Document Sample

ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Verification Equivalence checking ECE 667 - Synthesis & Verification - L21 1 Equivalence Checking • Two circuits are functionally equivalent if they exhibit the same behavior • Combinational circuits In CL Out – for all possible input values PI Po • Sequential circuits CL – for all possible input sequences Ps Ns R ECE 667 - Synthesis & Verification - L21 2 Combinational Equivalence Checking • Functional Approach – transform output functions of combinational circuits into a unique (canonical) representation – two circuits are equivalent if their representations are identical – efficient canonical representation: BDD • Structural – identify structurally similar internal points – prove internal points (cut-points) equivalent – find implications ECE 667 - Synthesis & Verification - L21 3 Functional Equivalence • Circuits for which BDD can be constructed – represent multi-output circuits as shared BDDs – BDDs must be identical (for the same variable ordering) • Circuits whose BDDs are too large – cannot construct BDDs, memory problem – use partitioned BDD method • decompose circuit into smaller pieces, each as BDD • check equivalence of internal points ECE 667 - Synthesis & Verification - L21 4 Functional Decomposition • Decompose each function into functional blocks – represent each block as a BDD (partitioned BDD method) – define cut-points (z) – verify equivalence of blocks at cut-points starting at primary inputs F G f2 g2 z z f1 g1 x y x y ECE 667 - Synthesis & Verification - L21 5 Cut-Points Resolution Problem • If all pairs of cut-points (z1,z2) are equivalent – so are the two functions, F,G • If intermediate functions (f2,g2) are not equivalent – the functions (F,G) may still be equivalent – this is called false negative F G • Why do we have false negative ? f2 g2 – functions are represented in terms of intermediate variables z1 z2 – to prove/disprove equivalence must represent the functions in terms of f1 g1 primary inputs (BDD composition) x y x y ECE 667 - Synthesis & Verification - L21 6 Cut-Point Resolution – Theory • Let f1(x)=g1(x) x – if f2(z,y) g2(z,y), z,y then f2(f1(x),y) g2(f1(x),y) F G – if f2(z,y) g2(z,y), z,y f2(f1(x),y) g2(f1(x),y) F G We cannot say if F G or not F G f2 g2 • False negative z z – two functions are equivalent, but the verification algorithm f1 g1 declares them as different. x y x y ECE 667 - Synthesis & Verification - L21 7 Cut-Point Resolution – cont’d • How to verify if negative is false or true ? • Procedure 1: create a miter (XOR) between two potentially equivalent nodes/functions – perform ATPG test for stuck-at 0 0, F G (false negative) – find test pattern to prove F G 1, F G (true negative) – efficient for true negative (gives test vector, a proof) – inefficient when there is no test F G ECE 667 - Synthesis & Verification - L21 8 Cut-Point Resolution – cont’d • Procedure 2: create a BDD for F G – perform satisfiability analysis (SAT) of the BDD • if BDD for F G = , problem is not satisfiable, false negative • BDD for F G , problem is satisfiable, true negative F G = , F G (false negative) F G = Non-empty, F G Note: must compose BDDs until they are equivalent, or expressed in terms of primary inputs – the SAT solution, if exists, provides a test vector (proof of non-equivalence) – as in ATPG – unlike the ATPG technique, it is effective for false negative (the BDD is empty!) ECE 667 - Synthesis & Verification - L21 9 Structural Equivalence Check • Given two circuits, each with its own structure – identify “similar” internal points, cut sets – exploit internal equivalences • False negative problem may arise – F G, but differ structurally (different local support) – verification algorithm declares F,G as different a d1 F a d2 G b • b • c • Solution: use BDD-based or ATPG-based methods to resolve the problem. Also: implication, learning techniques. ECE 667 - Synthesis & Verification - L21 10 Implication Techniques • Techniques that extract and exploit internal correspondences to speed up verification • Implications – direct and indirect b=x d=0 b=x d=x f=0 f=1 a=1 a=0 c=x e=0 c=x e=x Direct: a=1 f=0 Indirect (learning): f=1 a=0 ECE 667 - Synthesis & Verification - L21 11 Learning Techniques • Learning – process of deriving indirect implications – Recursive learning • recursively analyzes effects of each justification – Functional learning • uses BDDs to learn indirect implications G H a a a H b b b G=1 c 0 1 0 1 G=1 H=0 ECE 667 - Synthesis & Verification - L21 12 Learning Techniques –cont’d • Other methods to check implications G=1 H=0 – Build a BDD for G • H’ • If this function is satisfiable, the implication holds and gives a test vector • Otherwise it does not hold – Since G=1 H=0 (G’+H’)=1, build a BDD for (G’+H’) • The implication holds if (G’+H’)=1 (tautology) a H b G=1 c ECE 667 - Synthesis & Verification - L21 13 Sequential Equivalence Checking • Functional Approach – Bounded model • unroll combinational logic portion of FSM k times • Check equivalence of combinational logic – Sequential FSM model • Create a product of FSMs • Perform traversal or reachability analysis of the product machine – Gate level model • Find register equivalence • Structural – Similar to combinational: • identify structurally similar internal points • prove equivalence of internal points (cut-points) – Harder because of states and registers ECE 667 - Synthesis & Verification - L21 14 Finite State Machines (FSM) X O • FSM M(X,S, , ,O) (s,x) (s,x) s s’ – Inputs: X R – Outputs: O – States: S – Next state function, (s,x) : S X S – Output function, (s,x) : S X O ECE 667 - Synthesis & Verification - L21 15 Sequential Equivalence Checking • Represent each sequential circuit as an FSM – verify if two FSMs are equivalent • Approach 1: reduction to combinational circuit – unroll FSM over n time frames (flatten the design) x(1) x(2) x(n) M(t1) … M(t2) … M(tn) s(1) s(2) s(n) Combinational logic: F(x(1,2, …n), s(1,2, … n)) – check equivalence of the resulting combinational circuits – problem: the resulting circuit can be too large too handle ECE 667 - Synthesis & Verification - L21 16 Sequential Verification • Approach 2: based on isomorphism of state transition graphs – two machines M1, M2 are equivalent if their state transition graphs (STGs) are isomorphic – perform state minimization of each machine – check if STG(M1) and STG(M2) are isomorphic 1/0 1/0 0/0 0/1 State min. 0/0 0/1 0 1/1 1 0 1.2 1/0 2 0/1 M1 M1min 1/1 1/0 0/0 0/1 0 1 M2 1/1 ECE 667 - Synthesis & Verification - L21 17 Sequential Verification • Approach 3: symbolic FSM traversal of the product machine • Given two FSMs: M1(X,S1, 1, 1,O1), O(M) M2(X,S2, 2, 2,O2) • Create a product FSM: M = M1 M2 – traverse the states of M and check its O1 O2 output for each transition – the output O(M) =1, if outputs O1= O2 M1 M2 – if all outputs of M are 1, M1 and M2 are S1 S2 equivalent – otherwise, an error state is reached X – error trace is produced to show: M1 M2 ECE 667 - Synthesis & Verification - L21 18 Product Machine - Construction • Define the product machine M(X,S, , ,O) – states, S = S1 S2 – next state function, (s,x) : (S1 S2) X (S1 S2) – output function, (s,x) : (S1 S2) X {0,1} O= 1 if O1=O2 0 otherwise (s,x) = 1(s1,x) 2(s2,x) • Error trace (distinguishing sequence) that leads to an error state 1 2 1 2 - sequence of inputs which produces 1 at the output of M M1 M2 - produces a state in M for which M1 and M2 give different outputs X ECE 667 - Synthesis & Verification - L21 19 Construction of the Product FSM 0/0 1/0 0/0 0/1 2 M1 M2 1/1 0 1 1/0 0/1 0/0 1/1 0 1 1/1 • For each pair of states, s1 M1, s2 M2 – create a combined state s = (s1. s2) of M – create transitions out of this state to other states of M – label the transitions (input/output) accordingly 0/1 1/0 M1 00 Output = { 1 OK 1 0 0/1 0 error 0/1 11 1/1 M2 1/0 1.1 0.2 1 2 ECE 667 - Synthesis & Verification - L21 20 (Explicit) FSM Traversal in Action 1/0 0/0 0/0 0/1 2 0 1 1/1 1/0 0/1 0/0 M1 1/1 M2 0 1 1/1 Initiall states: s1=0, s2=0,s=(0.0) Error state 0/0 1/0 0/0 Out(M) 0.1 1.0 State reached x=0 x=1 1/0 1/1 0/1 • New 0 = (0.0) 1 1 0/0 1.2 0.2 • New 1 = (1.1) 1 1 1/0 1/1 • New = (0.2) 2 1 1 0.0 1.1 • New 3 = (1.0) 0 0 M 0/1 1/1 0/1 • STOP - backtrack to initial state to get error trace: x={1,1,1,0} ECE 667 - Synthesis & Verification - L21 21 Implicit FSM Traversal • Traverse the product machine M(X,S,, ,O) – start at an initial state S0 – iteratively compute symbolic image Img(S0,R) (set of next states) until an error state is reached Img( S0,R ) = x s S0(s) • R(x,s,t) R = i Ri = i (ti i(s,x)) – transition relation Ri for each next state variable ti can be computed as ti = (t (s,x)) – Comment: this is an alternative way to compute transition relation, when design is specified at gate level (Boolean) ECE 667 - Synthesis & Verification - L21 22 FSM Traversal • State Transition Graphs – directed graphs with labeled nodes and arcs (transitions) – symbolic state traversal methods • important for symbolic verification, state reachability analysis, FSM traversal, etc. 1/0 0/0 0/1 s0 s1 1/0 s2 0/1 ECE 667 - Synthesis & Verification - L21 23 Existential Quantification • Existential quantification (abstraction) x f = f |x=0 + f |x=1 • Example: x (x y + z) = y + z • Note: x f does not depend on x (smoothing) • Useful in symbolic image computation (deriving sets of states) ECE 667 - Synthesis & Verification - L21 24 Existential Quantification - cont’d • Function can be existentially quantified w.r.to a vector: X = x1x2… X f = x1x2... f = x1 x2 ... f • Can be done efficiently directly on a BDD • Very useful in computing sets of states – Image computation: next states – Pre-Image computation: previous states from a given set of initial states ECE 667 - Synthesis & Verification - L21 25 Image Computation • Computing set of next states from a given initial state (or set of states) Img( S,R ) = u S(u) • R(u,v) R(u,v) S(u) Img(v) • FSM: when transitions are labeled with input predicates x, quantify w.r.to all inputs (primary inputs and state var) Img( S,R ) = x u S(u) • R(x,u,v) ECE 667 - Synthesis & Verification - L21 26 Image Computation - example Compute a set of next states from state s1 • Encode the states: s1=00, s2=01, s3=10, s4=11 • Write transition relations for the encoded states: R = (ax’y’X’Y + a’x’y’XY’ + xy’XY + ….) s2 a xy XY a 01 1 00 01 s1 s4 0 00 10 00 a’ - 10 11 11 ………. 10 s3 ECE 667 - Synthesis & Verification - L21 27 Example - cont’d • Compute Image from s1 under R Img( s1,R ) = a xy s1(x,y) • R(a,x,y,X,Y) = a xy (x’y’) • (ax’y’X’Y + a’x’y’XY’ + xy’XY + ….) = axy (ax’y’X’Y + a’x’y’XY’ ) = (X’Y + XY’ ) = {01, 10} = {s2, s3} s2 a 01 s1 s4 Result: a set of next 00 a’ states for all inputs 11 s1 {s2, s3} 10 s3 ECE 667 - Synthesis & Verification - L21 28 Pre-Image Computation • Computing a set of present states from a given next state (or set of states) Pre-Img( S’,R) = v R(u,v) )• S’(v) R(u,v) Pre-Img(u) S’(v) • Similar to Image computation, except that quantification is done w.r.to next state variables • The result: a set of states backward reachable from state set S’, expressed in present state variables u • Useful in computing CTL formulas: AF, EF ECE 667 - Synthesis & Verification - L21 29

DOCUMENT INFO

Shared By:

Categories:

Tags:

Stats:

views: | 0 |

posted: | 5/17/2013 |

language: | English |

pages: | 29 |

OTHER DOCS BY yurtgc548

Docstoc is the premier online destination to start and grow small businesses. It hosts the best quality and widest selection of professional documents (over 20 million) and resources including expert videos, articles and productivity tools to make every small business better.

Search or Browse for any specific document or resource you need for your business. Or explore our curated resources for Starting a Business, Growing a Business or for Professional Development.

Feel free to Contact Us with any questions you might have.