Recording%20Synthesis%20History%20for%20Sequential%20Verification

1
Recording Synthesis History for Sequential
Verification

• Robert Brayton Alan Mishchenko
• UC Berkeley

2
Overview

• Introduction
• Recording synthesis history
• Retiming
• Combinational synthesis
• Merging sequentially equivalent nodes
• Window-based transformations
• Transformations involving observability
  dont-cares
• Using synthesis history
• Verification
• Experiments
• Conclusions

3
Introduction

• Sequential synthesis promises to substantially
  improve the quality of hardware design less
  area, fewer registers, lower power, BUT
• Efficient verification is needed to ensure wider
  adoption
• Sequential equivalence checking, even with
  limited sequential synthesis, without history is
  PSPACE-complete Jiang/Brayton, TCAD06
• But synthesis history can make sequential
  equivalence checking close to linear in circuit
  size in many cases
• The focus of this presentation
• recording a type of synthesis history
• using it for sequential equivalence checking

4
AIGs

• Combinational AIG
• Boolean network of 2-input ANDs and inverters
• Combinational structural hashing
• Sequential AIG
• Registers are considered as special type of nodes
  
• Each register has an initial state (0, 1, or
  dont-care)
• Sequential structural hashing Baumgartner/Kuehlma
  nn, ICCAD01
• Simplified sequential AIG
• Combinational AIG with registers as additional
  PIs/POs
• Combinational structural hashing
• In this work we use simplified sequential AIGs

5
Sequential Synthesis

• Combinational rewriting
• Retiming
• Register sweeping
• Detecting and merging seq. equivalent nodes
• Circuit optimization with approximate unreachable
  states as external dont-cares
• Sequential rewriting

6
Recording a type of Synthesis History

• Two AIG managers are used
• Working AIG (WAIG)
• History AIG (HAIG)
• Two node mappings are supported
• Every node in WAIG points to its copy in HAIG
• Some nodes in HAIG point to other nodes in HAIG
  that are believed to be sequentially equivalent
  as a result of synthesis performed in WAIG

7
WAIG and HAIG

• WAIG (Working AIG)
• New logic nodes are added as synthesis proceeds
• Old logic cones are removed and replaced by new
  logic cones
• The fanouts of the old root are transferred to be
  fanouts of the new root
• Nodes without fanout are immediately removed
• Maintains accurate metrics (node count, register
  count, logic depth)
• HAIG (History AIG)
• As each new node is created in WAIG, a copy is
  found or is created in HAIG,
• A link between them is established
• Old logic cones are not removed
• Fanouts are not transferred
• Links between the HAIG nodes are established
• Each time a node replacement is made in WAIG,
  corresponding nodes are linked as sequentially
  equivalent in HAIG

8
Overview

• Introduction
• Recording synthesis history
• Retiming
• Transformations involving observability
  dont-cares
• Sequential rewriting
• Using synthesis history
• Verification
• Experiments
• Conclusions

9
Recording History for Retiming
Step 1 Create retimed node copy
Step 2 Transfer fanout Add pointer
Step 3 Recursively remove old logic continue
building new logic

• Backward retiming is similar

10
Recording History with ODCs

• When synthesis is done with ODCs, the resulting
  node is not equivalent to the original node
• In HAIG, equivalence cannot be recorded
• However, there always exists a scope, outside of
  which functionality is preserved, e.g. a window.
• equivalence in HAIG can be recorded at the output
  boundary of this scope

HAIG
11
Sequential Rewriting
Sequential cut a,b,b1,c1,c
Sequential Rewriting step.
12
Related AIG Procedures

• WAIG
• createAigManager
• deleteAigManager
• createNode
• replaceNode
• deleteNode_recur

• HAIG
• createAigManager
• deleteAigManager
• createNode, setWaigToHaigMapping
• setEquivalentHaigNodes
• do nothing

13
Using HAIG for Equivalence Checking

• Sequential depth of a window-based sequential
  synthesis transform is the maximum number of
  registers on any path from an input to an output
  of the window
• Theorem 1 If transforms recorded in HAIG have
  sequential depth no more than k, the equivalence
  classes of HAIG nodes can be proved by k-step
  induction
• Theorem 2 If the inductive proof of HAIG
  succeeds for all recorded equivalence classes,
  then
• the original and final designs are sequentially
  equivalent

HAIG2
k 1
HAIG1
14
Conceptual Picture of HAIG
outputs
Actually B is really smeared throughout the HAIG
B
B
Registers and PIs
HAIG is simply a sequential circuit with lots of
nodes that are disconnected or redundant. It
contains initial circuit A and final circuit B.
There are many suggested equalities. If we prove
all suggested equalities, then AB sequentially.
15
Inductive Proof (k 1)
Proof obligations
B
Second time frame
All equalities assumed
constraints
Speculative reduction
First time frame
Registers and PIs
16
Discussion

• Typical comments on verification using a
  synthesis history
• incorrect information may be passed from a
  synthesis tool to a verification tool
• in the proposed methodology, history is a set of
  hints
• every step recorded must be proved
• the same bugs may exist in both tools, canceling
  each other out
• the inductive prover used in HAIG-based
  verification must be independent, BUT
• a HAIG prover is simple
• about 100 lines of code, compared to 2000 lines
  in a general prover
• No need to handle counterexamples
• the HAIG size may grow inordinately
• not our experience, plus the HAIG can be
  compacted to 3 bytes per node.

17
Experimental Setup

• Benchmarks are 20 largest public circuits from
  ISCAS89, ITC97, and Altera QUIP
• Only 14 are shown in the tables below
• Runtimes are in seconds on 4x AMD Opteron 2218
  with 16GB RAM under x86_64 GNU/Linux
• One core was used in the experiments
• Synthesis includes three iterations of the
  script
• B - Balancing algebraic tree restructuring for
  minimizing delay
• Rw - Rewriting one pass of combinational AIG
  rewriting
• Rt - Retiming a fixed number (3000) of steps of
  forward retiming
• Script (BRwRt)3
• This script was selected to make the resulting
  networks hard to verify (Jiang/Hung, ICCAD 07)
• It represents a limited synthesis since full
  implementation is not done.

18
Synthesis ResultsSynthesis size and HAIG size
19
Comparison of verification times
Entry 1000 indicates a timeout at 1000 seconds.
Timeouts are truncated as 1000 seconds in
computing runtime ratios.
20
Conclusions

• Motivated the use of synthesis history in SEC
• Presented a particular way of recording history
  using two AIG managers
• Experimentally evaluated the use of history in
  Sequential Equivalence Checking
• Confirmed savings in runtime
• Confirmed reliability

21
Future Work

• Use of HAIG has shown that it can make SEC
  inductively provable.
• What subset of history would suffice
• e.g. do not record each retiming move but only
  the final result, or the result of one frame.
• How to handle a sequential transform that
  includes a loop in the area of change.
• is it still k-inductive
• what is k
• Implement history recording for all transforms

22
Moral of Story
Leave a trail of bread crumbs.