Embed Size (px)
Citation preview
Carnegie Mellon University
SAT-Based Decision SAT-Based Decision Procedures for Subsets of Procedures for Subsets of
First-Order Logic First-Order Logic
SAT-Based Decision SAT-Based Decision Procedures for Subsets of Procedures for Subsets of
First-Order Logic First-Order Logic
http://www.cs.cmu.edu/~bryant
Randal E. Bryant
Part II:Part II:Separation LogicSeparation Logic
Part II:Part II:Separation LogicSeparation Logic
– 2 –
OutlineOutline
BackgroundBackground SAT-based Decision Procedures
Equality with Uninterpreted FunctionsEquality with Uninterpreted Functions Translating to propositional formula Exploiting positive equality and sparse transitivity
Separation LogicSeparation Logic Translating to propositional formula Hybrid encoding techniques
– 3 –
Suitable for verifying wider class of systems
Terms (T ) Integer Expressions
ITE(F, T1, T2) If-then-else
Fun (T1, …, Tk) Function application
T + 1 Increment
T – 1 Decrement
Formulas (Formulas (F F )) Boolean ExpressionsF, F1 F2, F1 F2 Boolean connectives
T1 = T2 Equation
T1 < T2 Inequality
Pred(T1, …, Tk) Predicate application
Separation Logic with Uninterpreted Functions (SUF)Separation Logic with Uninterpreted Functions (SUF)
– 4 –
Eliminate function and predicate applications using fresh Eliminate function and predicate applications using fresh variables and ITE expressions variables and ITE expressions [Bryant, German, Velev, CAV’99][Bryant, German, Velev, CAV’99]
f(x) v1 and f(y) ITE(x = y, v1, v2)
SUF Separation LogicSUF Separation Logic
Separation Predicate
Terms (T ) Integer Expressions
ITEITE((FF, , TT11, , TT22)) If-then-elseIf-then-else
Fun Fun ((TT11, …, , …, TTkk)) Function applicationFunction applicationTT + 1 + 1 IncrementIncrementT T - 1- 1 DecrementDecrement
v Integer variable
Formulas (Formulas (F F )) Boolean Expressions
FF, , FF11 FF22, , FF11 FF22 Boolean connectivesBoolean connectives
TT11 = = TT22 EquationEquation
TT11 < < TT22 InequalityInequality
PredPred((TT11, …, , …, TTkk)) Predicate applicationPredicate applicationbBoolean variable
– 5 –
Separation Logic Formula
Per-Constraint Encoding (EIJ)
Small Domain Encoding (SD)
Eager Boolean Encoding Methods for Separation LogicEager Boolean Encoding Methods for Separation Logic
Boolean Formula
SAT Solver
satisfiable/unsatisfiable
– 6 –
Small Domain Encoding (SD)Small Domain Encoding (SD)
x y y z z x+1
Can use Boolean encoding of finite range of valuesCan use Boolean encoding of finite range of values– 4 values in this case, so 2-bit encoding4 values in this case, so 2-bit encoding
Observation: Observation: To check satisfiability, need to consider all possible To check satisfiability, need to consider all possible relativerelative orderings of orderings of finitely-manyfinitely-many expressions expressions
0x1x0 0y1y0 0y1y0 0z1z0 0z1z0 0x1x0 + 1
x x+1y
z
x x+1 y z
Values increase
[Bryant, Lahiri, Seshia, CAV’02]
– 7 –
Per-Constraint Encoding (EIJ) Per-Constraint Encoding (EIJ)
x y y z z x+1
e1 e2 e4
e4 x z
New Separation Predicate
e4 e3
Overall Boolean
Encoding
Transitivity Constraints
e1
y z
z x+1
x y
e2
e3
e1 e2 e3
[Strichman, Seshia, Bryant, CAV’02]
– 8 –
Enforcing Transitivity ConstraintsEnforcing Transitivity Constraints
Graph Representation of Separation ConstraintsGraph Representation of Separation Constraints Directed multigraph where edges labeled by constants
Fourier-Motzkin EliminationFourier-Motzkin Elimination Eliminate nodes in succession Possibly exponential growth in edges
x
y
zc1 c2
c1 + c2c3c4
c1 + c4
c3 + c2
c3 + c4x
y
c1
x y + c1
– 9 –
Introducing New PredicatesIntroducing New Predicates
x
y
zc1 c2
c1 + c2c3c4
c1 + c4
c3 + c2
c3 + c4x
y
c1
x y + c1
ee11x y + c1
ee22y z + c2
ee33x z + c1 + c2
ee44x y + c2
Sample Predicates
ee11 ee22 ee33
Sample Transitivity Constraint
ee44 ee11
Sample Ordering Constraint(for c1 < c2)
– 10 –
Comparing Eager Encoding MethodsComparing Eager Encoding Methods
Of SD and EIJ encoding methods, which one is better?Of SD and EIJ encoding methods, which one is better?
Comparison with respect toComparison with respect to Size of resulting Boolean formula Performance of SAT solver
– 11 –
Size of Boolean Encoding: SD better than EIJSize of Boolean Encoding: SD better than EIJLet Let NN be size of original separation logic formula be size of original separation logic formula
Size of a directed acyclic graph representation
SDSD encoding size is worst-case encoding size is worst-case OO((NN22))
EIJEIJ encoding size is worst-case encoding size is worst-case OO((22NN)) Can generate O(2N) transitivity constraints
> 1000000> 1000000EIJEIJ
5446554465SDSD
Boolean Encoding SizeBoolean Encoding SizeMethodMethodExample: Example: N = N = 68136813
– 12 –
Impact on SAT problem: SD vs EIJ Impact on SAT problem: SD vs EIJ
Experimentally compared zChaff performance on SD and EIJ encodings of several unsatisfiable formulas
Sample result:
EIJ better than SD for zChaff
MethodMethod # Boolean # Boolean variablesvariables
# CNF # CNF Clauses Clauses
# Conflict # Conflict ClausesClauses
zChaff zChaff Time Time (sec)(sec)
EIJEIJ 5721157211 169387169387 150150 0.560.56
SDSD 2311223112 6769967699 1581115811 21.6321.63
– 13 –
Impact on SAT: Why is EIJ better than SD? Impact on SAT: Why is EIJ better than SD? Conjecture: For SD, SAT solver has to “discover” Conjecture: For SD, SAT solver has to “discover”
transitivity constraints as conflict clausestransitivity constraints as conflict clauses Violation of transitivity constraint might be discovered only
after assigning bits of several bit-vectors
EIJ adds all such constraints a prioriEIJ adds all such constraints a priori Less learning and backtracking required by the SAT solver
– 14 –
Eager Encoding TradeoffsEager Encoding Tradeoffs
SD encodingSD encoding+ Polynomial size encoding Worse for SAT solvers
EIJ encodingEIJ encoding Worst-case exponential size encoding+ Better for SAT solvers
Can we automatically select between SD and EIJ based Can we automatically select between SD and EIJ based on the input formula?on the input formula?
– 15 –
Selection StrategySelection Strategy
Problem:Problem: Computationally hard to
estimate number of transitivity constraints
Can we use a different Can we use a different metric?metric?
Idea: Identify feature of the input formula that varies monotonically with run-time of EIJ (but not with run-time of SD)
Estimate number of transitivity constraints,
C
C > T ?YES NO
Use SD encoding
Use EIJ encoding
Seshia, Lahiri, Bryant, DAC ‘03
– 16 –
A Good Formula Feature: Number of Separation PredicatesA Good Formula Feature: Number of Separation Predicates
– 17 –
A Good Formula Feature: Number of Separation PredicatesA Good Formula Feature: Number of Separation Predicates
– 18 –
Revised Selection StrategyRevised Selection Strategy
Easy to count number of Easy to count number of separation predicatesseparation predicates
Very approximate measure Very approximate measure of # of transitivity of # of transitivity constraintsconstraints
Constraints only relate predicates that share variables
Also need to automate Also need to automate setting of threshold Tsetting of threshold T
Statistically estimate from “training” set of benchmarks
Count number of separation predicates,
m
m > T ?YES NO
Use SD encoding
Use EIJ encoding
– 19 –
{x,y,z} shared
Identifying Variable ClassesIdentifying Variable Classes
z ¸ x+1u ¸ v
u = v-2
{u,v} shared
Assignments to {u,v} are independent of those to {x,y,z}
Ç
Æ
Æ
Ç
x ¸ y y ¸ z
– 20 –
Hybrid Encoding TechniqueHybrid Encoding Technique
Compute 1. Variable classes based on predicates 2. Number of separation predicates for each class
{x,y,z}, m1
{u,v}, mk
Encode each class using SD or EIJ based on local decision
Encoded Boolean Formula
Separation Logic Formula
m1 > T ? mk > T ?YESNO YESNO
SD EIJEIJ SD
– 21 –
Automatically Selecting a Threshold Value: IntuitionAutomatically Selecting a Threshold Value: Intuition
EIJ run time increases drastically beyond a certain number of separation predicates
– 22 –
Automatically Selecting a Threshold Value using ClusteringAutomatically Selecting a Threshold Value using Clustering
Cluster total time (Y-axis) values, minimizing variance of each cluster
– 23 –
Experimental Evaluation SetupExperimental Evaluation SetupCompared Hybrid against Compared Hybrid against
SD and EIJ encodings Cooperating Validity Checker (CVC) based on lazy encoding
method [Stump et al.’02] Stanford Validity Checker (SVC) – non SAT-based [Barrett et al.
’96] CVC & SVC can handle more expressive logics than SUF
BenchmarksBenchmarks 49 unsatisfiable SUF formulas Load-store unit, out-of-order unit, device driver code, compiler
validation, DLX pipeline Threshold value calculated from subset of 16 benchmarks
Worked well for 39 out of the 49 benchmarks
SetupSetup Used zChaff SAT solver Imposed timeout of 1800 sec. on total time (Encoding+SAT)
– 24 –
Hybrid vs. SD (39/49 benchmarks)Hybrid vs. SD (39/49 benchmarks)
Hybrid better
SD better
– 25 –
Hybrid vs. EIJ (39/49 benchmarks)Hybrid vs. EIJ (39/49 benchmarks)
Hybrid better
EIJ better
– 26 –
Hybrid vs. Lazy Encoding (CVC) (39/49 benchmarks)Hybrid vs. Lazy Encoding (CVC) (39/49 benchmarks)
CVC better
Hybrid better
– 27 –
Hybrid vs. Non-SAT-based Procedure (SVC) (39/49 benchmarks)Hybrid vs. Non-SAT-based Procedure (SVC) (39/49 benchmarks)
SVC better
Hybrid better
– 28 –
SD outperforms Hybrid on 10/49 benchmarksSD outperforms Hybrid on 10/49 benchmarks
SD better
Hybrid better
– 29 –
Conclusions & Ongoing WorkConclusions & Ongoing Work
Hybrid combination of EIJ and SD encodings Hybrid combination of EIJ and SD encodings is robust to formula variations outperforms lazy encoding methods (CVC) outperforms non-SAT-based methods (SVC)
Ongoing & Future workOngoing & Future work Alternate estimators for number of transitivity constraints Threshold setting technique based on clustering applies to
other CAD problems too Combination of lazy and eager encoding techniques might
perform well on satisfiable formulas?
More on UCLID project webpage More on UCLID project webpage http://www.cs.cmu.edu/~uclidhttp://www.cs.cmu.edu/~uclid
