Using Symmetry - PowerPoint Presentation

Slide1

Using Symmetry to Solve Difficult Logic Puzzles

Igor Markov

University of Michigan, EECSSlide2

OutlineA brief introduction to the field of Electronic Design AutomationIntegrated circuits, design tools, research challengesFormal verification of digital circuits via SAT-solving

(difficult logic puzzles)

Exploiting symmetry as a structural property

of SAT instances

The graph

automorphism

problem

Symmetry-breaking predicates

Improvements in SAT-solvingSlide3

portablemedia centerFrom The Old Personal Computer To…

pocket PC

Xbox 360

cable TV box

RoundTable

Zune

tablet PC

media center PC

Laptop PC

smart phone

portable

media center

IP

phone

desktop PC

MS Surface

Source:

Rico Malvar

@ Microsoft ResearchSlide4

Source

:

Information Week /

CMPNetSlide5

Why Do We Need So Many Digital ICs?Programmability versus optimizationA CPU (runs a program and) performs 1-6 operations per cycleA specialized chip can perform 1000 ops/cycle(1Gbps networking chips, Dolby 7.1, HDTV)Intel CPUs ≤ 4GHz

Power versus performance

An Intel CPU can burn 30-100 Watts

An ARM CPU in a cell phone burns <0.1Watt

Specialization and low cost

Intel, AMD CPUs cost >$300

iPhone

,

GPSNav

, Wii

<$300Slide6

Designing New Chips Quickly

Idea 1: describe ICs in HW

descr

. languages (HDL)

Verilog

,

SystemVerilog

, C,

SystemC

Idea 2: use software tools to compile HDL into siliconMany intermediate representations, many passes

module foo(a, b, c, o1, o2, o3);

input a, b, c;

output o1, o2, o3;reg o2, o3;assign o1= a & b;

always @(a, b, c) o2= a | c;…

wire

sel, a, b, out;

…

if

(sel) out=a;

else

out=b

;

b

a

sel

AND

AND

out

OR

RTL Model

Logic Synthesis

Gate-level

Netlist

Place & Route

Polygonal layoutSlide7

Logic Synthesis & Physical OptimizationIdea 3: use software tools to optimize chipsFunctional (logic) optimization

A*B+A*C

 A*(B+C)

,

(

A+B)*(A+C)

 A+B*C

,

X

1  X’

(Boolean & polynomial algebras)

Physical optimization: gate locations, wire routes, etc (computational geometry, non-convex optimization)

Source

:

IBMSlide8

After the Design Phase

Idea 4: use software tools

to verify chips

Find

bugs or

prove

that there are no bugs

Idea 5: use software tools

to optimize test sequences

Idea 6: use software to debug chips

Localize & diagnose bugs

Automatically

suggest bug fixesSlide9

Verifying a Buggy DesignExample: Carry Select Adder

0

Design error affects results for large numbersSlide10

10Verify Against Trusted Implementation

0

Check equivalence of output functions

+

H.Katebi

,

I.Markov

,

“

Large-

scale

Boolean Matching

”

DATE

2010Slide11

11Verifying Equivalence Between Circuits

Too many input combinations to simulate

16-bit adder: 2

32

(feasible)

32-bit adder: 2

64

(impractical)

Key idea

: formulate a theorem:

x F(x)=G(x)

Prove it or find a counter-example

Use algorithms and software for theorem-proving

Further steps

Agree on a simple, formal language for theorems

Formulate theorems for circuit equivalence-checking

Develop algorithms for theorem-provingSlide12

12Problem Transformation

Miter

function

M

FG

(x) =

( F(x)



G(x) )

= ( F(x)  G(x) )

x F(x)G(x)  x M

FG

(x)==1

Theorem-proving reduces to search to satisfy

M

FG

(x)==1

– any such solution is a counter-example (bug!)

Or prove that such an assignment does not exist,i.e., prove

MFG(x) = 0

for all possible assignments

Circuit-SAT: satisfy one output of a circuit

Find an input combination that produces 1

Or prove that the output is always 0

Boolean

SATisfiability (CNF-SAT)

MFG

(x) is represented in product-of-sums (POS) form,a.k.a conjunctive normal form (CNF)

Example:

(a+b+c

)(a’+b’+d)(b+c)(d’)(b+e

)(c+d+e

)Slide13

13CNF-SAT Example/Terminology

Clause

Positive Literal

Negative Literal



(

a

+



c

) (

b

+



c

)

(

a

+



b’

+

c’

)Slide14

14Ex: Circuit-SAT  CNF-SAT, Solve

a

b

c

d

e

g

f

h

?



=

h

[

d

=(

ab

)’] [

e

=(

b

+

c

)’] [

f

=

d’

]

[

g

=

d

+

e

] [

h

=

fg

]

=

h

(

a

+



d

)(

b

+



d

)(

a’

+

b’

+

d’

)

(

b’

+



e’

)(

c’ +

e’

)(

b

+



c

+

e

)

(

d’

+



f’

)(

d

+



f

)

(

d’

+



g

)(

e’

+



g

)(

d

+



e

+

g’

)

(

f

+



h’

)(

g

+



h’

)(

f’

+



g’

+

h

)

=

h

(

a

+



d

)(

b

+



d

)(

a’

+

b’

+

d’

)

(

b’

+



e’

)

(

c’

+

e’

)(

b

+



c

+

e

)

(

d’

+



f’

)(

d

+



f

)

(

d’

+



g

)(

e’

+



g

)(

d

+



e

+

g’

)

(

f

+



h’

)(

g

+



h’

)(

f’

+



g’

+

h

)

=

h

(

a

+



d

)(

b

+



d

)(

a’

+



b’

+

d’

)

(

b’

+



e’

)

(

c’

+

e’

)(

b

+



c

+

e

)

(

d’

+



f’

)(

d

+



f

)

(

d’

+



g

)(

e’

+



g

)(

d

+



e

+

g’

)

(

f

+



h’

)(

g

+

h’

)(

f’

+



g’

+

h

)

=

h

(

a

+



d

)(

b

+



d

)(

a’

+



b’

+

d’

)

(

b’

+

e’

)(

c’

+



e’

)(

b

+



c

+

e

)

(

d’

+

f’

)(

d

+



f

)

(

d’

+



g

)(

e’

+



g

)(

d

+



e

+

g’

)

(

f

+

h’)(g +h’)(f’ +g’ + h)

=

h

(a +d)(b +d)(a’ +b’ + d’)

(b’ +e’)(c’ +e’)(b +c + e)

(d’ +f’)(d +f)

(d’ +g)(e’ +g)(d +e + g’)

(f +h’)(g +h’)(f’ +g’ + h)

No branching needed

in

thi

s

example

Only constraint

propagation

Linear time

In general, branching is needed

Worst-case exponential time

In practice,

often finishes quicklySlide15

15CNF-SATCNF-SAT is NP-complete

A polynomial-time algorithm would immediately solve

numerous important problems

An impossibility proof would also be interesting

A general solution to SAT is worth $1M

(the first

Millennium

problem) + fame

Practical SAT-solving

Dramatic progress in the last 15 years

Algorithms and software exist that

solve many large SAT instances quickly

Some small SAT instances remain difficultSlide16

SAT Can Capture Logic Puzzles (1)The Pigeonhole Principle (PHP)Need to assign n+1 objects to n slots

No two objects can be assigned to the same slot

Every object must be assigned to at least one slot

Encoding in terms of CNF-SAT

n(n+1)

indicator variables matching each object with each slot

n

2

(n+1)

mutual exclusion clauses preventing two objects

from being assigned to any one slot(n+1) clauses with

n literals ensure that each object is assigned to at least one slotSummary: PHPn

~n

2 variables, ~n3

clauses, UNSATSlide17

SAT Can Capture Logic Puzzles (2)The Pigeonhole Principle arises in numerous applicationsTrying to multiplex (n+1) signals through n outputsTrying to route

(n+1)

wires through

n

channels, etc

A competent SAT solver should handle

PHP

n

, shouldn’t it?

Relevant observations & (deep) results

All leading SAT-solvers rely on resolution (proof technique)All resolution proofs of the pigeonhole principle are exp-sized

In practice, runtime on PHPn instances is indeed exponentialBut … all pigeons are interchangeable and so are all holes !

Order holes, and impose ordering constraints on assignmentsSlide18

Speeding up SAT-solving in PracticeKey idea: identify structural properties of a given problem instance, then exploit them to speed up the SAT solverKey structural property of problem instances: symmetry

Symmetry-breaking in search

: if a, b are

interchangeable

,

add the

(

a’+b

) clause to reduce the branching factor

Leading-edge SAT solvers are based on branchingChallengesDealing with more complicated symmetries (cycles, negations)

Capturing all symmetries efficientlyDetecting symmetries quicklyLimiting the size of symmetry-breaking predicatesSlide19

Darga

,

Sakallah

, Markov,

“Faster

Symmetry Discovery using

Sparsity

of Symmetries

,”

DAC

2008

http://vlsicad.eecs.umich.edu/BK/SAUCY/Slide20

CNF inst.

Graph

Graph

symmetries

CNF

symmetries

Pre-processed

CNF instance

Invoke

a generic

SAT solver

Symmetry-breaking predicates

Shatter

Shatter

Shatter

GraphAuto

:

nauty

or

saucy

Computational Symmetry-Breaking in SAT

Aloul

, Markov,

Sakallah

,

“Shatter:

Efficient Symmetry-Breaking

for

Boolean

Satisfiability

,”

DAC

2003Slide21

Igor Markov / June 30, 200421Compact Representations of Symmetries

To represent

the group of all

symmetries

of a graph

Do not list individual symmetries

List generating permutations (generators)

Elementary group theory proves:

If redundant generators are avoided

, an N-element groupcan

be represented by at most log2(N)

generatorsGuaranteed exponential

compression (often better !)E.g., the group Sk of all

k! permutations of 1..kcan be generated by (12)

and (123..k)

or by (12), (23), (34),…, (k-1 k)To use this guaranteed compression, we rely on algorithms in terms of permutation generatorsSlide22

Finding Symmetries of GraphsSymmetry (automorphism) of a graphPermutation of vertices that maps edges to edges Additional constraintsVertex colors (labels): integers

Every vertex must map into a vertex of same color

Computational Graph

Automorphism

Find generators of a graph’s group of symmetries

GraphAuto



NP, and is believed to

P and NP-complete

Algorithms implemented in GAP(GRAPE(NAUTY))

1

2

1

2

A

B

D

CSlide23

Symmetries of CNF FormulaePermutations of variables that map clauses to clausesE.g., symmetries of (a+b+c

)(

d+e+f

)

include (

ab

), (

abc

) as well as (ad)(be)(

cf

)Considering single swaps only is not enoughDitto for variable negations

(aa’)

and negations+permutationsE.g., symmetries of (

a+b+c)(d+e’+f’)include (de’) as well as (ad)(be’)(

cf’)Slide24

CNF formula  colored graph Linear time and space Find graph’s [colored] symmetriesWorst-case exponential time Interpret graph symmetries found as symmetries of the CNF formulaPermutational symmetriesVariable-negation symmetries

Reduction to Graph

AutomorphismSlide25

Reduction to Graph

Automorphism

Clauses: A (x’ + y + z) , B (x + y’ + z’), C (y’ + z)

Vertices of two colors:

clauses

and

vars

One vertex per clause, two per variable

Edges of three types: (

i

)

incidence

,

(ii) consistency

, and (iii) 2-literal clauses

1

2

1

2

A

B

C

x

x

’

y

y’

z

z’

Symmetry

:

(x x’)(y z’)(y’ z)

2

2

2

2Slide26

Consistency edges must map to consistency edgeswe do not explicitly enforce that previous reductions do  create larger graphswe reduce the input size for GraphAuto

by a constant; recall that

O(2

n

)O(2

cn

)

Must ensure correctness (!)

a graph symmetry that maps consistency

edgessomewhere else is termed spuriousspurious symmetries can and do happen

Reduction to Graph

AutomorphismSlide27

Igor Markov / June 30, 200427Slide28

Symmetry Breaking using NAUTY (=“No AUTomorphisms, Yes ?)

On all but the synthetic Urquhart instances,

symmetry detection with

nauty

dominates run time

Further improvements must come from improved symmetry detection

74.6

31.51

8.01

23.50

2pipe

82.6

1

3.84

2.41

11.43

XOR

99.4

26.03

0.17

25.86

ChnlRoute

93.9

3.45

0.21

3.24

FPGAroute

88.4

43.84

5.08

38.76

GRoute

39.4

1.93

1.17

0.76

Urq

84.4

0.45

0.07

0.38

Hole-n

% Sym

Total

Search

Sym

BenchmarkSlide29

saucy 2004: Exploiting Graph Structurenauty works very well on small graphsbut fails to scaleRuns out of memory on formulas with corresponding graphs having >50,000 verticessaucy improvement #1: sparse representation

saucy

improvement #2: can use

bipartiteness

Clause vertices only connected to literals

Never connected to each other

saucy

improvements #3 and #4: algorithmic

(e.g., asymptotically faster partition refinement

)Further dramatic improvements in

saucy 2008, saucy 2010Slide30

saucy 2004: Empirical Performance

Testcases

#Variables

SAT (s)

nauty

(s)

% Sym

saucy(s)

% Sym

s4-4-3-1

10354

218.53

88.74

28.9

0.11

0.05

s4-4-3-2

9974

877.59

79.67

8.3

0.10

0.01

s4-4-3-3

9970

884.78

75.98

7.9

0.09

0.01

s4-4-3-4

10714

464.46

155.31

25.1

0.14

0.03

s4-4-3-5

11072

134.09

101.63

43.1

0.11

0.08

s4-4-3-6

9620

13.24

76.48

85.2

0.10

0.75

s4-4-3-7

10362

18.27

78.96

81.2

0.10

0.54

s4-4-3-8

6608

0.68

28.42

97.7

0.06

8.11

2pipe

3575

0.13

2.93

95.8

0.02

13.33

3pipe

10048

6.44

57.53

89.9

0.13

1.98

4pipe

21547

153.50

523.64

77.3

0.49

0.32

5pipe

38746

122.85

3144.85

96.2

1.65

1.33

http://vlsicad.eecs.umich.edu/BK/SAUCY

/Slide31

saucy 2: Further Dramatic ImprovementsSymmetries can be sparse too, especially the generatorsIn many cases, runtime now grows linearly with #generatorsEarly detection of hopeless branches during searchThe algorithm now races toward early termination conditionMaintain additional state to speed up some tasks:Checking the termination condition

Checking that a permutation is a symmetry

Backtracking

Several other improvementsSlide32

Experiments: Symmetry Discovery Time (s)Testcases

#Vertices

#Generators

Saucy 2004

Saucy 2.0

5pipe

38746

239

0.83

0.08

6pipe

65839

346

2.22

0.15

7pipe

100668

473

4.80

0.29

LA

436535

12852

528.39

0.21

IL

819138

14999

958.80

0.43

CA

1679418

44439

> 30 min

0.84

adaptec1

393964

15683

966.48

0.35

adaptec2

471054

21788

> 30 min

0.47

adaptec3

800506

36289

> 30 min

0.93

adaptec4

878800

53857

> 30 min

0.99Slide33

CNF inst.

Graph

Graph

symmetries

CNF

symmetries

Pre-processed

CNF instance

Invoke

a generic

SAT solver

Symmetry-breaking predicates

Shatter

Shatter

Shatter

GraphAuto

:

nauty

or

saucy

Computational Symmetry-Breaking in SAT

Aloul

, Markov,

Sakallah

,

“Shatter:

Efficient Symmetry-Breaking

for

Boolean

Satisfiability

,”

DAC

2003Slide34

How Backtrack SAT Solvers WorkLet’s solve (x’+y’)(x+y)(x’+y+z

)(

x+y’+z

)(z’)

Try x=0

y=1

z=1

violated clause, must backtrack

We

just repeated similar/same steps twice

Branches x=0,y=1 and x=1,y=0 are

symmetricIdeas for speed-upRequire that (

x≤y), i.e.,

(x’+y)Consider equivalence classes under symmetry

Pick 1+ representative for each class, search only the reps. This restricted search is  to original

Try x=1

y=0

z=1

violated clause, must backtrackSlide35

Symmetry-Breaking Predicates To restrict searchAdd clauses to the original CNF formula (“symmetry-breaking” clauses)They will pick representatives of classes Our main task is to find those clauses

Use only permutations induced by generators

Permutation



group of clauses

(a “symmetry-breaking” predicate

)Slide36

Symmetry-Breaking Predicates (SBPs)

SBP

Classes of symmetric

truth

assignments

SATisfying

assignmentsSlide37

Generator-Based SBPsWhen adding SBPs, must ensureNo solutions are added (trivial)When solutions exist, SBPs should preserve at least oneOptimization objectiveTotal runtime of Shatter flowNot the “completeness” of symmetry-breaking –

it’s OK to leave multiple symmetric solutions

Technique

Process each generator from

GraphAuto

independently

Ignore the CNF-SAT instance, initially

Concatenate the resulting predicates to the original CNFSlide38

Ensuring the Compatibility of SBPsInput: permutation (usually sparse)Output: clauses that pick representativesof equivalence classes of truth assignments

Challenge

:

ensuring compatibility of SBPs

produced for different generators

When conjoining SBPs, we must not lose

all solutions

g

1

g

2

g

1

g

2Slide39

Lex-Leader SBPs (1)Order the variables in the CNF formulaInduce a lexicographic ordering on truth assignments000<001<010<

011

<100<101<110<

111

For each equivalence class, make sure that

its

lex

-smallest element (

lex

-leader) is selected

Theorem: Given a CNF formula , consider its symmetry generators {gi} and build Lex

-Leader SBPs {P(g

i)}.Then  and P(g

1)P(g2)… are equi-satisfiable.

Proof:  No new solutions are added.

 If a solution exists, then the lex

-smallest solution is preserved.Slide40

Lex-Leader SBPs (2)Pg

(

x

)

=

(

x ≤ g

(

x

))

Where

x

is a truth assignment and

≤

is a lex-orderingPrior work (in the field of AI)

Defined P

g(x), but implemented it using (n2

) CNF clausesDid not account for variable-negation symmetries

Conjoined

Pg(x) for all gAut

(G)Optimizations & improvementsAccount for negation symmetries & hybrids

Implement Pg (x) using O(

n) CNF clauses

Implement Pg (x

) using O(supp(g)) CNF

clauses

Instantiate Pg (x) only for generators of

Aut(G)Slide41

Lex-Leader SBPs Slide42

Igor Markov / June 30, 200442Asymptotic Results on PHPn

Proving the pigeon-hole principle w/o induction

A series of SAT instances of growing size

Conventional SAT solvers take exponential time

Our approach empirically takes polynomial timeSlide43

CNF inst.

Graph

Graph

symmetries

CNF

symmetries

Pre-processed

CNF instance

Invoke

a generic

SAT solver

Symmetry-breaking predicates

Shatter

Shatter

Shatter

GraphAuto

:

nauty

or

saucy

Computational Symmetry-Breaking in SAT

Aloul

, Markov,

Sakallah

,

“Shatter:

Efficient Symmetry-Breaking

for

Boolean

Satisfiability

,”

DAC

2003Slide44

Igor Markov / June 30, 200444Open Challenges

Does saucy run in poly-time on bounded-degree graphs ?

It can probably be extended to do so provably

Extend Shatter to save checkable proofs of

unsatisfiability

using resolution + symmetries

Extend saucy to perform canonical labeling of graphs

Graph

Automorphism

in worst-case polynomial time ?

Approximate symmetriesSlide45

Igor Markov / June 30, 200445Q&A

Source

: Univ.

Nebraska Lincoln,

Chemistry Dept