Docstoc

ECE 667- Fall 2003

Document Sample
ECE 667- Fall 2003 Powered By Docstoc
					                       ECE 697B (667)
                                     Spring 2006

            Synthesis and Verification
               of Digital Systems

                                  Verification
                            Equivalence checking



ECE 667 - Synthesis & Verification - L21           1
                     Equivalence Checking
• Two circuits are functionally equivalent
  if they exhibit the same behavior

• Combinational circuits                      In        CL         Out
    – for all possible input values

                                             PI                      Po
• Sequential circuits
                                                         CL
   – for all possible input sequences
                                                   Ps         Ns
                                                         R


  ECE 667 - Synthesis & Verification - L21                                2
 Combinational Equivalence Checking

• Functional Approach
    – transform output functions of combinational
      circuits into a unique (canonical) representation
    – two circuits are equivalent if their representations
      are identical
    – efficient canonical representation: BDD


• Structural
    – identify structurally similar internal points
    – prove internal points (cut-points) equivalent
    – find implications

ECE 667 - Synthesis & Verification - L21                     3
                Functional Equivalence
• Circuits for which BDD can be constructed
    – represent multi-output circuits as shared BDDs
    – BDDs must be identical (for the same variable
      ordering)


• Circuits whose BDDs are too large
   – cannot construct BDDs, memory problem
   – use partitioned BDD method
         • decompose circuit into smaller pieces, each as BDD
         • check equivalence of internal points


  ECE 667 - Synthesis & Verification - L21                      4
          Functional Decomposition
• Decompose each function into functional blocks
      – represent each block as a BDD (partitioned BDD method)
      – define cut-points (z)
      – verify equivalence of blocks at cut-points
        starting at primary inputs
                                                     F             G

                                                    f2            g2
                                           z             z
                                               f1            g1
                                           x        y    x        y

ECE 667 - Synthesis & Verification - L21                               5
    Cut-Points Resolution Problem
• If all pairs of cut-points (z1,z2) are equivalent
     – so are the two functions, F,G
• If intermediate functions (f2,g2) are not equivalent
     – the functions (F,G) may still be equivalent
     – this is called false negative
                                                           F             G
• Why do we have false negative ?                         f2            g2
     – functions are represented in terms of
       intermediate variables                   z1             z2
     – to prove/disprove equivalence must
       represent the functions in terms of           f1            g1
       primary inputs (BDD composition)
                                                x         y    x        y

 ECE 667 - Synthesis & Verification - L21                                    6
    Cut-Point Resolution – Theory
• Let f1(x)=g1(x) x
      – if f2(z,y)  g2(z,y), z,y then f2(f1(x),y)  g2(f1(x),y)  F  G
      – if f2(z,y)  g2(z,y), z,y                f2(f1(x),y)  g2(f1(x),y)  F  G

                                               We cannot say if F  G or not
                    F                      G

                   f2                   g2
                                                • False negative
          z                     z                   – two functions are equivalent,
                                                      but the verification algorithm
              f1                   g1                 declares them as different.
          x        y           x           y

ECE 667 - Synthesis & Verification - L21                                                7
     Cut-Point Resolution – cont’d
• How to verify if negative is false or true ?

• Procedure 1: create a miter (XOR) between
   two potentially equivalent nodes/functions
    – perform ATPG test for stuck-at 0
                                               0, F  G (false negative)
    – find test pattern to prove F  G         1, F  G (true negative)
    – efficient for true negative
      (gives test vector, a proof)
    – inefficient when there is no test




                                           F   G

ECE 667 - Synthesis & Verification - L21                                   8
      Cut-Point Resolution – cont’d
• Procedure 2: create a BDD for F  G
   – perform satisfiability analysis (SAT) of the BDD
         • if BDD for F G = , problem is not satisfiable, false negative
         • BDD for F G  , problem is satisfiable, true negative

                                            F G =
                                                     , F  G (false negative)
            F               G
                                        =            Non-empty, F  G
                                                    Note: must compose BDDs until they
                                                     are equivalent, or expressed in terms
                                                     of primary inputs

  – the SAT solution, if exists, provides a test vector
         (proof of non-equivalence) – as in ATPG
  – unlike the ATPG technique, it is effective for false negative
          (the BDD is empty!)
 ECE 667 - Synthesis & Verification - L21                                                    9
     Structural Equivalence Check
• Given two circuits, each with its own structure
      – identify “similar” internal points, cut sets
      – exploit internal equivalences
• False negative problem may arise
      – F  G, but differ structurally (different local support)
      – verification algorithm declares F,G as different


       a              d1             F     a       d2               G
       b •                                 b   •
                                           c


• Solution: use BDD-based or ATPG-based methods to resolve
  the problem. Also: implication, learning techniques.
ECE 667 - Synthesis & Verification - L21                                10
               Implication Techniques
• Techniques that extract and exploit internal
  correspondences to speed up verification
• Implications – direct and indirect


   b=x                     d=0                       b=x           d=x
                                           f=0                              f=1
   a=1                                               a=0
   c=x                    e=0                        c=x          e=x

  Direct: a=1  f=0                              Indirect (learning): f=1  a=0

ECE 667 - Synthesis & Verification - L21                                          11
                  Learning Techniques
• Learning
      – process of deriving indirect implications
      – Recursive learning
            • recursively analyzes effects of each justification
      – Functional learning
            • uses BDDs to learn indirect implications
                                                                 G           H
                                                             a           a

                     a                     H             b                   b
                     b                         G=1
                     c
                                                       0         1   0       1
                                                             G=1  H=0
ECE 667 - Synthesis & Verification - L21                                         12
      Learning Techniques –cont’d
• Other methods to check implications G=1  H=0
      – Build a BDD for G • H’
            • If this function is satisfiable, the implication holds and
              gives a test vector
            • Otherwise it does not hold
      – Since G=1  H=0  (G’+H’)=1, build a BDD for (G’+H’)
            • The implication holds if (G’+H’)=1 (tautology)



                                      a         H
                                      b                  G=1
                                      c



ECE 667 - Synthesis & Verification - L21                                   13
 Sequential Equivalence Checking
• Functional Approach
    – Bounded model
          • unroll combinational logic portion of FSM k times
          • Check equivalence of combinational logic
    – Sequential FSM model
          • Create a product of FSMs
          • Perform traversal or reachability analysis of the product machine
    – Gate level model
          • Find register equivalence
• Structural
    – Similar to combinational:
          • identify structurally similar internal points
          • prove equivalence of internal points (cut-points)
    – Harder because of states and registers

 ECE 667 - Synthesis & Verification - L21                                       14
        Finite State Machines (FSM)

                                           X                     O
• FSM M(X,S, , ,O)                               (s,x)
                                                   (s,x)
                                               s            s’
    –   Inputs:          X                          R
    –   Outputs:         O
    –   States:          S
    –   Next state function, (s,x) : S  X  S
    –   Output function,     (s,x) : S  X  O




ECE 667 - Synthesis & Verification - L21                             15
Sequential Equivalence Checking
• Represent each sequential circuit as an FSM
      – verify if two FSMs are equivalent
• Approach 1: reduction to combinational circuit
      – unroll FSM over n time frames (flatten the design)

                   x(1)             x(2)                  x(n)

                      M(t1)                        …
                                           M(t2)
                                                   …          M(tn)
           s(1)                 s(2)                   s(n)


                  Combinational logic: F(x(1,2, …n), s(1,2, … n))

      – check equivalence of the resulting combinational circuits
      – problem: the resulting circuit can be too large too handle

ECE 667 - Synthesis & Verification - L21                              16
                Sequential Verification
• Approach 2: based on isomorphism of state transition
  graphs
      – two machines M1, M2 are equivalent if their state transition
        graphs (STGs) are isomorphic
      – perform state minimization of each machine
      – check if STG(M1) and STG(M2) are isomorphic

               1/0                                         1/0
0/0                          0/1    State min.   0/0                   0/1
          0    1/1 1
                                                       0         1.2

                                                                             
        1/0    2     0/1     M1             M1min          1/1
                                                           1/0
                                                 0/0                   0/1
                                                       0          1
                                            M2
                                                           1/1
ECE 667 - Synthesis & Verification - L21                                         17
                 Sequential Verification
• Approach 3: symbolic FSM traversal of the product
  machine

• Given two FSMs: M1(X,S1, 1, 1,O1),                     O(M)
  M2(X,S2, 2, 2,O2)
• Create a product FSM: M = M1 M2
    – traverse the states of M and check its          O1       O2
      output for each transition
    – the output O(M) =1, if outputs O1= O2
                                                      M1       M2
    – if all outputs of M are 1, M1 and M2 are   S1                 S2
      equivalent
    – otherwise, an error state is reached                 X
    – error trace is produced to show: M1  M2



 ECE 667 - Synthesis & Verification - L21                                18
     Product Machine - Construction
 • Define the product machine M(X,S, , ,O)
       – states,              S = S1  S2
       – next state function, (s,x) : (S1  S2)  X  (S1  S2)
       – output function,     (s,x) : (S1  S2)  X  {0,1}

                      O=     1 if O1=O2
                              0 otherwise
                                              (s,x) = 1(s1,x)  2(s2,x)

                                        • Error trace (distinguishing sequence)
                                          that leads to an error state
             1       2
1                                   2    - sequence of inputs which produces 1
                                              at the output of M
           M1         M2
                                           - produces a state in M for which M1
                                              and M2 give different outputs
                  X
 ECE 667 - Synthesis & Verification - L21                                     19
 Construction of the Product FSM
                                                                              0/0
                            1/0
              0/0                          0/1                                      2
     M1                                                        M2         1/1
                        0           1                                                     1/0
                                                                                                0/1
                                                                0/0
                             1/1                                          0                1
                                                                                    1/1
• For each pair of states, s1 M1, s2 M2
     – create a combined state s = (s1. s2) of M
     – create transitions out of this state to other states of M
     – label the transitions (input/output) accordingly
              0/1     1/0
M1                                                                   00 Output = { 1 OK
                1            0                     0/1                              0 error
       0/1
                                                                       11
                                                         1/1
M2                    1/0                    1.1                    0.2
               1            2


ECE 667 - Synthesis & Verification - L21                                                              20
 (Explicit) FSM Traversal in Action
                        1/0                                      0/0
         0/0                           0/1                             2
                   0          1                             1/1              1/0
                                                                                     0/1
                                                     0/0
        M1              1/1
                                               M2            0                1
                                                                       1/1

Initiall states: s1=0, s2=0,s=(0.0)                                                      Error state
                                                   0/0                 1/0               0/0
                         Out(M)                            0.1               1.0
 State reached x=0 x=1                               1/0                            1/1
                                                                                               0/1
• New 0 = (0.0)          1 1
                                             0/0    1.2                            0.2
• New 1 = (1.1)          1 1
                                                     1/0                           1/1
• New = (0.2)
          2              1 1                               0.0               1.1
• New 3 = (1.0)          0 0                  M     0/1            1/1               0/1

• STOP - backtrack to initial state to get error trace: x={1,1,1,0}

 ECE 667 - Synthesis & Verification - L21                                                            21
                Implicit FSM Traversal
• Traverse the product machine M(X,S,, ,O)
      – start at an initial state S0
      – iteratively compute symbolic image Img(S0,R)
        (set of next states) until an error state is reached
                      Img( S0,R ) = x s S0(s) • R(x,s,t)
                              R = i Ri = i (ti  i(s,x))

      – transition relation Ri for each next state variable ti
        can be computed as ti = (t  (s,x))
      – Comment: this is an alternative way to compute transition
        relation, when design is specified at gate level (Boolean)

ECE 667 - Synthesis & Verification - L21                             22
                           FSM Traversal
• State Transition Graphs
      – directed graphs with labeled nodes and arcs
        (transitions)
      – symbolic state traversal methods
            • important for symbolic verification, state reachability
              analysis, FSM traversal, etc.

                                                       1/0
                                           0/0                     0/1
                                                  s0         s1

                                                 1/0   s2    0/1




ECE 667 - Synthesis & Verification - L21                                 23
            Existential Quantification
• Existential quantification (abstraction)

                                x f = f |x=0 + f |x=1
• Example:
                                x (x y + z) = y + z

• Note: x f does not depend on x (smoothing)
• Useful in symbolic image computation
      (deriving sets of states)


ECE 667 - Synthesis & Verification - L21                 24
Existential Quantification - cont’d
• Function can be existentially quantified w.r.to
  a vector: X = x1x2…

                        X f = x1x2... f = x1 x2 ... f

• Can be done efficiently directly on a BDD
• Very useful in computing sets of states
      – Image computation: next states
      – Pre-Image computation: previous states
    from a given set of initial states

ECE 667 - Synthesis & Verification - L21                     25
                    Image Computation
• Computing set of next states from a given initial state
  (or set of states)
                           Img( S,R ) = u S(u) • R(u,v)
                                           R(u,v)

                                    S(u)            Img(v)



• FSM: when transitions are labeled with input predicates
  x, quantify w.r.to all inputs (primary inputs and state var)
                         Img( S,R ) = x u S(u) • R(x,u,v)

ECE 667 - Synthesis & Verification - L21                         26
     Image Computation - example
Compute a set of next states from state s1

• Encode the states: s1=00, s2=01, s3=10, s4=11
• Write transition relations for the encoded states:
            R = (ax’y’X’Y + a’x’y’XY’ + xy’XY + ….)

                                                s2        a xy XY
                                 a         01             1 00 01
                  s1                                 s4   0 00 10
                        00 a’                             - 10 11
                                                     11   ……….
                                           10
                                                s3

ECE 667 - Synthesis & Verification - L21                            27
                         Example - cont’d
• Compute Image from s1 under R
  Img( s1,R ) = a xy s1(x,y) • R(a,x,y,X,Y)


            = a xy (x’y’) • (ax’y’X’Y + a’x’y’XY’ + xy’XY + ….)
            = axy (ax’y’X’Y + a’x’y’XY’ ) = (X’Y + XY’ )
                                          = {01, 10} = {s2, s3}
                                     s2
                       a        01
         s1                                s4   Result: a set of next
               00 a’                            states for all inputs
                                           11   s1  {s2, s3}
                                 10
                                      s3

ECE 667 - Synthesis & Verification - L21                                28
             Pre-Image Computation
• Computing a set of present states from a given next
  state (or set of states)
                        Pre-Img( S’,R) = v R(u,v) )• S’(v)
                                           R(u,v)

                           Pre-Img(u)               S’(v)


• Similar to Image computation, except that quantification is done
  w.r.to next state variables
• The result: a set of states backward reachable from state set S’,
  expressed in present state variables u
• Useful in computing CTL formulas: AF, EF
ECE 667 - Synthesis & Verification - L21                              29

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:5/17/2013
language:English
pages:29