Simulation graphs for reverse engineering

Reverse engineering is the extraction of word level information from a gate-level netlist. It has applications in formal verification, hardware trust, information recovery, and general technology mapping. A preprocessing step finds blocks in a circuit in which word level components are expected. A second step searches for word level components in these blocks. For this second step, we propose two variants of equivalence checking that consider subfunction containment. We propose algorithms to solve these variants by using subgraph isomorphism. A simulation graph (SG) is constructed for the block and for each library component, using a set of permutation-invariant simulation vectors for that component. If a library component SG is a subgraph of the block SG, we have a candidate match, which is then checked by standard equivalence checking. We extend a state-of-the-art subgraph isomorphism algorithm, LAD, to handle simulation graphs efficiently and also propose a SAT-based formulation. Experimental evaluations show that our algorithms can efficiently find 32-bit arithmetic components in blocks with over 300 primary inputs.

[1]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[2]  Sharad Malik,et al.  Establishing latch correspondence for sequential circuits using distinguishing signatures , 1999, Integr..

[3]  Calin Anton,et al.  Generating Satisfiable SAT Instances Using Random Subgraph Isomorphism , 2009, Canadian Conference on AI.

[4]  Vikraman Arvind,et al.  Bounded color multiplicity graph isomorphism is in the #L hierarchy , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[5]  Robert K. Brayton,et al.  ABC: An Academic Industrial-Strength Verification Tool , 2010, CAV.

[6]  Masahiro Fujita,et al.  Spectral Transforms for Large Boolean Functions with Applications to Technology Mapping , 1997, Formal Methods Syst. Des..

[7]  Christine Solnon,et al.  AllDifferent-based filtering for subgraph isomorphism , 2010, Artif. Intell..

[8]  Massoud Pedram,et al.  Boolean matching using binary decision diagrams with applications to logic synthesis and verification , 1992, Proceedings 1992 IEEE International Conference on Computer Design: VLSI in Computers & Processors.

[9]  Ashish Tiwari,et al.  WordRev: Finding word-level structures in a sea of bit-level gates , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[10]  Yves Deville,et al.  Solving subgraph isomorphism problems with constraint programming , 2009, Constraints.

[11]  Ashish Tiwari,et al.  Reverse Engineering Digital Circuits Using Structural and Functional Analyses , 2014, IEEE Transactions on Emerging Topics in Computing.

[12]  Jacobo Torán,et al.  On the Resolution Complexity of Graph Non-isomorphism , 2013, SAT.

[13]  Jie-Hong Roland Jiang,et al.  Boolean matching of function vectors with strengthened learning , 2010, 2010 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[14]  Bruno Dutertre,et al.  Yices 2.2 , 2014, CAV.

[15]  Ashish Tiwari,et al.  Template-based circuit understanding , 2014, 2014 Formal Methods in Computer-Aided Design (FMCAD).

[16]  Niklas Sörensson,et al.  An Extensible SAT-solver , 2003, SAT.

[17]  Sanjit A. Seshia,et al.  Reverse engineering circuits using behavioral pattern mining , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[18]  Youssef Hamadi,et al.  Efficiently solving quantified bit-vector formulas , 2010, Formal Methods in Computer Aided Design.