Efficient SATbased Unbounded Symbolic Modeling Checking Using Circuit Cofactoring

1
Efficient SAT-based Unbounded Symbolic Modeling
Checking Using Circuit Cofactoring

• Malay K Ganai
• Aarti Gupta
• Pranav Ashar
• NEC Laboratories America
• Princeton, NJ
• Now at Real Intent

2
Outline

• Introduction and Motivation
• Background
• SAT-based UMC
• Related Work
• Strengths and weaknesses
• Our Contributions
• Circuit-based cofactoring approach
• Heuristics for further improvements
• Improved SAT-based UMC
• Experiments and Results
• Conclusions and Future Work

3
Why SAT-based UMC?

• Need more scalable and robust proof methods
• BDD-based methods limited to small designs
• SAT-based BMC methods
• Finds bounded-length bugs/proof for large designs
  
• Have been used successfully for proof-based
  abstraction
• However, unbounded proof usually requires longest
  loop-free path analysis and is not practical
• Previous SAT-based UMC methods
• Quantification strategy cube-by-cube solution
  enumeration
• Add blocking clauses to avoid enumerating the
  same solutions
• Stop when all solutions are enumerated
• Solvers CNF-based SAT, ATPG
• Transition relation representation CNF
• State set representation CNF, BDDs

4
SAT-based UMC (Cube-wise Enumeration)
SAT-EQ(f,A,B) // calculate ?B f(A,B) C?
// initialize constraint C while (SAT_Solve
(f1?C0)SAT) ?get_assignment_cube()
cget_enumerated_cube(?,A) // obtain, ?B ?
CC?c else return C // return when no
more solution
u1,u2 input variables x1,x2,x3
state variables F x1(x3u2)x2(x1u1) Goal
?u1u2 F (all state cube solutions) Solution
x1 x2
Steps of cube-wise enumeration (Example)

• First Enumeration u11, x20, u2?
• Blocking constraint x2

• Second Enumeration x10, x21, u21
• Blocking constraint x2(x1x2)x2x1

Required number of enumerations is 2 !!
5
Related Work (SAT-based UMC)
6
Motivation

• Inefficiencies in previous SAT-based UMC
• Cube-by-cube solution enumeration
• CNF-solvers typically generate total solution,
  not a cube
• Expensive methods to enlarge cube
• State set representation CNF, BDD, variants of
  BDDs

• Can we capture more new solutions per enumeration
  than by cube-wise enumeration approach?
• Can we efficiently represent the solutions to
  mitigate the space-out problem?
• Can we use better SAT solver that uses circuit
  information efficiently?

7
Our Contributions

• Circuit-based cofactoring
• Captures more new solutions per enumeration
• compared to a cube-wise approach
• Efficient representation of states
• Uses circuit-based characteristic function
  simple, reduced graph
• More robust than CNF or BDD-based representation
• Efficient SAT-solver Hybrid (CNF and Circuit)
• Generates a partial solution (not a total
  solution)
• Previous approaches for solution enlargement
  using CNF-solvers or PODEM-based solvers
  unnecessary
• Several heuristics to further enlarge the state
  set captured
• Low overhead
• Efficient SAT-based UMC algorithm
• More robust and improved performance

8
Basic Idea (1/2)

• Theorem 1
• Let,
• ?V??0,1 be the satisfying assignment for f 1
• s? be the satisfying state cube for ?
• u? be the satisfying input cube for ?

s?
u?
1
0
1
1
0
1
0
1
Satisfying assignment ?
1
0
0
1
minterm m
If a minterm m ? u?, then s? ? f m i.e.
cofactor subsumes all solutions captured by s?

• Cofactor-based approach require fewer
  enumerations than
• cube-based approach !

9
Basic Idea (1/2) Example
u1
1
1
a

x2
b
x1
Solution to f 1 f x1(x3u2)x2(x1u1) s?
x1x2x3 u? u1u2
z
x2
x3
x1x3
c
u2
0
d
x3

• Our approach Cofactor circuit
• Pick a minterm, m u1 u2
• Cofactor, fm c1 x1x3 x2
• Note fm captures more than one cube
• Clearly, s? ? fm

c10
Cofactor circuit
10
Basic Idea (2/2)

• Theorem 2
• Let
• ? V??0,1 and ? V??0,1 be two satisfying
  assignments for f1
• V? ? V? and ?v?V? ?(v)?(v)
• i.e., ? represents a solution enlargement of ?
• If input minterm m ? u?, then s? ? fm
• i.e. a cofactor subsumes all state cube
  enlargements

1
1
0
1
1
s?
u?
Satisfying assignment ?
1
0
1
1
0
1
0
1
s?
u?
Satisfying assignment ?
1
0
0
1
m
Enlargement of state cubes is unnecessary!
11
Basic Idea (2/2) Example
u1
1
1
a
Solution to f1 f x1(x3u2)x2(x1u1) s?
x1x2x3 u? u1u2
z1

b
1
x1
1
z
0
x2
0
x3
1
c
u2
0
d

• Cube enlargement (redrawing implication graph
  McMillan CAV02)
• Constraints z0, u11, u20, x11, x20, x31
• Implication u11?a1 (x20, a1) ?b1 b1?z1
  (conflict)
• Conflict Analysis u11, x20 (reasons for
  conflict)
• Enlarged cube s? x2 , u? u1
• Our approach (cofactor circuit) fm x1.x3
  x2
• Clearly, s? ? fm

12
Cofactoring-based Quantification Strategy

• Use a SAT solver to obtain a partial solution ?
• Hybrid SAT solver
• Choose an input minterm m from the satisfying
  input cube u?
• Several heuristics to find a good candidate
• Cofactor f with respect to the chosen minterm m
• Use efficient circuit-based cofactoring
• Use cofactor fm as a blocking constraint repeat
  till no solution
• Efficient representation of states

c10

• Iteration 1
• Soln x1x3u2
• Pick u10
• Cofactor c1x3 (x1x2)
• Iteration 2
• Soln x3u1x4
• Pick u20
• Cofactor c2 x1x2x4

x3
u2
z1
x1
x2
u1
c20
x4
13
Efficient State/Circuit Representation

• Efficient circuit representation Ganai et al
  IWLS 00
• 2-input OR/INVERTER graph using on-the-fly
  compression technique that removes local
  functional redundancies
• Efficient for Boolean reasoning Kuehlmann et al
  DAC 01
• We use reduced graphs representation widely
• Transition relations, enumerated states, unrolled
  time frames, blocking constraints
• Cofactoring can be implemented efficiently
• Reuses subgraphs

Reused subgraph
c10

• Iteration 1
• Soln x1x3u2
• Pick u10
• Cofactor c1x3 (x1x2)
• Iteration 2
• Soln x3u1x4
• Pick u20
• Cofactor c2 x1x2x4

x3
u2
z1
x1
x2
u1
c20
x4
14
Efficient Hybrid SAT Solver

• Efficient hybrid SAT solver Ganai et al. DAC
  02
• Combines strengths of circuit-based and CNF-based
  solvers
• Dual decision, deduction, and diagnosis engines
• Uses mixed representation
• Original problem is represented using reduced
  graph
• Learned clauses are represented using CNF
• Cofactors are represented using reduced graph
• Uses circuit-based decision heuristic
  justification frontiers
• Generates partial satisfying assignment (very
  desirable)
• Avoids following expensive methods in CNF-based
  solvers aimed at reducing state assignments
• Redrawing implication graph McMillan CAV02
• Dynamic detection and removal of inactive clauses
  Gupta et al. DAC01

15
Cofactoring-based Quantification Algorithm
mSAT-EQ(f,A,B) // calculate ? B f(A,B) C
? // initialize constraint while
(SAT_Solve(f1?C0) SAT) ?
get_assignment_cube() m get_satisfying_inpu
t_minterm(?,B) fm cofactor_cube(f, m)
C C ? fm // add cofactor blocking constraint
else return C // return when no more solution
B
f1
A
C fm1fmi 0
16
SAT-Based UMC using Circuit-Cofactoring (CC)
mFix_Point_EF(f) // compute fixed-point for
EF(f(X)) i0 R(X)? C(X) f 0(X) f(X)
while(C(X) !0) // fixed-point reached?
R(X)R(X) ? C(X) i i1
f i(X,U) Unroll (f, i) // f at ith unroll
depth // Compute states in f i but not
in R C(X) mSAT-EQ( f i ??R(X), X, U)
return R(X)
X X0
U0
U1
Ui
U ?i0 Ui
X0
X1
Xi
?
f i(X,U)
R C0Ci-1
unrolling pre-images
17
Experiments for CC-based UMC
Blocking clause with redrawing of implication
graph using hybrid solver (BC)
Circuit Cofactoring (CC)
18
Heuristics for Choosing Input Minterms

• Input minterm choice makes a difference
• First enumeration u11, x20, u2?
• Pick u20 (instead of u21)
• Cofactor F with u11,u20
• F(u11,u20) x1x3x2
• Blocking constraint (x1x3)x2
• Need one more enumeration to complete!

F x1(x3u2)x2(x1u1) Goal ?u1u2 F ( x1
x2)

• Proposed Heuristics
• Hr uses a minterm chosen randomly (Basis for
  comparison)
• H1 uses structure information of the circuit
  like fanouts
• H2 uses SAT justification frontiers
• H3 uses SAT justification frontiers and fanout
  information
• H4 uses SAT justification frontiers and latch
  frontiers information
• H5 uses SAT justification frontiers, fanout and
  latch frontiers

19
H2 Based on SAT Justification Frontiers
a1
u11
b1
x1
0
z1
Solution
x20
Decide
Implied
x3
1
c
1
Criteria for value Assignment
u2
1
d
1

• Strategy
• Choose un-chosen frontiers as new justification
  frontiers
• Continue from previous SAT state to justify these
  neo frontiers
• Repeat till all inputs variables are assigned

Example New Frontiers c1, x11 SAT c1 ?
d1,x10 x31 New Frontiers u21 SAT
u21 Cofactor of f with u11, u21 is
(x1x2)
20
Effects of Heuristics on CC-based UMC
Blocking Clause RI (BC)
Circuit Cofactoring (CC) with heuristics H1-5
for choosing assignments on quantified variables
Hr Random assignment H1 If ve score gt -ve
score assign 1 else 0 H2 Select
un-chosen frontiers as justification
frontiers continue SAT and repeat. H3
Like H2 but once H1 on the rest H4 Like
H2 but prune out latch frontiers H5 Like
H4, but once H1 on the rest.
Experiment on D2 (w/ Env)
21
UMC Proof using Reachability Constraints
Experiment on D2 (w/ Env)
Circuit Cofactoring (CC) using H5
Blocking Clause with RI (BC)

• Abstraction without external constraints
• 66 FFs, 92 PIs, 1434 gates
• BDD-based reachability on abstract model
• Generates R in lt 4s
• Use R as care set constraint RC
• H5RC reaches fix point in 14 steps
• BCRC times out
• No counter-example in 14 steps
• BMC takes lt 1s

Reaches fixed point at 14th step in lt 1minute !!
22
Comparison of CC w/ BDD, BMC

• VIS Benchmarks 102 safety properties
• CC does better in 68 cases, BDD does better in
  16 cases
• (Note the complimentary strengths)
• CC does better than BMC in almost all cases

23
Comparison of CC w/ BC

• VIS Benchmarks 102 safety properties
• CC does better than BC in almost all cases
• Swap example (McMillan CAV02)
• CC does order of magnitude better than BC and BDD

24
Conclusions and Future Work

• SAT-based quantification using circuit
  cofactoring approach
• Guaranteed to require fewer enumerations compared
  to cube-wise enumerations (order-of-magnitude
  better in practice)
• Captures more new states compared to cube-wise
  approach
• Uses efficient representation for states
• Uses efficient hybrid SAT solver
• Several low-overhead heuristics to further
  enlarge the solution states captured
• Improved SAT-based UMC
• Uses SAT-based quantification based on
  circuit-cofactoring
• Orders of magnitude improvement in performance on
  industry designs and public benchmarks compared
  to cube-wise enumeration
• Successfully proved correctness of property on an
  industry design for which all other approaches
  failed
• In future, we would like to combine our method
  with interpolation-based approach (McMillan
  CAV03)

25
Thank you !
26
Backup Slides
27
Cube-wise Enumeration Strategy
SAT-EQ(f,A,B) // calculate ?B f(A,B) C?
// initialize constraint while (SAT_Solve
(f1?C0)SAT) ?get_assignment_cube()
cget_enumerated_cube(?,A) // obtain, ?B ?
CC?c else return C // return when no more
solution
28
SAT-based UMC (previous)
Fix_point_EF(f) // compute least fixed-point
for EF(f(X)) R(X)? T(X)f(X)
//initialize while(T(X) !0) // fixed-point
reached? R(X) R(X)?T(X) //update R
//Compute pre-image states for T but not in R
T(X)SAT-EQ(? ?T(?X?Y?)??R(X), X, U) return
R(X)
29
Basic notation

X state variables U input variables
(quantifier variables) f Boolean function, f
(X,U) ? satisfying assignments for f1 ?V?
? 0,1, where V? ? U?X s satisfying state
cube u satisfying input cube m satisfying
input minterm, m?u fm cofactor of f with input
minterm m ?Uf(X,U) existential quantification of
f w.r.t. U
30
H1 Based on fanout scores
a1
u11
Solution
b1
x1
z1
Score
x20
Decide
Implied
x3
c
Criteria for value Assignment
u2
1
d
Strategy Choose 1 if positive score of
unassigned input variable is greater or equal
to negative score else 0. (positive score
non-inverted fanouts)
Example Choose u21 as positive score of u2 is 1
and negative score is 0. Cofactor of f with
u11, u21 is (x1x2)
31
H3 H1H2
a1
u11
Solution
b1
x1
0
z1
Score
x20
Decide
Implied
x3
1
c
1
Criteria for value Assignment
u2
1
d
1
Strategy Like H2 but use SAT only once to find
value that justifies independently of chosen
frontiers. For remaining assignments use H1.
Example New Frontiers c1, x11 SAT (c1) ?
d1,x10 (x31) Choose u21 using H1 Cofactor
of f with u11, u21 is (x1x2)
32
H2 Re-visited
a1
u11
Solution
b1
x1
1
z1
Score
x20
Decide
Implied
x3
0
c
0
Criteria for value Assignment
u2
0
d
0
Example New Frontiers c1, x11 SAT x11 ?
c0 New Frontiers d0 SAT x30,
u20 Cofactor of f with u11, u20 is
(x1x3x2)
New Frontiers should be chosen intelligently !!
33
H4 H2 and latch frontiers
a1
u11
Solution
b1
x1
0
z1
Score
x20
Decide
Implied
x3
1
c
1
Criteria for value Assignment
u2
1
d
1
Strategy Like H3 but choose frontiers that are
not latch frontiers (those nodes with only latch
support and at least one fanout with static
primary input and latch support)
Example New Frontiers c1 SAT (c1) ?
d1,x0 (x31) New Frontiers u21 SAT
u21 Cofactor of f with u11, u21 is
(x1x2)
34
H5 H4H1
a1
u11
Solution
b1
x1
0
z1
Score
x20
Decide
Implied
x3
1
c
1
Criteria for value Assignment
u2
1
d
1
Strategy Like H4 but use SAT once to justify
values. Remaining values are assigned using H1.
Example New Frontiers c1 SAT (c1) ?
d1,x0 (x31) Choose u21 using H1 Cofactor
of f with u11, u21 is (x1x2)