ABC:
This presentation is the property of its rightful owner.
Sponsored Links
1 / 38

Berkeley Verification and Synthesis Research Center UC Berkeley PowerPoint PPT Presentation


  • 105 Views
  • Uploaded on
  • Presentation posted in: General

ABC: An Industrial-Strength Academic Synthesis and Verification Tool (based on a tutorial given at CAV 2010). Berkeley Verification and Synthesis Research Center UC Berkeley Robert Brayton, Niklas Een, Alan Mishchenko Jiang Long, Sayak Ray, Baruch Sterin

Download Presentation

Berkeley Verification and Synthesis Research Center UC Berkeley

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Berkeley verification and synthesis research center uc berkeley

ABC: An Industrial-Strength Academic Synthesis and Verification Tool(based on a tutorial given at CAV 2010)

Berkeley Verification and Synthesis Research Center

UC Berkeley

Robert Brayton, Niklas Een, Alan Mishchenko

Jiang Long, Sayak Ray, Baruch Sterin

Thanks to: NSA, SRC, and industrial sponsors,

Altera, Atrenta, Cadence, Calypto, IBM, Intel, Jasper, Microsemi, Oasys,

Real Intent, Synopsys, Tabula, and Verific


Overview

Overview

  • What is ABC?

  • Synthesis/verification synergy

  • Introduction to AIGs

  • Representative transformations

  • Integrated verification flow

  • Verification example

  • Future work


A plethora of abcs

A Plethora of ABCs

http://en.wikipedia.org/wiki/Abc

  • ABC (American Broadcasting Company)

    • A television network…

  • ABC (Active Body Control)

    • ABC is designed to minimize body roll in corner, accelerating, and braking. The system uses 13 sensors which monitor body movement to supply the computer with information every 10 ms…

  • ABC (Abstract Base Class)

    • In C++, these are generic classes at the base of the inheritance tree; objects of such abstract classes cannot be created…

  • Atanasoff-Berry Computer

    • The Atanasoff–Berry Computer (ABC) was the first electronicdigitalcomputing device. Conceived in 1937, the machine was not programmable, being designed only to solve systems of linear equations. It was successfully tested in 1942.

  • ABC (supposed to mean “as simple as ABC”)

    • A system for sequential synthesis and verification at Berkeley


Berkeley verification and synthesis research center uc berkeley

ABC

  • Started 6 years ago as a replacement for SIS

  • Academic public-domain tool

  • “Industrial-strength”

    • Focuses on efficient implementation

    • Has been employed in commercial offerings of several CAD companies

  • Exploits the synergy between synthesis and verification


Design flow

Equivalence checking

Design Flow

Property

Checking

Verification

System Specification

RTL

ABC

Logic synthesis

Technology mapping

Physical synthesis

Manufacturing


Synthesis and verification

Synthesis and Verification

  • Synthesis

    • Given a Boolean function

      • Represented by a truth table, BDD, or a circuit

    • Derive a “good” circuit implementing it

  • Verification

    • Given a (very large) circuit

    • Prove that its output is always constant


Synthesis verification synergy

Synthesis/Verification Synergy

  • Similar solutions

    • e.g. retiming in synthesis / retiming in verification

  • Algorithm migration

    • e.g. BDDs, SAT, induction, interpolation, rewriting

  • Related complexity

    • scalable synthesis <=> scalable verification

  • Common data-structures

    • combinational and sequential AIGs


Areas addressed by abc

Combinational synthesis

AIG rewriting

technology mapping

resynthesis after mapping

Sequential synthesis

retiming

structural register sweep

merging seq. equiv. nodes

Areas Addressed by ABC

  • Combinational verification

    • SAT solving

    • SAT sweeping

    • combinational equivalence checking (CEC)

  • Sequential verification

    • bounded model checking (BMC)

    • unbounded model/equiv checking (MC/EC)

    • safety/liveness properties

    • exploits synthesis history


Terminology

Primary outputs

TFO

Fanouts

Fanins

TFI

Primary inputs

Terminology

  • Logic function(e.g. F = ab+cd)

    • Variables (e.g. b)

    • Minterms (e.g. abcd)

    • Cube (e.g. ab)

  • Logic network

    • Primary inputs/outputs

    • Logic nodes

    • Fanins/fanouts

    • Transitive fanin/fanout cone

    • Cut and window (defined later)


Aig and inverter graphs d efinition and e xamples

d

a

b

a

c

b

c

a

c

b

d

b

c

a

d

AIG (And-Inverter Graphs) Definition and Examples

AIG is a Boolean network composed of two-input ANDs and inverters

F(a,b,c,d) = ab + d(ac’+bc)

6 nodes

4 levels

F(a,b,c,d) = ac’(b’d’)’ + c(a’d’)’ = ac’(b+d) + bc(a+d)

7 nodes

3 levels


Berkeley verification and synthesis research center uc berkeley

Structural Hashing

  • Propagates constants and merges structural equivalences

  • Is applied on-the-fly during AIG construction

  • Results in circuit compaction

Example: F = abc G = (abc)’ H = abc’

Before structural hashing

After structural hashing


Why aigs

Why AIGs?

Same reasons hold for both synthesis and verification

  • Easy to construct, relatively compact, robust

    • 1M AIG ~ 12Mb RAM

  • Can be efficiently stored on disk

    • 3-4 bytes / AIG node (1M AIG ~ 4Mb file)

  • Unifying representation

    • Used by all the different verification engines

    • Easy to pass around, duplicate, save

  • Compatible with SAT solvers

    • Efficient AIG-to-CNF conversion available

    • Circuit-based SAT solvers work directly on AIG

    • “AIGs + simulation + SAT” works well in many cases


Aig memory usage

AIG Memory Usage

  • Fixed amount of memory for each node

    • Can be done by a simple custom memory manager

    • Dynamic fanout manipulation is supported!

  • Allocate memory for nodes in a topological order

    • Optimized for traversal in the same topological order

      • Mostly AIG can be stored in cache – fewer cache misses.

    • Small static memory footprint in many applications

  • Compute fanout information on demand


Classical logic synthesis

Boolean network in SIS

f

f

z

z

y

x

x

y

e

a

c

d

b

e

a

b

c

d

“Classical” Logic Synthesis

Equivalent AIG in ABC

AIG is a Boolean network of 2-input AND nodes and invertors (dotted lines)


One aig node many cuts

One AIG Node – Many Cuts

Combinational AIG

  • Each AIG cut represents a different logic node

  • AIG manipulation with cuts is equivalent to working on many Boolean networks at the same time

f

e

a

c

d

b

Different cuts for the same node


Combinational synthesis

Subgraph 2

Subgraph 1

Subgraph 3

A

A

a

a

b

c

b

a

c

a

a

c

a

b

b

c

b

c

a

Subgraph 2

Subgraph 1

B

B

a

c

b

a

c

a

b

a

c

a

b

Subgraph 2

Subgraph 1

Combinational Synthesis

  • AIG rewriting minimizes the number of AIG nodes without increasing the number of AIG levels

  • Pre-computing AIG subgraphs

    • Consider function f = abc

Rewriting AIG subgraphs

Rewriting node A

Rewriting node B

In both cases 1 node is saved


Combinational rewriting

Combinational Rewriting

iterate 10 times {

for each AIG node {

for eachk-cut

derive node output as function of cut variables

if ( smaller AIG is in the pre-computed library )

rewrite using improved AIG structure

}

}

Note: For 4-cuts, each AIG node has, on average, 5 cuts compared to a SIS node with only 1 cut

Rewriting at a node can be very fast – using hash-table lookups, truth table manipulation, disjoint decomposition


Resubstitution

f(g)

f(x)

g1

g2

g3

x

x

Resubstitution

  • Resubstitution means expressing one function in terms of others

    • Given f(x) and {gi(x)}, is it possible to express f in terms of a subset of functions gi?

    • If so, what is function f(g)?

  • An efficient truth-table-based and SAT-based solution exists

  • Runs in seconds for functions with hundreds of I/Os

    • A. Mishchenko, R. Brayton, J.-H. R. Jiang, and S. Jang, "Scalable don't care based logic optimization and resynthesis", Proc. FPGA'09.


Technology mapping

f

f

e

a

c

d

b

e

a

c

d

b

Technology Mapping

Input: A Boolean network (And-Inverter Graph)

Output: A netlist of K-LUTs implementing AIG and optimizing some cost function

Technology

Mapping

The subject graph

The mapped netlist


Comparison of two syntheses

“Classical” synthesis

Boolean network

Network manipulation (algebraic)

Elimination

Decomposition (common kernel extraction)

Node minimization

Espresso

Don’t cares computed using BDDs

Resubstitution

“Contemporary” synthesis

AIG network

DAG-aware AIG rewriting (Boolean)

Several related algorithms

Rewriting

Refactoring

Balancing

Node minimization

Boolean decomposition

Don’t cares computed using simulation and SAT

Resubstitution with don’t cares

Comparison of Two Syntheses

Note: here all algorithms are scalable: no SOP, no BDDs, no Espresso


Formal verification

Equivalence checking miter

Property checking miter

p

0

0

D2

D1

D1

Formal Verification

  • Property checking

    • Create miter from the design and the safety property

    • Special construction for liveness

      • Biere et al, Proc. FMICS’06

  • Equivalence checking

    • Create miter from two versions of the same design

  • Assuming the initial state is given

  • The goal is to prove that the output of the miter is 0, for all states reachable from the initial.


Outcomes of verification

Outcomes of Verification

  • Success

    • The property holds in all reachable states

  • Failure

    • A finite-length counter-example (CEX) is found

  • Undecided

    • A limit on resources (such as runtime) is reached


Inductive invariant

Inductive Invariant

  • An inductive invariant is a Boolean function in terms of register variables, such that

    • It is true for the initial state(s)

    • It is inductive

      • assuming that is holds in one (or more) time-frames allows us to prove it in the next time-frame

    • It does not contain “bad states” where the property fails

State space

Bad

Invariant

Reached

Init


Inductive invariant cont

Inductive Invariant (cont.)

  • It does not matter how inductive invariant is derived!

  • If it is available in any form (as a circuit, BDD or CNF), it can be checked for correctness using a third-party tool

    • This way, verification proof can be certified

  • Comment 1: If the property is true, the set of all reachable states is an inductive invariant

  • Comment 2: In practice, computing the set of all reachable states is often impossible.

    In such cases, an inductive invariant is an over-approximation of reachable states.


Verification engines

Verification Engines

  • Bug-hunters

    • random simulation

    • bounded model checking (BMC)

    • hybrids of the above two (“semi-formal”)

  • Provers

    • K-step induction, with or without uniqueness constraints

    • BDDs (exact reachability)

    • Interpolation (over-approximate reachability)

    • Property directed reachability (over-approximate reachability)

  • Transformers

    • Combinational synthesis

    • Reparameterization

    • Retiming


Integrated verification flow

Integrated Verification Flow

  • Preprocessing

    • Creating a miter

    • Computing the intial state, etc

  • Handling combinational problems

  • Handling sequential problems

    • Start with faster engines

    • Continue with slower engines

    • Run main induction loop

    • Call last-gasp engines


Command dprove in abc

Command “dprove” in ABC

Preprocessors

  • transforming initial state (“undc”, “zero”)

  • converting into an AIG (“strash”)

  • creating sequential miter (“miter -c”)

  • combinational equivalence checking (“iprove”)

  • bounded model checking (“bmc”)

  • sequential sweep (“scl”)

  • phase-abstraction (“phase”)

  • most forward retiming (“dret -f”)

  • partitioned register correspondence (“lcorr”)

  • min-register retiming (“dretime”)

  • combinational SAT sweeping (“fraig”)

  • for ( K = 1; K  16; K = K * 2 )

    • signal correspondence (“scorr”)

    • stronger AIG rewriting (“dc2”)

    • min-register retiming (“dretime”)

    • sequential AIG simulation

  • interpolation (“int”)

  • BDD-based reachability (“reach”)

  • saving reduced hard miter (“write_aiger”)

Combinational solver

Faster engines

Slower engines

Main induction loop

Last-gasp engines


Typical run of sec in abc

Typical Run of SEC in ABC

abc - > miter –cm r\orig\s38584.1.blif r\rrr\s38584.1_r.blif

abc - > dprove –vb

Original miter: Latches = 4162. Nodes = 23649.

Sequential cleanup: Latches = 3777. Nodes = 22081. Time = 0.07 sec

Forward retiming: Latches = 5196. Nodes = 21743. Time = 0.24 sec

Latch-corr (I= 15): Latches = 4311. Nodes = 19670. Time = 2.88 sec

Fraiging: Latches = 4311. Nodes = 18872. Time = 0.35 sec

Min-reg retiming: Latches = 2280. Nodes = 18867. Time = 0.93 sec

K-step (K= 1,I= 8): Latches = 2053. Nodes = 16602. Time = 13.19 sec

Min-reg retiming: Latches = 2036. Nodes = 16518. Time = 0.14 sec

Rewriting: Latches = 2036. Nodes = 14399. Time = 1.64 sec

Seq simulation : Latches = 2036. Nodes = 14399. Time = 0.29 sec

K-step (K= 2,I= 9): Latches = 1517. Nodes = 10725. Time = 14.81 sec

Min-reg retiming: Latches = 1516. Nodes = 10725. Time = 0.14 sec

Rewriting: Latches = 1516. Nodes = 10498. Time = 1.09 sec

Seq simulation : Latches = 1516. Nodes = 10498. Time = 0.45 sec

K-step (K= 4,I= 8): Latches = 0. Nodes = 0. Time = 11.89 sec

Networks are equivalent. Time = 48.16 sec


Combinational equivalence checking command cec

SAT-1

A

B

D1

D2

SAT-2

C

D

?

?

Combinational Equivalence Checking (command ‘cec’)

Naïve approach

  • Build output miter – call SAT

    • works well for many easy problems

Better approach - SAT sweeping

  • based on incremental SAT solving

    • detect possibly equivalent nodes using simulation

      • candidate constant nodes

      • candidate equivalent nodes

    • run SAT on the intermediate miters in a topological order

    • refine candidates using counterexamples

Proving internal equivalences in a topological order


Improved cec command cec

A’

A

B’

B

D1

D2

Improved CEC (command ‘&cec’)

  • For hard CEC instances

    • Heuristic: skip some equivalences

  • Results in

    • 5x reduction in runtime

    • Solving previously unresolved problems

  • Given a combinational miter with equivalence class {A, B, A’, B’}

  • Possible equivalences:

  • A = B, A = A’, A = B’, B = A’, B = B’, A’ = B’

  • only try to prove A=A’ and B=B’

  • do not try to prove

    • A = B, A’ = B’, A’ = B A = B’


Cec under permutation

CEC Under Permutation

Yes or No (and counterexample)

Yes or No (and counterexample)

  • A resource-aware combination of graph-based, simulation-based, and SAT-based techniques

  • Works for circuits with 100s of I/Os in about 1 min

  • ABC command ”bm” (developed at U of Michigan)

    • Hadi Katebi and Igor Markov, “Large-scale Boolean Matching”, Proc. DATE’10.

CEC

CEC

Design1

Design2

Boolean matcher

Design1

Design2


Hwmcc 2011

HWMCC 2011

  • 4th Hardware Model Checking Competition

    • Held at FMCAD’11 in Austin, TX (Oct 30 – Nov 2, 2011)

  • Organized by

    • Armin Biere, Keijo Heljanko, Siert Wieringa, Niklas Soerensson

  • Participants

    • 6 universities submitted 14 solvers + 4 solvers that won previous competitions

  • Benchmarks

    • 465 benchmarks from different sources

  • Resources

    • 15 min, 7Gb RAM, 4 cores

    • Using 32 node cluster, Intel Quad Core 2.6 GHz, 8 GB, Ubuntu


Berkeley verification and synthesis research center uc berkeley

Courtesy Armin Biere


Berkeley verification and synthesis research center uc berkeley

Courtesy Armin Biere


Berkeley verification and synthesis research center uc berkeley

Courtesy Armin Biere


Future work

Future Work

  • Exploring new directions

    • Satisfiability Modulo Theories (SMT)

    • Software verification

    • Using concurrency, etc

  • Improving bit-level engines

    • Application-specific SAT solvers

    • A modern BDD package

    • Improved sequential logic simulators

      • combining random, guided and symbolic simulation

    • Improved abstraction refinement

    • … and may be a new engine or two


To learn more

To Learn More

  • Visit BVSRC webpage www.bvsrc.org

  • Read recent papers http://www.eecs.berkeley.edu/~alanmi/publications

  • Send email

    • [email protected]

    • [email protected]


  • Login