Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Revisiting Assumptions Ordering in CAR-Based Model Checking

Yibo Dong, Yu Chen, Jianwen Li, Geguang Pu, Ofer Strichman

TL;DR

One of the strategies, Hybrid-CAR, which switches between strategies at runtime, not only outperforms other, fixed ordering strategies, but also outperforms other state-of-the-art bug-finding algorithms such as ABC-BMC.

Abstract

Model checking is an automatic formal verification technique that is widely used in hardware verification. The state-of-the-art complete model-checking techniques, based on IC3/PDR and its general variant CAR, are based on computing symbolically sets of under - and over-approximating state sets (called frames) with multiple calls to a SAT solver. The performance of those techniques is sensitive to the order of the assumptions with which the SAT solver is invoked, because it affects the unsatisfiable cores - which the solver emits when the formula is unsatisfiable - that crucially affect the search process. This observation was previously published in [15], where two partial assumption ordering strategies, intersection and rotation were suggested (partial in the sense that they determine the order of only a subset of the literals). In this paper we extend and improve these strategies based on an analysis of the reason for their effectiveness. We prove that intersection is effective because of what we call locality of the cores, and our improved strategy is based on this observation. We conclude our paper with an extensive empirical evaluation of the various ordering techniques. One of our strategies, Hybrid-CAR, which switches between strategies at runtime, not only outperforms other, fixed ordering strategies, but also outperforms other state-of-the-art bug-finding algorithms such as ABC-BMC.

Revisiting Assumptions Ordering in CAR-Based Model Checking

TL;DR

One of the strategies, Hybrid-CAR, which switches between strategies at runtime, not only outperforms other, fixed ordering strategies, but also outperforms other state-of-the-art bug-finding algorithms such as ABC-BMC.

Abstract

Model checking is an automatic formal verification technique that is widely used in hardware verification. The state-of-the-art complete model-checking techniques, based on IC3/PDR and its general variant CAR, are based on computing symbolically sets of under - and over-approximating state sets (called frames) with multiple calls to a SAT solver. The performance of those techniques is sensitive to the order of the assumptions with which the SAT solver is invoked, because it affects the unsatisfiable cores - which the solver emits when the formula is unsatisfiable - that crucially affect the search process. This observation was previously published in [15], where two partial assumption ordering strategies, intersection and rotation were suggested (partial in the sense that they determine the order of only a subset of the literals). In this paper we extend and improve these strategies based on an analysis of the reason for their effectiveness. We prove that intersection is effective because of what we call locality of the cores, and our improved strategy is based on this observation. We conclude our paper with an extensive empirical evaluation of the various ordering techniques. One of our strategies, Hybrid-CAR, which switches between strategies at runtime, not only outperforms other, fixed ordering strategies, but also outperforms other state-of-the-art bug-finding algorithms such as ABC-BMC.

Paper Structure

This paper contains 14 sections, 2 equations, 13 figures, 7 tables, 5 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Boolean Transition System
  4. Safety Model Checking and Reachability Analysis
  5. SAT Solving and Unsatisfiable Cores
  6. Complementary Approximate Reachability (CAR)
  7. Literal Reordering Strategies: prior work and insights
  8. Literal Ordering Strategies: new approaches
  9. Literal reordering with CoreLocality
  10. Moving forward the conflict literals
  11. Hybrid-CAR: Combining different orderings
  12. Experiments
  13. Setup
  14. Conclusion

Figures (13)

  • Figure 1: The updating process of $cVec$, which is the core of Rotation. The consecutive intersection of recent failed states ($\bigcap{s_i}$) is in the very beginning.
  • Figure 2: An example of the reordering process, where $s_{i}$, $s_{r}$ and $s_{i+r}$ each represents the reordered state $\hat{s}$ using only Intersection, only Rotation and their combination, respectively.
  • Figure 3: An example of the CoreLocality strategy. $Local(k)$ denotes reordered state utilizing $k$ UCs , i.e., $iLimit = k$.
  • Figure 4: The difference between CoreLocality and combination of Intersection and Rotation. Some literals (blue dots) from $rCube$ and $unsorted$ are prioritised.
  • Figure 5: Increasing the number of UCs that are intersected has a diminishing effect on the number of distinct literals that are covered (this figure was created based on a formula from 6s33.aig).
  • ...and 8 more figures

Theorems & Definitions (3)

  • Definition 1: Over/Under Approximating State Sequences
  • Example 3.1: Prior literals are more likely to appear in the UC
  • Example 4.1