A running example

 Here, the template to accelerate the verification of a network 𝑁 ∗ that has the identical structure to 𝑁 but slightly differs in model parameters. Ivan is illustrated in the middle. 

• Compared to re-applying BaB to 𝑁 ∗, Ivan skips the non-leaf nodes in the template (i.e., the tree in the verification of 𝑁 ) and directly starts with verification of the sub-problems identified by the leaf nodes, because during the verification of 𝑁 ∗. 

• BaB may also be not able to terminate until it reaches the sub-problems identified by the leaf nodes. By this, Ivan can save the time spent for the non-lead nodes in verification of 𝑁 ∗. Indeed, its superiority is illustrated: compared to BaB that needs 6 calls of the approximated verifier (Fig. 2a), Ivan requires only 3 times.

•  Olive-G identifies the leaf node, of which is 0.5 in the template, that has the same depth but smaller assessment than other leaf nodes, signifying that it is closest to specification violation. Olive-G prioritizes this node, and it immediately hits the real counterexample, which costs three sub-problem attempts for Ivan. 

The strategy of Olive-G is greedy, in the sense that it always prefers the nodes that are more likely to contain counterexamples according to the template. However, this strategy can fail, because it is possible that the tree of the updated network is divergent from that of the original network. 

In this case, we need a balanced strategy, Olive-B that not only favors the suspicious nodes, but also explores other nodes to avoid being misled by an imprecise template.