ECE 667 Spring 2011 Synthesis and Verification of

ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Combinational Equivalence Checking ECE 667 - Synthesis & Verification 1

Equivalence Checking • Two circuits are functionally equivalent if they exhibit the same behavior • Combinational circuits In – for all possible input values • Sequential circuits – for all possible input sequences Out CL PI Po CL Ps Ns R ECE 667 - Synthesis & Verification 2

Application of EC in Microprocessor Designs Architectural Specification (informal) Cycle Simulation Test Programs RTL Specification (Verilog, VHDL) Circuit Implementation (Gate level) Equivalence Checking Circuit Simulation Layout Implementation (GDS II) ECE 667 - Synthesis & Verification 3

Application of EC in ASIC Designs RTL Specification Cell-Based Synthesis Equivalence Checking Standard Cell Implementation Engineering Changes (ECOs) Equivalence Checking Final Implementation ECE 667 - Synthesis & Verification 4

Combinational Equivalence Checking • Functional Approach – transform output functions of combinational circuits into a unique (canonical) representation – two circuits are equivalent if their representations are identical – efficient canonical representation: BDD, BMD, etc. • Structural – identify structurally similar internal points – prove internal points (cut-points) equivalent – find implications ECE 667 - Synthesis & Verification 5

Functional Equivalence • Circuits for which BDD can be constructed – represent multi-output circuits as shared BDDs – BDDs must be identical (for the same variable ordering) • Circuits whose BDDs are too large – cannot construct BDDs, memory problem – use partitioned BDD method • decompose circuit into smaller pieces, each as BDD • check equivalence of internal points (cut-point method) ECE 667 - Synthesis & Verification 6

EC Methods Degree of Structural Difference Structureindependent techniques Combined methods Structural techniques Structure-independent techniques: • exhaustive simulation • decision diagrams (*DD*) Structural techniques: • graph hashing • SAT solvers including learning techniques ECE 667 - Synthesis & Verification Size 7

Functional (structure-independent) Methods • Decompose each function into functional blocks – represent each block as a BDD (partitioned BDD method) – define cut-points (z) – verify equivalence of blocks at cut-points starting at primary inputs F G g 2 f 2 z z g 1 f 1 x ECE 667 - Synthesis & Verification y x y 8

Cut-point based EC Cut-points are used to partition the Miter v 1 f 3 f 1 f 2 v 2 0? x 0? v 1 f 2 f 3 v 2 Cut-point guessing: • Compute net signature with random simulator • Sort signatures + select cut-points • Iteratively verify and refine cut-points • Verify outputs ECE 667 - Synthesis & Verification 9

Cut-Points Resolution Problem • If all pairs of cut-points (z 1, z 2) are equivalent – so are the two functions, F, G • If intermediate functions (f 2, g 2) are not equivalent – the functions (F, G) may still be equivalent – this is called false negative F • Why do we have false negative ? – functions are represented in terms of intermediate variables – to prove/disprove equivalence must represent the functions in terms of primary inputs (BDD composition) ECE 667 - Synthesis & Verification G g 2 f 2 z 1 z 2 g 1 f 1 x y 10

Cut-Point Resolution – Theory • Let f 1(x)=g 1(x) x – if f 2(z, y) g 2(z, y), z, y then f 2(f 1(x), y) g 2(f 1(x), y) F G – if f 2(z, y) g 2(z, y), z, y F G g 2 f 2 z z x y x ECE 667 - Synthesis & Verification f 2(f 1(x), y) g 2(f 1(x), y) F G We cannot say if F G or not • False negative – two functions are equivalent, but the verification algorithm declares them as different. g 1 f 1 y 11

Cut-Point Resolution – cont’d • How to verify if negative is false or true ? • Procedure 1: create a miter (XOR) between two potentially equivalent nodes/functions – perform ATPG test for stuck-at 0 – find test pattern to prove F G – efficient for true negative (gives test vector, a proof) – inefficient when there is no test 0, F G (false negative) 1, F G (true negative) F ECE 667 - Synthesis & Verification G 12

Cut-Point Resolution – cont’d • Procedure 2: create a BDD for F G – perform satisfiability analysis (SAT) of the BDD • if BDD for F G = , problem is not satisfiable, false negative • BDD for F G , problem is satisfiable, true negative G F F = G = , F G (false negative) Non-empty, F G Note: must compose BDDs until they are equivalent, or expressed in terms of primary inputs – the SAT solution, if exists, provides a test vector (proof of non-equivalence) – as in ATPG – unlike the ATPG technique, it is effective for false negative (the BDD is empty!) ECE 667 - Synthesis & Verification 13

Structural Equivalence Check • Given two circuits, each with its own structure – identify “similar” internal points, cut sets – exploit internal equivalences • False negative problem may arise – F G, but differ structurally (different local support) – verification algorithm declares F, G as different a b • d 1 F a b c • d 2 G • Solution: use BDD-based or ATPG-based methods to resolve the problem. Also: implication, learning techniques. ECE 667 - Synthesis & Verification 14

Implication Techniques • Techniques that extract and exploit internal correspondences to speed up verification • Implications – direct and indirect b=x d=0 f=0 a=1 c=x e=0 Direct: a=1 f=0 ECE 667 - Synthesis & Verification b=x d=x f=1 a=0 c=x e=x Indirect (learning): f=1 a=0 15

Learning Techniques • Learning – process of deriving indirect implications – Recursive learning • recursively analyzes effects of each justification – Functional learning • uses BDDs to learn indirect implications G H a a b c H G=1 a b 0 b 1 0 1 G=1 H=0 ECE 667 - Synthesis & Verification 16

Learning Techniques –cont’d • Other methods to check implications G=1 H=0 – Build a BDD for G • H’ • If this function is satisfiable, the implication holds and gives a test vector • Otherwise it does not hold – Since G=1 H=0 (G’+H’)=1, build a BDD for (G’+H’) • The implication holds if (G’+H’)=1 (tautology) a b c ECE 667 - Synthesis & Verification H G=1 17

Summary • Industrial EC checkers almost exclusively use a combinational EC paradigm – sequential EC is too complex, can only be applied to design with a few hundred state bits – combinational methods scale linearly with the design size for a given fixed size and “functional complexity” of the individual cones • Still, pure BDDs and plain SAT solvers cannot handle all logic cones – BDDs can be built for about 80% of the cones of high-speed designs – less for complex ASICs – plain SAT blows up on a “Miter” structure • Contemporary method highly exploit structural similarity of designs to be compared ECE 667 - Synthesis & Verification 18