Equivalence Checking Sean Weaver.

Slides:



Advertisements
Similar presentations
FRAIGs - A Unifying Representation for Logic Synthesis and Verification - Alan Mishchenko, Satrajit Chatterjee, Roland Jiang, Robert Brayton ERL Technical.
Advertisements

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
ECE Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.
The Theory of NP-Completeness
Presenter: PCLee – This paper outlines the MBAC tool for the generation of assertion checkers in hardware. We begin with a high-level presentation.
1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
CPSC 411, Fall 2008: Set 12 1 CPSC 411 Design and Analysis of Algorithms Set 12: Undecidability Prof. Jennifer Welch Fall 2008.
Designing Oracles for Grover Algorithm
Equivalence Checking Using Cuts and Heaps Andreas Kuehlmann Florian Krohm IBM Thomas J. Watson Research Center Presented by: Zhenghua Qi.
1 Boolean Satisfiability in Electronic Design Automation (EDA ) By Kunal P. Ganeshpure.
ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
Spring 07, Feb 8 ELEC 7770: Advanced VLSI Design (Agrawal) 1 ELEC 7770 Advanced VLSI Design Spring 2007 Logic Equivalence Vishwani D. Agrawal James J.
CSE 830: Design and Theory of Algorithms
Bounded Model Checking EECS 290A Sequential Logic Synthesis and Verification.
EE290A 1 Retiming of AND- INVERTER graphs with latches Juliet Holwill 290A Project 10 May 2005.
Analysis of Algorithms CS 477/677
Computation Engines: BDDs and SAT (part 2) 290N: The Unknown Component Problem Lecture 8.
1 FRAIGs: Functionally Reduced And-Inverter Graphs Adapted from the paper “FRAIGs: A Unifying Representation for Logic Synthesis and Verification”, by.
DAG-Aware AIG Rewriting Alan Mishchenko, Satrajit Chatterjee, Robert Brayton Department of EECS, University of California Berkeley Presented by Rozana.
Logic Verification 1 Outline –Logic Verification Problem –Verification Approaches –Recursive Learning Approach Goal –Understand verification problem –Understand.
CS 267: Automated Verification Lecture 13: Bounded Model Checking Instructor: Tevfik Bultan.
Propositional Calculus Math Foundations of Computer Science.
Combinational Logic Design
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
Using Mathematica for modeling, simulation and property checking of hardware systems Ghiath AL SAMMANE VDS group : Verification & Modeling of Digital systems.
Systems Architecture I1 Propositional Calculus Objective: To provide students with the concepts and techniques from propositional calculus so that they.
1 The Theory of NP-Completeness 2012/11/6 P: the class of problems which can be solved by a deterministic polynomial algorithm. NP : the class of decision.
Nattee Niparnan. Easy & Hard Problem What is “difficulty” of problem? Difficult for computer scientist to derive algorithm for the problem? Difficult.
TECH Computer Science NP-Complete Problems Problems  Abstract Problems  Decision Problem, Optimal value, Optimal solution  Encodings  //Data Structure.
Week 10Complexity of Algorithms1 Hard Computational Problems Some computational problems are hard Despite a numerous attempts we do not know any efficient.
CSCI 3160 Design and Analysis of Algorithms Tutorial 10 Chengyu Lin.
Lazy Annotation for Program Testing and Verification Speaker: Chen-Hsuan Adonis Lin Advisor: Jie-Hong Roland Jiang November 26,
1 The Theory of NP-Completeness 2 Cook ’ s Theorem (1971) Prof. Cook Toronto U. Receiving Turing Award (1982) Discussing difficult problems: worst case.
Fall 2004EE 3563 Digital Systems Design EE 3563 VHSIC Hardware Description Language  Required Reading: –These Slides –VHDL Tutorial  Very High Speed.
Integrating high-level constructs into programming languages Language extensions to make programming more productive Underspecified programs –give assertions,
Umans Complexity Theory Lectures Lecture 1a: Problems and Languages.
1 Predicate Abstraction and Refinement for Verifying Hardware Designs Himanshu Jain Joint work with Daniel Kroening, Natasha Sharygina, Edmund M. Clarke.
NP-COMPLETE PROBLEMS. Admin  Two more assignments…  No office hours on tomorrow.
NP-Complete problems.
Verification & Validation By: Amir Masoud Gharehbaghi
CSE 589 Part V One of the symptoms of an approaching nervous breakdown is the belief that one’s work is terribly important. Bertrand Russell.
SAT Sweeping with Local Observability Don’t-Cares Qi Zhu 1 Nathan Kitchen 1 Andreas Kuehlmann 1,2 Alberto Sangiovanni-Vincentelli 1 1 University of California.
Strings Basic data type in computational biology A string is an ordered succession of characters or symbols from a finite set called an alphabet Sequence.
Chapter 11 Introduction to Computational Complexity Copyright © 2011 The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 1.
CSCI 2670 Introduction to Theory of Computing December 2, 2004.
1 Alan Mishchenko Research Update June-September 2008.
Fast Synthesis of Clock Gating from Existing Logic Aaron P. Hurst Univ. of California, Berkeley Portions In Collaboration with… Artur Quiring and Andreas.
The NP class. NP-completeness Lecture2. The NP-class The NP class is a class that contains all the problems that can be decided by a Non-Deterministic.
C OMBINATIONAL L OGIC D ESIGN 1 Eng.Maha AlGubali.
On the Relation Between Simulation-based and SAT-based Diagnosis CMPE 58Q Giray Kömürcü Boğaziçi University.
Speaker: Nansen Huang VLSI Design and Test Seminar (ELEC ) March 9, 2016 Simulation-Based Equivalence Checking.
Reducing Structural Bias in Technology Mapping
Introduction to Formal Verification
SS 2017 Software Verification Bounded Model Checking, Outlook
Inference and search for the propositional satisfiability problem
Hardware Verification
The Analysis of Cyclic Circuits with Boolean Satisfiability
Alan Mishchenko UC Berkeley
Intro to Theory of Computation
Cryptol aided formal verification of VHDL code
LPSAT: A Unified Approach to RTL Satisfiability
Introduction to Formal Verification
Scalable and Scalably-Verifiable Sequential Synthesis
Improvements to Combinational Equivalence Checking
Research Status of Equivalence Checking at Zhejiang University
Resolution Proofs for Combinational Equivalence
Alan Mishchenko UC Berkeley
Alan Mishchenko UC Berkeley
Instructor: Aaron Roth
Presentation transcript:

Equivalence Checking Sean Weaver

Equivalence Checking Prove whether or not two Boolean expressions are functionally equivalent This talk will focus specifically on equivalence checking of pairs of combinational circuits

Types of Circuits Combinational Circuit Sequential Circuit Digital circuit No state-holding elements No feedback loops Output is a function of the current input Sequential Circuit Can have state-holding elements Can have feedback loops Must transform (ex. BMC) into a combinational circuit for equivalence checking

Circuit Equivalence Checking Checking the equivalence of a pair of circuits For all possible input vectors (2#input bits), the outputs of the two circuits must be equivalent Testing all possible input-output combinations is CoNP-Hard However, the equivalence check of circuits with “similar” structure is easy [1] So, we must be able to identify shared structure, and we need a tool that can quickly solve NP-Complete problems (Satisfiability solver,theorem prover, etc.) 1. E. Goldberg, Y. Novikov. How good can a resolution based SAT-solver be? SAT-2003, LNCS 2919, pp. 35-52.

Equivalence Checking Uses Formal Verification Prove whether a low level implementation matches a high level specification Verifying Compiler Maintain the functionality of generated code Version Control Use previous implementations to maintain the correctness of future implementations Functional Inversion Prove whether encode and decode functions are inverses of each other

Given that the input variables (A, B, C) are equivalent, verify output variables (X, Y) are equivalent. Conjoin specification and implementation formulas, Add the equivalence checking constraint. Result – This is called a “miter” formula. If unsatisfiable, the specification and implementation are equivalent. A SAT solver can tell us this.

Example: Are These Circuits Equivalent? #1 a A 6 A b 4 7 C1 C1 C1 A A x A 5 c #2 a 1 2 O O b 8 A y 3 A c

Example: Outline Random Simulation - And/Inverter Graph SAT Sweeping Send random vectors through the two circuits, collecting pairs of candidate equivalent nodes And/Inverter Graph Find more equivalent nodes by creating the AIG of the circuits SAT Sweeping Use candidate equivalent nodes to guide SAT searches, merging AIG nodes which reduces the complexity of future SAT searches

Identifying Shared Structure An internal node in the first circuit may be equivalent to an internal node in the second circuit Detect by using random simulation Percolate random vectors through both circuits (fast trick - use 64-bit words) Partition nodes into equivalence classes This results in potentially many, high probability, candidate equivalent nodes

Random Simulation #1 A A C1 C1 C1 A A A #2 O O A A a 6 b 4 7 x 5 c a 1 a A 6 A b 4 7 C1 C1 C1 A A x A 5 c #2 a 1 2 O O b 8 A y 3 A c

Random Simulation #1 A A C1 C1 A A Buckets ----------------- 4,7,1,8 a A 6 A b 4 7 C1 C1 A A x Buckets ----------------- 4,7,1,8 0,5,6,2,3 A 5 c #2 a 1 2 O O b 8 A y 3 A c Random Vector: {a=T, b=T, c=T}

Random Simulation #1 A A C1 C1 C1 A A Buckets ----------------- 4,1 a A 6 A b 4 7 C1 C1 C1 A A x Buckets ----------------- 4,1 7,8 5,6,2,3 A 5 c #2 a 1 2 O O b 8 A y 3 A c Random Vector: {a=F, b=F, c=F}

Random Simulation #1 A A C1 C1 C1 C1 A A Buckets ----------------- 4,1 a A 6 A b 4 7 C1 C1 C1 C1 A A x Buckets ----------------- 4,1 7,8 6,2 5,3 A 5 c #2 a 1 2 O O b 8 A y 3 A c Random Vector: {a=F, b=F, c=T}

Random Simulation #1 A A C1 C1 C1 A A Buckets ----------------- 7,8 a A 6 A b 4 7 C1 C1 C1 A A x Buckets ----------------- 7,8 6,2 5,3 A 5 c #2 a 1 2 O O b 8 A y 3 A c Random Vector: {a=T, b=T, c=F}

Example: Outline Random Simulation - And/Inverter Graph SAT Sweeping Send random vectors through the two circuits, collecting pairs of candidate equivalent nodes And/Inverter Graph Find more equivalent nodes by creating the AIG of the circuits SAT Sweeping Use candidate equivalent nodes to guide SAT searches, merging AIG nodes which reduces the complexity of future SAT searches

Identifying Shared Structure Random simulation is probabilistic And/Inverter Graph (AIG) [2] Simple data structure used to represent combinational circuits Operations are fast (add node, merge nodes) 2. A. Kuehlmann, V. Paruthi, F. Krohm, and M.K. Ganai. Robust Boolean Reasoning for Equivalence Checking and Functional Property Verification. IEEE Trans. CAD, Vol. 21, No. 12, pp. 1377-1394 (2002)

And/Inverter Graph #1 A A C1 C1 C1 A A A #2 O O A A a 6 b 4 7 x 5 c a a A 6 A b 4 7 C1 C1 C1 A A x A 5 c #2 a 1 2 O O b 8 A y 3 A c

And/Inverter Graph #2 O O A A 1 2 O O b 8 A y 3 A c Use the AIG data structure to store circuits AIG can quickly add nodes and merge equivalent nodes Structural hashing is used Merging a pair of equivalent nodes can cause other nodes to be merged automatically, without need for a SAT proof

And/Inverter Graph #2 O A A Nodes represent AND gates 1 2 O b 8 A y 3 A c Nodes represent AND gates Edges represent inputs to an AND gate Edges may be inverted OR gates must be converted to AND gates during AIG creation

And/Inverter Graph #2 a 1 2 b 8 A y 3 c

And/Inverter Graph #2 a 1 2 b 8 y 3 c

And/Inverter Graph #1 a A 6 A b 4 7 A A x A 5 c #2 a 1 2 b 8 y 3 c

And/Inverter Graph #1 6 A 4 7 A A x A 5 #2 a 1 2 b 8 y 3 c

And/Inverter Graph #1 6 A 4 7 A x A 5 #2 a 1 2 b 8 y 3 c

And/Inverter Graph #1 6 4 7 A x 5 #2 a 1 2 b 8 y 3 c

And/Inverter Graph #1 6 4 7 x 5 #2 a 1 2 b 8 y 3 c

Example: Outline Random Simulation - And/Inverter Graph SAT Sweeping Send random vectors through the two circuits, collecting pairs of candidate equivalent nodes And/Inverter Graph Find more equivalent nodes by creating the AIG of the circuits SAT Sweeping Use candidate equivalent nodes to guide SAT searches, merging AIG nodes which reduces the complexity of future SAT searches

SAT Sweeping Use SAT to prove whether or not the candidate equivalent nodes, from the random simulation phase, are equivalent The candidate equivalent nodes are used as cut points Generate SAT problems that are solved from inputs to outputs using the candidate equivalent nodes as a guide [3] 3. A. Kuehlmann. Dynamic Transition Relation Simplification for Bounded Property Checking. In ICCAD, 2004

SAT Instances Create one SAT instance for one (or more) pair of candidate equivalent nodes A SAT instance encodes a miter circuit Each SAT search can result in the merger of equivalent AIG nodes, reducing the complexity of the AIG

And/Inverter Graph #1 6 4 7 x 5 #2 a 1 2 b 8 y 3 c

Equivalences Buckets ----------------- 7 ?= 8 6 ?= 2 5 ?= 3 6 4 7 x 5 6 4 7 x 5 Buckets ----------------- 7 ?= 8 6 ?= 2 5 ?= 3 a 1 2 b 8 y 3 c

SAT Solver Says 5 = 3 Buckets ----------------- 7 ?= 8 6 ?= 2 5 = 3 6 6 4 7 x 5 Buckets ----------------- 7 ?= 8 6 ?= 2 5 = 3 a 1 2 b 8 y 3 c

Merge 5 and 3 Buckets ----------------- 7 ?= 8 6 ?= 2 5 = 3 6 4 7 x 5 6 4 7 x 5 Buckets ----------------- 7 ?= 8 6 ?= 2 5 = 3 a 1 2 b 8 y 3 c

SAT Solver Says 6 = 2 Buckets ----------------- 7 ?= 8 6 = 2 5 = 3 6 4 6 4 7 x 5 Buckets ----------------- 7 ?= 8 6 = 2 5 = 3 a 1 2 b 8 y 3 c

Merge 6 and 2 Buckets ----------------- 7 ?= 8 6 = 2 5 = 3 6 4 7 x 5 a 6 4 7 x 5 Buckets ----------------- 7 ?= 8 6 = 2 5 = 3 a 1 2 b 8 y 3 c

7 Structurally Hashes to 8 6 4 7 x 5 Buckets ----------------- 7 = 8 6 = 2 5 = 3 a 1 2 b 8 y 3 c

x and y Verified Equivalent 6 4 7 x 5 Buckets ----------------- 7 = 8 6 = 2 5 = 3 a 1 2 b 8 y 3 c

Slides taken from A. Biere. SAT in Formal Hardware Verification.

Slides taken from A. Biere. SAT in Formal Hardware Verification.

Slides taken from A. Biere. SAT in Formal Hardware Verification.

Slides taken from A. Biere. SAT in Formal Hardware Verification.

Slides taken from A. Biere. SAT in Formal Hardware Verification.

Slides taken from A. Biere. SAT in Formal Hardware Verification.

Slides taken from A. Biere. SAT in Formal Hardware Verification.

Slides taken from A. Biere. SAT in Formal Hardware Verification.

Cryptol Cryptol is a Haskell based specification language for writing crypto-algorithms Created by Galois Connections Inc. with support from NSA cryptographers Cryptol can turn specifications into AIGs Cryptol also has a built in equivalence checker (jaig) Cryptol specifications can be used to verify various implementations C code, VHDL, etc.

Results - AES Verified Cryptol version of full rank AES-128 functionally equivalent to NIST competition optimized C-code Cryptol-AES AIG has 934,000 nodes NIST-AES AIG has 1,482,000 nodes 190,000 equivalent nodes found Using techniques described here 14 minutes on 2GHz Pentium III Using special heuristics and other more recent optimizations < 1 minute on 2 GHz Pentium III

Results - VdW Van der Waerden numbers W(k,r)=n Place numbers 1 ... n into r buckets so that no arithmetic progression of length k exists in any bucket Assertion by Dr. Michal Kouril W(2,6) = 1132 This is quite a feat because only 5 numbers are known and no new ones have been found since 1979

Results VdW Kouril's solver is written in VHDL, runs on a cluster of FPGAs at UC The solver has basically exhausted the search space How to give confidence that VHDL code is correct? Use equivalence checking!

Results VdW Wrote Cryptol specifications for the three main VHDL functions used Used Xilinx tools and Cryptol to generate AIGs from the VHDL code Used the Cryptol equivalence checker (jaig) to verify the VHDL code Each function has 2240 possible inputs Total time for all three checks < 30 minutes

References A. Biere. Invited talk - SAT in Formal Hardware Verification. 8th Intl. Conf; on Theory and Applications of Satisfiability Testing (SAT'05), St. Andrews, Scotland, (2005). D. Brand. Verification of Large Synthesized Designs. Proc. Intl Conf. Computer- Aided Design pp. 534-537 (1993). E. Goldberg, Y. Novikov. How good can a resolution based SAT-solver be? SAT- 2003, LNCS 2919, pp. 35-52. F. Krohm, A. Kuehlmann, and A. Mets. The Use of Random Simulation in Formal Verification. Proc. of Int'l Conf. on Computer Design, Oct (1996). A. Kuehlmann, F. Krohm. Equivalence Checking Using Cuts and Heaps. In Design Automation Conference (1997). A. Kuehlmann, V. Paruthi, F. Krohm, and M. K. Ganai. Robust Boolean Reasoning for Equivalence Checking and Function Property Verification. IEEE Trans. CAD, Vol. 21, No. 12, pp. 1377-1394 (2002). A. Kuehlmann. Dynamic Transition Relation Simplification for Bounded Property Checking. In ICCAD (2004). J. Lewis. Cryptol, A Domain Specific Language for Cryptography. http://www.cryptol.net/docs/CryptolPaper.pdf (2002).

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.