340 likes | 500 Views
Boolean Satisfiability with Transitivity Constraints. Randal E. Bryant Miroslav N. Velev. Carnegie Mellon University. http://www.cs.cmu.edu/~bryant. Outline. Application Domain Verify correctness of a pipelined processor Based on Burch-Dill correspondence checking Burch & Dill, CAV ‘94
E N D
Boolean Satisfiability with Transitivity Constraints Randal E. Bryant Miroslav N. Velev Carnegie Mellon University http://www.cs.cmu.edu/~bryant
Outline • Application Domain • Verify correctness of a pipelined processor • Based on Burch-Dill correspondence checking • Burch & Dill, CAV ‘94 • Verification Task • Decide validity of formula in logic of equality with uninterpreted functions • Translate into equational logic • Propositional logic with equations of form vi = vj • Bryant, German & Velev, CAV ’99 • Goel, Sahid, Zhou, Aziz, & Singhal, CAV ‘98 • New Contribution • Efficient handling of transitivity constraints
e 1 f T F Ù e Ø 0 = x f 0 T Ú = F T F d 0 Decision Problem • Logic of Equality with Uninterpreted Functions (EUF) • Truth Values • Dashed Lines • Model control signals • Domain Values • Solid lines • Model data words • Task • Determine whether formula is universally valid • True for all interpretations of variables and function symbols
Eliminating Function Applications • Verification Task • Prove: x = f(f(x)) x = f(f(f(x))) x = f(x) • Instance of: x = y x = f(y) x = f(x) • Ackermann’s Method • Replace: f(x) f1 f(f(x)) f2 f(f(f(x))) f3 • Gives: x = f2 x = f3 x = f1 • Functional Consistency Constraints x = f1 f1 = f2 f1= f2 f2 = f3 x = f2 f1 = f3
Eliminating Funct. Apps. (cont.) • Equational Formula • Complement of substituted formula + consistency constraints Clauses Origin x = f2 x = f3x f1[x = f2 x = f3 x = f1] (x f1 f1 = f2) x= f1 f1 = f2 (f1f2 f2 = f3) f1= f2 f2 = f3 (x f2 f1 = f3) x = f2 f1 = f3 • Verification Task • Prove that equational formula is not satisfiable x = f2 x = f3x f1 (x f1 f1 = f2) (f1f2 f2 = f3) (x f2 f1 = f3)
Solving Equational Formulas • Historically • E.g., Nelson & Oppen ‘80 • Create special purpose search engine • Davis-Putnam search • Data structure to maintain equivalence classes • Question • Can we translate problem into pure propositional logic? • Would enable use of BDDs or SAT checkers
Replacing Equations by Variables • Relational Variables • Goel, Sahid, Zhou, Aziz, & Singhal, CAV ‘98 • Replace vi = vj by propositional variable ei,j • Propositional Formula Fsat • Relabeling: x v1f1 v2f2 v3f3 v4 Clauses Origin e13 e14e12x = f2 x = f3x f1 (e12 e23) (x f1 f1 = f2) (e23 e34) (f1f2 f2 = f3) (e13 e24) (x f2 f1 = f3) e13 e14e12 (e12 e23) (e23 e34) (e13 e24)
Need for Transitivity Constraints • Propositional Formula Fsat e13 e14e12 (e12 e23) (e23 e34) (e13 e24) • Solution e13 = true e14 = true e12 = false e23 = true e34 = true e24 = true • Transitivity Violation in Solution e13 = true e23 = true e12 = false • Corresponds to x = f2andf2= f1butx f1
Handling Transitivity Constraints: Goel, et al., CAV ’98 • Complexity • Finding solution to Fsat that satisfies transitivity constraints is NP-Hard • Even when Fsat represented as OBDD • Their method • Enumerate implicants of Fsat from OBDD representation • Discard any implicant that contains transitivity violation • Eventually find solution or run out of implicants • Our Experiments • Works well for small benchmarks • Far too many implicants for larger benchmarks
Handling Transitivity Constraints: Our Method • Idea • Generate propositional formula Ftrans expressing transitivity constraints • Satisfy formula FsatFtrans • Using OBDDs or SAT checker • Sources of Efficiency • Equational structure very sparse • Far fewer than n(n-1)/2 relational variables • Only need to enforce limited set of transitivity constraints • With OBDDs, can reduce set of relational variables • Only those in true support of Fsat
Benchmark Circuits • Single Issue Pipeline: 1xDLX-C • Analogous to DLX model in Hennessy & Patterson • Verified in ‘94 by Burch & Dill • Dual Issue Pipeline #1: 2xDLX-CA • Second pipeline can only handle R-R and R-I instructions • Burch (DAC ‘96) required 28 manual case splits, 3 commutative diagrams, and 1800s. • Dual Issue Pipeline #2: 2xDLX-CC • Second pipeline can also handle all instructions
Verifying Original Benchmarks • None Require Transitivity Constraints • Fsat is unsatisfiable in every case • Circuits don’t make use of transitivity in forwarding or stall decisions • Performance Circuit OBDD Secs. FGRASP Secs. 1xDLX-C 0.2 3 2xDLX-CA 11. 176 2xDLX-CC 29. 5,035
Transitivity Benchmarks • Modified, but Correct Circuits • Modify forwarding logic ESrc1=MDest ESrc1=MDest (ESrc1=ESrc2ESrc2=MDest) • Equivalent under transitivity • Circuit names 1xDLX-Ct, 2xDLX-CAt, 2xDLX-CCt • Buggy Circuits • 100 buggy versions of 2xDLX-CC • Each contains single modification of control logic • Must ensure that counterexample satisfies transitivity constraints
1xDLX-C Equation Structure • Vertices • For each vi • 13 different register identifiers • Edges • For each equation • Control stalling and forwarding logic • 27 relational variables • Out of 78 possible
2DLX-CCt Equation Structure • Equations • Between 25 different register identifiers • 143 relational variables • Out of 300 possible
= = = = = = = Graph Interpretation of Transitivity • Transitivity Violation • Cycle in graph • Exactly one edge has ei,j= false
Exploiting Chords • Chord • Edge connecting two non-adjacent vertices in cycle Property • Sufficient to enforce transitivity constraints for all chord-free cycles • If transitivity holds for all chord-free cycles, then holds for arbitrary cycles
Enumerating Chord-Free Cycles • Strategy • Enumerate chord-free cycles in graph • Each cycle of length k yields k transitivity constraints Problem • Potentially exponential number of chord-free cycles 1 2 k • • • 2k+k chord-free cycles • • •
2k+1 chord-free cycles Adding Chords • Strategy • Add edges to graph to reduce number of chord-free cycles 1 2 k • • • 2k+k chord-free cycles • • • Trade-Off • Reduces formula size • Increases number of relational variables
Chordal Graph • Definition • Every cycle of length > 3 has a chord • Goal • Add minimum number of edges to make graph chordal • Relation to Sparse Gaussian Elimination • Choose pivot ordering that minimizes fill-in • NP-hard • Simple heuristics effective
Original 27 relational variables 286 cycles 858 clauses Augmented 33 relational variables 40 cycles 120 clauses Adding Chordal Edges to 1xDLX-C
Original 143 relational variables 2,136 cycles 8,364 clauses Augmented 193 relational variables 858 cycles 2,574 clauses Adding Chordal Edges to 2xDLX-CCt
SAT Checker on Good Circuits • Strategy • Run on clauses encoding Fsat and Ftrans • FGRASP Performance (Secs.) Circuit FsatFsatFtrans 1xDLX-C 3 4 1xDLX-Ct --- 9 2xDLX-CA 176 1,275 2xDLX-CAt --- 896 2xDLX-CC 5,035 9,932 2xDLX-CCt --- 15,003 • Observation • Much more challenging with transitivity constraints imposed
SAT Checker on Buggy Circuits • Performance Penalty with Transitivity Constraints • Geometric average slowdown = 2.3X
Using OBDDs • Possible Strategy • Build OBDDs for Fsat and Ftrans • Compute FsatFtrans • Find satisfying solution
Limitation of OBDDs • OBDD for Ftrans can be of exponential size • Regardless of variable ordering • Formal result • Relational variables forming k X k mesh • OBDD representation has (2k/4) nodes • Experimental Results • Unable to build OBDD of Ftrans for large benchmarks 6 X 6 mesh
Better Use of OBDDs • Strategy • Build OBDD for Fsat • Determine relational variables in true support • Easy with OBDD • Generate Ftrans for these variables • Compute conjunction and find satisfying solution • Performance • When Fsat unsatisfiable, no further steps required • For other benchmarks, yields tractable Ftrans
2DLX-CCt Reduced Constraints • Relational variables • 46 original • 6 chordal • OBDD Representation • 7,168 nodes
Reduced Constraints: Average-Case Buggy Circuit • Relational Variables • 17 original • 3 chordal • OBDD Representation • 70 nodes
Reduced Constraints: Worst-Case Buggy Circuit • Relational variables • 52 original • 16 chordal • OBDD Representation • 93,937 nodes
OBDDs on Good Circuits • CUDD Performance (Secs.) Circuit Time 1xDLX-C 0.2 1xDLX-Ct 2 2xDLX-CA 11 2xDLX-CAt 109 2xDLX-CC 29 2xDLX-CCt 441 • Observation • Significantly more effort with transitivity constraints • Better performance than FGRASP
OBDDs on Buggy Circuits • Performance Penalty with Transitivity Constraints • Geometric average slowdown = 1.01X
Conclusion • Equational Formulas can be Solved by Propositional Methods • Exploit sparse structure of equations • Reduces number of variables • Reduces formula size • With OBDDs, can identify essential relational variables • In true support of Fsat • Can use either SAT checker or OBDDs • OBDDs do best for unsatisfiable formulas
Extension • Formulas with Ordering Constraints • Constraints of form vivj • Symbolic Solution • Introduce variables ai,j and aj,i for each constraint virelvj • ai,j true when vivj • Solution defines partial ordering • Application • Scheduling problems