		Search-engine friendly clone of the ACL2 documentation.

Bit-blasting

Svex-focused-equivalence-checking

Tools for equivalence checking the evaluations of two sets of svex expressions under different environments.

Typically when we want to equivalence check the evaluation of some SVEX expressions against something else, e.g. a spec for some operation, we just bitblast both sides into an AIG and use FRAIGing along with other AIG transformations, followed by SAT to finish the proof.

The FRAIGing step is important because it speeds up the common case where the two sides are equivalent because they have a lot of equivalent subterms. To find candidate equivalent subterms, the transformation does a bunch of random simulation of the AIG and puts nodes which have identical simulation signatures into equivalence classes. Then it starts sweeping over the nodes with SAT to prove the equivalences. When it disproves an equivalence, this gives a counterexample which is again simulated on the AIG to further refine the equivalence classes.

A weakness of this algorithm is that sometimes many non-equivalent nodes seem to have the same behavior under simulation because their differences are improbable to be covered by random simulation. When there are lots of these nodes that aren't closely related in terms of their equivalence counterexamples, then we spend a lot of useless time on SAT checking. Or sometimes perhaps there are equivalent nodes within one side of the equivalence to be checked, but this equivalence doesn't help us prove that side equivalent to the other.

In the particular case where we are equivalence checking an evaluation of SVEX expressions against another evaluation of the same expressions, we can improve on this. We tweak our FRAIGing operation to begin with equivalence classes consisting only of the corresponding nodes between the two designs. This cuts down a lot on useless SAT checks; not all of the corresponding nodes are necessarily equivalent, but typically we expect the overall evaluations to be equivalent because of relatively simple equivalences near the inputs, not because of deep properties that SAT is ill-equipped to check.

We do this using FGL's fgl::fgl-simplify-ordered operation. This operation produces an AIG from an existing symbolic object, arranging the outputs of the AIG in a predictable order corresponding to the traversal order of the symbolic object -- e.g., car before cdr, integer bits LSB first, etc. We arrange the symbolic object so that the miter for the actual equivalence check is first, followed by many bits for subexpressions of the first evaluation, followed by bits for the same subexpressions of the second evaluation. We then use an option for our FRAIG transform to begin with equivalence classes formed by pairing outputs O-N+i, O-2N+i, for i=0 up to N-1, where O is the total number of outputs and N is the number of subexpression bits for each evaluation. The FRAIG transformation then uses random simulation to further refine these equivalence classes and proceeds with the equivalence check.

This requires some hand-tuning by the user. The user must provide the list of AIGNET transforms, of type aignet::m-assumption-n-output-comb-transform. To use the special support for limited FRAIGING, one or more of these transforms should be a FRAIG transform with :output-types specified as follows:

(aignet::make-fraig-config ...
     :output-types `((:evals-equivalent-equiv-classes
                       . ,(aignet::fraig-output-type-initial-equiv-classes)))
     ...)

Explanation: Our focused equivalence checking utilities add a set of outputs to the AIG to be simplified, and these outputs specify which nodes should initially be candidate equivalences. These outputs are tagged with the keyword :evals-equivalent-equiv-classes. The fraig transform needs to be told to treat these outputs as initial equivalence classes, so we specify that mapping of :evals-equivalent-equiv-classes to (aignet::fraig-output-type-initial-equiv-classes) in the FRAIG configuration object's output-types field. Subsequent FRAIG transforms may instead set :fraig-remaining-equiv-classes as the initial equivalences as follows:

(aignet::make-fraig-config ...
       :output-types `((:fraig-remaining-equiv-classes
                         . ,(aignet::fraig-output-type-initial-equiv-classes)))
       ...)

Subtopics

Svexlist-evals-equal-with-transforms
Svexlist-eval-integer-listp-with-transforms
Svexlist-evals-equal-and-integerp-with-transforms
Eval-collection-of-a4vecs-and-aigs
Svexlist->a4vecs-for-varlist-with-subexprs: Creates a symbolic bit-level representation for x, assuming that vars are the only vars relevant to x and that the bits of vars given in boolmasks are Boolean-valued.
Svex-mask-env-common-constants: FGL binder to find common constants (under a set of masks) in two symbolic SVEX environments.
Svex-envs-common-constants-aux
4veclist-separate-upper-lower-rec-log
Svex-envs-common-constants
A4veclist-separate-upper-lower-aux
4veclist-separate-upper-lower
Svexlists->a4vec-top
A4veclist-separate-upper-lower
A4veclist->upper-a4vecs
4veclist->upper-4vecs
Hons-aig-accumulate-nodes
A4veclist-accumulate-upper-nodes
Fgl::fgl-list-object-bfrcounts
Hons-aiglist-accumulate-nodes
Svexlist-evals-equal
A4veclist->upper-a4vecs-acc
My-replace-assoc
Svexlist-mask-alist/toposort-memo
My-binary-append
A4veclist-upper-subnodes
A4veclist-subnodes
A4veclist-accumulate-nodes
A4vec-accumulate-nodes