1 / 29

Range Minimization

Range Minimization. O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel. Code generation. C. DC+. CVT. Verification Condition Generator. Auto-decomposition. Abstraction. Abstraction Level ++. Range Minimizer. TLV (verifier). Uninterpreted functions.

tobrien
Télécharger la présentation

Range Minimization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Range Minimization O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel Weizmann Institute

  2. Code generation C DC+ CVT Verification Condition Generator Auto-decomposition Abstraction Abstraction Level ++ Range Minimizer TLV (verifier) Weizmann Institute

  3. Uninterpreted functions From a general formula: To a formula with uninterpreted functions Weizmann Institute

  4. Ackerman’s reduction From a formula with uninterpreted functions: To a formula in the theory of equality Weizmann Institute

  5. Choosing a minimal range for the integer variables 0. a,b,c,d,e : {0..65536} (1.2 E24) (normal) 1. a,b,c,d,e : {1..5} (3125) (1..n) 2. a,b,c : {1..3} (connectivity d,e : {1..2} (108) analysis) 3. a: {1}, b:{1-2}, c: {1-3} (factorial d: {1}, e: {1-2} (12) reduction) 4. ... ... ... Weizmann Institute

  6. D* D The Range-Minimization Problem Given a quantifier-free formula with equalities only, find in polynomial time the minimal domain needed to preserve its truth value D : Infinite domain D*: finite domain Weizmann Institute

  7. Using the (1..11) range imposes a state space of 1111 We can do much better: x1 x2 y1 y2 g1 g2 u1 f1 f2 u2 z x1,y1,u1:{0}x2, y2, f1, f2, u2 : {0,1} g1:{0,1}g2: {0,2}z: {0,3} These ranges impose a state-space of 28=256 Weizmann Institute

  8. Before and after, in SMV Weizmann Institute

  9. Using Normal Form to analyze the formula The Disjunctive Normal Form of a formula can be exponentially long in its original size Yet... Weizmann Institute

  10. Prediction of the negation sign in DNF The negation sign of each comparison, if transformed to DNF, can be predicted in polynomial time.  Counting negations in the parsing tree:    d=e a=b  b=c Weizmann Institute

  11. The negation signcan be predicted in P-time. The clausescan not be predicted in P-time. Weizmann Institute

  12. If  is false, then it has at least one falsifying vector Without knowing the partitioning of  to clauses, we have to consider ~all combinations: Weizmann Institute

  13. A graphical representation {0,1} 0 1 0 1 0 x1 x2 y1 y2 g1 g2 u1 f1 f2 u2 z {0,1} 0 0 {0,1} {0,1} These ranges impose a state-space of 16 Weizmann Institute

  14. The Range-Minimization Algorithm Step I - preprocessing Add a single unique value to G/G= edges, and remove them from the graph: 0 1 0 1 x1 x2 y1 y2 g1 g2 u1 f1 f2 u2 z Weizmann Institute

  15. Step II - Set construction For each shared vertex, following an arbitrary order: 1. Add a unique value 2. Broadcast the value on G 3. Remove it from the graph 0 0 1. g1 g2 z {0,1} g1 g2 0 0 z {0,1} 2. {0,1} g1 z {0,1} Weizmann Institute

  16. 0 0 0 0 u1 f1 f2 u2 1. {0,1} {0,1} {0,1} 2. f1 f2 u2 {0,1,2} {0,1,2} 3. f2 u2 {0,1,2,3} 4. u2 0 {0-1} {0-2} {0-3} u1 f1 f2 u2 Weizmann Institute

  17. Why is the algorithm sound? For each G component, in a given vector: As a common value, choose the value originated in the first shared vertex that was removed. {0,1} 0 0 1 0 1 x1 x2 y1 y2 g1 g2 u1 f1 f2 u2 z {0,1} 0 {0-1} {0-2} {0-3} The availability of these values is guaranteed by step II. Weizmann Institute

  18. Order makes a difference {0} {0,1} {0,1,2} {0,1,2,3} Order: I II III IV State-space=24 {1,0} {1} {1,2} {1,2,3} Order: III I II IV State-space=12 Weizmann Institute

  19. G’ Order makes a difference Construct G’(V,E): V: The shared vertexes of G E: An edge for every two shared vertexes connected directly on G The Minimal Vertex Cover (MVC) of G’: the minimal set of vertexes that cover all edges of G’. Weizmann Institute

  20. Order makes a difference The MVC problem is NP-Hard. Therefore we use a heuristic called the greedy algorithm: 1. Remove vertexes in a descending order of degree, until G’ is covered 2. Remove the rest of the vertexes in an arbitrary order G’ Order: III I II IV Weizmann Institute

  21. Order makes a difference Vi - The i-th vertex in the order Si - The computed set of values for Vi mvck - the set of vertexes in the MVC of component k mk = |mvck| G’ For each Vimvck : |Si|i. mk! For each Vi mvck : |Si|mk+1 The upper bound for the state space is: In our case the upper bound is Weizmann Institute

  22. Colors make a difference {1,0} {1} {1,2} {1,2,3} Order: III I II IV State-space=12 {1,0} {1} {1} {1,0} Order: III I II IV State-space=4 Weizmann Institute

  23. Colors make a difference Construct G’’(V,E) and ‘color’ it: V: The shared vertexes of G E: Add an edge for every two shared vertexes that: 1. Are connected through exactly one solid edge (V1,V2) in G. 2. Are dominant, due to the ordering, in deciding the value of V1 and V2 v3 v4 If v3<v1 and v4<v2 then color(v3)  color(v4) v1 v2 v1<v3 Weizmann Institute

  24. Colors make a difference yk - the number of colors in mvck (ykmk) G’’ {0,1} {0} {0} {0,1} For every vertex Vi s.t. iyk : |Si|i For every vertex Vi s.t. yk<imk : |Si|yk For every vertex Vi s.t. mk<ink : |Si|yk+1 The state-space upper-bound : Weizmann Institute

  25. In our case: yk=1, mk=2, nk=4 and the upper bound is {0,1} 0 1 0 1 0 x1 x2 y1 y2 g1 g2 u1 f1 f2 u2 z {0,1} 0 0 {0,1} {0,1} Weizmann Institute

  26. The worst case: double cliques • One connected component (nk=n) • All vertexes are shared • Worst vertex-cover: mk = nk-1 • Worst coloring: yk=mk Worst state-space = n! A 4 double-clique Weizmann Institute

  27. Formulas with constants {1,5} {1,2,5} a b 5 The maximal state-space of a formula with ck constants: In the worst case: Weizmann Institute

  28. The range minimization algorithm - FAQ: • The Range minimization algorithm is proven to be sound for any mixed graph. • It utilizes heuristics from 3 famous NP-hard problems: Coloring, Set Cover and Minimal Vertex-Cover • Under the limitation of the above heuristics, in most cases the algorithm finds a solution which is very close to the optimal one. • The implementation is ~ 700 lines long and available Weizmann Institute

  29. Experimental Results • Before : 92% verified in reasonable time After: 99.9% verified in reasonable time (solved almost all hard models) • With the Range Minimization Module, CVT verified formulas that originally had a state-space of 150150 and more. Weizmann Institute

More Related