Carnegie Mellon University
Boolean SatisfiabilityBoolean Satisfiabilitywithwith
Transitivity ConstraintsTransitivity Constraints
http://www.cs.cmu.edu/~bryant
Randal E. BryantMiroslav N. Velev
– 2 –
Outline
Application DomainApplication Domain Verify correctness of a pipelined processor Based on Burch-Dill correspondence checking
Burch & Dill, CAV ‘94
Verification TaskVerification Task Decide validity of formula in logic of equality with
uninterpreted functions Translate into equational logic
Propositional logic with equations of form vi = vj
Bryant, German & Velev, CAV ’99Goel, Sahid, Zhou, Aziz, & Singhal, CAV ‘98
New ContributionNew Contribution Efficient handling of transitivity constraints
– 3 –
=
f
T
F
T
F
f T
F
=
e1
e0x0
d0
Decision ProblemLogic of Equality with Uninterpreted Functions (EUF)Logic of Equality with Uninterpreted Functions (EUF)
Truth Values Dashed Lines Model control signals
Domain Values Solid lines Model data words
TaskTask Determine whether formula is universally valid
True for all interpretations of variables and function symbols
– 4 –
Eliminating Function Applications
Verification TaskVerification Task Prove: x = f(f(x)) x = f(f(f(x))) x = f(x)
Instance of: x = y x = f(y) x = f(x)
Ackermann’s MethodAckermann’s Method Replace: f(x) f1 f( f(x)) f2 f(f( f(x))) f3
Gives: x = f2 x = f3 x = f1
Functional Consistency ConstraintsFunctional Consistency Constraints x = f1 f1 = f2
f1 = f2 f2 = f3
x = f2 f1 = f3
– 5 –
Eliminating Funct. Apps. (cont.)
Equational FormulaEquational Formula Complement of substituted formula + consistency
constraints Clauses Origin x = f2 x = f3 x f1 [x = f2 x = f3 x
= f1]
(x f1 f1 = f2) x = f1 f1 = f2
(f1 f2 f2 = f3) f1 = f2 f2 = f3 (x f2 f1 = f3) x = f2 f1 = f3
Verification TaskVerification Task Prove that equational formula is not satisfiable
x = f2 x = f3 x f1
(x f1 f1 = f2) (f1 f2 f2 = f3)
(x f2 f1 = f3)
– 6 –
Solving Equational Formulas
HistoricallyHistorically E.g., Nelson & Oppen ‘80 Create special purpose search engine
Davis-Putnam searchData structure to maintain equivalence classes
QuestionQuestion Can we translate problem into pure propositional logic?
Would enable use of BDDs or SAT checkers
– 7 –
Replacing Equations by Variables
Relational VariablesRelational Variables Goel, Sahid, Zhou, Aziz, & Singhal, CAV ‘98 Replace vi = vj by propositional variable ei,j
Propositional Formula Propositional Formula FFsatsat
Relabeling: x v1 f1 v2 f2 v3 f3 v4 Clauses Origin e13 e14 e12 x = f2 x = f3 x f1
(e12 e23) (x f1 f1 = f2) (e23 e34) (f1 f2 f2 = f3)
(e13 e24) (x f2 f1 = f3)
e13 e14 e12
(e12 e23) (e23 e34)
(e13 e24)
– 8 –
Need for Transitivity Constraints
Propositional Formula Propositional Formula FFsatsat
e13 e14 e12
(e12 e23) (e23 e34)
(e13 e24)
SolutionSolutione13 = true e14 = true e12 = false e23 = true e34 = true e24 = true
Transitivity Violation in SolutionTransitivity Violation in Solutione13 = true e23 = true e12 = false
Corresponds to x = f2 and f2 = f1 but x f1
– 9 –
Handling Transitivity Constraints: Goel, et al., CAV ’98ComplexityComplexity
Finding solution to Fsat that satisfies transitivity constraints is NP-Hard
Even when Fsat represented as OBDD
Their methodTheir method Enumerate implicants of Fsat from OBDD representation Discard any implicant that contains transitivity violation Eventually find solution or run out of implicants
Our ExperimentsOur Experiments Works well for small benchmarks Far too many implicants for larger benchmarks
– 10 –
Handling Transitivity Constraints: Our MethodIdeaIdea
Generate propositional formula Ftrans expressing transitivity constraints
Satisfy formula Fsat Ftrans
Using OBDDs or SAT checker
Sources of EfficiencySources of Efficiency Equational structure very sparse
Far fewer than n(n-1)/2 relational variablesOnly need to enforce limited set of transitivity constraints
With OBDDs, can reduce set of relational variablesOnly those in true support of Fsat
– 11 –
Benchmark Circuits
Single Issue Pipeline: Single Issue Pipeline: 1xDLX-C1xDLX-C Analogous to DLX model in Hennessy & Patterson Verified in ‘94 by Burch & Dill
Dual Issue Pipeline #1: Dual Issue Pipeline #1: 2xDLX-CA2xDLX-CA Second pipeline can only handle R-R and R-I instructions Burch (DAC ‘96) required 28 manual case splits, 3
commutative diagrams, and 1800s.
Dual Issue Pipeline #2: Dual Issue Pipeline #2: 2xDLX-CC2xDLX-CC Second pipeline can also handle all instructions
– 12 –
Verifying Original Benchmarks
None Require Transitivity ConstraintsNone Require Transitivity Constraints Fsat is unsatisfiable in every case Circuits don’t make use of transitivity in forwarding or stall
decisions
PerformancePerformanceCircuit OBDD Secs. FGRASP Secs.1xDLX-C 0.2 32xDLX-CA 11. 1762xDLX-CC 29. 5,035
– 13 –
Transitivity Benchmarks
Modified, but Correct CircuitsModified, but Correct Circuits Modify forwarding logicESrc1=MDest
ESrc1=MDest (ESrc1=ESrc2 ESrc2=MDest)Equivalent under transitivity
Circuit names 1xDLX-Ct, 2xDLX-CAt, 2xDLX-CCt
Buggy CircuitsBuggy Circuits 100 buggy versions of 2xDLX-CC
Each contains single modification of control logic Must ensure that counterexample satisfies transitivity
constraints
– 14 –
1xDLX-C Equation Structure
VerticesVertices For each vi
13 different register identifiers
EdgesEdges For each equation Control stalling and
forwarding logic 27 relational variables
Out of 78 possible
– 15 –
2DLX-CCt Equation Structure
EquationsEquations Between 25
different register identifiers
143 relational variables
Out of 300 possible
– 16 –
Graph Interpretation of Transitivity
Transitivity ViolationTransitivity Violation Cycle in graph Exactly one edge has ei,j = false
== ==
==
==
====
==
– 17 –
Exploiting Chords
ChordChord Edge connecting two non-
adjacent vertices in cyclePropertyProperty
Sufficient to enforce transitivity constraints for all chord-free cycles
If transitivity holds for all chord-free cycles, then holds for arbitrary cycles
– 18 –
Enumerating Chord-Free Cycles
StrategyStrategy Enumerate chord-free cycles in graph Each cycle of length k yields k transitivity constraints
• • •
1 2 k• • •
ProblemProblem Potentially exponential number of chord-free cycles
2k+k chord-free cycles
– 19 –
Adding Chords
StrategyStrategy Add edges to graph to reduce number of chord-free cycles
• • •
1 2 k• • • 2k+k chord-free cycles
2k+1 chord-free cycles
Trade-OffTrade-Off Reduces formula size Increases number of relational variables
– 20 –
Chordal Graph
DefinitionDefinition Every cycle of length > 3 has a
chord
GoalGoal Add minimum number of edges
to make graph chordal
Relation to Sparse Gaussian Relation to Sparse Gaussian EliminationElimination
Choose pivot ordering that minimizes fill-in
NP-hard Simple heuristics effective
– 21 –
Adding Chordal Edges to 1xDLX-C
OriginalOriginal 27 relational variables 286 cycles 858 clauses
AugmentedAugmented 33 relational
variables 40 cycles 120 clauses
– 22 –
Adding Chordal Edges to 2xDLX-CCtOriginalOriginal
143 relational variables
2,136 cycles 8,364 clauses
AugmentedAugmented 193 relational
variables 858 cycles 2,574 clauses
– 23 –
SAT Checker on Good Circuits
StrategyStrategy Run on clauses encoding Fsat and Ftrans
FGRASP Performance (Secs.)FGRASP Performance (Secs.)Circuit Fsat Fsat Ftrans
1xDLX-C 3 41xDLX-Ct --- 92xDLX-CA 176 1,2752xDLX-CAt --- 8962xDLX-CC 5,035 9,9322xDLX-CCt --- 15,003
ObservationObservation Much more challenging with transitivity constraints imposed
– 24 –
SAT Checker on Buggy Circuits
Performance Penalty with Transitivity ConstraintsPerformance Penalty with Transitivity Constraints Geometric average slowdown = 2.3X
1
10
100
1000
10000
100000
1 10 100 1000 10000 100000
Without Constraints
With
Con
stra
ints
– 25 –
Using OBDDs
Possible StrategyPossible Strategy Build OBDDs for Fsat and Ftrans
Compute Fsat Ftrans Find satisfying solution
– 26 –
Limitation of OBDDsOBDD for OBDD for FFtranstrans can be of exponential size can be of exponential size
Regardless of variable ordering Formal result
Relational variables forming k X k mesh OBDD representation has (2k/4) nodes
Experimental ResultsExperimental Results Unable to build OBDD of Ftrans for large benchmarks
6 X 6 mesh6 X 6 mesh
– 27 –
Better Use of OBDDsStrategyStrategy
Build OBDD for Fsat Determine relational variables in true support
Easy with OBDD
Generate Ftrans for these variables Compute conjunction and find satisfying solution
PerformancePerformance When Fsat unsatisfiable, no further steps required
For other benchmarks, yields tractable Ftrans
– 28 –
2DLX-CCt Reduced Constraints
Relational variablesRelational variables 46 original 6 chordal
OBDD RepresentationOBDD Representation 7,168 nodes
– 29 –
Reduced Constraints: Average-Case Buggy CircuitRelational VariablesRelational Variables
17 original 3 chordal
OBDD RepresentationOBDD Representation 70 nodes
– 30 –
Reduced Constraints: Worst-Case Buggy CircuitRelational variablesRelational variables
52 original 16 chordal
OBDD RepresentationOBDD Representation 93,937 nodes
– 31 –
OBDDs on Good Circuits
CUDD Performance (Secs.)CUDD Performance (Secs.)Circuit Time1xDLX-C 0.21xDLX-Ct 22xDLX-CA 112xDLX-CAt 1092xDLX-CC 292xDLX-CCt 441
ObservationObservation Significantly more effort with transitivity constraints Better performance than FGRASP
– 32 –
1
10
100
1000
10000
1 10 100 1000 10000
Without Constraints
With
Con
stra
ints
OBDDs on Buggy Circuits
Performance Penalty with Transitivity ConstraintsPerformance Penalty with Transitivity Constraints Geometric average slowdown = 1.01X
– 33 –
Conclusion
Equational Formulas can be Solved by Propositional Equational Formulas can be Solved by Propositional MethodsMethods Exploit sparse structure of equations
Reduces number of variablesReduces formula size
With OBDDs, can identify essential relational variables In true support of Fsat
Can use either SAT checker or OBDDsOBDDs do best for unsatisfiable formulas
– 34 –
Extension
Formulas with Ordering ConstraintsFormulas with Ordering Constraints Constraints of form vi vj
Symbolic SolutionSymbolic Solution Introduce variables ai,j and aj,i for each constraint vi rel vj
ai,j true when vi vj Solution defines partial ordering
ApplicationApplication Scheduling problems
