Applications for Automated Reasoning Marijn J.H. Heule - PowerPoint PPT Presentation

Applications for Automated Reasoning Marijn J.H. Heule http://www.cs.cmu.edu/~mheule/15816-f19/ Automated Reasoning and Satisfiability, September 5, 2019 1/38

Automated Reasoning Has Many Applications security planning and formal verification bioinformatics scheduling train safety automated exploit term rewriting theorem proving generation termination SAT/SMT solver encode decode 2/38

Automated Reasoning Has Many Applications security planning and formal verification bioinformatics scheduling train safety automated exploit term rewriting theorem proving generation termination SAT/SMT solver encode decode 2/38

Overview Applications: ◮ Equivalence checking ◮ Hardware and software optimization ◮ Bounded model checking ◮ Hardware and software verification ◮ Graph problems and symmetry breaking ◮ Ramsey numbers, unavoidable subgraphs ◮ Arithmetic operations ◮ Factorization, term rewriting 3/38

Equivalence Checking 4/38

Equivalence checking introduction Given two formulae, are they equivalent? Applications: ◮ Hardware and software optimization ◮ Software to FPGA conversion 5/38

Equivalence checking example original C code if(!a && !b) h(); else if(!a) g(); else f(); 6/38

Equivalence checking example original C code if(!a && !b) h(); else if(!a) g(); else f(); ⇓ if(!a) { if(!b) h(); else g(); } else f(); 6/38

Equivalence checking example original C code if(!a && !b) h(); else if(!a) g(); else f(); ⇓ if(!a) { if(a) f(); else { if(!b) h(); ⇒ else g(); } if(!b) h(); else g(); } else f(); 6/38

Equivalence checking example original C code optimized C code if(!a && !b) h(); if(a) f(); else if(!a) g(); else if(b) g(); else f(); else h(); ⇓ ⇑ if(!a) { if(a) f(); else { if(!b) h(); ⇒ else g(); } if(!b) h(); else g(); } else f(); 6/38

Equivalence checking example original C code optimized C code if(!a && !b) h(); if(a) f(); else if(!a) g(); else if(b) g(); else f(); else h(); ⇓ ⇑ if(!a) { if(a) f(); else { if(!b) h(); ⇒ else g(); } if(!b) h(); else g(); } else f(); Are these two code fragments equivalent? 6/38

Equivalence checking encoding (1) 1. represent procedures as Boolean variables original C code := optimized C code := if a ∧ b then h if a then f else if a then g else if b then g else f else h 7/38

Equivalence checking encoding (1) 1. represent procedures as Boolean variables original C code := optimized C code := if a ∧ b then h if a then f else if a then g else if b then g else f else h 2. compile code into Conjunctive Normal Form compile ( if x then y else z ) ≡ ( x ∨ y ) ∧ ( x ∨ z ) 7/38

Equivalence checking encoding (1) 1. represent procedures as Boolean variables original C code := optimized C code := if a ∧ b then h if a then f else if a then g else if b then g else f else h 2. compile code into Conjunctive Normal Form compile ( if x then y else z ) ≡ ( x ∨ y ) ∧ ( x ∨ z ) 3. check equivalence of Boolean formulae compile ( original C code ) ⇔ compile ( optimized C code ) 7/38

Equivalence checking encoding (2) compile ( original C code ): if a ∧ b then h else if a then g else f ≡ (( a ∧ b ) ∨ h ) ∨ (( a ∧ b ) ∨ ( if a then g else f )) ≡ ( a ∨ b ∨ h ) ∨ (( a ∧ b ) ∨ (( a ∨ g ) ∧ ( a ∨ f )) 8/38

Equivalence checking encoding (2) compile ( original C code ): if a ∧ b then h else if a then g else f ≡ (( a ∧ b ) ∨ h ) ∨ (( a ∧ b ) ∨ ( if a then g else f )) ≡ ( a ∨ b ∨ h ) ∨ (( a ∧ b ) ∨ (( a ∨ g ) ∧ ( a ∨ f )) compile ( optimized C code ): if a then f else if b then g else h ≡ ( a ∨ f ) ∧ ( a ∨ ( if b then g else h )) ≡ ( a ∨ f ) ∧ ( a ∨ (( b ∨ g ) ∧ ( b ∨ h )) 8/38

Equivalence checking encoding (2) compile ( original C code ): if a ∧ b then h else if a then g else f ≡ (( a ∧ b ) ∨ h ) ∨ (( a ∧ b ) ∨ ( if a then g else f )) ≡ ( a ∨ b ∨ h ) ∨ (( a ∧ b ) ∨ (( a ∨ g ) ∧ ( a ∨ f )) compile ( optimized C code ): if a then f else if b then g else h ≡ ( a ∨ f ) ∧ ( a ∨ ( if b then g else h )) ≡ ( a ∨ f ) ∧ ( a ∨ (( b ∨ g ) ∧ ( b ∨ h )) ( a ∨ b ∨ h ) ∨ (( a ∧ b ) ∨ (( a ∨ g ) ∧ ( a ∨ f )) � ( a ∨ f ) ∧ ( a ∨ (( b ∨ g ) ∧ ( b ∨ h )) 8/38

Checking (in)equivalence Reformulate it as a satisfiability (SAT) problem: Is there an assignment to a, b, f , g, and h, which results in different evaluations of the compiled codes? 9/38

Checking (in)equivalence Reformulate it as a satisfiability (SAT) problem: Is there an assignment to a, b, f , g, and h, which results in different evaluations of the compiled codes? or equivalently: Is the Boolean formula compile ( original C code ) � compile ( optimized C code ) satisfiable? Such an assignment would provide a counterexample 9/38

Checking (in)equivalence Reformulate it as a satisfiability (SAT) problem: Is there an assignment to a, b, f , g, and h, which results in different evaluations of the compiled codes? or equivalently: Is the Boolean formula compile ( original C code ) � compile ( optimized C code ) satisfiable? Such an assignment would provide a counterexample Note: by concentrating on counterexamples we moved from Co-NP to NP (not really important for applications) 9/38

Equivalence Checking via Miters Equivalence checking is mostly used to validate whether two hardware designs (circuits) are functionally equivalent. Given two circuits, a miter is circuit that tests whether there exists an input for both circuits such that the output differs. 10/38

Bounded Model Checking 11/38

Bounded Model Checking (BMC) Given a property p : (e.g. signal a = signal b ) 12/38

Bounded Model Checking (BMC) Given a property p : (e.g. signal a = signal b ) Is there a state reachable in k steps, which satisfies p ? p p p p p p S 0 S 1 S 2 S 3 S k − 1 S k 12/38

Bounded Model Checking (BMC) Given a property p : (e.g. signal a = signal b ) Is there a state reachable in k steps, which satisfies p ? p p p p p p S 0 S 1 S 2 S 3 S k − 1 S k Turing award 2007 for Model Checking Edmund M. Clarke, E. Allen Emerson and Joseph Sifakis 12/38

BMC Encoding (1) The reachable states in k steps are captured by: I ( S 0 ) ∧ T ( S 0 , S 1 ) ∧ · · · ∧ T ( S k − 1 , S k ) The property p fails in one of the k steps by: P ( S 0 ) ∨ P ( S 1 ) ∨ · · · ∨ P ( S k ) 13/38

BMC Encoding (2) The safety property p is valid up to step k if and only if F ( k ) is unsatisfiable: k − 1 k � � F ( k ) = I ( S 0 ) ∧ T ( S i , S i +1 )) ∧ P ( S i ) i =0 i =0 p p p p p p S 0 S 1 S 2 S 3 S k − 1 S k 14/38

Bounded Model Checking Example: Two-bit counter 00 11 Initial state I : l 0 = 0 , r 0 = 0 l i +1 = l i ⊕ r i , Transition T : r i +1 = r i Property P : l i ∨ r i 01 10 15/38

Bounded Model Checking Example: Two-bit counter 00 11 Initial state I : l 0 = 0 , r 0 = 0 l i +1 = l i ⊕ r i , Transition T : r i +1 = r i Property P : l i ∨ r i 01 10   ( l 0 ∧ r 0 ) ∨ � � l 1 = l 0 ⊕ r 0 ∧ r 1 = r 0 ∧ F (2) = ( l 0 ∧ r 0 ) ∧ ∧ ( l 1 ∧ r 1 ) ∨   l 2 = l 1 ⊕ r 1 ∧ r 2 = r 1 ( l 2 ∧ r 2 ) 15/38

Bounded Model Checking Example: Two-bit counter 00 11 Initial state I : l 0 = 0 , r 0 = 0 l i +1 = l i ⊕ r i , Transition T : r i +1 = r i Property P : l i ∨ r i 01 10   ( l 0 ∧ r 0 ) ∨ � � l 1 = l 0 ⊕ r 0 ∧ r 1 = r 0 ∧ F (2) = ( l 0 ∧ r 0 ) ∧ ∧ ( l 1 ∧ r 1 ) ∨   l 2 = l 1 ⊕ r 1 ∧ r 2 = r 1 ( l 2 ∧ r 2 ) For k = 2, F ( k ) is unsatisfiable; for k = 3 it is satisfiable 15/38

Graphs and Symmetries 16/38

Graph coloring Given a graph G ( V , E ), can the vertices be colored with k colors such that for each edge ( v , w ) ∈ E , the vertices v and w are colored differently. Problem: Many symmetries!!! 17/38

Graph coloring encoding Variables Range Meaning i ∈ { 1 , . . . , c } x v , i v ∈ { 1 , . . . , | V |} node v has color i Clauses Range Meaning ( x v , 1 ∨ x v , 2 ∨ · · · ∨ x v , c ) v ∈ { 1 , . . . , | V |} v is colored s ∈ { 1 , . . . , c − 1 } v has at most ( x v , s ∨ x v , t ) t ∈ { s + 1 , . . . , c } one color v and w have a ( x v , i ∨ x w , i ) ( v , w ) ∈ E different color ??? ??? breaking symmetry 18/38

Unavoidable Subgraphs and Ramsey Numbers A connected undirected graph G is an unavoidable subgraph of clique K of order n if any red/blue edge-coloring of the edges of K contains G either in red or in blue. Ramsey Number R ( k ): What 1 2 is the smallest n such that any graph with n vertices has either a clique or a co-clique of size k ? 6 3 R (3) = 6 R (4) = 18 5 4 43 ≤ R (5) ≤ 49 SAT solvers can determine that R (4) = 18 in 1 second using symmetry breaking; w/o symmetry breaking it requires weeks. 19/38