Presentation is loading. Please wait.

Presentation is loading. Please wait.

4/21/2005JHJ1 Structure-dependent Sequential Equivalence Checking EE290A UC Berkeley Spring 2005.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "4/21/2005JHJ1 Structure-dependent Sequential Equivalence Checking EE290A UC Berkeley Spring 2005."— Presentation transcript:

1 4/21/2005JHJ1 Structure-dependent Sequential Equivalence Checking EE290A UC Berkeley Spring 2005

2 2 Outline Introduction Discovering hidden similarities Signal correspondence Functional dependency Relational dependency Reachability analysis under similarities Retiming for verification On-the-fly state re-encoding On-the-fly reduction using functional dependency Design for verifiability C-1-D equivalence Conclusions

3 3 Outline Introduction Discovering hidden similarities Signal correspondence Functional dependency Relational dependency Reachability analysis under similarities Retiming for verification On-the-fly state re-encoding On-the-fly reduction using functional dependency Design for verifiability C-1-D equivalence Conclusions

4 4 Introduction Bridge the complexity gap between sequential and combinational equivalence checking Detect hidden similarities  Designs to be checked are often similar in circuit structures If the relation between state encodings is known, equivalence checking can be done combinationally PSPACE-complete to NP-complete  Similarities can be captured by signal correspondence, functional dependency, relational dependency, etc. Take advantage of similarities  Simplify circuit  Simplify reachability analysis

5 5 Outline Introduction Discovering hidden similarities Signal correspondence Functional dependency Relational dependency Reachability analysis under similarities Retiming for verification On-the-fly state re-encoding On-the-fly reduction using functional dependency Design for verifiability C-1-D equivalence Conclusions

6 6 Hidden similarities in transition systems Signal correspondence Two points of a sequential circuit are corresponding signals if their valuations are the same (or complement to each other) under any input sequence Functional dependency A signal x functionally depends on a set S of other signals if the valuation of x can be expressed as a function over S under any input sequence Relational dependency Two sets S 1 and S 2 of signals are related if the valuations of one set can be inferred from those of the other

7 7 Usefulness of similarities Simplify circuits Compact BDD representation Reduce search space for SAT-based verification

8 8 Similarity - signal correspondence Exact signal correspondence Computationally hard k-inductive signal correspondence Computationally easy for small k Only subset of signal correspondence

9 9 Signal correspondence Detect equivalent state variables in an over-approximated state space by a least fixed-point computation [van Eijk 95] Example [Kuehlmann] s 1 = x  v 1 v1v1 s 2 =  v 1 v 2 ) s 3 =  v 1 v 2 ) v2v2 s 1 =1 s 2 =1 s 3 =1 v s 1 = x  v v1v1 s 2 =  v s 3 =  v v2v2 Result: {s 1 }, {s 2,s 3 } x s1s1 1 1 1 s2s2 s3s3

10 10 Signal correspondence Weakness Signal correspondence is a very limited form of functional dependency  In very few cases, can prove sequential equivalence by signal correspondence Not sufficient to prove equivalence under retiming How to characterize a more general form of functional dependency by a fixed-point computation (w/o reachability analysis)?

11 11 Similarity - functional dependency Maximum functional dependency Not unique Computationally hard k-inductive functional dependency Computationally easier

12 12 Functional dependency Assume transition systems are described with transition functions rather than transition relations Conclude functional dependency directly from transition functions Define combinational dependency Extend to sequential dependency

13 13 Combinational dependency Given two vectors of Boolean functions f and g over the same domain B n, f functionally depends on g if there exists some function  such that f ( · ) =  ( g ( · ) ). f is the vector of (functional) dependents g is the vector of (functional) independents  is the vector of dependency functions (f, g,  ) is the dependency triplet A necessary and sufficient condition: f (a)  f (b)  g (a)  g (b), for all a,b  B n (In other words, g is more distinguishing than f over the domain.) Problem statement Given a vector of functions h, we are asked to partition h into two sub-vectors f and g such that (f, g,  ) forms a dependency triplet with |g| minimized

14 14 Combinational dependency Search candidates of dependents and independents Lemma. Given two functional vectors f and g, g is more distinguishing than f only if the support set of f is contained by that of g.  A variable x is a support of a functional vector f = (f 1, …,f n ) if there exists i such that f i | x = 0 xnor f i | x = 1 is not a tautology Compute  in f =  (g)

15 15 Combinational dependency

16 16 Sequential dependency Extend combinational dependency for state transition systems Find invariant  such that s dep =  (s ind ) and  dep =  (  ind ) where s represents the set of state variable and  represents the set of transition functions. Two approaches to computing fixed points Greatest fixed-point (gfp); least fixed-point (lfp)

17 17 Backward sequential dependency Greatest fixed-point (gfp) computation Initially, all state variables are distinct. In each iteration, compute the combinational dependency among independent state variables from the previous iteration.

18 18 Forward sequential dependency Least fixed-point (lfp) computation Initially, select one state var as the representative.  (0) is determined by initial state information. In each iteration of computing functional dependency, try to reuse  ’ s from the previous iteration. If restrict  ’ s to be identity functions, the computation reduces to detecting signal correspondences.

19 19 Functional dependency Caveat: Dependency may not hold for initial states I which have no predecessor states For verification – use the successor states of I as the new initial state set For logic synthesis – localize conflicting state variables and declare them as independent state variables

20 20 Functional dependency - experiments Dependency in original FSM CircuitRegSignal CorrespondenceSequential Dependency GfpSequential Dependency Lfp Indp.Iter.MbsecIndp.Iter.MbsecIndp.Iter.Mbsec s298-rt34315100.3232 1.62410416.2 s526n-rt64554131.037260104.240145826.8 s838-rt734820131.5331223.733462118.3 s991-rt42242130.5212 1.4202211.4 mult16a-rt106666130.9752131.0618134.6 tbk-rt49 2 6.813462264.12135948.4 s4863104813474.781169178.77534714.5 s537817916312376.515525115.9154145143.1 s132076693031613895.64605111384.626337100836.0 s1585059743124142221.756931341487.1315321421441.0 s38584145286917303525.5144011554103.38492530322001.1 808519391156528.919307042.479176364.3

21 21 Functional dependency - experiments Dependency in product FSM CircuitRegSignal CorrespondenceSequential Dependency GfpSequential Dependency Lfp Indp.Iter.MbsecIndp.Iter.MbsecIndp.Iter.Mbsec s2088+16167100.2171100.11210416.2 s29814+34395100.5372211.530145826.8 s3866+15133100.2132120.312462118.3 s49922+416321143.1432387.3422211.4 s5106+34384130.62725025.9298134.6 s52621+58648132.25926041.65035948.4 s526n21+64698132.458259121.95034714.5 s63532+516631137.8661211.451145143.1 s83832+7378312516.8652484.25937100836.0 s99119+42422221.5402382.539321421441.0 mult16a16+106826144.6912141.7772530322001.1 tbk5+49542145.517461175.625176364.3

22 22 Functional dependency - summary Characterize stronger invariants than signal correspondence In principle, can prove sequential equivalence under retiming transformation  However, may not find the right dependency in practice Computationally harder than signal correspondence but still practical Refinement relation instead of equivalence relation

23 23 Similarity - relational dependency Exact relational dependency Computationally hard Equivalent to reachability analysis Inductive relational dependency How?

24 24 Improving inductive approaches Inductive characterization of S.C. and F.D. Base case: Init(s)  Prop(s) Inductive case: Prop(s)  Trans(s,t)  Prop(t) (where Prop could be S.C., F.D., or even other properties) Strengthening induction hypothesis Over transition Base case: Init(s 1 )  Trans(s 1,s 2 )  …  Trans(s k-1,s k )  Prop(s 1 )  …  Prop(s k ) Inductive case: Prop(s 1 )  …  Prop(s k )  Trans(s 1,s 2 )  …  Trans(s k,s k+1 )  Prop(s k+1 ) Over property Reachability analysis! P. Bjesse, K. Claessen: SAT-Based Verification without State Space Traversal. FMCAD 2000: 372-389

25 25 Outline Introduction Discovering hidden similarities Signal correspondence Functional dependency Relational dependency Reachability analysis under similarities Retiming for verification On-the-fly state re-encoding On-the-fly reduction using functional dependency Design for verifiability C-1-D equivalence Conclusions

26 26 Reachability analysis under similarities Compact state space by removing redundancies Available techniques Retiming State re-encoding Variable dependency Functional dependency …

27 27 Reduction by retiming Use retiming to reduce state variables or ease reachability analysis Allow negative registers (peripheral retiming) Special subset of functional dependency limited to circuit structures No dependency can be discovered between different designs Only static reduction A. Kuehlmann & J. Baumgartner. Transformation-based verification using generalized retiming. CAV 2001.

28 28 Reduction by incremental re-encoding Transform one FSM to another by incremental re- encoding Two designs must be similar up to a 1-to-1 mapping between equivalent states S. Quer, et al. Verification of similar FSMs by mixing incremental re-encoding, reachability analysis, and combinational check. Formal Methods in System Design, vol. 17, pages 107--134, 2000.

29 29 Reduction by variable dependency Problem formulation [Berthet et al. 90] Given a characteristic function F(x 1,x 2, …, x n ), compute a minimal set of irredundant (independent) variables  Variable x i is redundant if its valuation can be inferred by a function over other variables Solution - functional deduction [Brown 03] Variable x i is redundant in F if and only if F| x i = 0  F| x i = 1 = false  Example F = abc   a  c {a, b} is a minimal independent set with  c = a a dependency function Embed variable dependency in reachability analysis Weakness: detect dependency after every image computation of a reachability analysis

30 30 Reduction by functional dependency Static reduction Compute functional dependency (with gfp and/or lfp) before a reachability analysis Dynamic reduction Compute functional dependency before every image computation of a reachability analysis

31 31 Reduction by functional dependency - experiments On-the-fly reduction CircuitIter.Reach. Analysis w/o Dep. ReductionReach. Analysis w Dep. Reduction Peak (bdd nodes) Reached (bdd nodes) MbsecPeak (bdd nodes) Reached (bdd nodes) Mbsec s3271428,819,30116,158,2426202784.118,843,83710,746,0534151082.6 s4863218,527,781248,885365404.8549,0068,7726713.1 s53782N/A >2GN/A1,151,439113,5227021.5 s158501529,842,8899,961,94565321337.417,667,0766,356,7144638175.0 80855016,663,7491,701,60439024280.27,830,6021,338,3222124640.1

32 32 Outline Introduction Discovering hidden similarities Signal correspondence Functional dependency Relational dependency Reachability analysis under similarities Retiming for verification On-the-fly state re-encoding On-the-fly reduction using functional dependency Design for verifiability C-1-D equivalence Conclusions

33 33 Design for verifiability Complete-1-distinguishability If any state of a specification FSM M 1 can be distinguished from others with a length-1 input sequence, then its corresponding equivalence class of an implementation FSM M 2 can be found using a mapping induced by 1-equivalence between the states of the two FSMs.  Expose a subset of registers as pseudo-primary outputs to enforce the C-1-D property One-step equivalence checking (solely depends on output functions if reachable states are known) P. Ashar, A. Gupta, S. Malik: Using complete-1-distinguishability for FSM equivalence checking. ICCAD 1996: 346-353

34 34 Design for verifiability Boundary-preserving retiming and resynthesis Protect some signals intact under RnR transformation  E.g. expose the signals as pseudo-primary outputs Corresponding signals exist for combinational equivalence checking

35 35 Outline Introduction Discovering hidden similarities Signal correspondence Functional dependency Relational dependency Reachability analysis under similarities Retiming for verification On-the-fly state re-encoding On-the-fly reduction using functional dependency Design for verifiability C-1-D equivalence Conclusions

36 36 Conclusions Bridging the gap between sequential and combinational EC by exploiting hidden similarities Extract similarities:  Generalization from signal correspondence to functional dependency  How about from functional to relational dependency? Accelerate reachability analysis:  Using similarities to compact state space, simplify BDD representation, and prune search space for SAT

Download ppt "4/21/2005JHJ1 Structure-dependent Sequential Equivalence Checking EE290A UC Berkeley Spring 2005."

Similar presentations

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Address comments to FPGA Area Reduction by Multi-Output Sequential Resynthesis Yu Hu 1, Victor Shih 2, Rupak Majumdar 2 and Lei He 1 1.

Address comments to FPGA Area Reduction by Multi-Output Sequential Resynthesis Yu Hu 1, Victor Shih 2, Rupak Majumdar 2 and Lei He 1 1.
FRAIGs - A Unifying Representation for Logic Synthesis and Verification - Alan Mishchenko, Satrajit Chatterjee, Roland Jiang, Robert Brayton ERL Technical.

FRAIGs - A Unifying Representation for Logic Synthesis and Verification - Alan Mishchenko, Satrajit Chatterjee, Roland Jiang, Robert Brayton ERL Technical.
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.

Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
Lecture 24 MAS 714 Hartmut Klauck

Lecture 24 MAS 714 Hartmut Klauck
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Courtesy RK Brayton (UCB) and A Kuehlmann (Cadence) 1 Logic Synthesis Sequential Synthesis.

Courtesy RK Brayton (UCB) and A Kuehlmann (Cadence) 1 Logic Synthesis Sequential Synthesis.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
ECE 667 - Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.

ECE Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
TOWARDS EQUIVALENCE CHECKING BETWEEN TLM and RTL MODELS PRINCIPLES OF SEQUENTIAL EQUIVALENCE VERIFICATION Giray Kömürcü Boğaziçi University CMPE 58Q.

TOWARDS EQUIVALENCE CHECKING BETWEEN TLM and RTL MODELS PRINCIPLES OF SEQUENTIAL EQUIVALENCE VERIFICATION Giray Kömürcü Boğaziçi University CMPE 58Q.
© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University.

© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University.
6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.

6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.
Reduction of Interpolants for Logic Synthesis John Backes Marc Riedel University of Minnesota Dept.

Reduction of Interpolants for Logic Synthesis John Backes Marc Riedel University of Minnesota Dept.
Partial Implications, etc.

Partial Implications, etc.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
ECE 667 - Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
Bounded Model Checking EECS 290A Sequential Logic Synthesis and Verification.

Bounded Model Checking EECS 290A Sequential Logic Synthesis and Verification.
Rajeev K. Ranjan Advanced Technology Group Synopsys Inc. On the Optimization Power of Retiming and Resynthesis Transformations Joint work with: Vigyan.

Rajeev K. Ranjan Advanced Technology Group Synopsys Inc. On the Optimization Power of Retiming and Resynthesis Transformations Joint work with: Vigyan.

Similar presentations

Ads by Google