Faster Extraction of High-Level Minimal Unsatisfiable Cores

A signment

1Faster Extraction of High-Level Minimal Unsatisfiable CoresSAT11 ConferenceAnn Arbor, USA June 21, 2011 Ryvchin Vadim and Ofer Strichman Technion, Israel12AgendaIntroduction and motivationOptimizationsA. Partial ResolutionB. Selective clause minimizationC . Postponed IC-propagationE. Selective learning of IC-clauses G. Removal StrategyExperimental resultsResolution vs. Selector variables23High-Level UCGiven: A set of interesting constraints (IC) = { IC1, IC2 , , ICm }, andThe remainder

The set is a high-level UC (HLUC) if is unsatisfiable

HLUC is minimal (HLMUC) if removal of any IC makes satisfiable

3ExamplesAbstraction-refinement in model checking [MA03]Latches in core define the next abstraction.

Compositional Formal Equivalence Checking (FEC) [CGLNR10]Decompose the compared circuits to blocks. Assume inputs to blocks are the sameAssumptions in the core need to be proved.4A very popular model checking technique is based on abstraction/refinement. A BDD-based model checker checks an abstract model, where the abstraction is defined by the set of latches that we replace with free inputs.B. If the property fails, a SAT solver is ran on the concrete model to the depth of the ce.C. If there is no BUG - the latches that participate in the proof define the abstraction in the next iteration. D: clearly, then we want to have as few latches in the proof as possible

4Example Application 1: Proof-based Abstraction Refinement for Model Checking (McMillan et al., TACAS03; Gupta et al., ICCAD03)No BugValidModel Check ABMC(M,P,k)Cex C at depth kBugNoA A latches/gates in the UNSAT core of BMC(M,P,k) Inputs: model M, property P Output: does P hold under M?Abstract model A { }Spurious?The UNSAT core is used for refinementThe UNSAT core is required in terms of latches/gatesYesTurn latches/ gates into free inputs5Example Application 2: Assumption Minimization for Compositional Formal Equivalence Checking (FEC)(Cohen et al., DVCon10)FEC verifies the equivalence between the design (RTL) and its implementation (schematics).The whole design is too large to be verified at once.FEC is done on small sub-blocks, restricted with assumptions.Assumptions required for the proof of equivalence of sub-blocks must be proved relative to the driving logic. MUC extraction in terms of assumptions is vital for feasibility.

InputsOutputsAssumptionAssertion6Traditional UC Extraction:Stage 1: Translate to Clauses7An interesting constraint

The remainder (the rest of the formula)

Each small square is a propositional clause, e.g. (a + b)7Traditional UC Extraction:Stage 2: Extract a Clause-Level UC8An interesting constraint

The remainder (the rest of the formula)

Colored squares belong to the clause-level UC8Traditional UC Extraction:Stage 3: Map UC back to ICs9An interesting constraint

The remainder (the rest of the formula)

The UC contains three interesting constraints!910A Mismatch between Mainstream Research and the Needs of Real-World ApplicationsReal-world applications: reduce # interesting constraints in the coreLatches/gates for abstraction refinementAssumptions for compositional FEC

Vast majority of existing algorithms: reduce # of clauses in the core19/21 papers on UC extraction only consider clause-level UC extraction 1011Small/Minimal Clause-Level UC Small/Minimal High-Level UC A small clause-level UC, but the high-level UC is the largest possible:A large clause-level UC, but the high-level UC is empty:1112Resolution RefutationC1C2C3C4C5C6C7C8C10C11C12C13C14C15C20C19C21C17C18C22C23=()C9C16Input clausesLegend:Derived clauses1213Resolution RefutationC1C2C3C4C5C6C7C8C10C11C12C13C14C15C20C19C21C17C18C22C23=()C9C16Input clausesLegend:Derived clausesEmpty clause cone: { C4 C5 C6 C7 C13 C14 C19 C20 C23 }Unsat Core: { C4 C5 C6 C7 }14Resolution RefutationC1C2C3C4C5C6C7C8C10C11C12C13C14C15C20C19C21C17C18C22C23=()C9C16Empty clause cone: { C4 C5 C6 C7 C13 C14 C19 C20 C23 }Unsat Core: { C4 C5 C6 C7 }Legend:Empty Clause ConeUnsat Core15Resolution with ICsC1C2C3C4C5C6C7C8C10C11C12C13C14C15C20C19C21C17C18C22C23=()C9C16Derived clausesIC1Legend:IC2RemainderInput ClausesDerived Clauses16Resolution with ICsC1C2C3C4C5C6C7C8C10C11C12C13C14C15C20C19C21C17C18C22C23=()C9C16IC1Legend:IC2RemainderInput ClausesIC1IC2RemainderDerived Clauses17HLUCC1C2C3C4C5C6C7C8C10C11C12C13C14C15C20C19C21C17C18C22C23=()C9C16IC1Legend:IC2RemainderHLUC: { IC2 }18HLMUC Algorithm [N10] - remainder, - ICs

Initialization: = =

Assumption: is UNSATSolve = HLUC = = \ ICiUNSATSATRemove one ICi that wasnt already removedNo unchecked ICs1819Contribution of this WorkSeven optimizations for single HLMUC.improved run time and smaller HLMUC

Comparison between resolution and selector variables solvers.20A. Partial ResolutionObservations: IC-clauses usually between 5-15% of the problem clausesWe do not need the whole resolution tableSuggestion:Keep only clauses relevant to IC resolutionsResult: The size of the resolution graph reducedVery effective on large CNFsA. Partial Resolution21C1C2C3C4C5C6C7C8C10C11C12C13C14C15C20C19C21C17C18C22C23=()C9C16IC1Legend:IC2RemainderA. Partial Resolution22C1C2C3C4C5C6C7C8C10C11C12C13C14C15C20C19C21C17C18C22C23=()C9C16IC1Legend:IC2Not NeededA. Partial Resolution23C1C7C8C10C15C20C21C17C22C23=()IC1Legend:IC2C16A. Partial Resolution - Summary24C1C7C8C10C15C20C21C17C22C23=()IC1Legend:IC2Keep only the needed resolutions C1624B. Selective clause minimizationTechnique for shrinking conflict clauses

The algorithm is based on traversing the resolution DAG backward from each literal in the learned clause

The problem:May turn a non-IC-clause into a shorter IC-clause2526B. Selective clause minimizationc1= (v1 v2)c2= (v2 v3)c3= (v4 v5)c4= (v5 v6)c5= (v1 v3 v4 v6)

27B. Selective clause minimizationc1= (v1 v2)c2= (v2 v3)c3= (v4 v5)c4= (v5 v6)c5= (v1 v3 v4 v6)

v1v2v3c1c228B. Selective clause minimizationc1= (v1 v2)c2= (v2 v3)c3= (v4 v5)c4= (v5 v6)c5= (v1 v3 v4 v6)

v1v2v3v4v5v6v6c1c2c3c4c5c5c529B. Selective clause minimizationc1= (v1 v2)c2= (v2 v3)c3= (v4 v5)c4= (v5 v6)c5= (v1 v3 v4 v6)

v1v2v3v4v5v6v6c1c2c3c4c5c5c530B. Selective clause minimizationc1= (v1 v2)c2= (v2 v3)c3= (v4 v5)c4= (v5 v6)c5= (v1 v3 v4 v6)1-UIP based conflict analysis:c6= (v1 v3 v4)

v1v2v3v4v5v6v6c1c2c3c4c5c5c531B. Selective clause minimizationc1= (v1 v2)c2= (v2 v3)

v1 v3 v3 v1 32B. Selective clause minimizationc1= (v1 v2)c2= (v2 v3)

c6= (v1 v3 v4) c6= (v1 v4)

v1 v3 v3 v1 33B. Selective clause minimizationc1= (v1 v2)c2= (v2 v3)c3= (v4 v5)c4= (v5 v6)c5= (v1 v3 v4 v6)c6= (v1 v4)

v1v2v3v4v5v6v6c1c2c3c4c5c5c534B. Selective clause minimizationc1= (v1 v2)c2= (v2 v3) (IC)c3= (v4 v5)c4= (v5 v6)c5= (v1 v3 v4 v6)

v1v2v3v4v5v6v6c1c2c3c4c5c5c535B. Selective clause minimizationc1= (v1 v2)c2= (v2 v3) (IC)

With minimization using c2:c6= (v1 v4) (IC)

Without minimization:c6= (v1 v3 v4) (remainder)

36B. Selective clause minimizationSuggested solution:Disable minimization if it adds dependency on IC-clause.

c6= (v1 v3 v4) instead of c6= (v1 v4)

Disabling minimization reduces #derived IC-clauses reduces #IC-clauses in UC and finds HLMUC faster

C. Postpone IC-propagationsChange BCP order37Run BCPAnalyze ConflictNext OperationsConflictno implicationsC. Postpone IC-propagationsChange BCP order38Run BCP over non IC-clausePropagate a single IC-clauseAnalyze ConflictNext OperationsConflictno implicationsno implicationsfound implicationConflictC. Postpone IC-propagationsIncrease chances to get conflicts in remainderDecreases number of derived IC-clauses Decreases number of IC-clauses in UC.39E. Selective Learning40@5@5@5@5@5@2@2@3@5@5@5@5X@3implicationIC-clause implication@5E. Selective Learning 41@5@5@5@5@5@5@2@2@3@5@5@5@5X@3implicationIC-clause implicationE. Selective Learning 42@5@5@5@5@5@2@2@3@5@5@5@5X@3implicationIC-clause implicationLearnt clause should be marked IC-clause@5E. Selective LearningWe refrain from learning IC-clausesInstead, do not learn itlearn a (non-asserting) remainder clausemake a decision

How ? 43E. Selective LearningHow ? Treat the last IC-clause implication as decisionPerform new 1-UIP conflict analysisThe learnt clause is remainder

44E. Selective Learning 45@5@5@5@5@5@2@2@3@5@5@5@5X@3implicationIC-clause implication@5E. Selective Learning 46@5@5@5@5@5@2@2@3@5@6@6@6X@3implicationIC-clause implication@5E. Selective Learning 47@5@5@5@5@5@2@2@3@5@6@6@6X@3implicationIC-clause implication@5E. Selective Learning 48@5@5@5@5@5@2@2@3@5@6@6@6X@3implicationIC-clause implication@5G. Removal StrategyRecall: In each iteration one IC is chosen to be removed.

Solve = HLUC = = \ ICiUNSATSATRemove one ICi that wasnt already removedNo unchecked ICs50G. Removal StrategyWhat is the effect of the removal order?Which IC should we remove first?

51G. Removal StrategyCriterion: #clauses in UC

Choose the onethat contains least clauses in UCIf UNSAT (not necessary), will converge fasterIf UNSAT (not necessary), will likely allow further removalsthat contains most clauses in UCIf SAT (necessary), clauses are added as remainder fast

52Experimental ResultsBenchmark Set:Industrial set of problems from IntelAverage #clauses = 2,572,270Average #ICs = 3804Average #IC-clauses = 96568 (6% of #clauses)Machines:Intel Xeon 4Ghz 32Gb of memoryExperimental Results5354Experimental Results (zoom)

55Experimental Results Improves N10: Time: 44913 sec vs. 20453 sec (x2.19 speedup)HLMUC size: 18995 vs. 5090 (73.2% reduction)Resolution vs. Selector variablesMain cause for performance gap: clause minimization.When clause minimization is off: similar results (time + size of HLMUC).Selector variables: minimization does not turn non-IC-clause into IC-clauseSelector variable prevents the minimization5657Resolution vs. Selector variablesc1= (v1 v2)c2= (v2 v3) (IC)c3= (v4 v5)c4= (v5 v6)c5= (v1 v3 v4 v6)

v1v2v3v4v5v6v6c1c2c3c4c5c5c558Resolution vs. Selector variablesc1= (v1 v2)c2= (v2 v3 s) (IC)c3= (v4 v5)c4= (v5 v6)c5= (v1 v3 v4 v6)Selector variables are pure cannot be removed every IC-clause have at least one

c1c2sv1v2v3v4v5v6v6c1c2c3c4c5c5c559Resolution vs. Selector variablesResolution-based:c1= (v1 v2)c2= (v2 v3) (IC)

Selector-variables-based:c1= (v1 v2)c2= (v2 v3 s) (IC)

v1 v3 v3 v1 v1 v3 Cannot be resolved awayResolution vs. Selector variables60Resolution vs. Selector variables61

Comparison to selector-variables: Time: 28032 sec vs. 20453 sec (x1.37 speedup)HLMUC size: 12090 vs. 5090 (57.8% reduction)Resolution vs. Selector variables626263Thank You!63