350 likes | 523 Vues
Large-scale Boolean Matching. Hadi Katebi and Igor L. Markov University of Michigan. Outline. PP-equivalence checking Signature-based matching Refinement Dependency analysis Random simulation SAT-based matching SAT-tree Pruning techniques Results Conclusion. PP-equivalence Checking.
E N D
Large-scale Boolean Matching Hadi Katebi and Igor L. Markov University of Michigan
Outline • PP-equivalence checking • Signature-based matching • Refinement • Dependency analysis • Random simulation • SAT-based matching • SAT-tree • Pruning techniques • Results • Conclusion
PP-equivalence Checking • Equivalence of two n-input m-output Boolean functions under • permutation of inputs • permutation of outputs • Exhaustive search is computationally intractable • Application - identifying large isomorphic sub-circuits in original and slightly modified circuits • Logic difference [DeltaSyn from IBM [Krishnaswamy et al, ICCAD 09] • Incremental sequential equivalence checking [Ray et al, IWLS 09]
Signature-based Matching • Signature (filter) of a circuit • A property of an input or an output invariant under permutations of inputs and outputs • Examples of signature • Unateness • Symmetry of inputs • Signature-based matching • Use signatures to prune matching space • Filter out impossible I/O correspondence • We define effective signaturesfor PP-equivalence checking
g f XOR Miter SAT Solver Y/N SAT-based Matching • SAT in combinational equivalence checking • Miter: f g • Unsatisfiable = equivalent circuits • Satisfiable = non-equivalent circuits(counterexample is returned) • SAT for Boolean matching • Cannot build ONE miter for the entire circuit (input& output matches are unknown) • We identify intermediate equivalentsignals and we use SAT to provetheir equivalence • Concept of SAT-tree
Methodology Exponential Space of Possible Matches Signature-based Matching Effectively Reduced Search Space SAT-based Matching Is there any match?
Definitions and Notation • An I/O set is an input set or an output set of a circuit • Px={X1, …, Xk}is the ordered partition of I/O set X • |Px| = # clusters in Px = k • |Xi| = # elements in cluster Xi • Two ordered partitions Px={X1, …,Xk} and Py={Y1,…,Yk} are • isomorphic if|Px|=|Py|=k|Xi|=|Yi| for 1≤i≤k • complete if|Xi|=|Yi|=1 for 1≤i≤n
Definitions and Notation For two isomorphic partitions Px and Py • Cluster mapping of Xi to Yi (Xi→Yi): the mapping of I/Os in Xi to all possible permutations of I/Os in Yi • Mapping of X to Y (X→Y): the mapping of all same-index clusters of X and Y, i.e., Xi→Yi for all i • Complete mapping of X to Y: the mapping of X to Y (X→Y) where |Xi|=|Yi|=1 for all i Xi={x1|x2|x3} Xi={x1|x2|x3} Xi={x1|x2|x3} Yi={y1|y2|y3} Yi={y1|y3|y2} Yi={y3|y2|y1}
Methodology N1 (X, Z, Px, Pz) and N2 (Y, W, Py, Pw) Signature-based Matching refined Px, Pz and refined Py, Pw SAT-based Matching complete mappings X→Y & Z→W that make N1 & N2 behave functionally the same Is there any match ?
Refinement • Refinement uses signatures to prune away impossible I/O matches • Introduces ordered partitions • Need to define ordering criterion for each refinement technique Px& Py ? Px Refinement Yes Continue matching isomorphic Py No Stop matching N1 & N2 behave differently The same applies to Pz & Pw as well
Signature-based Matching Initial I/O refinement (IR) 1 2 3 Refinement by dependency analysis (DA) Refinement by random simulation (RS)
Initial Refinement (IR) • Compute functional I/O supports • Output z is in Supp(x) and input x is in Supp(z) if z is functionally dependent on the value of x • Degree of x = D(x) = # supports of x • Two inputs (outputs) can match only if they have the same degree
A3 B3 A0 B0 A2 A1 B2 B1 FA FA FA FA Cin S4 S3 S0 S1 S2 IR - Example Ex.: Supp(A0)={S0,…,S4}, Supp(A1)={S1,…,S4}, Supp(S0)={A0,B0,Cin} D(A0)=D(B0)=D(Cin)=5D(A1)=D(B1)=4D(A2)=D(B2)=3D(A3)=D(B3)=2D(S0)=3D(S1)=5D(S2)=7D(S3)=D(S4)=9 Px = {{A3,B3}, {A2,B2}, {A1,B1}, {A0,B0,Cin}} Pz = {{S0}, {S1}, {S2}, {S3,S4}}
Signature-based Matching Initial I/O refinement (IR) 1 2 3 Refinement by dependency analysis (DA) Refinement by random simulation (RS)
Dependency Analysis (DA) • IR only considers # dependencies for each I/O • DA analyzes the actual dependencies of I/Os • Support signature • For x with Supp(x)={z1,…,zk}, we define Sign(x) as a sorted sequence S=(s1,…,sk) where si is the index of the I/O cluster that zi belongs to • Two I/Os i and j in one cluster are distinguishable if Sign(i) is different from Sign(j)
Z1 = X1Z2 = X1 . X2Z3 = X2 . X3 X1 Z1 X2 Z2 X3 Z3 1 2 DA - Example Supp(Z1)={X1}Supp(Z2)={X1,X2}Supp(Z3)={X2,X3} Supp(X1)={Z1,Z2}Supp(X2)={Z2,Z3}Supp(X3)={Z3} D(Z1)=1D(Z2)=D(Z3)=2D(X1)=D(X2)=2D(X3)=1 Pz = {{Z1}, {Z2, Z3}} Px = {{X3}, {X1, X2}} Sign(Z2)=(2,2)Sign(Z3)=(1,2)Sign(X1)=(1,2)Sign(X2)=(2,2) Pz = {{Z1}, {Z3}, {Z2}} Px = {{X3}, {X1}, {X2}}
Signature-based Matching Initial I/O refinement (IR) 1 2 3 Refinement by dependency analysis (DA) Refinement by random simulation (RS)
Px={{xi,xj,…},{xk,xl,…},…,{xp,xq,…}} 0 1 0 Random Simulation (RS) • Definition: Proper random input vector • Assigns the same value (0 or 1) to all inputsin the same input cluster • Definition: Consistent random input vectors • Assigns the same value to all inputs in the same-index input clusters of two networks Px={{xi,xj,…},{xk,xl,…},…,{xp,xq,…}} 0 0 1 Py={{yi',yj',…},{yk',yl',…},…,{yp',yq',…}}
We can define threshold here!Ex.: Go to SAT-based search if no partition is created after r rounds of random simulation.Current implementation: r=50 RS - Flow V=<v1,…,vn> SimulatingN1 Use results to partition I/O clusters Generate two consistent random input vectors X, Px Y, Py SimulatingN2 U=<u1,…,un> New partition? Yes No Go to SAT-based search
Simulation Type 1 • V=<v1,…,vn>: proper random input vector • Rv=<r1,…,rm>: output vector under V • Two outputs i and j in one output cluster are distinguishable if ri≠rj
Simulation Type 2 • Observability • Create V' from V by flipping input x in V • Rv=<r1,…,rm>: output vector under V • R'v=<r'1,…,r'm>: output vector under V' • Obs(x): observability of input x wrt V is the number of times ri≠r'i • Two inputs i and j in one input cluster are distinguishable if Obs(i) ≠ Obs(j)
Simulation Type 3 • Controllability • Create n input vectors V1,…,Vn each created by flipping the value of only one input in V • Rv=<r1,…,rm>: output vector under V • Rv1=<r1,1,…,r1,m>,…, Rvn=<rn,1,…,rn,m>: output vectors under V1,…,Vn • Ctrl(z):controllability of output z wrt V is the number of times ri≠rj,i for 1≤j≤n • Two outputs i and j in one output cluster are distinguishable if Ctrl(i) ≠ Ctrl(j)
a0 z a7 s0 s1 s2 RS - Example X={a0,…,a7,s0,s1,s2}Px={{a0,…,a7,s0,s1,s2}} 1) Initial refinement does not partition Px2) Refinement by dependency analysis does not partition Px3) Simulation type 2: V=<0,…,0>: only flipping a0 flips z Px={{a1,…,a7,s0,s1,s2},{a0}} V=<1,…,1>: only flipping a7 flips z Px={{a1,…,a6,s0,s1,s2},{a7},{a0}} V=<1,0,…,0>: flipping s0,s1 and s2 flips zPx={{a1,…,a6},{s0,s1,s2},{a7},{a0}}
Methodology N1 (X, Z, Px, Pz) and N2 (Y, W, Py, Pw) Signature-based Matching refined Px, Pz (N1) and refined Py, Pw (N2) SAT-based Matching Is there any match?
SAT-based Matching Lemma • Assume • N1 and N2 are functionally equivalent under Px and Py • xi from N1 matches yj from N2 • Then construct • N'1: Positive (negative) cofactor of N1 wrt xi • N'2: Positive (negative) cofactor of N2 wrt yj • N'1 and N'2 also behave functionally the same
non-singletons singletons SAT-tree • Some of the I/O clusters in partitions are now singletons • Repeatedly applying SAT-based matching lemma • Create N'1 & N'2 by fixing inputs in non-singleton cells (to 0 or 1) • N'1 & N'2 are functionally equivalent if N1 & N2 are equivalent (smallest matching subcircuit) • Nodes of the SAT-tree: SAT/UNSAT miters • Edges of the SAT-tree: mapping decisions of I/Osin non-singleton cells Px={X1,…,Xl-1,Xl,…,Xk} Py={Y1,…,Yl-1,Yl,…,Yk}
Constructing SAT-tree • Expand SMS of N1 & N2 to N1 & N2 by matchingone input at a time using SAT-tree • Also match all the outputs in the support list of those inputs which are not matched so far Px={X1,…,Xl-1,Xl={xi,1,…,xi,p},…,Xk} Px={X1,…,Xl-1,Xl,1={xi,1},Xl,2={xi,2…,xi,p},…,Xk} Py={Y1,…,Yl-1,Yl={yj,1,…,yj,p},…,Yk} Py={Y1,…,Yl-1,Yl,1={yj,1},Yl,2={yj,2 …,yj,p},…,Yk} Xl is partitioned to Xl,1 and Xl,2 Yl is partitioned to Yl,1 and Yl,2 xi,1 & yj,1 are now singletons Xl & Yl: first non-singleton cells Try mapping xi,1 to all yj,1,…,yj,p First map xi,1 to yj,1 Create N''1 & N''2 by putting all the inputs in Xl,2,…,Xk and Yl,2,…,Yk to 0 or 1 and pass the miter of N''1 & N''2 to the SAT-solver
SAT-UNSAT Miters • Unsatisfiable miter • xi,1 and yj,1 has been a valid match so far • Match the outputs in supports of xi,1 and yj,1 • Match the next two inputs in cells Xl,2 & Yl,2 • Satisfiable miter • xi,1 and yj,1 cannot match at this level • Backtrack one level up and use the counterexample to prune the SAT-tree • Examine satisfiability/unsatifiablity of the miter at each node of the SAT-tree
Pruning impossible input matches • Suppose that satisfiable miter returns V=<v1,…,vl+1> as a counterexample • V sensitizes a path from xi,1 & yj,1to the outputs of the miter • D(xi,1) > 0 and/or D(yj,1) > 0 • Construct Ñ1 & Ñ2 as the cofactors of N1 & N2wrt the values of v1,…,vl in V • xi,1 in Xl can match to yj,q in Yliff D(xi,1)=D(yj,q) in Ñ1 & Ñ2
a0 a'0 z z' a7 a'7 s0 s'0 s1 s'1 s2 s'2 Pruning input matches - Example s2→s'0 s1→s'1 s2→s'0 a1→a'1 a1→a'4 From signature-based matching: Px={{a1,…,a6},{s0,s1,s2},{a7},{a0}} Px'={{a'1,…,a'6},{s'0,s'1,s'2},{a'7},{a'0}} Counterexample: V=<s'0=s2=0, s'1=s1=0, s'2=s0=1, a'7=a7=0, a'0=a0=0, a'1=a1=1> Why is V a counterexample? Compute cofactors when all inputs in non-singleton cells are put to 0: c=a0¬s2¬s1¬s0+a1¬s2¬s1s0+a7s2s1s0 V c=1, c'=0 c'=a'0¬s'0¬s'1¬s'2+a'1¬s'0¬s'1s'2+a'7s'0s'1s'2 Pruning: compute cofactors based on the I/O values in V: d=a1¬s2¬s1s0 & d'=a'4¬s'0¬s'1s'0 D(a1)=D(a'4), so a1 can only match a'4
SAT-based Output Matching • Verifying if zi and wj match under current input correspondence • Add zi wj to the current miter of N''1 & N''2and call the SAT-solver again • UNSAT: zi matches wj • SAT: zi does not match wj, use the counterexample to prune the search space • Pruning impossible output matches • Counterexample: vector V makes zi=1 and wj=0 (or vice versa) • zi matches output wq only if zi=wq under V
Compare to Relevant Work ** K. Wang, C. Chan, and J. Liu, “Simulation and SAT-Based Boolean Matching for Large Boolean Networks,” Proc. DAC'09, pp. 396-401
Summary and Conclusion • Large-scale PP-equivalence checking • Graph-based techniques • Simulation-driven techniques • SAT-based techniques • Highly scalable approach • Thousands of inputs and outputs • Can be combined with other state-of-the art techniques • Exploiting structural similarities • Exploiting symmetries THANK YOU FOR YOUR ATTENTION ARE THERE ANY QUESTIONS?