Enhanced Verification by Temporal Decomposition Mike Case , Hari - PowerPoint PPT Presentation

Enhanced Verification by Temporal Decomposition Mike Case , Hari Mony, Jason Baumgartner, Bob Kanzelman FMCAD 2009, Nov. 16, 2009

Introduction � Domain: gate-level property checking (and SEC) � Problem: simplify the design; remove irrelevant detail [XKCD] 2 Mike Case

Outline � Transient Signals – What are they and where do they come from? – How to eliminate them � Initialization Inputs – What are they and where do they come from? – How to eliminate them � Experimental Results 3 Mike Case

Outline � Transient Signals – What are they and where do they come from? – How to eliminate them � Initialization Inputs – What are they and where do they come from? – How to eliminate them � Experimental Results 4 Mike Case

Transient Signals � Definition: a transient signal takes arbitrary values for a finite number of clock cycles and then assumes a fixed constant value Time 0 1 2 3 4 5 Register A 1 0 Register B 1 0 1 0 1 0 Transient Register C 1 0 0 0 0 5 Mike Case

Why Do They Occur? – Initialization Sequences Time 0 1 2 3 4 5 Transient 1 0 0 0 0 0 Pulsed Reset Transient 0 1 1 0 0 0 Register A Transient 0 1 1 Register B 0 Register C 6 Mike Case

Why Do They Occur? – Verification Testbenches FPU Pipeline Testbench Time 0: MUL NOP NOP NOP Time 1: NOP MUL NOP NOP Checker Design Driver Time 2: NOP NOP MUL NOP Under Test Time 3: NOP NOP NOP MUL Time >3: NOP NOP NOP NOP � Testbench � all FPU signals are transient 7 Mike Case

How Common Are Transient Signals? � On 105 “hard” IBM designs: 49% had transients � On 27 “hard” HWMCC designs: 25% had transients 8 Mike Case

Outline � Transient Signals – What are they and where do they come from? – How to eliminate them � Initialization Inputs – What are they and where do they come from? – How to eliminate them � Experimental Results 9 Mike Case

Detecting Transients With Ternary Simulation Ternary Sim. Execution Abstract State Space Time 0: State=0000, Inputs=XX Time 1: State=0X1X, Inputs=XX Transient Time 2: State=X00X, Inputs=XX Time 3: State=X0XX, Inputs=XX Time 4: State=X00X, Inputs=XX Fast, but incomplete 10 Mike Case

Temporal Decomposition For Verification � Definition: the transient duration is the number of time steps before a transient settles to its constant value Transient with Time 0 1 2 3 4 5 duration 2 Register C 1 0 0 0 0 Maximum Transient Duration Time 0 1 2 3 4 5 Check with Check with BMC unbounded model checking 11 Mike Case

Time Shifting for Unbounded Verification � Modeling: a register’s initial values is an arbitrary combinational function Prop. Simplify Transition Transient Relation Signals Prop. Next States inp 1 Transition Initial Values Relation Transition Relation Registers N Initial Values Max. Transient Transition inp 2 init 1 init 2 inp. Duration Relation init 1 init 2 inp 3 � New design starts in any state reachable in N steps. 12 Mike Case

Simplification Results � Resources limit the � TR decreases transients that can be � Initialization logic simplified increases 13 Mike Case

Outline � Transient Signals – What are they and where do they come from? – How to eliminate them � Initialization Inputs – What are they and where do they come from? – How to eliminate them � Experimental Results 14 Mike Case

We have lots of initialization inputs � Definition: an initialization input is a primary input that is only needed to compute the initial state Prop. Next States Transition Relation Registers Initial Values input Initialization Inputs input input input input 15 Mike Case

Transient Simplification Creates Initialization Inputs Prop. Transition Relation inp 1 Transition Relation Transition inp 2 Relation � We created initialization inputs! init 1 init 2 inp 3 16 Mike Case

Outline � Transient Signals – What are they and where do they come from? – How to eliminate them � Initialization Inputs – What are they and where do they come from? – How to eliminate them � Experimental Results 17 Mike Case

Initialization and Observability � Definition: a signal X is observable at signal Y if a toggle at X can cause a toggle at Y Unchanged – Approximate with structural analysis Prop. Next States (might change) Transition Relation Registers � Simplify initialization inputs that are Initial Values never observable at any property (might change) input input input input input 0 18 Mike Case

Simplification of Initialization Inputs: High Level Prop. Next States input BMC Transition Relation primary Prop. inputs Registers TR input Initial Values input input Curr Next states input 0 states input 0 Frame 0 � No initialization inputs observable at Prop 0 input input 0 input 0 input � Two initialization inputs un-observable at Next 0 � Un-observable at Prop j ∀ j > 0 19 Mike Case

Simplification of Initialization Inputs: High Level Prop. Next States input input BMC Transition Relation primary primary Prop. Prop. inputs inputs Registers TR TR input Initial Values input input Curr Next Curr Next states states states states 0 0 Frame 1 Frame 0 � No initialization inputs observable at Prop 0 input input 0 0 � Initialization inputs maybe observable at Next 1 � Maybe observable at Prop j ∀ j > 1 20 Mike Case

Simplification Results Fast, but incomplete 21 Mike Case

Outline � Transient Signals – What are they and where do they come from? – How to eliminate them � Initialization Inputs – What are they and where do they come from? – How to eliminate them � Experimental Results 22 Mike Case

Runtime of our Methods + BMC Results � Two methods presented: – Transient Simplification – Runtime capped at 10 seconds – Initialization Input Simplification – Runtime capped at 10 seconds � Tested on 105 “hard” industrial designs and 27 “hard” academic designs – Largest was 632K ands and 97K registers Note: this is a systematic improvement on a large benchmark suite, not a collection of anecdotal examples 23 Mike Case

Synthesis Results 24 Mike Case

Verification Results � Induction results: – Transient logic often breaks induction – Our methods can render problems inductive • Design 1: 22k Ands and 800 registers, solvable in 42 sec • Design 2: 20k Ands and 3k registers, solvable in 56 sec 25 Mike Case

Conclusion � Transient and Initialization Input Simplification � Fast running � Benefits synthesis and verification Thank You 26 Mike Case