Foundations of Reachability Analysis EECS 290A Sequential Logic Synthesis and Verification Lecture 1

Overview  Sequential systems are systems with memory elements Behavior can be characterized in terms of states and transitions Behavior can be characterized in terms of states and transitions States can be initial, reachable, unreachable, etc States can be initial, reachable, unreachable, etc  Reachability analysis deals with determining the set of reachable states  The reachable state information is useful in Logic synthesis (external don’t-cares) Logic synthesis (external don’t-cares) Formal verification (proving a property for reachable states) Formal verification (proving a property for reachable states)  Reachability analysis of large systems is a complex task attracting significant research efforts

Descriptions of Sequential Systems  State level  Structural level DFF x z y 0 1  States is a higher level description, compared to structure  Going from structure to states is STG extraction  Going from states to structure is implementation (encoding and logic synthesis) Circuit, logic network State transition graph (STG), automaton, FSM

Types of States  A state characterizes the behavior of a sequential system, given a fixed set of values of the memory elements  Initial state: A state, in which the system begins its functioning.  Reachable state: A state that can be reached from the initial one though a finite sequence of transitions under allowed inputs.  Unreachable state: A state that cannot be reached from the initial under any sequence of inputs. Unreachable states Reachable states

State Level Descriptions 0 1 0/0 1/0 1/0 1/1 0/ /0 01/0 10/0 11/0 11/1 00/1 01/1 10/1 Deterministic FSM Non-Deterministic FSM Automaton 0 1 0/0 1/0 1/1 0/1 Pseudo-Non-Deterministic FSM

Structural Level Descriptions Primary inputs (PIs) Primary outputs (POs) Internal nodes Latches Latch outputs (LO) Latch inputs (LI) LI PO PI LO Logic Latches

Fanin/Fanout of a Node  Node has only one output.  Node can have any number of inputs (fanins) and can be an input to any number of nodes (fanouts) N FO 1 FO 2 FO 3 FI 1 FI 2 FI 3 Fanouts Node Fanins

Transitive Fanin/Fanout of a Node Transitive fanin (TFI) Transitive fanout (TFO) Node

Reachability “Onion Rings”

Computation of Reachable States  Input: Sequential system represented by a transition relation and an initial state (a set of initial states)  Computation: Image computation, set operations on sets of states  Output: A set of reachable states

Relation  Definition. Relation is a subset of the product of two sets, R: A x B. If (a, b) is an element of R then we write a R b, meaning a is related to b by R. x1x1x1x1 x2x2x2x2 x3x3x3x3 y1y1y1y1 y2y2y2y x1x1 x2x2 x3x3 y1y1 y2y2

Characteristic Function  Relation R: A x B can be represented by a characteristic function: a Boolean function F R (a,b), a  A, b  B taking value 1 for those a and b that belong to relation R.

Example (continued) x1x1x1x1 x2x2x2x2 x3x3x3x3 y1y1y1y1 y2y2y2y2F other x1x1 x2x2 x3x3 y1y1 y2y2 01

Transition Relation  Definition. An FSM is.  Definition. A transition relation of an FSM is a relation R: I x S x S that is true for a pair of states s 1 and s 2, iff there is a transition between them under some input.

Transition Relation of an FSM ICS cs 1 cs 2 NS ns 1 ns 2 0A00B10 0,1A00A00 0B10B10 1B10A00 0C01B10 1C01A00 C B A 0,

Example (continued) i cs 1 ns 1 cs 2 ns 2 10 C B A 0,

Reachability Pseudo-Code Reachability( Transition Relation TR, Initial State I ) { ReachedStates = I; iterate the following computation: { ReachedStatesNew = Image( TR, ReachedStates ); if (ReachedStatesNew is contained in ReachedStates ) stop; stop; ReachedStates = ReachedStates + ReachedStatesNew; }}

Image Computation  Given a mapping of one Boolean space (input space) into another Boolean space (output space) For a set of minterms (care set) in the input space For a set of minterms (care set) in the input space The image is the set of related minterms from the output spaceThe image is the set of related minterms from the output space For a set of minterms in the output space For a set of minterms in the output space The pre-image is the set of related minterms in the input spaceThe pre-image is the set of related minterms in the input space Input space Output space Image Care set

Example abc y x Output space Image Care set abc xy Input space

Image Computation  Implements formula: Image(Y) =  x [R(X,Y) & C(X)]  Implicit methods by far outperform explicit ones Successfully computing images with more than 2^100 minterms in the input/output spaces Successfully computing images with more than 2^100 minterms in the input/output spaces  Operations & and  are basic Boolean manipulations are implemented using BDDs  To avoid large intermediate results (during and after the product computation), operation AND-EXIST is used, which performs product and quantification in one pass over the BDD

Image Computation Techniques  When the relation is a monolithic one (represented as a single object), these techniques do not work Sometimes the relation can be decomposed using disjoint-support decomposition, etc. Sometimes the relation can be decomposed using disjoint-support decomposition, etc.  Some techniques work for a partitioned representation This representation is natural when the system is represented on the structural level This representation is natural when the system is represented on the structural level  In this case, the transition relation is given in the form of the set of partitions: T(x,cs,ns) =  i Ti(x,cs,nsi) T(x,cs,ns) =  i Ti(x,cs,nsi) x cs Latches ns

Input Splitting  Select an input variable  Cofactor partition w.r.t. this variable  Compute the images for the cofactors  Union the resulting images Output space Image Care set abc xy Input space x = a + b y = bc x = b y = bcx = 1 y = bc a=0 a=1

Output Splitting  Constrain each function Yi(x) w.r.t the care set C(x)  Recursively compute the image as follows: Select an output variable yi Select an output variable yi Constrain each remaining function using the function yi=Yi(x) Constrain each remaining function using the function yi=Yi(x) Use the direct polarityUse the direct polarity Use the complemented polarityUse the complemented polarity Find the images of the two resulting sets of functions, Im1(y) and Im2(y) Find the images of the two resulting sets of functions, Im1(y) and Im2(y) Combine the images using the ITE operator and the variable yi. Combine the images using the ITE operator and the variable yi. Im(y) = ITE(yi, Im1(y), Im2(y)) Im(y) = ITE(yi, Im1(y), Im2(y))  Trivial cases: When function Yj(x) is constant 0 (1), the image is yj’ (yj) When function Yj(x) is constant 0 (1), the image is yj’ (yj) When there is only one non-constant function left, the image is constant 1 (it does not depend on the y variables) When there is only one non-constant function left, the image is constant 1 (it does not depend on the y variables) When functions in the set Y can be split into two parts with disjoint support, the image is the product of the two images When functions in the set Y can be split into two parts with disjoint support, the image is the product of the two images When only two functions are left and, for example, Yj1(x) = Yj2(x)’, then, the image is yj1  yj2 When only two functions are left and, for example, Yj1(x) = Yj2(x)’, then, the image is yj1  yj2

Input vs. Output Splitting  These two methods are “symmetric” w.r.t. inputs/outputs  Their efficiency depends on the cardinality of I/O spaces  In some problems, output splitting is more efficient because the output space is smaller than the input space As a result, the (potentially exponential) tree depth is bounded by a smaller number As a result, the (potentially exponential) tree depth is bounded by a smaller number Variable 1 Variable 2 Variable 3

Quantification Scheduling  Existential quantification and product commute if a variable to be quantified belongs to only one component in the product  x [F(x,y) & G(x,y)]  [  x F(x,y)] & [  x G(x,y)]  x [F(y) & G(x,y)] = F(y) & [  x G(x,y)]  Scheduling is performed by ordering the partitions, so that the variables are quantified as early as possible Image(Y) =  x,i [A(x) & T1(x,i,y) & T2(x,i,y) & … & Tk(x,i,y)] = =  x k,i k [ Tk(x,i,y) & =  x k,i k [ Tk(x,i,y) & &  x k-1,i k-1 [Tk(x,i,y) & &  x k-1,i k-1 [Tk(x,i,y) & … &  x 1,i 1 [T1(x,i,y) &  x 0,i 0 A(x)] … ] ] … &  x 1,i 1 [T1(x,i,y) &  x 0,i 0 A(x)] … ] ]

Project Overview

Project 1: Sequential optimization without state space exploration  The previous work [1] proposes a way to perform sequential optimization using recursive learning across latch boundaries. The goal of this project is to investigate possible extensions of this work, trying to get deeper understanding of the relationship of the algorithm with other sequential optimization techniques. Another goal is to develop an efficient implementation of this method in MVSIS.  [1] A. Mehrotra, S. Qadeer, V. Singhal, R. K Brayton, A. L. Sangiovanni-Vincentelli, A. Aziz. Sequential optimization without state space exploration. Proc. ICCAD ‘97, pp

Project 1: Sequential optimization without state space exploration LI PO PI LO Logic Latches Scope of recursive learning

Project 2: Retiming of AND-INV graphs with latches  Retiming moves latches around  Retiming with unit-delay combinational blocks leads to the reduction of algorithm complexity [1]  The project will explore the impact of the above fact when retiming is applied to the AIG [2]  [1] M. C. Papaefthymiou, Understanding retiming through maximum average-delay cycles. Math. Systems Theory, 27, 1994, pp  [2] A. Mishchenko, S. Chatterjee, R. Jiang, R. Brayton. FRAIGs: A Unifying Representation for Logic Synthesis and Verification. Submitted to DAC ’05.

Project 3: Performing retiming together with technology mapping  A study [1] has shown that the quality of results achieved by iterating retiming and technology mapping for FPGAs can be improved by integrating these transformations into one.  This project will develop a similar technique for ASIC mapping [2] and study its impact on the mapping quality.  [1] J. Cong and C. Wu, Optimal FPGA Mapping and Retiming with Efficient Initial State Computation, IEEE TCAD, vol. 18(11), pp , Nov  [2] A. Mishchenko, S. Chatterjee, R. Brayton, X. Wang, T. Kam. Technology Mapping with Boolean Matching, Supergates and Choices. Submitted to DAC

Project 4: Sequential ATPG using simulation and SAT  Compare the efficiency of ATPG using Random simulation Random simulation Bounded equivalence checking Bounded equivalence checking Unbounded equivalence checking Unbounded equivalence checking  The result of this experiment will help answer the following questions How many faults can be detected using the above techniques How many faults can be detected using the above techniques Whether bounded equivalence checking is a good method to generate tests for stuck-at faults in sequential circuits. Whether bounded equivalence checking is a good method to generate tests for stuck-at faults in sequential circuits.

Project 5: Implementation of windowing for sequential optimization  This project will focus on studying the available windowing schemes [1] for combinational networks and extending them to work for networks with latches. Several applications will be implemented and tested to show the impact of windowing on the runtime/quality trade-off. The applications may include reachability analysis, reencoding using the set of unreachable states, computation of combinational don’t-cares due to unreachable and equivalence states using methods similar to [1].  A. Mishchenko, R. Brayton. SAT-based complete don’t-care computation for network optimization. Proc. IWLS ’04.

Project 6: PTL synthesis for testability  (Mentor: Rolf Drechsler, University of Bremen, Germany) Rolf DrechslerRolf Drechsler  One of the most important steps during circuit design is the testability of the netlist. Multiplexor circuits derived from BDDs have been studied intensively under various fault models. Recently, a new technique has been presented that guarantees full testability of a circuit derived from a BDD description under the stuck-at fault model and the robust path-delay fault model. The size of the circuit is directly proportional to the given BDD size.  The goal of this project is to generalize the techniques [1] to work for sequential circuits, i.e. circuits that are not full- scan. The problem can be studied from a theoretical point of view or by an experimental study in the MVSIS environment.  [1] R. Drechsler, J. Shi, G. Fey. Synthesis of Fully Testable Circuits from BDDs. IEEE Trans. CAD, Vol. 23(3), March 2004, pp

Project 7: Verifying sequential circuits after phase assignment  (Mentor: Geert Janssen, IBM T. J. Watson Research Center, Yorktown Heights) Geert JanssenGeert Janssen  Two sequential netlists are available, one of them derived from the other by a phase assignment of the latches. The inverters are collapsed and the logic functions are restructured. The correspondence of latches in the two netlists is known. The problem is to check if the two designs are indeed equivalent under some phase assignment. A general-case sequential equivalence checking method can be used, but the question is if there exists a more efficient method applicable to the special type of the netlist after phase assignment.

Project 8: Implementation of SAT-based sequential equivalence checking  Recent advances of SAT-solvers bring SAT formulation to one of the main streams in formal verification. However, most of the prior work on this subject aimed at general model checking. Since sequential equivalence checking is a very specific and practically important problem in design verification, presumably specialized algorithms (e.g. exploiting similarities of circuit structures) may further improve verification performance. This project studies the most recent development of SAT-based model checking, and applies it to the sequential equivalence checking problem. Students working on this project will get familiar with the verification area, and gain programming experience with an advanced SAT-solver.  [1] K.L. McMillan. Interpolation and SAT-based model checking, Proc. CAV'03, LNCS 2725, 2003, pp

Project 9: Resubstitution in sequential circuits  This project will explore extensions of the notion of resubstitution for sequential circuits. The idea of one such extension comes from the following observation. If we consider two uninitialized consecutive time-frames of a sequential circuits as one combinational circuit, some nodes in the first frame can be resubstituted into the second frame. Going back to the original circuit, this transformation can be interpreted as adding a new latch to the circuit and reexpressing the logic function of a node in terms of the new latch. This reexpression may lead to simplification of the node’s local function, or to dropping fanins of the node, which may result in making redundant some latches of the original circuit.  The goal of this project is to develop a theory supporting resubstitution in sequential circuits and implement an experimental command in the MVSIS environment, which will be applicable to large sequential circuits.

Project 9: Resubstitution in sequential circuits LI PO PI LO Logic Latches LI PO PI LO

Project 10: Using sequential flexibility to synthesize redundant circuits for improved reliability  Study the last year project by Ruth Wang  Generalize the problem statement to allow for different types of failures and additional feedback  Develop a methodology to synthesize redundant circuits with improved reliability  Implement the synthesis method and experiment on benchmarks