ebook img

A survey of techniques for formal verification of combinational circuits PDF

10 Pages·1997·0.292 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview A survey of techniques for formal verification of combinational circuits

A Surv ey of T echniques for F ormalerVi(cid:12)cation of Combinational Circuits 1 2 1 2 Jawahar Jain Amit Nara yan M. Fujita A. Sangiovanni-Vincentelli With the increase in the complexity of present day systems, tation veri(cid:12)cationtypically proceedsin two phases. In the (cid:12)rst proving the correctness of a design has become a major concern. phase, a Boolean network representingthe original design is ex- Simulation based methodologies are generally inadequate to val- tracted from the RTL description or the transistor level netlist idate the correctness of a design with a reasonable con(cid:12)dence. [40, 14, 15, 38, 63]. In the secondphase, the correctnessof this More and more designers are moving towards formal methods to Booleannetworkisveri(cid:12)edusingsomeformalmethods. guarantee the correctness of their designs. In this paper we sur- Inthispaperwe will focusonlyonthesecondphase. Wewill vey some state-of-the-art techniques used to perform automatic describesome recent advancesmadein the area of verifyingthe veri(cid:12)cation of combinational circuits. equivalenceoftwoBooleannetworks. Morespeci(cid:12)cally,wewillfo- Weclassifythe current approaches forcombinational veri(cid:12)ca- cusonlyontheveri(cid:12)cationofcombinationalcircuitsi.e.,circuits tionintotwocategories: functionalandstructural. Thefunctional in which the outputsdepend only on the currentinputs (as op- methods consist of representing a circuit as a canonical decision posedtosequentialcircuitsinwhichtheoutputsdependnotonly diagram. Twocircuits are equivalent if and only if their decision on the present inputs but also on the past sequence of inputs). diagrams are equal. Thestructural methods consistof identifying Some sequential veri(cid:12)cation problems can also be reduced to a relatednodesinthecircuitandusingthemtosimplifytheproblem combinationalveri(cid:12)cationproblem(e.g. when thecorresponding of veri(cid:12)cation. We brie(cid:13)y describe some of the methods in both latchesinthetwodesignscanbeidenti(cid:12)ed).Althoughtechniques the categories and discusstheir merits and drawbacks. exist for verifying general sequentialcircuits, currently it is not practicaltoverifylargeindustrialdesignsusingthem. 1 Introduction The combinationalveri(cid:12)cationproblem can be stated as fol- Successfuldesignofacomplexdigitalsystemrequiresverifying lows: Giventwo Booleannetlists,checkifthecorrespondingout- thecorrectnessoftheimplementationwithrespecttoitsintended puts of the two circuits are equal for all possible inputs. This functionality. Traditionally,the task of design validationis car- problemis NP-hardandhenceageneralsolutionwhichcanhan- riedoutbymeansofsimulation. Inasimulationbasedapproach, dle arbitrary Boolean functions is not likely to exist. However, thedesignerneedsto createa completeset of testvectorswhich sincethefunctionsthatareimplementedinpracticearenotran- representsallpossibleinputstothesystem. Theoutputsforeach dom Boolean functions, various techniqueshave been developed ofthesetestvectorsareanalyzedtoguaranteethecorrectnessof whichcansuccessfullyverifylargedesigns. thedesign. This processis highlyCPU-timeintensive;in almost Research in combinationalequivalencecheckinghas seen sig- all practicalsituationsit is infeasibleto exhaustivelysimulatea ni(cid:12)cant and rapid improvements since introduction of OBDDs designtoguaranteeitscorrectness. [13]. Thus, details of numerousequivalencecheckingtechniques Duetothelimitationsofasimulationbasedapproach,various [19, 27,29, 45,55, 59,64,65,66,68],developedbeforeanexten- formal veri(cid:12)cationstrategies are becomingincreasinglypopular. siveinvestigationofOBDDsbasedproceduresbeganinlate1980s, Byusingthesetechniques,itispossibletoguaranteethecorrect- have not been covered in this survey. The work in equivalence nessofadesignunderallpossibleinputcombinations. checking, especiallyas done in the last decade, can be classi(cid:12)ed Theprocessofdesigningacomplexsystemusuallystartswith intotwomaincategories: anabstractmodelofthesystem. Thismodelissubjectedtoexten- (cid:15) The(cid:12)rstapproachconsistsoftransformingtheoutputfunc- sivesimulationafterwhichitbecomesthe\goldenspeci(cid:12)cation"of tionsofthetwonetworksintoaunique(i.e. canonical)rep- thedesign. Fromthisabstractmodel,adetailedimplementation resentation. Two circuits are equivalent if and only if the is derivedin a hierarchicalmanner. First the abstract model is canonical representations of the correspondingoutputs are translatedinto a synthesizablebehavioralRTL model represent- the same. The most popularcanonicalrepresentationsare ing the block structurebehavior of the design. This behavioral based on Binary Decision Diagrams (BDDs). We will dis- RTL modelis thentranslatedintoa structuralmodelwhich is a cussmethodsbasedonBDDsinSection2. Intheworstcase logic level description of the system. From the structural RTL thesemethodscanrequireexponentialspace(inthenumber modelatransistornetlistandsubsequentlythephysicallayoutof ofinputs). Wewilldiscusssometechniquesfordealingwith thedesignisderived. this\memoryexplosion"probleminBDDrepresentations. Inasuccessfuldesignmethodologyitisessentialtocatchbugs earlyinthedesigncycle. Forthis,thefunctionalityofthedesignis (cid:15) Thesecondapproachconsistsofidentifyingequivalentpoints veri(cid:12)edateverylevelofhierarchyagainsttheoriginal(\golden") andimplicationsbetweenthetwocircuits. Usingthisinfor- speci(cid:12)cation. This kind of formal veri(cid:12)cationin which di(cid:11)erent mationtheprocessofequivalencecheckingcanbesimpli(cid:12)ed. implementationsof thesame designarecomparedto checktheir Sinceatypicaldesignproceedsbyaseriesoflocalchanges,in equivalenceis known as implementationveri(cid:12)cation. Implemen- mostcasestherearealargenumberofimplicationsbetween thetwocircuitstobeveri(cid:12)ed. Theseimplicationbasedtech- 1 FujitsuLaboratoriesofAmerica,SantaClara,CA 95054 niques have been very successful in verifying large circuits 2 DepartmentofElectricalEngineeringandComputerSciences, and form the basis of most combinationalveri(cid:12)cation sys- UniversityofCalifornia,Berkeley,CA 94720 tems. Wewilldiscusssomeofthesetechniquesinsection3. 1 Proceedings of the 1997 International Conference on Computer Design (ICCD '97) 0-8186-8206-X/97 $10.00 © 1997 IEEE 2 Methods Based on Decision Diagrams detailsonROBDDs,andtheimplementationofatypicalROBDD Inthisapproach,theoutputfunctionsofthetwonetworksare package,pleasereferto[10,13,16]. representedas canonicalBDDs. The two circuits are equivalent Although ROBDDs are canonical and hence can directly be if andonlyif theBDDs oftheircorrespondingoutputsareequal used for combinationalveri(cid:12)cation,their constructionis often a (i.e. isomorphic). timeandmemoryintensiveprocess. The sizeofanROBDD rep- ABDDoverasetofXn=fx1;:::xngofBooleanvariablesis resenting a Boolean function can be exponentialin the number a directed acyclic graph with one source and at most two sinks of primaryinputs in the worst case. This problemis commonly labeled by 0 and 1. Each non-sink (internal) node is labeled referred to as the \memory explosion" problem. In the follow- by a variable in Xn and has two outgoing edges - correspond- ing sectionswe will discussvariousmethodswhichdealwith the ingto where thevariableevaluatesto a 0 or toa 1. For a given memoryexplosionproblemduringROBDDconstruction. assignment to the variables, the function value is evaluated by tracinga path fromthe rootto the terminal. For a giveninput m=(m1;:::;mn),theevaluationstartsattherootandatanin- 2.1 Variable Ordering ternalnodewithlabelxitheoutgoingedgewithlabelmiischosen The size of an ROBDD is strongly dependent on the order- (seeFigure1). ing of its variables. Much of the prior researchin ROBDDs has focused on (cid:12)nding good variable orders to reduce the size of an x1 x1 ROBDD representingaBooleanfunction. Givenacombinational netlist, [47, 24] discuss some heuristicsfor ordering the primary 1 0 1 0 input variableswhich lead to a compactROBDD representation of the outputs. These techniques for the (cid:12)rst time successfully x2 x2 x2 x3 demonstratedthatROBDDscouldbeusedforverifyinglargecir- 1 0 1 0 1 0 1 0 cuits. Anothersigni(cid:12)cantadvanceinvariableorderingwas made withtheintroductionofdynamicvariablereordering[60]. Inthis 1 x3 0 1 x3 0 1 x3 0 1 x2 0 pdruocceedthueremaempeorriyodreicqurieroermdeernitn.gGoifvevnaraiabgrleasphisGa,ttaemvaprtieadblteovreis- successivelymoved to each positionin the ordering list and the 1 0 1 0 resultinggraphsizeis examined. The variableis (cid:12)nallyassigned thepositionwhichresultsinthesmallestgraphsize. Thisprocess isknownassiftingandisrepeatedforeachvariableinthegraph. (a) (b) Sifting n variables, in a graph of size G, requires O(n(cid:1)jGj) ef- fort. Alessexpensiveproceduremayalsobeusedwherevariables are reorderedin a window of say, 3 consecutivevariables. This Figure 1: (a) ROBDD and (b) Free BDD windowisthenmovedforwardtoincludethenextvariableinthe graph, and the process is repeatedtill all n variableshave been considered. Improvementsto sifting basedreorderingtechniques ThoughBDDshavebeenresearchedforaboutfourdecades[46, were suggestedby [57] where the numberof sift operationswere 1],theyfoundwidespreaduseonlyafterBryant[13] showedthat reduced by grouping, and thereby sifting together, the symmet- suchgraphs,undertworestrictions,arecanonicalandcanbeeasily ric variable pairs. Further improvementswere suggested in [56] manipulated. The (cid:12)rst restrictionis thata totalorderingof the wheretheconceptofextendedsymmetrywasintroducedtogroup variablesisenforcedinthegraph. Thatis,ifweconsidervariables alargerblockofvariables. to be orderedas x1 < x2 < ::: < xn, thenevery pathfrom the Though computationally somewhat expensive, dynamic re- roottoasinkencountersthevariablesinthatorder. The second ordering techniques are widely used as they allow the variable restrictionis thatthegraphis reduced. A graphcanbereduced ordering to adapt to the changingfunctions that are being rep- by the repeatedapplicationof the followingtwo rules untilthey resented. Althoughgoodvariableorderingmethodshaveconsid- arenolongerapplicable.Theserulesare: erablyincreasedtheclassoffunctionswhichcanbee(cid:14)cientlyver- (cid:15) MergingRule: Twoisomorphicsubgraphsshouldbemerged. i(cid:12)edusingROBDDs,therearestillmanyfunctionsforwhichany ROBDDisexponentialinthenumberofinputs(e.g. integermul- (cid:15) Deletion Rule: A vertex whose two branches point to the tiplier). Further,theproblemof(cid:12)ndingoptimumvariableorders samevertexshouldbedeleted. isanintractableproblemandtherearemanyinstanceswhereal- The resulting BDD is called a Reduced Ordered BDD (an thoughagoodorderingsmightexist,theheuristicsareunableto ROBDD). The important symbolic manipulation procedures in- (cid:12)ndthem. troducedbyBryantwereapply andcompose; thesetechniquesop- erateontwoidenticallyorderedROBDDs. Apply allowstwoROB- DDstobecombinedundersomeBooleanoperation,andcompose 2.2 Breadth First Manipulation allowsthesubstitutionofanROBDDvariablewithafunction. In [54, 3], it was shown that by manipulatingROBDDs in a Since ROBDDs are canonical, they can be used directly for breadth-(cid:12)rstfashionmuchlargerROBDDscanbeprocessedthan checkingtheequivalenceoftwoBooleancircuits. Twocircuitsare is possibleby the conventionalapply procedure[13] which oper- equivalentifandonlyiftheROBDDsrepresentingthecorrespond- atesasadepth(cid:12)rstalgorithm.Thisgaininmemoryisachievedby ingoutputsof thetwo circuitsare equal. ROBDDs aretypically keepingonlyafewlevelsofROBDDsinthemainmemoryatany constructedusing somevariantof Bryant’sapply procedure[13]; giventimeandstoringtherestinthesecondarymemorywhichis theROBDDforagategissynthesizedbythesymbolicmanipula- typicallymuch larger. Breadth(cid:12)rst algorithmsallow an orderly tionoftheROBDDsofitsinputs,basedonthefunctionalityofg. memoryaccess. Thisresultsinfewerpagefaultsandconsequently Thegatesofthecircuitareprocessedinadepth-(cid:12)rstmanneruntil asigni(cid:12)cantimprovementinperformance,especiallyforlargecir- the ROBDDs of the desiredoutputgate(s)are constructed. For cuits. Recentlyacompletepackagewasimplemented[61]usingthe Proceedings of the 1997 International Conference on Computer Design (ICCD '97) 0-8186-8206-X/97 $10.00 © 1997 IEEE breadth-(cid:12)rstmanipulationideawhichgivesanorderofmagnitude manipulated. Intyped-FreeBDDs, foranygivenvariableassign- performancegainovertheconventionalROBDDpackages. ment, the resulting paths in all graphs contain variables in the Themaindrawbackofthisapproachisthatasonlyafewlevels sameorder. Thevariableorderingfordi(cid:11)erentassignmentsmight arekeptinthemainmemoryatatime,itisdi(cid:14)culttodynamically be di(cid:11)erent. Unfortunately,the practicalproblemsin choosinga reordertheROBDDduringanoperation. good type can greatlyreducethe (cid:13)exibilitygainedfromrelaxing the variableorderingconstraints. Someheuristicsfor generating typedFreeBDDs were presentedin [8, 7]. Typed-freeBDDs ex- 2.3 Node Decompositions tendtheclassoffunctionswhichcanberepresentedinpolynomial ROBDDsemployadecompositionknownasthe\ShannonDe- space but there are still some practicalfunctionsfor which Free composition"in which a functionf is decomposedin terms of a BDDsareexponential(e.g. integermultiplier). variablexasfollows: f =xfx+xfx (1) Herefx representsthepositivecofactoroff withrespecttoxand 2.5 Partitioned ROBDDs is obtainingbyreplacingvariablex bythevalue1. Similarly,fx AlltheBDDmethodsdiscussedsofarrepresentafunctionover representsthenegativecofactorwithrespecttoxandisobtained the entire Boolean space as a single graph (rooted at a unique byreplacingxby0. source). Itwasshownin[33,31,53]thatexponentiallymorecom- Canonicalbutfundamentallydi(cid:11)erentdatastructuressuchas pactrepresentationscanbeobtainedbypartitioningtheBoolean orderedFunctionalDecisionDiagrams(OFDDs)[39]andOrdered space andrepresentingthe functionalityover eachpartitionas a Kronecker Functional Decisions Diagrams (OKFDDs) [22] have separate graph. This compactness in representationis achieved also been proposed to extend the set of functions that can be withoutsacri(cid:12)cingthedesirablepropertiesoftheunderlyinggraph e(cid:14)ciently symbolically manipulated. In OFDDs the function is whichisusedtorepresenteachpartition. In[33,31]thisnotionof decomposedusingthe\Reed-Muller"(\Davio")expansion.Inthis partitioningwasusedtodiscussafunctionrepresentationscheme decomposition,thefunctionf isrepresentedaseither: calledpartitioned-ROBDD,whichwasthenextensivelydeveloped, theoretically as well as experimentally, in [53]. In partitioned- f =fx(cid:8)(x(fx(cid:8)fx)); or f =fx(cid:8)(x(fx(cid:8)fx)) (2) ROBDD every partition of the Boolean space is represented as an ROBDD. Di(cid:11)erent partitionscan have di(cid:11)erent ordering. It OFDDs are canonical like ROBDDs and hence can be used in was shown thatpartitioned-ROBDDsprovidea compact,canon- veri(cid:12)cation.TherearesomefunctionsforwhichROBDDsareex- ical and e(cid:14)cientlymanipulablerepresentationfor Boolean func- ponentialbut OFDDs are polynomial. Thus OFDDs extendthe tions. Thenotionofpartitioningisgeneralandcanbeappliedto classoffunctionswhichcanbeveri(cid:12)edinpolynomialmemoryre- anyBDDrepresentation. sources,butconverselytherearefunctionsforwhichOFDDs are It was shown in [33, 31, 53] thatthe classof functionsrepre- exponentiallylargerthanROBDDs. OKFDDstrytobene(cid:12)tfrom sentable in polynomialspace by monolithic ROBDDs is strictly bothdecompositions;eachvariablehasanassociateddecomposi- containedintheclassoffunctionsthathaveapolynomiallysized tionwhich can be eitherReed-Mulleror Shannon. Variablesare partitioned-ROBDD representation. Similarly, it was shown in orderedandeveryoccurrenceofagivenvariablemustusethesame [53]thattheclassoffunctionswithpolynomiallysizedFreeBDDs decomposition.AlthoughintheoryOKFDDscanbeexponentially is strictly contained in the class of functions with polynomially morecompactthanbothOFDDsandROBDDs, inpracticethey sizedpartitioned-FreeBDDs. Note, partitioned-ROBDDscanbe seemtohaveprovidedonlyamodestimprovementoverROBDDs exponentiallysmallerthan even free BDDs. Further, for combi- (approx. 35%). nationalveri(cid:12)cationonlyonepartitionneedstobepresentinthe memoryat a giventime. This furtherreducesthetotalmemory requirement of veri(cid:12)cation. Using this representation, some in- 2.4 Non-Canonical BDDs dustrialcircuitscouldbe veri(cid:12)edfor the(cid:12)rsttime[53]. One can Non-canonicalBDD representationssuchas XBDDs [37], gB- trytoconstructonlyalimitednumberofpartitionsandabortthe DDs[4],IBDDs[32]havebeenexploredtoobviateOBDDmemory computationaftersomepresettimelimit. Thus,eventhoughonly explosion,oftenleadingtomoree(cid:14)cientveri(cid:12)cation.Forexample, partoftheBooleanspacecouldbeanalyzed,atleastsomepartial inIBDDsanyvariablecanappearmultipletimesonanypathfrom information about the function can be obtained. Also, when a therootto theterminal;an orderis imposedon themultiplicity designis erroneous,thereis a highlikelihoodthatthe erroneous of the occurrence. In other words, an IBDD can be considered mintermsare distributedin morethan one partitionand can be as \layered" BDD such that within each layer the appearances detectedbyprocessingonlyafewpartitions. Experiencewither- of variablesobeya linearorderas in ROBDDs. It was shownin roneouscircuitssuggeststhatinalmostallcasestheerrorscanbe [32]thatsomefunctionsintractableforROBDDssuchashidden- detectedbyconstructingonlyoneortwopartitions[33]. weighted-bit function,Booth-encodedaswellasintegermultiplier, Partitioned-ROBDDs allow a control on the space/time re- etc. canbeveri(cid:12)edinpolynomialtimeusingIBDDs. However,due sourcesandfunctional-coverageas well as on thesuccessofveri- to lackof detailedexperimentalresultsand/orpubliclyavailable (cid:12)cationexperiments. Usingsuchdatastructuresthesuccessofa function manipulationpackages, we feel that further research is veri(cid:12)cationexperimentmaypossiblybeensuredbychangingthe warrantedtogaugethetruepotentialofthesenovelnon-canonical parameters of decompositionand the number of partitions that datastructures. needto be created. Sincethis datastructureis stilla subjectof Another strategy to reduce the BDD sizes in functionrepre- intensiveresearch,itsfullimpactcanbejudgedonlywithtime. sentationis to relax thetotalorderingrequirementof ROBDDs. Onesuchrelaxationistoallowvariablestooccurinanyorderbut atmostoncealonganypathfromtheroottotheterminal. Such 2.6 Com bining Bottom-up and T op-down BDDsarecalledFreeBDDs(Figure1(b)). IngeneralfreeBDDs arenotcanonicalandtheirmanipulationisanintractableproblem approaches of ROBDD construction [23]. However, in [26] it was shown that restrictedforms of free In this section we discuss a mixed bottom-up/top-down ap- BDDsknownastyped-FreeBDDsarecanonicalandcanbeeasily proachforROBDDconstructionwhichattemptstominimizethe Proceedings of the 1997 International Conference on Computer Design (ICCD '97) 0-8186-8206-X/97 $10.00 © 1997 IEEE PRIMARY OUTPUT intermediatepeakmemoryrequirementduringROBDDconstruc- tion-acriticalissueinpracticaluseofOBDDs. Thoughthefol- lowingdiscussioniswithrespecttoROBDDs,itshouldbeequally applicabletootherBDDmethodsaswell. Traditionally,ROBDDsforagivennetlistarebuiltinabottom- upmanner. ToconstructtheROBDDforagivennode,ROBDDs OR of all the nodes that are present in the transitivefan-in of that node are constructedin terms of the primary inputs before the AND ROBDD of the target node is constructed. In this method, the peak intermediatememoryrequirementcan often far exceedthe f g (cid:12)nal (canonical)representationsize of the given function. This places a limit on the complexityof circuits that can be veri(cid:12)ed CUTSET using ROBDDs, and also usually dictates the time required for ROBDDconstruction. In[52,36],techniquestoreducetheinter- mediatepeak memoryrequirementby a suitable combinationof bottom-upandtop-downapproacheswerepresented.Usingthese techniques,ROBDDsformanycircuitoutputscanbeconstructed for which the conventionalmethod fails. The reductionin peak PRIMARY INPUTS memory is often accompanied by a signi(cid:12)cant speed up in the ROBDDconstructionprocessaswell. Let us look at an example where the memory requirement for a bottom-up scheme is exponential while the decomposi- Figure 2: Example where decomposition can avoid expo- tion/composition approach requires only polynomial resources. nential blowup Consider the functionshown in Figure2. Here f and g are two internalnodes. Assume that the ROBDD of g is exponentialin termsoftheprimaryinputs(PIs)foranyvariableordering. Fur- Heuristics for introducinggood structural and functionalde- therassumethatalltheotherinternalnodesofthefunctionrequire composition points were described in [36] and for (cid:12)nding good onlypolynomialmemoryresources. IfwetrytobuildtheROBDD orderofcompositionwerediscussedin[52]. Areductioninmem- of theprimaryoutputy in a bottom-upfashion,we will needto oryisachievedsincetheintermediatepointsoflargeROBDDsizes buildtheROBDDofgintermsofthePIs. ButsincetheROBDD are avoidedand alsobecausedynamicvariablereorderinghas to ofgisexponentialforanygivenvariableordering,thepeakmem- focusonlyonthetargetfunctionandhenceismoree(cid:11)ective.Such ory requiredin the bottom up schemewill be exponential. The anapproachisfullycompatiblewithotherapproachesofreducing functionality of y can be expressed in terms of f and g by the memory(likevariableordering)andcanbeseamlesslyintegrated equationy = f _(f ^g). This simpli(cid:12)es to y = f. Therefore, within any ROBDD package. Therefore, there seems to be no to construct the ROBDD of y we do not need to construct the apparenttrade-o(cid:11)inusingit. ROBDDofg. Wecanintroduceanewvariablerepresentinggand buildtheROBDDofyintermsofthisvariable.Sincegiseventu- allynotpresentiny,weneednoteverconstructtheROBDDofg. 2.7 Probabilistic Veri(cid:12)cation Thiscanletusgetanexponentialreductioninthepeakmemory Anotherimportantwayofverifyingtwocircuitsistoprobabilis- requirementandextendtheclassofcircuitsthatcanbee(cid:14)ciently ticallychecktheirequivalence[9,34]. Inprobabilisticveri(cid:12)cation, processedusingROBDDs. every mintermof a functionf is convertedinto an integervalue The previous example shows that in a typical ROBDD con- under some randomintegerassignment(cid:26) to the input variables. structionprocedurethereisfrequentfunctionalsimpli(cid:12)cationdue Alltheintegervaluesarethenarithmeticallyaddedtogetthehash toBooleanAbsorption: x_(x^y)=xandBooleanCancelation: codeH(cid:26)(f)forf. Onecanassert,withalowprobabilityoferror, x^x^y =0. This meansthatthe(cid:12)naloutputfunctioncanof- thatf (cid:17)gi(cid:11)H(cid:26)(f)=H(cid:26)(g). Thearithmeticevaluationsarecar- tenbesimpler(i.e. hasasmallerROBDD)thantheintermediate riedinaninteger(cid:12)eld,thatis,allarithmeticoperationsaredone functionsthatareusedtoimplementit. Thebottom-upmethods modulosome primep. If f;g are functionsof n-variables,and (cid:15) mayfailwhenanynodeinthetransitivefan-inofthetargetnode denotestheupperboundontheerrorprobability,thenifp(cid:29)n, requiresanexponentiallylargegraph. areasonableassumption,(cid:15)(cid:25)n=p. Otherwise(cid:15)(cid:25)1(cid:0)e(cid:0)n=p. The Theproceduresof[36]and[52]trytoavoidbuildingROBDDs probabilityof erroneouslydecidingthat functionsare equivalent ofthe intermediatefunctionshavinga largeROBDD representa- decreasesexponentially withthenumberofruns: afterkruns,the tionbyintroducingsuitabledecompositionpoints. TheROBDDof errorprobabilityis(cid:15)k. theoutputisthenbuiltintermsofthesedecompositionpointsand [9] suggested probabilistic veri(cid:12)cation of Boolean functions PIs. Thefunctionalityofthedecompositionpointsisexpressedas throughhashingtheirfreeBDDrepresentationtoanintegervalue ROBDDsintermsofpreviouslyintroduceddecompositionpoints under some randomintegerassignment(cid:26) to the input variables. andPIs. Finally,thedecompositionpointsarecomposedbackto Alternately,itwasshownin[34]thatwecanalsotransformarbi- obtainacanonicalROBDDoftheoutputfunction. traryrepresentationofBooleanfunctionsby(cid:12)rstinterpretingthe Twoissuesneedtobeaddressedhere: given function as an integer-valuedarithmetic expression. This arithmeticexpressioncanthenbeevaluatedonintegerassignments (cid:15) Findingagooddecompositionset to its input variables. By using the properties of such integer- (cid:15) Determininga good order of compositionof the decompo- valuedarithmetictransformations,manyanalysistechniqueswere sitionvariablestogetthemonolithicrepresentationsothat developedtoprobabilisticallyverifyBooleanaswellasotherdis- the intermediatememoryexplosionduringthe composition cretefunctionswithanegligibleprobabilityoferror. Forexample, phaseislow. bydecomposingacircuitintoregionswhichhavemutuallydisjoint Proceedings of the 1997 International Conference on Computer Design (ICCD '97) 0-8186-8206-X/97 $10.00 © 1997 IEEE -> vshaoriwanblethsautppaonrtns-betit,aAnLdUusrienqgusiruicnhga(cid:2)ri(tnh2m)ettiimcetraunsisnfogrmROsBitDwDass x1 ->f ->z requiresonlylinearresourceswiththeprobabilisticmethod[34]. ENC In [34] some other methods for exploiting Boolean function properties for e(cid:14)cient hashing were also discussed. For exam- ple,itwasshownthatifthespaceofeachfunctionispartitioned intomutuallydisjointsubspacesthenthehashcodeofthefunction correspondingtoeachpartitioncanbecalculatedindependently; thehashcodeofthefunctionisthesumofthehashcodesof in- dividualpartitions.ThisimpliesthattocheckifH(cid:26)(f) = H(cid:26)(g), wecanpartitionandhashbothf andgindependently.Wedonot X1 needtokeepthepartitionsofbothf,andg,inthememoryatthe ENC same time. Further, it is not necessarythat both f and g have F been partitioned identically. The e(cid:11)ectiveness of this technique -> X2 was shown on special classes of functionslike Hidden-Weighted- x2 Bit(HWB)functionin[34]. Thetechniquespresentedin[53]are ENC directlyapplicabletoprobabilisticveri(cid:12)cationaswellandprovide automaticwaystogeneratesuchpartitions. Anothertechniquecalledcollapse-with-compose [34] allowsef- (cid:12)cienthashingoffunctionswhenorthogonalpartitionscannotbe Bit Level easilyfound. Thisalgorithmgeneratesthehashcodeofthefunc- tiondirectlyfromadecomposedrepresentationwithouthavingto build the monolithicROBDD of the output. For many di(cid:14)cult Word Level circuitsinISCAS-85benchmarkcircuits,itwasshownin[34]that thismethodcansigni(cid:12)cantlyoutperformthemonolithicROBDD methods. Figure 3: Word-Level Veri(cid:12)cation Since one is derivingthe integer representationof a function ratherthan its Booleanrepresentation,one canoften obtainthe hashcodeby exploitingthealgebraicpropertiesofa higherlevel representation,circumventingitsconversiontoaBooleanrepresen- functions. Manydatastructureshavebeenproposedforthispur- tation. Thiswasillustratedin[34]wherehashcodeforann-input pose, e.g., MTBDDs [21], ADDs [5], EVBDD [44], *BMD [17], HWB function was computed from its abstract speci(cid:12)cation in HybridDecisionDiagrams(HDDs)[20]. Outofthese,the*BMD (cid:2)(n3)timeusingonly(cid:2)(n)space. Similarly,thehashcodeforin- andtheHDDdatastructuresareofparticularinterestastheycan tegermultipliercouldbeobtained5timesmoree(cid:14)cientlyfromthe representintegermultiplicatione(cid:14)ciently. However,theveri(cid:12)ca- arithmeticspeci(cid:12)cationof the multiplicationfunctionthan from tionstrategypresentedin[17]cannottakeadvantageofthisfact. itscircuitdescriptionusingonlyaminimalofspace. This is because in the veri(cid:12)cationmethodology, a bit level rep- resentationofthemultiplierhasto becreated(cid:12)rstwhichisthen translatedintotheword-levelrepresentation. To circumventthis 2.8 Veri(cid:12)cation of Arithmetic Circuits problem, [17] proposesa hierarchicalveri(cid:12)cationstrategy. This So far we have discussed methods to compare two logic cir- strategyrequiresawell-de(cid:12)nedstructureforthemultiplierwhich cuitsat thebit-level. For manyarithmeticcircuitsthismay not has to be known a priory. This manual interventionsomewhat be a desirablething. First, theBDD datastructurethatis used reducesthe appealof both *BMDs and HDDs. In [28] a heuris- for bit levelveri(cid:12)cationmay grow exponentiallywith the size of tic to e(cid:14)cientlyconstruct*BMDs is presentedwhich works well thecircuit(forexample,integermultiplication).Secondly,evenif forintegermultipliersbutunfortunatelynotforothercircuitslike wecanguaranteethatthetwonetlistsareequivalentthatdoesn’t dividersandexponentiation. necessarilyimplythatthecircuitisimplementingthecorrectspec- [25] proposesa veri(cid:12)cationmethodwhich uses therecurrence i(cid:12)cation. Toovercometheselimitationsofbit-levelveri(cid:12)cation,a equationsofvariousarithmeticcircuitssuchasmultipliers,square di(cid:11)erentapproachfor verifyingarithmeticcircuits was proposed functions, cube functions etc. to verify them. For example, a in[44,17].!HerealogiccircuitrepresentedasavectorofBoolean multipliersatis(cid:12)estherecurrenceequation,f(x+1;y)=f(x;y)+y functions f iscomparedagainstthespeci(cid:12)cationwhichisrepre- wheref(x;y)=xy. Thus,toprovef(x;y)representsamultiplier, sentedasawordlevelfunctionF. Thebasicideaofthismethod- we needto provef(x+1;y) = f(x;y)+y, where x;y are input ologyis illustratedin Figure3[17]. Herethe primaryinputsare vectorsforgivencircuit. Eachsideoftheequationisrepresented ! ! ! 1 2 i as a separate circuit, and both circuits are e(cid:14)ciently compared groupedinto two sets, x andx . For each set x , we are given bytechniquessuchassuchas[48, 35]whichexploitthefactthat anencodingfunctionENCidescribingaword-levelinterpretation thegivencircuitshaveverysimilarinternalstructures. As onlya ofthesignals,e.g.,unsignedbinary,two’scomplement,BCD etc. multiplierobeystheaboverecurrencerelation,wecanverifythat The!log!icn!etworkisdescribedasasetofBooleanfunctionsgiven thegivencircuitisindeedamultiplierwithoutneedingtorepresent by f (x1;x2)andanencoding,ENCofortheoutputs.Thespeci- thespeci(cid:12)cation. (cid:12)cationisgivenasaword-levelfunctionF(X1;X2). Theproblem 2.9 Boolean Expression Diagrams consistsofverifyingthefollowingequation: ! ! ! ! ! Booleanexpressiondiagrams[2]areageneralizationofBDDs, 1 2 1 2 andcan bethoughtof as BDDs extendedwith Booleanoperator ENCo(f (x ;x ))=F(ENC1(x );ENC2(x )) (3) vertices. Thevariableverticesarede(cid:12)nedinBEDs identicallyto For the word-levelveri(cid:12)cationproblemwe need a datastruc- howtheyarede(cid:12)nedforBDDs,andtheBooleanoperatorvertices ture which cane(cid:14)cientlyrepresentboth bit-leveland word-level have thestandardde(cid:12)nition. Due to the use of the Booleanop- Proceedings of the 1997 International Conference on Computer Design (ICCD '97) 0-8186-8206-X/97 $10.00 © 1997 IEEE eratorvertices,thereisstraightforwardlinearsizetransformation nodes inthe TFIofv suchthatanypathfromthe primaryinputs from a combinationalcircuit, with a 2-inputand-or-not decom- to v must pass through a node vi 2 S. The size of the cutset is position,toitscorrespondingBED.Tomanipulatesuchdiagrams k. (Where unambiguous, we will use the terms nodes and gates theyuseobservationssimilartoonesusedin theMORE [30] ap- interchangeably.) proach. MOREisbasedontheobservationthattheBDDforf_g canbeconstructedbyintroducinganewvariablex,andcreating De(cid:12)nition 2 A gate G is said to be unjusti(cid:12)ed under the afunction(x^f)_(x_g)wherexisthenimplicitlyexistentially present set of value assignments (preassigned values) to some of quanti(cid:12)ed out. To quantify out x we move towards the termi- its fanin and fanout signals (preassigned signals) if among the nal vertices using the sifting procedures similar to ones used in assignmentspossibleontheremaining signalsthereare(a)multi- [60]. BEDs canbeseenas extendingthisideato allowarbitrary ple assignmentswhichareconsistentwiththepreassigned signals, operators and allowing these operators to remain in the graph. and (b) atleast one assignment which can produce value at some Equivalenceof f;g can be checkedby siftingvariables/operators signal that isinconsistent with itspreassigned values. througha graph of f (cid:8)g till it can be determinedto reduce to 0. Suchtechniquescanbee(cid:14)cientifagoodorderinwhichvari- Examplesof unjusti(cid:12)edgates are shown in Figure5. For in- ables should be sifted can be easily determined. However given stance, in the AND gate, suppose the output has already been thefact BEDs are quitesensitiveto theorderin which thevari- assignedaBooleanvalueof0. Now, ifanassignmentfa=1;b= ables/operatorsshouldbesifted,moreresearchneedstobedone 1;c=1gismade,thereisa con(cid:13)ictatthisgate. Similarly,there todetermineanappropriatesiftingorder. existmultipleassignmentsthatcanbemadeatitsinputssuchas fa = 0;b = X;c = Xg forwhich the outputvalue0 canbe pro- duced. Thus,thisisanexampleofanunjusti(cid:12)edgate. Similarly, thereadercanobservethatfortheoutputc=0,theXORgatein Figure5representsanunjusti(cid:12)edgate. a X a X b X 0 d 0c c X b X Figure 5: Example of Unjusti(cid:12)ed Gates x y z De(cid:12)nition 3 GivenaninitialassignmentofBoolean valuestoa subset of nodes in a Boolean network (cid:17), the process of determin- ing the Boolean values at other nodes in (cid:17) using the connectivity 0 1 informationofthenodesandthetruthtablesoftheBoolean func- tions at the nodes is called direct implication. Boolean values at nodes that cannot be derived by direct implication but can be derived using the lawof contrapositum [67]involve indirectim- Figure 4: A BED for (x_y_z)^(x_y) () (x_y) plication. The process of deriving indirect implications iscalled learning. Figure6showsexamplesofadirectimplicationandanindirect 3 Com binational Veri(cid:12)cation Using In- implication. Inthecircuitontheleft,ifwe setsignala=1then by a simple simulation(lookingonly at circuitconnections,and ternal Correspondences the functionalityof each circuit node) we can concludethat the Typicallyduringsynthesisatthegatelevel,thedesignermakes signal f is forced to be a 0. Hence, a = 1 ! f = 0 is called a localmodi(cid:12)cationstothelogicnetworkforadjustingtiming,area, direct implication. Similarlyfor the circuit on the right, by law delayandothercharacteristics.Sincethechangesthataremadeto of contrapositumwe candeducethatf = 1! a= 0. However, thenetworksarelocalizedinnature,mostoftheoriginalnetwork the readercan check thatsuch a deductioncouldnot havebeen remains structurally unchanged. Various techniques have been arrivedat by a naivesimulationprocesssuch as the oneused to developedwhich exploitthe internalcorrespondencesin the two derivethedirectimplication;thus,f = 1! a=0 is an indirect circuitstospeeduptheprocessofveri(cid:12)cation.Wewill(cid:12)rstexplain implication. theterminologyusedintherestofthissectionandthendescribe someofthemethodsthatmakeuseoftheinternalcorrespondences incombinationalveri(cid:12)cation. 3.2 Learning Techniques: Techniques for Detecting Indirect Implications 3.1 Terminology Thereareseveralveri(cid:12)cationmethodsthatextractandusein- Weassumethatthereaderisfamiliarwiththebasicde(cid:12)nitions ternalcorrespondencesbetweentwogivennetworksusinglearning ofBooleannetworks,fanins,fanouts,transitivefanins(TFIs)and basedmethods.Learninginvolvestheextractionofindirectimpli- transitivefanouts(TFOs)[12]. cationsbetweennodesinacircuit. RecursiveLearning(RL)[43], andFunctionalLearning(FL)[50,35]aretwoofthemorepopular De(cid:12)nition 1 Given a Boolean network (cid:17)= (V;E), a cutset in learningtechniques. The conceptsof FL and RL are illustrated theTFIofanode v2V isde(cid:12)ned asasetS=fv1;v2;:::;vkgof belowbymeansofanexample. Proceedings of the 1997 International Conference on Computer Design (ICCD '97) 0-8186-8206-X/97 $10.00 © 1997 IEEE x x 0 x b d b d 3.3 Techniques for Exploiting Internal 1 0 0 1 Equivalences a f a f Thereareseveralveri(cid:12)cationmethodsthatexploitinternalcor- 0 x respondencesbetweentwogivennetworks. Bermanet al. [6]pro- x x c e c e posedatechniquetouseinternalequivalencesinordertoestablish the functionalequivalenceof two networks. A min-cutbasedal- direct indir a = 1 f = 0 Learning : f = 1 a = 0 gorithm for decomposingnetworks was proposed to break down theentireveri(cid:12)cationproblemintosmallersub-problems.Asetof potentiallyequivalentgatepairsareidenti(cid:12)edinthetwonetworks; latertheequivalenceofthepairedgatesisdecidedusingexhaustive Figure 6: Indirect Implication simulation. Now, usingacutof equivalentgates,it isattempted to verify if the given circuits are also equivalent. However, this methodwas plaguedwiththeproblemoffalse-negatives. A false cutset G H negative refers to a situation where although the two functions x1 a H 0 a a 0 which are being compared are equivalent, the veri(cid:12)cation algo- x2 x3 b G = 1 0 b 1 1 1 1 b 0 reixtahmmpilnecoofrrfaeclstely-ncelgaastsiiv(cid:12)ee.sFthaemndaGs dair(cid:11)eeerqenutiv.aFleingturoeut8pushtsow(bsoatnh x4 c I 0 1 0 1 being equalto b) and noded1 is functionallyequivalentto node x5 d2. However,ifaveri(cid:12)cationofF andGisattemptedintermsof G = 1 H = 0 thecutsetsshownbydottedlinesinFigure8,F willturnouttobe inequivalenttoG. Althoughtheynotethatthefalsenegativescan beresolvedifthegivencutcanbecomposedintermsofprimary inputvariablesusingOBDDs,theydonotgiverelevantdetailsof Figure 7: Example of Functional Learning correspondingprocedures, or any empiricalresults outliningthe e(cid:14)ciencyofsuchatechnique. ConsiderthecircuitshowninFigure7. SupposethataBoolean a d1 F 1 is injectedat gateG. We wish tolearnwhatG =1 impliesat gateH. Letuschooseacutset(cid:21)=fa;b;cgofinternalgatesinthe b circuit. InFL,webuildtheROBDDsforgatesGandH basedon (cid:21). The ROBDDs for G andH areshown in theFigure7. From these two BDDs we can infer thatG = 1 ) H = 0. Also, note a d2 that this relationbetween G and H cannot be derivedby using G direct implication. This is becauseafter a Boolean 1 is injected b at G, it becomesunjusti(cid:12)ed. Therefore,directimplicationbased simulationdue to G = 1 cannot result in Boolean values being c impliedatanyothergateinthecircuit. However,G=1)H =0 canbederivedbycarryingouttheBooleanoperation:G^H and examiningtheresultingROBDDforequivalencewithG. Thetime complexityoffunctionallearningiscontrolledbythesizeofBDDs andisimpracticalwhentheBDDsgrowquitelarge. Figure 8: False Negative InRLwenotethatG=1canbesatis(cid:12)edbyeitherH=0;I=X or H=X;I=0. However, I=0impliesthatb=1 whichin turn Cerny and Mauras [18] introduced the notion of cross- impliesthatH=0. Therefore,G=1impliesH=0. Here,givena controllability and cross-observability among the internal nodes valueassignmentinthecircuit,thedeductionprocessrecursively ontheappropriatecutsetsinthetwogivennetworkstocheckfor analyzesthee(cid:11)ectofeachjusti(cid:12)cationvector,andintersectsthe equivalence. By cross-controllability at a cutset (cid:21) they refer to common\e(cid:11)ect"of everyjusti(cid:12)cationvectorthatcansatisfythe thecombinationofBooleanvaluesthatcanbeproducedat(cid:21);by givencircuitcondition. The result of this intersectionprocessis cross-observability at (cid:21)theyrefertothecombinationofBoolean theimplicationoftheoriginalvalueassignmentinthecircuit. The valueswhichifproducedat(cid:21)willimplythatgivenprimaryoutput timecomplexityofrecursivelearningisexponentialinthenumber pairs will assumeidenticalBooleanvalues. The circuitsare now ofrecursionlevels,andinpracticeislimitedtotwoorthreelevels equivalentif it can be proved that cross-controllability (cid:18) cross- ofrecursions. Bothrecursivelearningaswell asfunctionallearn- observability foranycutset(cid:21). However,nosystematicalgorithm ing are calleda complete methodfor learningin digitalcircuits, forchoosingan\appropriate"cutsetwaspresentedandwedonot i.e. givensu(cid:14)cienttime,theycandetermineallconstant-valuere- knowofanywidescaleutilizationofthistechnique. lationships inthecircuit,i.e.,allcaseswherea constantBoolean Brand [11] proposedan ATPG based techniqueto determine valuev2f0;1gatagivengateimpliesanotherconstantBoolean equivalencesbetweentheinternalnodesintwogivencircuits.This value at another gate. However, since FL is based upon BDD methodcan(cid:12)ndnodeswhichareequivalentundertheobservabil- basedmanipulations,it can, relativelymoreconveniently,detect itydon’tcare(ODC)set. GiventwocircuitsC1 andC2,andtwo morecomplexrelationshipsbetweenasetoffunctionswithanother potentiallyequivalentnodes n1 2 C1 and n2 2 C2, a new XOR setoffunctions:forexample,agatef =0maysimplyimplythat gateY,isintroducedinC1suchthatn1 andn2 arethetwofanins 1 disjunctionofasetoffunctionsmustbe1. Or,underf =0,some ofY. Fig.9showsanexampleofsuchamiter circuit. Thedot- gatesmustassumeidenticalvalue. tedlinesshowtheoriginalcircuitconnections.AnewXORgateis 1 Inveri(cid:12)cationalgorithms,potentialequivalentnodesbetween Proceedings of the 1997 International Conference on Computer Design (ICCD '97) 0-8186-8206-X/97 $10.00 © 1997 IEEE introducedandtheoutputsoftheXORgatefeedsthenodesthat The learningbasedtechniqueshaveseverallimitations. First, wereoriginallyfedbynoden1. Next,anATPGtoolisusedtotest theyareunabletoderiveall internalequivalencesinlimitedcom- thefaults-a-0atY asshown inthe(cid:12)gure. Ifthefaultis proved putationalresources. All theknownlearningtechniquesdiscover to be redundantthenn2 can replacen1 in circuitC1. However, equivalencesbetweeninternalgatesin circuitsusingtwo indirect this methodof (cid:12)ndingequivalentnodescan becomeine(cid:14)cientif implications:to(cid:12)ndiff (cid:17)gtheyindividuallydetermineiff )g, the faults that are tested to determineinternalequivalencesare andthenifg)f. However,(cid:12)ndingindirectimplications,whether intractableor if not too many internal equivalencesexist in the throughROBDD operations[49] or techniquessuch as recursive twodesigns. learning[43],canberelativelyexpensive.Anotherproblemisthat Circuit C1 there is no simplemethodto determine,a priori, the numberof levelsoflearningthatwillberequiredonagivenpairofcircuits. Hence,acompleteautomationoflearningbasedveri(cid:12)cationtools maybedi(cid:14)cult. n1 Recentlyanothere(cid:14)cienttechniquethatanalyzesinternalsim- TS n3 Output iBlaergiitniensinbgeftrwoemengactirecsucitlosseusstintgo RprOimBaDrDysinwpuasts,pfruonpcotsieodni(ng(cid:8)[48h]). U P Y is calculatedfor all potentiallyequivalentgate pairs (g;h) using N I ROBDDs. Theequivalentgatesbetweentwo circuitsaremerged asshowninFigure9. TheROBDDsarebuiltusinginternalvari- n2 ableswhichareusuallyintroducedatgatesthathavealreadybeen showntobeequivalent.Thesetofinternalvariables(gates)ischo- sensuchthatweminimizegatesthathaveapathtoanothergate node from circuit C2 inthesameset. Thistechniquegivesuptoanorderofmagnitude speed-upover[58]onmanybenchmarkcircuits. 3.5 BDD Hash Based T echniques Figure 9: Testing node equivalences by creating a miter Using such techniquesmany internalequivalentgates can be identi(cid:12)edrather easilywithout always explicitlycarryingout an XOR between pair of potentiallyequivalentcandidates [41, 51]. 3.4 Learning Based Veri(cid:12)cation Techniques While constructingOBDDs for a given circuit, the OBDD con- Recently,several learningbasedtechniquesfor combinational structionissuspendedatsomewellde(cid:12)nedintervals,andtheOB- veri(cid:12)cationhavebeenproposed. In[42],acombinationalveri(cid:12)ca- DDs ofthesetofthegatesalreadyprocessedisexamined;ifany tiontool,HANNIBAL,basedonrecursivelearningwaspresented. two gatespossessanidenticalOBDD thena commonvariableis HANNIBAL operates in two distinct phases. In the (cid:12)rst phase, introducedatboththegates. Theequivalentgatescanbemerged learningis carriedoutat allthenodesin thetwo networksfora to produce a simpler network. After examiningall gates whose userspeci(cid:12)ednumberoflearninglevels;often,thisphaseitselfcan OBDDwasalreadyprocessed,theOBDDconstructionfortherest verifyseveralprimaryoutputsofthetwonetworks. Inthesecond ofthecircuitisagainresumed. Toidentifysuchequivalentgates, phase,usingthelearninginformationderivedinthe(cid:12)rstphase,an theprimaryinputsofgivencircuitsformthe(cid:12)rstcutsetforbuild- ATPGtoolisinvokedforverifyingtheremainingprimaryoutputs. ingBDDsforthegatesinthenetworkandthegatesareprocessed In[49] anotherveri(cid:12)cationtool,VERIFUL, was presentedwhich in a breadth(cid:12)rstorder. The gatesarehashedintoa hashtable, is based on functional learning. This tool also has two phases BDD-hash, using the pointer to their BDDs as the keys. The likeHANNIBAL.Herelearningiscarriedoutateachgategusing hashingmechanismisshowninFigure10. Thedottedlinesshow ROBDDs. These ROBDDs are built using a cutset that is at a cutset1 andcutset2 respectively. The cutset1 consistsofthepri- 2 structuraldistance d away from g. Here d can vary from 1 to maryinputstothenetwork. BDDsforthegatesn3,n4andn5are apredeterminedmaximumdistancedmax. Theamountoflearn- builtin termsofcutset1. Thegatesn4 andn5 hashtothesame ing obtainedin a network can be increasedby increasingdmax. collisionchaininBDD-hashbecausetheyhaveidenticalBDDsin However,thesizesoftheROBDDsthatarebuiltusuallyincrease termsofcutset1. HeuristicsbasedonthesizeofthesharedBDD with the increase in d. This results in an increase in the time datastructureandthenumberofstructurallevelsofcircuitryfor andspaceresourcesrequired. Two otherlearningbasedveri(cid:12)ca- which BDDs arebuiltusinganycutsetareusedtolimitthesize tionalgorithmswerepresentedin[35,58]. Bothofthesemethods of BDDs at any time. They are alsoused to introducenew cut- consistofaninitiallearningphasefollowedbyanROBDDbased setsbasedonalreadydiscoveredequivalentgates. Iffalsenegative equivalence-checkingphase. MethodstoreducetheROBDDsizes is requiredtoberesolvedbetweenanytwo potentiallyequivalent usingthelearninginformationwere presented. In [58] the ROB- candidate gates g;h, then we can compose the g(cid:8)h OBDD in DDs were prunedwith an ATPG tool that uses the learningin- termsofthecutsetofgateswhereforeachmemberonthiscutset 3 formation derived in the (cid:12)rst phase. In [35] invariants based wehavealreadyfoundafunctionallyequivalentgate. on learnings are used to simplify the ROBDDs. This technique also successivelycomposes BDDs in terms of cutsets of internal equivalentgatestillthefunctionalequivalenceisresolved. 4 Conclusion Duetothememoryexplosionproblem,BDDsaloneappearun- twocircuitsaretypicallydecidedbysimulatingthegivencircuits suitableforverifyinglargedesigns. However, theyformacrucial on some k simulationvectors. Two nodes are now called poten- representationvehiclefor the internalcorrespondencebasedver- tiallyequivalentif theyhaveanequivalentoutputoneachofthe i(cid:12)cation techniques. A practical combinational veri(cid:12)cation tool k vectors. Thevalueofk canbedecideddynamicallyorapriori. mustconsolidatediversetechniquesfor extractinginternalcorre- 2 The structurallevel in functionallearningof [49] is a close spondences.SuchatechniquemustusethestateoftheartBDDs, analogueoftheleveloflearninginrecursivelearning. ATPG, as well as implicationbasedtechniques. For example,it 3 Ifa)b,whereaandbaretwonodes,thena+bisaninvariant. hasbeenobservedthataveri(cid:12)cationtechniquebasedonexploiting Proceedings of the 1997 International Conference on Computer Design (ICCD '97) 0-8186-8206-X/97 $10.00 © 1997 IEEE Network cutset1 cutset2 n4 n6 Bdd-hash [12] R.K.Brayton,R.Rudell,A.L.Sangiovanni-Vincentelli,and A. R. Wang. MIS:A Multiple-LevelLogicOptimizationSys- n4 n6 n1 n3 n7 tem. IEEE Transactions on Computer-Aided Design, CAD- n5 n5 n7 6(6):1062{1081,November1987. [13] R.E.Bryant. Graph-basedAlgorithmsforBooleanFunction n2 Manipulation. IEEE Transactions on Computers, C-35:677{ 691,August1986. [14] R. E. Bryant. Boolean Analysis of MOS Circuits. IEEE Figure 10: Hashing of gates with equivalent internal TransactionsonComputer-Aided Design,pages634{649,July BDDs 1987. [15] R.E.Bryant.Extractionofgatelevelmodelsfromtransistor internalequivalencescan fail on circuitsthathave relativelyfew circuitsbyfour-valuedsymbolicanalysis. ICCAD,1991. equivalentnodes. Therefore, such a techniqueneeds to be com- [16] R. E. Bryant. Symbolicbooleanmanipulationwith ordered binedwithalearningalgorithmtomakeuseoftheindirectimplica- binarydecisiondiagrams. ACM Computing Surveys, 24:293{ tionrelationsthatexistbetweenthenodesofthetwocircuits. To 318,September1992. verifyinequivalentcircuitsor internalnodes, use of ATPG tech- niques appears essential. Finally, in cases where both internal [17] R.E.BryantandY.Chen. Veri(cid:12)cationofarithmeticcircuits equivalenceandlearningtechniquesproveinadequate,veri(cid:12)cation withbinarymomentdiagrams. DAC,1995. techniquesshouldbeaugmentedbyfunctionalpartitioning,possi- [18] E. Cerny and C. Mauras. Tautology checking using cross- blyusingrepresentationssuchaspartitioned-ROBDDs. controllabilityandcross-observabilityrelations.ICCAD,1990. [19] Chandrasekhar et al. Application of term rewriting tech- 5 Acknowledgemen t niquestohardwaredesignveri(cid:12)cation. 24th Design Automa- We wouldliketothankRajarshiMukherjeeforhisassistance tion Conference, 1987. with this paper. The secondauthorwas supportedby CA State [20] E. M. Clarke,M. Fujita,andX. Zhao. Hybriddecisiondia- MICRO programgrant#94-110andSRC95-DC-324. grams. ICCAD,1995. [21] E. M. Clarke et. al. Spectral transforms for large boolean References functions with applications to technology mapping. DAC, [1] S.B.Akers. Binarydecisiondiagrams.IEEETransactionson 1993. Computers,C-27:509{516,June1978. [22] R.Drechsleret.al.E(cid:14)cientrepresentationandmanipulation [2] H. R. Andersen and H. Hulgaard. Boolean Expression Di- ofswitchingfunctionsbasedonOrderedKroneckerFunctional agrams. IEEE Conference on Logics in Computer Science DecisionDiagrams. DAC,1994. (LICS),July1997. [23] L.Fortuneet.al. Thecomplexityofequivalenceandcontain- [3] P. Ashar andM. Cheon. E(cid:14)cientbreadth-(cid:12)rstmanipulation mentforfreesinglevariableprogramschemes.LectureNotesin ofbinary-decisiondiagrams. ICCAD,1994. Computer Science 62, Springer-Verlag, pages227{240,1978. [4] P.Ashar,A.Ghosh,andS.Devadas.Booleansatis(cid:12)abilityand [24] M.Fujita,H. Fujisawa,andN.Kawato. EvaluationandIm- equivalencecheckingusing general binarydecisiondiagrams. provementsofBooleanComparisonMethodBasedonBinary ICCD,1991. DecisionDiagrams. ICCAD,1988. [5] R. Baharet. al. Algebraicdecisiondiagramsandtheirappli- [25] M.Fujita. Veri(cid:12)cationofArithmeticCircuitsbyComparing cations. ICCAD,1993. Two SimilarCircuits. CAV, 1996. [6] C. L.BermanandL.H Trevyllian. Functionalcomparisonof [26] J. Gergov and C. Meinel. E(cid:14)cient Boolean Manipulation logicdesignsforvlsicircuits. ICCAD,1989. WithOBDD’scanbeExtendedtoFBDD’s.IEEETransaction [7] J.Bern,C.Meinel,andA.Slobodova.E(cid:14)cientOBDD-Based on Computers,43(10):1197{1209,1994. BooleanManipulationinCADBeyondCurrentLimits. DAC, [27] G.D. HachtelandR.M. Jacoby. Algorithmsformulti-level 1995. tautologyandequivalence.IEEEInternationalSymposiumon [8] J. Bern, C. Meinel, and A. Slobodova. Some Heuristics for Circuits and Systems,1985. Generating Tree-like FBDD Types. IEEE Transactions on [28] K.Hamaguchi,A.Morita,andS.Yajima. E(cid:14)cientconstruc- Computer-Aided Design,pages127{134,January1996. tion of binary momentdiagramsfor verifyingarithmeticcir- [9] M.Blumet.al. EquivalenceoffreeBooleangraphscanbede- cuits. ICCAD,1995. cidedprobabilisticallyin polynomialtime. Information Pro- [29] F.K.HannaandNDaeche. Speci(cid:12)cationandveri(cid:12)cationof cessing Letters,10:80{82,March1980. digitalsystemsusinghigher-order logic. IEE Proc., 133,Pt. [10] K.S.Brace,R.L.Rudell,andR.E.Bryant. E(cid:14)cientImple- E.,No.5:242{254,Sept.1986. mentationofaBDDPackage. DAC,1990. [30] A. Hett, R. Drechsler, and B. Becker. MORE: Alternative [11] D.Brand. Veri(cid:12)cationoflargesynthesizeddesigns. ICCAD, implementationofBDD-packagesbymulti-operandsynthesis. 1993. European Design Conference, 1996. Proceedings of the 1997 International Conference on Computer Design (ICCD '97) 0-8186-8206-X/97 $10.00 © 1997 IEEE [31] J.Jain.Onanalysisofbooleanfunctions.Ph.DDissertation, [51] R.Mukherjee,J. Jain,K. Takayama,M. Fujita,J.A. Abra- Dept.ofElectricalandComputerEngineering,TheUniversity ham,D.S.Fussell. E(cid:14)cientCombinationalVeri(cid:12)cationUsing of Texas at Austin,1993. BDDsandaHashTable. ISCAS,1997. [32] J.Jain,J. Bitner,M.Abadir,D.S.Fussell,andJ.A. Abra- [52] A. Narayan, S. P. Khatri, J. Jain, M. Fujita, R. K. Bray- ham. IndexedBDDs: Algorithmicadvancesin techniquesto ton, and A. Sangiovanni-Vincentelli. A Study of Composi- represent and verify Boolean functions. To be published in tion SchemesforMixed Apply/ComposeBased Construction IEEE Transactions on Computers. ofROBDDs. Intl.Conf. on VLSI Design,1996. [33] J. Jain, J. Bitner, D. S. Fussell, and J. A. Abraham. [53] A. Narayan, J. Jain, M. Fujita, and A. L. Sangiovanni- Functionalpartitioningfor veri(cid:12)cationand relatedproblems. Vincentelli.Partitioned-ROBDDs-ACompact,Canonicaland Brown/MITVLSI Conference, 1992. E(cid:14)cientlyManipulableRepresentationforBooleanFunctions. [34] J. Jain, J. Bitner,D. S. Fussell,andJ. A. Abraham. Prob- ICCAD,1996. abilisticveri(cid:12)cationofBooleanfunctions. Formal Methods in [54] H. Ochi, K. Yasouka,andS. Yajima. Breadth-(cid:12)rstmanipu- System Design,1: 61{115,1992. lationofverylargebinary-decisiondiagrams. ICCAD,1993. [35] J.Jain,R.Mukherjee,andM.Fujita. AdvancedVeri(cid:12)cation [55] G.Odawara,M.Tomita,O.Okuzawa,TOhta,andZZhuang. TechniquesBasedonLearning. DAC,1995. A logic veri(cid:12)er based on Boolean comparison. 23rd Design [36] J. Jain, A. Narayan, C. Coelho, S. Khatri, A. Sangiovanni- Automation Conference, pages208{214,1986. Vincentelli,R. Brayton,andM. Fujita. DecompositionTech- [56] S. Panda and F. Somenzi. Who Are the Variables in Your niquesforE(cid:14)cientROBDDConstruction.Formal Methodsin Neighborhood.ICCAD,1995. CAD 96,LNCS.Springer-Verlag,1996. [57] S.Panda,F.Somenzi,andB.Plessier. SymmetryDetection [37] S.-W.Jeong,B.Plessier,G.Hachtel,andF.Somenzi.Struc- and Dynamic Variable Ordering of Decision Diagrams. IC- tural BDDs: Trading canonicityfor structure in veri(cid:12)cation CAD,1994. algorithms.ICCAD,1991. [58] S.M.Reddy,W.Kunz,andD.K.Pradhan.NovelVeri(cid:12)cation [38] T.KamandP.A.Subrahmanyam.ComparingLayoutswith Framework Combining Structural and OBDD Methods in a HDLModels: A FormalVeri(cid:12)cationTechnique. IEEE Trans- SynthesisEnvironment.DAC,1995. actions on Computer-Aided Design, pages 503{509, April [59] J. P. Roth. Hardware veri(cid:12)cation. IEEE Transactions on 1995. Computers,C-26(12):1292{1294,December1977. [39] U.Kebschullet.al. MultilevellogicsynthesisbasedonFunc- [60] R.L.Rudell.DynamicVariableOrderingforOrderedBinary tionalDecisionDiagrams. European DAC,1992. DecisionDiagrams. ICCAD,1993. [40] A. Kuehlmann, A. Srinivasan, and D. P. LaPotin. A For- [61] J.V.Sanghavi,R.K.Ranjan,andA.Sangiovanni-Vincentelli, mal Veri(cid:12)cation Program for Custom CMOS Circuits. IBM and R. K. Brayton. High PerformanceBDD Packageby Ex- Journal of Research and Development, January1995. ploitingMemoryHierarchy. DAC,1996. [41] A. Kuehlmannand F. Krohm. EquivalenceCheckingUsing [62] A. Shen,S.Devadas,andA. Ghosh. Probabilisticconstruc- CutsandHeaps. DAC,pages263-268,1997. tion and manipulation of free Boolean diagrams. In Digest [42] W.Kunz. HANNIBAL: AnE(cid:14)cientToolforLogicVeri(cid:12)ca- of Technical Papers ofthe IEEE International Conference on tionBasedonRecursiveLearning. ICCAD,1993. Computer-Aided Design,pages544{549,1993. [43] W. Kunz and D. K. Pradhan. Recursive learning: An at- [63] K.J.SinghandP.A.Subrahmanyam.ExtractingRTLmod- tractivealternativeto thedecisiontreefor testgenerationin elsfromtransistornetlists. ICCAD,1995. digitalcircuits. ITC,1992. [64] G.L.Smith,R.J.Bahnsen,andH.Halliwell. Booleancom- [44] Y-TLaiandS.Sastry.Edge-valuedbinarydecisiondiagrams parisonofhardwareand(cid:13)owcharts. IBMJournal ofResearch formulti-levelhierarchicalveri(cid:12)cation. DAC,1992. and Development, 26(1):106{116,January1982. [45] P.Lammens,L.Claesen,andH.DeMan. Correctnessveri(cid:12)- [65] K. SonandZ. Kishimoto. A formalveri(cid:12)cationmethodfor cationofVLSImodulessupportedbyaverye(cid:14)cientBoolean hierarchialdesigns.IEEEConferenceonComputer-Aided De- prover. ICCAD,1989. sign,1981. [46] C. Y. Lee. Representationof switching circuits by binary- [66] E. P. Stabler and H. Bingol. Boolean comparisonby simu- decisionprograms. Bell Syst.Tech. J.,38:985{999,1959. lation. 24th Design Automation Conference, pages 584{587, [47] S.Maliket. al. LogicVeri(cid:12)cationusingBinaryDecisionDi- 1987. agramsinaLogicSynthesisEnvironment.ICCAD,1988. [67] D. F. Stantat and D. A. McAllister. Discrete Mathematics [48] Y.Matsunaga. AnE(cid:14)cientEquivalenceCheckerforCombi- in Computer Science. Intl. Series in Applied Mathematics. nationalCircuits. DAC,1996. Prentice-Hall,EnglewoodCli(cid:11)s,N.J.,1977. [49] R.Mukherjee,J.Jain,andM.Fujita. VERIFUL:VERI(cid:12)ca- [68] R. S. Wei andA. Sangiovanni-Vincentelli. Proteus: A logic tionusingFUnctionalLearning. EDAC,1995. [50] R.Mukherjee,J.Jain,andD.K.Pradhan.FunctionalLearn- veri(cid:12)cationsystemforcombinationallogiccircuit.Proceedings ing: Anewapproachtolearningindigitalcircuits.IEEEVLSI of the International TestConference, 1986. TestSymp., 1994. Proceedings of the 1997 International Conference on Computer Design (ICCD '97) 0-8186-8206-X/97 $10.00 © 1997 IEEE

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.