The Benefit of Concurrency in Model Checking

ion phase. The next phase employs abstractions. Usually, the CB/PB localization abstractions [8] are done first followed by refinement using a verify phase. Then speculation [3] is done, again followed by refinement using a verify phase. 1 In some rare cases, the forward diameter of the design is know, in which case BMC can be considered a complete method. 2 In theory, if the synthesis algorithms were powerful enough and the property holds, this would be all that is needed since the circuit can be reduced to a constant. Sometimes this happens. Speculation is the process where equivalences between signals in the circcuit are postulated based on extensive random or semi-formal simulation. By simplifying the circuit using the speculated equivalences, a “speculatively reduced model” is produced with additional outputs representing proof-obligations for the speculations. These obligations can be dispatched all at once or individually. Each of these sub-problems can be attacked as a separate MC problem using any of the sequence of MC engines in the arsenal. As can be imagined, the orchestration of the use of these engines and their variations becomes quite complex requiring intricate code or use of expert systems [30] [Ziv]. 4 Concurrent verify phase If there are initially many properties to be proved for the same design, the obvious way to exploit multi-cores is just to solve each property separately. However, as soon as all easy properties have been solved, we are left with the hard ones, and we claim that CPU power is better used by a welltuned concurrent engine. In the following, we describe our efforts along these lines and some experimental results. The scripting layer of our model checker 3 was modified to use a concurrent verify phase, which can fork off a subset of basic MC engines. These run concurrently as separate processes. 4 At the time of the fork, the global state of the Python interpreter and the current AIG for the problem are copied for each process. The list of basic engines that we use are: 1. Four different versions of BDD reachability, reachx, reachm, reachn, reachp 2. Four different versions of property directed reachability 5 , pdr, pdrs, pdrm, pdrmm 3. Two different implementations of bounded model checking, bmc, bmc3 4. Interpolation, interpolate 5. Repeated random simulation, simulate Each engine is given the same timeout. The fork terminates when any algorithm returns a definitive result, SAT or UNSAT, or when all engines have timed out. Only the winning result (which may include a counter-example (CEX), used for refinement) is kept. In the verify phase, the AIG is not changed, but the transformation engines used in the next section may also return a new AIG. The Python function call is “verify(list, time)”, where list is a list of engines to be run concurrently, and time is the timeout in seconds for each engine. In contrast to a sequential verify phase, the code for this is markedly simpler. 5 Deployment of a concurrent verify A rough outline of our hybrid concurrent MC algorithm called c_prove, which uses the concurrent verify is shown in Figure 1. 3 The ABC model checker is scripted in Python with the capability of orchestrating ABC or ZZ/BIP commands which are written in C or C++. 4 In our experiments we used an 8-core server running Ubuntu Linux. 5 PDR is based on Bradley’s method and program, which he called IC3.

[1]  Alan Mishchenko,et al.  A single-instance incremental SAT formulation of proof- and counterexample-based abstraction , 2010, Formal Methods in Computer Aided Design.

[2]  Robert K. Brayton,et al.  ABC: An Academic Industrial-Strength Verification Tool , 2010, CAV.

[3]  Aaron R. Bradley k-Step Relative Inductive Generalization , 2010, ArXiv.

[4]  Jason Baumgartner,et al.  Enhanced verification by temporal decomposition , 2009, 2009 Formal Methods in Computer-Aided Design.

[5]  Lubos Brim,et al.  CUDA Accelerated LTL Model Checking , 2009, 2009 15th International Conference on Parallel and Distributed Systems.

[6]  Gianpiero Cabodi,et al.  Speeding up model checking by exploiting explicit and hidden verification constraints , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[7]  Robert K. Brayton,et al.  Speculative reduction-based scalable redundancy identification , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[8]  Ziv Nevo,et al.  User-Friendly Model Checking: Automatically Configuring Algorithms with RuleBase/PE , 2009, Haifa Verification Conference.

[9]  Michael L. Case,et al.  Scalable and scalably-verifiable sequential synthesis , 2008, 2008 IEEE/ACM International Conference on Computer-Aided Design.

[10]  Zohar Manna,et al.  Checking Safety by Inductive Generalization of Counterexamples to Induction , 2007, Formal Methods in Computer Aided Design (FMCAD'07).

[11]  Robert K. Brayton,et al.  Fast Minimum-Register Retiming via Binary Maximum-Flow , 2007, Formal Methods in Computer Aided Design (FMCAD'07).

[12]  Jason Baumgartner,et al.  Scalable Sequential Equivalence Checking across Arbitrary Design Transformations , 2006, 2006 International Conference on Computer Design.

[13]  Robert K. Brayton,et al.  DAG-aware AIG rewriting: a fresh look at combinational logic synthesis , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[14]  Jason Baumgartner,et al.  Maximal Input Reduction of Sequential Netlists via Synergistic Reparameterization and Localization Strategies , 2005, CHARME.

[15]  Jason Baumgartner,et al.  Exploiting suspected redundancy without proving it , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[16]  Per Bjesse,et al.  Automatic generalized phase abstraction for formal verification , 2005, ICCAD-2005. IEEE/ACM International Conference on Computer-Aided Design, 2005..

[17]  Jason Baumgartner,et al.  Scalable Automated Verification via Expert-System Guided Transformations , 2004, FMCAD.

[18]  Malay K. Ganai,et al.  Iterative abstraction using SAT-based BMC with proof analysis , 2003, ICCAD-2003. International Conference on Computer Aided Design (IEEE Cat. No.03CH37486).

[19]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[20]  Kenneth L. McMillan,et al.  Automatic Abstraction without Counterexamples , 2003, TACAS.

[21]  Armin Biere,et al.  Bounded Model Checking Using Satisfiability Solving , 2001, Formal Methods Syst. Des..

[22]  Jiang Long,et al.  Smart simulation using collaborative formal and simulation engines , 2000, IEEE/ACM International Conference on Computer Aided Design. ICCAD - 2000. IEEE/ACM Digest of Technical Papers (Cat. No.00CH37140).

[23]  Edmund M. Clarke,et al.  Symbolic model checking for sequential circuit verification , 1993, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[24]  Limor Fix,et al.  Fifteen Years of Formal Property Verification in Intel , 2008, 25 Years of Model Checking.