Upload
vodat
View
220
Download
0
Embed Size (px)
Citation preview
1. Logic verification
Tutorial on Formal Verification-
1-1
1Logic verification
© HE99
�Basic principles of OBDD´s�Variable ordering�Network of gates => OBDD´s�FDD´s and OKFDD´s�Reasoning abou t circuits�Structural method s�Satisfiability checker
2Logic verification
© HE99
�The basic problem: prove that two circuits implement thesame boo lean function, i.e., that f ≡≡ g is a tautology
ab
a
b
ab
f
&
&
g&&
=1
f ≡ g = f*g + f*g
≡ ≡ 1
1. Logic verification
Tutorial on Formal Verification-
1-2
3Logic verification
© HE99
�Ordered Binary Decision Diagrams�Decision d iagrams:
➤ one of many possible representations of boo leanfunctions
➤ based on Boole´s expansion theorem (1849)(also att ributed to Shannon)
➤ seminal paper by Bryant (1986) on the application tologic verification
Basic principles of OBDD´s
4Logic verification
© HE99
0 0 0 0 00 0 0 1 00 0 1 0 00 0 1 1 00 1 0 0 00 1 0 1 00 1 1 0 00 1 1 1 01 0 0 0 01 0 0 1 01 0 1 0 01 0 1 1 01 1 0 0 01 1 0 1 01 1 1 0 01 1 1 1 1
��
a b c d f
f(0, b, c, d)
f(1, b, c, d)
Principle:"Divide and conqu er"
two subfunctions thatdo not depend on variable a
1. Logic verification
Tutorial on Formal Verification-
1-3
5Logic verification
© HE99
0 0 0 0 00 0 0 1 00 0 1 0 00 0 1 1 00 1 0 0 00 1 0 1 00 1 1 0 00 1 1 1 01 0 0 0 01 0 0 1 01 0 1 0 01 0 1 1 01 1 0 0 01 1 0 1 01 1 1 0 01 1 1 1 1
��
a b c d f
f(0, b, c, d)
f(1, b, c, d)
0 0 0 00 0 1 00 1 0 00 1 1 01 0 0 01 0 1 01 1 0 01 1 1 0
0 0 0 00 0 1 00 1 0 00 1 1 01 0 0 01 0 1 01 1 0 01 1 1 1
f(0, b, c, d) f(1, b, c, d)
f
a0 1
f = a*f(0, b, c, d) + a*f(1, b, c, d)
6Logic verification
© HE99
�Notation:
➤ f(0,b,c,d) and f(1,b,c,d) are the cofactors of f w.r.t. a➤ we write also fa and fa , respectively➤ Boole´s expansion theorem:
f = a*fa + a*fa
1. Logic verification
Tutorial on Formal Verification-
1-4
7Logic verification
© HE99
c0 1
c0 1
b0 1
a0 1
1 1
c0 1
b0 1
c0 1
0 1 1 0 0 0
function values
0 0 0 00 0 1 10 1 0 10 1 1 01 0 0 11 0 1 01 1 0 01 1 1 1
a b c a b c⊕ ⊕a b c⊕ ⊕
�Apply Boole´s theorem to all variables: decision tree
➤ example: XOR in three variables
8Logic verification
© HE99�Variable ordering: order of application o f Boole´stheorem
c0 1
c0 1
b0 1
a0 1
1 1
c0 1
b0 1
c0 1
0 1 1 0 0 0
a b c⊕ ⊕variable order a, b, c
1. Logic verification
Tutorial on Formal Verification-
1-5
9Logic verification
© HE99
c0 1
c0 1
b0 1
a0 1
1 1
c0 1
b0 1
c0 1
0 1 1 0 0 0
�Observation: there are identical subtrees
10Logic verification
© HE99
b b
c c
0 1
a0
0
0
0
0
1
1
1 1
10 0 0 00 0 1 10 1 0 10 1 1 01 0 0 11 0 1 01 1 0 01 1 1 1
a b c a b c⊕ ⊕
�Sharing o f subtrees => decision g raph
1. Logic verification
Tutorial on Formal Verification-
1-6
11Logic verification
© HE99Shannon : A symbolic analysis of relay and swi tchingcircuits (1938)
12Logic verification
© HE99Some simple examples of decision d iagrams:
a0 1
0 1
a0 1
01
a
0 1
0 1
0
b1
a
0
1
0 1
0 b1
a a
a+b a * b
1. Logic verification
Tutorial on Formal Verification-
1-7
13Logic verification
© HE99AND, OR, XOR in n variables
☛ #nod es grows linearly for AND, OR and XOR
0
1
0 1
0
1
x1
x2
1xn
0
...
01
0 1
0
1
x1
x2
1xn
0
..
.xn xn
0 1
0 01 1
x2 x2
x10
0 0
1
1 1
...
14Logic verification
© HE99Many types of decision d iagramsmost favoured and successfull OBDD's (Ordered BinaryDecision Diagrams, Bryant ´86)properties of OBDD´s:
➤ same variable ordering on all paths ("ordered")— associate an index index(x) with each variable x— if var(v) is the variable associated with nod e v
then index(var(v)) is smaller than the index of allsuccessor nod es
➤ " reduced" :— there are no two nod es that represent the same
function— the two successors of each nod e are not
identical
1. Logic verification
Tutorial on Formal Verification-
1-8
15Logic verification
© HE99
a
0
1
01
0b
1b
0 1
a
0
1
01
b1
0
16Logic verification
© HE99�Given a variable ordering, OBDD´s are canonicalrepresentations of boo lean functions�two circuits implement the same boo lean function <=>the two OBDD´s are identical
=
a
b b
0 1
1
1
0
0 01
a
b b
0 1
1
1
0
0 01
ab
a
b
ab
f
g
&
&
&&
=1
1. Logic verification
Tutorial on Formal Verification-
1-9
17Logic verification
© HE99�SN 74181 ALU:
&
&1
&
&
&
&
1
1
&
&
&
&1
&
&1
&
&
&
&
1
1
&
&
&
&1
&
1&
&
&
&
&
&
&
&
&
&1
1
&
&
&
&
&1
&
=1
=1
3
2
1
0
2
0
1
1
2
3
n
n+4
D
E
Q
S
B
A
Mc
G
c
P
F
F
A=B
F
F
SSS
3
A
3
2
2
E
1
1
3
D
B
B
A
D
E
E
D
B
A0
0
0
3
2
1
0
3
2
1
0
Q
Q
Q=1
=1
=1
=1
=1
=1
=1
18Logic verification
© HE99
s3s2s1
s0
�SN 74181 OBDD ("shared OBDD" for several outputs):
b3
b2
b1
b0
a3
a2
a1
a0mc
g c4 p f3 f2 aeqb f1 f0
1. Logic verification
Tutorial on Formal Verification-
1-10
19Logic verification
© HE99
&
&1
&
&
&
&
1
1
&
&
&
&1
&
&1
&
&
&
&
1
1
&
&
&
&1
&
1&
&
&
&
&
&
&
&
&
&1
1&
&
&
&
&1
&
=1
=1
3210
2
0
1
1
2
3
n
n+4
D
E
Q
S
B
A
Mc
G
c
P
F
F
A=B
F
F
SSS
3
A
3
2
2
E
1
1
3
D
B
B
A
D
E
E
D
B
A 0
0
0
3
2
1
0
3
2
1
0
Q
Q
Q=1
=1
=1
=1
=1
=1
=1
Implementation 2:=
OBDD´s
&
&1
&
&
&
&
1
1
&
&
&
&1
&
&1
&
&
&
&
1
1
&
&
&
&1
&
1&
&
&
&
&
&
&
&
&
&1
1&
&
&
&
&1
&
=1
=1
3210
2
0
1
1
2
3
n
n+4
D
E
Q
S
B
A
Mc
G
c
P
F
F
A=B
F
F
SSS
3
A
3
2
2
E
1
1
3
D
B
B
A
D
E
E
D
B
A0
0
0
3
2
1
0
3
2
1
0
Q
Q
Q=1
=1
=1
=1
=1
=1
=1
Implementation 1:
20Logic verification
© HE99
TransistorNetlist
LayoutExtraction
TransistorNetlist
OBDD OBDD
Extraction
VHDL-Description
Specification
Synthesis
Synthesis
Synthesis Verification
Combination of synthesis, extraction, verification(BULL, AT&T, ...):
=
1. Logic verification
Tutorial on Formal Verification-
1-11
21Logic verification
© HE99➤ OBDD´s become even more compact, if inverted
edges are provided. Example:
1
a
b b
c c
d d
e e
f f
g g
11 00
11 00
11 00
11 00
11 00
10
0
11 00
1
a
b
c
d
e
f
g
0 1
0 1
0 1
0 1
0 1
0 1
0 1
22Logic verification
© HE99
#nod es depends critically on the variable ordering
➤ class ical example (Bryant ´86): f = x1x2 + x3x4 + x5x6x1
x3
x2
10
0
x5
x4
10
0
0
x6
10
0
1
1
1
x1
x3
10
0
x60
1
1
x3
x5
0 1
x5x5
0 1
x5
x2
0 1
x2x2
0 1
x2
11x4 x4
0 1
11 00
0 1 0 011 00
Variable ordering
1. Logic verification
Tutorial on Formal Verification-
1-12
23Logic verification
© HE99
➤ n-bit adder:— variable ordering R1: an, bn, an-1, bn-1,..., a0, b0
— variable ordering R2: an, an-1,..., a0, bn, bn-1,..., b0
n= 8 16 32 64
time 0.02 0.03 0.11 0.19#nod es 35 75 155 315
time 0.39 16.34#nod es 750 196574
R1:
R2: �� ��
24Logic verification
© HE99�Heuristics to determine a "goo d" variable ordering
➤ example: distribution o f a "weight"
➤ sum of weights: x=1/2, y=1/4, z=1/4,=> develop for x first
y
z
x
x1
1/2
1/2
1/4
1/4
1/4
1/4
1/21/4
1/4
1. Logic verification
Tutorial on Formal Verification-
1-13
25Logic verification
© HE99
➤ delete variable and iterate
sum now: y=3/4, z=1/4,=> y is second variable
➤ hence variable ordering x, y, z
y
z
11/2
1/21/2
1/4
1/4
3/4
3/4
26Logic verification
© HE99
�Sifting: dynamic variable ordering (Rudell ICCAD´93)
➤ basic s tep: exchange adjacent variables (Fujita et al.EDAC´91)
b b
c c
0 1
a0
0
0
0
0
1
1
1 1
1
1. Logic verification
Tutorial on Formal Verification-
1-14
27Logic verification
© HE99
➤ Principle: exchange 0-1 and 1-0 path
c c
b0 1
1 10 0
g0 g1 g2 g3
b b
c0 1
1 10 0
g0 g2 g1 g3
28Logic verification
© HE99
�Sifting: dynamic variable ordering
➤ basic s tep: exchange adjacent variables
b b
c c
0 1
a0
0
0
0
0
1
1
1 1
1 c c
b b
0 1
a0
0
0
0
0
1
1
1 1
1
1. Logic verification
Tutorial on Formal Verification-
1-15
29Logic verification
© HE99
�Sifting procedure:
➤ find variable with max. #nodes (the " thickest" part ofan OBDD)
➤ shift variable over OBDD by pairwise exc hange ofadjacent variables until #nod es becomes minimum
0 1
minimum
30Logic verification
© HE99
1. Logic verification
Tutorial on Formal Verification-
1-16
31Logic verification
© HE99
32Logic verification
© HE99
1. Logic verification
Tutorial on Formal Verification-
1-17
33Logic verification
© HE99
34Logic verification
© HE99
1. Logic verification
Tutorial on Formal Verification-
1-18
35Logic verification
© HE99
36Logic verification
© HE99
1. Logic verification
Tutorial on Formal Verification-
1-19
37Logic verification
© HE99
38Logic verification
© HE99
➤ in detail:
V3
V4 V4
V5 V5
1
V3
1
V4
V3
V5 V5
1 0
1. Logic verification
Tutorial on Formal Verification-
1-20
39Logic verification
© HE99
40Logic verification
© HE99
1. Logic verification
Tutorial on Formal Verification-
1-21
41Logic verification
© HE99
42Logic verification
© HE99
1. Logic verification
Tutorial on Formal Verification-
1-22
43Logic verification
© HE99
44Logic verification
© HE99
1. Logic verification
Tutorial on Formal Verification-
1-23
45Logic verification
© HE99
46Logic verification
© HE99
1. Logic verification
Tutorial on Formal Verification-
1-24
47Logic verification
© HE99
48Logic verification
© HE99
1. Logic verification
Tutorial on Formal Verification-
1-25
49Logic verification
© HE99
50Logic verification
© HE99
1. Logic verification
Tutorial on Formal Verification-
1-26
51Logic verification
© HE99
52Logic verification
© HE99
1. Logic verification
Tutorial on Formal Verification-
1-27
53Logic verification
© HE99
54Logic verification
© HE99
1. Logic verification
Tutorial on Formal Verification-
1-28
55Logic verification
© HE99
56Logic verification
© HE99
1. Logic verification
Tutorial on Formal Verification-
1-29
57Logic verification
© HE99
58Logic verification
© HE99
??
0
a
0
1
c
0
b1
0
1
1
Network of gates => OBDD´s
c&
a
b≥1
1. Logic verification
Tutorial on Formal Verification-
1-30
59Logic verification
© HE99
C-programC-program ≥1
�Traverse network from inpu ts to outputs + build OBDD´s
*
C-programTraverser
C-program &c
&a
b≥1
a0 1
0 1
b0 1
0 1
60Logic verification
© HE99�Traverse network from inpu ts to outputs + build OBDD´s
C-programTraverser
C-programc
&a
b≥1
a0 1
0 1
b0 1
0 1
a
0 1
0 1
0
b1
0 1
0 1
cC-program ≥1
C-program &C-program ≥1C-program ≥1
1. Logic verification
Tutorial on Formal Verification-
1-31
61Logic verification
© HE99
C-programC-program ≥1
�Traverse network from inpu ts to outputs + build OBDD´s
C-programTraverser
C-program &c
&a
b≥1
a0 1
0 1
b0 1
0 1
a
0 1
0 1
0
b1
0 1
0 1
c
0
a
0
1
c
0
b1
0
1
1
C-program &
62Logic verification
© HE99
�How does, e.g., the C-program & work?�basis: orthogon ali ty of Boolean expansion, i.e.,
f+g = x*(fx + gx) + x*(fx + gx),
f*g = x*(fx * gx) + x*(fx * gx),
f = x*fx + x*fx
*x
g
0 0x
f
1 1
fx fx gx gx
* *
1. Logic verification
Tutorial on Formal Verification-
1-32
63Logic verification
© HE99
function AND(bdd 1, bdd2):
IF bdd 1=0 OR bdd 2=0 THEN return 0;
ELSEIF bdd 1=1 THEN return bdd2;
ELSEIF bdd 2=1 THEN return bdd1;
ELSE var1:=var(bdd 1);var2:=var(bdd 2);
IF var1=var2 THEN x:=var1; v0:= AND(low(bdd1), low(bdd2)), v1:= AND(high(bdd1),high(bdd 2));
ELSEIF index(var1) < index(var2) THEN x:=var1; v0:= AND(low(bdd 1), bdd2), v1:= AND(high(bdd1), bdd 2); ELSEIF ... IF v0 = v1 THEN return v0 ELSE return (x,v0,v1); ...
�The AND-Operation between two OBDD´s bdd1 and bdd 2
➤ assume nod es of form (x,v0,v1)
var low high
64Logic verification
© HE99
a
0 1
0 1
0
b1
3
*c
0 1
0 14
bdd 1 bdd 2
var1=a var2=c => index(var1) < index(var2)
35
4c
&
a
b≥1
1. Logic verification
Tutorial on Formal Verification-
1-33
65Logic verification
© HE99
a
0 1
0 1
0
b1
3
*c
0 1
0 14
bdd 1 bdd 2
var1=a var2=c => index(var1) < index(var2)
x:=var1 := a v0:= and(low(bdd 1),bdd2), v1:= and(high(bdd 1),bdd 2)
35
4c
&
a
b≥1
66Logic verification
© HE99
a
0 1
0 1
0
b1
3
*c
0 1
0 14
bdd 1 bdd 2
var1=b var2=c => index(var1) < index(var2)
35
4c
&
a
b≥1
1. Logic verification
Tutorial on Formal Verification-
1-34
67Logic verification
© HE99
a
0 1
0 1
0
b1
3
*c
0 1
0 14
0
a
0
1
c
0
b1
0
1
1
5
bdd 1 bdd 2
var1=b var2=c => index(var1) < index(var2)
x:=var1 := b v0:= and(low(bdd 1),bdd2), v1:= and(high(bdd 1),bdd 2)
35
4c
&
a
b≥1
68Logic verification
© HE99
var2=c => index(var1) < index(var2)
x:=var1 := b v0:= and(low(bdd 1),bdd2), v1:= and(high(bdd 1),bdd 2)
3
*c
0 1
0 14
0
a
0
1
c
0
b1
0
1
1
5
bdd 1 bdd 2
var1=b
35
4c
&
a
b≥1
a
0 1
0 1
0
b1
1. Logic verification
Tutorial on Formal Verification-
1-35
69Logic verification
© HE99
var2=c => index(var1) < index(var2)
x:=var1 := b v0:= and(low(bdd 1),bdd2), v1:= and(high(bdd 1),bdd 2)
var2=c
a
0 1
0 1
0
b1
3
*c
0 1
0 14
bdd 1 bdd 2
0
a
0
1
c
0
b1
0
1
1
5
35
4c
&
a
b≥1
bdd 1 bdd 2
var1=b
��
70Logic verification
© HE99
*c
0 1
0 14
bdd 1 bdd 2
var1=a var2=c => index(var1) < index(var2)
x:=var1 := a v0:= and(low(bdd 1),bdd2), v1:= and(high(bdd 1),bdd 2)
0
a
0
1
c
0
b1
0
1
1
5
35
4c
&
a
b≥1
�
a
0 1
0 1
0
b1
3
1. Logic verification
Tutorial on Formal Verification-
1-36
71Logic verification
© HE99
var2=c => index(var1) < index(var2)
x:=var1 := a v0:= and(low(bdd 1),bdd2), v1:= and(high(bdd 1),bdd 2)
a
0 1
0 1
0
b1
3
*c
0 1
0 14
bdd 1 bdd 2
var1=a
0
a
0
1
c
0
b1
0
1
1
5
35
4c
&
a
b≥1
72Logic verification
© HE99
var2=c => index(var1) < index(var2)
x:=var1 := a v0:= and(low(bdd 1),bdd2), v1:= and(high(bdd 1),bdd 2)
a
0 1
0 1
0
b1
3
*c
0 1
0 14
bdd 1 bdd 2
var1=a
0
a
0
1
c
0
b1
0
1
1
5
35
4c
&
a
b≥1
��
1. Logic verification
Tutorial on Formal Verification-
1-37
73Logic verification
© HE99
➤ problem:
1
a
b b
c c
d d
e e
f f
g g
11 00
11 00
11 00
11 00
11 00
10
0
11 00
0
a
b b
c c
d d
e e
f f
g g
11 00
11 00
11 00
11 00
11 00
10
1
11 00
a b c d e f g⊕ ⊕ ⊕ ⊕ ⊕ ⊕
a b c d e f g⊕ ⊕ ⊕ ⊕ ⊕ ⊕
*
74Logic verification
© HE99
1
a
b b
c c
d d
e e
f f
g g
11 00
11 00
11 00
11 00
11 00
10
0
11 00
0
a
b b
c c
d d
e e
f f
g g
11 00
11 00
11 00
11 00
11 00
10
1
11 00
*
* *
*
1. Logic verification
Tutorial on Formal Verification-
1-38
75Logic verification
© HE99
�"OBDD-packages" maintain two tables:
➤ the computed table ct has entries of the form
ct stores results ca lculated before
➤ the unique table ut has entries of the form
x v0 v1
Operation bdd 1 bdd 2 Result bdd
76Logic verification
© HE99
function AND(bdd 1, bdd2):
IF (AND,bdd 1,bdd 2,x) ∈∈ ct THEN return x;
IF bdd 1=0 OR bdd 2=0 THEN return 0;
ELSEIF bdd 1=1 THEN return bdd2;
ELSEIF bdd 2=1 THEN return bdd1;
ELSE var1:=var(bdd 1);var2:=var(bdd 2);
IF var1=var2 THEN x:=var1; v0:= AND(low(bdd1), low(bdd2)), v1:= AND(high(bdd1),high(bdd 2));
ELSEIF index(var1) < index(var2) THEN x:=var1; v0:= AND(low(bdd 1), bdd2), v1:= AND(high(bdd1), bdd 2); ELSEIF ... IF v0 = v1 THEN return v0 ELSEIF (x,v0,v1) ∉ ∉ ut THEN put in ut; ELSE return (x,v0,v1); ...
1. Logic verification
Tutorial on Formal Verification-
1-39
77Logic verification
© HE99
➤ the result OBDD of a boo lean operation o f twoOBDD´s of size m and n nod es, respectively, has notmore than n*m nodes
➤ complexity of boo lean op erations between twoOBDD´s is O(n*m)
78Logic verification
© HE99
�Many OBDD-packages in the pub lic domain�in many cases based on the ite(p, f, g)-operator (if p then felse g)�very eff icient: the CUDD package from Boulder�see also the TUD DD-package home page by Stefan Hörethwith on-line demo´s of, e.g., sifting http://www.rs.e-technik.th-darmstadt.de/~sth/
☛ the OBDD technique is a very efficientdecision p rocedure for the propo sitionalcalculus and incorporated into many theoremprovers, e.g., PVS and ACL2
1. Logic verification
Tutorial on Formal Verification-
1-40
79Logic verification
© HE99
�FDD´s (Functional Decision Diagrams, Kebschull et al. 92)
➤ f = fx ⊕⊕ x*(fx ⊕⊕ fx)— for x = 0 we get f x
— for x = 1 we get f x ⊕⊕ fx ⊕⊕ fx = fx
— same graph structure, distinct interpretation:
f
x0 1
fx (fx ⊕⊕ fx)
FDD´s and OKFDD´s
rule: variable = 1 =>exor both branches
80Logic verification
© HE99
�FDD´s are canon ical representations
➤ fixed variable ordering➤ reduction rule:
f
x0
0
(fx ⊕⊕ fx) : if the boo lean difference is 0, then the function does not depend on x
fx
f
fx
1
1. Logic verification
Tutorial on Formal Verification-
1-41
81Logic verification
© HE99
�Difference between XOR and AND for FDD´s:
➤ f ⊕⊕ g = fx ⊕⊕ x*(fx ⊕⊕ fx) ⊕⊕ gx ⊕⊕ x*(gx ⊕⊕ gx) = (fx ⊕⊕ gx ) ⊕⊕ x*((fx ⊕⊕ fx) ⊕⊕ (gx ⊕⊕ gx))
➤ f ∗∗ g = (fx ⊕⊕ x*(fx ⊕⊕ fx)) ∗∗ (gx ⊕⊕ x*(gx ⊕⊕ gx)) = (fxgx) ⊕⊕ x*(fx (gx ⊕⊕ gx) ⊕⊕ (fx ⊕⊕ fx )gx ⊕⊕ (fx ⊕⊕ fx) (gx ⊕⊕ gx))
☛ for the calculation o f the AND, all 4 combinationsof high and low successors have to beconsidered
82Logic verification
© HE99�OBDD and FDD for 4-bit adder (both wi th inverted edges)
1. Logic verification
Tutorial on Formal Verification-
1-42
83Logic verification
© HE99�OKFDD´s (Ordered Kronecker FDD´s, Drechsler et al. 94)
➤ three types of decomposition:— Shannon : f = x*fx + x*fx
— positive Davio: f = fx ⊕⊕ x*(fx ⊕⊕ fx)— negative Davio: f = fx ⊕⊕ x*(fx ⊕⊕ fx)
a0
0
1
0 1
b 1
Shannon
p.Davio
1c0 p.Davio
f = a*[(0⊕⊕c*(1⊕⊕0)) ⊕ ⊕ b*(1⊕⊕(0⊕⊕c*(1 ⊕⊕0)))] + a*[0⊕⊕c*(1⊕⊕0)] = a*(c⊕⊕bc) + a*c
Decompositiontype list (DTL)
84Logic verification
© HE99
�OBDD´s:
➤ AND, OR, XOR of two OBDD´s of size n and m ofcomplexity O(n*m)�
FDD´s/OKFDD´s:➤ XOR of complexity O(n*m), but AND and OR
expon ential➤ #nod es of FDD´s/OKFDD´s may be < #nod es of
OBDD´s => synthesis applications➤ OKFDD´s: determining the decomposition-type list
(DTL) is an additional problem
1. Logic verification
Tutorial on Formal Verification-
1-43
85Logic verification
© HE99
Reasoning abou t circuits
�A circuit with n inpu ts and m outputs can be modelled asa vec tor of boo lean functions, F: Bn --> Bm
�reasoning abou t circuits is facilitated if the characteristicfunction o f such a circuit is bu ilt�let R be a subset of Bn, R ⊂ Bn. Then the characteristicfunction o f this se t, χR : Bn --> B, is defined by:
1 if x ∈ R χR (x) =
0 if x ∉ R
86Logic verification
© HE99
a b x y χχC
0 0 0 0 10 0 0 1 00 0 1 0 00 0 1 1 00 1 0 0 00 1 0 1 10 1 1 0 00 1 1 1 01 0 0 0 01 0 0 1 11 0 1 0 01 0 1 1 01 1 0 0 01 1 0 1 01 1 1 0 01 1 1 1 1
�The characteristic function χC of a circuit
χχC = (x ≡ a*b)*(y ≡ a+b)ab
x
y
&
≥1
r ≡ s = r*s + r*s
1. Logic verification
Tutorial on Formal Verification-
1-44
87Logic verification
© HE99
a b x y χχC
0 0 0 0 10 0 0 1 00 0 1 0 00 0 1 1 00 1 0 0 00 1 0 1 10 1 1 0 00 1 1 1 01 0 0 0 01 0 0 1 11 0 1 0 01 0 1 1 01 1 0 0 01 1 0 1 01 1 1 0 01 1 1 1 1
�The characteristic function χI of all circuit output-values(the " image" of Bn --> Bm)
➤ e.g., the combination x=1 and y=0 is not possible
χχC = (x ≡ a*b)*(y ≡ a+b)
x y χχI
0 0 10 1 11 0 01 1 1
χχI = x+y
ab
x
y
&
≥1
88Logic verification
© HE99�How to calculate χI ?
➤ if a = 1 and b = 0 thenχC = (x ≡≡ a*b)*(y ≡≡ a+b) = (x ≡≡ 0)*(y ≡≡ 1) = x*y,i.e., the characteristic function o f the output values!
a b x y χχC
0 0 0 0 10 0 0 1 00 0 1 0 00 0 1 1 00 1 0 0 00 1 0 1 10 1 1 0 00 1 1 1 01 0 0 0 01 0 0 1 11 0 1 0 01 0 1 1 01 1 0 0 01 1 0 1 01 1 1 0 01 1 1 1 1
x y χχI
0 0 10 1 11 0 01 1 1
The existential quantification of several inpu ts means to build the sum of all inpu t combinations.Hence, χχI = ∃ a, b: (x ≡ a*b)*(y ≡ a+b) = x + y χχC
ab
x
y
&
≥1
1. Logic verification
Tutorial on Formal Verification-
1-45
89Logic verification
© HE99!3 basic operations between cofactors:
➤ existential quantification
∃∃ x: f(x) = fx + fx
➤ universal quantification
∀∀ x: f(x) = fx * fx
☛ QBF´s: quantified boolean formulas☛ note:
∃∃ x, y: f(x,y) = f(0,0) + f(0,1) + f(1,0) + f(1,1),i.e., existential quantification o f a number ofboo lean variables means: build the sum of thefunction-values for all combinations of variables
➤ boo lean d ifference
∂∂f(x)/∂∂x = fx ⊕⊕ fx
90Logic verification
© HE99!How can we characterize all values of x and y for a=1(" image calculation und er a restriction" ) ?
a b x y χχC
0 0 0 0 10 0 0 1 00 0 1 0 00 0 1 1 00 1 0 0 00 1 0 1 10 1 1 0 00 1 1 1 01 0 0 0 01 0 0 1 11 0 1 0 01 0 1 1 01 1 0 0 01 1 0 1 01 1 1 0 01 1 1 1 1
χχ = ∃ a, b: ((x ≡ a*b)*(y ≡ a+b) * a) = y
"
"
χχC
ab
x
y
&
≥1
1. Logic verification
Tutorial on Formal Verification-
1-46
91Logic verification
© HE99#How can we characterize all input values of a and b so thatx=0 and y=1 ("pre-image calculation" ) ?
a b x y χχC
0 0 0 0 10 0 0 1 00 0 1 0 00 0 1 1 00 1 0 0 00 1 0 1 10 1 1 0 00 1 1 1 01 0 0 0 01 0 0 1 11 0 1 0 01 0 1 1 01 1 0 0 01 1 0 1 01 1 1 0 01 1 1 1 1
(x*y)[x->a*b, y->a+b]=
(a*b)*(a+b) = a*b + a*b
$
$
ab
x
y
&
≥1
χχC
= ∃ x, y: ((x ≡ a*b)*(y ≡ a+b) *(x*y))
92Logic verification
© HE99
#Functional substitution: substitute function g vor variable x
f[x->g] = g*fx + g*fx
Note: ∃∃ x : (f*(x ≡≡ g)) = [fx*(0 ≡≡ g)] + [fx*(1 ≡≡ g)] = fx*g + fx *g = f[x->g]
☛ functional substitution can be reduced to theapplication o f the ∃∃ -operator
1. Logic verification
Tutorial on Formal Verification-
1-47
93Logic verification
© HE99
Structural method s
%Functional method s limited by memory consumption ofOBDD´s%many circuits "similar" , e.g., after simple technologymapping, buffer insertion, etc.%basic idea: divide and conqu er
➤ partition circuit into sub-circuits by introdu cing cut-points
➤ express functions of sub-circuits in terms of cut-point variables
94Logic verification
© HE99%Problems:
➤ how to find cut-points?— simple method s: equality by name, random
simulation➤ how to cope with false negatives?
1. Logic verification
Tutorial on Formal Verification-
1-48
95Logic verification
© HE99
&Observation (Kühlmann DAC´97):
➤ in 80% of all circuit-pairs there 80% or more nod esthat have equivalent nod es in the other circuit&
equivalence-proof based on circuit structure:➤ conclude the equivalence of two gate-outputs from
— pairwise equivalence of gate inpu ts— same gate-function
96Logic verification
© HE99&Example (Matsunaga DAC´96, modified)
1. Method :prove v1(a,b,c,d) ≈ v2(a,b,c,d)and w1(a,b,c,d) ≈ w2(a,b,c,d)
a
db
c
c
s2
t2
v2
w2
adb
c
c
s1
t1
v1
w1=1
&
&
&
&
&
&&
≥1
2. Method :- prove s1(a,b,d) ≈ s2(a,b,d) and t1(b,c) ≈ t2(b,c). If equivalent, s1/s2 and t1/t2 are cut-points- prove v1(c,s1) ≈ v2(c,s2) and w1(s1,t1) ≈ w2(s2,t2)
1. Logic verification
Tutorial on Formal Verification-
1-49
97Logic verification
© HE99'Non-canon ical graph representation o f circuits(Kühlmann DAC´97) (similar representations are well-known from techno logy-mapping problems)
a
b
a
b
etc.
a
d&
a
d≥1
98Logic verification
© HE99'Non-canon ical graph representation (Kühlmann DAC´97)
ca
d
b
c
v2
w2
ca
bd
c
v1
w1
s2
t2
s1
t1
a
db
c
c
s2
t2
v2
w2
adb
c
c
s1
t1
v1
w1=1
&
&
&
&
&
&&
≥1
1. Logic verification
Tutorial on Formal Verification-
1-50
99Logic verification
© HE99➤ two nod es are equivalent iff the predecessors areequivalent (modu lo negation)
☛ t1 and t2 are equivalentca
d
b
c
v2
w2
ca
bd
c
v1
w1
s2
t2
s1
t1
100Logic verification
© HE99➤ building the (small !) OBDD´s
for s1 and s2 we can prove thats1 and s2 are equivalent
➤ development of OBDD´s iscontrolled by their size
➤ by pure structural reasoning,we can show that v1 and v2are equivalent
ca
d
b
c
v2
w2
ca
bd
c
v1
w1
s2
t2
s1
t1
1. Logic verification
Tutorial on Formal Verification-
1-51
101Logic verification
© HE99➤ it remains to show that
w1 and w2 are equivalent➤ express ing w1 and w2 in terms
of cut-point variables s1/t1 ands2/t2, respectively we concludethat w1 is not equivalent to w2
☛ a false negative
ca
d
b
c
v2
w2
ca
bd
c
v1
w1
s2
t2
s1
t1
102Logic verification
© HE99(Method 1: substitute functions in output functions
00 01 01 00
00 00 00 00
00 00 10 10
00 01 01 00a
b
c
d
s2 t2s1 t1
Substitute s1/t1 in w1 and s2/t2 in w2 and p rove equivalence:w1 = s1 ⊕ t1 = abd ⊕ bc,w2 = s2 + t2 = abd + bc
a
db
c
c
s2
t2
v2
w2
adb
c
c
s1
t1
v1
w1=1
&
&
&
&
&
&&
≥1
1. Logic verification
Tutorial on Formal Verification-
1-52
103Logic verification
© HE99)Method 2: work on the exor of the outputs bysubstitution (Matsunaga DAC´97) or case analys is (Kunzet al. DAC´95)
00 01 01 00
00 00 00 00
00 00 10 10
00 01 01 00a
b
c
d
s2 t2s1 t1
Prove:(w1 ⊕ w2) = s1*t1 = 0by substitution:adb*bc = 0
a
db
c
c
s2
t2
v2
w2
adb
c
c
s1
t1
v1
w1=1
&
&
&
&
&
&&
≥1
104Logic verification
© HE99)Method 3: calculate characteristic function of image
00 01 01 00
00 00 00 00
00 00 10 10
00 01 01 00a
b
c
d
s2 t2s1 t1
Prove tautology:χχI => (w1 ≡ w2) = 1by image calculation:(s1 + t1) => (w1 ≡ w2) (s1 + t1) => (s1 + t1) = 1
a
db
c
c
s2
t2
v2
w2
adb
c
c
s1
t1
v1
w1=1
&
&
&
&
&
&&
≥1
1. Logic verification
Tutorial on Formal Verification-
1-53
105Logic verification
© HE99
Satisfiability Checker*
SAT checker➤ rather than to demonstrate the tautology f = 1
positively, show that f = 0 leads to a contradiction➤ many modern SAT checker represent logical formulas
as a conjunction o f " triplets" of the form x = a * b orx = a ≡ b where a, b are literals
➤ correspond ence: x1 = x2 * a, x2 = b * c
☛ projection o f SAT check ing on circuitrepresentation:
ax1
b
x2c
~
106Logic verification
© HE99*example: prove tautology [a(b + c) => ab + ac] = 1
➤ derive corresponding circuit with 2-inpu t AND´s andinverters
ac
ba
ba
c
11
1
01
0?
?
0
➤ try to produce a 0 at the output➤ propagate effect of value(s) until contradiction found
1
xy
x=y
1. Logic verification
Tutorial on Formal Verification-
1-54
107Logic verification
© HE99
+example: prove tautology [a(b + c) => ab + ac] = 1
ac
ba
ba
c
01
1
1
1
10
1
1
0
0
1
0
10
00
11
contradiction
0-saturation
108Logic verification
© HE99+another example: prove tautology [a(b + c) <= ab + ac] = 1
ac
ba
ba
c
01
1
1
0
0
a=0 0
0
0
0
0
1
1
contradiction
1. Logic verification
Tutorial on Formal Verification-
1-55
109Logic verification
© HE99,another example: prove tautology [a(b + c) <= ab + ac] = 1
ac
ba
ba
c
01
1
1
0
0
a=1 1
1
1
01
1
1
0
0
contradiction
0
00
0 11
110Logic verification
© HE99
,1-saturation: case-split
➤ for all (inpu t+intervenient) variables x:— 0-saturation with x=1 and x=0
— if both lead to a contradiction: -— otherwise, record information common for both
cases, proceed wi th next variable☛ breadth-first process,
2-saturation➤ 0-saturation with all combinations of 2 variables,
etc.
1. Logic verification
Tutorial on Formal Verification-
1-56
111Logic verification
© HE99
ac
ba
ba
c
01
1
1
0
0
01
1
1
0
0
0
00
0 11
ac
ba
ba
c
01
1
1
0
0
0
0
1
1
a=0a=1
112Logic verification
© HE99
.Current renaissance of SAT procedures, in particular:.Stålmarcks procedure
➤ patented algorithm (commercialized by Logikkonsult)➤ see tutorial Sheeran/Stålmarck a t FMCAD´98.
Intelligent hou se-keeping o f derived equalities in SATcheckers.very large (105) #variables tractable.application to various indu strial problems (railwayinterlock ing sys tems, engine managment units, ...).some similarity to " recursive learning" by Kunz/Pradhan
1. Logic verification
Tutorial on Formal Verification-
1-57
113Logic verification
© HE99
/Different techniques are appropriate for different classesof circuits/Verification too ls combine several techniques
➤ Kuehlmann/Krohm DAC´97 (simulation, OBDD´s,structural method s)
➤ Mukherjee et al. IWLS´97 (simulation, OBDD´s,structural method s, SAT-checker)
➤ Burch/Singh al ICCAD´98 (simulation, OBDD´s,structural method s, SAT-checker)