The Synergy between Logic Synthesis and Equivalence Checking

1
The Synergy between Logic Synthesis and
Equivalence Checking

• R. Brayton
• UC Berkeley

Thanks to SRC, NSF, and industrial sponsors,
Actel, Altera, Calypto, Intel, Magma,
Synplicity, Synopsys, Xilinx
2
Outline

• Mostly emphasize synthesis
• Look at the operations of classical logic
  synthesis
• Contrast these with newer methods based on ideas
  borrowed from verification
• Themes will be scalability and verifiability
• Look at some newer approaches to sequential logic
  synthesis and verification

3
Two Kinds of Synergy

• The algorithms and advancements in verification
  can be used in synthesis and vice versa.
• One enables the other
• Verification enables synthesis - equivalence
  checking capability enables acceptance of
  sequential operations
• retiming,
• use of unreachable states,
• sequential signal correspondence, etc.
• Synthesis enables verification
• Desire to use sequential synthesis operations
  (shown by superior results) spurs verification
  developments

4
Examples of The Synergy

• Similar solutions
• e.g. retiming in synthesis / retiming in
  verification
• Algorithm migration
• e.g. BDDs, SAT, induction, interpolation,
  rewriting
• Related complexity
• scalable synthesis ltgt scalable verification
  (approximately)
• Common data-structures
• e.g. combinational and sequential AIGs

5
Quick Overview of Classical (technology
independent) Logic Synthesis

• Boolean network
• Network manipulation (algebraic)
• Elimination (substituting a node into its
  fanouts)
• Decomposition (common-divisor extraction)
• Node minimization (Boolean)
• Espresso
• Dont cares
• Resubstitution (algebraic or Boolean)

6
Classical Logic Synthesis
Equivalent AIG in ABC
AIG is a Boolean network of 2-input AND nodes and
invertors (dotted lines)
7
One AIG Node Many Cuts
Combinational AIG

• AIG can be used to compute many cuts for each
  node
• Each cut in AIG represents a different SIS node
• No a priori fixed boundaries
• Implies that AIG manipulation with cuts is
  equivalent to working on many Boolean networks at
  the same time

f
a
c
d
e
b
Different cuts for the same node
8
Combinational Rewriting

• iterate 10 times
• for each AIG node
• for each k-cut
• derive node output as function of cut
  variables
• if ( smaller AIG is in the
  pre-computed library )
• rewrite using improved AIG
  structure

Note For 4-cuts, each AIG node has, on average,
5 cuts compared to a SIS node with only 1
cut Rewriting at a node can be very fast using
hash-table lookups, truth table manipulation,
disjoint decomposition
9
Combinational Rewriting Illustrated
Working AIG

• AIG rewriting looks at one AIG node, n, at a
  time
• A set of new nodes replaces the old fanin cone of
  n
• The rewriting can account for a better
  implementation which can use existing nodes in
  the network (DAG aware).
• A history AIG can be used to keep track of the
  transformations done
• the old root and the new root nodes are grouped
  into an equivalence class (more on this later)

10
Comparison of Two Syntheses

• Classical synthesis
• Boolean network
• Network manipulation (algebraic)
• Elimination
• Decomposition (common kernel extraction)
• Node minimization
• Espresso
• Dont cares computed using BDDs
• Resubstitution

• Contemporary synthesis
• AIG network
• DAG-aware AIG rewriting (Boolean)
• Several related algorithms
• Rewriting
• Refactoring
• Balancing
• Node minimization
• Boolean decomposition
• Dont cares computed using simulation and SAT
• Resubstitution with dont cares

Note here all algorithms are scalable No SOP,
BDD, Espresso
11
Node Minimization Comparison
Use BDD to find dont cares. Express as SOP and
call Espresso
Evaluate the rewriting gain for all k-cuts of the
node and take the best result. Use dont cares
later.
Note Computing cuts becomes a fundamental
computation
12
Types of Dont-Cares

• SDCs
• Input patterns that never appear as an input of a
  node due to its transitive fanin
• ODCs
• Input patterns for which the output of a node is
  not observable
• EXDCs
• Pre-specified or computed external dont cares
  (e.g. subsets of unreachable states)

13
Illustration of SDCs and ODCs (combinational)
14
Scalability of Dont-Care Computation

• Scalability is achieved by windowing
• Window defines local context of a node
• Dont-cares are computed and used in
• Post-mapping resynthesis
• a Boolean network derived from AIG network using
  technology mapping
• High-effort AIG minimization
• an AIG with some nodes clustered

15
Windowing a Node in the Network
Boolean (SIS) network

• A window for a node in the network is the context
  in which the dont-cares are computed. It
  includes
• n levels of the TFI
• m levels of the TFO
• all re-convergent paths captured in this scope
• A window with its PIs and POs can be considered
  as a separate network

is a SIS node
16
Dont-Care Computation Framework
Miter constructed for the window POs
17
Resubstitution

• Resubstitution considers a node in a Boolean
  network and expresses it using a different set of
  fanins

X
X
Computation can be enhanced by use of dont cares
18
Resubstitution with Dont-Cares - Overview

• Consider all or some nodes in Boolean network.
  For each node
• Create window
• Select possible fanin nodes (divisors)
• For each candidate subset of divisors
• If possible, rule it out with simulation
• Check resubstitution feasibility using SAT
• Compute resubstitution function using
  interpolation
• A low-cost by-product of proof of
  unsatisfiability
• Update the network if improvement

19
Resubstitution with Dont Cares

• Given
• node function F(x) to be replaced
• care set C(x) for the node
• candidate set of divisors gi(x) for
  re-expressing F(x)
• Find
• A resubstitution function h(y) such that F(x)
  h(g(x)) on the care set
• Substitution Theorem Function h(y) exists if and
  only if for every pair of care minterms, x1 and
  x2, where F(x1) ! F(x2) , there exists k such
  that gk(x1) ! gk(x2)

20
Example of Resubstitution

• Substitution Theorem Any care minterm pair
  distinguished by F(x) should also be
  distinguished by at least one of the candidates
  gk(x)

F(x) (x1? x2)(x2 ? x3) Two candidate
sets g1 x1x2, g2 x1 x2x3, g3 x1 ? x2,
g4 x2 x3 Set g3, g4 cannot be used for
resubstitution while set g1, g2 can (have to
check all minterm pairs).
x F(x) g1(x) g2(x) g3(x) g4(x)
000 0 0 0 0 0
001 0 0 0 0 0
010 1 1 0 1 0
011 1 1 0 1 1
100 0 0 0 1 0
101 1 0 1 1 0
110 0 0 0 1 0
111 0 0 0 1 1
21
Checking Resubstitution using SAT
Miter for resubstitution check
F
F
Substitution Theorem Any care minterm pair
distinguished by F(x) should also be
distinguished by at least one of the candidates
gk(x)
Note use of care set. Resubstitution function
exists if and only if problem is unsatisfiable.
22
Computing Dependency Function h by Interpolation
(Theory)

• Consider two sets of clauses, A(x, y) and
  B(y, z), such that A(x, y) ? B(y, z) 0
• y are the only variables common to A and B.
• An interpolant of the pair (A(x, y), B(y, z)) is
  a function h(y) depending only on the common
  variables y such that A(x, y) ? h(y) ? B(y, z)

23
Computing Dependency Function h by Interpolation
(Implementation)

• Problem
• Find function h(y), such that C(x) ? h(g(x)) ?
  F(x), i.e. F(x) is expressed in terms of gk.
• Solution
• Prove the corresponding SAT problem
  unsatisfiable
• Derive unsatisfiability resolution proof
  Goldberg/Novikov, DATE03
• Divide clauses into A clauses and B clauses
• Derive interpolant from the unsatisfiability
  proof McMillan, CAV03
• Use interpolant as the dependency function, h(g)
• Replace F(x) by h(g) if cost function improved

• Notes on this solution
• uses dont cares
• does not use Espresso
• is more scalable

24
Sequential Synthesis and Sequential Equivalence
Checking (SEC)

• Sequential synthesis
• Sequential SAT sweeping
• Retiming
• Sequential equivalence checking
• Focus ensuring verifiability

25
SAT Sweeping
Combinational CEC

• Naïve approach
• Build output miter call SAT
• works well for many easy problems

• Better approach - SAT sweeping
• based on incremental SAT solving
• Detects possibly equivalent nodes using
  simulation
• Candidate constant nodes
• Candidate equivalent nodes
• Runs SAT on the intermediate miters in a
  topological order
• Refines the candidates using counterexamples

26
Sequential SAT Sweeping

• Similar to combinational in that it detects node
  equivalences
• But the equivalences are sequential guaranteed
  to hold only in the reachable state space
• Every combinational equivalence is a sequential
  one, not vice versa
• ? run combinational SAT sweeping beforehand
• Sequential equivalence is proved by k-step
  induction
• Base case
• Inductive case
• Efficient implementation of induction is key!

27
Base Case
k-step Induction
Inductive Case
Candidate equivalences A B, C D
k 2
Symbolic state
28
Efficient Implementation

• Two observations
• Both base and inductive cases of k-step induction
  are combinational SAT sweeping problems
• Tricks and know-how from the above are applicable
• Base case is just BMC
• The same integrated package can be used
• starts with simulation
• performs node checking in a topological order
• benefits from the counter-example simulation
• Speculative reduction
• Deals with how assumptions are used in the
  inductive case

29
Speculative Reduction

• Given
• Sequential circuit
• The number of frames to unroll (k)
• Candidate equivalence classes
• One node in each class is designated as the
  representative
• Speculative reduction moves fanouts to the
  representatives
• Makes 80 of the constraints redundant
• Dramatically simplifies the timeframes (observed
  3x reductions)
• Leads to saving 100-1000x in runtime during
  incremental SAT

30
Guaranteed Verifiabilityfor Sequential SAT
Sweeping

• Observation
• The resulting circuit after sequential SAT
  sweeping using k-step induction can be
  sequentially verified by k-step induction.
• (use some other k-step induction prover)

31
Experimental Synthesis Results

• Academic benchmarks
• 25 test cases (ITC 99, ISCAS 89, IWLS 05)
• Industrial benchmarks
• 50 test cases
• Comparing three experimental synthesis runs
• Baseline
• comb synthesis and mapping
• Register correspondence (Reg Corr)
• structural register sweep
• register correspondence
• comb synthesis and mapping
• Signal correspondence (Sig Corr)
• structural register sweep
• register correspondence
• signal correspondence
• comb synthesis and mapping

32
Experimental Synthesis Results
Academic Benchmarks
Numbers are geometric averages and their ratios
Industrial Benchmarks
Single clock domain
33
Sequential Synthesis and Equivalence Checking

• Problem
• Iterated retiming and sequential synthesis has
  been shown to be very effective
• However, sequential equivalence checking is
  PSPACE complete
• How to make it simpler?
• leave a trail of results (History)

34
Recording a history

• Observation
• Each transformation can be broken down into a
  sequence of small steps
• Combinational rewriting
• Sequential rewritng
• Retiming
• Using DCs obtained from a window

35
Recording Synthesis History

• Two AIG managers are used
• Working AIG (WAIG)
• History AIG (HAIG)
• Combinational structural hashing is used in both
  managers
• Two node-mappings are supported
• Every node in WAIG points to a node in HAIG
• Some nodes in HAIG point to other nodes in HAIG
  that are sequentially equivalent

WAIG
HAIG
36
Sequential Rewriting
Sequential cut a,b,b1,c1,c
Rewriting step.
37
Practicality

• Conceptually this is easy. Just modify each
  synthesis algorithm with the following
• Practically it is harder than we thought
• Since there was little interest we did not make
  the effort to put it fully in ABC.
• It still might be of interest to a company that
  does both synthesis and verification

• Working AIG
• createAigManager lt---gt
• deleteAigManager lt---gt
• createNode lt---gt
• replaceNode lt---gt
• deleteNode_recur lt---gt

• History AIG
• createAigManager
• deleteAigManager
• createNode, setWaigToHaigMapping
• setEquivalentHaigMapping
• do nothing

38
Summary and Conclusions

• Development of algorithms created for either
  synthesis or verification are effective in the
  other
• Leads to new improved (faster and more scalable)
  ways to
• synthesize
• equivalence check
• Sequential synthesis can be effective but must be
  able to equivalence check
• Limit scope of sequential synthesis
• Leave a history trail

39
end
40
SPFDs Sets of Pairs of Functions to be
Distinguished
SPFD can be represented as a bi-partite graph
An incompletely-specified function (ISF) as a
SPFD
000
011
offset
onset
001
100
111
beyond dont-cares
41
Recording Synthesis History

• Two AIG managers are used
• Working AIG (WAIG)
• History AIG (HAIG)
• Combinational structural hashing is used in both
  managers
• Two node-mappings are supported
• Every node in WAIG points to a node in HAIG
• Some nodes in HAIG point to other nodes in HAIG
  that are sequentially equivalent

WAIG
HAIG
42
Recording History for Retiming
Step 1 Create retimed node
Step 2 Transfer fanout in WAIG and note
equivalence in HAIG
Step 3 Recursively remove old logic and continue
building new logic

• backward retiming is similar

43
Sequential Rewriting
Sequential cut a,b,b1,c1,c
Rewriting step.
44
Recording History with Windowing and ODCs

• In window-based synthesis using ODCs,
• sequential behavior at window PIs and POs is
  preserved

HAIG
Multi-input, multi-output window
not necessarily sequentially equivalent

• In HAIG, equivalence classes of window outputs
  can be used independently of each other

45
AIG Procedures Used for Recording History

• WAIG
• createAigManager
• deleteAigManager
• createNode
• replaceNode
• deleteNode_recur

• HAIG
• createAigManager
• deleteAigManager
• createNode, setWaigToHaigMapping
• setEquivalentHaigMapping
• do nothing

46
Using HAIG for Tech-Mapping

• HAIG contains all AIG structures
• Original and derived
• The accumulated structures can be used to improve
  the quality of technology mapping
• By reducing structural bias (Chatterjee et al,
  ICCAD05)
• By performing integrated mapping and retiming
  (Mishchenko et al, ICCAD07)
• HAIG-based mapping is scalable and leads to delay
  improvements (20-30) with small area degradation

47
Using HAIG for Equivalence Checking

• Sequential depth of a window-based sequential
  synthesis transform is the largest number of
  registers on any path from an input to an output
  of the window
• Theorem 1 If transforms recorded in HAIG have
  sequential depth 0 or 1, the equivalence classes
  of HAIG nodes can be proved by simple induction
  (k1) over two time-frames
• Theorem 2 If the inductive proof of HAIG passes
  without counter-examples, then
• the original and final designs are sequentially
  equivalent

48
Experimental SEC Results

• Notes
• Comparison is done before and after
  register/signal correspondence
• RegCorr, SigCorr and Mapping are synthesis
  runtimes
• SEC is comparison done in usual way without HAIG
• HAIG is the runtime of HAIG-based SEC
• Includes the runtime of speculative reduction and
  inductive proving
• Does not include the runtime of collecting HAIG
  (1 of synthesis time)

49
One Implementation of Dont-Care Computation

• Computing the care set (in Y-space)
• Simulation
• Simulate the miter using random patterns
• Collect Y minterms, for which the output of miter
  is 1
• This is a subset of a care set
• Satisfiability
• Derive set of network clauses
• Add the negation of the current care set,
• Assert the output of miter to be 1,
• Enumerate through the SAT assignments
• Add these assignments to the care set
• Illustrates a typical use of simulation and SAT
• Simulate to filter out possibilities
• Use SAT to check if the remainder is OK (or if a
  property holds)
• Another way to represent the dont cares is to
  use the care network (simply another AIG network)

1
C(X)
1