On the relation between SAT and BDDs for equivalence checking
- 格式:pdf
- 大小:67.28 KB
- 文档页数:6
十月新SAT写作五个提分建议两分钟做个小测试,看看你的英语水平/test/liuxue.aspx?tid=16-73675-0一、五条小建议,让你的新写作获得高分1.Less is not more. More is more.写得多虽然无法确保高分,而且可能会给考官一种冗长啰嗦之感。
但是写得越少,你的观点、论述、分析就越无法有效展开。
所以,关键是要在写作数量和写作质量上做到平衡。
字数是基本的要求,下面的几条建议可以帮助小伙伴在写作质量上获得提升。
2.Pick one side.OG上虽然明确指出在分析中,考生既可以论证原文是如何说服读者,同时也可以论证原文不具备说服力。
但是,写作考试的文章来源都很权威,而且在考试有限的时间和紧张的氛围中,直接分析原文的说服力强是最明智的选择。
3.T ake notes在具体的新SAT写作过程中,考生需要经常的refer back,如果在阅读原文的过程中,对原文的feature(写作手法,如evidence, reasoning, language等)不做任何标注,写作时是不是会有一种手忙脚乱的感觉?所以清晰的笔记是完全有必要的。
例如,用“?”来标记原文中的rhetorical question修辞;用“≠”标注修辞contrast;用(WC)标注修辞Word choice。
e five-paragraph essay format.采用五段式写作结构,这一结构虽然有“八股文”之嫌,但是对于应试作文来说,可以省很多构思文章结构的时间。
一般来说,在文章第一段开门见山的提出正文中要分析的三个features,正文三段对首段的三个features一一展开分析,末尾段对首段进行restate,整个文章就大功告成了。
5.Pace yourself.相对于老SAT来说,虽然新SAT写作考试时间上延长至50分钟,但新SAT 写作是一种基于阅读的写作,要求考生在透彻理解原文的基础上,从原文本中找到相应的细节来分析原文作者的论证说理过程。
Symbolic Model Checking using SAT procedures instead of BDDsA.Biere12,A.Cimatti3,E.M.Clarke12,M.Fujita4,Y.Zhu121Computer Science Department,Carnegie Mellon University,5000Forbes Avenue,Pittsburgh,PA15213,U.S.A.2Verysys Design Automation,Inc.,42707Lawrence Place,Fremont,CA94538,U.S.A.3Istituto per la Ricerca Scientifica e Tecnolgica(IRST),via Sommarive18,38055Povo(TN),Italy4Fujitsu Laboratories of America,Inc.595Lawrence Expressway,Sunnyvale,CA94086-3922,U.S.A.armin+,emc+,zhu+@,cimatti@irst.itc.it,fujita@AbstractIn this paper,we study the application of propositional deci-sion procedures in hardware verification.In particular,we applybounded model checking,as introduced in[1],to equivalence andinvariant checking.We present several optimizations that reducethe size of generated propositional formulas.In many instances,our SAT-based approach can significantly outperform BDD-basedapproaches.We observe that SAT-based techniques are particularlyefficient in detecting errors in both combinational and sequentialdesigns.1IntroductionA complex hardware design can be error-prone and mistakes arecostly.Formal verification techniques such as symbolic modelchecking are gaining wide industrial pared to tra-ditional validation techniques based on simulation,they providemore extensive coverage and can detect subtle errors.Representingand manipulating boolean expressions is critical to many formalverification techniques.BDDs[3]have traditionally been used forthis purpose.In this paper,we investigate an alternative approachbased on propositional decision procedures.Model checking[5]is an important technique for verifying se-quential designs.In model checking,the specification of a design isexpressed in temporal logic and the implementation is described asafinite state machine.Symbolic model checking uses boolean rep-resentation for thefinite state machine.By replacing explicit staterepresentation with boolean encoding,symbolic model checking[4,10]can handle much larger designs than explicit state modelchecking.With the introduction of bounded model checking[1],we areable to use efficient propositional decision procedures for sym-bolic model checking.In bounded model checking,only paths ofbounded length k are considered.Bounded model checking is thusconcerned withfinding bugs(or counterexamples)of limited lengthk.Given a specification in temporal logic and afinite state machine,we construct a propositional formula which is satisfiable iff there isa counterexample of length k.In practice,we look for longer and00011011Figure1:A two-bit counter with an erroneous transition2Bounded model checkingWe now briefly describe our techniques for bounded model check-ing.First,we give some background and notational conventions. Then we illustrate our approach with a simple example.More de-tails can be found in[1].2.1BackgroundThe specification of a system is expressed in linear temporal logic (LTL).In this paper we only consider the eventuality operator‘F’, and the globally operator‘G’.The techniques can also be applied to a more general class of operators[1].To simplify our discus-sion,we consider only existential LTL formulas,i.e.formulas of type E f where E is the existential path quantifier and f is a tem-poral formula that contains no path quantifiers.Note that E is the dual of the universal path quantifier A.Finding a witness for E f is equivalent tofinding a counterexample for A f.The implementation of a system is described as a Kripke struc-ture.A Kripke structure is a tuple M S I T with afinite set of states S,the set of initial states I S,a transition relation between states T S S,and the labeling of the states:S P A with atomic propositions A.In symbolic model checking,we assume that S01n and each state can be represented by a vector of state variables ss1s n where s i for i1n are propositional vari-ables.The labeling function can be omitted if every atomic propo-sitions corresponds to a state variable.An infinite sequence of statesπs0s1is a path iff s i s i1T for all i N.An LTL formula E f is true in a Kripke structure M(M E f)iff there exists a pathπin M withπf andπ0I.Model checking is concerned with the problem of determining the truth value of an LTL formula in a given Kripke structure,or equivalently,the problem of determining the existence of a witness for the LTL formula.We now illustrate bounded model checking with a simple example.2.2ExampleLet’s consider a two-bit counter.The implementation of the counter is shown as a Kripke structure in Figure1.There are four states in the Kripke structure.Each state s is represented by two state vari-ables s1and s0,denoting the value of the high bit and the low bit respectively.Initially,the value of the counter is00.Thus the initial state predicate I s is defined as s1s0.The transition relation T s s describes the increment of the counter at each step.We define inc s s as s0s0s1s0s1,and we define T s s as inc s s s1s0 s1s0.We deliberately add an erroneous transition from state10to itself.Suppose we are interested in the fact that the counter should eventually reach state11.We can specify the property as AF q, where q s is defined as ly,for all possible exe-cution paths,there exists a state such that q s holds.Equivalently, we can check whether there exists a path in which the counter never reaches state11.The new property is expressed as EG p,wherep s is defined as s1s0.Note that EG p is the dual of AF q.In bounded model checking,we restrict our attention to pathsof length k,that is,paths with k1states.We start with k0,andincrement k until a witness is found.Let’s consider the case where kequals2.We name the k1states as s0,s1,s2.We now formulatea set of constraints on s0s1and s2in propositional logic.The constraints guarantee that a path consisting of s0s1s2is indeed a witness of EG p,or equivalently,a counterexample for AF q.First,we constrain s0s1s2to be a valid path starting from the initial state.Unrolling the transition relation for2steps,we de-rive the propositional formula M2defined as I s0T s0s1 T s1s2,where I and T are predicates for the initial state and the transition relation defined earlier.Second,in order to be a witness for G p,the path must containa loop.Therefore there is a transition from s2to the initial states0,s1or itself.We define L2:T s2s0T s2s1T s2s2. Additionally,property p must hold on every state of the path.We derive a corresponding propositional formula G p2defined as L2p s0p s1p s2.The combination of both constraints, M2G p2,is the result of the translation.In this example,the resulting propositional formula is indeedsatisfiable.The satisfying assignment corresponds to a counterex-ample that is a path from the initial state00over01to10followed by the self-loop at state10.If the erroneous transitionfrom state10to itself is removed then the propositional formulabecomes unsatisfiable.This idea can be generalized to arbitrary LTL formulae.Thedetails are described in[1]together with the following theorem.Theorem1M E f iff M k f k is satisfiable for some k N.3Conversion to Clause FormMany propositional decision procedures assume the input problem to be in conjunctive normal form,or equivalently clause form(CF). In this section,we focus on techniques for converting arbitrary boolean formulas to CF.In particular,we investigate optimization techniques that reduce the number of variables and clauses in the CF generated.Satisfiability test for propositional problems is NP-complete. All known propositional decision procedures are exponential in the worst case.However,they may use different heuristics in guid-ing their search and exhibit different complexity in subsets of the propositional problems.Precise characterization of the“hardness”of propositional problems is difficult and is likely to be dependent on specific propositional decision procedures used.Reducing the size of CF may not always reduce the complexity of the problem. Our optimization techniques are heuristics in nature as well.Ex-perimental results show that these optimization techniques reduce the size of the CF as well as the time for satisfiability test.A formula f in CF is represented as a set of clauses,each clause is a set of literals,and each literal is either a positive or negative propositional variable.In other words,a formula is a conjunction of clauses,and a clause is a disjunction of literals.For example, a b c d e is represented as a b c d e.Given a boolean formula f,one may replace boolean operators in f with and and apply distributivity rule and De Morgan’s law to convert f into CF.The size of the resulting CF can be expo-nential with respect to the size of f.For example,the worse case occurs when f is in disjunctive normal form.To avoid the expo-nential explosion,we use a structure preserving CF transformation [13].procedure bool-to-cf(f,v f) casecached(f,v):return clause(f v f);f==h g:SMV1SA TOsec MB sec MB52457027741370291722201211413702031384370213151********Table1:Counterexample for liveness in a buggy DME(sec=sec-onds,MB=Mega Bytes).CMU with improvements including support for conjunctive parti-tioning.We refer to them as SMV1and SMV2respectively.4.1Model CheckingIn[1]we reported the results of applying bounded model check-ing to some academic examples.We showed that model check-ing safety properties for a sequential shift and add multiplier and finding short counterexamples for liveness properties of an asyn-chronous circuit could be done much faster with SAT than with BDD based methods.In particular,we studied the design of an asynchronous circuit for distributed mutual exclusion[9].We in-troduced a bug by removing some fairness constraints.The buggy design violated the liveness property that a request for a resource will be eventually acknowledged,and there is a counterexample of length2.We applied model checkers tofind the counterexample. Table1shows the results of this experiment.4.2Invariant CheckingSafety properties can be verified by proving an inductive invariant that holds at the initial state,is preserved by the transition rela-tion and implies the safety property[7].These three conditions can all be formulated as propositional satisfiability problems and ver-ified by a propositional decision procedure.Of course,being an inductive invariant is a sufficient but not necessary condition for a safety property.We implemented this approach in the tool BMC as follows.The user formulates the model as usual and specifies the invariant as a safety property(with AG).Then BMC generates two instances of a satisfiability problem.One formula for checking that the invariant is preserved by the transition relation and another formula for checking that the invariant holds initially.The third condition has to be formulated by the user.As an example for this technique we verified that the equiva-lence between two different implementations of a queue of a par-ticular length.This example is taken from[11]and it is known that no variable ordering exists such that the(RO)BDDs for the set of reachable states remain small.In the experiments of Table2an invariant that relates the contents of the two queues was manually constructed.As discussed above,three conditions have to be ver-ified for each particular length of the queues.We compared the results of SAT-based and BDD-based techniques.4.3Equivalence CheckingRecently,there has been a lot of progress in boolean equivalence checking[8,12].State-of-the-art equivalence checkers can handle designs with more than1million gates.These tools utilize the cor-respondence between internal signals and partition large circuits into much smaller ones.If the two circuits to be compared have significantly different structures,equivalence checkers can performSMV2PROVERl sec MB sec MB8240102102076641165731191701161857223302145765430155120308098451377201GB40h#ins#gatesIndustry18233Industry22328790Industry332210Table3:Equivalence checking using SAT procedures(sec=sec-onds).poorly even on much smaller designs.Most equivalence check-ers are BDD-based.We have investigated how propositional deci-sion procedures(SAT procedures)can be used instead of BDDs for equivalence checking.We use BMC to convert the equivalence checking problem to a propositional satisfiability problem.The output of BMC is a for-mula in CF which is fed into SATO.In Table3,we list some in-dustrial circuits that cannot be processed by some state-of-the-art equivalence checkers within24hours.In Industry1and Industry2,the logic of one circuit has been considerably optimized and the other is unoptimized.For both ex-amples,we applied logic optimization using SIS[14]on the circuits before submitting them for equivalence checking.This extra step of logic optimization greatly speeds up our verification.Without it,Industry1takes8246seconds and Industry2takes more than1 day.The use of logic transformation to speed up SAT procedures seems promising for future research.In Industry3,some outputs of the two circuits are not equivalent.However,only a small fraction of the input patterns can differentiate the two circuits(220out of 296).There is little hope that random simulation can identify the non-equality.SATO was able to identify counterexamples in a few seconds for every non-equivalent output!This example supports our belief that SA T-based approaches can detect errors efficiently.5ConclusionOur results demonstrate the potential of SAT-based techniques in various domains of hardware verification.We believe that SAT-based approaches complement the existing BDD-based approaches well.There are some promising directions of future research.Op-timization techniques in generating propositional formulas need to be further investigated.Previous work from otherfields such as ar-tificial intelligence may be relevant as well.Also,heuristics of SA T procedure need to be studied for the domain of hardware verifica-tion.For instance,in BDDs,interleaving the bits often provides a good variable ordering.Similar techniques may work well as split-ting heuristics for SA T procedures.References[1]B IERE,A.,C IMATTI,A.,C LARKE,E.M.,AND Z HU,Y.Symbolicmodel checking without BDDs.In TACAS’99(1999).to appear. [2]B OR¨ALV,A.The industrial success of verification tools based onSt˚a lmarck’s Method.In International Conference on Computer-Aided Verification(CAV’97)(1997),O.Grumberg,Ed.,no.1254in LNCS, Springer-V erlag.[3]B RYANT,R.E.Graph-based algorithms for boolean function manip-ulation.IEEE Transactions on Computers35,8(1986),677–691. [4]B URCH,J.R.,C LARKE,E.M.,AND M C M ILLAN,K.L.Symbolicmodel checking:1020states and rmation and Computa-tion98(1992),142–170.[5]C LARKE,E.,AND E MERSON,E.A.Design and synthesis of syn-chronization skeletons using branching time temporal logic.In Pro-ceedings of the IBM Workshop on Logics of Programs(1981),vol.131 of LNCS,Springer-V erlag,pp.52–71.[6]D AVIS,M.,AND P UTNAM,H.A computing procedure for quantifi-cation theory.Journal of the Association for Computing Machinery7 (1960),201–215.[7]D EHARBE,ing induction and BDDs to model check invariants.In CHARME’97(1997),D.Probst,Ed.,Chapman&Hall.[8]K UNZ,W.HANNIBAL:An efficient tool for logic verification basedon recursive learning.In ICCAD’93(1993),pp.538–543.[9]M ARTIN,A.J.The design of a self-timed circuit for distributed mu-tual exclusion.In Proceedings of the1985Chapel Hill Conference on Very Large Scale Integration(1985),H.Fuchs,Ed.[10]M C M ILLAN,K.L.Symbolic Model Checking:An Approach to theState Explosion Problem.Kluwer Academic Publishers,1993. [11]M C M ILLAN,K.L.A conjunctively decomposed boolean represen-tation for symbolic model checking.In CAV’96(1996),vol.1102of LNCS,Springer-V erlag,pp.13–25.[12]M UKHERJEE,R.,J AIN,J.,T AKAYAMA,K.,F UJITA,M.,A BRA-HAM,J.A.,AND F USSELL,D.S.FLOVER:Filtering oriented com-binational verification approach.In Proc.of International Workshop on Logic Synthesis(1995).[13]P LAISTED,D.,AND G REENBAUM,S.A structure-preserving clauseform translation.Journal of Symbolic Computation2(1986),293–304.[14]S ENTOVICH,E.M.,S INGH,K.J.,L AVAGNO,L.,M.,C.,M UR-GAI,R.,S ALDANHA,A.,S AVOJ,H.,S TEPHAN,P.R.,B RAYTON, R.K.,AND S ANGIOVANNI-V INCENTELLI,A.SIS:A System for Sequential Circuit Synthesis.Memorandum No.UCB/ERL M92/41, Electronics Research Laboratory,College of Engineering,University of California,Berkeley,1992.[15]S T˚ALMARCK,G.A system for determining propositional logic the-orems by applying values and rules to triplets that are generated froma formula,1989.Swedish patent no.467076(1992),U.S.patent no.5276897(1994),European patent no.0404454(1995).[16]Z HANG,H.SA TO:An efficient propositional prover.In InternationalConference on Automated Deduction(CADE’97)(1997),no.1249in LNAI,Springer-Verlag,pp.272–275.。
新SAT阅读中的“关系题”破解技巧两分钟做个小测试,看看你的英语水平/test/liuxue.aspx?tid=16-73675-0这里小编就带大家一起来看看如何理顺新SAT阅读文章中的关系,如何破解新SAT阅读中的“关系题”,技巧多多总有好处,Come on!走起来~Step 1Find the two parts of the passage mentioned in the question.在原文中找到题干所涉及的观点、事件或人物。
Step 2 Determine the relationship between the two situations or ideas (cause/effect, part/whole, comparison/contrast, claim/support)or people (parent/child, rival/rival, colleague/coworker).根据上述提供的关系,判断观点、事件、人物二者的关系。
Step 3Eliminate any answer choices that do not fit the relationship you have determined, or that simply do not make sense in the context of the passage.排除不符合原文所描述的关系的干扰项。
Step 4 Choose your answer from the remaining answer choices - whichever choice has more support from the passage.锁定最佳答案。
以上就是关于如何破解新SAT阅读中的“关系题”,供大家参考。
新SAT阅读中的“关系题”破解技巧/test/liuxue.aspx?tid=16-73675-0。
Efficient Verification of the PCI Local Bus usingBoolean SatisfiabilityFadi A. Aloul and Karem A. SakallahDepartment of Electrical Engineering and Computer ScienceUniversity of MichiganAnnArbor, MI 48109-2122{faloul, karem}@Abstract: The purpose of this paper is to study the application of Boolean Satisfiability to the verification of the PCI Local Bus. The novel feature of this approach is the generation of several propositional formulas that describe the specification of the bus system. The formulas are tested using a powerful SAT solver and the bus is verified for errors. The SAT-based approach has sev-eral important advantages over conventional BDD-based approaches such as achieving high speed testing. To demonstrate how our method works, we have modeled the PCI Local Bus and verified several properties.1 IntroductionRecent developments in semiconductor technology have made possible the integration of over 10 mil-lion transistors on a single chip. A related practice which is evolving to avoid designing systems from scratch is the use of predefined logic blocks referred to as Intellectual Property Components (IP cores) which are usually integrated using standard buses. While most components are usually pre-validated, stan-dard bus protocols still need to be tested and verified.Testing bus protocols is a major challenge. Most bus interface specifications are complex and infor-mally specified. Although a significant amount of work is devoted to the design and validation of bus inter-faces, errors produced by bus protocols can be very difficult to debug especially when system designers have restricted knowledge of the connected IP cores due to the protection of intellectual property.This paper examines the behavior of the PCI Local Bus [12]. It was developed by Intel to accommo-date the advance design of their pentium processors. The high performance bus is also used in DEC Alpha processors. We will model the PCI bus and verify several of its properties using SAT techniques.Several methods have been proposed to verify the PCI Local Bus [5, 6, 10, 11]. Formal verification techniques, such as model checking [8], have been used by several researchers to verify the complex hard-ware design. Chauhan et al. [6] specified the PCI bus using CTL [7] and model checked the state machine mentioned in the PCI specification document [12]. On the other hand, Shimizu et al. [10] specified the PCI bus with monitors and model checked various monitor properties. They present a simple specification style using monitor circuits. The style encourages readability and discourages errors. The English description of the PCI specification was translated into a collection of simple properties and a model checker was used to debug the monitor specifications.Recently, formal verification techniques, such as bounded model checking [1, 2], that uses satisfiabil-ity solvers instead of BDDs have been proposed. SAT-based approaches have several advantages over BDD-based approaches. BDDs [3] are based on canonical representations. A complete BDD has to be con-structed for every problem before testing it for 1-terminals. For large functions, however, the BDD sizes might be too large to fit into available computer memory. In any case, approaches that attempt to construct a complete representation of the function before checking its satisfiability end up doing more work than necessary. Therefore, SAT-based approaches that intelligently sample the variable space are often more effective. They are based on a polynomial representation and follow a depth-first search algorithm, looking for a satisfying assignment. They are less likely to fail due to exponential space blowup. Furthermore,BDD-based approaches require a good variable ordering to minimize the size of the BDD. However, these orderings usually need long periods of time. In contrast, SAT-based approaches can use different decision heuristics at different parts of the search tree to obtain an optimal solution in a short period of time.In this paper, we use Boolean satisfiability to verify the PCI Local Bus. Simple rules from the PCI specification document [12] are extracted and written into a set of logical expressions in conjunctive nor-mal form (CNF). The set of simple properties are based on the monitors introduced by Shimizu et al. [10].Several properties represented in CTL are converted into CNF and added into a CNF formula that contains the PCI specification expressions. A counter example of length K that violates a property can exist based on the solution of the CNF formula. Several formulas are created to verify each property. The formulas are tested using a powerful SAT-solver.The remainder of this paper is organized as follows. Section 2 presents a brief description of the CNF representation and the GRASP SAT solver. Section 3 discusses the modeling of the PCI Local Bus and Section 4 shows how it can be verified using our techniques. We also show some of the bugs found in the PCI protocol. Finally, Section 5 concludes the paper and provides some prospective on future work.2 Basic Definitions & NotationsA conjunctive normal form (CNF) formula on n binary variables is the conjunction (AND) of m clauses each of which is the disjunction (OR) of one or more literals, where a literal is the occurrence of a variable or its complement. The size of a clause is the number of its literals. A formula denotes a unique n -variable Boolean function and each of its clauses corre-sponds to an implicate (clause) of f . Clearly, a function f can be represented by many equivalent CNF for-mulas. We will refer to a CNF formula as a clause database and use “formula,” “CNF formula,” and “clause database” interchangeably. The satisfiability problem (SAT) is concerned with finding an assignment to the arguments of that makes the function equal to 1 or proving that the function is equal to the constant 0.In our experiment, we used the GRASP SAT solver [13] which can be classified as an enhancment to the basic Davis-Putnam backtrack search procedure [9]. The solver performs a depth-first search and can be viewed as consisting of 3 main engines: decision , deduction , and diagnosis . GRASP’s diagnosis engine analyzes the causes of conflicts and generates adequate information to prevent the conflicts from occurring at different parts of the search space. Furthermore, it enhances the diagnosis engine with a non-chronolog-ical backtracking scheme. A detailed description of the solver can be found in [13].3 PCI DescriptionThis section examines the PCI Local Bus, a high performance synchronous bus standard developed by Intel [12]. The bus has a data width of 32 or 64 bits. It is mainly used to connect processors, SCSI control-lers, LAN networks, motion video cards, and ISA bridge controllers.The bus supports two main phases: Arbitration and Address/Data . Both phases are fully synchronous.The arbitration phase involves a centralized algorithm. Each device on the bus has a unique pair of request (REQ) and grant (GNT) lines hardwired to a central arbiter. If a device desires the use of the bus it asserts the REQ line. The arbiter views the incoming requests and makes a decision on the next clock cycle. The decision is based on a Fixed-Priority or Round-Robin policy. The central arbiter is totally fair and serves every master. If the device is granted the bus, the arbiter will assert the device’s GNT line. The new bus master can’t control the bus until the old bus master has transferred all its data. The new master will have access to the bus as soon as the bus becomes idle. The bus is idle whenever the signals (FRAME) and initi-ator ready (IRDY) are deasserted.A device can start transmitting data as soon as its granted the bus and the bus is idle. This is referred to as the Address/Data phase. The transaction begins by asserting the FRAME signal. The address and the transaction type are then placed on the address/data multiplexed lines and the command line respectively.All target devices listen to the address and assert their device select (DEVSEL) line if it maps to theirϕx 1…x n ,,ω1…ωm ,,ϕf x 1…x n ,,()f x 1…x n ,,()address space. This indicates to the master that the target is present on the bus. The master then asserts the signal IRDY, declaring to the target that it is ready to transfer data. Data transfer starts when both IRDY and TRDY are asserted. Wait signals can be inserted between the data transfer phases by deasserting the IRDY or TRDY signals. The FRAME signal is deasserted one clock cycle before the end of the data phase.On the next clock cycle, both TRDY and IRDY signals are deasserted indicating the end of the Address/Data phase and making the bus return to the idle state. Furthermore, transactions can be terminated by the master or target in various situations. These are discussed in more detail in the next section.4 PCI VerificationThe key issues in verifying the PCI Local Bus are the modeling and debugging of the PCI specifica-tion. The PCI specification document is written in English and contains an informal overview of how the protocol works. We start by modeling the PCI protocol in CNF. For example, the PCI specification docu-ment lists a set of rules describing the target termination procedures. A simple rule such as:“Once a target asserts STOP#, it must keep STOP# asserted until FRAME# is deasserted, where-upon it must deassert STOP#.” P.42 Sec 3.3.3.2.1can be easily translated into a set of logical expressions:Stop(t n ) (Stop(t n+1) + Frame(t n ))(Frame(t n ) & Frame(t n+1)) Stop(t n+2)The above logical expressions can be represented in CNF as follows:( Stop(t n ) + Stop(t n+1) + Frame(t n ) )( Frame(t n ) + Frame(t n+1) + Stop(t n+2) )The PCI specification document is completely translated to CNF. Note that variables declared in CNF cor-respond to signals at specific time instances. Therefore, testing up to K time stages requires defining K unique variables for each signal. This is very useful in obtaining an accurate value for each signal at any time instance. The PCI specification is modeled in CNF for a single time unit t 0 using the signal variables for t 0. The single model is then replicated up to K levels by replacing every variable by the variable corre-sponding to the given time unit. An example of that is shown in Fig. 1(b). Finally, in order to avoid invalid states, signal values are initialized at time unit t 0 to the idle state.The second key issue has to do with debugging the protocol. Properties have to be added to check that no device ever observes an illegal combination of bus signals or an unexpected transaction. CTL formulas[7] can be used for dead state (existing reachable states with no transitions to other states) and property checking (incorrect behavior). CTL formulas are built from three components: atomic propositions , Bool-ean connectives , and temporal operators . Atomic propositions represent values of individual state vari-Figure 1: (a) PCI Transaction Example (b) Example of the PCI specification modeCLKREQGNTFRAMEAdd/DataDEVSELCommandIRDYTRDYAddress Data-1Data-2Bus Cmd Byte EnableSpec:CNF-Spec:K = 10 levels:Stop t n ()Stop t n 1+()Frame t n ()¬+()→Stop t n ()¬Stop t n 1+()Frame t n ()¬++()f Stop t 0()¬Stop t 1()Frame t 0()¬++()⋅=Stop t 1()¬Stop t 2()Frame t 1()¬++()…Stop t k 1–()¬Stop t k ()Frame t k 1–()¬++()(a)(b)→¬¬→¬¬¬¬¬ables. Boolean connectives include the basic AND (), OR (), and NOT () operations. Finally,temporal operators include path quantifiers (A:all, E:some) and temporal modality (F:eventually, G:glo-bally, X:next, and U:until). Path quantifiers indicate whether a property has to hold for “all ” execution paths or for “some ” paths. Properties expressed in CTL can be easily converted to CNF according to Fig.2. For example, to check whether two signals are never valid together for all paths, we use the following:AG (signalA & signalB)Since SAT solvers return after identifying a single valid path, it would be impossible to test if a prop-erty holds for all paths. Therefore, the inverse of the property is tested. An unsatisfiable solution indicates that the inverse of the property doesn’t appear in any path, hence the original property is valid for all paths.On the other hand, a satisfiable solution indicates a correct path with a false property. Converting the CTL formula to CNF yields the following boolean function:Proving the function unsatisfiable indicates that the CTL property holds. Note that a separate CNF formula is tested for each time unit. The function is unsatisfiable if all K formulas are proven unsatisfiable.The PCI specification was modeled in CNF up to 10 levels. The CNF model consisted of 1500 vari-ables and 11,000 clauses. The model included a single target with two masters but can be expanded to sev-eral devices. In order to make the verification simple, we didn’t include bus bridges, 64-bit extensions,locks, or interrupts. Several properties were verified including bus arbitration, read/write transactions,back-to-back transactions, and master/target terminations. The CNF formulas were tested using GRASP.The experiments were conducted on a 333 MHz Pentium Pro running Linux and equipped with 512 MByte of RAM. In order to measure the performance difference between SAT-based and BDD-based approaches,we modeled the PCI specification in SMV [4] and tested the same properties using CTL model checking.We used Carnegie Mellon's SMV [4] as the model checker. The SAT-based approach was able to verify the protocol within 2 minutes using up to 3.5 MByte of memory. The BDD-based approach required 112minutes of CPU and up to 27MByte of RAM.The above experiment uncovered several errors in the PCI specification that were previously identified by Chauhan et al. [6] and Shimizu et al. [10]. Some of these errors were based on a misinterpretation of the English description in the PCI specification document. Others were actual errors in the PCI protocol. One of the main errors detected deal with target-initiated terminations. Three types of target-initiated termina-∧∨¬¬f ϕmodel ()signalA t 0()signalB t 0()⋅signalA t 1()signalB t 1()⋅…signalA t k 1–()signalB t k 1–()⋅+++()⋅=Figure 2: Converting CTL formulas to CNF := CTL property at time k AG AF EG EF CTL formula in CNF Valid property if f SAT=f UNS =ϕdebug ω0¬ω1¬…ωk 1–¬+++()=ϕdebug ω0¬ω1¬…ωk 1–¬⋅⋅⋅()=ϕdebug ω0ω1…ωk 1–⋅⋅⋅()=ϕdebug ω0ω1…ωk 1–+++()=f ϕmodel ϕdebug⋅=ωk t 0t 2t 1t 0t 2t 1t 0t 2t 1t 0t 2t 1f SAT =f UNS =。
新教材高中英语新人教版选择性必修第一册:课时作业(十二) Unit 4 Section ⅢUsing Language层级一课时跟踪检测维度1 单词拼写1.The twins are so alike. It's difficult to ________ (辨别) one from the other.2.As a teacher, you have to ________ (调整) your methods to the needs of different children.3.Sorry to ________ (打扰) you, but there's a call for you on line two.4.With his arms folded across his ________ (胸部), Robert looked at his friend with a smile on his face.5.Having ________ (澄清) his opinion of the incident, Mr. Smith sat down and listened to others'.6.China suggests settling the ________ (冲突) through peaceful means.7.We can thoroughly recommend the firm you ________ (询问) about.8.Try to ________ (分心) yourself by playing mind games, choosing new running routes, or running with other people.9.We can ________ (察觉) his sorrow by the looks on his face.10.Hearing the result of the competition, she couldn't help ________ (哭泣) aloud.维度2 单句语法填空1.There is a growing ________ (tend) for people to work at home instead of in offices.2.According to the research, many ________ (educate) strongly oppose protecting children too much.3.From this experience, you should learn how ________ (distinguish) right from wrong.4.In China, smiling is not only an expression of happiness, but also a way to avoid being ________ (embarrass).5.When learning his friend had moved to a ________ (slight) larger house, he wandered around, depressed and full of ________ (anxious).6.I really felt ________ (shame) of failing to lend a hand to my neighbour when he was in need.7.In the street, she found herself ________ (stare) at by a stranger, which made her a little nervous.8.Last Sunday Jack wanted to go to the cinema ________ his cousin would rather stay at home.维度3 完成句子/句型转换1.当我们和朋友发生冲突的时候,换位思考是十分重要的。
2012年大连外国语大学英语专业(语言学)真题试卷(总分:154.00,做题时间:90分钟)一、判断题(总题数:20,分数:40.00)nguage is a means of verbal communication which can only take place effectively if all the users share a broad understanding of human interaction including such associated factors as nonverbal cues,motivation,and socio-cultural roles.(分数:2.00)A.True √B.False解析:解析:考查语言的定义和影响语言交际的因素。
人们之间的有效沟通会受到语言、肢体语言、社会及文化等因素的影响。
2.Different words are used to describe the concept indifferent languages.This reflects the design feature of displacement concerning human languages.(分数:2.00)A.TrueB.False √解析:解析:考查语言的任意性。
任意性指语言符号的形式与意义之间没有自然的联系。
3.Adults enjoy reading poems for its sheer beauty and children take delight in repetitive rhythms. This reflects the informative function of language.(分数:2.00)A.TrueB.False √解析:解析:考查语言的娱乐性功能。
人们有时会因为纯粹的乐趣而使用语言。
4.Journalists keep writing about and reporting on important events. This better reflects the recreational function of language.(分数:2.00)A.TrueB.False √解析:解析:考查语言的信息功能。
SAT语法笔记解题方法:一看逗号找谓语二跳修饰(定语、状语)找主干看逻辑合理性:保持原文强烈的语气完成进行时保持原文合理的时态,尽量避免虚拟语气忠实原文情态动词不作为考查方向90%以上考察非谓一般式不要随便改变重点解题步骤:1、解题遵循先语法后逻辑2、先基本结构错误后修饰性错误3、比较选项寻找差异e.g. “;"相当于带有并列关系的“。
”SAT十条公理:1、选项中含有being的95%是错的2、在SAT语法中there be句型表示自然存在的,原文中有there be70%是错的3、平行形式A, B and C中一定是and连接,而不是as well as4、动词优于形容词优于抽象名词5、主动优于被动,连词优于介词6、介词加which优于where(which前是什么介词不考)7、宾语从句that不省8、after和being有明显的先后关系,如果原文没有选项中有是错的9、没有do it / them / that 只有do so10. 表示是否只能用whether , 不使用if和whether ~ or not11. because of 后只能加名词或名词短语,不能加doing, one’s doing12。
doing;one’s doing,by one's doing 一般应为doing出题要点:见到平行看结构,形式功能要对称。
见到代词找指代,指代通常不合理。
见到谓语看主语,主谓一致看状语。
见到比较看对象,对象通常不可比。
(比较比喻看首尾)一、常考语法体系(挑错题Identifying Sentence Errors)1.主谓一致(Subject verb agreement)。
尤其是用于倒装时,比如there be句型或地点状语至于句首的倒装情况,一定要找到真正的主语。
通常一套writing里总会有一个倒装句,并多为动词部分出错.有插入语时,要勇敢的抛弃非中心部分,找到中心的主语。
Unit3词汇讲义拓展front英 [frʌnt]美 [frʌnt]第三人称单数:fronts第三人称复数:fronts现在分词:fronting过去分词:fronted过去式:frontedfront 基本解释名词前面; 正面; 前线; 身体前部形容词前面的; 正面的; 舌前的动词面向; 在…前面; 用…作正面; 领导front 同义词动词face名词faceforeheadfront 反义词形容词backhindrearfront 相关词组1. in front of : 在...前面;2. in front : 在前面;3. up front : 预先;4. out front : 在观众中;Unit3词汇讲义拓展5. front to front : 面对面;6. get in front of oneself : 着慌, 被搞糊涂;7. come to the front : 变得引人注目, 出人头地;front 相关例句不及物动词1. Some claimed that the doctor's union fronted for the smuggling ring.有人说医师公会是走私集团的掩护机关。
名词1. That store was a front for foreign agent.那家商店是为外国间谍打掩护的。
2. She worked on the home front helping to produce weapons for the army.她在祖国帮助生产军队用的武器。
3. He has just returned from the front.他刚从前线回来。
front 情景对话退房A:Front Desk. Can I help you?前台,需要我为您服务吗?Unit3词汇讲义拓展B:Yes. I'm checking out now, and want to get a taxi to the cinema. Could you get one for me, please?我现在要退房,需要一部出租车到电影院。
On the Relation between SAT and BDDs for Equivalence Checking Sherief Reda1 Rolf Drechsler2 Alex Orailoglu1 1Computer Science & Engineering Department 2Institute of Computer ScienceUniversity of California, San Diego University of BremenLa Jolla, CA, 92093 28359 Bremen, GermanyAbstractState-of-the-art verification tools are based on efficient operations on Boolean formulas. Traditional manipulation techniques are based on Binary Decision Diagrams (BDDs) and SAT solvers. In this paper, we study the relation between the two procedures and show how the number of backtracks obtained in the Davis-Putnam (DP) procedure is linked to the number of paths in the BDD. We utilize this relation to devise a method that uses BDD variable ordering techniques to run the DP procedure. Experimental results confirm that the proposed method results in a dramatic decrease in the number of backtracks and in the time needed to prove the Boolean satisfiability problem as well.1 IntroductionBoolean Satisfiability (SAT) has received increased attention as a promising technique for Automatic Test Pattern Generation (ATPG) and equivalence checking [1], [2]. Virtually all SAT techniques rely on the use of the Davis-Putnam procedure (DP) [3], [4] to explore the search tree. If there is a pattern that differentiates the circuits under verification, then DP will eventually find it or prove that the SAT formula is unsatisfiable. Numerous techniques have been proposed to reduce the search tree. Some of these techniques such as iterated global implications [2] and recursive learning [5] are applied as a preprocessing step, while others are applied during the course of the application of the DP procedure. For example, clause recording [6] and cache-based backtracking [7] are used to avoid conflicts. An alternative research trend focuses on identifying variable orderings techniques that minimize the number of backtracks executed by the DP procedure to find a satisfying assignment1. The effectiveness of these techniques is sharply limited though in case the formula is unsatisfiable. On the other hand, Binary Decision Diagrams (BDDs), as introduced in [9], have been traditionally used to solve the equivalence checking problem due to their canonical property. However, it is this requirement for canonicity that makes BDDs inefficient in representing certain classes of functions. For example, integer multipliers have displayed exponential memory requirements for any variable ordering [10].1 An excellent survey can be found in [8]. There has been increased interest in techniques that integrate SAT and BDDs to reduce the time and space needed to solve the equivalence checking problem [11], [12]. Though it has been noted that SAT and BDDs represent the same entity [7], there is little understanding of the relation between the two procedures and how the techniques of one domain can be utilized in the other.In this paper we attempt to provide an improved understanding of the relation between these two procedures. We view the equivalence checking problem as a search in the decision trees of the two circuits for a path that leads to the terminal 1(0) in one but leads to the 0(1) terminal in the other. From this perspective, it would be desirable to decrease the number of paths, thus reducing the number of backtracks and time needed to solve the problem. We propose a dynamic variable ordering technique to run the DP procedure. The technique is geared towards minimization of the number of backtracks needed to prove the unsatisfiability of the CNF formula that results from proving the equivalence of two circuits. We compare our method with the greedy variable ordering of TEGUS [2]. Experimental results verify that the proposed approach results in a dramatic decrease in the number of backtracks and time needed to solve the problem.The organization of the paper is as follows. Section 2 introduces the necessary preliminaries for the material in this paper. Section 3 presents the theoretical foundations for the relation between the DP procedure and BDDs. Section 4 proposes a dynamic BDD-based variable ordering technique for the DP procedure. Experimental results are given in Section 5, followed up by conclusions in Section 6.2 Preliminaries2.1 Binary Decision DiagramsA Binary Decision Diagram (BDD) is a rooted directed acyclic graph with two terminal nodes that are referred to as the 0-terminal and the 1-terminal. Every non-terminal node is associated with a primary input variable such that it has two outgoing edges called the 0-edge corresponding to assigning the variable a false truth value, and the 1-edge corresponding to assigning the variable a true truth value. An Ordered Binary Decision Diagram (OBDD) is a BDD such that the input variables appear in a fixed order on all the paths of the graph, and no variable appears more thanonce in the path. A Reduced Ordered BDD (ROBDD) is an OBDD that results from the repeated application of the following two rules:1. Eliminate all redundant nodes whose edges point to the same node.2. Share all equivalent sub-graphs.Figure 1 illustrates an example of an ROBDD where the solid edges denote the 1-edges and the dashed edges denote the 0-edges. In the following treatment, only reduced ordered BDDs are considered and for short we denote them as BDDs.2.2 The Davis-Putnam ProcedureA CNF formula ϕ is a set of clauses where each clause is the disjunction of a number of literals where a literal is a variable or its negation. Since each logic gate can be represented by a number of clauses [1], a CNF formula of a logic circuit is the conjunction of the CNF formulas of all the gates. A CNF formula is satisfiable if at least one set of assignments to the variables of the formula makes it evaluate to true.Virtually all SAT solvers use the Davis-Putnam (DP) procedure in their core [3], [4] in order to find a satisfying assignment for the formula or conversely to prove the formula unsatisfiable. The DP procedure performs a backtracking depth-first search in the space of all truth assignments to find a satisfying assignment for the CNF formula. The performance of backtracking is greatly improved by employing unit clause propagation: whenever a unit clause arises, the variable occurring in that clause is assigned the truth-value that satisfies the clause. The formula is thereupon simplified which may lead to new unit clauses. Figure 2 outlines the DP procedure. The procedure returns true in case the CNF formula is satisfiable, false otherwise.3 On the relation between the DP procedure and BDDsIn this section we study the relation between the DP procedure and the BDD representation of the same circuit. We first formalize the various properties of the CNF formulas generated from multi-level combinational logic circuits and show how these properties allow a measure of flexibility in the search for a satisfying assignment to the formula. Furthermore, we prove the relation between the number of backtracks obtained using the DP procedure and the number of paths in the corresponding BDD. This relation allows the calculation of optimal lower bounds for the number of backtracks needed to prove the equivalence of two equivalent circuits. We start by introducing some notation to provide a concise basis for the formalization of the derived results.Let ϕbe a CNF formula, and V(ϕ) denote the set of variables that ϕ depends on. A clause c i∈ϕ is satisfied if there is some assignment to its literals such that the disjunction of the literals evaluates to true. The CNF formula ϕ is satisfied if there is a truth assignment to V(ϕ) such that every clause c i∈ϕ is satisfied.Let C-CNF denote the set of CNF formulas generated from multi-level combinational logic circuits. Let C ∈ C-CNF be a multi-level combinational circuit, and let f be the underlying Boolean function of C. Since the logic value of all the internal and output signals of C can be derived from the values of the primary inputs, we consider the support of f to be the primary inputs only. We denote the set of primary inputs of ϕby P(ϕ). In addition, we introduce the variable χto reference the primary output of the circuit. The relation between ϕ, P(ϕ) and V(ϕ) is given by the next lemma.Lemma 1 If ϕ∈ C-CNF, then it is possible to find a set of variables P(ϕ)⊂V(ϕ) such that ϕ can be satisfied by only splitting on the variables of P(ϕ) in the DP procedure. Proof Since the internal nodes of a multi-level logic circuit are functions of the primary inputs, it is possible to determine their assignment given some assignment on the set of primary input variables, P(ϕ).the search of a satisfying assignment to the whole CNF formula. This subset of currently assigned primary inputs shall be denoted by S, and their truth assignments by A s. The restricted Boolean function that results from the application of A s to ϕ shall be denoted by f As.In order to avoid fruitless searches, the DP procedure should avoid assigning truth-values to variables that can make no contribution to the satisfiability of the formula.This notion is captured by the following definition. Definition 1 If A s is the truth assignment of a set S⊆P(ϕ) and v∈P(ϕ) but v∉S then v is said to be redundant under A s if ∂ f As /∂v = 0.Definition 1 simply states that if the restricted Boolean function f As is insensitive to the change in v, then there is no point in assigning v a truth value. This notion allows us to tailor down the satisfiability of C-CNF formulas as given by the following theorem.Theorem 1 A CNF formula ϕ∈ C-CNF is satisfied under a truth assignment A s of a set S⊆P(ϕ) if ∀v∈(P(ϕ)-S): ∂ f As /∂v = 0.Proof If ∀v∈(P(ϕ)-S): ∂f(A s)/∂v= 0, then no truth assignment to any element that belongs to (P(ϕ)-S) can change the function f(A s).Since all variables in S areassigned truth values under A s and (P(ϕ)-S) ∪S = P(ϕ), then it follows from Lemma 1 that ϕis satisfied.Theorem 2 defines our notion of satisfiability for CSAT. In addition, it opens the possibility for the primary output variable χto be assigned a truth-value while there exist clauses that are not evaluated to true and have some remaining unassigned literals. Example 1 illustrates such a case.Example 1 The CNF formula of the circuit in Figure 3 is ϕ= (¬a + d) ⋅ (¬b + d) ⋅ (a + b + ¬d) ⋅ (c + ¬z) ⋅ (d + ¬z) ⋅(¬d + ¬c + z). In this example, P(ϕ) = {a, b, c}, χ = z and under the partial assignment A s = {c = 0}, where S = {c}, z is assigned the truth value false and ϕ = (¬a + d) ⋅ (¬b + d) ⋅ (a + b + ¬d). We notice that under A s both ∂f As/∂a and ∂f As/∂b equal zero, since the function output value is already determined. Furthermore, there exists a truth assignment to the set of variables P(ϕ)-S that satisfies the remaining clauses. This truth assignment is however of no interest since the primary output has already been assigned a truth-value. As an illustration for Definition 1, if A s = {a = 1} where S= {a} then ϕ= (c+ ¬z) ⋅(¬c+ z) and ∂f As/∂b = 0, yet z is not assigned a truth value. Thus, ϕ is not satisfied but b is redundant under A s.We notice that Rule 1 in Section 2.1 for BDD reduction is equivalent to Definition 1 in the CSAT context and thus tracing a path from the root to the 1-terminal or 0-terminal in the BDD of circuit C is equivalent to finding a satisfying assignment to the CNF formula ϕof C using the same variable ordering of the path in the BDD. This notion is captured in the following lemma.Lemma 2Given a BDD βand a CSAT formula ϕfor some logic circuit C, then under a variable ordering π and a truth assignment Aπon a certain path of βto the terminal, ϕ is satisfiable using the same variable ordering and truth assignment.Proof Assume the set of primary inputs is P. Then we can partition P into two sets, S and T, such that S contains all the variables that appear in πand T contains all the remaining variables. By Rule 1 of section 2.1, T is the set of all redundant nodes. But due to the equivalence of Rule 1 and Definition 1, it follows from Theorem 1 that ϕissatisfied.for splitting in the DP procedure is the same as in the corresponding BDD, then considering an alternative path in the BDD leads to a backtrack in the DP procedure. Thus, the number of paths exceeds the total number ofbacktracks exactly by 1.The importance of Theorem 4 is that it allows benchmarking any variable ordering strategy for the DP procedure against an optimal lower bound. We now develop a variable ordering heuristic for the DP procedure that tries to trace the same variable ordering for every path in the corresponding minimal path BDD of the circuit.4 Dynamic variable ordering strategy for the DP procedureFrom the previous section, we conclude that the variable ordering strategy should differ for every path of the decision tree, and furthermore result in no splitting on a redundant variable under the current partial assignment. In this section, we propose a structural method that avoids redundant splitting and tries to make the fewest possible splittings to satisfy ϕ. The method is based on the following theorem.Theorem 5 If a bounded gate lies on every path from the primary output χ to the unassigned primary input v∈(P(ϕ)-S) under a current partial assignment A s for a set S⊂P(ϕ), then ∂f As/∂v= 0.Proof The existence of a bounded gate (a gate with a specified output) in every path to χ implies that no value assigned to v can affect the function of the circuit since these bounded gates will suppress the propagation of the logic value. Thus, since f(A s) remains unchanged under any assignment to v, ∂f As/∂v=0.Table 1: Comparing Greedy search to BDD-based variable ordering for the DP procedure.procedure, we have to check that every path results in the same output assignment in both circuits. Applying the previous procedure of weight calculations to minimize the number of paths being compared, we trace the different paths of the BDD of the circuit in figure 4.a in the manner shown below.From the initial weights given in figure 4.a, we split on x3 since it has the highest weight. Suppose x3 is assigned the true value. Then by unit clause propagation, gate h becomes bounded to the truth value false. The weight calculation procedure is executed again but this time by setting the weights of bounded gates to zero. Figure 4.b illustrates the new weights. Next, x1, x2 or x3 can be chosen to split on; the resultant search tree will always produce identical number of backtracks. Notice that bounded gates are marked with a ‘*’ in the corresponding figure. After finishing this half of the decision tree, x3is flipped and assigned to false. The new calculated weights are shown in Figure 4.c. Since x4 has the highest weight, we split on x4 thus reaching the terminals.We now construct the minimum path BDD corresponding to this circuit as shown in Figure 4.d. We notice in the BDD that the splitting choices made by the previous procedure traverse this BDD in exact ordering for each path, thus producing the minimal number of backtracks, 5, corresponding to the minimal number of paths, 6.As was just illustrated, the proposed method has produced optimal results for the proposed example; however, the method is not in general optimal since it depends on the structure of the circuit. As shall be demonstrated in the next section, the proposed method is capable of achieving near optimal results.5 Experimental ResultsIn this section, we present experimental results for our proposed approach. The experiments have been carried out on a PC with an Intel Pentium 233 Mhz processor and 64MB of physical memory. We have used TEGUS [2] as a SAT solver and the CUDD [14] decision diagram package. In our experiments we consider the performance of the proposed approach to verify the equivalence of the ISCAS’85 benchmark circuits [15] against their non-redundant version. We benchmark our approach against the greedy search approach of TEGUS. Table 1 gives the results of such a comparison. Column 1 lists the circuit name. Column 2 provides the name of the output under verification. Columns 3 & 4 give the number of backtracks and time needed to prove the output using the TEGUS approach. Columns 5 & 6 give the number of backtracks and time needed to prove the output using the proposed approach. The possible “Abort” notation in columns 3 & 5 denotes reaching the 20 million backtrack threshold without reaching a successful resolution; the subsequent time columns in that case denote the time needed to reach this limit. Columns 7 & 8 report the percentage decrease in the number of backtracks and time, respectively. Column 9 provides the near minimal number of paths in the corresponding BDD. In obtaining the number of paths, we only consider a subspace of the possible variable orderings. We compare the number of paths that result from sifting [16] the corresponding BDD to a minimum size and picking the minimal path. For space considerations, we consider only three outputs from each circuit.Comparing the greedy approach to the proposed variable ordering strategy, we observe that the proposed approachTEGUS Greedy Search Proposed Approach Difference Minimal Path BDD Circuit OutputNameBacktracks Time(seconds) Backtracks Time(seconds)Backtracks Time #Paths370gat Abort 771.00 943200 185.00 95.3% 76.01% 894606 432gat Abort 770.00 816012 235.00 95.9% 69.48% 798906 c0432329gat 1646605 22.50 81912 5.94 95.0% 73.60% 57513 od1 Abort 1686.00 Abort 10351.00 - - 20000000 od18 Abort 1685.00 Abort 10245.00 - - 23000000 c0499od31 Abort 1691.00 Abort 10627.00 - - 23000000 864 649741 12.30 164656 27.50 74.7% -123.58% 89937 850 37225 0.60 24171 3.45 35.1% -475.00% 21981 c0880874 Abort 498.00 1083156 278.00 94.6% 44.18% 532793 1353 Abort 1921.00 Abort 8501.00 - - 21000000 1354 Abort 1892.00 Abort 8427.00 - - 23000000 c13551355 Abort 1984.00 Abort 8602.00 - - 2300000057 Abort 718.00 147457 11.90 99.3% 98.34% 13422160 Abort 1708.00 28161 20.10 99.9% 98.82% 26638 c190866 Abort 2058.00 14249 10.40 99.9% 99.49% 12638399 24550 0.73 4528 1.34 81.6% -83.56% 1636 384 6107715 652.00 70997 57.20 98.8% 91.23% 65535 c3540387 1582929 213.00 17312 17.00 98.9% 92.02% 16456 688 Abort 300.00 23974 13.00 99.9% 95.67% 13919843 Abort 3383.00 211181 162.0098.9% 95.21% 103569C5315818 85989 3.50 6537 2.18 92.4% 37.71% 2489 373 16 0.01 10 0.01 37.5% 0.00% 10 376 40952 1.30 15416 4.93 62.4% -279.23% 7152 C7522359 2474096 114.00 585584 285.00 76.3% -150.00% 196592 2223 157 0.01 102 0.01 35.0% 0.00% 102 3895 174315 12.20 106423 108.00 38.9% -785.25% 109668 c62884591 2794411 255.00 1705027 2689.00 39.0% -954.51% 1793496results on the average in 90% decrease in the number of backtracks. The time needed to complete the backtracks varies from reduction in 13 cases with an average of 70% decrease to increases in about 7 cases with an average increase of about 4 times. While at first glance the time results look inconclusive, it can be easily noted that the increases are essentially associated with low-backtrack, provable outputs, since in these cases the recurring weight assignment costs cannot be amortized across the small number of backtracks. Our approach greatly improves the performance of large search tree cases, the main focus of practical interest. We also notice that within the limit of 20 million backtracks, TEGUS fails to complete on 7 outputs while the proposed approach proves them in a relatively low number of backtracks.As proved in Section 3, the minimum number of paths that can be obtained from the corresponding BDD is a lower bound on the number of backtracks that can be obtained in the DP procedure. The number of paths provides an ability to benchmark various ordering techniques and also provides an insight on the performance of the DP procedure. For example, the huge number of paths in case of the c0499 & c1355 circuits (they are functionally equivalent) suggests that they are hard-to-prove outputs using the DP procedure. In addition, in circuits, like the c6288, where the variation of the number of paths with respect to the variable ordering is small, the dynamic weight assignment technique constitutes a time consuming step with respect to the overall time, as the number of backtracks varies slightly with respect to the variable splitting strategy2.6 ConclusionsIn this paper we have studied the relation between the search tree of the DP procedure and the BDD of the corresponding function, establishing that the number of paths from the root node to the terminals of the BDD is directly related to the number of backtracks needed to prove the equivalence of two functionally equivalent circuits. This relation introduces the ability to calculate an optimal lower bound on the number of backtracks needed to prove the equivalence checking problem. In addition, this relation has led to the conclusion that the capture of the variable ordering of the minimal path BDD in the DP procedure implies a reduction in the number of backtracks needed to prove the problem. In order to exploit this relation, we have devised a variable ordering technique for the DP procedure that through experimental results has exhibited superior performance in terms of the number of backtracks and time needed to prove the equivalence problem. The relation between the two procedures offers novel ways of tight integration of different prover approaches in a verification tool.2 After numerous experiments, we concluded that there is no apparent relation between the number of nodes and paths in a given BDD. References[1] T. Larrabee, “Test Pattern Generation using Boolean Satisfiability,” IEEE Trans. on Computer Aided Design, Vol. 11, No. 1, pp. 4-15, January 1992.[2] P. R. Stephan, R. K. Brayton, and A. Sangiovanni-Vincentelli, “Combinational Test Generation Using Satisfiability,” Technical Report UCB/ERL M92/112, Dept. of EECS, Univ. of California, Berkeley, Oct., 1992.[3] M. Davis, G, Logemann, and D. Loveland, “A Machine Program for Theorem Proving,” Communications of the ACM, (5):394-397, July 1962. [4] M. Davis, and H. Putnam, “A Computing Procedure for Quantifier Theory,” Communications of the ACM, (7):201-215, 1960.[5] J. Silva, T. Glass, “Combinational Equivalence Checking Using Boolean Satisfiability and Recursive Learning,” In Proc. of Design Automation, Test in Europe Conference, pp. 145-149, 1999.[6] J. Silva, “An Overview of Backtrack Search Satisfiability Algorithms,” in Fifth International Symposium on AI and Mathematics, January 1998. [7] M. Prasad, P. Chong, K. Keutzer, “Why is ATPG easy?” In Proceedings of the 36th Design Automation Conference, pp. 22-28, 1999.[8] J. Gu, P. W. Purdom, J. Franco, and B. W. Wah, in "Satisfiability Problem: Theory and Applications," DIMACS Series in Discrete Mathematics and Theoretical Computer Science, American Mathematical Society, pp. 19-152, 1997.[9] R. E. Bryant, “Graph Based Algorithms for Boolean Function Manipulation,” IEEE Trans, in Computers, Vol. C-35, No. 8, pp. 677-691, August 1986.[10] R. E. Bryant, “On the Complexity of VLSI Implementations and Graph Representations of Boolean Functions with Application to Integer Multiplication,” IEEE Transactions on Computers, Vol. 40, No. 2, pp. 205-213, Feb. 1991.[11] J. Burch, V. Singhal, “Tight Integration of Combinational Verification Methods,” ACM/IEEE Int. Conference on Computer-aided Design 1998, pp. 570-576, San Jose, CA, USA.[12] S. Reda, A. Salem, “Combinational Equivalence Checking using Binary Decision Diagrams and Boolean Satisfiability,” In Proc. of Design Automation, Test in Europe Conference, pp. 122-126, 2001.[13] S. Minato, Binary Decision Diagrams and applications for VLSI CAD, Kluwer Academic Publishers, 1996.[14] F. Somenzi, CUDD: Colorado University Decision Diagram Package. ftp:///pub.[15] F. Brglez and H. Fujiwara, “A Neural Netlist of 10 Combinational Benchmark Circuits and a Target Translator in Fortran,” In Intl. Symp. on Circuits and Systems, 663-698, June 1985.[16] R. Rudell, “Dynamic Variable Ordering for Ordered Binary Decision Diagrams,” In Proc. of Int. Conf. On Computer Aided Design, pp. 42-47, 1993。