Results 11  20
of
32
Lineartime reductions of resolution proofs
 HVC ’08: 4th Intl. Haifa Verification Conf. on Hardware and Software, volume 5394 of Lecture Notes in Computer Science
, 2009
"... Abstract. DPLLbased SAT solvers progress by implicitly applying binary resolution. The resolution proofs that they generate are used, after the SAT solver’s run has terminated, for various purposes. Most notable uses in formal verification are: extracting an unsatisfiable core, extracting an inter ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
(Show Context)
Abstract. DPLLbased SAT solvers progress by implicitly applying binary resolution. The resolution proofs that they generate are used, after the SAT solver’s run has terminated, for various purposes. Most notable uses in formal verification are: extracting an unsatisfiable core, extracting an interpolant, and detecting clauses that can be reused in an incremental satisfiability setting (the latter uses the proof only implicitly, during the run of the SAT solver). Making the resolution proof smaller can benefit all of these goals. We suggest two methods that are linear in the size of the proof for doing so. Our first technique, called RecycleUnits, uses each learned constant (unit clause) (x) for simplifying resolution steps in which x was the pivot, prior to when it was learned. Our second technique, called RecyclePivots, simplifies proofs in which there are several nodes in the resolution graph, one of which dominates the others, that correspond to the same pivot. Our experiments with industrial instances show that these simplifications reduce the core by ≈ 5 % and the proof by ≈ 13%. It reduces the core less than competing methods such as runtillfix, but whereas our algorithms are linear in the size of the proof, the latter and other competing techniques are all exponential as they are based on SAT runs. If we consider the size of the proof graph as being polynomial in the number of variables (it is not necessarily the case in general), this gives our method an exponential time reduction comparing to existing tools for small core extraction. Our experiments show that this result is evident in practice more so for the second method: rarely it takes more than a few seconds, even when competing tools time out, and hence it can be used as a cheap proof postprocessing procedure. 1
Computing small unsatisfiable cores in satisfiability modulo theories
 Journal of Artificial Intelligence Research
, 2011
"... Abstract The problem of finding small unsatisfiable cores for SAT formulas has recently received a lot of interest, mostly for its applications in formal verification. However, propositional logic is often not expressive enough for representing many interesting verification problems, which can be m ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
Abstract The problem of finding small unsatisfiable cores for SAT formulas has recently received a lot of interest, mostly for its applications in formal verification. However, propositional logic is often not expressive enough for representing many interesting verification problems, which can be more naturally addressed in the framework of Satisfiability Modulo Theories, SMT. Surprisingly, the problem of finding unsatisfiable cores in SMT has received very little attention in the literature. In this paper we present a novel approach to this problem, called the LemmaLifting approach. The main idea is to combine an SMT solver with an external propositional core extractor. The SMT solver produces the theory lemmas found during the search, dynamically lifting the suitable amount of theory information to the Boolean level. The core extractor is then called on the Boolean abstraction of the original SMT problem and of the theory lemmas. This results in an unsatisfiable core for the original SMT problem, once the remaining theory lemmas are removed. The approach is conceptually interesting, and has several advantages in practice. In fact, it is extremely simple to implement and to update, and it can be interfaced with every propositional core extractor in a plugandplay manner, so as to benefit for free of all unsatcore reduction techniques which have been or will be made available. We have evaluated our algorithm with a very extensive empirical test on SMTLIB benchmarks, which confirms the validity and potential of this approach. Motivations and Goals In the last decade we have witnessed an impressive advance in the efficiency of SAT techniques, which has brought large and previouslyintractable problems at the reach of stateoftheart SAT solvers. As a consequence, SAT solvers are now a fundamental tool in many industrialstrength applications, including most formal verification design flows for hardware systems, for equivalence, property checking, and ATPG. In particular, one of the most relevant problems in this context, thanks to its many important applications, is that of finding small unsatisfiable cores, that is, small unsatisfiable subsets of unsatisfiable sets of clauses. Surprisingly, the problem of finding unsatisfiable cores in SMT has received virtually no attention in the literature. Although some SMT tools do compute unsat cores, this is done either as a byproduct of the more general task of producing proofs, or by modifying the embedded DPLL solver so that to apply basic propositional techniques to produce an unsat core. In particular, we are not aware of any work aiming at producing small unsatisfiable cores in SMT. In this paper we present a novel approach addressing this problem, which we call the LemmaLifting approach. The main idea is to combine an SMT solver with an external propositional core extractor. The SMT solver stores and returns the theory lemmas it had to prove in order to refute the input formula; the external core extractor is then called on the Boolean abstraction of the original SMT problem and of the theory lemmas. Our algorithm is based on the following two key observations: i) the theory lemmas discovered by the SMT solver during search are valid clauses in the theory T under consideration, and therefore they do not affect the satisfiability of a formula in T ; and ii) the conjunction of the original SMT formula with all the theory lemmas is propositionally unsatisfiable. Therefore, the external (Boolean) core extractor finds an unsatisfiable core for (the Boolean abstraction of) the conjunction of the original formula and the theory lemmas, which can then be refined back into a subset of the original clauses by simply removing from it (the Boolean abstractions of) all theory lemmas. The result is an unsatisfiable core of the original SMT problem. 702 Computing Small Unsatisfiable Cores in Satisfiability Modulo Theories Although simple in principle, the approach is conceptually interesting: basically, the SMT solver is used to dynamically lift the suitable amount of theory information to the Boolean level. Furthermore, the approach has several advantages in practice: first, it is extremely simple to implement and to update; second, it is effective in finding small cores; third, the core extraction is not prone to complex SMT reasoning; finally, it can be interfaced with every propositional core extractor in a plugandplay manner, so as to benefit for free of all unsatcore reduction techniques which have been or will be made available. We have evaluated our approach by a very extensive empirical test on SMTLIB benchmarks, in terms of both effectiveness (reduction in size of the cores) and efficiency (execution time). The results confirm the validity and versatility of this approach. As a byproduct, we have also produced an extensive and insightful evaluation of the main Boolean unsatcoregeneration tools currently available. Content. The paper is organized as follows. In §2 and §3 we provide some background knowledge on techniques for SAT and SMT ( §2), and for the extraction of unsatisfiable cores in SAT and in SMT ( §3). In §4 we present and discuss our new approach and algorithm. In §5 we present and comment on the empirical tests. In §6 we conclude, suggesting some future developments.
Synthesizing Complementary Circuits Automatically
 ICCAD'09
, 2009
"... One of the most difficult jobs in designing communication and multimedia chips, is to design and verify complex complementary circuit pair (E, E −1), in which circuit E transforms information into a format that is suitable for transmission and storage, while E’s complementary circuit E −1 recovers t ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
One of the most difficult jobs in designing communication and multimedia chips, is to design and verify complex complementary circuit pair (E, E −1), in which circuit E transforms information into a format that is suitable for transmission and storage, while E’s complementary circuit E −1 recovers this information. In order to ease this job, we propose a novel twostep approach to synthesize complementary circuit E −1 from E fully automatically. First, we assume that the circuit E satisfies parameterized complementary assumption, which means its input can be recovered from its output under some parameter setting. We check this assumption with SAT solver and find out proper values of these parameters. Second, with parameter values and the SAT instance obtained in the first step, we build the complementary circuit E −1 with an efficient satisfying assignments enumeration technique that is specially designed for circuits with lots of XOR gates. To illustrate its usefulness and efficiency, we run our algorithm on several complex encoders from industrial projects, including PCIE and 10G ethernet, and successfully generate correct complementary circuits for them.
Designers Work Less with Quality Formal Equivalence Checking
, 2010
"... Formal Equivalence Checking (FEC) is a technique that formally proves the equivalence of a schematics implementation against a golden RTL model. This equivalence must be guaranteed in light of possible multiple local handimplemented changes in the schematics. To overcome capacity problems, FEC is u ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Formal Equivalence Checking (FEC) is a technique that formally proves the equivalence of a schematics implementation against a golden RTL model. This equivalence must be guaranteed in light of possible multiple local handimplemented changes in the schematics. To overcome capacity problems, FEC is usually performed on system subblocks, whereas the “environment ” is modeled with assumptions written using a property specification language such as SVA. These assumptions must later be proved relative to the driving logic. The majority of FEC tools today are based on SATbased model checking formal verification engines. In this paper, we describe an approach that can considerably reduce both the time and computational effort required to complete FEC activity in a project. It is based on an additional step introduced to complement the traditional SATbased model checking algorithm. This step calculates a minimal set of required assumptions using a new SATbased algorithm. Minimizing the set of assumptions greatly reduces the manual debugging effort required of designers, as well as reduces the number of iterative verifications.
Towards a Notion of Unsatisfiable Cores for LTL
, 2010
"... Unsatisfiable cores, i.e., parts of an unsatisfiable formula that are themselves unsatisfiable, have important uses in debugging specifications, speeding up search in model checking or SMT, and generating certificates of unsatisfiability. While unsatisfiable cores have been well investigated for Bo ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Unsatisfiable cores, i.e., parts of an unsatisfiable formula that are themselves unsatisfiable, have important uses in debugging specifications, speeding up search in model checking or SMT, and generating certificates of unsatisfiability. While unsatisfiable cores have been well investigated for Boolean SAT and constraint programming, the notion of unsatisfiable cores for temporal logics such as LTL has not received much attention. In this paper we investigate notions of unsatisfiable cores for LTL that arise from the syntax tree of an LTL formula, from converting it into a conjunctive normal form, and from proofs of its unsatisfiability. The resulting notions are more finegranular than existing ones.
Improved Single Pass Algorithms for Resolution Proof Reduction (poster presentation)
"... An unsatisfiability proof is a series of applications of proof rules on an input formula to deduce false. Unsatisfiability proofs for a Boolean formula can find many applications in verification. For instance, one application is automatic learning of abstractions for unbounded model checking by anal ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
An unsatisfiability proof is a series of applications of proof rules on an input formula to deduce false. Unsatisfiability proofs for a Boolean formula can find many applications in verification. For instance, one application is automatic learning of abstractions for unbounded model checking by analyzing proofs of program safety for bounded steps [6, 5, 4]. We can also learn unsatisfiable cores from unsatisfiability proofs, which are useful in locating errors in inconsistent specifications [10]. These proofs can be used by higher order theorem provers as subproofs of another proof [2]. One of the most widely used proof rules for Boolean formulas is the resolution rule, i.e., if a∨b and ¬a∨c holds then we can deduce b∨c. In the application of the rule, a is known as pivot. A resolution proof is generated by applying resolution rule on the clauses of an unsatisfiable Boolean formula to deduce false. Modern SAT solvers (Boolean satisfiability checkers) implement some variation of DPLL that is enhanced with conflict driven clause learning [9, 8]. Without incurring large additional cost on the solvers, we can generate a resolution proof from a
Tracking unsatisfiable subformulas from reduced refutation proof
 JSW
, 2009
"... Abstract—Explaining the causes of infeasibility of Boolean formulas has many practical applications in various fields. A small unsatisfiable subformula provides a succinct explanation of infeasibility and is valuable for applications. In recent years finding unsatisfiable subformulas has been addres ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract—Explaining the causes of infeasibility of Boolean formulas has many practical applications in various fields. A small unsatisfiable subformula provides a succinct explanation of infeasibility and is valuable for applications. In recent years finding unsatisfiable subformulas has been addressed frequently by research works, mostly based on the SAT solvers with DPLL backtracksearch algorithm. However little attention has been concentrated on extraction of unsatisfiable subformulas using incomplete methods. In this paper, we present the definitions of refutation proof and refutation parsing graph, and then propose a resolutionbased local search algorithm to track unsatisfiable subformulas according to the reduced refutation proof of a formula. This approach directly constructs the resolution sequences for proving unsatisfiability with a local search procedure, and then recursively derives unsatisfiable subformulas from the resolve traces. We report and analyze the experimental results on wellknown and randomly generated benchmarks. Index Terms—Boolean satisfiabiltiy, unsatisfiability subformula, refutation proof, local search I.
Efficient MUS Extraction with Resolution
"... Abstract—We report advances in stateoftheart algorithms for the problem of Minimal Unsatisfiable Subformula (MUS) extraction. First, we demonstrate how to apply techniques used in the past to speed up resolutionbased Group MUS extraction to plain MUS extraction. Second, we show that model rotati ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract—We report advances in stateoftheart algorithms for the problem of Minimal Unsatisfiable Subformula (MUS) extraction. First, we demonstrate how to apply techniques used in the past to speed up resolutionbased Group MUS extraction to plain MUS extraction. Second, we show that model rotation, presented in the context of assumptionbased MUS extraction, can also be used with resolutionbased MUS extraction. Third, we introduce an improvement to rotation, called eager rotation. Finally, we propose a new technique for speedingup resolutionbased MUS extraction, called path strengthening. We integrated the above techniques into the publicly available resolutionbased MUS extractor HaifaMUC, which, as a result, now outperforms leading MUS extractors.
Lineartime reductions of resolution proofs (full version
, 2008
"... Abstract. DPLLbased SAT solvers progress by implicitly applying binary resolution. The resolution proofs that they generate are used, after the SAT solver’s run has terminated, for various purposes. Most notable uses in formal verification are: extracting an unsatisfiable core, extracting an inter ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. DPLLbased SAT solvers progress by implicitly applying binary resolution. The resolution proofs that they generate are used, after the SAT solver’s run has terminated, for various purposes. Most notable uses in formal verification are: extracting an unsatisfiable core, extracting an interpolant, and detecting clauses that can be reused in an incremental satisfiability setting (the latter uses the proof only implicitly, during the run of the SAT solver). Making the resolution proof smaller can benefit all of these goals: it can lead to smaller cores, smaller interpolants, and smaller clauses that are propagated to the next SAT instance in an incremental setting. We suggest two methods that are linear in the size of the proof for doing so. Our first technique, called RecycleUnits, uses each learned constant (unit clause) (x) for simplifying resolution steps in which x was the pivot, prior to when it was learned. Our second technique, called RecyclePivots, simplifies proofs in which there are several nodes in the resolution graph, one of which dominates the others, that correspond to the same pivot. Our experiments with industrial instances show that these simplifications reduce the core by ≈ 5 % and the proof by ≈ 13%. It reduces the core less than competing methods such as runtillfix, but whereas our algorithms are linear in the size of the proof, the latter and other competing techniques are all exponential as they are based on SAT runs. If we consider the size of the proof graph as being polynomial in the number of variables (it is not necessarily the case in general), this gives our method an exponential time reduction comparing to existing tools for small core extraction. Our experiments show that this result is evident in practice more so for the second method: rarely it takes more than a few seconds, even when competing tools time out, and hence it can be used as a cheap proof postprocessing procedure. 1
Systematically Debugging IoT Control System Correctness for Building Automation
"... ABSTRACT Advances and standards in Internet of Things (IoT) have simplified the realization of building automation. However, nonexpert IoT users still lack tools that can help them to ensure the underlying control system correctness: userprogrammable logics match the user intention. In fact, nonex ..."
Abstract
 Add to MetaCart
(Show Context)
ABSTRACT Advances and standards in Internet of Things (IoT) have simplified the realization of building automation. However, nonexpert IoT users still lack tools that can help them to ensure the underlying control system correctness: userprogrammable logics match the user intention. In fact, nonexpert IoT users lack the necessary knowhow of domain experts. This paper presents our experience in running a building automation service based on the Salus framework. Complementing efforts that simply verify the IoT control system correctness, Salus takes novel steps to tackle practical challenges in automated debugging of identified policy violations, for nonexpert IoT users. First, Salus leverages formal methods to localize faulty userprogrammable logics. Second, to debug these identified faults, Salus selectively transforms the control system logics into a set of parameterized equations, which can then be solved by popular model checking tools or SMT (Satisfiability Modulo Theories) solvers. Through office deployments, user studies, and public datasets, we demonstrate the usefulness of Salus in systematically debugging the correctness of IoT control systems for building automation.