exploiting resolution proofs to speed up ltl vacuity
play

Exploiting Resolution Proofs to Speed Up LTL Vacuity Detection for - PowerPoint PPT Presentation

Dec 19, 2022 •126 likes •1.15k views

Exploiting Resolution Proofs to Speed Up LTL Vacuity Detection for BMC Jocelyn Simmonds Jessica Davies Marsha Chechik Department of Computer Science, University of Toronto Arie Gurfinkel Software Engineering Institute at Carnegie Mellon

  1. Bounded Model Checking (BMC) Check if property p holds up to k steps on model M: M | = k p i.e., can we reach a state in k steps that satisfies ¬ p? b c b c Model Model Model Property Property Property {b,c} {b,c} {c} {c} {a,b} {a,b} "unroll" p holds "unroll" "unroll" p holds p holds transition relation at some step transition relation transition relation at some step at some step ( a ), ( b ), ( c ) ( b ), ( c ) 0 0 0 0 0 k = 0 SAT solver SAT solver SAT solver SAT SAT SAT UNSAT UNSAT UNSAT M p M p M p M p M p M p k k k k k k Output: counter− Output: counter− Output: counter− Output: resolution Output: resolution Output: resolution example example example proof proof proof 6 / 25

  2. Bounded Model Checking (BMC) Check if property p holds up to k steps on model M: M | = k p i.e., can we reach a state in k steps that satisfies ¬ p? b c b c b c Model Model Model Model Property Property Property Property {b,c} {b,c} {b,c} {c} {c} {c} {a,b} {a,b} {a,b} "unroll" "unroll" p holds p holds "unroll" "unroll" p holds p holds transition relation transition relation at some step at some step transition relation transition relation at some step at some step ( a ), ( b ), ( c ) ( a ), ( b ), ( c ) ( b ), ( c ) ( b ), ( c ) 0 0 0 0 0 0 0 0 0 0 k = 0 SAT solver SAT solver SAT solver SAT solver ( c ) ( c ) 0 0 SAT SAT SAT SAT UNSAT UNSAT UNSAT UNSAT M p M p M p M p M p M p M p M p ( ) k k k k k k k k Output: counter− Output: counter− Output: counter− Output: counter− Output: resolution Output: resolution Output: resolution Output: resolution example example example example proof proof proof proof 6 / 25

  3. Bounded Model Checking (BMC) Check if property p holds up to k steps on model M: M | = k p i.e., can we reach a state in k steps that satisfies ¬ p? b c b c b c Model Model Model Model Property Property Property Property {b,c} {b,c} {b,c} {c} {c} {c} {a,b} {a,b} {a,b} "unroll" "unroll" p holds p holds "unroll" "unroll" p holds p holds transition relation transition relation at some step at some step G OAL : use resolution proof for vacuity detection transition relation transition relation at some step at some step ( a ), ( b ), ( c ) ( a ), ( b ), ( c ) ( b ), ( c ) ( b ), ( c ) 0 0 0 0 0 0 0 0 0 0 focus on variable vacuity k = 0 use naive detection as baseline for comparison SAT solver SAT solver SAT solver SAT solver ( c ) ( c ) 0 0 SAT SAT SAT SAT UNSAT UNSAT UNSAT UNSAT M p M p M p M p M p M p M p M p ( ) k k k k k k k k Output: counter− Output: counter− Output: counter− Output: counter− Output: resolution Output: resolution Output: resolution Output: resolution example example example example proof proof proof proof 6 / 25

  4. Outline Model Checking Sanity Checks Naive Vacuity Detection Brief Overview of Vacuity Detection Bounded Model Checking New methods: Irrelevance Local Irrelevance Peripherality Implementation: V AQ T REE Experiments Conclusions and Future Work 7 / 25

  5. Algorithm 1 - Irrelevance ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property 8 / 25

  6. Algorithm 1 - Irrelevance ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () 8 / 25

  7. Algorithm 1 - Irrelevance ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () Variables in the property but not in the UNSAT core are irrelevant 8 / 25

  8. Algorithm 1 - Irrelevance ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () Variables in the property but not in the UNSAT core are irrelevant 8 / 25

  9. Algorithm 1 - Irrelevance ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () Variables in the property but not in the UNSAT core are irrelevant 8 / 25

  10. Algorithm 1 - Irrelevance ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () Variables in the property but not in the UNSAT core are irrelevant 8 / 25

  11. Algorithm 1 - Irrelevance ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () Variables in the property but not in the UNSAT core are irrelevant 8 / 25

  12. Algorithm 1 - Irrelevance ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () Variables in the property but not in the UNSAT core are irrelevant V ACUITY : d, e, f not in UNSAT core ⇒ irrelevant ⇒ vacuous 8 / 25

  13. Algorithm 1 - Irrelevance ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () Variables in the property but not in the UNSAT core are irrelevant V ACUITY : d, e, f not in UNSAT core ⇒ irrelevant ⇒ vacuous Linear in size of UNSAT core 8 / 25

  14. Algorithm 1 - Irrelevance ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () Variables in the property but not in the UNSAT core are irrelevant V ACUITY : d, e, f not in UNSAT core ⇒ irrelevant ⇒ vacuous Linear in size of UNSAT core Very incomplete 8 / 25

  15. Algorithm 2 - Local Irrelevance Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () 9 / 25

  16. Algorithm 2 - Local Irrelevance Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () Variables that only appear in the property part of the UNSAT core are locally irrelevant 9 / 25

  17. Algorithm 2 - Local Irrelevance Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () s Variables that only appear in the property part of the UNSAT core are locally irrelevant 9 / 25

  18. Algorithm 2 - Local Irrelevance Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () ss Variables that only appear in the property part of the UNSAT core are locally irrelevant 9 / 25

  19. Algorithm 2 - Local Irrelevance Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () sss Variables that only appear in the property part of the UNSAT core are locally irrelevant 9 / 25

  20. Algorithm 2 - Local Irrelevance Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () sss Variables that only appear in the property part of the UNSAT core are locally irrelevant V ACUITY : a only in Property part of the UNSAT core ⇒ locally irrelevant ⇒ vacuous 9 / 25

  21. Algorithm 2 - Local Irrelevance Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () sss Variables that only appear in the property part of the UNSAT core are locally irrelevant V ACUITY : a only in Property part of the UNSAT core ⇒ locally irrelevant ⇒ vacuous Linear in size of UNSAT core 9 / 25

  22. Algorithm 2 - Local Irrelevance Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () sss Variables that only appear in the property part of the UNSAT core are locally irrelevant V ACUITY : a only in Property part of the UNSAT core ⇒ locally irrelevant ⇒ vacuous Linear in size of UNSAT core More precise than Irrelevance 9 / 25

  23. Algorithm 2 - Local Irrelevance Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () sss Variables that only appear in the property part of the UNSAT core are locally irrelevant V ACUITY : a only in Property part of the UNSAT core ⇒ locally irrelevant ⇒ vacuous Linear in size of UNSAT core More precise than Irrelevance Still very incomplete 9 / 25

  24. Algorithm 3 - Peripherality Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) Variables that are not central to the proof are peripheral

  25. Algorithm 3 - Peripherality Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) Variables that are not central to the proof are peripheral

  26. Algorithm 3 - Peripherality Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) Variables that are not central to the proof are peripheral

  27. Algorithm 3 - Peripherality Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) Variables that are not central to the proof are peripheral

  28. Algorithm 3 - Peripherality Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () Variables that are not central to the proof are peripheral

  29. Algorithm 3 - Peripherality Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () Variables that are not central to the proof are peripheral

  30. Algorithm 3 - Peripherality Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) () Variables that are not central to the proof are peripheral

  31. Algorithm 3 - Peripherality Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) Resolution on b () occurs in Property Variables that are not central to the proof are peripheral

  32. Algorithm 3 - Peripherality Property Model ( ¬ a ) ( a ∨ b ) ( ¬ b ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( b ) ( c ) ( ¬ b ) Resolution on b () occurs in Property Variables that are not central to the proof are peripheral

  33. Algorithm 3 - Peripherality Property Model ( ¬ a ) ( a ∨ x ) ( ¬ x ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( x ) ( c ) ( ¬ b ) Resolution on b () occurs in Property Can replace b by x in Property Variables that are not central to the proof are peripheral

  34. Algorithm 3 - Peripherality Property Model ( ¬ a ) ( a ∨ x ) ( ¬ x ∨ c ) ( ¬ b ∨ ¬ c ) ( b ) ( x ) ( c ) ( ¬ b ) () Variables that are not central to the proof are peripheral

  35. Algorithm 3 - Peripherality Property Model ( ¬ a ) ( a ∨ x ) ( ¬ x ∨ y ) ( ¬ b ∨ ¬ c ) ( b ) ( x ) ( y ) ( ¬ b ) Cannot replace c () by y in this proof Variables that are not central to the proof are peripheral 10 / 25

  36. Algorithm 3 - Peripherality Property Model ( ¬ a ) ( a ∨ x ) ( ¬ x ∨ y ) ( ¬ b ∨ ¬ c ) ( b ) ( x ) ( y ) ( ¬ b ) Cannot replace c () by y in this proof Variables that are not central to the proof are peripheral 10 / 25

  37. Algorithm 3 - Peripherality Property Model ( ¬ a ) ( a ∨ x ) ( ¬ x ∨ y ) ( ¬ b ∨ ¬ c ) ( b ) ( x ) ( y ) ( ¬ b ) Cannot replace c () by y in this proof Variables that are not central to the proof are peripheral V ACUITY : replaced b by x in Property without changing proof ⇒ peripheral ⇒ vacuous 10 / 25

  38. Algorithm 3 - Peripherality Property Model ( ¬ a ) ( a ∨ x ) ( ¬ x ∨ y ) ( ¬ b ∨ ¬ c ) ( b ) ( x ) ( y ) ( ¬ b ) Cannot replace c () by y in this proof Variables that are not central to the proof are peripheral V ACUITY : replaced b by x in Property without changing proof ⇒ peripheral ⇒ vacuous Linear in size of resolution proof 10 / 25

  39. Algorithm 3 - Peripherality Property Model ( ¬ a ) ( a ∨ x ) ( ¬ x ∨ y ) ( ¬ b ∨ ¬ c ) ( b ) ( x ) ( y ) ( ¬ b ) Cannot replace c () by y in this proof Variables that are not central to the proof are peripheral V ACUITY : replaced b by x in Property without changing proof ⇒ peripheral ⇒ vacuous Linear in size of resolution proof If p is vacuous, there exists a resolution proof s.t. p is peripheral 10 / 25

  40. Complete Analysis G OAL : complete analysis using Naive Detection for leftover variables E XAMPLE : ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property 11 / 25

  41. Complete Analysis G OAL : complete analysis using Naive Detection for leftover variables E XAMPLE : ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property I RRELEVANCE ALGORITHM 11 / 25

  42. Complete Analysis G OAL : complete analysis using Naive Detection for leftover variables E XAMPLE : ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property I RRELEVANCE ALGORITHM d,e,f are vacuous 11 / 25

  43. Complete Analysis G OAL : complete analysis using Naive Detection for leftover variables E XAMPLE : ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property I RRELEVANCE ALGORITHM d,e,f are vacuous C OMPLETING STEP 11 / 25

  44. Complete Analysis G OAL : complete analysis using Naive Detection for leftover variables E XAMPLE : ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property I RRELEVANCE ALGORITHM d,e,f are vacuous C OMPLETING STEP 6 extra model checking runs 11 / 25

  45. Complete Analysis G OAL : complete analysis using Naive Detection for leftover variables E XAMPLE : ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property I RRELEVANCE ALGORITHM d,e,f are vacuous C OMPLETING STEP 6 extra model checking runs M | = p [ a ← true ] ? M | = p [ a ← false ] ? 11 / 25

  46. Complete Analysis G OAL : complete analysis using Naive Detection for leftover variables E XAMPLE : ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property I RRELEVANCE ALGORITHM d,e,f are vacuous C OMPLETING STEP 6 extra model checking runs M | = p [ a ← true ] ? p is vacuous w.r.t. a iff = p [ a ← true ] = M | M | = p [ a ← false ] ? M | = p [ a ← false ] 11 / 25

  47. Complete Analysis G OAL : complete analysis using Naive Detection for leftover variables E XAMPLE : ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property I RRELEVANCE ALGORITHM d,e,f are vacuous C OMPLETING STEP 6 extra model checking runs M | = p [ a ← true ] ? p is vacuous w.r.t. a iff = p [ a ← true ] = M | M | = p [ a ← false ] ? M | = p [ a ← false ] Similar for b,c 11 / 25

  48. Complete Analysis G OAL : complete analysis using Naive Detection for leftover variables E XAMPLE : ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property I RRELEVANCE ALGORITHM d,e,f are vacuous C OMPLETING STEP 6 extra model checking runs M | = p [ a ← true ] ? p is vacuous w.r.t. a iff = p [ a ← true ] = M | M | = p [ a ← false ] ? M | = p [ a ← false ] Similar for b,c I RRELEVANCE METHOD : Irrelevance algorithm + completing step 11 / 25

  49. Complete Analysis G OAL : complete analysis using Naive Detection for leftover variables E XAMPLE : ( ¬ b ∨ ¬ c ) , ( b ) , ( ¬ e ) , ( d ∨ f ) Model ( ¬ a ) , ( a ∨ b ) , ( ¬ b ∨ c ) , ( d ∨ e ∨ f ) , ( a ∨ ¬ c ∨ d ) Property I RRELEVANCE ALGORITHM d,e,f are vacuous C OMPLETING STEP 6 extra model checking runs M | = p [ a ← true ] ? p is vacuous w.r.t. a iff = p [ a ← true ] = M | M | = p [ a ← false ] ? M | = p [ a ← false ] Similar for b,c I RRELEVANCE METHOD : Irrelevance algorithm + completing step Local Irrelevance and Peripherality are also extended in this manner 11 / 25

  50. V AQ T REE : Vacuity Detection Framework Model property To our knowledge, V AQ T REE is the first vacuity detection tool for BMC A: SMV −> CNF [A] N U SMV v. 2.3.1, modified to Translator identify model/property clauses [B] M INI S AT -p v. 1.14, modified to B: Proof−outputting SAT solver output XML proof [C] New component (Java) C: Proof Analyzer proof analysis done in memory 700 MB of RAM ≈ 2.5 million D: Completing Step resolutions [D] New component (Perl) VaqTree Vacuity Results 12 / 25

  51. Evaluation G OALS : Compare effectiveness of the three algorithms how many vacuous variables can each algorithm detect? Evaluate the performance of the three methods, using Naive Detection as a baseline are any of our methods faster than Naive Detection? B ENCHMARKS : Models and properties from the N U SMV distribution Models and properties from the IBM Formal Verification Benchmarks Library 13 / 25

  52. Benchmark 1 S ETUP Models and properties: N U SMV distribution 121 properties: 99 present vacuity 2 - 4 temporal operators per property, from { G, F , U, X } 6 variables on average, 26 max., 1 min. Largest proof: 2.5 million resolutions 14 / 25

  53. Interpreting Performance Graphs "Algorithm" (s) Naive detection (s) 15 / 25

  54. Interpreting Performance Graphs Plotting execution times � "Algorithm" (s) � � � � � � � � � � � � � � � � � � �� �� � � � � � � � � � �� �� � � � � Naive detection (s) 15 / 25

  55. Interpreting Performance Graphs � � "Algorithm" (s) "Algorithm" (s) � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �� �� �� �� � � � � � � � � � � � � � � � � � � �� �� �� �� Naive � � � � Detection � � � � is faster here Naive detection (s) Naive detection (s) 15 / 25

  56. Interpreting Performance Graphs “Method” is faster here � � � "Algorithm" (s) "Algorithm" (s) "Algorithm" (s) � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �� �� �� �� �� �� � � � � � � � � � � � � � � � � � � � � � � � � � � � �� �� �� �� �� �� � � � � � � � � � � � � Naive detection (s) Naive detection (s) Naive detection (s) 15 / 25

  57. Interpreting Performance Graphs � � � � "Algorithm" (s) "Algorithm" (s) "Algorithm" (s) "Algorithm" (s) � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �� �� �� �� �� �� �� �� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �� �� �� �� �� �� �� �� “Method” is � � � � � � � � faster by an � � � � � � � � order of magnitude Naive detection (s) Naive detection (s) Naive detection (s) Naive detection (s) here 15 / 25

  58. Benchmark 1: Performance A B Local Irrelevance (s) Local Irrelevance (s) Irrelevance (s) Irrelevance (s) Naive detection (s) Naive detection (s) Naive detection (s) Naive detection (s) Execution times measured C for complete methods Peripherality (s) Peripherality (s) Naive detection (s) Naive detection (s) 16 / 25

  59. Benchmark 1: Performance A B Local Irrelevance (s) Local Irrelevance (s) Irrelevance (s) Irrelevance (s) Naive detection (s) Naive detection (s) Naive detection (s) Naive detection (s) Execution times measured C for complete methods Peripherality (s) Peripherality (s) Peripherality is much slower in some cases Naive detection (s) Naive detection (s) 16 / 25

  60. Why is Peripherality much slower in some cases? Naive Detection Peripherality Φ 1 = M | = p 1 Φ = M | = p Φ 2 = M | = p 2 . . . Φ n = M | = p n

  61. Why is Peripherality much slower in some cases? Low clause/variable ratio Peripherality (s) Peripherality (s) No vacuous variables Large resolution proofs Naive detection (s) Naive detection (s) Naive Detection Peripherality Φ 1 = M | = p 1 Φ = M | = p Φ 2 = M | = p 2 . . . Φ n = M | = p n

  62. Why is Peripherality much slower in some cases? Low clause/variable ratio Peripherality (s) Peripherality (s) No vacuous variables Large resolution proofs Naive detection (s) Naive detection (s) Naive Detection Peripherality Φ 1 = M | = p 1 Φ = M | = p UNSAT Φ 2 = M | = p 2 SAT . . . Φ n = M | = p n 17 / 25

  63. Why is Peripherality much slower in some cases? Low clause/variable ratio Peripherality (s) Peripherality (s) No vacuous variables Large resolution proofs Naive detection (s) Naive detection (s) Naive Detection Peripherality Φ 1 = M | = p 1 Φ = M | = p UNSAT Φ 2 = M | = p 2 SAT . . . Φ n = M | = p n T time: τ 1 , τ 2 , . . . τ n to find sat. assignment periph. analysis 17 / 25

  64. Why is Peripherality much slower in some cases? Low clause/variable ratio Peripherality (s) Peripherality (s) No vacuous variables Large resolution proofs Naive detection (s) Naive detection (s) Naive Detection Peripherality Φ 1 = M | = p 1 Φ = M | = p UNSAT Φ 2 = M | = p 2 SAT . . . Φ n = M | = p n T time: τ 1 , τ 2 , . . . τ n to find sat. assignment periph. analysis τ i <<< T 17 / 25

  65. Why is Peripherality much slower in some cases? Low clause/variable ratio Peripherality (s) Peripherality (s) No vacuous variables Large resolution proofs Naive detection (s) Naive detection (s) Naive Detection Peripherality Φ 1 = M | = p 1 Φ = M | = p UNSAT Φ 2 = M | = p 2 SAT . . . Φ n = M | = p n T time: τ 1 , τ 2 , . . . τ n to find sat. assignment periph. analysis τ i <<< T � τ i <<< T 17 / 25

  66. Interpreting Effectiveness Graphs Less precise algorithm �� �� � �� �� �� �� � � � � � �� �� �� �� � �� �� �� �� � � �� �� �� �� � � � � More precise algorithm 18 / 25

  67. Interpreting Effectiveness Graphs # vacuous variables found: ( x , y ) x = found by X-axis algorithm y = found by Y-axis algorithm Less precise algorithm �� �� � �� �� �� �� � � � � � �� �� �� �� � �� �� �� �� � � �� �� �� �� � � � � More precise algorithm 18 / 25

  68. Interpreting Effectiveness Graphs # vacuous variables found: ( x , y ) x = found by X-axis algorithm y = found by Y-axis algorithm Less precise algorithm �� �� � �� �� �� �� X-axis algorithm is more precise, � � � so x ≥ y always � � �� �� �� �� � �� �� �� �� � � �� �� �� �� � � � � More precise algorithm 18 / 25

  69. Interpreting Effectiveness Graphs # vacuous variables found: ( x , y ) x = found by X-axis algorithm y = found by Y-axis algorithm Less precise algorithm �� �� � �� �� �� �� X-axis algorithm is more precise, � � � so x ≥ y always � � �� �� �� �� � �� �� �� �� � � �� �� �� �� � � � � Larger point = more test cases More precise algorithm 18 / 25

  70. Benchmark 1: Effectiveness A B C Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Irrelevance Irrelevance Irrelevance Irrelevance Irrelevance Irrelevance Irrelevance Irrelevance ≥ 40% ≥ 40% ≥ 40% ≥ 40% ≥ 40% ≥ 40% ≥ 40% ≥ 40% ≥ 40% Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Naive detection Naive detection Naive detection Naive detection Naive detection Naive detection Naive detection Naive detection Naive detection 19 / 25

  71. Benchmark 1: Effectiveness A B C Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Irrelevance Irrelevance Irrelevance Irrelevance Irrelevance Irrelevance Irrelevance Irrelevance ≥ 40% ≥ 40% ≥ 40% ≥ 40% ≥ 40% ≥ 40% ≥ 40% ≥ 40% ≥ 40% Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Naive detection Naive detection Naive detection Naive detection Naive detection Naive detection Naive detection Naive detection Naive detection Reduced # of extra model checking runs: ≥ 40% reduction in 54% of cases with vacuity 19 / 25

  72. Benchmark 1: Effectiveness A B C Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Irrelevance Irrelevance Irrelevance Irrelevance Irrelevance Irrelevance Irrelevance Irrelevance ≥ 40% ≥ 40% ≥ 40% ≥ 40% ≥ 40% ≥ 40% ≥ 40% ≥ 40% ≥ 40% Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Local Irrelevance Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Peripherality Naive detection Naive detection Naive detection Naive detection Naive detection Naive detection Naive detection Naive detection Naive detection Reduced # of extra model checking runs: ≥ 40% reduction in 54% of cases with vacuity Local Irrelevance (s) Local Irrelevance (s) Local Irrelevance is faster than Naive Detection in 70 cases (59%): Twice as fast in 40% of these cases Order of magnitud faster in 30% of these cases Naive detection (s) Naive detection (s) 19 / 25

  73. Benchmark 2 G OAL : evaluate scalability of our tool to industrial models S ETUP Models and properties: IBM Formal Verification Benchmarks Library 18 properties: 12 present vacuity 1 temporal operator, from { G, F } 4 variables on average, 17 max., 1 min. Picked k-depth in line with bounds used in Benchmark 1 Largest proof: 500k resolutions 20 / 25

  74. Benchmark 2 G OAL : evaluate scalability of our tool to industrial models S ETUP Models and properties: IBM Formal Verification Benchmarks Library 18 properties: 12 present vacuity 1 temporal operator, from { G, F } 4 variables on average, 17 max., 1 min. Picked k-depth in line with bounds used in Benchmark 1 Largest proof: 500k resolutions Proof sizes are in same range as those for Benchmark 1 new models are more complex but properties are simpler 20 / 25

  75. Benchmark 2: Scalability A B C Local Irrelevance (s) Local Irrelevance (s) Peripherality (s) Peripherality (s) Irrelevance (s) Irrelevance (s) Naive detection (s) Naive detection (s) Naive detection (s) Naive detection (s) Naive detection (s) Naive detection (s) Reasonable execution times No noticeable spike in peripherality execution times models with low clause/variable ratio present vacuity proofs for these models are medium-sized Little vacuity in this suite, yet algorithms detect some vacuity 21 / 25

  76. Experimental Conclusions Benchmark 1 Benchmark 2 Models Simple Complex Properties Complex Simple Irrelevance Very fast Very fast Local Irrelevance Fastest Fastest Peripherality Slow in certain cases Very fast Our algorithms: discover vacuous variables . . . via relatively inexpensive analyses of BMC artifacts Our methods are complete and generally faster than Naive Detection 22 / 25

  77. Summary Vacuity detection for BMC we analyze BMC artifacts like UNSAT cores and resolution proofs Proposed and implemented a vacuity detection tool, V AQ T REE 23 / 25

  78. Summary Vacuity detection for BMC we analyze BMC artifacts like UNSAT cores and resolution proofs Proposed and implemented a vacuity detection tool, V AQ T REE Step towards making vacuity detection part of complete process 23 / 25

  79. Future Work When do our algorithms apply? heuristics based on clause/variable ratio and proof size Increase scalability of our tool implement on-the-fly proof analysis Use interpolants for vacuity detection Use results of previous depths for vacuity detection 24 / 25

Recommend

Sean Graves PhD Visi-Trak Sensors Charlottesville VA High Speed/High Resolution Encoder

Sean Graves PhD Visi-Trak Sensors Charlottesville VA High Speed/High Resolution Encoder

Sean Graves PhD Visi-Trak Sensors Charlottesville VA High Speed/High Resolution Encoder Interface for Overview New linear position/velocity sensor Non-contact High resolution High speed Based on proven

320 views • 27 slides
Generating and Exploiting Large-scale Pseudo Training Data for Zero Pronoun Resolution Ting Liu

Generating and Exploiting Large-scale Pseudo Training Data for Zero Pronoun Resolution Ting Liu

Generating and Exploiting Large-scale Pseudo Training Data for Zero Pronoun Resolution Ting Liu , Yiming Cui , Qingyu Yin , Weinan Zhang , Shijin Wang and Guoping Hu Research Center for Social Computing and Information

479 views • 19 slides
Compression of Propositional Resolution Proofs by Lowering Subproofs Joseph Boudou 1 Bruno

Compression of Propositional Resolution Proofs by Lowering Subproofs Joseph Boudou 1 Bruno

Compression of Propositional Resolution Proofs by Lowering Subproofs Joseph Boudou 1 Bruno Woltzenlogel Paleo 2 1 Universit Paul Sabatier, Toulouse 2 Vienna University of Technology SMT Workshop, 2013 Overview Introduction Motivations

656 views • 41 slides
The Proof-Search Problem (between bdd-width resolution and bdd-degree semi-algebraic proofs)

The Proof-Search Problem (between bdd-width resolution and bdd-degree semi-algebraic proofs)

The Proof-Search Problem (between bdd-width resolution and bdd-degree semi-algebraic proofs) Albert Atserias Universitat Polit` ecnica de Catalunya Barcelona, Spain Satisfiability Example : 15 variables and 40 clauses x 1 x 2 x 6 x 1

1.16k views • 88 slides
Are Short Proofs Narrow? QBF Resolution is not so Simple. Meena Mahajan The Institute of

Are Short Proofs Narrow? QBF Resolution is not so Simple. Meena Mahajan The Institute of

Are Short Proofs Narrow? QBF Resolution is not so Simple. Meena Mahajan The Institute of Mathematical Sciences, HBNI, Chennai. Dagstuhl 18051 Proof Complexity Meena Mahajan Credits partially supported by the EU Marie Curie IRSES grant CORCON.

1.03k views • 65 slides
Exploiting Extreme Processor Counts on the Cray Exploiting Extreme Processor Counts on the Cray

Exploiting Extreme Processor Counts on the Cray Exploiting Extreme Processor Counts on the Cray

Exploiting Extreme Processor Counts on the Cray Exploiting Extreme Processor Counts on the Cray XT4 with High- -Resolution Seismic Wave Resolution Seismic Wave XT4 with High Propagation Experiments Propagation Experiments 2,3 and Mike

400 views • 27 slides
Short Q-Resolution Proofs with Homomorphisms Friedrich Slivovsky 1 Stefan Szeider 1 Ankit Shukla 2

Short Q-Resolution Proofs with Homomorphisms Friedrich Slivovsky 1 Stefan Szeider 1 Ankit Shukla 2

Short Q-Resolution Proofs with Homomorphisms Friedrich Slivovsky 1 Stefan Szeider 1 Ankit Shukla 2 TU Wien, Vienna, Austria 1 JKU, Linz, Austria 2 June 30, 2020 Focus of Analysis: Proof Complexity Goal : Compare the strength of the proof systems

753 views • 62 slides
Simultaneous nearby measurements of acoustic propagation and high-resolution sound speed

Simultaneous nearby measurements of acoustic propagation and high-resolution sound speed

Simultaneous nearby measurements of acoustic propagation and high-resolution sound speed structure containing internal waves Frank S. Henyey, Kevin L. Williams, Jie Yang, and Dajun Tang Applied Physics Laboratory, University of Washington Work

254 views • 22 slides
Simultaneous nearby measurements of acoustic propagation and high-resolution sound speed

Simultaneous nearby measurements of acoustic propagation and high-resolution sound speed

Simultaneous nearby measurements of acoustic propagation and high-resolution sound speed structure containing internal waves Frank S. Henyey , Kevin L. Williams, Dajun Tang Applied Physics Laboratory, University of Washington Towed CTD chain

319 views • 17 slides
ECOC2010 Invited Paper DA and AD Converters in SiGe Technology: Speed and Resolution for Ultra

ECOC2010 Invited Paper DA and AD Converters in SiGe Technology: Speed and Resolution for Ultra

ECOC2010 Invited Paper DA and AD Converters in SiGe Technology: Speed and Resolution for Ultra High Data Rate Applications Tobias Ellermeyer, Rolf Schmid, Anna Bielik, Jrg Rupeter and Michael Mller MICRAM Microelectronic GmbH, Bochum,

439 views • 22 slides
Exploiting Opportunistic Scheduling in Cellular Data Networks Radmilo Racic, Denys Ma Hao Chen,

Exploiting Opportunistic Scheduling in Cellular Data Networks Radmilo Racic, Denys Ma Hao Chen,

Exploiting Opportunistic Scheduling in Cellular Data Networks Radmilo Racic, Denys Ma Hao Chen, Xin Liu University of California, Davis 1 3G Cellular Networks Provide high speed downlink data access Examples HSDPA (High Speed

641 views • 23 slides
Towards the Compression of First-Order Resolution Proofs by Lowering Unit Clauses J. Gorzny 1 B.

Towards the Compression of First-Order Resolution Proofs by Lowering Unit Clauses J. Gorzny 1 B.

Towards the Compression of First-Order Resolution Proofs by Lowering Unit Clauses J. Gorzny 1 B. Woltzenlogel Paleo 2 1 University of Victoria 2 Vienna University of Technology 6 August 2015 Gorzny, Woltzenlogel Paleo First-Order Lower Units

687 views • 45 slides
Project 5: Verifjcation of high resolution and ECMWF wind speed forecasts for Iceland Olena

Project 5: Verifjcation of high resolution and ECMWF wind speed forecasts for Iceland Olena

Project 5: Verifjcation of high resolution and ECMWF wind speed forecasts for Iceland Olena Palakhniuk Vsevolod Moreydo Christopher Frank Gurn Nna Petersen Eyrarbakki, S-Iceland Automatjc weather statjon 3 m a.s.l. Data: - One

486 views • 13 slides
Proofs, Continued Today Proofs : A style guide Proofs should be easy to

Proofs, Continued Today Proofs : A style guide Proofs should be easy to

Euclid (300 BC) Proofs, Continued Today Proofs : A style guide Proofs should be easy to verify. All the cleverness goes into finding/writing the proof, not reading/verifying it! P vs. NP (informally) : P =

682 views • 21 slides
Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth workshop Introduction to the workshop PROOFS: Security Proofs for Embedded Systems UCSB August 20, 2016 5th edition of PROOFS PROOFS 2012:

311 views • 7 slides
CCP Resolution: proposal for an EU Regulation and FSB Guidance on CCP Resolution 2ND EUROPEAN

CCP Resolution: proposal for an EU Regulation and FSB Guidance on CCP Resolution 2ND EUROPEAN

CCP Resolution: proposal for an EU Regulation and FSB Guidance on CCP Resolution 2ND EUROPEAN RECOVERY AND RESOLUTION SUMMIT Frankfurt, 5 July 2017 David Blache, Deputy Director for Resolution, ACPR (Resolution Authority, France) 1

292 views • 27 slides
Cedar Rapids RLR &amp; Speed Des Moines RLR &amp; Speed

Cedar Rapids RLR &amp; Speed Des Moines RLR &amp; Speed

Davenport.RLR &amp; Speed Cedar Rapids RLR &amp; Speed Des Moines RLR &amp; Speed Sioux City.. RLR &amp; Speed Muscatine...RLR &amp; Speed Council

248 views • 11 slides
Speed kills 2 but people like speed! 3 Speed Higher speeds are associated with higher

Speed kills 2 but people like speed! 3 Speed Higher speeds are associated with higher

Effects of automated highway speed enforcement: average versus instantaneous speed control 27 th annual ICTCT workshop 16-17 Oct 2014, Karlsruhe - Germany dr. Stijn Daniels, PhD Transportation Research Institute Hasselt University, Belgium

413 views • 9 slides
Exploiting Multi-Core Architectures for Fast Modular Synthesis LAC2008 Feb 29, 2008 Jrgen

Exploiting Multi-Core Architectures for Fast Modular Synthesis LAC2008 Feb 29, 2008 Jrgen

Exploiting Multi-Core Architectures for Fast Modular Synthesis LAC2008 Feb 29, 2008 Jrgen Reuter Multiple Cores CPU speed only slowly growing Multi-Core CPUs now pervade market Ideal for thread-parallel compute-intensive tasks

371 views • 19 slides
Di ff erentially-Private Batch Query Answering Exploiting the Workload vs. Exploiting the Data

Di ff erentially-Private Batch Query Answering Exploiting the Workload vs. Exploiting the Data

Di ff erentially-Private Batch Query Answering Exploiting the Workload vs. Exploiting the Data Gerome Miklau University of Massachusetts, Amherst DIMACS Workshop on Recent Work on Di ff erential Privacy across Computer Science October 2012

1.39k views • 136 slides
AUTOMATED REASONING background information on unifiers. The theorems in A1b and A1c are important

AUTOMATED REASONING background information on unifiers. The theorems in A1b and A1c are important

Some Useful Proofs A1ai The slides Appendix1 (A1) contain various proofs about resolution and a little AUTOMATED REASONING background information on unifiers. The theorems in A1b and A1c are important as they give the basis for the soundness of

421 views • 3 slides
Visualisation of Novel High Resolution Digital Photography Paul Bourke iVEC @ University of

Visualisation of Novel High Resolution Digital Photography Paul Bourke iVEC @ University of

Visualisation of Novel High Resolution Digital Photography Paul Bourke iVEC @ University of Western Australia Introduction Exploiting the capabilities of the human visual system. Fidelity - Stereopsis - Peripheral Vision Three

470 views • 12 slides
Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2 Interactive Proofs IP[k] IP[poly] = PSPACE 2 Interactive Proofs IP[k] IP[poly] = PSPACE IP protocol for TQBF using arithmetization 2 Interactive

1.75k views • 136 slides
Speed, speed, speed D. J. Bernstein University of Illinois at Chicago; Ruhr University Bochum

Speed, speed, speed D. J. Bernstein University of Illinois at Chicago; Ruhr University Bochum

1 Speed, speed, speed D. J. Bernstein University of Illinois at Chicago; Ruhr University Bochum Reporting some recent symmetric-speed discussions, especially from RWC 2020. Not included in this talk: NISTLWC. Short inputs.

411 views • 29 slides

More recommend