Download - © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University
![Page 1: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/1.jpg)
© Anvesh KomuravelliIC3/PDR
Overview of IC3/PDR
Anvesh Komuravelli
Carnegie Mellon University
![Page 2: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/2.jpg)
© Anvesh KomuravelliIC3/PDR
(<k)-reachable?
SAT-Based Bounded Model Checking (BMC)
Is there an execution leading to error in < k steps, beginning in I ?
![Page 3: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/3.jpg)
© Anvesh KomuravelliIC3/PDR
(<k)-reachable?
BMC + k-Induction
k-inductive?
Is there an execution leading to error in < k steps, beginning in I ?
Is there an execution leading to error in k steps, beginning in P ?
![Page 4: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/4.jpg)
© Anvesh KomuravelliIC3/PDR
(<k)-reachable?
Downside of k-Induction
k-inductive?
P may not be inductive for any k !
![Page 5: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/5.jpg)
© Anvesh KomuravelliIC3/PDR
Strengthen P !
reachable states
![Page 6: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/6.jpg)
© Anvesh KomuravelliIC3/PDR
BMC + Interpolation (McMillan ‘03)
k-reachable?
(k-1)
k-reachable?
(k-1)
…
If abstract counterexample found, start all over again with a bigger k
Many improvements followed
Approximate Forward-Reachability!
![Page 7: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/7.jpg)
© Anvesh KomuravelliIC3/PDR
Forward-Reachability in a nutshell
Initial States
Over-approximations
Also, w.l.o.g., assume that :
No counterexample of length (k-1) from Fn
No counterexample of length (k-1)+1 from Fn-1
…
![Page 8: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/8.jpg)
© Anvesh KomuravelliIC3/PDR
Formalizing BMC + Interpolation
Rule Condition Transition
Init −
Unfold
Refine
Unsafe return UNSAFE
Safe return SAFE
Abstract Transition System
![Page 9: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/9.jpg)
© Anvesh KomuravelliIC3/PDR
Formalizing BMC + Interpolation
Rule Condition Transition
Init −
Unfold
Refine
Unsafe return UNSAFE
Safe return SAFE
Abstract Transition SystemState triple
![Page 10: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/10.jpg)
© Anvesh KomuravelliIC3/PDR
Formalizing BMC + Interpolation
Rule Condition Transition
Init −
Unfold
Refine
Unsafe return UNSAFE
Safe return SAFE
Downsides
• Blow-up in SAT formula size as k gets big• Resolution proof of UNSAT is non-trivial to obtain
Abstract Transition System
![Page 11: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/11.jpg)
© Anvesh KomuravelliIC3/PDR
…
??
A different search strategy
Let us restrict to 1-reachable queries
![Page 12: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/12.jpg)
© Anvesh KomuravelliIC3/PDR
? …
A different search strategy
Let us restrict to 1-reachable queries
![Page 13: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/13.jpg)
© Anvesh KomuravelliIC3/PDR
A different search strategy
Let us restrict to 1-reachable queries
…
![Page 14: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/14.jpg)
© Anvesh KomuravelliIC3/PDR
A different search strategy
Let us restrict to 1-reachable queries
![Page 15: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/15.jpg)
© Anvesh KomuravelliIC3/PDR
Formalizing the new search strategy
Rule Condition Transition
Init −
Unfold
Candidate
Decide
Conflict
Unsafe return UNSAFE
Safe return SAFE
![Page 16: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/16.jpg)
© Anvesh KomuravelliIC3/PDR
Formalizing the new search strategy
Rule Condition Transition
Init −
Unfold
Candidate
Decide
Conflict
Unsafe return UNSAFE
Safe return SAFE
Checks k-reachability by explicit state backward search !
![Page 17: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/17.jpg)
© Anvesh KomuravelliIC3/PDR
CDCL – Local Interpolants
Given
Find
Use algorithms to minimize cores (MUS)
![Page 18: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/18.jpg)
© Anvesh KomuravelliIC3/PDR
…
CDCL – Local Interpolants
Given
Find
t
![Page 19: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/19.jpg)
© Anvesh KomuravelliIC3/PDR
…
Strengthen Fi+1
CDCL – Local Interpolants
Given
Find
![Page 20: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/20.jpg)
© Anvesh KomuravelliIC3/PDR
…
Strengthen Fi+1
CDCL – Local Interpolants
Hence,
![Page 21: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/21.jpg)
© Anvesh KomuravelliIC3/PDR
…
Strengthen Fi
CDCL – Local Interpolants
Hence,
![Page 22: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/22.jpg)
© Anvesh KomuravelliIC3/PDR
Rule Condition Transition
Init −
Unfold
Candidate
Decide
Conflict
Unsafe return UNSAFE
Safe return SAFE
Formalizing the new search strategy
![Page 23: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/23.jpg)
© Anvesh KomuravelliIC3/PDR
…
Forward Propagation
t is bad for Fi+2 as well!Can we reuse φ?
t
![Page 24: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/24.jpg)
© Anvesh KomuravelliIC3/PDR
Forward Inductive Propagation
Given
Find
![Page 25: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/25.jpg)
© Anvesh KomuravelliIC3/PDR
Forward Inductive Propagation
Given
Find
unsat
![Page 26: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/26.jpg)
© Anvesh KomuravelliIC3/PDR
Forward Inductive Propagation
Given
Find
unsat
![Page 27: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/27.jpg)
© Anvesh KomuravelliIC3/PDR
Rule Condition Transition
Init −
Unfold
Candidate
Decide
Conflict
Induction
Unsafe return UNSAFE
Safe return SAFE
Formalizing the new search strategy
![Page 28: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/28.jpg)
© Anvesh KomuravelliIC3/PDR
…
Forward Propagation
Block φ or s at Fi+2, Fi+3, …
![Page 29: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/29.jpg)
© Anvesh KomuravelliIC3/PDR
…
Long Counterexamples!
k
m
…
Block φ or s at Fi+2, Fi+3, …
![Page 30: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/30.jpg)
© Anvesh KomuravelliIC3/PDR
Rule Condition Transition
Init −
Unfold
Candidate
Decide
Conflict
Induction
Unsafe return UNSAFE
Safe return SAFE
Formalizing the new search strategy
![Page 31: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/31.jpg)
© Anvesh KomuravelliIC3/PDR
cube
Generalizing Predecessors
Given Find
![Page 32: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/32.jpg)
© Anvesh KomuravelliIC3/PDR
cube
Generalizing Predecessors
Given Find
cube
![Page 33: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/33.jpg)
© Anvesh KomuravelliIC3/PDR
Generalizing Predecessors
Given
Find
T
−−−
…
−−−
−−−
…−−
−
Ternary Simulation
…
![Page 34: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/34.jpg)
© Anvesh KomuravelliIC3/PDR
…
?
Generalizing Predecessors
![Page 35: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/35.jpg)
© Anvesh KomuravelliIC3/PDR
…
?
Generalizing Predecessors
![Page 36: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/36.jpg)
© Anvesh KomuravelliIC3/PDR
…
…
Generalizing Predecessors
![Page 37: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/37.jpg)
© Anvesh KomuravelliIC3/PDR
Rule Condition Transition
Init −
Unfold
Candidate
Decide
Conflict
Induction
Unsafe return UNSAFE
Safe return SAFE
Formalizing the new search strategy
![Page 38: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/38.jpg)
© Anvesh KomuravelliIC3/PDR
Rule Condition Transition
Init −
Unfold
Candidate
Decide
Conflict
Induction
Unsafe return UNSAFE
Safe return SAFE
IC3/PDR !
![Page 39: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/39.jpg)
© Anvesh KomuravelliIC3/PDR
To summarize…
1-step reachability queriesGeneralizing PredecessorsLocal InterpolantsForward Inductive PropagationReusing Counterexamples
Fi is in CNF
![Page 40: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/40.jpg)
© Anvesh KomuravelliIC3/PDR
To summarize…
• Competitive with variants of McMillan’s Interpolation• 3rd place in HWMCC’10 – competing with well-established tools• Well received by hardware industry• Implemented in Berkeley’s ABC tool• Extensions to progress and CTL properties• Extensions to LRA – implemented in Z3
![Page 41: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/41.jpg)
© Anvesh KomuravelliIC3/PDR
Fi is in CNF
Efficient Implementation of IC3/PDR
SAT Context C
…
![Page 42: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/42.jpg)
© Anvesh KomuravelliIC3/PDR
Decide/Conflict Rules
Assumptions A
Y N
Ternary Simulation
![Page 43: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/43.jpg)
© Anvesh KomuravelliIC3/PDR
least j ≥ i such that
If none, add to F∞
MUS extraction to get
Conflict Rule
✗
Additionally,
pushing the clause to higher levels
![Page 44: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/44.jpg)
© Anvesh KomuravelliIC3/PDR
Induction Rule
Similar to Conflict Rule, with repeated checks!
![Page 45: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/45.jpg)
© Anvesh KomuravelliIC3/PDR
Extending to First-order Theories
can do sometheory-generalization
Local Interpolants ?
LRA : Linear combination of literals (Hoder and Bjorner, 2012)
∞state
Generalizing Predecessors
![Page 46: © Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649cc55503460f9498e2a3/html5/thumbnails/46.jpg)
© Anvesh KomuravelliIC3/PDR
References
1. SAT-Based Model Checking without Unrolling, Bradley, VMCAI 20112. Efficient Implementation of Property Directed Reachability, Een,
Mishchenko and Brayton, FMCAD 20113. An Incremental Approach to checking Progress Properties, Bradley et al.,
FMCAD 20114. Understanding IC3, Bradley, SAT 20125. Generalized Property Directed Reachability, Hoder and Bjorner, SAT 20126. Incremental, Inductive CTL Model Checking, Hassan et al., CAV 2012