Andreas Kuehlmann

Equivalence checking using cuts and heaps

This paper presents a verification technique which isspecifically targeted to formally comparing large combinational circuits with some structural similarities. The approach combines the application of BDDs withcircuit graph hashing, automatic insertion of multiple cut frontiers, and a controlled elimination of false negative verification results caused by the cuts. Twoideas fundamentally distinguish the presented technique from previous approaches. First, originating from the cut frontiers, multiple BDDs are computedfor the internal nets of the circuit, and second, theBDD propagation is prioritized by size and discontinued once a given limit is exceeded.

Circuit-based Boolean Reasoning

Many tasks in CAD, such as equivalence checking, property checking, logic synthesis, and false paths analysis require efficient Boolean reasoning for problems derived from circuit structures. Traditionally, canonical representations, e.g., BDDs, or SAT-based search methods are used to solve a particular class of problems. In this paper we present a combination of techniques for Boolean reasoning based on BDDs, structural transformations, and a SAT procedure natively working on a shared graph representation of the problem. The described intertwined integration of the three techniques results in a robust summation of their orthogonal strengths. Our experiments demonstrate the effectiveness of the approach.

A fast pseudo-Boolean constraint solver

Linear Pseudo-Boolean (LPB) constraints denote inequalities between arithmetic sums of weighted Boolean functions and provide a significant extension of the modeling power of purely propositional constraints. They can be used to compactly describe many discrete EDA problems with constraints in linearly combined, parameterized weights, yet also offer efficient search strategies for proving or disproving whether a satisfying solution exists. Furthermore, corresponding decision procedures can easily be extended for minimizing or maximizing an LPB objective function, thus providing a core optimization method for many problems in logic and physical synthesis. In this paper, we review how recent advances in satisfiability (SAT) search can be extended for pseudo-Boolean constraints and describe a new LPB solver that is based on generalized constraint propagation and conflict-based learning.Linear pseudo-Boolean (LPB) constraints denote inequalities between arithmetic sums of weighted Boolean functions and provide a significant extension of the modeling power of purely propositional constraints. They can be used to compactly describe many discrete electronic design automation problems with constraints on linearly combined, weighted Boolean variables, yet also offer efficient search strategies for proving or disproving whether a satisfying solution exists. Furthermore, corresponding decision procedures can easily be extended for minimizing or maximizing an LPB objective function, thus providing a core optimization method for many problems in logic and physical synthesis. In this paper, we review how recent advances in satisfiability search can be extended for pseudo-Boolean constraints and describe a new LPB solver that is based on generalized constraint propagation and conflict-based learning. We present a comparison with other, state-of-the-art LPB solvers which demonstrates the overall efficiency of our method.

An analysis of SAT-based model checking techniques in an industrial environment

Model checking is a formal technique for automatically verifying that a finite-state model satisfies a temporal property. In model checking, generally Binary Decision Diagrams (BDDs) are used to efficiently encode the transition relation of the finite-state model. Recently model checking algorithms based on Boolean satisfiability (SAT) procedures have been developed to complement the traditional BDD-based model checking. These algorithms can be broadly classified into three categories: (1) bounded model checking which is useful for finding failures (2) hybrid algorithms that combine SAT and BDD based methods for unbounded model checking, and (3) purely SAT-based unbounded model checking algorithms. The goal of this paper is to provide a uniform and comprehensive basis for evaluating these algorithms. The paper describes eight bounded and unbounded techniques, and analyzes the performance of these algorithms on a large and diverse set of hardware benchmarks.

Dynamic transition relation simplification for bounded property checking

Bounded model checking (BMC) is an incomplete property checking method that is based on a finite unfolding of the transition relation to disprove the correctness of a set of properties or to prove them for a limited execution length from the initial states. Current BMC techniques repeatedly concatenate the original transition relation to unfold the circuit with increasing depths. In this paper we present a method that is based on a dual unfolding scheme. The first unfolding is non-initialized and progressively simplifies concatenated frames of the transition relation. The tail of the simplified frames is then applied in the second unfolding, which starts from the initial state and checks the properties. We use a circuit graph representation for all functions and perform simplification by merging vertices that are functionally equivalent under given input constraints. In the noninitialized unfolding, previous time frames progressively tighten these constraints thus leading to an asymptotic simplification of the transition relation. As a side benefit, our method can find inductive invariants constructively by detecting when vertices are functionally equivalent across time frames. This information is then used to further simplify the transition relation and, in some cases, prove unbounded correctness of properties. Our experiments using industrial property checking problems demonstrate that the presented method significantly improves the efficiency of BMC.

Verity—a formal verification program for custom CMOS circuits

In an effort to fully exploit CMOS performance, custom design techniques are used extensively in commercial microprocessor design. However, given the complexity of current generation processors and the necessity for manual designer intervention throughout the design process, proving design correctness is a major concern. In this paper we discuss Verity, a formal verification program for symbolically proving the equivalence between a high-level design specification and a MOS transistor-level implementation. Verity applies efficient logic comparison techniques which implicitly exercise the behavior for all possible input patterns. For a given register-transfer level (RTL) system model, which is commonly used in present-day methodologies, Verity validates the transistor implementation with respect to functional simulation and verification performed at the RTL level. ∗Copyright c ©1994 International Business Corporation This document has been published in the IBM Journal on Research and Development, January 1995.

Multi-Domain Clock Skew Scheduling

The application of general clock skew scheduling is practicallylimited due to the difficulties in implementing a wide spectrum ofdedicated clock delays in a reliable manner. This results in a significantlimitation of the optimization potential. As an alternative,the application of multiple clocking domains with dedicatedphase shifts that are implemented by reliable, possibly expensivedesign structures can overcome these limitations and substantiallyincrease the implementable optimization potential of clock adjustments.In this paper we present an algorithm for constrained clockskew scheduling which computes for a given number of clockingdomains the optimal phase shifts for the domains and the assignmentof the individual registers to the domains. For the within-domainlatency values, the algorithm can assume a zero-skew clockdelivery or apply a user-provided upper bound. Our experimentsdemonstrate that a constrained clock skew schedule using a fewclocking domains combined with small within-domain latency canreliably implement the full sequential optimization potential to dateonly possible with an unconstrained clock schedule.

Error Diagnosis for Transistor-Level Verification

This paper describes a diagnosis technique for locating design errors in circuit implementations which do not match their functional specification. The method efficiently propagates mismatched patterns from erroneous outputs backward into the network and calculates circuit regions which most likely contain the error(s). In contrast to previous approaches, the described technique does not depend on a fixed set of error models. Therefore, it is more general and especially suitable for transistor-level circuits, which have a broader variety of possible design errors than gate-level implementations. Furthermore, the proposed method is also applicable for incomplete sets of mismatched patterns and hence can be used not only as a debugging aid for formal verification techniques but also for simulation based approaches. Experiments with industrial CMOS circuits show that for most design errors the identified problem region is less than 3% of the overall circuit.

Scalable Automated Verification via Expert-System Guided Transformations

Transformation-based verification has been proposed to synergistically leverage various transformations to successively simplify and decompose large problems to ones which may be formally discharged. While powerful, such systems require a fair amount of user sophistication and experimentation to yield greatest benefits – every verification problem is different, hence the most efficient transformation flow differs widely from problem to problem. Finding an efficient proof strategy not only enables exponential reductions in computational resources, it often makes the difference between obtaining a conclusive result or not. In this paper, we propose the use of an expert system to automate this proof strategy development process. We discuss the types of rules used by the expert system, and the type of feedback necessary between the algorithms and expert system, all oriented towards yielding a conclusive result with minimal resources. Experimental results are provided to demonstrate that such a system is able to automatically discover efficient proof strategies, even on large and complex problems with more than 100,000 state elements in their respective cones of influence. These results also demonstrate numerous types of algorithmic synergies that are critical to the automation of such complex proofs.

Enhancing simulation with BDDs and ATPG

We introduce SImulation Verification with Augmentation (SIVA), a tool for checking safety properties on digital hardware designs. SIVB integrates simulation with symbolic techniques for vector generation. Specifically, the core algorithm uses a combination of ATPG and BDDs to generate input vectors which cover behavior not excited by simulation. Experimental results demonstrate considerable improvement in state space coverage compared with either simulation or formal verification in isolation.