Foundations of Reachability AnalysisFoundations of Reachability Analysis
EECS 290A EECS 290A Sequential Logic Synthesis and VerificationSequential Logic Synthesis and Verification
Lecture 1Lecture 1
OverviewOverview
Sequential systems are systems with memory elementsSequential systems are systems with memory elements Behavior can be characterized in terms of states and transitionsBehavior can be characterized in terms of states and transitions States can be initial, reachable, unreachable, etcStates can be initial, reachable, unreachable, etc
Reachability analysis deals with determining the set of Reachability analysis deals with determining the set of reachable statesreachable states
The reachable state information is useful inThe reachable state information is useful in Logic synthesis (external don’t-cares)Logic synthesis (external don’t-cares) Formal verification (proving a property for reachable states)Formal verification (proving a property for reachable states)
Reachability analysis of large systems is a complex task Reachability analysis of large systems is a complex task attracting significant research effortsattracting significant research efforts
Descriptions of Sequential SystemsDescriptions of Sequential Systems
State levelState level Structural levelStructural level
DFFx zy
0 1
States is a higher level description, compared to structureStates is a higher level description, compared to structure Going from structure to states is Going from structure to states is STG extractionSTG extraction Going from states to structure is Going from states to structure is implementationimplementation (encoding (encoding
and logic synthesis)and logic synthesis)
Circuit, logic networkState transition graph (STG), automaton, FSM
Types of StatesTypes of States AA state state characterizes the behavior of characterizes the behavior of
a sequential system, given a fixed set a sequential system, given a fixed set of values of the memory elementsof values of the memory elements
Initial state:Initial state: A state, in which the A state, in which the system begins its functioning.system begins its functioning.
Reachable state:Reachable state: A state that can be A state that can be reached from the initial one though a reached from the initial one though a finite sequence of transitions under finite sequence of transitions under allowed inputs.allowed inputs.
Unreachable state:Unreachable state: A state that A state that cannot be reached from the initial cannot be reached from the initial under any sequence of inputs.under any sequence of inputs.
Unreachable states
Reachable states
State Level DescriptionsState Level Descriptions
0 1
0/0 1/0
1/0
1/1
0/1
0 1
00/0 01/010/0
11/0
11/100/1 01/110/1
Deterministic FSM
Non-Deterministic FSMAutomaton
0 1
0/0 1/0
1/1
1/1
0/1
Pseudo-Non-Deterministic FSM
0 1
000 010100
110
111001 011101
Structural Level DescriptionsStructural Level Descriptions
Primary inputs (PIs)
Primary outputs (POs)
Internal nodes
Latches
Latch outputs (LO)
Latch inputs (LI)
LIPO
PI LO
Logic
Latches
Fanin/Fanout of a NodeFanin/Fanout of a Node
Node has only one output. Node has only one output. Node can have any number of inputs (fanins) and can be Node can have any number of inputs (fanins) and can be
an input to any number of nodes (fanouts)an input to any number of nodes (fanouts)
N
FO1 FO2 FO3
FI1 FI2 FI3
Fanouts
Node
Fanins
Transitive Fanin/Fanout of a NodeTransitive Fanin/Fanout of a Node
Transitive fanin (TFI)
Transitive fanout (TFO)
Node
Reachability “Onion Rings”Reachability “Onion Rings”
0
1
1
22
2
2
3 3
3
3
3
33
Computation of Reachable StatesComputation of Reachable States
InputInput: Sequential system represented by a : Sequential system represented by a transition relationtransition relation and an initial state (a set of and an initial state (a set of initial states)initial states)
ComputationComputation: : Image computationImage computation, set operations , set operations on sets of stateson sets of states
OutputOutput: A set of reachable states: A set of reachable states
RelationRelation DefinitionDefinition. Relation is a subset of the product of two . Relation is a subset of the product of two
sets, sets, R: A x BR: A x B. If (. If (a, ba, b) is an element of ) is an element of RR then we then we write write a R ba R b, meaning , meaning aa is related to is related to bb by by RR. .
xx11 xx22 xx33 yy11 yy22
00 00 00 00 00
00 00 11 00 11
00 11 00 00 11
00 11 11 00 11
11 00 00 00 00
11 00 11 00 11
11 11 00 11 11
11 11 11 11 11
x1
x2
x3
y1
y2
Characteristic FunctionCharacteristic Function
Relation Relation R: A x BR: A x B can be represented by a can be represented by a characteristic function: characteristic function: a Boolean function a Boolean function FFRR(a,b), a (a,b), a A,A, b b B B taking value taking value 11 for for
those those aa and and bb that belong to relation that belong to relation RR..
Example (continued)Example (continued)
xx11 xx22 xx33 yy11 yy22 FF
00 00 00 00 00 11
00 00 11 00 11 11
00 11 00 00 11 11
00 11 11 00 11 11
11 00 00 00 00 11
11 00 11 00 11 11
11 11 00 11 11 11
11 11 11 11 11 11
00other
x1
x2
x3
y1
y2
0 1
Transition RelationTransition Relation
Definition. Definition. An FSM is <I, O, S, An FSM is <I, O, S, , , , S, S0 0 >.>.
Definition. Definition. A transition relation of an FSM A transition relation of an FSM is a relation is a relation R: I x S x SR: I x S x S that is true for a that is true for a pair of states pair of states ss11 and and ss22,, iff there is a iff there is a
transition between them under some input.transition between them under some input.
Transition Relation of an FSMTransition Relation of an FSM
II CSCS cscs1 1 cscs22 NSNS nsns1 1 nsns22
00 AA 0000 BB 1010
0,10,1 AA 0000 AA 0000
00 BB 1010 BB 1010
11 BB 1010 AA 0000
00 CC 0101 BB 1010
11 CC 0101 AA 0000
C
B
A
0,1
01
0
10
Example (continued)Example (continued)
i
cs1
ns1
cs2
ns2
10
C
B
A
0,1
01
0
10
Reachability Pseudo-CodeReachability Pseudo-Code
Reachability( Transition Relation TR, Initial State I )Reachability( Transition Relation TR, Initial State I )
{{ReachedStates = I;ReachedStates = I;
iterate the following computation:iterate the following computation:
{{
ReachedStatesNew = ReachedStatesNew = ImageImage( TR, ReachedStates );( TR, ReachedStates );
if (ReachedStatesNew is contained in ReachedStates ) if (ReachedStatesNew is contained in ReachedStates )
stop;stop;
ReachedStates = ReachedStates + ReachedStatesNew;ReachedStates = ReachedStates + ReachedStatesNew;
}}
}}
Image ComputationImage Computation Given a mapping of one Given a mapping of one
Boolean space (Boolean space (input spaceinput space) ) into another Boolean space into another Boolean space ((output spaceoutput space))
For a set of minterms (For a set of minterms (care setcare set) in ) in the input spacethe input space
• The The imageimage is the set of related is the set of related minterms from the output spaceminterms from the output space
For a set of minterms in the output For a set of minterms in the output spacespace
• The The pre-imagepre-image is the set of related is the set of related minterms in the input spaceminterms in the input space
Input space
Output space
Image
Care set
ExampleExample
a b c
yx Output space
Image
Care set000
001
010
011
100
101
110
111
00
01
10
11
abc
xy
Input space
Image ComputationImage Computation
Implements formula:Implements formula: Image(Y) = Image(Y) = x [R(X,Y) & C(X)]x [R(X,Y) & C(X)] Implicit methods by far outperform explicit onesImplicit methods by far outperform explicit ones
Successfully computing images with more than Successfully computing images with more than 2^1002^100 minterms in minterms in the input/output spacesthe input/output spaces
Operations Operations && and and are basic Boolean manipulations are are basic Boolean manipulations are implemented using BDDsimplemented using BDDs
To avoid large intermediate results (during and after the product To avoid large intermediate results (during and after the product computation), operation computation), operation AND-EXISTAND-EXIST is used, which performs is used, which performs product and quantification in one pass over the BDDproduct and quantification in one pass over the BDD
Image Computation TechniquesImage Computation Techniques
When the relation is a monolithic one When the relation is a monolithic one (represented as a single object), these (represented as a single object), these techniques do not worktechniques do not work
Sometimes the relation can be decomposed Sometimes the relation can be decomposed using disjoint-support decomposition, etc.using disjoint-support decomposition, etc.
Some techniques work for a partitioned Some techniques work for a partitioned representationrepresentation
This representation is natural when the This representation is natural when the system is represented on the structural levelsystem is represented on the structural level
In this case, the transition relation is In this case, the transition relation is given in the form of the set of partitions: given in the form of the set of partitions:
T(x,cs,ns) = T(x,cs,ns) = i Ti(x,cs,nsi)i Ti(x,cs,nsi)
x cs
Latches
ns
Input SplittingInput Splitting
Select an input variableSelect an input variable Cofactor partition w.r.t. this Cofactor partition w.r.t. this
variablevariable Compute the images for Compute the images for
the cofactorsthe cofactors Union the resulting imagesUnion the resulting images
Output space
Image
Care set000
001
010
011
100
101
110
111
00
01
10
11
abc
xy
Input space
x = a + b y = bc
x = b y = bc x = 1 y = bc
a=0 a=1
Output SplittingOutput Splitting Constrain each function Constrain each function Yi(x)Yi(x) w.r.t the care set w.r.t the care set C(x)C(x) Recursively compute the image as follows:Recursively compute the image as follows:
Select an output variable Select an output variable yiyi Constrain each remaining function using the function Constrain each remaining function using the function yi=Yi(x)yi=Yi(x)
• Use the direct polarityUse the direct polarity• Use the complemented polarityUse the complemented polarity
Find the images of the two resulting sets of functions, Find the images of the two resulting sets of functions, Im1(y)Im1(y) and and Im2(y) Im2(y) Combine the images using the Combine the images using the ITEITE operator and the variable operator and the variable yiyi.. Im(y) = ITE(yi, Im1(y), Im2(y))Im(y) = ITE(yi, Im1(y), Im2(y))
Trivial cases:Trivial cases: When function When function Yj(x)Yj(x) is constant is constant 0 (1)0 (1), the image is , the image is yj’ (yj)yj’ (yj) When there is only one non-constant function left, the image is When there is only one non-constant function left, the image is
constant constant 11 (it does not depend on the (it does not depend on the yy variables) variables) When functions in the set When functions in the set YY can be split into two parts with disjoint can be split into two parts with disjoint
support, the image is the product of the two imagessupport, the image is the product of the two images When only two functions are left and, for example, When only two functions are left and, for example, Yj1(x) = Yj2(x)’Yj1(x) = Yj2(x)’, ,
then, the image is then, the image is yj1 yj1 yj2 yj2
Input vs. Output SplittingInput vs. Output Splitting
These two methods are “symmetric” w.r.t. inputs/outputsThese two methods are “symmetric” w.r.t. inputs/outputs Their efficiency depends on the cardinality of I/O spacesTheir efficiency depends on the cardinality of I/O spaces In some problems, output splitting is more efficient In some problems, output splitting is more efficient
because the output space is smaller than the input spacebecause the output space is smaller than the input space As a result, the (potentially exponential) tree depth is bounded by As a result, the (potentially exponential) tree depth is bounded by
a smaller numbera smaller number
Variable 1
Variable 2
Variable 3
Quantification SchedulingQuantification Scheduling
Existential quantification and product commute if a Existential quantification and product commute if a variable to be quantified belongs to only one component variable to be quantified belongs to only one component in the productin the product
x [F(x,y) & G(x,y)] x [F(x,y) & G(x,y)] [ [x F(x,y)] & [x F(x,y)] & [x G(x,y)] x G(x,y)]
x [F(y) & G(x,y)] = F(y) & [x [F(y) & G(x,y)] = F(y) & [x G(x,y)]x G(x,y)]
Scheduling is performed by ordering the partitions, so Scheduling is performed by ordering the partitions, so that the variables are quantified as early as possiblethat the variables are quantified as early as possibleImage(Y) = Image(Y) = x,i [A(x) & T1(x,i,y) & T2(x,i,y) & … & Tk(x,i,y)] =x,i [A(x) & T1(x,i,y) & T2(x,i,y) & … & Tk(x,i,y)] =
= = xxkk,i,ikk [ Tk(x,i,y) & [ Tk(x,i,y) &
& & xxk-1k-1,i,ik-1k-1 [Tk(x,i,y) & [Tk(x,i,y) &
… … & & xx11,i,i11 [T1(x,i,y) & [T1(x,i,y) & xx00,i,i00 A(x)] … ] ] A(x)] … ] ]
Project OverviewProject Overview
Project 1:Project 1: Sequential optimization Sequential optimization without state space explorationwithout state space exploration
The previous work [1] proposes a way to perform The previous work [1] proposes a way to perform sequential optimization using recursive learning across sequential optimization using recursive learning across latch boundaries. The goal of this project is to investigate latch boundaries. The goal of this project is to investigate possible extensions of this work, trying to get deeper possible extensions of this work, trying to get deeper understanding of the relationship of the algorithm with understanding of the relationship of the algorithm with other sequential optimization techniques. Another goal is other sequential optimization techniques. Another goal is to develop an efficient implementation of this method in to develop an efficient implementation of this method in MVSIS. MVSIS.
[1] A. Mehrotra, S. Qadeer, V. Singhal, R. K [1] A. Mehrotra, S. Qadeer, V. Singhal, R. K Brayton, A. L. Sangiovanni-Vincentelli, A. Aziz. Brayton, A. L. Sangiovanni-Vincentelli, A. Aziz. Sequential optimization without state space Sequential optimization without state space exploration. Proc. ICCAD ‘97, pp. 208-215.exploration. Proc. ICCAD ‘97, pp. 208-215.
Project 1:Project 1: Sequential optimization Sequential optimization without state space explorationwithout state space exploration
LIPO
PI LO
Logic
LatchesScope of recursive learning
Project 2: Retiming of AND-INV Project 2: Retiming of AND-INV graphs with latchesgraphs with latches
Retiming moves latches around Retiming moves latches around Retiming with unit-delay combinational blocks leads to the Retiming with unit-delay combinational blocks leads to the
reduction of algorithm complexity [1]reduction of algorithm complexity [1] The project will explore the impact of the above fact when The project will explore the impact of the above fact when
retiming is applied to the AIG [2]retiming is applied to the AIG [2]
[1] M. C. Papaefthymiou, Understanding retiming through [1] M. C. Papaefthymiou, Understanding retiming through maximum average-delay cycles. Math. Systems Theory, maximum average-delay cycles. Math. Systems Theory, 27, 1994, pp. 65-84.27, 1994, pp. 65-84.
[2] A. Mishchenko, S. Chatterjee, R. Jiang, R. Brayton. [2] A. Mishchenko, S. Chatterjee, R. Jiang, R. Brayton. FRAIGs: A Unifying Representation for Logic Synthesis FRAIGs: A Unifying Representation for Logic Synthesis and Verification. Submitted to and Verification. Submitted to DAC ’05DAC ’05..
Project 3: Performing retiming Project 3: Performing retiming together with technology mappingtogether with technology mapping
A study [1] has shown that the quality of results A study [1] has shown that the quality of results achieved by iterating retiming and technology mapping achieved by iterating retiming and technology mapping for FPGAs can be improved by integrating these for FPGAs can be improved by integrating these transformations into one. transformations into one.
This project will develop a similar technique for ASIC This project will develop a similar technique for ASIC mapping [2] and study its impact on the mapping mapping [2] and study its impact on the mapping quality.quality.
[1] J. Cong and C. Wu, Optimal FPGA Mapping and [1] J. Cong and C. Wu, Optimal FPGA Mapping and Retiming with Efficient Initial State Computation, Retiming with Efficient Initial State Computation, IEEE IEEE TCADTCAD, vol. 18(11), pp 1595 -1607, Nov. 1999., vol. 18(11), pp 1595 -1607, Nov. 1999.
[2] A. Mishchenko, S. Chatterjee, R. Brayton, X. Wang, [2] A. Mishchenko, S. Chatterjee, R. Brayton, X. Wang, T. Kam. Technology Mapping with Boolean Matching, T. Kam. Technology Mapping with Boolean Matching, Supergates and Choices. Submitted to Supergates and Choices. Submitted to DACDAC
Project 4: Sequential ATPG using Project 4: Sequential ATPG using simulation and SATsimulation and SAT
Compare the efficiency of ATPG usingCompare the efficiency of ATPG using Random simulationRandom simulation Bounded equivalence checkingBounded equivalence checking Unbounded equivalence checkingUnbounded equivalence checking
The result of this experiment will help answer The result of this experiment will help answer the following questionsthe following questions
How many faults can be detected using the above How many faults can be detected using the above techniquestechniques
Whether bounded equivalence checking is a good Whether bounded equivalence checking is a good method to generate tests for stuck-at faults in method to generate tests for stuck-at faults in sequential circuits.sequential circuits.
Project 5: Implementation of Project 5: Implementation of windowing for sequential optimizationwindowing for sequential optimization This project will focus on studying the available This project will focus on studying the available
windowing schemes [1] for combinational networks windowing schemes [1] for combinational networks and extending them to work for networks with latches. and extending them to work for networks with latches. Several applications will be implemented and tested to Several applications will be implemented and tested to show the impact of windowing on the runtime/quality show the impact of windowing on the runtime/quality trade-off. The applications may include reachability trade-off. The applications may include reachability analysis, reencoding using the set of unreachable analysis, reencoding using the set of unreachable states, computation of combinational don’t-cares due states, computation of combinational don’t-cares due to unreachable and equivalence states using methods to unreachable and equivalence states using methods similar to [1].similar to [1].
A. Mishchenko, R. Brayton. SAT-based complete A. Mishchenko, R. Brayton. SAT-based complete don’t-care computation for network optimization. don’t-care computation for network optimization. Proc. Proc. IWLS ’04IWLS ’04..
Project 6: PTL synthesis for testabilityProject 6: PTL synthesis for testability (Mentor: (Mentor: Rolf Rolf DrechslerDrechsler, University of Bremen, Germany), University of Bremen, Germany) One of the most important steps during circuit design is One of the most important steps during circuit design is
the testability of the netlist. Multiplexor circuits derived the testability of the netlist. Multiplexor circuits derived from BDDs have been studied intensively under various from BDDs have been studied intensively under various fault models. Recently, a new technique has been fault models. Recently, a new technique has been presented that guarantees full testability of a circuit presented that guarantees full testability of a circuit derived from a BDD description under the stuck-at fault derived from a BDD description under the stuck-at fault model and the robust path-delay fault model. The size of model and the robust path-delay fault model. The size of the circuit is directly proportional to the given BDD size. the circuit is directly proportional to the given BDD size.
The goal of this project is to generalize the techniques [1] The goal of this project is to generalize the techniques [1] to work for sequential circuits, i.e. circuits that are not full-to work for sequential circuits, i.e. circuits that are not full-scan. The problem can be studied from a theoretical point scan. The problem can be studied from a theoretical point of view or by an experimental study in the MVSIS of view or by an experimental study in the MVSIS environment.environment.
[1] R. Drechsler, J. Shi, G. Fey. Synthesis of Fully [1] R. Drechsler, J. Shi, G. Fey. Synthesis of Fully Testable Circuits from BDDs. Testable Circuits from BDDs. IEEE Trans. CADIEEE Trans. CAD, Vol. , Vol. 23(3), March 2004, pp. 440-443.23(3), March 2004, pp. 440-443.
Project 7: Verifying sequential Project 7: Verifying sequential circuits after phase assignmentcircuits after phase assignment
(Mentor: (Mentor: GeertGeert Janssen Janssen, IBM T. J. Watson Research , IBM T. J. Watson Research Center, Yorktown Heights)Center, Yorktown Heights)
Two sequential netlists are available, one of them derived Two sequential netlists are available, one of them derived from the other by a phase assignment of the latches. The from the other by a phase assignment of the latches. The inverters are collapsed and the logic functions are inverters are collapsed and the logic functions are restructured. The correspondence of latches in the two restructured. The correspondence of latches in the two netlists is known. The problem is to check if the two netlists is known. The problem is to check if the two designs are indeed equivalent under some phase designs are indeed equivalent under some phase assignment. A general-case sequential equivalence assignment. A general-case sequential equivalence checking method can be used, but the question is if there checking method can be used, but the question is if there exists a more efficient method applicable to the special exists a more efficient method applicable to the special type of the netlist after phase assignment.type of the netlist after phase assignment.
Project 8: Implementation of SAT-based Project 8: Implementation of SAT-based sequential equivalence checkingsequential equivalence checking
Recent advances of SAT-solvers bring SAT formulation to Recent advances of SAT-solvers bring SAT formulation to one of the main streams in formal verification. However, one of the main streams in formal verification. However, most of the prior work on this subject aimed at general most of the prior work on this subject aimed at general model checking. Since sequential equivalence checking is model checking. Since sequential equivalence checking is a very specific and practically important problem in design a very specific and practically important problem in design verification, presumably specialized algorithms (e.g. verification, presumably specialized algorithms (e.g. exploiting similarities of circuit structures) may further exploiting similarities of circuit structures) may further improve verification performance. This project studies the improve verification performance. This project studies the most recent development of SAT-based model checking, most recent development of SAT-based model checking, and applies it to the sequential equivalence checking and applies it to the sequential equivalence checking problem. Students working on this project will get familiar problem. Students working on this project will get familiar with the verification area, and gain programming with the verification area, and gain programming experience with an advanced SAT-solver. experience with an advanced SAT-solver.
[1] K.L. McMillan. Interpolation and SAT-based model [1] K.L. McMillan. Interpolation and SAT-based model checking, Proc. CAV'03, LNCS 2725, 2003, pp. 1-13.checking, Proc. CAV'03, LNCS 2725, 2003, pp. 1-13.
Project 9: Resubstitution in Project 9: Resubstitution in sequential circuitssequential circuits
This project will explore extensions of the notion of This project will explore extensions of the notion of resubstitution for sequential circuits. The idea of one such resubstitution for sequential circuits. The idea of one such extension comes from the following observation. If we consider extension comes from the following observation. If we consider two uninitialized consecutive time-frames of a sequential two uninitialized consecutive time-frames of a sequential circuits as one combinational circuit, some nodes in the first circuits as one combinational circuit, some nodes in the first frame can be resubstituted into the second frame. Going back frame can be resubstituted into the second frame. Going back to the original circuit, this transformation can be interpreted as to the original circuit, this transformation can be interpreted as adding a new latch to the circuit and reexpressing the logic adding a new latch to the circuit and reexpressing the logic function of a node in terms of the new latch. This reexpression function of a node in terms of the new latch. This reexpression may lead to simplification of the node’s local function, or to may lead to simplification of the node’s local function, or to dropping fanins of the node, which may result in making dropping fanins of the node, which may result in making redundant some latches of the original circuit. redundant some latches of the original circuit.
The goal of this project is to develop a theory supporting The goal of this project is to develop a theory supporting resubstitution in sequential circuits and implement an resubstitution in sequential circuits and implement an experimental command in the MVSIS environment, which will experimental command in the MVSIS environment, which will be applicable to large sequential circuits.be applicable to large sequential circuits.
Project 9: Resubstitution in Project 9: Resubstitution in sequential circuitssequential circuits
LIPO
PI LO
Logic
LatchesLIPO
PI LO
Project 10: Using sequential flexibility Project 10: Using sequential flexibility to synthesize redundant circuits for to synthesize redundant circuits for
improved reliabilityimproved reliability Study the last year project by Ruth WangStudy the last year project by Ruth Wang Generalize the problem statement to allow for Generalize the problem statement to allow for
different types of failures and additional different types of failures and additional feedbackfeedback
Develop a methodology to synthesize redundant Develop a methodology to synthesize redundant circuits with improved reliabilitycircuits with improved reliability
Implement the synthesis method and Implement the synthesis method and experiment on benchmarksexperiment on benchmarks