Formal%20Verification%20of%20Pipelined%20Processors - PowerPoint PPT Presentation

About This Presentation
Title:

Formal%20Verification%20of%20Pipelined%20Processors

Description:

Experimentally compared zChaff performance on SD and EIJ encodings of several ... Encode each class using SD or EIJ based on local decision. Encoded Boolean Formula ... – PowerPoint PPT presentation

Number of Views:54
Avg rating:3.0/5.0
Slides: 30
Provided by: RandalE9
Learn more at: http://www.cs.cmu.edu
Category:

less

Transcript and Presenter's Notes

Title: Formal%20Verification%20of%20Pipelined%20Processors


1
SAT-Based Decision Procedures for Subsets of
First-Order Logic
Part II Separation Logic
Randal E. Bryant
Carnegie Mellon University
http//www.cs.cmu.edu/bryant
2
Outline
  • Background
  • SAT-based Decision Procedures
  • Equality with Uninterpreted Functions
  • Translating to propositional formula
  • Exploiting positive equality and sparse
    transitivity
  • Separation Logic
  • Translating to propositional formula
  • Hybrid encoding techniques

3
Separation Logic with Uninterpreted Functions
(SUF)
  • Suitable for verifying wider class of systems
  • Terms (T ) Integer Expressions
  • ITE(F, T1, T2) If-then-else
  • Fun (T1, , Tk) Function application
  • T 1 Increment
  • T 1 Decrement
  • Formulas (F ) Boolean Expressions
  • ?F, F1 ? F2, F1 ? F2 Boolean connectives
  • T1 T2 Equation
  • T1 lt T2 Inequality
  • Pred(T1, , Tk) Predicate application

4
SUF ? Separation Logic
  • Eliminate function and predicate applications
    using fresh variables and ITE expressions
    Bryant, German, Velev, CAV99
  • f(x) ? v1 and f(y) ? ITE(x y, v1, v2)

Terms (T ) Integer Expressions ITE(F, T1,
T2) If-then-else Fun (T1, , Tk) Function
application T 1 Increment T - 1 Decrement
5
Eager Boolean Encoding Methods for Separation
Logic
Separation Logic Formula
Small Domain Encoding (SD)
Per-Constraint Encoding (EIJ)
6
Small Domain Encoding (SD)
Bryant, Lahiri, Seshia, CAV02
x ? y ? y ? z ? z ? x1
  • Observation
  • To check satisfiability, need to consider all
    possible relative orderings of finitely-many
    expressions
  • Can use Boolean encoding of finite range of
    values
  • 4 values in this case, so 2-bit encoding

7
Per-Constraint Encoding (EIJ)
Strichman, Seshia, Bryant, CAV02
x ? y ? y ? z ? z ? x1
8
Enforcing Transitivity Constraints
x ? y c1
x
c1
x
y
z
c1
c2
y
  • Graph Representation of Separation Constraints
  • Directed multigraph where edges labeled by
    constants
  • Fourier-Motzkin Elimination
  • Eliminate nodes in succession
  • Possibly exponential growth in edges

9
Introducing New Predicates
x ? y c1
x
c1
x
y
z
c1
c2
Sample Predicates
e1 x ? y c1
e2 y ? z c2
e3 x ? z c1 c2
e4 x ? y c2
y
Sample Transitivity Constraint
e1 ? e2 ? e3
Sample Ordering Constraint (for c1 lt c2)
e4 ? e1
10
Comparing Eager Encoding Methods
  • Of SD and EIJ encoding methods, which one is
    better?
  • Comparison with respect to
  • Size of resulting Boolean formula
  • Performance of SAT solver

11
Size of Boolean Encoding SD better than EIJ
  • Let N be size of original separation logic
    formula
  • Size of a directed acyclic graph representation
  • SD encoding size is worst-case O(N2)
  • EIJ encoding size is worst-case O(2N)
  • Can generate O(2N) transitivity constraints

12
Impact on SAT problem SD vs EIJ
  • Experimentally compared zChaff performance on SD
    and EIJ encodings of several unsatisfiable
    formulas
  • Sample result

Method Boolean variables CNF Clauses Conflict Clauses zChaff Time (sec)
EIJ 57211 169387 150 0.56
SD 23112 67699 15811 21.63
EIJ better than SD for zChaff
13
Impact on SAT Why is EIJ better than SD?
  • Conjecture For SD, SAT solver has to discover
    transitivity constraints as conflict clauses
  • Violation of transitivity constraint might be
    discovered only after assigning bits of several
    bit-vectors
  • EIJ adds all such constraints a priori
  • Less learning and backtracking required by the
    SAT solver

14
Eager Encoding Tradeoffs
  • SD encoding
  • Polynomial size encoding
  • Worse for SAT solvers
  • EIJ encoding
  • Worst-case exponential size encoding
  • Better for SAT solvers
  • Can we automatically select between SD and EIJ
    based on the input formula?

15
Selection Strategy
Seshia, Lahiri, Bryant, DAC 03
  • Problem
  • Computationally hard to estimate number of
    transitivity constraints
  • Can we use a different metric?
  • Idea Identify feature of the input formula that
    varies monotonically with run-time of EIJ (but
    not with run-time of SD)

Estimate number of transitivity constraints, C
NO
YES
C gt T ?
Use SD encoding
Use EIJ encoding
16
A Good Formula Feature Number of Separation
Predicates
17
A Good Formula Feature Number of Separation
Predicates
18
Revised Selection Strategy
  • Easy to count number of separation predicates
  • Very approximate measure of of transitivity
    constraints
  • Constraints only relate predicates that share
    variables
  • Also need to automate setting of threshold T
  • Statistically estimate from training set of
    benchmarks

Count number of separation predicates, m
NO
YES
m gt T ?
Use SD encoding
Use EIJ encoding
19
Identifying Variable Classes
Æ
Ç
Ç
u v
Æ
z x1
u v-2
x y
y z
u,v shared
Assignments to u,v are independent of those to
x,y,z
20
Hybrid Encoding Technique
Separation Logic Formula
21
Automatically Selecting a Threshold Value
Intuition
EIJ run time increases drastically beyond a
certain number of separation predicates
22
Automatically Selecting a Threshold Value using
Clustering
Cluster total time (Y-axis) values, minimizing
variance of each cluster
23
Experimental Evaluation Setup
  • Compared Hybrid against
  • SD and EIJ encodings
  • Cooperating Validity Checker (CVC) based on lazy
    encoding method Stump et al.02
  • Stanford Validity Checker (SVC) non SAT-based
    Barrett et al. 96
  • CVC SVC can handle more expressive logics than
    SUF
  • Benchmarks
  • 49 unsatisfiable SUF formulas
  • Load-store unit, out-of-order unit, device driver
    code, compiler validation, DLX pipeline
  • Threshold value calculated from subset of 16
    benchmarks
  • Worked well for 39 out of the 49 benchmarks
  • Setup
  • Used zChaff SAT solver
  • Imposed timeout of 1800 sec. on total time
    (EncodingSAT)

24
Hybrid vs. SD (39/49 benchmarks)
Hybrid better
SD better
25
Hybrid vs. EIJ (39/49 benchmarks)
Hybrid better
EIJ better
26
Hybrid vs. Lazy Encoding (CVC) (39/49 benchmarks)
Hybrid better
CVC better
27
Hybrid vs. Non-SAT-based Procedure (SVC) (39/49
benchmarks)
Hybrid better
SVC better
28
SD outperforms Hybrid on 10/49 benchmarks
Hybrid better
SD better
29
Conclusions Ongoing Work
  • Hybrid combination of EIJ and SD encodings
  • is robust to formula variations
  • outperforms lazy encoding methods (CVC)
  • outperforms non-SAT-based methods (SVC)
  • Ongoing Future work
  • Alternate estimators for number of transitivity
    constraints
  • Threshold setting technique based on clustering
    applies to other CAD problems too
  • Combination of lazy and eager encoding techniques
    might perform well on satisfiable formulas?
  • More on UCLID project webpage
    http//www.cs.cmu.edu/uclid
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Formal%20Verification%20of%20Pipelined%20Processors" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!