Design Verification Sequential Equivalence Checking Virendra Singh - PowerPoint PPT Presentation

Design Verification Sequential Equivalence Checking Virendra Singh Associate Professor Computer Architecture and Dependable Systems Lab Department of Electrical Engineering Indian Institute of Technology Bombay http://www.ee.iitb.ac.in/~viren/ E-mail: viren@ee.iitb.ac.in EE-709: Testing & Verification of VLSI Circuits Lecture 13 (12 Feb 2013) CADSL

Solving Circuit Problems as SAT a h f b c d i g e Input Vector Assignment ? ? Primary Output ‘i’ to 1 1 ? ? Input Vector Assignment Primary Output ‘i’ to 12 Feb, 2013 EE-709@IITB 2 CADSL

SAT formulas for simple gates a a c c b b + + + + + + + + ( c a )( c b )( c a b ) ( c a )( c b )( c a b ) a a b c b + + ( a b )( a b ) + + + + ( c a )( c b )( c a b ) 12 Feb, 2013 EE-709@IITB 3 CADSL

Solving circuit problems as SAT • Set of clauses representing function of each gate  Unit literal clause asserting output to Unit literal clause asserting output to ‘1’ ‘1’ + + + + ( b f )( c f )( b c f ) a h + + + + ( d g )( e g )( d e g ) b f + + + + c ( a h )( f h )( a f h ) d g i + + + + ( h i )( g i )( h g i ) e ( i ) 12 Feb, 2013 EE-709@IITB 4 CADSL

Combinational Equivalence Checking (CEC) • Currently most practical and pervasive equivalence checking technology • Nearly full automation possible • Designs of up to several million gates verified in a few hours or minutes • Hierarchical verification deployed • Full chip verification possible • Key methodology: Convert sequential equivalence checking to a CEC problem! – Match Latches & extract comb. portions for EC 12 Feb, 2013 EE-709@IITB 5 CADSL

CEC in Today’s ASIC Design Flow RTL Design CEC Synthesis & Routing optimization CEC CEC ECO DFT insertion CEC IO Insertion CEC Placement CEC Clock tree synthesis 12 Feb, 2013 EE-709@IITB 6 CADSL

Major Industrial Offerings of CEC • Formality (Synopsys) • Conformal Suite (Verplex, now Cadence) • FormalPro (Mentor Graphics) • Typical capabilities of these tools: – Can handle circuits of up to several million gates flat in up to a few hours of runtime – Comprehensive debug tool to pinpoint error- sources – Counter-example display & cross-link of RTL and gate-level netlists for easier debugging – Ability to checkpoint verification process and restart from same point later – What if capability (unique to FormalPro) 12 Feb, 2013 EE-709@IITB 7 CADSL

Combinational Equivalence Checking • Functional Approach  transform output functions of combinational circuits into a unique (canonical) representation  two circuits are equivalent if their representations are identical  efficient canonical representation: BDD • Structural  identify structurally similar internal points  prove internal points (cut-points) equivalent  find implications 12 Feb, 2013 EE-709@IITB 8 CADSL

Functional Equivalence • If BDD can be constructed for each circuit  represent each circuit as shared (multi-output) BDD  use the same variable ordering !  BDDs of both circuits must be identical • If BDDs are too large  cannot construct BDD, memory problem  use partitioned BDD method • decompose circuit into smaller pieces, each as BDD • check equivalence of internal points 12 Feb, 2013 EE-709@IITB 9 CADSL

Functional Decomposition • Decompose each function into functional blocks  represent each block as a BDD ( partitioned BDD method)  define cut-points (z)  verify equivalence of blocks at cut-points F G  starting at primary inputs g 2 f 2 z z g 1 f 1 y y x x 12 Feb, 2013 EE-709@IITB 10 CADSL

Cut-Points Resolution Problem • If all pairs of cut-points ( z 1 ,z 2 ) are equivalent – so are the two functions, F,G • If intermediate functions ( f 2 ,g 2 ) are not equivalent  the functions (F,G) may still be equivalent  this is called false negative F G • Why do we have false negative ? g 2 f 2  functions are represented in terms of intermediate variables z 1 z 2  to prove/disprove equivalence must represent the functions in terms of g 1 f 1 primary inputs (BDD composition) y y x x 12 Feb, 2013 EE-709@IITB 11 CADSL

Cut-Point Resolution – Theory • Let f 1 (x)=g 1 (x) ∀ x – if f 2 (z,y) ≡ g 2 (z,y), ∀ z,y then f 2 (f 1 (x),y) ≡ g 2 (f 1 (x),y) ⇒ F ≡ G – if f 2 (z,y) ≠ g 2 (z,y), ∀ z,y ≠⇒ f 2 (f 1 (x),y) ≠ g 2 (f 1 (x),y) ⇒ F F G ≠ G We cannot say if F ≡ G or not g 2 f 2 • False negative z z – two functions are g 1 f 1 equivalent, but the verification algorithm y y x x declares them as different. 12 Feb, 2013 EE-709@IITB 12 CADSL

Cut-Point Resolution • How to verify if negative is false or true ? • Procedure 1: create a miter (XOR) between two potentially equivalent nodes/functions  perform ATPG test for stuck-at 0 0, F ≡ G (false negative) 1 , F ≠ G (true negative)  find test pattern to prove F ≠ G  efiicient for true negative  (gives test vector , a proof)  inefficient when there is no test F G 12 Feb, 2013 EE-709@IITB 13 CADSL

Cut-Point Resolution • Procedure 2: create a BDD for F ⊕ G  perform satisfiability analysis (SAT) of the BDD • if BDD for F ⊕ G = ∅ , problem is not satisfiable, false negative • BDD for F ⊕ G ≠ ∅ , problem is satisfiable, true negative ∅ , F ≡ G (false negative) F ⊕ G = G F = Non-empty, F ≠ G ⊕ Note: must compose BDDs until they are equivalent, or expressed in terms of primary inputs – the SAT solution, if exists, provides a test vector (proof of non-equivalence) – as in ATPG – unlike the ATPG technique, it is effective for false negative (the BDD is empty!) 12 Feb, 2013 EE-709@IITB 14 CADSL

Sequential Equivalence Checking • Represent each sequential circuit as an FSM – verify if two FSMs are equivalent • Approach 1: Reduction to combinational circuit – unroll FSM over n time frames (flatten the design) x(1) x(2) x(n) … M(t 1 ) M(t 2 ) M(t n ) … s(1) s(2) s(n) Combinational logic: F(x(1,2, …n), s(1,2, … n)) – check equivalence of the resulting combinational circuits – problem: the resulting circuit can be too large too handle 12 Feb, 2013 EE-709@IITB 15 CADSL

Sequential Verification • Approach 2: Based on isomorphism of state transition graphs – two machines M1, M2 are equivalent if their state transition graphs (STGs) are isomorphic – perform state minimization of each machine – check if STG(M1) and STG(M2) are isomorphic 1/0 1/0 State min . 0/1 0/1 0/0 0/0 1/1 0 1 0 1.2 M1 M1 min ≡ 2 1/0 0/1 1/1 1/0 0/1 0/0 0 1 M2 1/1 12 Feb, 2013 EE-709@IITB 16 CADSL

State Minimization X-Successor – If an input sequence X takes a machine from state S i to state S j , then S j is said to be the X-successor of S j Strongly connected:- If for every pair of states (S i, S j ) of a machine M there exists an input sequence which takes M from state S i to S j , then M is said to be strongly connected 12 Feb, 2013 EE-709@IITB 17 CADSL

State Equivalence • Two states S i and S j of machine M are distinguishable if and only if there exists at least one finite input sequence which, when applied to M, causes different output sequences, depending on whether S i or S j is the initial state • The sequence which distinguishes these states is called a distinguishing sequence of the pair (S i, S j ) • If there exists for pair (S i, S j ) a distinguishing sequence of length k, the states in (S i, S j ) are said to be k-distinguishable 12 Feb, 2013 EE-709@IITB 18 CADSL

State Equivalence Machine M1 (A, B) – 1 Distinguishable PS NS, z (A, E) – 3 Distinguishable X = 0 X = 1 Seq - 111 A E, 0 D, 1 B F, 0 D, 0 k -equivalent – The states C E, 0 B, 1 that are not k - D F, 0 B, 0 distinguishable are said to be k-equivalent E C, 0 F, 1 F B, 0 C, 0 Also r-equivalent r<k 12 Feb, 2013 EE-709@IITB 19 CADSL

State Equivalence • States S i and S j of machine M are said to be equivalent if and only if, for every possible input sequence, the same output sequence will be produced regardless of whether S i or S j is the initial state • States that are k-equivalent for all k < n-1, are equivalent • S i = S j , and S j = S k , then S i = S k 12 Feb, 2013 EE-709@IITB 20 CADSL

State Equivalence • The set of states of a machine M can be partitioned into disjoint subsets, known as equivalence classes • Two states are in the same equivalence class if and only if they are equivalent, and are in different classes if and only if they are distinguishable Property: If S i and S j are equivalent states, their corresponding X-successors, for all X, are also equivalent 12 Feb, 2013 EE-709@IITB 21 CADSL

State Minimization Procedure 1. Partition the states of M into subsets s.t. all states in same subset are 1-equivalent 2. Two states are 2-equivalent iff they are 1-equivalent and their I i successors, for all possible I i , are also 1- equivalent P0 = (ABCDEF) PS NS, z X = 0 X = 1 P1 = (ACE), (BDF) A E, 0 D, 1 B F, 0 D, 0 P2 = (ACE), (BD), (F) C E, 0 B, 1 P3 = (AC), (E), (BD), D F, 0 B, 0 (F) E C, 0 F, 1 F B, 0 C, 0 P4 = (AC), (E), (BD), (F) 12 Feb, 2013 EE-709@IITB 22 CADSL