A Faster Counterexample Minimization Algorithm Based on ... - HAL

A Faster Counterexample Minimization Algorithm Based on Refutation Analysis Shengyu Shen, Ying Qin, Sikun Li

To cite this version: Shengyu Shen, Ying Qin, Sikun Li. A Faster Counterexample Minimization Algorithm Based on Refutation Analysis. EDAA - European design and Automation Association. DATE’05, Mar 2005, Munich, Germany. 2, pp.672-677, 2005.

HAL Id: hal-00181185 https://hal.archives-ouvertes.fr/hal-00181185 Submitted on 23 Oct 2007

HAL is a multi-disciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire HAL, est destin´ee au d´epˆot et `a la diffusion de documents scientifiques de niveau recherche, publi´es ou non, ´emanant des ´etablissements d’enseignement et de recherche fran¸cais ou ´etrangers, des laboratoires publics ou priv´es.

A Faster Counterexample Minimization Algorithm Based on Refutation Analysis ShengYu Shen School of Computer Science National University of Defence Technology [email protected]

Ying Qin School of Computer Science National University of Defence Technology [email protected]

Abstract It is a hot research topic to eliminate irrelevant variables from counterexample, to make it easier to be understood. The BFL algorithm is the most effective counterexample minimization algorithm compared to all other approaches. But its time overhead is very large due to one call to SAT solver for each candidate variable to be eliminated. The key to reduce time overhead is to eliminate multiple variables simultaneously. Therefore, we propose a faster counterexample minimization algorithm based on refutation analysis in this paper. We perform refutation analysis on those UNSAT instances of BFL, to extract the set of variables that lead to UNSAT. All variables not belong to this set can be eliminated simultaneously as irrelevant variables. Thus we can eliminate multiple variables with only one call to SAT solver. Theoretical analysis and experiment result shows that, our algorithm can be 2 to 3 orders of magnitude faster than existing BFL algorithm, and with only minor lost in counterexample minimization ability.

1. Introduction Model checking technology is widely employed to verify software and hardware system. One of its major advantages in comparison to such method as theorem proving is the production of a counterexample, which explains how the system violates some assertion. However, it is a tedious task to understand the complex counterexamples generated by model checker. Therefore, how to automatically extract useful information to aid the understanding of counterexample, is an area of active research [12, 8, 5, 7]. At the same time, many important verification algorithms need to analyze counterexample (or witness). Some of them are: abstraction-refinement model checking [4, 6] and SAT based image computation [2, 10, 9]. In these algorithms, if we can extract a subset of variables that are suf-

SiKun Li School of Computer Science National University of Defence Technology [email protected]

ficient to lead to counterexample, then these variables can express a large number of counterexamples, not just the individual one generated by model checker. In the remainder of this paper, we call this variable subset as minimization set, and call the algorithm that extract minimization set as counterexample minimization. Now we demonstrate the concept of counterexample minimization with following example: For AND gate z = a&b, let the assertion be ”z always equal to 1”, then there are three counterexamples: {a ⇐ 0, b ⇐ 0, z ⇐ 0}, {a ⇐ 1, b ⇐ 0, z ⇐ 0}, and {a ⇐ 0, b ⇐ 1, z ⇐ 0}. We need nine bits to store these counterexamples. However, from an intuitive viewpoint, a ⇐ 0 is sufficient to lead to counterexample. So b is an irrelevant variable in this case. At the same time, b ⇐ 0 is also a sufficient condition of counterexample. So a is also an irrelevant variable when b equal to 0. Then we can minimize above three counterexamples, and obtain 2 minimization sets: {a ⇐ 0, z ⇐ 0} and {b ⇐ 0, z ⇐ 0}. We only need four bits to store them. McMillan [10] and Chauhan et al.[2] point out that , directly storing and processing the minimization set, can be exponent efficient than storing and processing the corresponding set of counterexamples. Thus, a minimized counterexample is easier to be understood, and will significant boost the performance of many verification algorithms. Ravi and Somenzi [12] propose a counterexample minimization algorithm called Brute Force Lifting algorithm. We will refer to it as BFL in the remainder of this paper. For every free variable v, BFL construct a SAT instance SAT(v), to determine if v can prevent the counterexample. If result of SAT(v) is UNSAT, then v is irrelevant to counterexample, and can be eliminated. Ravi compares BFL with other counterexample minimization approaches, and concludes that BFL is the most efficient one, it can often eliminate up to 70% free variables.

Proceedings of the Design, Automation and Test in Europe Conference and Exhibition (DATE’05) 1530-1591/05 $ 20.00 IEEE

However, the time complexity of BFL is much larger than all other existing approaches due to one call to SAT solver per candidate variable to be eliminated. So the key to reduce time overhead of BFL is to eliminate multiple variables after every call to SAT solver Therefore, we propose a faster counterexample minimization algorithm based on refutation analysis in this paper, which employ refutation analysis for UNSAT instances of BFL, to extract all relevant variables and eliminate all irrelevant variables simultaneously. We implement our algorithm based on zchaff [11] and NuSMV [3], and perform experiment on ISCAS89 benchmark suite. Theoretical analysis and experiment result shows that, our algorithm can be 2 to 3 orders of magnitude faster than BFL algorithm, and with only minor lost in counterexample minimization ability. The remainder of this paper is organized as follows. Section 2 presents background material. Section 3 presents the counterexample minimization algorithm based on refutation analysis. Section 4 presents experiment result of our algorithm and compare it to that of BFL. Section 5 reviews related works. Section 6 concludes with a note on future work.

2. Preliminaries 2.1. Bounded Model Checking We first define the Kripke structure: Definition 1 Kripke structure is a 6-tuple M = (S, I, W, T, A, L), with a finite set of states S, the set of initial states I ⊆ S, the input variable set W , transition relation between states T : S × W × S → {0, 1}, and the labeling of the states L : S → 2AP with atomic propositions set AP . Bounded Model Checking (BMC) [1] is a model checking technology that considers only limited length path. We call this length as the bound of path. We denote the state of the i-th and i+1-th cycle as Si and Si+1 , and transition relation between them as Ti (Si , Wi , Si+1 ), with input variable set of i-th cycle denoted by Wi . Then we can unfold the transition relation k times, and obtain the following equation:
[[M ]]k = I ∧ Ti (Si , Wi , Si+1 ) (1)

F = [[M ]]k ∧




¬Pi ∧ Pk

0≤i