Robert Brayton Alan Mishchenko Department of EECS UC Berkeley Task ID: 2710.001 SAT-based Methods for Scalable Synthesis and Verification Robert Brayton Alan Mishchenko Department of EECS UC Berkeley

Task Overview SRC task ID: 2710.001 Start date: 1-Nov-2016 Thrust area: CADT Task leaders: Robert K. Brayton, Univ. of California/Berkeley Alan Mishchenko, Univ. of California/Berkeley Industrial liaisons: See next slide Students: Yen-Sheng Ho (Mentor intern, graduating 2017)

Industrial Liaisons IBM Intel Mentor Graphics Jason Baumgartner Victor Kravets Intel Timothy Kam Steven Burns Michael Kishinevsky Mentor Graphics Jeremy Levitt

Anticipated Results Methodology and algorithms for next-generation improvements in logic synthesis, addressing reverse engineering SAT-based circuit restructuring precomputation of properties for practical Boolean functions Public software implementation of the above methodology and algorithms Experimental evaluation on industrial benchmarks.

Responding to the Needs of SRC Companies Reverse engineering enables applying word-level methods to gate-level problems. S3 System Tools S3.4 Advanced logic/physical/high-level synthesis and cross-boundary optimization Scalable synthesis leads to scalable verification V1 Verification Core Technologies V1.1 Advances in the scalability of automated model checking and sequential equivalence checking techniques for bit-level and bit-vector models V1.2 Advances in techniques: general-purpose SAT solvers; constraint solving techniques; SAT solvers tuned for specific applications; automatic abstraction and abstraction-refinement; satisfiability modulo theories (SMT) V1.3 Novel and improved algorithms for optimizing design and specification logic. Computing complete test-suites for multiple-fault testing using different fault models T1 Test Cost and Quality Improvement T1.1 Test cost reduction T1.4 Methods to improve test quality by effective test pattern selection across fault models SAT-based formulations can contribute to other areas S3.5 Fundamental/significant place/route improvements, including how to scale the methods for multi-core designs and reliability-aware place and route There has been continued interest from the SRC companies IBM, Mentor Graphics

Task Deliverables 31-Oct-2017 Software release of the RE engine and RE-enhanced equivalence checking engine. Evaluation on industrial problems. 31-Oct-2018 Software release of SAT-based logic restructuring. Evaluation on industrial problems. 31-Oct-2019 Software release of computation of Boolean properties with applications to network optimization. Evaluation on industrial problems. Final report summarizing research accomplishments and future direction. https://www.src.org/library/research-catalog/2710.001/

Background and Motivation Reverse engineering Discovering high-level structure in gate-level netlists Useful for both verification and synthesis SAT-based circuit restructuring Global, incremental, and exhaustive Useful for delay/area optimization before and after mapping The “genome project” of logic synthesis Precomputing useful functional properties of practical Boolean functions up to 16 inputs For example, exhaustive enumeration of non-redundant circuit structures for small practical functions will be used Useful for incremental resynthesis before and after mapping AIG rewriting is one special case

Comparison with Existing Work Reverse engineering Existing functional methods (B. Sterin et al, FMCAD’15) are less scalable than structural methods, leaving room for improvements SAT-based resynthesis Previous methods (such as FPGA’09) are limited to modifying one node at a time; do not address delay-optimization properly Precomputation of functional properties Previous methods (such as W. Yang et al, ICCAD’12) are limited to structures existing in the designs; only simple AIGs are used; reliably work only for 6-input functions

Summary of Recent Progress for Each Technical Goal 1st year: Reverse engineering Developed algorithms for “transparent logic” detection (IWLS’16) Developed an improved boundary detection method (IWLS’17) for functional reverse engineering (FMCAD’15) Developed a novel clock-gating synthesis/verification algorithm based on “transparent logic” detection Developed a novel SAT-based word-level IC3/PDR engine 2nd year: SAT-based circuit restructuring SAT-based canonical SOP construction (ICCAD’16) Improved algebraic factoring based on hashing (ASP-DAC’17) 3rd year: The “genome project” of logic synthesis Initial work on QBF-based enumeration of delay-optimizing circuit structures (DATE’17)

Past Work on Reverse Engineering Introduced Subset Permutation-Independent Equivalence Checking (SPIEC) Find a component (e.g 16-bit adder) in a larger block if the component’s PIs/POs are a subset of the block’s Solved SPIEC by subgraph isomorphism Relaxed the constraint on POs by feathering - exposing the internal nodes as new POs Joint work with Mathias and Bob IWLS 2015 FMCAD 2015 M. Soeken, B. Sterin, R. Drechsler, and R. K. Brayton, “Reverse engineering with simulation graphs,” Proc. FMCAD’15. 10

Cut Generation for RE Generate words using transparent logic starting from PIs and previously detected components Combine words into cuts Use feathering and SPIEC to detect component between the cuts Extensions: This method can be combined with other localization methods Knowing the outputs of a component can drive detection of additional components IWLS2017 Joint work with Mathias and Bob B. Sterin, M. Soeken, G. De Micheli, and R. K. Brayton, “Cut generation for reverse engineering of gate-level netlists,” Proc. IWLS’17. 11

Experimental Results Random Seed Components #C #PI #PO Input Found Time (s) 255 *:1 1 25 8 2.7 52487 /:1, +:1 2 35 17.8 655321 *:1, +:1, -:2 4 58 16 3 43.8 6345789 *:1, /:2, -:1 28 56 35.6 142857 *:1, /:2 38 96 55.5 1729 *:3, /:1, +:3, -:4 11 74 666 5040 *:1, /:1, -:2 86 112 257 541 *:1, /:2, +:4, -:3 10 46 54 42 *:2, /:2, +:4, -:3 70 5 485 Used CirKit to generate random circuits with 8-bit arithmetic blocks in Verilog Used %read and %blast commands in ABC to generate AIGs Used the proposed method (IWLS”17 and FMCAD’15) to detect the blocks

Truth-Table-Based SPIEC (work in progress) This novel SPIEC can handle arbitrary negations Starts by matching a component PO to a block PO Extends the match one PO at a time Much faster, but limited to fewer functions Remove the need for known boundary Enumerate all 6-input cuts and compute NPN classes Match the first component PO to arbitrary nodes in the circuit Extend the match by adding/removing two vars at a time Joint work with Mathias and Arun Block Component 13

Verification and Synthesis of Clock-Gated Circuits Motivation: reduce dynamic power in digital circuits Enable sequential clock-gating synthesis (verification) Generate legal clock-gating conditions automatically (synthesis) Main contribution Construct dependency graphs (DGs) are used to model control logic and data dependencies in sequential circuits Use LTL and past LTL (PLTL) to define clock-gating conditions Propose verification and synthesis flows based on the DG method. Experimental results: Verification: identify and justify clock-gating conditions efficiently Synthesis: able to propose more clock-gating conditions than reference methods

Proposed Sequential EC Flow Golden (G) Revised (R) Given G and R The algorithm Detects candidate seq. redundancies Proves them Eliminates them Leads to simpler SEC problems DG_G DG_R Construct DGs Identify Candidates Derive Property Prove Property Revise circuit and abstraction Final SEC

Proposed Synthesis Flow Golden (G) Given a sequential circuit G Construct its dependency graph Identify candidates for clock-gating For each candidate: Formulate the clock-gating condition Synthesize the enable signal DG Revised (R) We have a big view now, But what is legal clock-gating? Construct DG Identify Candidates Formulate Clock-Gating Condition Synthesize enable signal

Proposed Synthesis Flow Experimental Results Statistics Verification Synthesis Circuit Clock-gating type AND FF super_ prove(s) absec (s) Proposed SEC Proposed Synthesis Flow DG (s) SEC (s) Remove FF Gated FF Time, (s) Aes.Round Observ 125k 645 208.2 5.31 24.34 3.60 128 1.47 Md5Core Satisf 95k 40k 80.33 N/A 4.32 9.44 512 32256 23.31 CLA_fixed 3k 97 T.O. 1169.8 0.22 0.55 32 0.19 Synthetic1 4k 73 632.64 166.28 0.56 0.98 24 0.24 Synthetic2 Both 877 74 4.794 0.21 0.43 36 50 0.20 Summary Dramatically reduced runtime of verification after CG for a number circuits, compared to available methods Synthesized a large number of new CGs for given circuits

Property Directed Reachability with Word-Level Abstraction Motivation Word-level sequential verification (incl. SEC and property checking) remains challenging despite previous work Related techniques SAT-based IC3 or Property Directed Reachability (PDR) Localization abstraction Counterexample guided abstraction and refinement (CEGAR) Our contributions integrating word-level abstraction with PDR efficiently using a new refinement strategy combining structural and proof-based analysis of spurious counterexamples re-using reachability information (reachability clauses) derived in previous iterations of CEGAR

PDR-WLA Algorithm WL abstraction Bit-blast PDR: Load previous clauses PDR: Recursively block cubes PDR: Propagate blocked cubes PDR: Open a new frame CEX? Refine abstraction with PBR and MFFC Spurious? Invariant? Proved Falsified PDR: Load previous clauses No Yes

PDR-WLA Experimental Results Settings PDR-WLA is available in ABC (command %pdra) Benchmarks are 195 industrial Verilog RTL designs Timeout is 3600 seconds Results PDR-WLA solves 18 cases not solved by PDR Re-using reachability clauses is helpful Refinement strategies, PBR with MFFC, can derive small final abstractions using fewer iterations compared to previous methods

Recent Publications Reverse engineering SAT-based synthesis - Y.-Y. Dai and R. Brayton, “Identifying transparent logic in gate-level circuits”, Proc. IWLS’16. - Y.-Y. Dai, Verification and synthesis of clock-gated circuits, Ph.D. Thesis, UC Berkeley. - Y.-Y. Dai and R. Brayton, “Circuit recognition with deep learning”, Proc. Hardware Oriented Security and Trust Symposium (HOST), 2017. - B. Sterin, A. Mishchenko and R. Brayton, “Structural reverse engineering of arithmetic circuits”, UC Berkeley, ERL Technical Report, 2016. SAT-based synthesis - A. Petkovska, A. Mishchenko, M. Soeken, G. De Micheli, R. Brayton, and P. Ienne, "Fast generation of lexicographic satisfiable assignments: Enabling canonicity in SAT-based applications", Proc. ICCAD'16. - B. Schmitt, A. Mishchenko, and R. Brayton, “SAT-based area recovery in structural technology mapping”, Proc. IWLS’17. - M. Soeken, G. De Micheli, and A. Mishchenko, "Busy Man's Synthesis: Combinational delay optimization with SAT", Proc. DATE'17. Improved scalability of logic synthesis - B. Schmitt, A. Mishchenko, V. Kravets, R. Brayton, and A. Reis, "Fast-extract with cube hashing", Proc. ASP-DAC'17. Other related work - Y.-S. Ho, P. Chauhan, P. Roy, A. Mishchenko, and R. Brayton, "Efficient uninterpreted function abstraction and refinement for word-level model checking", Proc. FMCAD'16. - Y.-S. Ho, A. Mishchenko, R. Brayton, “Property directed reachability with word-level abstraction”, Submitted to FMCAD’17. - Y.-S. Ho, A. Mishchenko, R. Brayton, and N. Een, "Enhancing PDR/IC3 with localization abstraction“, Submitted to FMCAD’17.

Conclusions Reviewed the SRC task (the first few months) “SAT-based Methods for Scalable Synthesis and Verification” Discussed ongoing and forthcoming work Reviewed recent publications