Document
advertisement
Improvements to Combinational
Equivalence Checking
Alan Mishchenko, Satrajit Chatterjee, Robert Brayton
Niklas Een
Cadence Berkeley Labs
UC Berkeley
Overview
Terminology
Previous work
Improvements
Experimental results
Conclusions
M
Terminology
CEC
two circuits to be compared are
combined over the same inputs,
while comparing their outputs
Mitering
combinational equivalence
checking
Miter
…
N1
N2
X
X
M
SAT
trying to prove output M = 0
using a SAT solver
SAT-2
A
B
Fraiging (SAT sweeping)
M
trying to prove intermediate
equivalences in topological
order using a SAT solver
SAT-1
C
Mitering
D
Fraiging
Previous Work
Naïve approach
simulate the miter while looking for assignments leading to M=1
construct BDDs for the miter and compare it with constant 0
assert output to be 1 and run SAT solver
Efficient approach (A. Kuehlmann et al, TCAD 2002)
perform simulation
solves easy satisfiable problems
detects potentially equivalent nodes
Interleave mitering and BDD/SAT sweeping while increasing resource
limits
if mitering fails to prove, BDD/SAT sweeping may simplify the miter
after some SAT sweeping, mitering may be easier
use counter-examples to improve simulation
Our Contributions
Intelligent simulation
Passing circuit information to a CNF-based SAT solver
Interleaving CEC on the miter with synthesis of the miter
Addressing hard cases with no intermediate equivalences
Capability to prove correctness of the CEC engine
Improved Simulation
Run random simulation till saturation
A successful pattern is a pattern that
resolved a pair of intermediate nodes, not
resolved by random simulation
Counter-examples from a SAT solver are
successful patterns
How to easily get other patterns that are
more likely successful than random
patterns?
Idea: Use distance-1 patterns derived from
successful patterns
Example:
01001 successful pattern
11001 distance-1 in 1st var
00001 distance-1 in 2nd var
01101 etc
01011
01000
Improved simulation algorithm
Input: miter M, successful pattern p
Output: some potentially equivalent
classes resolved
ImprovedSimulation( M, p )
{
patterns S = {p};
while ( S is not empty )
{
s = one pattern in S;
remove s from S;
simulate distance-1 from s;
check if new pairs are resolved;
add successful patterns to S;
}
}
CNF-Based vs. Circuit-Based SAT
Traditionally CEC uses circuit-based solvers
Circuit is available and represents “high-level information”
Faster constraint propagation, better decisions
Substantial progress in CNF-based solvers (e.g. MiniSat-1.14)
Constraint propagation became faster
Efficient circuit-to-CNF conversion make CNF-solving faster
Improved conflict analysis (clause minimization, etc)
What is lacking, is the “high-level information” available in circuits
There are hybrid solvers (Ganai et al, DAC ‘02; Jin et al, CAV ’04)
They are more complicated and may take longer to catch up with the
latest improvements in CNF-based solving (speculation)
Using Circuit Info in CNF-Based SAT
Two types of SAT solvers
circuit-based
CNF-based
Using circuit-based information is often crucial for
solving hard SAT instances originating from circuits
Two approaches to address this problem
Use circuit-based solver in CEC (A. Kuehlmann et al, TCAD ’02)
Communicate circuit-based information to CNF-based solver
(J. P. Marques-Silva et al, IEEE D&T of Computers, ‘03)
Simulating J-frontier in a CNF-based solver
Proposed Approach
Drawbacks of previous approaches
Circuit-based solvers do not use
improvements in CNF-based solving
J-frontier may be costly to support in a
CNF-based solver
We propose to modify variable
activities in the CNF-based solver
After each restart, increase activities of
some variables
Increase variable more if it is closer to the
top of the miter
M
+3Δ
+2Δ
+Δ
Using Fast Logic Synthesis
Experiments show that interleaving CEC and fast logic
synthesis reduces total runtime
Possible reasons:
Detects shallow equivalences, leaving less work for fraiging to do
Reduces the number of variables/classes, leads to faster SAT
Reduces memory footprint by simplifying the miter
Our logic synthesis engine performs several passes over
the miter and applies fast AIG rewriting
Avoids “zero-cost replacements” (can slow down SAT)
Takes 5% of runtime of mitering/fraiging
AIG Rewriting
Pre-computing subgraphs
Rewriting subgraphs
Consider function f = abc
Rewriting node A
Subgraph 1
Subgraph 2
a
a b
a c
Subgraph 3
a b
b
b
c
a
A
A
b
a c
c
Subgraph 2
Subgraph 1
c
a
Rewriting node B
B
B
a
a b
a c
b
c
Subgraph 2
a b
a c
Subgraph 1
In both cases 1 node is saved
Improved Integrated Approach to CEC
status IntegratedCEC( Miter, VariousResourceLimits )
{
status = undecided;
for ( Iter = 1; Iter <= IterLimit; Iter++ ) {
// try mitering
status = DoMitering( Miter, MiteringLimit + Iter * MiteringIncrease );
if ( status != undecided ) break;
// try rewriting
status = DoRewriting( Miter, RewritingLimit + Iter * RewritingIncrease );
if ( status != undecided ) break;
// try fraiging
status = DoFraiging( Miter, FraigingLimit + Iter * FraigingIncrease );
if ( status != undecided ) break;
}
if ( status != undecided )
status = DoMitering( Miter, FinalMiteringLimit );
if ( status == satisfiable )
Miter->CounterExample = GenerateCounterExample( Miter );
return status;
}
Addressing Hard CEC Cases
Typically, a CEC instance is hard if (a) the
circuit is deep and (b) there are few or no
internal equivalences
SAT sweeping has no “foothold” for climbing up
to the outputs
Such cases cannot be handled effectively by
current methods
M
Brute-force SAT runs are used (till timeout)
Ad-hoc, semi-manual methods are developed
for specialized circuits (multipliers)
We propose to perform additional logic
synthesis to synthesize internal equivalent
points, then use a standard CEC engine
M
A = B
Resolvent
A resolvent is a clause implied by two clauses in a SAT instance
1. A SAT instance C
1. (~p + a)
4. (~q + a)
7. (p + q + ~z)
10. (~p + ~q + ~z)
2.
5.
8.
11.
(~p + b)
(~q + b)
(p + ~q + z)
(z)
3. (p + ~a + ~b)
6. (q + ~a + ~b)
9. (~p + q + z)
2. Resolvent of clauses 3 and 4 (w.r.t. a) is the clause (p + ~b + ~q)
3. Adding the resolvent to the original set does not alter satisfiability:
1.
C’ 4.
7.
10.
(~p + a)
(~q + a)
(p + q + ~z)
(~p + ~q + ~z)
2.
5.
8.
11.
(~p + b)
(~q + b)
(p + ~q + z)
(z)
3. (p + ~a + ~b)
6. (q + ~a + ~b)
9. (~p + q + z)
12. (p + ~b + ~q)
It can be checked that C’ is satisfiable if and only if C is.
Resolution Proofs
A resolution proof is a sequence of resolvents until the empty clause
1. Original set of clauses C
1.
4.
7.
10.
(~p + a)
(~q + a)
(p + q + ~z)
(~p + ~q + ~z)
2.
5.
8.
11.
(~p + b)
(~q + b)
(p + ~q + z)
(z)
3. (p + ~a + ~b)
6. (q + ~a + ~b)
9. (~p + q + z)
2. Sequence of resolvents
12.
13.
14.
15.
16.
17.
18.
19.
20.
(p + ~b + ~q)
(p + ~q)
(~p + q + ~a)
(~p + q)
(~p + ~q)
(p + q)
(~q)
(q)
()
(from 3 and 4)
(from 5 and 12)
(from 2 and 6)
(from 1 and 14)
(from 10 and 11)
(from 7 and 11)
(from 13 and 16)
(from 15 and 17)
(from 18 and 19)
If the empty clause i.e. () is
derived by resolution then the
original set of clauses is UNSAT
Thus the sequence of resolution
steps 12-20 forms a proof of
unsatisfiability of C if () is
derived at the end.
Certifying the CEC Engine
When SAT solver returns “unsat”, the result can be
verified using a resolution proof (Goldberg, DATE 2003)
In additional to SAT solver runs, CEC engine performs
several tasks: structural hashing, logic synthesis, etc
A resolution proof can be produced in these cases, too
The resolution proofs are composable!
A single resulting resolution proof can be used to verify
the result of the CEC engine
It can checked by a very simple resolution proof checker
Experimental Setup
Benchmarks are generated using the following script in ABC:
read <input_file>; resyn2; sfpga; miter -c; frames -i -F <num>;
orpos; write_blif <output_file.blif>
The resulting miters are publicly available in BLIF and in BENCH
formats:
http://www.eecs.berkeley.edu/~alanmi/cec
Resource limits used in the experiments (for iteration number N)
mitering - at most 1000*2N conflicts
AIG rewriting - 3 iterations
fraiging - at most 2*8N conflicts at a node
IWLS Benchmark Statistics and
Results
Benchmark
Fr
spi
10
ss_pcm
80
systemcaes 15
systemcdes 15
usb_funct
10
usb_phy
50
vga_lcd
3
wb_conmax
4
wb_dma
20
Ratio
AIG statistics
PIs AND2
470 58788
1520 55739
3900 223480
1980 79641
1280 106051
750 33543
267 88784
4520 163548
4340 91034
Lev
201
453
434
270
118
364
35
60
128
prove
50.91
28.24
58.15
67.90
93.04
25.67
10.59
49.37
39.46
1.00
Runtime, sec
prove-r prove -j
80.11 92.28
50.67 150.86
35.08 54.85
96.48 474.54
150.85 131.92
38.13 59.57
123.49 10.68
60.77 74.05
63.80 44.49
2.12
2.34
sat
1800.00
1800.00
6.37
1800.00
1800.00
1800.00
15.16
1800.00
1800.00
> 42.00
AIG Size Reduction and Breakdown
of Runtime
AIG size (AND2)
Runtime, sec
Orig
Iter1
Iter2 Iter3 Miter Synth Fraig
spi
58788 38812
0
0 2.18 8.16 40.47
ss_pcm
55739 41997
0
0 1.25 8.02 18.76
systemcaes 223480 54250
0
0 5.59 42.32 9.65
systemcdes 79641 59216 29355
0 1.56 18.02 47.09
usb_funct 106051 60228 14587
0 6.68 16.02 71.10
usb_phy
33543 25179 8921 3389 1.45 4.98 19.16
Vga_lcd
88784 11673 6821
0 1.04 7.19 2.23
wb_conmax 163548 52858
0
0 2.21 25.24 11.60
wb_dma
91034 91034 34858
0 1.34 10.42 27.40
Ratio
1.00
0.51
0.12 0.02 0.06 0.36 0.58
Benchmark
Comparison with CSAT (UCSB)
Benchmark
spi
ss_pcm
systemcaes
systemcdes
usb_funct
usb_phy
vga_lcd
wb_conmax
wb_dma
Ratio
AIG after prepro
Runtime, sec
AND2
Lev Prepro Prove -r CSAT
46142 179
9.40
40.72
64.00
50619 446
9.17
22.86
38.00
161470 293
70.98
2.34
136.00
63955 216
15.23
48.91
87.00
73882 114
18.02
75.99
47.00
26626 340
4.05
20.63
15.00
63345
39
13.96 146.30 1004.00
58860
52
27.27
24.29
11.00
53104
88
13.33
30.13
17.00
1.00
4.62
Industrial Benchmarks
File
name
ex01
ex02
ex03
ex04
ex05
ex06
ex07
ex08
ex09
ex00
ex11
ex12
ex13
ex14
ex15
ex16
Ratio
AIG
size
20631
27574
29745
30178
31869
35141
10619
36234
9731
36145
35978
40989
38093
44098
43302
47078
Equivalence checking runtime, sec
prove
prove -r
prove -j
sat
19.80
58.94
79.72
1800.00
36.59
333.94
142.98
1800.00
46.16
149.18
178.25
1800.00
36.26
152.25
942.53
1800.00
49.99
189.98
1800.00
1800.00
103.03
324.29
1663.56
1800.00
39.62
39.29
40.97
7.54
80.70
355.30
1800.00
1800.00
11.41
26.14
32.67
0.92
36.43
106.97
31.82
1711.21
95.20
2112.96
340.45
1800.00
108.45
2123.06
416.39
1800.00
105.61
2024.00
1287.46
1800.00
53.85
185.54
64.03
0.68
3.65
177.21
3.70
0.31
56.90
355.40
288.60
5.40
1.00
9.77
> 9.00
> 25.28
AIG size is the number of
two-input ANDs after
structural hashing
prove is the runtime of
the improved approach
prove –r is the runtime
without fast logic
synthesis
prove –j is the runtime
without J-frontier heuristic
sat is the runtime of
brute-force mitering alone
1.6Ghz CPU, 1Gb RAM
Recent Improvements
File
name
Ex01
Ex02
Ex03
Ex04
Ex05
Ex06
Ex07
Ex08
Ex09
Ex00
Ex11
Ex12
Ex13
Ex14
Ex15
Ex16
Ratio
AIG
size
20631
27574
29745
30178
31869
35141
10619
36234
9731
36145
35978
40989
38093
44098
43302
47078
Runtime, sec
Old
New
19.80
2.92
36.59
4.96
46.16
5.05
36.26
4.68
49.99
5.49
103.03
11.17
39.62
3.73
80.70
9.88
11.41
1.27
36.43
3.42
95.20
11.30
108.45
15.94
105.61
12.26
53.85
10.27
3.65
11.10*
56.90
10.15
1.00
0.13
Old results reported in
ICCAD 2006 paper
New results after recent
improvements
* Indicates the benchmark,
which was not used in
computing ratios
1.6Ghz CPU, 1Gb RAM
Conclusions
Introduced CEC
Proposed several improvements that reduce runtime
Publicly available source code
Showed that logic synthesis plays important role in CEC
Commands “prove” and “cec” in the latest release of ABC:
http://www.eecs.berkeley.edu/~alanmi/temp2/
Future work:
Improving CEC
Developing new applications based on CEC
Synthesizing equivalences
Detecting useful function properties (such as NPN-equivalence, etc)
Sequential equivalence checking
Closely related to efficient CEC
