Embed Size (px)
Citation preview
ABC: An Academic ABC: An Academic “Industrial-Strength” “Industrial-Strength”
Verification ToolVerification Tool(based on a tutorial given at CAV’10)(based on a tutorial given at CAV’10)
BVSRCBVSRCBerkeley Verification and Synthesis Berkeley Verification and Synthesis
Research CenterResearch CenterUC BerkeleyUC Berkeley
Robert Brayton, Niklas Een, Alan Mishchenko Robert Brayton, Niklas Een, Alan Mishchenko Jiang Long, Sayak Ray, Baruch Sterin Jiang Long, Sayak Ray, Baruch Sterin
Thanks to:Thanks to: NSF, NSA, SRC, and industrial sponsors, NSF, NSA, SRC, and industrial sponsors, Actel, Altera, Atrenta, IBM, Intel, Jasper, Magma, Oasys, Actel, Altera, Atrenta, IBM, Intel, Jasper, Magma, Oasys,
Real Intent, Synopsys, Tabula, and VerificReal Intent, Synopsys, Tabula, and Verific
22
OverviewOverview General introduction to ABCGeneral introduction to ABC Synergy between synthesis and verificationSynergy between synthesis and verification Introduction to AIGsIntroduction to AIGs Contrast between classical synthesis and ABC synthesisContrast between classical synthesis and ABC synthesis ABC+ - orchestrated verification flowABC+ - orchestrated verification flow
SimplificationSimplification Extraction of constraintsExtraction of constraints Phase abstractionPhase abstraction Forward and minimum FF retimiingForward and minimum FF retimiing K-step inductionK-step induction AbstractionAbstraction
AbstractionAbstraction SpeculationSpeculation Last gasp: BMC, BDDs, interpolationLast gasp: BMC, BDDs, interpolation
Verification example Verification example Future workFuture work
33
ABCABC A synthesis and verification tool under A synthesis and verification tool under
development at Berkeleydevelopment at Berkeley Started 6 years ago as a replacement for SISStarted 6 years ago as a replacement for SIS Academic public domain toolAcademic public domain tool ““Industrial-strength” Industrial-strength”
Has been employed in commercial offerings of Has been employed in commercial offerings of various CAD companies various CAD companies
In both synthesis and verificationIn both synthesis and verification
Exploits the synergy between synthesis and Exploits the synergy between synthesis and verificationverification
44
A Plethora of ABCsA Plethora of ABCshttphttp://en.wikipedia.org/wiki/Abc://en.wikipedia.org/wiki/Abc ABC (American Broadcasting Company)ABC (American Broadcasting Company)
A television network…A television network… ABC (Active Body Control)ABC (Active Body Control)
ABC is designed to minimize body roll in corner, ABC is designed to minimize body roll in corner, accelerating, and braking. The system uses 13 accelerating, and braking. The system uses 13 sensors which monitor body movement to supply the sensors which monitor body movement to supply the computer with information every 10 ms…computer with information every 10 ms…
ABC (ABC (Abstract Abstract BBase ase CClasslass) ) In C++, these are generic classes at the base of the In C++, these are generic classes at the base of the
inheritance tree; objects of such abstract classes inheritance tree; objects of such abstract classes cannot be created… cannot be created…
Atanasoff-Berry Computer Atanasoff-Berry Computer The The Atanasoff–Berry ComputerAtanasoff–Berry Computer ( (ABCABC) was the first ) was the first
electronicelectronic digitaldigital computingcomputing device. device.[1][1] Conceived in Conceived in 1937, the machine was not programmable, being 1937, the machine was not programmable, being designed only to solve systems of designed only to solve systems of linear equationslinear equations. It . It was successfully tested in 1942. was successfully tested in 1942.
ABC (supposed to mean “as simple as ABC”)ABC (supposed to mean “as simple as ABC”) A system for sequential synthesis and verification at A system for sequential synthesis and verification at
BerkeleyBerkeley
55
Design FlowDesign FlowSystem SpecificationSystem Specification
RTLRTL
Logic synthesisLogic synthesis
Technology mappingTechnology mapping
Physical synthesisPhysical synthesis
ManufacturingManufacturing
ABCABC Verification
Verification
ABCABC - Property - PropertyChecking Checking
Equivalence checkingEquivalence checking
66
Areas Addressed by ABCAreas Addressed by ABC
Combinational synthesisCombinational synthesis AIG rewritingAIG rewriting technology mappingtechnology mapping resynthesis after mappingresynthesis after mapping
Sequential synthesisSequential synthesis retimingretiming structural register sweepstructural register sweep merging seq. equiv. nodesmerging seq. equiv. nodes
VerificationVerification combinational equivalence checkingcombinational equivalence checking bounded sequential verificationbounded sequential verification unbounded sequential verificationunbounded sequential verification equivalence checking using synthesis historyequivalence checking using synthesis history property checking (safety and liveness)property checking (safety and liveness)
77
Synergy – Two KindsSynergy – Two Kinds
1.1. The algorithms and advancements in The algorithms and advancements in verification can be used in synthesis, and vice verification can be used in synthesis, and vice versa.versa.
2.2. One enables the otherOne enables the other Verification enables synthesis - equivalence Verification enables synthesis - equivalence
checking capability enables acceptance of checking capability enables acceptance of sequential transformationssequential transformations retiming retiming use of unreachable states use of unreachable states sequential signal correspondence, etcsequential signal correspondence, etc
Synthesis enables verificationSynthesis enables verification Desire to use sequential synthesis operations (Desire to use sequential synthesis operations (shown by shown by
superior resultssuperior results) spurs verification developments) spurs verification developments
88
Examples of The Synergy Examples of The Synergy
Similar solutionsSimilar solutions e.g. retiming in synthesis / retiming in verificatione.g. retiming in synthesis / retiming in verification
Algorithm migrationAlgorithm migration e.g. BDDs, SAT, induction, interpolation, rewritinge.g. BDDs, SAT, induction, interpolation, rewriting
Related complexity Related complexity scalable synthesis <=> scalable verification scalable synthesis <=> scalable verification
(approximately)(approximately) Common data-structures Common data-structures
e.g. combinational and sequential AIGse.g. combinational and sequential AIGs
99
Evidence of Synergy Between Evidence of Synergy Between Synthesis and VerificationSynthesis and Verification
IBMIBM Has a very capable sequential verification engine – Has a very capable sequential verification engine – SixthSenseSixthSense.. Used throughout IBM to verify property and equivalenceUsed throughout IBM to verify property and equivalence Designers more willing to consider sequential transformations Designers more willing to consider sequential transformations
now.now. ABCABC
Sequential verification was developed to check that new Sequential verification was developed to check that new algorithms were implemented correctlyalgorithms were implemented correctly
Example of a startup companyExample of a startup company Had developed sequential methods to reduce powerHad developed sequential methods to reduce power Needed a verification tool to double check if their ideas and Needed a verification tool to double check if their ideas and
implementations were correct.implementations were correct. Needed a tool to assure customers that results were correct.Needed a tool to assure customers that results were correct.
1010
AIG (And-Inverter Graphs) AIG (And-Inverter Graphs) DDefinition and efinition and EExamplesxamples
cdcdabab 0000 0101 1111 1010
0000 00 00 11 00
0101 00 00 11 11
1111 00 11 11 00
1010 00 00 11 00
F(a,b,c,d) = ab + d(ac’+bc)
F(a,b,c,d) = ac’(b’d’)’ + c(a’d’)’ = ac’(b+d) + bc(a+d)
cdcdabab 0000 0101 1111 1010
0000 00 00 11 00
0101 00 00 11 11
1111 00 11 11 00
1010 00 00 11 00
6 nodes
4 levels
7 nodes
3 levels
b ca c
a b d
a c b d b c a d
AIG is a Boolean network composed of two-input ANDs and invertersAIG is a Boolean network composed of two-input ANDs and inverters
1111
Structural hashingStructural hashing Performs AIG compactionPerforms AIG compaction Applied on-the-fly during constructionApplied on-the-fly during construction
Propagates constantsPropagates constants Makes each node structurally uniqueMakes each node structurally unique
F = abc
G = (abc)’
H = abc’ Before After
AIGsAIGs
1212
AIGs (And-Inverter Graphs)AIGs (And-Inverter Graphs)Why AIGs?Why AIGs?
Same reasons hold for both synthesis and verificationSame reasons hold for both synthesis and verification
Easy to construct, relatively compact, robustEasy to construct, relatively compact, robust 1M AIG ~ 12Mb RAM1M AIG ~ 12Mb RAM
Can be efficiently stored on disk Can be efficiently stored on disk 3-4 bytes / AIG node (1M AIG ~ 4Mb file)3-4 bytes / AIG node (1M AIG ~ 4Mb file)
Unifying representationUnifying representation Used by all the different verification enginesUsed by all the different verification engines Easy to pass around, duplicate, saveEasy to pass around, duplicate, save
Compatible with SAT solvers Compatible with SAT solvers Efficient AIG-to-CNF conversion availableEfficient AIG-to-CNF conversion available Circuit-based SAT solvers work directly on AIGCircuit-based SAT solvers work directly on AIG ““AIGs + simulation + SAT” works well in many casesAIGs + simulation + SAT” works well in many cases
1313
AIG Memory UsageAIG Memory Usage
Memory allocationMemory allocation Use fixed amount of memory for each nodeUse fixed amount of memory for each node
Can be done by a simple custom memory managerCan be done by a simple custom memory manager Dynamic fanout manipulation is supported!Dynamic fanout manipulation is supported!
Allocate memory for nodes in a topological orderAllocate memory for nodes in a topological order Optimized for traversal in the same topological orderOptimized for traversal in the same topological order
Mostly AIG can be stored in cache – fewer cache misses.Mostly AIG can be stored in cache – fewer cache misses. Small static memory footprint in many applicationsSmall static memory footprint in many applications
Compute fanout information on demandCompute fanout information on demand
1414
Quick Overview of “Classical” Quick Overview of “Classical” (technology independent) (technology independent)
Logic SynthesisLogic Synthesis Boolean networkBoolean network Network manipulation Network manipulation
(algebraic)(algebraic) Elimination (substituting a Elimination (substituting a
node into its fanouts)node into its fanouts) Decomposition (common-Decomposition (common-
divisor extraction)divisor extraction) Node minimization (Boolean)Node minimization (Boolean)
EspressoEspresso Don’t caresDon’t cares
Resubstitution (algebraic or Resubstitution (algebraic or Boolean) Boolean)
Boolean network in SISBoolean network in SIS
aa bb cc dd
ee
xx yy
ff
zz
ze
xd yd xy
ab cd cd
Boolean network in SISBoolean network in SIS
ab
x + c
aa bb cc dd
ee
xx
yy
ff
zzze
yd yd
1515
““Classical” Logic SynthesisClassical” Logic Synthesis
Equivalent AIG in ABCEquivalent AIG in ABC
aa bb cc dd
ff
ee
xxyy
zz
Boolean network in SISBoolean network in SIS
aa bb cc dd
ee
xx yy
ff
zz
ze
xd yd xy
ab cd cd
AIG is a Boolean network of 2-input AND nodes and invertors (dotted lines)
1616
One AIG Node – Many CutsOne AIG Node – Many Cuts
Combinational AIGCombinational AIG
aa bb cc dd
ff
ee
AIG can be used to compute many cuts for each node Each cut in AIG represents a
different SIS node SIS node logic represented by AIG
between cut and root.
No a priori fixed boundaries
Implies that AIG manipulation with cuts is equivalent to working on many Boolean networks at the same time
Different cuts for the same nodeDifferent cuts for the same node
1717
Combinational SynthesisCombinational Synthesis
a b a c
Subgraph 1
b c
a
Subgraph 2
Pre-computing AIG subgraphsPre-computing AIG subgraphs Consider function f = abcConsider function f = abc
a c
b
Subgraph 3
Rewriting AIG subgraphsRewriting AIG subgraphsRewriting node A
Rewriting node B
a b a c
a b a c
A
Subgraph 1
b c
a
A
Subgraph 2
b c
a
B
Subgraph 2
a b a c
B
Subgraph 1
In both cases 1 node is savedIn both cases 1 node is saved
AIG rewritingAIG rewriting minimizes the number of AIG nodes without minimizes the number of AIG nodes without increasing the number of AIG levelsincreasing the number of AIG levels
1818
Combinational RewritingCombinational Rewriting
iterate iterate 1010 times { times {
for for eacheach AIG node { AIG node {
for for eacheach kk-cut-cut
derive node output as function of cut variablesderive node output as function of cut variables
if ( smaller AIG is in the pre-computed library )if ( smaller AIG is in the pre-computed library )
rewriterewrite using improved AIG structure using improved AIG structure
}}
}}Note: For 4-cuts, each AIG node has, on average, 5 cuts Note: For 4-cuts, each AIG node has, on average, 5 cuts compared to a SIS node with only 1 cutcompared to a SIS node with only 1 cut
Rewriting at a node can be very fast – using hash-table Rewriting at a node can be very fast – using hash-table lookups, truth table manipulation, disjoint decompositionlookups, truth table manipulation, disjoint decomposition
1919
Comparison of Two SynthesesComparison of Two Syntheses
“ “Classical” synthesisClassical” synthesis
Boolean networkBoolean network Network manipulation Network manipulation
(algebraic)(algebraic) EliminationElimination Decomposition (common Decomposition (common
kernel extraction)kernel extraction) Node minimizationNode minimization
EspressoEspresso Don’t cares computed using Don’t cares computed using
BDDsBDDs Resubstitution Resubstitution
““Contemporary” synthesisContemporary” synthesis
AIG networkAIG network DAG-aware AIG rewriting (Boolean)DAG-aware AIG rewriting (Boolean)
Several related algorithmsSeveral related algorithms RewritingRewriting RefactoringRefactoring BalancingBalancing
Node minimizationNode minimization Boolean decompositionBoolean decomposition Don’t cares computed using Don’t cares computed using
simulation and SATsimulation and SAT Resubstitution with don’t caresResubstitution with don’t cares
Note: here all algorithms are Note: here all algorithms are scalablescalable: : no SOP, no BDDs, no Espressono SOP, no BDDs, no Espresso
2020
Sequential VerificationSequential Verification Property checkingProperty checking
Create miter from the design and Create miter from the design and the safety propertythe safety property
Special construction for livenessSpecial construction for liveness Biere, Artho, Schuppan
Equivalence checkingEquivalence checking Create miter from two versions Create miter from two versions
of the same designof the same design
Assuming the initial state is Assuming the initial state is givengiven
The goal is to prove that the The goal is to prove that the output of the miter is 0, for all output of the miter is 0, for all states reachable from the initial states reachable from the initial state.state.
D2D2D1D1
Equivalence checking miterEquivalence checking miter
0
D1D1
Property checking miterProperty checking miter
0
pp
2121
Integrated Verification FlowIntegrated Verification Flow
1.1. SimplificationSimplification
2.2. AbstractionAbstraction
3.3. SpeculationSpeculation
4.4. High effort verificationHigh effort verification
2222
Integrated Verification FlowIntegrated Verification Flow
1.1. SimplificationSimplification Initial fast simplification of the logicInitial fast simplification of the logic Forward Forward retimeretime and do FF correspondence and do FF correspondence Min FF Min FF retimeretime Extract implicit Extract implicit constraintsconstraints**** and use them to find signal and use them to find signal
equivalences equivalences (ABC command (ABC command scorr –cscorr –c)) Fold back the constraints Fold back the constraints
add a FF so that if ever a constraint is not satisfied, make the add a FF so that if ever a constraint is not satisfied, make the output 0 forever after that.output 0 forever after that.
TrimTrim away irrelevant inputs away irrelevant inputs (do not fanout to FF or POs)(do not fanout to FF or POs) Try Try phase abstraction phase abstraction (look for periodic signals)(look for periodic signals) Heavy Heavy simplifysimplify
((kk-step signal correspondence and deep rewriting)-step signal correspondence and deep rewriting)
** (see paper of Cabodi et. al.)** (see paper of Cabodi et. al.)
2323
Sequential SAT SweepingSequential SAT Sweeping(signal correspondence)(signal correspondence)
• Naïve approachNaïve approach• Build output miter – call SATBuild output miter – call SAT
works well for many easy problemsworks well for many easy problems
Better approach - SAT sweepingBetter approach - SAT sweeping • based on based on incrementalincremental SAT solving SAT solving
• detects possibly equivalent nodes using detects possibly equivalent nodes using simulationsimulation
• candidate constant nodescandidate constant nodes• candidate equivalent nodescandidate equivalent nodes
• runs runs SATSAT on the intermediate miters in a on the intermediate miters in a topological ordertopological order
• refines candidates using counterexamplesrefines candidates using counterexamples
Proving internal equivalences in a topological order
A
B
SAT-1SAT-1D CC
SAT-2SAT-2
?
?
Related to combinational CECRelated to combinational CEC
D2D2D1D1
2424
Improved CECImproved CECFor hard CEC instancesFor hard CEC instancesHeuristic: skip some equivalencesHeuristic: skip some equivalences results in results in
5x reduction in runtime5x reduction in runtimesolving previously unresolved problemssolving previously unresolved problems
Given a combinational miter with Given a combinational miter with equivalence class {A, B, A’, B’}equivalence class {A, B, A’, B’}
Possible equivalences: Possible equivalences:
A = B, A = A’, A = B’, B = A’, B = B’, A’ = B’A = B, A = A’, A = B’, B = A’, B = B’, A’ = B’
- only try to prove A=A’ and B=B’only try to prove A=A’ and B=B’
- do not try to prove do not try to prove
A = B, A’ = B’, A’ = B A = B, A’ = B’, A’ = B A = B’ A = B’ D2D2D1D1
BBAA A’A’
B’B’
2525
Sequential SAT SweepingSequential SAT Sweeping(signal correspondence)(signal correspondence)
Similar to combinational SAT sweeping Similar to combinational SAT sweeping detects node equivalencesdetects node equivalences ButBut the equivalences are the equivalences are sequential sequential
guaranteed to hold guaranteed to hold onlyonly on the reachable state space on the reachable state space
Every combinational equivalence is a sequential oneEvery combinational equivalence is a sequential one run combinational SAT sweeping firstrun combinational SAT sweeping first
A A setset of sequential equivalences are proved by of sequential equivalences are proved by kk-step -step inductioninduction Base caseBase case Inductive caseInductive case Efficient implementation of induction is key!Efficient implementation of induction is key!
2626
Base CaseBase Case(just BMC)(just BMC)
arbitrary statearbitrary state
Candidate equivalences: {A = B}, {C = D}
A
B
SAT-3D C
SAT-4
A
B
SAT-1D C
SAT-2
??
??
??
??
PI0
PI1
initial initial statestate
Proving internal equivalencesinternal equivalences in initialized frames 1 through k
Proving Proving internal internal equivalencesequivalences in in a topological a topological order in frame order in frame kk+1+1
A
B
SAT-1SAT-1D C
SAT-2SAT-2
A
B
D C
A
B
D C
AssumingAssuming internal internal equivalences in equivalences in uninitializeduninitialized frames frames 1 through 1 through kk
00
00
00
00
??
??
PI0
PI1
PIk
Inductive CaseInductive Case
kk-step Induction-step Induction
kk = 2 = 2
If proof of any one If proof of any one equivalence fails equivalence fails need to start overneed to start over
2727
Efficient ImplementationEfficient ImplementationTwo observations:Two observations:1.1. Both base and inductive cases of Both base and inductive cases of kk-step induction are -step induction are combinational SAT combinational SAT
sweeping sweeping problemsproblems Tricks and know-how from the above are applicableTricks and know-how from the above are applicable
base case is just BMC base case is just BMC The same integrated package can be usedThe same integrated package can be used
starts with simulationstarts with simulation performs node checking in a topological orderperforms node checking in a topological order benefits from the counter-example simulationbenefits from the counter-example simulation
2.2. Speculative reductionSpeculative reduction Deals with how assumptions are used in the inductive caseDeals with how assumptions are used in the inductive case
2828
Integrated Verification FlowIntegrated Verification Flow(continued)(continued)
2.2. AbstractionAbstraction Use new Use new CBA/PBACBA/PBA method* method*
Uses single instance of SAT solverUses single instance of SAT solver Uses counter-example based abstraction which Uses counter-example based abstraction which
is refined with proof-based abstractionis refined with proof-based abstraction
Checked afterward with BMC, BDDs, and Checked afterward with BMC, BDDs, and simulation for CEX’s and refined with CBA if simulation for CEX’s and refined with CBA if found.found.
* N. Een, A. Mishchenko, and N. Amla, "A single-instance incremental SAT formulation of proof- and counterexample-based abstraction". Proc. IWLS'10.
2929
Integrated Verification FlowIntegrated Verification Flow(continued)(continued)
3.3. SpeculationSpeculation ** ** Especially useful for SEC Especially useful for SEC Simulation used to find Simulation used to find candidatecandidate equivalences. equivalences.
These are equivalences that we could not prove by These are equivalences that we could not prove by induction (sequential SAT sweeping)induction (sequential SAT sweeping)
These are used to build a “speculative miter”These are used to build a “speculative miter” The result is double-checked with BMC, BDDs The result is double-checked with BMC, BDDs
or simulation for CEX’s and refined if necessary.or simulation for CEX’s and refined if necessary.
** H. Mony, J. Baumgartner, V. Paruthi, and R. Kanzelman, ** H. Mony, J. Baumgartner, V. Paruthi, and R. Kanzelman, “Exploiting suspected redundancy without proving it”. “Exploiting suspected redundancy without proving it”. Proc. DAC’05Proc. DAC’05..
3030
Integrated Verification FlowIntegrated Verification Flow(continued)(continued)
4.4. Final Final high-efforthigh-effort verification (prove or disprove) verification (prove or disprove)
Prove: (give long run-time limits and/or large Prove: (give long run-time limits and/or large conflict limits)conflict limits)
Try BDD reachability Try BDD reachability if problem is small enough (< 200 PI, < 200 FFs)if problem is small enough (< 200 PI, < 200 FFs)
Try interpolationTry interpolation Try inductionTry induction
In rare cases, can prove outputs using induction.In rare cases, can prove outputs using induction.
Disprove: (give large run-time and conflict limits)Disprove: (give large run-time and conflict limits) Try heavy BMC on Try heavy BMC on initialinitial simplified circuit (before simplified circuit (before
abstraction or speculation done).abstraction or speculation done).
3131
InterpolationInterpolation Input:Input: Sequential AIG with single output representing a property Sequential AIG with single output representing a property
Property holds when the output is 0Property holds when the output is 0 Method:Method: Over-approximate reachability analysis Over-approximate reachability analysis
Using over-approximations, instead of exact sets of reachable statesUsing over-approximations, instead of exact sets of reachable states Output:Output: Proof that Proof that
1.1. the property holds, or the property holds, or 2.2. a real CEX is provided, ora real CEX is provided, or3.3. ““undecided”undecided”
Implementation:Implementation: A sequence of SAT calls on unrolled time- A sequence of SAT calls on unrolled time-frames that is similar to BMCframes that is similar to BMC
T1 T2 T3 Tn P=1Ik
BA
~property
interpolant
interpolant
inter1
UNSAT
inter2
3232
Still an important back-end of the verification flowStill an important back-end of the verification flow Also useful to find CEX’s during abstraction and Also useful to find CEX’s during abstraction and
speculation refinementspeculation refinement Several ideas, old and new, can be put together to Several ideas, old and new, can be put together to
implement a implement a newnew improved engine improved engine Long live BDDs!Long live BDDs!
BDD-Based ReachabilityBDD-Based Reachability
BDDWe tried to ban BDDs in ABC
3333
Examples of Running ABC+Examples of Running ABC+
1.1. Example 1 of simplifying and final proof Example 1 of simplifying and final proof with interpolationwith interpolation
2.2. ProveProve python code python code
3434
Read_fileRead_file IE1.aigIE1.aigPIs = 532, POs = 1, FF = 2389, ANDs = 12049PIs = 532, POs = 1, FF = 2389, ANDs = 12049proveprove
SimplifyingSimplifyingNumber of constraints = 3Number of constraints = 3Forward retiming, quick_simp, scorr_constr, trm: PIs = 532, POs = 1, FF = 2342, ANDs = 11054Forward retiming, quick_simp, scorr_constr, trm: PIs = 532, POs = 1, FF = 2342, ANDs = 11054Simplify: PIs = 532, POs = 1, FF = 2335, ANDs = 10607Simplify: PIs = 532, POs = 1, FF = 2335, ANDs = 10607Phase abstraction: PIs = 283, POs = 2, FF = 1460, ANDs = 8911Phase abstraction: PIs = 283, POs = 2, FF = 1460, ANDs = 8911quick_verify quick_verify AbstractingAbstractingInitial abstraction: PIs = 1624, POs = 2, FF = 119, ANDs = 1716, max depth = 39Initial abstraction: PIs = 1624, POs = 2, FF = 119, ANDs = 1716, max depth = 39Testing with BMCTesting with BMCbmc3 -C 100000 -T 50 -F 78: No CEX found in 51 framesbmc3 -C 100000 -T 50 -F 78: No CEX found in 51 framesLatches reduced from 1460 to 119Latches reduced from 1460 to 119Simplify: PIs = 1624, POs = 2, FF = 119, ANDs = 1687, max depth = 51Simplify: PIs = 1624, POs = 2, FF = 119, ANDs = 1687, max depth = 51Trimming: PIs = 158, POs = 2, FF = 119, ANDs = 734, max depth = 51Trimming: PIs = 158, POs = 2, FF = 119, ANDs = 734, max depth = 51Simplify: PIs = 158, POs = 2, FF = 119, ANDs = 731, max depth = 51Simplify: PIs = 158, POs = 2, FF = 119, ANDs = 731, max depth = 51quick_verifyquick_verifySpeculatingSpeculatingInitial speculation: PIs = 158, POs = 26, FF = 119, ANDs = 578, max depth = 51Initial speculation: PIs = 158, POs = 26, FF = 119, ANDs = 578, max depth = 51Fast interpolation: reduced POs to 24Fast interpolation: reduced POs to 24Testing with BMCTesting with BMCbmc3 -C 150000 -T 75: No CEX found in 1999 framesbmc3 -C 150000 -T 75: No CEX found in 1999 framesPIs = 158, POs = 24, FF = 119, ANDs = 578, max depth = 1999PIs = 158, POs = 24, FF = 119, ANDs = 578, max depth = 1999Simplify: PIs = 158, POs = 24, FF = 119, ANDs = 535, max depth = 1999Simplify: PIs = 158, POs = 24, FF = 119, ANDs = 535, max depth = 1999Trimming: PIs = 86, POs = 24, FF = 119, ANDs = 513, max depth = 1999Trimming: PIs = 86, POs = 24, FF = 119, ANDs = 513, max depth = 1999
Verifying Verifying Running reach -v -B 1000000 -F 10000 -T 75: BDD reachability abortedRunning reach -v -B 1000000 -F 10000 -T 75: BDD reachability abortedRUNNING interpolation with 20000 conflicts, 50 sec, max 100 frames: RUNNING interpolation with 20000 conflicts, 50 sec, max 100 frames: 'UNSAT‘'UNSAT‘
Elapsed time: 457.87 seconds, total: 458.52 secondsElapsed time: 457.87 seconds, total: 458.52 seconds
Example Example (use of (use of proveprove))
3535
def prove(a): global x_factor,xfi,f_name max_bmc = -1 K = 0 set_globals() status = pre_simp() if status <= Unsat: return RESULT[status] ABC('trm') ABC('write backup 0’) K = K +1 set_globals() if ((n_ands() < 30000) and
(a == 1) and (n_latches() < 300)): status = quick_verify(0) if ((status == Unsat) or (status == Sat)): return RESULT[status]' status = abstract() ABC('trm') status = process_status(status) if ((status <= Unsat) or status == Error): return RESULT[status] ABC('write backup 1’) K = K +1
if status == Undecided_reduction: status = quick_verify(1) status = process_status(status) if status <= Unsat: if status == Sat: status = final_verify_recur(K-1) return RESULT[status] if n_ands() > 15000: K = 2 else: status = speculate() ABC('trm') status = process_status(status) if ((status == Unsat) or status == Error): return RESULT[status] if status == Sat: K = K-1 else: ABC('write backup 2’) K = K +1 status = final_verify_recur(K) return RESULT[status]
Python Code for Python Code for proveprove
3636
Verification Engines (Summary)Verification Engines (Summary) SimplifiersSimplifiers
Combinational synthesisCombinational synthesis Sequential synthesisSequential synthesis
RetimingRetiming Sequential SAT sweeping (k-step induction)Sequential SAT sweeping (k-step induction)
Re-parametrization (Re-parametrization (not implemented yet in ABC currentlynot implemented yet in ABC currently)) Retiming (most forward and minimum FF)Retiming (most forward and minimum FF)
Bug-hunters (Bug-hunters (also part of abstraction methodsalso part of abstraction methods)) random simulation (sequential)random simulation (sequential) bounded model checking (BMC)bounded model checking (BMC) hybrid of simulation and BMC (“semi-formal”)hybrid of simulation and BMC (“semi-formal”) BDD reachabilityBDD reachability
ProversProvers K-step induction, with and without constraintsK-step induction, with and without constraints Interpolation (over-approximate reachability)Interpolation (over-approximate reachability) BDDs (exact reachability)BDDs (exact reachability) Explicit state space enumeration (‘Explicit state space enumeration (‘eraera’)’)
3737
Future WorkFuture Work Improved BDD reachability engine (we hope)Improved BDD reachability engine (we hope)
We have threeWe have three One is quite weak (HWMCC’08)One is quite weak (HWMCC’08) We have just integrated a better oneWe have just integrated a better one May have a much better one later.May have a much better one later.
Improved interpolation engineImproved interpolation engine Working on a new versionWorking on a new version
Improved circuit-based SAT solverImproved circuit-based SAT solver Currently used in signal correspondence to simplify Currently used in signal correspondence to simplify
larger circuitslarger circuits Faster but sometimes limited quality Faster but sometimes limited quality
Will be improved to see if it can compete with MiniSat Will be improved to see if it can compete with MiniSat 1.14c1.14c
3838
To Learn MoreTo Learn More
Read recent papers Read recent papers http://www.eecs.berkeley.edu/~alanmi/http://www.eecs.berkeley.edu/~alanmi/publicationspublications
Send email Send email [email protected]@eecs.berkeley.edu [email protected]@eecs.berkeley.edu
Visit BVSRC webpage Visit BVSRC webpage www.bvsrc.orgwww.bvsrc.org
3939
4040
endend
