Efficient Reachability Checking using Sequential SATEfficient Reachability Checking using Sequential SAT
G. Parthasarathy, M. K. Iyer, K.-T.Cheng, Li. C. WangG. Parthasarathy, M. K. Iyer, K.-T.Cheng, Li. C. WangDepartment of ECEDepartment of ECEUniversity of California – Santa BarbaraUniversity of California – Santa Barbara
MotivationMotivation
Satisfiability in sequential circuits very Satisfiability in sequential circuits very importantimportant
Applications to Reachability Analysis, model Applications to Reachability Analysis, model checking and ATPGchecking and ATPG
Seen resurgence in SAT with recent advancesSeen resurgence in SAT with recent advances– C-SAT, BerkMin, Zchaff, Grasp, etc ..C-SAT, BerkMin, Zchaff, Grasp, etc ..
Similar performance benefits can be derived Similar performance benefits can be derived for search in a sequential spacefor search in a sequential space
Sequential SAT has been proposedSequential SAT has been proposed– How does this perform versus current methods How does this perform versus current methods
for reachability checking ?for reachability checking ?
OutlineOutline
Sequential SATSequential SAT Search Strategies in Sequential SATSearch Strategies in Sequential SAT Efficient State Caching Efficient State Caching Reachability Checking with sequential SATReachability Checking with sequential SAT Experimental ResultsExperimental Results
– Comparison with BDDsComparison with BDDs– Comparison with BMCComparison with BMC
ConclusionsConclusions
ATPG Formulation of Circuit JustificationATPG Formulation of Circuit Justification
Typically X-Path basedTypically X-Path based Decision points are subset of Primary inputs and Decision points are subset of Primary inputs and
internal signals internal signals egeg. FAN’s . FAN’s headlinesheadlines Nodes on justification frontier are justified one-by-oneNodes on justification frontier are justified one-by-one
ab
c
d
e = 0
J-frontier = {e}Select J-node: eSatisfy J-node:
1st x-path{c,a};select a = 0;
Implications:c=0, d=1, e=0;J-node satisfied
Is J-frontier empty: yes;DONE: Solution {a,b} = {0,X}
X-path
J-frontier
The Most Effective SAT SolversThe Most Effective SAT Solvers
Backtrack searchBacktrack search Boolean constraint propagationBoolean constraint propagation ““Reasonable” branching heuristicReasonable” branching heuristic Clause recordingClause recording
– Non-chronological backtrackingNon-chronological backtracking Search strategiesSearch strategies
– Restarts / Random backtrackingRestarts / Random backtracking Efficient data structuresEfficient data structures
– E.g. head/tail lists; watched literals; literal E.g. head/tail lists; watched literals; literal siftingsifting
Examples: BerkMin; Chaff; SATO; rel_sat; Examples: BerkMin; Chaff; SATO; rel_sat; GRASPGRASP
Structural Search v/s Pure SATStructural Search v/s Pure SAT
FeatureFeature SATSAT StructuralStructural AdvantageAdvantage
11 Conflict-based Conflict-based LearningLearning YesYes MinimalMinimal SATSAT
22 Eff. ImplicationsEff. Implications YesYes NoNo SATSAT
33 Structural Structural InformationInformation MinMin YesYes StructuralStructural
44 Algorithm Algorithm ComplexityComplexity LowLow HighHigh SATSAT
55 Decision OrderingDecision Ordering HeuristicHeuristic ProbProb Struct/SAT Struct/SAT (sat/unsat)(sat/unsat)
66 Size of SAT Size of SAT AssignmentsAssignments HighHigh LowLow StructuralStructural
Iyer et. al. , SATORI – A Fast sequential SAT solver Iyer et. al. , SATORI – A Fast sequential SAT solver for circuits, ICCAD 2003for circuits, ICCAD 2003
Sequential SAT – SATORISequential SAT – SATORI
Based on Based on implicitimplicit time frame (TF) expansion time frame (TF) expansion For each TF, a combinational solver is used to find a For each TF, a combinational solver is used to find a
solution solution – includes heuristics to minimize the number of state includes heuristics to minimize the number of state
variables with value assignment using variables with value assignment using 3-valued logic3-valued logic– Maximize size of these setsMaximize size of these sets
The “state” part of solution further justified in prior TFThe “state” part of solution further justified in prior TF A conflict clause corresponding to the “state” part of the A conflict clause corresponding to the “state” part of the
solution is addedsolution is added– Prevents reaching the same state again in searchPrevents reaching the same state again in search
Efficient state caching and retrievalEfficient state caching and retrieval Is completeIs complete
– Given enough time, will return a solution if one existsGiven enough time, will return a solution if one exists– Otherwise will certify that no solution existsOtherwise will certify that no solution exists
Sequential SearchSequential Search
CombinationalCombinational
LogicLogic
Register Register
Primary Inputs
Primary Outputs
Present StatePrevious State
1 Time Frame
State Objectives
State Solution
3-Valued Search – DFS or BFS3-Valued Search – DFS or BFS
Obj1
frame0
S21 S1
1 S41
v20
S11
v10 v3
0v4
0
frame1
S52
S22S1
2
v51
v21
v12
v11
frame2
InitialState
v23 v1
3
frame3Illegal State
Legal State
State Cache internalsState Cache internals
State cubes are stored as State cubes are stored as state avoiding state avoiding clausesclauses
State cubeState cube – {s{s00,s,s11,..,s,..,snn} = {1,0,X,X,..,1} } = {1,0,X,X,..,1} is stored asis stored as– ((ss00 + s + s11 + s + sn n ))
Imply new state cubes on the state cacheImply new state cubes on the state cache Conflicting cubes in the cache under the Conflicting cubes in the cache under the
current assignments are coverscurrent assignments are covers Smallest covers will conflict firstSmallest covers will conflict first
– Eg: Let new cube be Eg: Let new cube be {s{s00,s,s11,..,s,..,snn} = } = {1,0,1,X,..1,1}{1,0,1,X,..1,1}
– We find implications of this assignment on state We find implications of this assignment on state cachecache
– Old cubeOld cube ((ss00 + s + s11 + s + snn) ) conflicts since it conflicts since it evaluates to FALSEevaluates to FALSE
SATORI – Assignment ReductionSATORI – Assignment Reduction
0
0
0
0
1 0
1
1
1
0
0
G0
G6
G7
G1
G3
G5
G2G13
G16
G15
G9
G11
G17
G10
G8
G14
G12
G14
G5’
G7’
G6’
State Variable
Primary Input
1
1
0
1
G7
G0
G0
G7
G0
G0
G0G7
G0
G7
G0 G7
G0
Reachability Checking Reachability Checking
Set values of 0/1 on all lines in Set values of 0/1 on all lines in ISCAS’89 cktsISCAS’89 ckts
Check whether values are satisfiable Check whether values are satisfiable from initial statefrom initial state
Compare with state-of-art commercial Compare with state-of-art commercial ATPG engineATPG engine
– No fault propagationNo fault propagation
– Even comparisonEven comparison
Effect of Path-TracingEffect of Path-Tracing
0
20
40
60
80
100
120
140
160
s298 s344 s349 s382 s420 s510 s820 s832 s953 s1238 s1488 s1494Circuit
Ru
n-T
ime
(sec
s)
Structural
VSIDS
Assignment Reduction – State CubesAssignment Reduction – State Cubes
0
10000
20000
30000
40000
50000
60000
70000
s1488 s1494 s382 s444 s510 s820 s832
Circuit
Sta
te C
ub
es
State No-RedState Red
State Cube Comparisons
Reachability CheckingReachability Checking
0.1
1
10
100
1000
10000
CP
U T
ime (
s)
s444 s510 s526 s953 s5378 s35932
Circuit
Seqn. SAT
ATPG
Reachability CheckingReachability Checking
0.01
0.1
1
10
100
1000
10000
Circuit
CP
U T
ime (
s)
SATORI Comm. ATPG
Safety property checkingSafety property checking
Sequential SAT in BFS mode does pre-image Sequential SAT in BFS mode does pre-image computationcomputation
Check safety properties using pre-image Check safety properties using pre-image computationcomputation
Test-cases drawn from VIS distributionTest-cases drawn from VIS distribution Sequential SAT uses a modified Buchi Sequential SAT uses a modified Buchi
AutomatonAutomaton– Automaton goes to a Trap state when a Automaton goes to a Trap state when a
counter-example is foundcounter-example is found– Automaton restricts search space to valid Automaton restricts search space to valid
space for counter-examplesspace for counter-examples– Effectively guides the search for a counter-Effectively guides the search for a counter-
example.example. Compare with VIS 2.0 (BDD based)Compare with VIS 2.0 (BDD based)
BDDs v/s SATORI – Pre-Image ComputationBDDs v/s SATORI – Pre-Image Computation
0.01
0.1
1
10
100
1000
10000
100000
Circuit
CP
U T
ime (s)
VIS-Back Satori
BDDs v/s SATORI – with Image ComputationBDDs v/s SATORI – with Image Computation
0.001
0.01
0.1
1
10
100
1000
10000
100000
Circuit
CP
U T
ime
(s)
VIS-BDDs SATORI
Best Strategy Times: BDDs v/s SATORIBest Strategy Times: BDDs v/s SATORI
0.01
0.1
1
10
100
1000
10000
100000
Circuit
CP
U T
ime
(s)
VIS-Forward VIS-Back Satori
State space explorationState space exploration
Buggy states
Initial states
Witness vector traceBackward Search
Forward Search
True Properties: VIS-BDDs v/s SATORITrue Properties: VIS-BDDs v/s SATORI
0.001
0.01
0.1
1
10
100
1000
10000
100000
CP
U T
ime
(s)
vis- ltl BFS BFS/DFS F/B
False Properties: VIS-BDDs, BMC & SATORIFalse Properties: VIS-BDDs, BMC & SATORI
0.001
0.01
0.1
1
10
100
1000
10000
100000
CP
U T
ime
(s)
vis- ltl vis-bmc BFS BFS/DFS F/B
Performance on Selected false propertiesPerformance on Selected false properties
0.001
0.01
0.1
1
10
100
1000
10000
CP
U T
imes (
s)
vis- ltl vis-bmc BFS BFS/DFS F/B
In SummaryIn Summary
Sequential SAT is complete Sequential SAT is complete One can do efficient reachability checking One can do efficient reachability checking
using sequential SATusing sequential SAT– Competes with BDDs for property checkingCompetes with BDDs for property checking– Comparative performance is goodComparative performance is good
Efficiency can be improved through Efficiency can be improved through improved search orderimproved search order