Post on 22-Jan-2016
description
Recording Synthesis History for Sequential Verification
Robert Brayton Alan Mishchenko
UC Berkeley
Overview Introduction Recording synthesis history
Retiming Combinational synthesis Merging sequentially equivalent nodes Window-based transformations Transformations involving observability don’t-cares
Using synthesis history Verification
Experiments Conclusions
Introduction Sequential synthesis promises to substantially improve
the quality of hardware design – less area, fewer registers, lower power, BUT Efficient verification is needed to ensure wider adoption
Sequential equivalence checking, even with limited sequential synthesis, without history is PSPACE-complete [Jiang/Brayton, TCAD’06] But synthesis history can make sequential equivalence checking
“close to linear” in circuit size in many cases
The focus of this presentation recording a type of synthesis history using it for sequential equivalence checking
44
AIGs Combinational AIG
Boolean network of 2-input ANDs and inverters
Combinational structural hashing Sequential AIG
Registers are considered as special type of nodes
Each register has an initial state (0, 1, or don’t-care)
Sequential structural hashing [Baumgartner/Kuehlmann, ICCAD’01]
Simplified sequential AIG Combinational AIG with registers as
additional PIs/POs Combinational structural hashing
In this work we use simplified sequential AIGs
Sequential Synthesis
Combinational rewritingRetimingRegister sweepingDetecting and merging seq. equivalent
nodesCircuit optimization with approximate
unreachable states as external don’t-caresSequential rewriting
HAIG
Recording a type of Synthesis History
Two AIG managers are used Working AIG (WAIG) History AIG (HAIG)
Two node mappings are supported Every node in WAIG points to
its copy in HAIG Some nodes in HAIG point to
other nodes in HAIG that are believed to be sequentially equivalent as a result of synthesis performed in WAIG
WAIG
WAIG and HAIG WAIG (Working AIG)
New logic nodes are added as synthesis proceeds Old logic cones are removed and replaced by new logic cones
The fanouts of the old root are transferred to be fanouts of the new root Nodes without fanout are immediately removed
Maintains accurate metrics (node count, register count, logic depth)
HAIG (History AIG) As each new node is created in WAIG, a copy is found or is created in
HAIG, A link between them is established
Old logic cones are not removed Fanouts are not transferred
Links between the HAIG nodes are established Each time a node replacement is made in WAIG, corresponding nodes
are linked as sequentially equivalent in HAIG
88
Overview
Introduction Recording synthesis history
Retiming Transformations involving observability don’t-cares Sequential rewriting
Using synthesis history Verification
Experiments Conclusions
Recording History for Retiming
Backward retiming is similar
Step 1
Create retimed node
copyStep 2
Transfer fanout
Add pointer
Step 3
Recursively remove old logic
continue building new logic
WAIG HAIG
1010
Recording History with ODCs
When synthesis is done with ODCs, the resulting node is not equivalent to the original node In HAIG, equivalence cannot be recorded
However, there always exists a scope, outside of which functionality is preserved, e.g. a window. equivalence in HAIG can be recorded at the output
boundary of this scope
HAIG
1111
Sequential Rewriting
Sequential Sequential cut: cut: {a,b,b{a,b,b11,c,c11,c},c}
rewriterewrite
Sequential Rewriting step.
Sequentiallyequivalent
History AIG after rewriting step.History AIG after rewriting step.
The History AIG The History AIG accumulates sequential accumulates sequential
equivalence classesequivalence classes..
new new nodesnodes
History AIG
1212
Related AIG Procedures
WAIG createAigManager deleteAigManager createNode
replaceNode deleteNode_recur
HAIG createAigManager deleteAigManager createNode,
setWaigToHaigMapping setEquivalentHaigNodes do nothing
Using HAIG for Equivalence Checking
Sequential depth of a window-based sequential synthesis transform is the maximum number of registers on any path from an input to an output of the window
Theorem 1: If transforms recorded in HAIG have sequential depth no more than k, the equivalence classes of HAIG nodes can be proved by k-step induction
Theorem 2: If the inductive proof of HAIG succeeds for all recorded equivalence classes, then the original and final designs are
sequentially equivalent
A A’ B B’
A A’ B B’
11
0 0
unsat unsat
#1
#2
Sequential depth = 1
HAIG1
HAIG2
k = 1
1414
Conceptual Picture of HAIG
HAIG is simply a sequential circuit with lots of nodes that are disconnected or redundant. It contains initial circuit A and final circuit B. There are many suggested equalities.
If we prove all suggested equalities, then A=B sequentially.
BB
outputs
AA
outputs
BB
Actually B is really smeared throughout the HAIG
Registers and PIs
1515
Inductive Proof (k = 1)
B
outputs
A
outputs
BA
outputs
A
outputsSpeculative reduction
Second time frame
First time frame
Registers and PIs
=constraints
Proof obligations
All equalities assumed
DiscussionTypical comments on verification using a synthesis history Typical comments on verification using a synthesis history
incorrect information may be passed from a synthesis tool to a incorrect information may be passed from a synthesis tool to a verification toolverification tool
in the proposed methodology, history is a set of in the proposed methodology, history is a set of hintshints every step recorded must be provedevery step recorded must be proved
the same bugs may exist in both tools, canceling each other outthe same bugs may exist in both tools, canceling each other out the inductive prover used in HAIG-based verification must be the inductive prover used in HAIG-based verification must be
independentindependent, BUT , BUT a HAIG prover is simple a HAIG prover is simple
about 100 lines of code, compared to 2000 lines in a general proverabout 100 lines of code, compared to 2000 lines in a general prover No need to handle counterexamplesNo need to handle counterexamples
the HAIG size may grow inordinatelythe HAIG size may grow inordinately not our experience, plus the HAIG can be compacted to 3 bytes per not our experience, plus the HAIG can be compacted to 3 bytes per
node.node.
1717
Experimental Setup Benchmarks are 20 largest public circuits from ISCAS’89,
ITC’97, and Altera QUIP Only 14 are shown in the tables below
Runtimes are in seconds on 4x AMD Opteron 2218 with 16GB RAM under x86_64 GNU/Linux One core was used in the experiments
Synthesis includes three iterations of the script: B - Balancing algebraic tree restructuring for minimizing delay Rw - Rewriting one pass of combinational AIG rewriting Rt - Retiming a fixed number (3000) of steps of forward retiming
Script = (B;Rw;Rt)3
This script was selected to make the resulting networks hard to verify (Jiang/Hung, ICCAD ’07) It represents a limited synthesis since full implementation is not done.
Synthesis ResultsSynthesis size and HAIG size
Bench- After synthesis HAIG Run- mark Reg Node Lev Reg Node Lev time,s
s13207 1060 2133 25 4763 20598 36 0.36 s35932 2016 9094 11 5046 60771 19 0.71 s38417 1833 8161 27 10636 60156 48 0.83 s38584 2478 9427 25 7731 63638 43 0.98 b14 587 4893 61 2630 31296 73 0.32 b15 949 7756 94 6377 51139 106 0.67 b17 2271 24386 104 10415 137921 127 1.70 b18 3940 65264 117 12320 354141 132 3.99 fpu 997 16294 1876 9659 126436 3580 3.21 jpeg 5788 43712 73 12972 243672 104 6.63 mem 2399 14067 38 8781 85341 45 1.79 radar 7557 58759 91 15001 347762 174 8.75 video 3422 32852 75 12549 208953 99 4.86 raytracer 13624 137974 252 22079 771632 338 13.65 Geomean 0.77 5.13
Comparison of verification timesBench- HAIG equivalences Runtime, s mark Constr Property Total HAIG SEC
s13207 10821 7526 16557 1.47 1000+ s35932 10733 3127 41866 2.08 44.67 s38417 24418 7691 47369 7.86 63.74 s38584 21279 5443 46931 0.60 18.90 b14 12511 6645 22580 9.47 2.18 b15 21169 6666 38223 19.85 21.84 b17 40450 20253 91526 82.02 48.84 b18 79858 57365 217378 100.45 126.94 fpu 44815 19571 94187 5.73 1000+ jpeg 63579 40262 188743 18.07 279.30 mem 25050 11004 60230 4.66 43.83 radar 72429 58201 253965 80.29 52.82 video 59229 42531 157531 113.00 69.94 raytracer 154115 130032 548596 800.55 1000+ Geomean 0.42 0.19 1.00 1.00 4.59+
Entry 1000+ indicates a timeout at 1000 seconds. Timeouts are truncated as 1000 seconds in computing runtime ratios.
Conclusions
Motivated the use of synthesis history in SEC
Presented a particular way of recording history using two AIG managers
Experimentally evaluated the use of history in Sequential Equivalence Checking Confirmed savings in runtimeruntime Confirmed reliabilityreliability
2121
Future Work
Use of HAIG has shown that it can make SEC inductively provable.
What subset of history would suffice e.g. do not record each retiming move but only the
final result, or the result of one frame. How to handle a sequential transform that
includes a loop in the area of change. is it still k-inductive what is k
Implement history recording for all transforms
2222
Leave a trail of bread crumbs.
Moral of Story: