To view this presentation, you'll need to enable Flash.

Show me how

After you enable Flash, refresh this webpage and the presentation should play.

Loading...

PPT – ABC: An Academic PowerPoint presentation | free to download - id: 589a63-MGY5M

The Adobe Flash plugin is needed to view this content

View by Category

Presentations

Products
Sold on our sister site CrystalGraphics.com

About This Presentation

Write a Comment

User Comments (0)

Transcript and Presenter's Notes

ABC An Academic Industrial-Strength

Verification Tool(based on a tutorial given at

CAV10)

- BVSRC
- Berkeley Verification and Synthesis Research

Center - UC Berkeley
- Robert Brayton, Niklas Een, Alan Mishchenko

Jiang Long, Sayak Ray, Baruch

Sterin - Thanks to NSF, NSA, SRC, and industrial

sponsors, - Actel, Altera, Atrenta, IBM, Intel, Jasper,

Magma, Oasys, Real Intent, Synopsys, Tabula, and

Verific

Overview

- General introduction to ABC
- Synergy between synthesis and verification
- Introduction to AIGs
- Contrast between classical synthesis and ABC

synthesis - Algorithm example re-synthesis with dont cares

using SAT and interpolation - Equivalence checking
- Combinational and sequential
- Recording synthesis history as a way of reducing

complexity - ABC - orchestrated verification flow
- Simplification
- Extraction of constraints
- Phase abstraction
- Forward and minimum FF retimiing
- K-step induction
- Abstraction
- Speculation
- Last gasp BMC, BDDs, interpolation
- Verification example (super_prove)
- Future work

ABC

- A synthesis and verification tool under

development at Berkeley - Started 6 years ago as a replacement for SIS
- Academic public domain tool
- Industrial-strength
- Has been employed in commercial offerings of

various CAD companies - In both synthesis and verification
- Exploits the synergy between synthesis and

verification

A Plethora of ABCs

- http//en.wikipedia.org/wiki/Abc
- ABC (American Broadcasting Company)
- A television network
- ABC (Active Body Control)
- ABC is designed to minimize body roll in corner,

accelerating, and braking. The system uses 13

sensors which monitor body movement to supply the

computer with information every 10 ms - ABC (Abstract Base Class)
- In C, these are generic classes at the base of

the inheritance tree objects of such abstract

classes cannot be created - Atanasoff-Berry Computer
- The AtanasoffBerry Computer (ABC) was the first

electronic digital computing device.1 Conceived

in 1937, the machine was not programmable, being

designed only to solve systems of linear

equations. It was successfully tested in 1942. - ABC (supposed to mean as simple as ABC)
- A system for sequential synthesis and

verification at Berkeley

Design Flow

ABC - Property Checking

Verification

System Specification

RTL

ABC

Logic synthesis

Technology mapping

Physical synthesis

Manufacturing

Areas Addressed by ABC

- Combinational synthesis
- AIG rewriting
- technology mapping
- resynthesis after mapping

- Sequential synthesis
- retiming
- structural register sweep
- merging seq. equiv. nodes

- Verification
- combinational equivalence checking
- bounded sequential verification
- unbounded sequential verification
- equivalence checking using synthesis history
- property checking (safety and liveness)

Synergy Two Kinds

- The algorithms and advancements in verification

can be used in synthesis, and vice versa. - One enables the other
- Verification enables synthesis - equivalence

checking capability enables acceptance of

sequential transformations - retiming
- use of unreachable states
- sequential signal correspondence, etc
- Synthesis enables verification
- Desire to use sequential synthesis operations

(shown by superior results) spurs verification

developments

Examples of The Synergy

- Similar solutions
- e.g. retiming in synthesis / retiming in

verification - Algorithm migration
- e.g. BDDs, SAT, induction, interpolation,

rewriting - Related complexity
- scalable synthesis ltgt scalable verification

(approximately) - Common data-structures
- e.g. combinational and sequential AIGs

Evidence of Synergy Between Synthesis and

Verification

- IBM
- Has a very capable sequential verification engine

SixthSense. - Used throughout IBM to verify property and

equivalence - Designers more willing to consider sequential

transformations now. - ABC
- Sequential verification was developed to check

that new algorithms were implemented correctly - Example of a startup company
- Had developed sequential methods to reduce power
- Needed a verification tool to double check if

their ideas and implementations were correct. - Needed a tool to assure customers that results

were correct.

AIGs (And-Inverter Graphs)

- Why AIGs?
- Same reasons hold for both synthesis and

verification - Easy to construct, relatively compact, robust
- 1M AIG 12Mb RAM
- Can be efficiently stored on disk
- 3-4 bytes / AIG node (1M AIG 4Mb file)
- Unifying representation
- Used by all the different verification engines
- Easy to pass around, duplicate, save
- Compatible with SAT solvers
- Efficient AIG-to-CNF conversion available
- Circuit-based SAT solvers work directly on AIG
- AIGs simulation SAT works well in many

cases

AIGs

- Structural hashing
- Performs AIG compaction
- Applied on-the-fly during construction
- Propagates constants
- Makes each node structurally unique

AIG Memory Usage

- Memory allocation
- Use fixed amount of memory for each node
- Can be done by a simple custom memory manager
- Dynamic fanout manipulation is supported!
- Allocate memory for nodes in a topological order
- Optimized for traversal in the same topological

order - Mostly AIG can be stored in cache fewer cache

misses. - Small static memory footprint in many

applications - Compute fanout information on demand

Quick Overview of Classical (technology

independent) Logic Synthesis

- Boolean network
- Network manipulation (algebraic)
- Elimination (substituting a node into its

fanouts) - Decomposition (common-divisor extraction)
- Node minimization (Boolean)
- Espresso
- Dont cares
- Resubstitution (algebraic or Boolean)

Classical Logic Synthesis

Equivalent AIG in ABC

AIG is a Boolean network of 2-input AND nodes and

invertors (dotted lines)

One AIG Node Many Cuts

Combinational AIG

- AIG can be used to compute many cuts for each

node - Each cut in AIG represents a different SIS node
- SIS node logic represented by AIG between cut and

root. - No a priori fixed boundaries
- Implies that AIG manipulation with cuts is

equivalent to working on many Boolean networks at

the same time

f

a

c

d

e

b

Different cuts for the same node

Combinational Synthesis

- AIG rewriting minimizes the number of AIG nodes

without increasing the number of AIG levels

Rewriting AIG subgraphs

- Pre-computing AIG subgraphs
- Consider function f abc

Rewriting node A

?

Rewriting node B

?

In both cases 1 node is saved

Combinational Rewriting

- iterate 10 times
- for each AIG node
- for each k-cut
- derive node output as function of cut

variables - if ( smaller AIG is in the

pre-computed library ) - rewrite using improved AIG

structure

Note For 4-cuts, each AIG node has, on average,

5 cuts compared to a SIS node with only 1

cut Rewriting at a node can be very fast using

hash-table lookups, truth table manipulation,

disjoint decomposition

Combinational Rewriting Illustrated

Working AIG

- AIG rewriting looks at one AIG node, n, at a

time - A set of new nodes replaces the old fanin cone of

n - The rewriting can account for a better

implementation which can use existing nodes in

the network (DAG aware). - A synthesis history can be recorded easily with

AIGs - the old root and the new root nodes are grouped

into an equivalence class (more on this later)

Comparison of Two Syntheses

- Classical synthesis
- Boolean network
- Network manipulation (algebraic)
- Elimination
- Decomposition (common kernel extraction)
- Node minimization
- Espresso
- Dont cares computed using BDDs
- Resubstitution

- Contemporary synthesis
- AIG network
- DAG-aware AIG rewriting (Boolean)
- Several related algorithms
- Rewriting
- Refactoring
- Balancing
- Node minimization
- Boolean decomposition
- Dont cares computed using simulation and SAT
- Resubstitution with dont cares

Note here all algorithms are scalable no SOP,

no BDDs, no Espresso

Example AlgorithmResubstitution in ABC

- Illustrates computation and use of dont cares
- Illustrates use of SAT and interpolation.
- All done in a scalable way

Windowing a Node in a Mapped Network

- A window for a node in the network is the context

in which the dont-cares are computed. It

includes - n levels of the TFI
- m levels of the TFO
- all re-convergent paths captured in this scope
- A window with its PIs and POs can be considered

as a separate network

Dont-Care Computation Framework

Miter constructed for the window POs

Resubstitution

- Resubstitution considers a node in a Boolean

network and expresses it using a different set of

fanins

X

X

Computation can be enhanced by use of dont cares

Resubstitution with Dont-Cares - Overview

- Consider all or some nodes in Boolean network.
- For each node
- Create window and care network
- Select candidate divisor nodes in non-fanout cone

in window - For each candidate subset of divisors
- If possible, rule it out with simulation
- Check resubstitution infeasibility using SAT
- If UNSAT, compute resubstitution function using

interpolation - Update the network if improvement

Resubstitution with Dont Cares

- Given
- node function F(x) to be replaced
- care network C(x) for the node
- candidate set of divisors gi(x)
- Find
- A resubstitution function h(y) such that F(x)

h(g(x)) on the care set - Substitution Theorem A function h(y) exists if

and only if for every pair of care minterms, x1

and x2, where F(x1) ! F(x2) , there exists k

such that gk(x1) ! gk(x2)

Example of Resubstitution

- Substitution Theorem Any minterm pair that needs

to be distinguished by F(x) should be

distinguished by at least one of the candidates

gk(x)

Example

F(x) (x1? x2)(x2 ? x3) Two candidate

sets g1 x1x2, g2 x1 x2x3, g3 x1 ? x2,

g4 x2 x3 Set g3, g4 cannot be used for

resubstitution while set g1, g2 can (check all

minterm pairs).

x F(x) g1(x) g2(x) g3(x) g4(x)

000 0 0 0 0 0

001 0 0 0 0 0

010 1 1 0 1 0

011 1 1 0 1 1

100 0 0 0 1 0

101 1 0 1 1 0

110 0 0 0 1 0

111 0 0 0 1 1

Checking Resubstitution using SAT

Miter for resubstitution check

AIG network

F

F

Substitution Theorem Any minterm pair needed to

be distinguished by F(x) should be distinguished

by at least one of the candidates gk(x)

Note use of care set. Resubstitution function

exists if and only if problem is unsatisfiable.

Computing Dependency Function h - Craig

Interpolation

- Consider two sets of clauses, A(x, y) and

B(y, z), where y are the only variables common to

A and B. - A Craig interpolant of the pair (A(x, y),

B(y, z)) is a function h(y) depending only on the

common variables y such that A(x, y) ? h(y) ?

B(y, z) - It exists iff A(x, y) ? B(y, z) 0

Computing Dependency Function h by Interpolation

(Implementation)

- Problem
- Find function h(y), such that C(x) ? h(g(x)) ?

F(x), i.e. F(x) is expressed in terms of gk. - Solution
- Prove the corresponding SAT problem

unsatisfiable - Derive unsatisfiability resolution proof

Goldberg/Novikov, DATE03 - Divide clauses into A clauses and B clauses
- Derive interpolant from the unsatisfiability

proof McMillan, CAV03 - Use interpolant as the dependency function, h(g)
- Replace F(x) by h(g) if cost function improved

- Notes on this solution
- uses dont cares
- does not use Espresso
- is more scalable

Sequential Verification

- Property checking
- Create miter from the design and the safety

property - Special construction for liveness
- Biere, Artho, Schuppan
- Equivalence checking
- Create miter from two versions of the same design
- Assuming the initial state is given
- The goal is to prove that the output of the miter

is 0, for all states reachable from the initial

state.

Sequential Equivalence Checking and Sequential

Synthesis

- Complexity Problem
- Although iterated retiming and combinational

synthesis (these two methods are scalable) has

been shown to be very scalable and effective, - sequential equivalence checking for this has been

shown to be as hard as general sequential

equivalence checking (PSPACE complete) - How to make it simpler?
- leave a trail of synthesis transformations

(History)

Recording a History

- Observation
- Each transformation can be broken down into a

sequence of small steps - Combinational rewriting
- Sequential rewritng
- Retiming
- Using ODCs obtained from a window
- How do we easily and uniformly record the history

of this?

Easily Recording Synthesis History

- Two AIG managers are used
- Normal Working AIG (WAIG)
- History AIG (HAIG)
- Combinational structural hashing is used in both

managers - Two node-mappings are supported
- Every node in WAIG points to a node in HAIG
- Some nodes in HAIG point to other nodes in HAIG

that are sequentially equivalent

WAIG

HAIG

Sequential Rewriting Example(combined retiming

and combinational rewriting)

Sequential cut a,b,b1,c1,c

Rewriting step.

Practicality

- Conceptually this is easy. Just modify each

synthesis algorithm with the following - Use of HAIG makes SEC easier (only coNP-complete)
- Practically it is more of a coding effort to

record the history than we thought - Since little interest so far, not fully

implemented in ABC. - It still might be of interest to a company that

does both synthesis and verification

- Working AIG
- createAigManager lt---gt
- deleteAigManager lt---gt
- createNode lt---gt
- replaceNode lt---gt
- deleteNode_recur lt---gt

- History AIG
- createAigManager
- deleteAigManager
- createNode, setWaigToHaigMapping
- setEquivalentHaigMapping
- do nothing

Integrated Verification Flow

- Simplification
- Abstraction
- Speculation
- High Effort Verification

Integrated Verification Flow

- Simplification
- Initial fast simplification of the logic
- Forward retime and do FF correspondence
- Min FF retime
- Extract implicit constraints and use them to

find signal equivalences (ABC command scorr c) - Fold back the constraints
- add a FF so that if ever a constraint is not

satisfied, make the output 0 forever after that. - Trim away irrelevant inputs (do not fanout to FF

or POs) - Try phase abstraction (look for periodic signals)
- Heavy simplify
- (k-step signal correspondence and deep rewriting)
- (see paper of Cabodi et. al.)

Sequential SAT Sweeping(signal correspondence)

Related to combinational CEC

- Naïve approach
- Build output miter call SAT
- works well for many easy problems

- Better approach - SAT sweeping
- based on incremental SAT solving
- detects possibly equivalent nodes using

simulation - candidate constant nodes
- candidate equivalent nodes
- runs SAT on the intermediate miters in a

topological order - refines candidates using counterexamples

D2

D1

Improved CEC

- For hard CEC instances
- Heuristic skip some equivalences
- results in
- 5x reduction in runtime
- solving previously unresolved problems

- Given a combinational miter with equivalence

class A, B, A, B - Possible equivalences
- A B, A A, A B, B A, B B, A B
- only try to prove AA and BB
- do not try to prove
- A B, A B, A B A B

Sequential SAT Sweeping(signal correspondence)

- Similar to combinational SAT sweeping
- detects node equivalences
- But the equivalences are sequential
- guaranteed to hold only on the reachable state

space - Every combinational equivalence is a sequential

one - ? run combinational SAT sweeping first
- A set of sequential equivalences are proved by

k-step induction - Base case
- Inductive case
- Efficient implementation of induction is key!

Base Case(just BMC)

k-step Induction

Inductive Case

Candidate equivalences A B, C D

k 2

If proof of any one equivalence fails need to

start over

arbitrary state

Efficient Implementation

- Two observations
- Both base and inductive cases of k-step induction

are combinational SAT sweeping problems - Tricks and know-how from the above are applicable
- base case is just BMC
- The same integrated package can be used
- starts with simulation
- performs node checking in a topological order
- benefits from the counter-example simulation
- Speculative reduction
- Deals with how assumptions are used in the

inductive case

Speculative Reduction

- Assume equivalences are valid
- add XORs to create new POs
- merge fanouts, rehash logic

Down stream logic can be simplified. Some down

stream equivalences become trivial

Integrated Verification Flow(continued)

- Abstraction
- Use new CBA/PBA method
- Uses single instance of SAT solver
- Uses counter-example based abstraction which is

refined with proof-based abstraction - Checked afterward with BMC, BDDs, and simulation

for CEXs and refined with CBA if found.

N. Een, A. Mishchenko, and N. Amla, "A

single-instance incremental SAT formulation of

proof- and counterexample-based abstraction".

Proc. IWLS'10.

Counterexample-Based Abstraction (CBA)

- start with set of FF, A Ø (all flops are PIs)
- abstraction engine will add flops to A

(concretize flops) - new flops will refute spurious counterexamples

0

0

0

Proof-Based Abstraction (PBA)

- Starts with an UNSAT k-trace
- Inspects the proof flops not present are

abstracted. - Benefit
- More precise than CBA.
- Drawback
- Have to unroll the full design.
- In contrast, CBA starts with a very small design.

Combined Abstraction

- Use CBA to grow the abstraction bottom up.
- Apply PBA only on the current abstraction (not

the full design) when k frames is UNSAT - Do everything in a single incremental SAT

instance. - depth 0 SAT, SAT, SAT, SAT, UNSAT
- depth 1 SAT, UNSAT
- depth 2 SAT, SAT, SAT, UNSAT
- Depth frames unrolled.

Incremental SAT

- Extend the solve() method in MiniSat
- Accept as input a set of literals to be treated

as unit clauses for this call only. - For UNSAT results, output the subset of those

literals used in the proof. - Very minor extension of a modern SAT solver
- Allows PBA to be done without proof-logging

(major extension).

Activation Literals

- Assumptions to solve() allow selectively

activating constraints - a ? (f k1 ? fink), all k
- where a is an activation literal, f is a flop
- Every flop in the BMC trace has its own

activation literal. - All activation literals are passed as assumptions

to solve(). - The set returned by solve() can be used for PBA.

Integrated Verification Flow(continued)

- Speculation
- Especially useful for SEC
- Simulation used to find candidate equivalences.
- These are equivalences that we could not prove by

induction (sequential SAT sweeping) - These are used to build a speculative miter
- The result is double-checked with BMC, BDDs or

simulation for CEXs and refined if necessary. - H. Mony, J. Baumgartner, V. Paruthi, and R.

Kanzelman, Exploiting suspected redundancy

without proving it. Proc. DAC05.

Speculative Reduced Miter (SRM)

- Assume candidate equivalences are valid
- Merge fanouts, rehash logic, add XORs to create

new POs - New POs are proof obligations
- The result is a Speculatively Reduced Model (SRM)
- SRM is UNSAT iff all candidate equivalences hold!
- Equivalences include original outputs ( 0)
- SRM has a different circuit structure
- SRM is often easier to prove
- Can try to prove each output separately.

Speculation Shortcut

- At any step, have BMC with k frames, where all

equivalences that remain, hold for the k frames - At next frame some equivalences fail to not hold
- Can still use old SRM up through frame k
- No need to remove disproved equivalences
- Just add clauses topologically up to next

equivalence - Prove it and merge fanouts or
- Disprove it and just continue to next equivalence
- Already learned clauses can be kept
- Uses only one SAT instance
- just keep adding clauses to it

Integrated Verification Flow(continued)

- Final high-effort verification (prove or

disprove) - Prove (give long run-time limits and/or large

conflict limits) - Try BDD reachability
- if problem small enough (lt 200 PI, lt 200 FFs)
- Try interpolation
- Try induction
- In rare cases, can prove outputs using induction.
- Disprove (give large run-time and conflict

limits) - Try heavy BMC on initial simplified circuit

(before abstraction or speculation done).

Interpolation

- Input Sequential AIG with single output

representing a property - Property holds when the output is 0
- Method Over-approximate reachability analysis
- Using over-approximations, instead of exact sets

of reachable states - Output Proof that
- the property holds, or
- a real CEX is provided, or
- undecided
- Implementation A sequence of SAT calls on

unrolled time-frames that is similar to BMC

B

A

property

T1

T2

T3

Tn

inter1

inter2

Ik

L

P1

UNSAT

BDD-Based Reachability

- Still an important back-end of the verification

flow - Also useful to find CEXs during abstraction and

speculation refinement - Several ideas, old and new, can be put together

to implement a new improved engine - New method for hypergraph partitioning
- Use of several BDD managers
- Long live BDDs!

We tried to ban BDDs in ABC

Examples of Running ABC

- Example 1 of simplifying and final proof with

interpolation - Prove python code
- Example 2 of refinement after speculation
- Super_prove python code
- Example 3 of super_prove
- Example 4 of speculation before abstraction

Example (use of prove)

Read_file IE1.aig PIs 532, POs 1, FF 2389,

ANDs 12049 prove Simplifying Number of

constraints 3 Forward retiming, quick_simp,

scorr_constr, trm PIs 532, POs 1, FF

2342, ANDs 11054 Simplify PIs 532, POs

1, FF 2335, ANDs 10607 Phase abstraction

PIs 283, POs 2, FF 1460, ANDs

8911 quick_verify Abstracting Initial

abstraction PIs 1624, POs 2, FF 119,

ANDs 1716, max depth 39 Testing with BMC bmc3

-C 100000 -T 50 -F 78 No CEX found in 51

frames Latches reduced from 1460 to 119 Simplify

PIs 1624, POs 2, FF 119, ANDs 1687,

max depth 51 Trimming PIs 158, POs 2,

FF 119, ANDs 734, max depth 51 Simplify

PIs 158, POs 2, FF 119, ANDs 731, max

depth 51 quick_verify Speculating Initial

speculation PIs 158, POs 26, FF 119,

ANDs 578, max depth 51 Fast interpolation

reduced POs to 24 Testing with BMC bmc3 -C 150000

-T 75 No CEX found in 1999 frames PIs 158,

POs 24, FF 119, ANDs 578, max depth

1999 Simplify PIs 158, POs 24, FF 119,

ANDs 535, max depth 1999 Trimming PIs

86, POs 24, FF 119, ANDs 513, max depth

1999 Verifying Running reach -v -B 1000000 -F

10000 -T 75 BDD reachability aborted RUNNING

interpolation with 20000 conflicts, 50 sec, max

100 frames 'UNSAT Elapsed time 457.87

seconds, total 458.52 seconds

- NOTES
- The file IE1.aig is first read in and its

statistics are reported as 532 primary inputs, 1

output, 2389 flip-flops, and 12049 AIG nodes. - 3 implicit constraints were found, but they were

only mildly useful in simplifying the problem. - Phase abstraction found a cycle of length 2 and

this was useful for simplifying the problem to

1460 FF from 2335 FF. Note that the number of

outputs increased to 2 because the problem was

unrolled 2 time frames. - Abstraction was very successful in reducing the

FF count to 119. This was proved valid out to 39

time frames. - BMC verified that the abstraction produced is

actually valid at least to 51 frames, which gives

us good confidence that the abstraction is valid

for all time. - Trimming reduced the inputs relevant to the

abstraction from 1624 to 158 and simplify reduced

the number of AIG nodes to 731. - Speculate produced a speculative reduced model

(SRM) with 24 new outputs to be proved and low

resource interpolation proved 2 of them. The SRM

model is simpler and has only 578 AIG nodes. The

SRM was tested with BMC and proved valid out to

1999 frames. - Subsequent trimming and simplification reduced

the PIs to 86 and the AIG nodes to 513. - The final verification step first tried BDD

reachability allowing it 75 sec. and to grow to

up to 1M BDD nodes. It could not converge with

these resources so it was aborted. Then

interpolation was able to prove UNSAT, and hence

all 24 outputs are proved. - Although quick_verify was applied between

simplification and abstraction, and between

abstraction and speculation, it was not able to

prove anything, so its output is not shown. - The total time for this proof was 457 sec. run on

a Lenovo X301 laptop.

Python Code for prove

def prove(a) global x_factor,xfi,f_name

max_bmc -1 K 0 set_globals()

status pre_simp() if status lt Unsat

return RESULTstatus ABC('trm')

ABC('write backup 0) K K 1

set_globals() if ((n_ands() lt 30000) and (a

1) and (n_latches() lt 300)) status

quick_verify(0) if ((status Unsat) or

(status Sat)) return

RESULTstatus' status abstract()

ABC('trm') status process_status(status)

if ((status lt Unsat) or status Error)

return RESULTstatus ABC('write backup

1) K K 1

if status Undecided_reduction

status quick_verify(1) status

process_status(status) if status lt

Unsat if status Sat

status final_verify_recur(K-1)

return RESULTstatus if n_ands() gt 15000

K 2 else status

speculate() ABC('trm') status

process_status(status) if ((status

Unsat) or status Error) return

RESULTstatus if status Sat

K K-1 else

ABC('write backup 2) K K 1

status final_verify_recur(K) return

RESULTstatus

Python Code for pre_simp

def pre_simp() """This uses a set of

simplification algorithms which

preprocesses a design. Includes forward

retiming, quick simp, signal correspondence

with constraints, trimming away PIs, and

strong simplify""" set_globals()

try_forward() quick_simp() status

try_scorr_constr() if ((n_ands() gt 0) or

(n_latches()gt0)) abc('trm') print

'Forward, quick_simp, scorr_constr, ',

print_circuit_stats() status

process_status(status) if status lt Unsat

return status

simplify() print 'Simplify ',

print_circuit_stats() if n_latches() 0

return check_sat() try_phase() if

n_latches() 0 return check_sat()

if ((n_ands() gt 0) or (n_latches()gt0))

abc('trm') status process_status(status)

if status lt Unsat return status

status try_scorr_constr() abc('trm')

return process_status(status)

Python Code for simplify

def simplify() nn_ands() abc('scl')

if n gt 30000 abc('getsclput')

n n_ands() if n lt 100000

abc("dc2putdrgetlcorrdc2put

drgetscorrfraigdc2putdr") n

n_ands() if nlt45000

abc("getscorr -F 2putdc2rs") else

abc("dc2rs") n n_ands()

if n lt 30000 if n gt 15000

abc("dc2rs") else

abc("scorr -F 2dc2rs")

n max(1,n_ands()) if n lt 20000 try

deeper k-step induction m int(min(

60000/n, 16) if m gt 4 j

4 while j lt m

set_size() abc('scldrdc2scorr

-C 5000 -F d'j) if check_size()

1 break j

2j continue

Example 2 (cont.)

Refinement after speculation

Running speculate Running equiv2 with C

100000, T 25.000000 sec., F 200 -S 1 -R

25 Initial speculation PIs 587, POs 52, FF

111, ANDs 1880, max depth 46 RUNNING

simulation iteratively . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . Iterating BMC or BDD

reachability Running bmc3 -C 150000 -T 75.000000

-F 92.000000 CEX in frame 20 for output 40 Spec.

Red. Miter PIs 587, POs 48, FF 115, ANDs

1937, max depth 46 . . . Running bmc3 -C

150000 -T 75.000000 -F 92.000000 CEX in frame 20

for output 34 Spec. Red. Miter PIs 587, POs

47, FF 115, ANDs 1938, max depth

46 .. .. Running bmc3 -C 150000 -T

75.000000 -F 92.000000 CEX in frame 33 for output

9 Spec. Red. Miter PIs 587, POs 28, FF

116, ANDs 1898, max depth 46 Running bmc3 -C

150000 -T 75.000000 -F 92.000000 No cex found in

91 frames WRITING tst22_smp_abs_spec.aig PIs

477, POs 28, FF 116, ANDs 1898, max depth

91 Verifying backup number 2 PIs 477, POs

28, FF 116, ANDs 1898, max depth 91 . .

. RUNNING interpolation with 20000 conflicts, 50

sec, max 100 frames WRITING tst22_smp_abs_spec_fin

al.aig PIs 476, POs 28, FF 115, ANDs

1810, max depth 91 Total time taken by prove

318.884223 sec. Out6 'UNSAT'

super_prove

- If the final result is undecided and there is

more than one output caused by speculation - prove easy outputs first (by induction and

interpolation) - use prove second time on reduced multiple output

result - use prove on each output separately

super_prove

def super_prove() Does initial prove. If

after speculation there are multiple outputs

left, it will try to prove each output separately

in reverse order. It will quit if an output is

proved SAT. If still undecided, it will try

deep proving (Reachability or Interpolation)

or disproving (BMC) on original simplified

version.""" global max_bmc,

init_initial_f_name, initial_f_name

init_initial_f_name initial_f_name max_bmc

-1 x time.clock() result

prove(0) Initial prove print result

if not result 'UNDECIDED' print

'Total time taken by super_prove f

sec.'(time.clock() - x) return result

if n_pos() gt 1 result

prove_g_pos(0) Prove each output separately

after second prove try print

result if result 'UNSAT'

print 'Total time taken by super_prove f

sec.'(time.clock() - x) return

result y time.clock() result

BMC_VER_result(1) Do deep prove or disprove

print 'Total time taken by last gasp

verification f sec.'(time.clock() - y)

print 'Total time f sec.'(time.clock() - x)

return result

Example 3

Solved by speculation and proving each output

separately

IE3 PIs 30, POs 1, FF 965, ANDs

7408 Executing super_prove Initial PIs 30,

POs 1, FF 965, ANDs 7408 Running

pre_simp Forward, quick_simp, scorr_comp, trm

PIs 30, POs 1, FF 776, ANDs 7073 . . .

Simplify PIs 30, POs 1, FF 688, ANDs

5362 WRITING IE3_smp.aig PIs 30, POs 1, FF

688, ANDs 5362 Running abstract Start PIs

30, POs 1, FF 688, ANDs 5362 Abstraction

good to 30 frames First abstraction PIs 503,

POs 1, FF 215, ANDs 2223, max depth

30 Running simulation iteratively . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . Iterating BMC or BDD

reachability New abstraction PIs 503, POs

1, FF 215, ANDs 2223, max depth 30 RUNNING

bmc3 -C 100000 -T 50.000000 -F 60 No CEX found in

59 frames Latches reduced from 688 to 215 WRITING

IE3_smp_abs.aig PIs 213, POs 1, FF 215,

ANDs 2223, max depth 59 Running

quick_verify . . . After trimming PIs 213,

POs 1, FF 215, ANDs 2052, max depth

59 RUNNING interpolation with 10000 conflicts,

max 20 sec and 100 frames . . . No success,

max_depth 59

Example 3 (cont.)

Running speculate Running equiv2 with C

100000, T 25.000000 sec., F 200 -S 1 -R

25 Initial speculation PIs 213, POs 32, FF

212, ANDs 2051, max depth 59 RUNNING

simulation iteratively . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . Iterating BMC or BDD

reachability Running bmc3 -C 150000 -T 75.000000

-F 118.000000 No cex found in 117 frames WRITING

IE3_smp_abs_spec.aig PIs 213, POs 32, FF

212, ANDs 2051, max depth 117 Verifying

backup number 2 PIs 213, POs 32, FF 212,

ANDs 2051, max depth 117 . . . RUNNING

interpolation with 20000 conflicts, 50 sec, max

100 frames Undecided WRITING IE3_smp_abs_spec_fina

l.aig PIs 213, POs 32, FF 212, ANDs

1960, max depth 117 Time taken 255.318055 sec.

Example 3 (cont.)

Proving each output separately

4, 5, 7, 8, 28, 30 Reduced POs

from 32 to 20 Proving output 19 Initial PIs

213, POs 1, FF 207, ANDs 1901 Running

pre_simp Forward, quick_simp, scorr_comp, trm

PIs 212, POs 1, FF 197, ANDs 1899 . . .

Simplify PIs 212, POs 1, FF 197, ANDs

1890 Running abstract Start PIs 212, POs 1,

FF 197, ANDs 1890 Abstraction good to 332

frames First abstraction PIs 353, POs 1, FF

56, ANDs 780, max depth 332 Running

simulation iteratively . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . Iterating BMC or BDD

reachability New abstraction PIs 353, POs

1, FF 56, ANDs 780, max depth 332 RUNNING

bmc3 -C 100000 -T 50.000000 -F 664 No CEX found

in 663 frames Latches reduced from 197 to

56 Running quick_verify . . . After trimming

PIs 217, POs 1, FF 56, ANDs 744, max

depth 663 RUNNING interpolation with 10000

conflicts, max 20 sec and 100 frames Interpolation

went to in 663 frames Time for proof 14.821251

sec. PROVED OUTPUT 19 .

Time for proof 7.381485 sec.

PROVED OUTPUT 1 Proving output

0 Initial PIs 213, POs 1, FF 207, ANDs

1902 Forward, quick_simp, scorr_comp, trm PIs

212, POs 1, FF 197, ANDs 1900 . . .

Simplify PIs 212, POs 1, FF 197, ANDs

1891 Running abstract First abstraction PIs

385, POs 1, FF 24, ANDs 305, max depth

230 Running simulation iteratively . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . Iterating BMC or BDD

reachability New abstraction PIs 385, POs

1, FF 24, ANDs 305, max depth 230 RUNNING

bmc3 -C 100000 -T 50.000000 -F 460 No CEX found

in 459 frames Latches reduced from 197 to

24 Running quick_verify . . . After trimming

PIs 102, POs 1, FF 24, ANDs 293, max

depth 459 RUNNING interpolation with 6387

conflicts, max 12 sec and 100 frames Interpolation

went to in 459 frames Time for proof 18.021230

sec. PROVED OUTPUT 0 Proved

all outputs. The problem is proved UNSAT Total

time 560.434390 sec. Total time taken by

super_prove 815.753979 sec. Out12 'UNSAT'

Example 3 (cont.)

SEC problem - got bad abstraction after ABSTRACT

Example 4

brayton_at_mima /abc/aig/gt /baruch/pyabc/bin/supe

r_prove_noisy smvhd3_prop0_fixed2.aig Initial

PIs 97, POs 1, FF 972, ANDs 6199 x_factor

1.000000 Running pre_simp RUNNING signal

correspondence with constraints Forward,

quick_simp, scorr_constr, trm PIs 97, POs

1, FF 845, ANDs 6056 . . PIs 97, POs 1,

FF 813, ANDs 5661 . Simplify PIs 97, POs

1, FF 800, ANDs 5391 RUNNING signal

correspondence with constraints WRITING

smvhd3_prop0_fixed2_smp.aig PIs 97, POs 1,

FF 800, ANDs 5391 Running abstract Start

PIs 97, POs 1, FF 800, ANDs 5391 Neen

abstraction params Bob 20, Method 3, 50000

conflicts, 5 stable, 62 sec., 200

frames Abstraction good to 12 frames First

abstraction PIs 248, POs 1, FF 649, ANDs

4798, max depth 12 Running simulation

iteratively . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . .

. Iterating BMC or BDD reachability New

abstraction PIs 248, POs 1, FF 649, ANDs

4798, max depth 12 RUNNING bmc3 -C 100000 -T

50.000000 -F 18 CEX in frame 12 for output 0 New

abstraction PIs 235, POs 1, FF 662, ANDs

4868, max depth 12

repeated many

times New abstraction PIs 213, POs 1, FF

684, ANDs 4948, max depth 12 RUNNING bmc3 -C

100000 -T 50.000000 -F 18 CEX in frame 12 for

output 0 New abstraction PIs 212, POs 1, FF

685, ANDs 4951, max depth 12 RUNNING bmc3

-C 100000 -T 50.000000 -F 18 No CEX found in 14

frames Latches reduced from 800 to 685 WRITING

smvhd3_prop0_fixed2_smp_abs.aig PIs 207, POs

1, FF 685, ANDs 4951, max depth

14 Running quick_verify . . PIs 207, POs 1,

FF 685, ANDs 4917, max depth 14 . After

trimming PIs 198, POs 1, FF 683, ANDs

4825, max depth 14 RUNNING interpolation with

10000 conflicts, max 20 sec and 100 frames . .

PIs 198, POs 1, FF 683, ANDs 4825, max

depth 14 . No success, max_depth 14 Running

speculate Running equiv2 with C 100000, T

25.000000 sec., F 200 -S 1 -R 25 Initial

speculation PIs 198, POs 569, FF 370,

ANDs 3803, max depth 14 RUNNING simulation

iteratively . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . .

.

Iterating BMC or BDD reachability Running bmc3 -C

150000 -T 90.000000 -F 21.000000 CEX in frame 20

for output 273 Spec. Red. Miter PIs 198, POs

576, FF 371, ANDs 3842, max depth 19 . .

PIs 198, POs 576, FF 218, ANDs 1364, max

depth 19 Running bmc3 -C 150000 -T 90.000000 -F

28.000000 CEX in frame 20 for output 329 Spec.

Red. Miter PIs 198, POs 575, FF 371, ANDs

3839, max depth 19 . . PIs 198, POs 575,

FF 218, ANDs 1360, max depth 19 Running

bmc3 -C 150000 -T 90.000000 -F 28.000000 BMC/Reach

found true cex Output 0, Frame 21 (Thus

ABSTRACT gave bad model) WRITING

smvhd3_prop0_fixed2_smp_abs_spec.aig PIs 130,

POs 575, FF 182, ANDs 1150, max depth 21,

CEX depth 21 CEX in frame 21 Trying speculate

on initial backup number 0 PIs 97, POs 1, FF

800, ANDs 5391, max depth 21 Running

equiv2 with C 100000, T 25.000000 sec., F

200 -S 1 -R 25 Initial speculation PIs 97,

POs 597, FF 507, ANDs 4595, max depth

21 RUNNING simulation iteratively . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . Iterating BMC or BDD

reachability Running bmc3 -C 150000 -T 90.000000

-F 31.000000 CEX in frame 19 for output 324 Spec.

Red. Miter PIs 97, POs 595, FF 507, ANDs

4595, max depth 21

repeated many times Spec. Red. Miter PIs 97,

POs 585, FF 512, ANDs 4677, max depth

63 . . PIs 97, POs 585, FF 296, ANDs

1674, max depth 63 . Running bmc3 -C 150000 -T

90.000000 -F 94.000000 No cex found in 93

frames RUNNING interpolation with 20000

conflicts, 50 sec, max 100 frames . . PIs 97,

POs 585, FF 276, ANDs 1536, max depth

93 Size unchanged in new SRM . Undecided WRITING

smvhd3_prop0_fixed2_smp_abs_spec_final.aig PIs

47, POs 585, FF 276, ANDs 1526, max depth

93 Time for proof 728.320000 sec. UNDECIDED

but reduced Beginning prove_g_pos Number of

outputs reduced to 5 by induction and fast

interpolation

Trying second level

prove Initial PIs 47, POs

5, FF 276, ANDs 1524, max depth 93 x_factor

1.000000 Running pre_simp Forward, quick_simp,

scorr_constr, trm PIs 47, POs 5, FF 276,

ANDs 1524, max depth 93 . . PIs 47, POs

5, FF 276, ANDs 1524, max depth 93 .

Simplify PIs 47, POs 5, FF 276, ANDs

1524, max depth 93 WRITING smvhd3_prop0_fixed2_s

mp_abs_spec_final_smp.aig PIs 47, POs 5, FF

276, ANDs 1524, max depth 93 Running

abstract Start PIs 47, POs 5, FF 276,

ANDs 1524, max depth 93 Neen abstraction

params Bob 190, Method 3, 50000 conflicts, 5

stable, 62 sec., 1395 frames Abstraction good to

29 frames First abstraction PIs 297, POs 5,

FF 26, ANDs 190, max depth 93 Running

simulation iteratively . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . Iterating BMC or BDD

reachability New abstraction PIs 297, POs

5, FF 26, ANDs 190, max depth 93 RUNNING

bmc3 -C 100000 -T 50.000000 -F 139 No CEX found

in 93 frames Latches reduced from 276 to 26 (Now

ABSTRACT works well) WRITING smvhd3_prop0_fixed2_s

mp_abs_spec_final_smp_abs.aig PIs 93, POs

5, FF 26, ANDs 190, max depth 93

Running quick_verify . . PIs 93, POs 5, FF

26, ANDs 181, max depth 93 Size unchanged in

new SRM . After trimming PIs 93, POs 5, FF

26, ANDs 181, max depth 93 RUNNING

interpolation with 6004 conflicts, max 12 sec and

100 frames undecided Running reachx -t

12 Reachability went to -1 frames, UNSAT WRITING

smvhd3_prop0_fixed2_smp_abs_spec_final_smp_abs_fin

al.aig PIs 93, POs 5, FF 26, ANDs 181,

max depth 93 Time for second level prove

65.370000 sec. Second prove returned

UNSAT UNSAT Total time taken by super_prove

807.590000 sec.

Verification Engines (Summary)

- Simplifiers
- Combinational synthesis
- Sequential synthesis
- Retiming
- Sequential SAT sweeping (k-step induction)
- Re-parametrization (not implemented yet in ABC

currently) - Retiming (most forward and minimum FF)
- Bug-hunters (also part of abstraction methods)
- random simulation (sequential)
- bounded model checking (BMC)
- hybrid of simulation and BMC (semi-formal)
- BDD reachability
- Provers
- K-step induction, with and without constraints
- Interpolation (over-approximate reachability)
- BDDs (exact reachability)
- Explicit state space enumeration (era)

Future Work

- Improved BDD reachability engine (we hope)
- We have three
- One is quite weak (HWMCC08)
- We have just integrated a better one
- May have a much better one later.
- Improved interpolation engine
- Working on a new version
- Improved circuit-based SAT solver
- Currently used in signal correspondence to

simplify larger circuits - Faster but sometimes limited quality
- Will be improved to see if it can compete with

MiniSat 1.14c

To Learn More

- Read recent papers http//www.eecs.berkeley.edu/a

lanmi/publications - Send email
- alanmi_at_eecs.berkeley.edu
- brayton_at_eecs.berkeley.edu
- Visit BVSRC webpage www.bvsrc.org

(No Transcript)

end

About PowerShow.com

PowerShow.com is a leading presentation/slideshow sharing website. Whether your application is business, how-to, education, medicine, school, church, sales, marketing, online training or just for fun, PowerShow.com is a great resource. And, best of all, most of its cool features are free and easy to use.

You can use PowerShow.com to find and download example online PowerPoint ppt presentations on just about any topic you can imagine so you can learn how to improve your own slides and presentations for free. Or use it to find and download high-quality how-to PowerPoint ppt presentations with illustrated or animated slides that will teach you how to do something new, also for free. Or use it to upload your own PowerPoint slides so you can share them with your teachers, class, students, bosses, employees, customers, potential investors or the world. Or use it to create really cool photo slideshows - with 2D and 3D transitions, animation, and your choice of music - that you can share with your Facebook friends or Google+ circles. That's all free as well!

For a small fee you can get the industry's best online privacy or publicly promote your presentations and slide shows with top rankings. But aside from that it's free. We'll even convert your presentations and slide shows into the universal Flash format with all their original multimedia glory, including animation, 2D and 3D transition effects, embedded music or other audio, or even video embedded in slides. All for free. Most of the presentations and slideshows on PowerShow.com are free to view, many are even free to download. (You can choose whether to allow people to download your original PowerPoint presentations and photo slideshows for a fee or free or not at all.) Check out PowerShow.com today - for FREE. There is truly something for everyone!

You can use PowerShow.com to find and download example online PowerPoint ppt presentations on just about any topic you can imagine so you can learn how to improve your own slides and presentations for free. Or use it to find and download high-quality how-to PowerPoint ppt presentations with illustrated or animated slides that will teach you how to do something new, also for free. Or use it to upload your own PowerPoint slides so you can share them with your teachers, class, students, bosses, employees, customers, potential investors or the world. Or use it to create really cool photo slideshows - with 2D and 3D transitions, animation, and your choice of music - that you can share with your Facebook friends or Google+ circles. That's all free as well!

For a small fee you can get the industry's best online privacy or publicly promote your presentations and slide shows with top rankings. But aside from that it's free. We'll even convert your presentations and slide shows into the universal Flash format with all their original multimedia glory, including animation, 2D and 3D transition effects, embedded music or other audio, or even video embedded in slides. All for free. Most of the presentations and slideshows on PowerShow.com are free to view, many are even free to download. (You can choose whether to allow people to download your original PowerPoint presentations and photo slideshows for a fee or free or not at all.) Check out PowerShow.com today - for FREE. There is truly something for everyone!

presentations for free. Or use it to find and download high-quality how-to PowerPoint ppt presentations with illustrated or animated slides that will teach you how to do something new, also for free. Or use it to upload your own PowerPoint slides so you can share them with your teachers, class, students, bosses, employees, customers, potential investors or the world. Or use it to create really cool photo slideshows - with 2D and 3D transitions, animation, and your choice of music - that you can share with your Facebook friends or Google+ circles. That's all free as well!

For a small fee you can get the industry's best online privacy or publicly promote your presentations and slide shows with top rankings. But aside from that it's free. We'll even convert your presentations and slide shows into the universal Flash format with all their original multimedia glory, including animation, 2D and 3D transition effects, embedded music or other audio, or even video embedded in slides. All for free. Most of the presentations and slideshows on PowerShow.com are free to view, many are even free to download. (You can choose whether to allow people to download your original PowerPoint presentations and photo slideshows for a fee or free or not at all.) Check out PowerShow.com today - for FREE. There is truly something for everyone!

For a small fee you can get the industry's best online privacy or publicly promote your presentations and slide shows with top rankings. But aside from that it's free. We'll even convert your presentations and slide shows into the universal Flash format with all their original multimedia glory, including animation, 2D and 3D transition effects, embedded music or other audio, or even video embedded in slides. All for free. Most of the presentations and slideshows on PowerShow.com are free to view, many are even free to download. (You can choose whether to allow people to download your original PowerPoint presentations and photo slideshows for a fee or free or not at all.) Check out PowerShow.com today - for FREE. There is truly something for everyone!

Recommended

«

/ »

Page of

«

/ »

Promoted Presentations

Related Presentations

Page of

Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us Send Us Feedback

Copyright 2018 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.

Copyright 2018 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.

The PowerPoint PPT presentation: "ABC: An Academic " is the property of its rightful owner.

Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!