 Conference Lugano, Switzerland October 23, 2010 Boosting Minimal Unsatisfiable Core Extraction Alexander Nadel Intel, Israel
Boosting Minimal Unsatisfiable Core Extraction
Feb 23, 2016
Boosting Minimal Unsatisfiable Core Extraction. FMCAD’10 Conference Lugano , Switzerland October 23, 2010 . Alexander Nadel Intel, Israel. Agenda. Introduction and motivation New algorithms Generic scheme Resolution-based algorithm Selector-variable-based algorithm Related work - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
A signment
FMCAD10 ConferenceLugano, Switzerland October 23, 2010 Boosting Minimal Unsatisfiable Core ExtractionAlexander Nadel Intel, Israel1AgendaIntroduction and motivationNew algorithmsGeneric schemeResolution-based algorithmSelector-variable-based algorithmRelated workExperimental resultsConclusion
2Unsatisfiable Core ExtractionAn unsatisfiable core (UC) is an unsatisfiable subset of an unsatisfiable set of constraints
An unsatisfiable core is minimal if removal of any constraint makes it satisfiable (local minima)
This work concentrates on minimal unsatisfiable core extraction for propositional logic
3Example Application 1: Proof-based Abstraction Refinement for Model Checking (McMillan et al., TACAS03; Gupta et al., ICCAD03)No BugValidModel Check ABMC(M,P,k)Cex C at depth kBugNoA A latches/gates in the UNSAT core of BMC(M,P,k) Inputs: model M, property P Output: does P hold under M?Abstract model A { }Spurious?The UNSAT core is used for refinementThe UNSAT core is required in terms of latches/gatesYesTurn latches/ gates into free inputs4Example Application 2: Assumption Minimization for Compositional Formal Equivalence Checking (FEC)(Cohen et al., DVCon10)FEC verifies the equivalence between the design (RTL) and its implementation (schematics).The whole design is too large to be verified at once.FEC is done on small sub-blocks, restricted with assumptions.Assumptions required for the proof of equivalence of sub-blocks must be proved relative to the driving logic. MUC extraction in terms of assumptions is vital for feasibility.
InputsOutputsAssumptionAssertion5Traditional UC Extraction for Practical Needs: the InputAn interesting constraint
The remainder (the rest of the formula)
The user is interested in a MUC in terms of these constraints6Traditional UC Extraction: Example Input 1An unrolled latch/gate
The rest of the unrolled circuit
Proof-based abstraction refinement7Traditional UC Extraction: Example Input 1An assumption
Equivalence between sub-block RTL and implementation
Assumption minimization for FEC8Traditional UC Extraction:Stage 1: Translate to ClausesAn interesting constraint
The remainder (the rest of the formula)
Each small square is a propositional clause, e.g. (a + b)9Traditional UC Extraction:Stage 2: Extract a Clause-Level UCAn interesting constraint
The remainder (the rest of the formula)
Colored squares belong to the clause-level UC10Traditional UC Extraction:Stage 3: Map the Clause-Level UC Back to the Interesting ConstraintsAn interesting constraint
The remainder (the rest of the formula)
The UC contains three interesting constraints!11Traditionally, a Clause-Level UC Extractor is the WorkhorseA CNF formula is a conjunction of clauses, e.g., (a) (b) (b + c) (b + c) (a + c)
Clause-level UC extraction: given a CNF formula, extract an unsatisfiable subset of its clauses
12A Mismatch between Mainstream Research and the Needs of Real-World ApplicationsReal-world applications require reducing the number of interesting constraints in the core rather than clausesLatches/gates for abstraction refinementAssumptions for compositional FEC
The vast majority of existing algorithms for UC extraction are clause-level19/21 papers on UC extraction only consider clause-level UC extraction 13Small/Minimal Clause-Level UC Small/Minimal High-Level UC A small clause-level UC, but the high-level UC is the largest possible:A large clause-level UC, but the high-level UC is empty:14Contribution of this WorkThis work introduces two highly scalable algorithms for extracting a single high-level minimal UCThese algorithms convincingly outperform the current state-of-the-art algorithms
The proposed algorithms outperform the state-of-the-art algorithms on large test-cases for clause-level MUC extraction
The algorithms can be used for only reducing the core when resources are limited 15AgendaIntroduction and motivationNew algorithmsGeneric schemeResolution-based algorithmSelector-variable-based algorithmRelated workExperimental resultsConclusion
16High-Level UC ExtractionGiven: A set of interesting constraints = {R1, R2 , , Rm }, andThe remainder
The set is a high-level UC if is unsatisfiable
Minimality is defined as usual (w.r.t set inclusion)
17A Bird's Eye View of the AlgorithmsBoth algorithms are composed of: The approximation stageFind a non-minimal high-level UC The main loopFor each interesting constraint R , check if it belongs to the MUC. Remove superfluous constraints from In the end is returned as the MUCBoth algorithms take advantage of incremental SAT solving
18S CreateSATInst( = {R1, , Rm } )The Skeleton of the New AlgorithmsCreate an incremental SAT instance from the initial constraints = {R1, , Rm } and the remainder . 19S CreateSATInst( = {R1, , Rm } )The Skeleton of the New AlgorithmsMUC {}
MUC will contain the MUC at the end of algorithms execution20Cands ApproxMUC (S, , )
S CreateSATInst( = {R1, , Rm } )The Skeleton of the New AlgorithmsMUC {}
This function returns a non-minimal high-level UC. Cands contains all the MUC candidates (that is, interesting constraints) whose status is not yet determined. 21Cands ApproxMUC (S, , )
S CreateSATInst( = {R1, , Rm } )RemoveForever (S, \ Cands ) The Skeleton of the New AlgorithmsMUC {}
This operation removes all the clauses dependent on \ Cands from the SAT instance forever22Cands ApproxMUC (S, , )
S CreateSATInst( = {R1, , Rm } )RemoveForever (S, \ Cands ) The Skeleton of the New AlgorithmsMUC {}
The approximation stage23Cands ApproxMUC (S, , )
Cands is empty?S CreateSATInst( = {R1, , Rm } )RemoveForever (S, \ Cands ) The Skeleton of the New AlgorithmsMUC {}
The condition of the main loop of the algorithm. For each remaining MUC candidate, the loop will check if it belongs to the MUC.Return MUCYes24Cands ApproxMUC (S, , )
Cands is empty?S CreateSATInst( = {R1, , Rm } )Pick Rk Cands ; Cands Cands \ {Rk}
RemoveForever (S, \ Cands ) The Skeleton of the New AlgorithmsReturn MUCYesMUC {}
NoPick the removal candidate for the current iteration25Cands ApproxMUC (S, , )
Cands is empty?S CreateSATInst( = {R1, , Rm } )Pick Rk Cands ; Cands Cands \ {Rk}
RemoveForever (S, \ Cands ) The Skeleton of the New AlgorithmsReturn MUCYesConditionallyRemove(S, Rk) MUC {}
NoThis operation conditionally removes all the initial and conflict clauses dependent on Rk from the SAT instance in a way that guarantees that a potential return operation is easy26Cands ApproxMUC (S, , )
Cands is empty?S CreateSATInst( = {R1, , Rm } )Pick Rk Cands ; Cands Cands \ {Rk}
Solve(S)RemoveForever (S, \ Cands ) The Skeleton of the New AlgorithmsReturn MUCYesConditionallyRemove(S, Rk) MUC {}
NoSolve the current instance using a SAT solver27Cands ApproxMUC (S, , )
Cands is empty?S CreateSATInst( = {R1, , Rm } )Pick Rk Cands ; Cands Cands \ {Rk}
Solve(S)RemoveForever (S, \ Cands ) The Skeleton of the New AlgorithmsReturn MUCYesConditionallyRemove(S, Rk) MUC MUC {Rk} ReturnToInstance(S, Rk} MUC {}
NoSATRk belongs to the MUC. Return all the initial and conflict clauses dependent on Rk to the SAT instance.28Cands ApproxMUC (S, , )
Cands is empty?S CreateSATInst( = {R1, , Rm } )Pick Rk Cands ; Cands Cands \ {Rk}
Solve(S)RemoveForever (S, \ Cands ) The Skeleton of the New AlgorithmsReturn MUCYesConditionallyRemove(S, Rk) RemoveForever (S, Rk) MUC MUC {Rk} ReturnToInstance(S, Rk} MUC {}
NoRemoveForever(S, Other Irrelevant ICs) SATUNSATRk does not belong to the MUC. Remove all the initial and conflict clauses dependent on Rk and possibly other irrelevant interesting constraints from the SAT instance forever.29Cands ApproxMUC (S, , )
Cands is empty?S CreateSATInst( = {R1, , Rm } )Pick Rk Cands ; Cands Cands \ {Rk}
Solve(S)RemoveForever (S, \ Cands ) The Skeleton of the New AlgorithmsReturn MUCYesConditionallyRemove(S, Rk) RemoveForever (S, Rk) MUC MUC {Rk} ReturnToInstance(S, Rk} MUC {}
NoRemoveForever(S, Other Irrelevant ICs) SATUNSAT305 Operations for Implementing the Generic SchemeCreate a SAT instanceApproximate a MUCOperations with interesting constraints:Eternal removalConditional removalReturn
31AgendaIntroduction and motivationNew algorithmsGeneric schemeResolution-based algorithmSelector-variable-based algorithmRelated workExperimental resultsConclusion
32Resolution RefutationA modern SAT solver is able to generate a resolution refutation of a given formulaGenerates little overhead on solvers run-time
The cone of a clause or a set of clauses in a given resolution refutation is the set of all the reachable clauses
33A Resolution Refutation ExampleC3 = a C4 = c C1 = b + c C2 = b + c C5 = a + c C6 = c C7 = a C8 = Input clausesLegend:Derived clausesCone({C1, C2})34Implementing the Resolution-based AlgorithmWe need to implement the following operations:Create a SAT instanceApproximate a MUCOperations with interesting constraints:Eternal removalConditional removalReturn
The idea is to use cone manipulations
35Implementing the Resolution-based AlgorithmCreate a SAT instanceApproximate a MUCOperations with interesting constraints:Eternal removalConditional removalReturn
36Creating a SAT Instance for the Resolution-based AlgorithmUse the standard Tseitin encodingThe constraints are translated to mutually disjoint sets of clauses
37Implementing the Resolution-based AlgorithmCreate a SAT instanceApproximate a MUCOperations with interesting constraints:Eternal removalConditional removalReturn
38Approximating a MUC for the Resolution-based AlgorithmInvoke the SAT solver with a resolution refutation generator
An interesting constraint belongs to the set of MUC candidates iff its cone contains The cone of an interesting constraint is the cone of the associated clauses39Implementing the Resolution-based AlgorithmCreate a SAT instanceApproximate a MUCOperations with interesting constraints:Eternal removalConditional removalReturn
40Operations with Interesting Constraints for the Resolution-based AlgorithmEternal removal Remove the cone of the interesting constraint
Conditional removal Make the cone of the interesting constraint invisible for BCP and clause-based heuristicsRemove the clauses from the watch lists Let clause-based heuristic to skip the clauses
Return Undo the conditional removal41AgendaIntroduction and motivationNew algorithmsGeneric schemeResolution-based algorithmSelector-variable-based algorithmRelated workExperimental resultsConclusion
42Selector Variable-based High-Level Minimal UC ExtractionThe underlying idea:For each Ri allocate a new selector variable si Add the literal si to Ris clauses Use the selector literals to turn (cones of) interesting constraints on and offAny clause in the cone of Ri will include si cone manipulations are possible without the need to store the resolution derivation! 43Selector Variable-based High-Level Minimal UC ExtractionWe use the feature of SAT solving under assumptions N. Een et al., SAT03The solver receives a set of assumptions{s1, , sm} along with the CNF formula FIt returns SAT iff F in conjunction with all the assumptions is satisfiableIf the answer is UNSAT, the solver can return the set of assumptions required for the refutationN. Een et al., FMCAD10: presented todayA very cheap algorithm
44Implementing the Selector Variable-based AlgorithmCreate a SAT instanceApproximate a MUCOperations with interesting constraints:Eternal removalConditional removalReturn
45Implementing the Selector Variable-based AlgorithmCreate a SAT instanceApproximate a MUCOperations with interesting constraints:Eternal removalConditional removalReturn
46SAT Instance Creation for the Selector Variable-based MethodEach Ri = {R1, R2 , , Rm } is translated as follows:Generate a set of clauses Clss(Ri) using Tseitin encodingIntroduce a fresh selector variable si Add the literal si to each clause of Clss(Ri)
The remainder is translated to clauses using Tseitin encoding
47Implementing the Selector Variable-based AlgorithmCreate a SAT instanceApproximate a MUCOperations with interesting constraints:Eternal removalConditional removalReturn
48The Approximation Stage of the Selector-Variable-based MethodInvoke the SAT solver under the assumptions {s1, , sm}
Keep (as MUC candidates) all the interesting constraints whose corresponding assumptions are required for the proof49Implementing the Selector-Variable-based AlgorithmCreate a SAT instanceApproximate a MUCOperations with interesting constraints:Eternal removalConditional removalReturn
50Operations with Interesting ConstraintsEternal removal of RiAdd the unit clause si to the instanceMakes all the clause dependent on Ri satisfied. They will be removed by the solvers interprocessor.
Conditional removalSolve under the assumption that si is false and all selector variables of the other MUC candidates are true
Return of RiAdd the unit clause si to the instanceThis operation asserts Ri51Comparison between Resolution-based and Selector Variable-based MethodsPros of the selector-variable-based methodSaves the overhead of maintaining the resolution derivationSaves the overhead of manipulations with conesSimpler to implementCons of the selector-variable-based methodSlows down performance, since the conflict clauses become much longer52AgendaIntroduction and motivationNew algorithmsGeneric schemeResolution-based algorithmSelector-variable-based algorithmRelated workExperimental resultsConclusion
53Related Work: High-Level MUC ExtractionCAMUS: explores the duality between MCSs and MUCsLiffiton et al., J. Autom. Reasoning08Uses selector-variable-based reasoningCan return any user-given number of high-level MUCs : no experiments with CAMUS in our paperWe assumed that it can return all MUCs only: we experimented with CAMUS for this presentation
MUSIC: our work for an industrial conferenceCohen et al., DVCon10Demonstrates the necessity of the high-level MUC extraction for industrial needs: assumption minimization for FECAn early version of our resolution-based algorithm is used for the experiments.Not enough algorithmic detail are provided in the paperWe have used this algorithm since 2006 (it was unpublished)
54Previous Work on Clause-Level MUC ExtractionCRR + RRP: the resolution-based method Dershowitz et al., SAT06; Nadel, PhD thesis09 The basis for our resolution-based algorithmThe only method shown to scale for large formal verification instances (up to almost 200k clauses)AMUSE: the first selector-variable-based approach for MUC extractionOh et al., DAC04MUP : BDD-based algorithmHuang, ASP-DAC05MiniUnsat: associated assignment-based methodH. Van Maaren et al., SAT08AOMUS: local search-based approachGregoire et al., Constraints07
55AgendaIntroduction and motivationNew algorithmsGeneric schemeResolution-based algorithmSelector-variable-based algorithmRelated workExperimental resultsConclusion
56Experimental Results: High-Level MUC Extraction: AlgorithmsAlgorithms evaluated:CAMUS in the following mode:Single MUC extractionPreprocessing: the basic resolution-based non-minimal UNSAT core extractionMUC-RB: our resolution-based algorithmMUC-SV: our selector-variable-based algorithm
57Experimental Results: High-Level MUC Extraction: InstancesThe domain of the instances is proof-based abstraction refinementGenerated at Intel, publically availableEach interesting constraint is an unrolled latchSize: 136,878 5,136,873 clauses (1,853,500 on average)The number of interesting constraints: 584 4030 (3367 on average)
58Experimental Results: High-Level MUC ExtractionT/O59Experimental Results: High-Level MUC Extraction60Experimental Results: Clause-Level MUC ExtractionThe instances:Well-known instances from the formal verification domainAlgorithms evaluated:MUC-RBMUC-SVCRR+RRPCAMUSAOMUSMiniUnsat
61Clause-Level MUC Extraction: Run-Time is in Sec. InstanceClausesT/OMUC-RBMUC-SVCRR+RRPCAMUSAOMUSMiniUnsat3pipe_k274057200167239469TOERRTO4pipe802137200141720213791TOTOTO4pipe_1_ooo745547200152843232928TOTOTO4pipe_2_ooo822077200238349994566TOTOTO4pipe_3_ooo894737200256053574465TOTOTO4pipe_4_ooo964807200243263545865TOTOTO4pipe_k794897200142630972938TOTOTObarrel553837200684811531ERR267barrel689317200348402436223ERR1391barrel713765720084970010811443ERR5027barrel82008372004115575841105823ERRTOlongmult4606972001478125540227longmult57431720014364210021ERR538longmult6885372009685705176079TO1149longmult71033572005099TOTO858TO249732Gb of memory4Gb of memoryMachines:62AgendaIntroduction and motivationNew algorithmsGeneric schemeResolution-based algorithmSelector-variable-based algorithmRelated workExperimental resultsConclusion
63ConclusionWe introduced two algorithms for extracting a minimal unsatisfiable core (MUC)
Our algorithms can be applied to high-level MUC extractionMUC extraction in terms of user-given interesting constraints. Critical for applications.
Our algorithms are faster by two order of magnitudes than existing algorithms for high-level MUC extractionThey are also faster for clause-level MUC extraction on large and difficult test-cases
64Future WorkGeneralize the algorithms to extract a user-given number of MUCsOptimize performanceImprove the data structure for storing the resolution derivationCombine the selector-based and resolution-based approachesStudy the impact of available resources (CPU, memory, disk) on performanceTune RRP for the newly proposed algorithms
65Thanks!66
Related Documents
