Application of Lifting in Partial Design Analysis Marc Herbstritt - PowerPoint PPT Presentation

Application of Lifting in Partial Design Analysis Marc Herbstritt (joint work with Vanessa Struve and Bernd Becker) Institute of Computer Science Albert-Ludwigs-University Freiburg im Breisgau, Germany Presentation at IEEE MTV 2007, Dec 06 2007 www.avacs.org

Overview Introduction 1 Preliminaries 2 BMC of Blackbox Designs using 01X-Logic Lifting 01X-Brute-Force Lifting 3 Lifting Strategies for 01X-Logic Experimental Results Automated Blackbox Synthesis 4 Combinational Equivalence Checking of Blackbox Designs Example Blackbox Synthesis Conclusions 5

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions Background Formal Verification of Circuits → Correctness of implementation wrt. its specification → Combinational Equivalence Checking: “Golden” reference circuit vs. implementation → Model Checking Model Checking: Does circuit fulfill (temporal) properties? Bounded Model Checking (BMC) to falsify properties Blackbox Designs → partial circuit implementations, e.g., in early design phase → BMC of blackbox designs feasible by using 01X-logic and/or QBF (MTV’05, MTV’06, EuroCAST’07) Lifting → Simplification of counterexamples obtained from BMC This work → Simplification of 01X-counterexamples by 01X-Lifting → Automated Blackbox Synthesis by 01X-Lifting

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions Background Formal Verification of Circuits → Correctness of implementation wrt. its specification → Combinational Equivalence Checking: “Golden” reference circuit vs. implementation → Model Checking Model Checking: Does circuit fulfill (temporal) properties? Bounded Model Checking (BMC) to falsify properties Blackbox Designs → partial circuit implementations, e.g., in early design phase → BMC of blackbox designs feasible by using 01X-logic and/or QBF (MTV’05, MTV’06, EuroCAST’07) Lifting → Simplification of counterexamples obtained from BMC This work → Simplification of 01X-counterexamples by 01X-Lifting → Automated Blackbox Synthesis by 01X-Lifting

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions Background Formal Verification of Circuits → Correctness of implementation wrt. its specification → Combinational Equivalence Checking: “Golden” reference circuit vs. implementation → Model Checking Model Checking: Does circuit fulfill (temporal) properties? Bounded Model Checking (BMC) to falsify properties Blackbox Designs → partial circuit implementations, e.g., in early design phase → BMC of blackbox designs feasible by using 01X-logic and/or QBF (MTV’05, MTV’06, EuroCAST’07) Lifting → Simplification of counterexamples obtained from BMC This work → Simplification of 01X-counterexamples by 01X-Lifting → Automated Blackbox Synthesis by 01X-Lifting

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions Background Formal Verification of Circuits → Correctness of implementation wrt. its specification → Combinational Equivalence Checking: “Golden” reference circuit vs. implementation → Model Checking Model Checking: Does circuit fulfill (temporal) properties? Bounded Model Checking (BMC) to falsify properties Blackbox Designs → partial circuit implementations, e.g., in early design phase → BMC of blackbox designs feasible by using 01X-logic and/or QBF (MTV’05, MTV’06, EuroCAST’07) Lifting → Simplification of counterexamples obtained from BMC This work → Simplification of 01X-counterexamples by 01X-Lifting → Automated Blackbox Synthesis by 01X-Lifting

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions Bounded Model Checking Bounded Model Checking (BMC) of sequential systems ( k − 1 ) � BMC ( k ) = I ( s 0 ) · T ( s i , x i , s ( i + 1 ) ) · P ( s k ) i = 0 whereby: I ( s 0 ) : initial states predicate T ( s i , x i , s ( i + 1 ) ) : transition relation P ( s k ) : predicate for property ( AG p ) Application of BMC Check finite unfoldings of depth k , start with k = 0 Convert BMC ( k ) into SAT-formula → apply SAT-solver Stop if counterexample is found, otherwise increment k

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions BMC of Blackbox Designs using 01X-Logic: Example Y q0 p Black− box q1 q ′ q ′ 0 = q 0 + y + Z 1 = q 0 + q 1 p = q 0 ⊕ q 1 Property: AG ( ¬ p )

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions BMC of Blackbox Designs using 01X-Logic: Example Y q0 X 0 p Black− box 0 q1 1 step y q 0 q 1 p 0 — 0 1 0

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions BMC of Blackbox Designs using 01X-Logic: Example 1 Y q0 X 1 p Black− box 0 q1 1 step y q 0 q 1 p 0 — 0 1 0 1 1 1 1 0

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions BMC of Blackbox Designs using 01X-Logic: Example 0 Y q0 X 1 p Black− box 1 q1 1 step y q 0 q 1 p 0 — 0 1 0 1 1 1 1 0 2 0 1 1 1

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions BMC of Blackbox Designs using 01X-Logic: Basics 01X-BB-BMC: BMC of Blackbox Designs using 01X-Logic 1 Blackbox outputs are unknown 2 ⇒ use logical value X , i.e., X = unknown whether 0 or 1 ⇒ use additional variable Z , and assign Z = X 01X-Logic 3 NOT 01X ( a ) AND 01X ( a , b ) a b 0 1 X 0 1 a 1 0 0 0 0 0 X X 1 0 1 X X 0 X X Deciding satisfiability for 01X-BB-BMC 4 → Apply two-valued encoding and solve purely propositional SAT problem (see Herbstritt et al. MTV’07, MTV’06, EuroCAST’07)

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions 01X-BB-BMC: Two-valued encoding Two-valued encoding for 01X-Logic (see Jain et al. VTS’00) Mapping of 01X-values to tuples of propositional values 01X-value z encoding ( z 0 , z 1 ) 0 (1,0) 1 (0,1) X (0,0) Synthesis transformation using propositional operations NOT 01X ( a ) = [ a 1 , a 0 ] AND 01X ( a , b ) = [ a 0 + b 0 , a 1 · b 1 ] OR 01X ( a , b ) = [ a 0 · b 0 , a 1 + b 1 ] Transformation preserves uniform encoding of value X

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions Lifting Lifting: Simplification of BMC-counterexamples (see Ravi/Somenzi TACAS’04) Brute-Force-Lifting for Complete Designs: 1: procedure B RUTE F ORCE L IFTING ( ˆ F , o , A ) F ′′ ← substitute o with o in ˆ F 2: for each (literal l ∈ A ) 3: F ′ ← F ′′ ∧ � ( A \ l ) 4: if (S AT S OLVE ( F ′ ) � = SATISFIABLE ) then 5: A ← A \ l 6: end if 7: end for 8: return A 9: 10: end procedure

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions Lifting Example Formula: ( a + b ) · ( a + c + d ) · ( a + b + c ) Solution: { a , b , c , d } Lifting with different order Order a < b < c < d : { b , c } is irreducible solution Order b < a < c < d : { a , c , d } is irreducible solution

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions 01X-Lifting: Lifting Strategies Pair Lifting (PL) 01X-variable a is encoded by a tuple ( a 0 , a 1 ) . Lift both variables a 0 and a 1 in parallel. a not lifted → remains as fully specified 01X-value. Pair-Split Lifting (PSL) In contrast to PL: lifting only a 0 or a 1 is allowed. Bisection of 01X-value a → a can be 0 or X , but definitely not 1. Single-Encoding-Variable Lifting (SEVL) If only one of the two variables a 0 or a 1 are assigned, lift these variables first. May be used as preprocessing.

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions 01X-Lifting: Lifting Strategies Pair Lifting (PL) 01X-variable a is encoded by a tuple ( a 0 , a 1 ) . Lift both variables a 0 and a 1 in parallel. a not lifted → remains as fully specified 01X-value. Pair-Split Lifting (PSL) In contrast to PL: lifting only a 0 or a 1 is allowed. Bisection of 01X-value a → a can be 0 or X , but definitely not 1. Single-Encoding-Variable Lifting (SEVL) If only one of the two variables a 0 or a 1 are assigned, lift these variables first. May be used as preprocessing.

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions 01X-Lifting: Lifting Strategies Pair Lifting (PL) 01X-variable a is encoded by a tuple ( a 0 , a 1 ) . Lift both variables a 0 and a 1 in parallel. a not lifted → remains as fully specified 01X-value. Pair-Split Lifting (PSL) In contrast to PL: lifting only a 0 or a 1 is allowed. Bisection of 01X-value a → a can be 0 or X , but definitely not 1. Single-Encoding-Variable Lifting (SEVL) If only one of the two variables a 0 or a 1 are assigned, lift these variables first. May be used as preprocessing.

Introduction Preliminaries 01X-Brute-Force Lifting Automated Blackbox Synthesis Conclusions VLIW ALU VLIW ALU: 4 functional units FU 0 , FU 1 , FU 2 , FU 3 . Parameterizable in word-width (2,4,16,...) Error in FU 3 : OR instead of XOR . Blackboxes: FU 0 and FU 1 are blackbox’ed.