Logic Verification 1 Outline –Logic Verification Problem –Verification Approaches –Recursive Learning Approach Goal –Understand verification problem –Understand HANNIBAL algorithms

Logic Verification Problem –verify that two logic circuits are functionally equivalent »both cover the same ON-set »neither covers any of the OFF-set of the other »can have different coverings of the DC-set Applications –verify that logic optimization was correct »both hand and automatic optimization –verify that logic was implemented correctly »technology mapping, circuit design, layout a f c y a c f y = ?

Logic Verification Complexity Logic verification is NP-complete –instance of satisfiability problem –problem formulation: can function y be satisfied? –y is XOR of A/B outputs, ORed together –if any outputs are different for same inputs, y = 1 »circuits are not equal –if y cannot be satisfied, then circuits are equal Circuit A Circuit B y=1! Inputs

Logic Verification Approaches Logic Simulation –zero-delay simulation of circuits A and B, compare outputs –must simulate for all possible inputs »exponential time –current approach: validation - simulate many inputs »probability that A and B are not equal is small »small differences escape detection - Pentium bug Cube Covering –cubes in B cover the cubes of A reduced against its ON-set –cubes in B do not cover any of A OFF-set –vice-versa –use ESPRESSO cube covering check »exponential time in worst case –best suited for two-level logic

Logic Verification Approaches Optimization –optimize comparison circuit –if A and B are same, circuit should optimize to constant 0 –problem: optimization algorithms do not guarantee minimum circuit, could erroneously report difference Ordered Binary Decision Diagrams (OBDD) –convert comparison circuit to canonical form »canonical - unique representation for given function »circuit will reduce to constant 0 if equivalent –problem: intermediate OBDD could be exponential space Recursive Learning –try to justify y = 1! –use RL to learn indirect implications –use implications to decompose into smaller subproblems –problem: RL or subproblems could be exponential time

Verification by Recursive Learning Circuit A Circuit B y=1! Inputs Learn indirect implications between nodes of circuits A and B –for every node in A and B, learn implications for the node –implications between A and B come through common inputs and XORed outputs Determine if Y = 1 using stored implications –use ATPG to search for input assignments that make Y = 1 –stored implications act like direct implications

HANNIBAL Algorithm Construct circuit Connect input pairs together Connect output pairs by XORs OR together XORs Identification of indirect implications (Phase 1) (moving from inputs towards outputs) for every logic gate G in both circuits with output signal g assign g=W with W=0 for AND, NOR and W=1 for OR, NAND make_all_implications(0, r prep ) for all learned signal values f i = V i store indirect implications g = W => f i = V i at signal g r prep = 1 set r prep,max Base algorithm for verification (Phase 2): test generation Check satisfiability of Y using prestored indirect implications r prep < r prep,max r prep += 1 Y=1 is inconsistent Y=1 is justified aborted no yes circuits are equivalent circuits are not equivalent disting. vector generated aborted

Example S4 S4’ Y S0’ N2’C2’ C1’ C0’ N0’ N1’ C0 C1 C2 N0 N1 S0S1 S2S3 Circuit A Circuit B Learn for S0, S2, S4, S0’, S4’ –node S0: S0=1 => S2=1, S4=1 by direct implication –case N0=0 => N0’=0, S0’=1, S4’=1, Y=0 –case N1=0 => N1’=0, So’=1, S4’=1, Y=0 –result: S0=1 => S0’=1, S4’=1, Y=0

Example Stored Indirect Implications –S0 = 1 => S0’ = 1, S4’ = 1, Y = 0 –S2 = 1 => S4’ = 1, Y = 0 –S4 = 1 => S4’ = 1, Y = 0 –S0’ = 1 => S0 = 1, S2 = 1, S4 = 1, Y = 0 –S4’ = 1 => S2 = 1, S4 = 1, Y = 0 –note implications for Y have been found Justification for Y = 1 –S4 = 1 and S4’ = 0 »Y = 0 by stored implication, inconsistent –S4 = 0 and S4’ = 1 »Y = 0 by stored implication, inconsistent –conclusion: Y = 0, circuits are equivalent –justification is trivial with stored Y implications

Experience ISCAS85 vs. nonredundant versions –3 sec for c432 to 79 minutes for c7552 –r prep,max = 1 or 2 for all cases for phase 1 »small runtime for r prep,max =1 cases –r max = 0 for phase 2 except r max = 5 for c3540 –satisfiability checking is usually trivial »needed only direct and stored implications »in all but c3540 stored implications for Y=0 or Y=1 Issues –blanket r prep during phase 1 »CPU time grows exponentially –ATPG abort level vs. r prep »how many assignments to try before quitting »fast and stupid is sometimes faster

Verifast - Improved HANNIBAL HANNIBAL failures – when circuits A and B have large dissimilar regions –requires high recursion level to work through »cannot use level greater than 2 Decompose problem - Verifast –static learning with recursion level 1 »usually fast, often solves problem –random simulation to identify probably-equivalent nodes –verify each pair between A and B in rank order –smaller problem => can use much higher recursion level »up to 7 during second phase »use equivalences found in earlier ranks –handles more problems, much faster on hard cases