Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECE 667 - Synthesis & Verification - L211 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Verification Equivalence checking.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "ECE 667 - Synthesis & Verification - L211 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Verification Equivalence checking."— Presentation transcript:

1

2 ECE 667 - Synthesis & Verification - L211 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Verification Equivalence checking

3 ECE 667 - Synthesis & Verification - L212 Equivalence Checking Two circuits are functionally equivalent if they exhibit the same behavior Combinational circuits –for all possible input values In Out CL PoPI CL PsNs R Sequential circuits – for all possible input sequences

4 ECE 667 - Synthesis & Verification - L213 Combinational Equivalence Checking Functional Approach –transform output functions of combinational circuits into a unique (canonical) representation –two circuits are equivalent if their representations are identical –efficient canonical representation: BDD Structural –identify structurally similar internal points –prove internal points (cut-points) equivalent –find implications

5 ECE 667 - Synthesis & Verification - L214 Functional Equivalence Circuits for which BDD can be constructed –represent multi-output circuits as shared BDDs –BDDs must be identical (for the same variable ordering) Circuits whose BDDs are too large –cannot construct BDDs, memory problem –use partitioned BDD method decompose circuit into smaller pieces, each as BDD check equivalence of internal points

6 ECE 667 - Synthesis & Verification - L215 Functional Decomposition Decompose each function into functional blocks –represent each block as a BDD (partitioned BDD method) –define cut-points (z) –verify equivalence of blocks at cut-points starting at primary inputs F f2f2 f1f1 z x y G g2g2 g1g1 z x y

7 ECE 667 - Synthesis & Verification - L216 Cut-Points Resolution Problem F f2f2 f1f1 z1z1 x y G g2g2 g1g1 z2z2 x y If all pairs of cut-points (z 1,z 2 ) are equivalent –so are the two functions, F,G If intermediate functions (f 2,g 2 ) are not equivalent –the functions (F,G) may still be equivalent –this is called false negative Why do we have false negative ? –functions are represented in terms of intermediate variables –to prove/disprove equivalence must represent the functions in terms of primary inputs (BDD composition)

8 ECE 667 - Synthesis & Verification - L217 Cut-Point Resolution – Theory Let f 1 (x)=g 1 (x)  x –if f 2 (z,y)  g 2 (z,y),  z,y then f 2 (f 1 (x),y)  g 2 (f 1 (x),y)  F  G –if f 2 (z,y)  g 2 (z,y),  z,y  f 2 (f 1 (x),y)  g 2 (f 1 (x),y)  F  G False negative –two functions are equivalent, but the verification algorithm declares them as different. F f2f2 f1f1 z x y G g2g2 g1g1 z x y We cannot say if F  G or not

9 ECE 667 - Synthesis & Verification - L218 Cut-Point Resolution – cont’d Procedure 1: create a miter (XOR) between two potentially equivalent nodes/functions –perform ATPG test for stuck-at 0 –find test pattern to prove F  G –efficient for true negative (gives test vector, a proof) –inefficient when there is no test 0, F  G (false negative) 1, F  G (true negative) FG How to verify if negative is false or true ?

10 ECE 667 - Synthesis & Verification - L219 Cut-Point Resolution – cont’d Procedure 2: create a BDD for F  G –perform satisfiability analysis (SAT) of the BDD if BDD for F  G = , problem is not satisfiable, false negative BDD for F  G  , problem is satisfiable, true negative Non-empty, F  G , F  G (false negative) F  G = =  F G Note: must compose BDDs until they are equivalent, or expressed in terms of primary inputs – the SAT solution, if exists, provides a test vector (proof of non-equivalence) – as in ATPG – unlike the ATPG technique, it is effective for false negative (the BDD is empty!)

11 ECE 667 - Synthesis & Verification - L2110 Structural Equivalence Check Given two circuits, each with its own structure –identify “similar” internal points, cut sets –exploit internal equivalences False negative problem may arise –F  G, but differ structurally (different local support) –verification algorithm declares F,G as different Solution: use BDD-based or ATPG-based methods to resolve the problem. Also: implication, learning techniques. b d1d1 a F a c d2d2 b G

12 ECE 667 - Synthesis & Verification - L2111 Implication Techniques Techniques that extract and exploit internal correspondences to speed up verification Implications – direct and indirect a=1 c=x b=x f=0 d=0 e=0 a=0 c=x b=x f=1 d=x e=x Direct: a=1  f=0Indirect (learning): f=1  a=0

13 ECE 667 - Synthesis & Verification - L2112 Learning Techniques Learning –process of deriving indirect implications –Recursive learning recursively analyzes effects of each justification –Functional learning uses BDDs to learn indirect implications 01 a b G 10 a b H G=1  H=0 a c b H G=1

14 ECE 667 - Synthesis & Verification - L2113 Learning Techniques –cont’d Other methods to check implications G=1  H=0 –Build a BDD for G H’ If this function is satisfiable, the implication holds and gives a test vector Otherwise it does not hold –Since G=1  H=0  (G’+H’)=1, build a BDD for (G’+H’) The implication holds if (G’+H’)=1 (tautology) a c b H G=1

15 ECE 667 - Synthesis & Verification - L2114 Sequential Equivalence Checking Functional Approach –Bounded model unroll combinational logic portion of FSM k times Check equivalence of combinational logic –Sequential FSM model Create a product of FSMs Perform traversal or reachability analysis of the product machine –Gate level model Find register equivalence Structural –Similar to combinational: identify structurally similar internal points prove equivalence of internal points (cut-points) –Harder because of states and registers

16 ECE 667 - Synthesis & Verification - L2115 Finite State Machines (FSM) FSM M(X,S, ,,O) –Inputs:X –Outputs:O –States:S –Next state function,  (s,x) : S  X  S –Output function, (s,x) : S  X  OOX R  (s,x) (s,x) ss’

17 ECE 667 - Synthesis & Verification - L2116 Sequential Equivalence Checking Represent each sequential circuit as an FSM –verify if two FSMs are equivalent Approach 1: reduction to combinational circuit –unroll FSM over n time frames (flatten the design) M(t 1 ) x(1) s(1) M(t 2 ) x(2) s(2) … … M(t n ) x(n) s(n) Combinational logic: F(x(1,2, …n), s(1,2, … n)) – check equivalence of the resulting combinational circuits – problem: the resulting circuit can be too large too handle

18 ECE 667 - Synthesis & Verification - L2117 Sequential Verification Approach 2: based on isomorphism of state transition graphs –two machines M1, M2 are equivalent if their state transition graphs (STGs) are isomorphic –perform state minimization of each machine –check if STG(M1) and STG(M2) are isomorphic  State min. 1/0 01.2 0/0 1/1 0/1 M1 min 1/0 0 1 0/0 1/1 0/1 M2 0/0 0/1 1/0 0 1 0/1 2 1/0 M1 1/1

19 ECE 667 - Synthesis & Verification - L2118 Sequential Verification Approach 3: symbolic FSM traversal of the product machine M1M2 S1 S2 O2O1 X O(M) Given two FSMs: M 1 (X,S 1,  1, 1,O 1 ), M 2 (X,S 2,  2, 2,O 2 ) Create a product FSM: M = M 1  M 2 –traverse the states of M and check its output for each transition –the output O(M) =1, if outputs O 1 = O 2 –if all outputs of M are 1, M 1 and M 2 are equivalent –otherwise, an error state is reached –error trace is produced to show: M 1  M 2

20 ECE 667 - Synthesis & Verification - L2119 Product Machine - Construction Define the product machine M(X,S, ,,O) –states, S = S 1  S 2 –next state function,  (s,x) : (S 1  S 2 )  X  (S 1  S 2 ) –output function, (s,x) : (S 1  S 2 )  X  {0,1} M1M2 11 22 2 1 X Error trace (distinguishing sequence) that leads to an error state -sequence of inputs which produces 1 at the output of M -produces a state in M for which M1 and M2 give different outputs (s,x) = 1 (s 1,x) 2 (s 2,x)  O =  1 if O 1 =O 2 0 otherwise

21 ECE 667 - Synthesis & Verification - L2120 Construction of the Product FSM For each pair of states, s 1  M 1, s 2  M 2 –create a combined state s = (s 1. s 2 ) of M –create transitions out of this state to other states of M –label the transitions (input/output) accordingly 1/0 0 1 0/0 1/1 0/1 M1M1 M2M2 1/1 2 0 1 0/0 0/1 1/1 1/0 M1M1 0 0/1 1 M2M2 2 1/0 1 1.1 0/1 0000 1/1 0.2 1111 Output = { 1 OK 0 error

22 ECE 667 - Synthesis & Verification - L2121 (Explicit) FSM Traversal in Action STOP - backtrack to initial state to get error trace: x={1,1,1,0} 1/0 0 1 0/0 1/1 0/1 M1 M2 2 0 1 0/0 0/1 1/1 1/0 1.1 0/1 1/1 0/1 0.2 1/1 1.0 0/0 1/0 0/0 1.2 1/0 0.1 1/0 0/0 Out(M) State reached x=0 x=1 Error state 0.0 0/1 1/1 M Initiall states: s 1 =0, s 2 =0,s=(0.0) New 0 = (0.0) 1 1 New 1 = (1.1) 1 1 New 2 = (0.2) 1 1 New 3 = (1.0) 0 0

23 ECE 667 - Synthesis & Verification - L2122 Implicit FSM Traversal Traverse the product machine M(X,S, ,,O) –start at an initial state S 0 –iteratively compute symbolic image Img(S 0,R) (set of next states) until an error state is reached Img( S 0,R ) =  x  s S 0 (s) R(x,s,t) R =  i R i =  i (t i   i (s,x)) –transition relation R i for each next state variable t i can be computed as t i = (t   (s,x)) –Comment: this is an alternative way to compute transition relation, when design is specified at gate level (Boolean)

24 ECE 667 - Synthesis & Verification - L2123 FSM Traversal State Transition Graphs –directed graphs with labeled nodes and arcs (transitions) –symbolic state traversal methods important for symbolic verification, state reachability analysis, FSM traversal, etc. 0/0 0/1 1/0 s0 s1 0/1 s2 1/0

25 ECE 667 - Synthesis & Verification - L2124 Existential Quantification Existential quantification (abstraction)  x f = f | x=0 + f | x=1 Example:  x (x y + z) = y + z Note:  x f does not depend on x (smoothing) Useful in symbolic image computation (deriving sets of states)

26 ECE 667 - Synthesis & Verification - L2125 Existential Quantification - cont’d Function can be existentially quantified w.r.to a vector: X = x 1 x 2 …  X f =  x1x2... f =  x1  x2 ... f Can be done efficiently directly on a BDD Very useful in computing sets of states –Image computation: next states –Pre-Image computation: previous states from a given set of initial states

27 ECE 667 - Synthesis & Verification - L2126 Image Computation Computing set of next states from a given initial state (or set of states) Img( S,R ) =  u S(u) R(u,v) Img(v) R(u,v) S(u) FSM: when transitions are labeled with input predicates x, quantify w.r.to all inputs (primary inputs and state var) Img( S,R ) =  x  u S(u) R(x,u,v)

28 ECE 667 - Synthesis & Verification - L2127 Image Computation - example Encode the states: s1=00, s2=01, s3=10, s4=11 Write transition relations for the encoded states: R = (ax’y’X’Y + a’x’y’XY’ + xy’XY + ….) a xy XY 1 00 01 0 00 10 - 10 11 ………. s1 s2 s3 s4 a a’ 00 01 10 11 Compute a set of next states from state s1

29 ECE 667 - Synthesis & Verification - L2128 Example - cont’d Compute Image from s1 under R Img( s1,R ) =  a  xy s1(x,y) R(a,x,y,X,Y) =  a  xy (x’y’) (ax’y’X’Y + a’x’y’XY’ + xy’XY + ….) =  axy (ax’y’X’Y + a’x’y’XY’ ) = (X’Y + XY’ ) = {01, 10} = {s2, s3} Result: a set of next states for all inputs s1  {s2, s3} s1 s2 s3 s4 a a’ 00 01 10 11

30 ECE 667 - Synthesis & Verification - L2129 Pre-Image Computation Computing a set of present states from a given next state (or set of states) Pre-Img( S’,R) =  v R(u,v) ) S’(v) S’(v) R(u,v) Pre-Img(u) Similar to Image computation, except that quantification is done w.r.to next state variables The result: a set of states backward reachable from state set S’, expressed in present state variables u Useful in computing CTL formulas: AF, EF

Download ppt "ECE 667 - Synthesis & Verification - L211 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Verification Equivalence checking."

Similar presentations

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.

Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
CS357 Lecture: BDD basics David Dill 1. 2 BDDs (Boolean/binary decision diagrams) BDDs are a very successful representation for Boolean functions. A BDD.

CS357 Lecture: BDD basics David Dill 1. 2 BDDs (Boolean/binary decision diagrams) BDDs are a very successful representation for Boolean functions. A BDD.
TOPIC : Finite State Machine(FSM) and Flow Tables UNIT 1 : Modeling Module 1.4 : Modeling Sequential circuits.

TOPIC : Finite State Machine(FSM) and Flow Tables UNIT 1 : Modeling Module 1.4 : Modeling Sequential circuits.
ECE 667 - Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.

ECE Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.
SYMBOLIC MODEL CHECKING: 10 20 STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.

SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.
CS 267: Automated Verification Lecture 7: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking.

CS 267: Automated Verification Lecture 7: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
 2001 CiesielskiFormal Verification1 FORMAL METHODS IN HARDWARE VERIFICATION Maciej Ciesielski Dept. of Electrical & Computer Engineering University.

 2001 CiesielskiFormal Verification1 FORMAL METHODS IN HARDWARE VERIFICATION Maciej Ciesielski Dept. of Electrical & Computer Engineering University.
ECE 331 – Digital System Design

ECE 331 – Digital System Design
ECE 667 - Synthesis & Verification - Lecture 8 1 ECE 697B (667) Spring 2006 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Circuits Introduction.

ECE Synthesis & Verification - Lecture 8 1 ECE 697B (667) Spring 2006 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Circuits Introduction.
Equivalence Checking Using Cuts and Heaps Andreas Kuehlmann Florian Krohm IBM Thomas J. Watson Research Center Presented by: Zhenghua Qi.

Equivalence Checking Using Cuts and Heaps Andreas Kuehlmann Florian Krohm IBM Thomas J. Watson Research Center Presented by: Zhenghua Qi.
Penn ESE 535 Spring 2009 -- DeHon 1 ESE535: Electronic Design Automation Day 13: March 4, 2009 FSM Equivalence Checking.

Penn ESE 535 Spring DeHon 1 ESE535: Electronic Design Automation Day 13: March 4, 2009 FSM Equivalence Checking.
ECE C03 Lecture 111 Lecture 11 Finite State Machine Optimization Hai Zhou ECE 303 Advanced Digital Design Spring 2002.

ECE C03 Lecture 111 Lecture 11 Finite State Machine Optimization Hai Zhou ECE 303 Advanced Digital Design Spring 2002.
Sequential System Synthesis -- Finite State Machine.

Sequential System Synthesis -- Finite State Machine.
ECE C03 Lecture 131 Lecture 13 Finite State Machine Optimization Prith Banerjee ECE C03 Advanced Digital Design Spring 1998.

ECE C03 Lecture 131 Lecture 13 Finite State Machine Optimization Prith Banerjee ECE C03 Advanced Digital Design Spring 1998.

Similar presentations

Ads by Google