darmstadt university of technology- 1 - sequential verification by symbolic simulation darmstadt...

Darmstadt University of Technology - 1 -

Sequential Verification by Symbolic Simulation

Darmstadt University of Technology Dept. of Electrical and Computer Engineering

Germany

Gerd Ritter


(if 78rf[adrB] b, x mem[adr2]);twert ( mem[adr2]); (if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe

erweirwerwereri we ewroiw weioruwerijw

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]); mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 (if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR werwerweroewihgoerijhgbe mem[adr2]);twersfawetwerwerweroewihgoerijhgbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 78then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 (if adr1=adr2 78 mem[adr1]vawerwesrwaerwearwerwerwerawerawerwarwearl);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);werwerweoiruwepoir,pweiurcmpouopeiwurwrwerwerweirwerwereri we ewroiw weioruwerijw

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[wwerwerwerwaerwdr2]);wrwerwerl);erwrwerwerwerwerwet5erioustgnfodsegkjerogtkjerogtkjerogtkmeorkegmrkhmgethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);(if adrA adrB then rf[adrA] a; mem[adr1]val); then zval+rf[adrR] else zx+rf[adrR]);mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR ( mem[adr2]);twerweroewihg(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778ewrwerawer ewvtroiejwcro[iwehjnr[occwn3r[oweictweticwopjertijeroginhreisgvbsdrpgvjnsdprigjzseriogjerogh;serozighzr;‘ongvosrzegmnseirogregoerijngerzos[goxdrijzdghnb;zdriozdjo‘gergeroigtjer[ognifd;lindzgher[tjisereartoearjiopgb;zjndfl/gmnio;dlzkhrje;oyhinser[ohinmstophtrfshsrtyoeaijyeoritisoert

tijeroginhreisgvbsdrpgvjnsdprigjzseriogjerogh;serozighzr;‘ongvosrzegmnseirogregoerijngerzos[goxdrijzdghnb;zdriozdjo‘gergeroigtjer[ognifd;lindzgher[tjisereartoearjiopgb;zjndfl/gmnio;dlzkhrje;oyhinser[ohinmstophtrfshsrtyoeaijyeoritisoert

(if 78r adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR werwerweroewihgoerijhgbe mem[adr2]);twersfawetwerwerweroewihgoerijhgbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 f[adrB] b, x mem[adr2]);twert ( mem[adr2]); (if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe


oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]); mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 (if i68i 778 then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 78then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 (if adr1=adr2adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR werwerweroewihgoerijhgbe mem[adr2]);twersfawetwerwerweroewihgoerijhgbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[wwerwerwerwaerwdr2]);wrwerwerl);erwrwerwerwerwerwet5erioustgnfodsegkjerogtkjerogtkjerogtkmeorkegmrkhmgethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);(if adrA adrB then rf[adrA] a; mem[adr1]val); then zval+rf[adrR] else zx+rf[adrR]);mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR ( mem[adr2]);twerweroewihg[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);werwerweoiruwepoir,pweiurcmpouopeiwurwrwerwerweirwerwereri we ewroiw weioruwerijw

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);(if adrA adrBertetioerptkerotk8iperot

(if 78rf[adrB] b, x mem[adr2]);twert ( mem[adr2]); (if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 (if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR werwerweroewihgoerijhgbe mem[adr2]);twersfawetwerwerweroewihgoerijhgbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 78then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 (if adr1=adr2 78 mem[adr1]vawerwesrwaerwearwerwerwerawerawerwarwearl);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);werwerweoiruwepoir,pweiurcmpouopeiwurwrwerwerweirwerwereri we ewroiw weioruwerijw

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[wwerwerwerwaerwdr2]);wrwerwerl);erwrwerwerwerwerwet5erioustgnfodsegkjerogtkjerogtkjerogtkmeorkegmrkhmgethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);(if adrA adrB then rf[adrA] a; mem[adr1]val); then zval+rf[adrR] else zx+rf[adrR]);mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR ( mem[adr2]);twerweroewihg(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778ewrwerawer ewvtroiejwcro[iwehjnr[occwn3r[oweictweticwopjertijeroginhreisgvbsdrpgvjnsdprigjzseriogjerogh;serozighzr;‘ongvosrzegmnseirogregoerijngerzos[goxdrijzdghnb;zdriozdjo‘gergeroigtjer[ognifd;lindzgher[tjisereartoearjiopgb;zjndfl/gmnio;dlzkhrje;oyhinser[ohinmstophtrfshsrtyoeaijyeoritisoert

(if 78rf[adrB] b,if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 (if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR werwerweroewihgoerijhgbe mem[adr2]);twersfawetwerwerweroewihgoerijhgbe(if adrA adrBertetioerptkerotk8iperot x mem[adr2]);twert ( mem[adr2]); (then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 the adr1]vawerwesrwaerwearwerwerwerawerawerwarwearl);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);werwerweoiruwepoir,pweiurcmpouopeiwurwrwerwerweirwerwereri we ewroiw weioruwerijw

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe ni87 i else zx+rf[adrR]);7i 7878 78then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 (if adr1=adr2 78 mem[ mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[wwerwerwerwaerwdr2]);wrwerwerl);erwrwerwer(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR ( mem[adr2]);twerweroewihg(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778ewrwerawer ewvtroiejwcro[iwehjnr[occwn3r[oweictweticwopjertijeroginhreisgvbsdrpgvjnsdprigjzseriogjerogh;serozighzr;‘ongvosrzegmnseirogregoerijngerzos[goxdrijzdghnb;zdriozdjo‘gerwerwerwet5erioustgnfodsegkjerogtkjerogtkjerogtkmeorkegmrkhmgethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);(if adrA adrB then rf[adrA] a; mem[adr1]val); then zval+rf[adrR] else zx+rf[adrR]);mem[adr1]val);geroigtjer[ognifd;lindzgher[tjiserearjiopgb;zjndfl/gmnio;dlzkhrje;oyhinser[ohinmstophtrfshsrtyoeaijyeoritisoert

x a;if opcode(m) = 101

then r b x;else r b x;

(x a, y b);z opcode(m);if z = 101then r x y;else r (x y);


(if 78rf[adrB] b, x mem[adr2]);twert ( mem[adr2]); (if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe


oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]); mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 (if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR werwerweroewihgoerijhgbe mem[adr2]);twersfawetwerwerweroewihgoerijhgbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 78then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 (if adr1=adr2 78 mem[adr1]vawerwesrwaerwearwerwerwerawerawerwarwearl);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);werwerweoiruwepoir,pweiurcmpouopeiwurwrwerwerweirwerwereri we ewroiw weioruwerijw

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[wwerwerwerwaerwdr2]);wrwerwerl);erwrwerwerwerwerwet5erioustgnfodsegkjerogtkjerogtkjerogtkmeorkegmrkhmgethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);(if adrA adrB then rf[adrA] a; mem[adr1]val); then zval+rf[adrR] else zx+rf[adrR]);mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR ( mem[adr2]);twerweroewihg(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778ewrwerawer ewvtroiejwcro[iwehjnr[occwn3r[oweictweticwopjertijeroginhreisgvbsdrpgvjnsdprigjzseriogjerogh;serozighzr;‘ongvosrzegmnseirogregoerijngerzos[goxdrijzdghnb;zdriozdjo‘gergeroigtjer[ognifd;lindzgher[tjisereartoearjiopgb;zjndfl/gmnio;dlzkhrje;oyhinser[ohinmstophtrfshsrtyoeaijyeoritisoert

tijeroginhreisgvbsdrpgvjnsdprigjzseriogjerogh;serozighzr;‘ongvosrzegmnseirogregoerijngerzos[goxdrijzdghnb;zdriozdjo‘gergeroigtjer[ognifd;lindzgher[tjisereartoearjiopgb;zjndfl/gmnio;dlzkhrje;oyhinser[ohinmstophtrfshsrtyoeaijyeoritisoert

(if 78r adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR werwerweroewihgoerijhgbe mem[adr2]);twersfawetwerwerweroewihgoerijhgbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 f[adrB] b, x mem[adr2]);twert ( mem[adr2]); (if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe


oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]); mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 (if i68i 778 then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 78then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 (if adr1=adr2adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR werwerweroewihgoerijhgbe mem[adr2]);twersfawetwerwerweroewihgoerijhgbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[wwerwerwerwaerwdr2]);wrwerwerl);erwrwerwerwerwerwet5erioustgnfodsegkjerogtkjerogtkjerogtkmeorkegmrkhmgethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);(if adrA adrB then rf[adrA] a; mem[adr1]val); then zval+rf[adrR] else zx+rf[adrR]);mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR ( mem[adr2]);twerweroewihg[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);werwerweoiruwepoir,pweiurcmpouopeiwurwrwerwerweirwerwereri we ewroiw weioruwerijw

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);(if adrA adrBertetioerptkerotk8iperot





x a;if opcode(m) = 101

then r b x;else r b x;

ar

x

b

en_a en_rf


r r+1;if m = 0

then r r+1;else r 000;

r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm


Verification Scope

automatic

interpreted

sequential

Verification

no significant user interaction

no insight into the verification process

automatic


Verification Scope

automatic

interpreted

sequential

Verification

demonstrating the verification goal requires an interpretation of functions

not necessary for some problems where specialized approaches perform better


Verification Scope

automatic

interpreted

sequential

Verification

not only logic verification

several control steps/cycles to demonstrate verification goal

different numbers of steps in specification and

implementation


Outline introduction

essentials of our symbolicsimulation approach

example of gate-level verification

experimental results

application areas & conclusion


techniques denoted “symbolic simulation“ or “symbolic evaluation” developed since the 1970s

the following four essentials distinguish our symbolic

simulation approach permit sequential verification at

different levels of abstraction

Essentials


terms are never manipulated, e.g., by canonizing or rewriting them

1. Essential

ab ab=

a(bc) baSuppose

= 0c


terms are never manipulated, e.g., by canonizing or rewriting them

1. Essential

relationships are notified atequivalence classes instead

a

c 0

a(bc) ba

a(bc) b


ac+e+x[6:15]+y;

2. Essential

ac+e+x[6:15]+y+ac+e+x[6:15]+y;

Problem: term-size explosion possible if rewriting register with expression assigned to it

ac ac+e;bc x[6:15]+y;if ir=000111 then ac ac + bc ; res ac + ac ; else ...



2. Essential

ac1 ac+e;bc1 x[6:15]+y;if ir=000111 then ac2 ac1 + bc1; res1 ac2 + ac2; else ...


Solution: several register assignments along a valid path are explicitly

distinguished



2. Essential

ac1 ac+e

ac1 ac+e;bc1 x[6:15]+y;if ir=000111 then ac2 ac1 + bc1; res1 ac2 + ac2; else ...

ac

ac2 ac1+bc1


Solution: several register assignments along a valid path are explicitly

distinguished


the verfication problem is not reduced to a single formula which is checked afterwards

3. Essential

VerificationProblem

Formulachecker

if z=101 then a¬bd elsif a¬bd then if(a+b)<(c+e)... .....

TRUE or FALSE


3) a b

the verfication problem is not reduced to a single formula which is checked afterwards

simulation is guided along valid, i.e., logical consistent paths instead

3. Essential

...if a = b

then c y+5;else c a;

if a = cthen res ...;else res ...;

3 valid paths

1) a = b =c2) a = b c


equivalence of subterms is sufficient in most cases to reveal equivalences of terms

4. Essential

aa(bc) ba

a(bc) b

c 0


Challenges

equivalence detection of symbolic terms

consistent case splits during simulation must consider sequential behaviour avoid false paths


Equivalence detection flexible use of an open library of different

equivalence detection techniquesduring symbolic simulation “on the fly” good compromise between

accuracy and speed not focus of this talk

decision diagram based techniques reveal “special” equivalences which occur seldom or are hard to detect

“Make the common case fast”


r r+1;if m = 0


r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm






r r+1;if m = 0then r r +1;else r 000;

r1 r+1;if m1 = 0then r2 r1+1;else r2 000;

s

s ss








s

s ss

r1 r+1

m1 0

r2 r1+1s ss


duplicate according to number of

cycles (here: 2 cycles)

Gate-level design

describes only

one cycle...

r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm


r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm

Break feed-back of registers...

r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm


r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm

r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm

r[2]

r[1]

r[0]

Register-outputs of previous cycle are inputs of next cycle

ctrlctrl ctrl


r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm

r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm

r[2]

r[1]

r[0]

cycle 1 cycle 2initial

symbolicvalues

finalsymbolic

values

ctrlctrl ctrl


Assumption about initialization of ctrl-register

r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm1

r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm

r[2]

r[1]

r[0]

ctrl ctrlctrl


r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm1

r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm

r[2]

r[1]

r[0]

0

ctrl ctrlclk

ctrl ctrl

Assumption about initialization of ctrl-register


Indexing the different register values

r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm1

r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm

r[2]

r[1]

r[0]

ctrl ctrl

0

clk

ctrl ctrl


r2[2]

clk

&r2[1]&r2[0]&

r

&

&clk

ctrlm1

r1[2]

clk

&r1[1]&r1[0]&

r

&

&clk

ctrlm

r[2]

r[1]

r[0]

ctrl2 ctrl3

0

clk

ctrl ctrl1

Indexing the different register values


1 ctrl1 nand m

r2[2]

clk

&r2[1]&r2[0]&

r

&

&clk

ctrlm1

r1[2]

clk

r1[1]

r1[0]

r

& clk

ctrlm

r[2]

r[1]

r[0]

ctrl2 ctrl3

0 ctrl1

ctrl10

0

1

clk

ctrl

&

&&&


(not r[0])r1[0]

(ctrl1 nand m) and (not r[0])

r2[2]

clk

&r2[1]&r2[0]&

r

&

&clk

ctrlm1

r1[2]

r1[1]

r1[0]

& clk

ctrlm

r[2]

r[1]

r[0]

ctrl2 ctrl3

0 ctrl1

&clk

ctrl

r

clk

1

&&

&


(r[1] xor r[0])r1[1]

(ctrl1 nand m) and (r[1] xor r[0])

r2[2]

clk

&r2[1]&r2[0]&

r

&

&clk

ctrlm1

r1[2]

r1[1]

r1[0]

&

&clk

ctrlm

r[2]

r[1]

r[0]

ctrl2 ctrl3

0

clk

ctrl ctrl1

r

clk

1

&&&


r2[2]

clk

&r2[1]&r2[0]&

r

&

&clk

ctrlm1

r1[2]

clk

&r1[1]&r1[0]&

r

&

&clk

ctrlm

r[2]

r[1]

r[0]

ctrl2 ctrl3

0

clk

ctrl ctrl1







s

s ss

r1 r+1

m1 0

r2 r1+1s ss


r1 r+1s

r2[2]

clk

&r2[1]&r2[0]&

r

&

&clk

ctrlm1

r1[2]

clk

&r1[1]&r1[0]&

r

&

&clk

ctrlm

r[2]

r[1]

r[0]

ctrl2 ctrl3

0

clk

ctrl ctrl1

?


Decision Diagram basedTechniques

reveal “special” equivalences which occur seldom or are hard to detect

build formula for equivalence use results of other equivalence detection

techniques “on the fly” information notified at equivalence classes

check formula by vectors of OBDDs


Formula checkedin this example

r+1r1[2]

clk

&r1[1]&r1[0]&

r

&

&m

r[2]

r[1]

r[0]

0

clk

ctrl


Formula checkedin this example

a+1

&a[2]a[1]

a[0]


?r1 r+1s

r2[2]

clk

&r2[1]&r2[0]&

r

&

&clk

ctrlm1

r1[2]

clk

&r1[1]&r1[0]&

r

&

&clk

ctrlm

r[2]

r[1]

r[0]

ctrl2 ctrl3

0

clk

ctrl ctrl1


r2[2]

clk

r2[1]

r2[0]

r

& clk

ctrlm1

r1[2]

clk

&r1[1]&r1[0]&

r

& clk

m

r[2]

r[1]

r[0]

ctrl2 ctrl3

0 ctrl10

clk

ctrl

&

1

ctrl1

&&&

0 &


r2[2]

r2[1]

& clk

ctrlm1

r1[2]

clk

&r1[1]&

&

r

&

&clk

m

r[2]

r[1]

r[0]

ctrl2 ctrl3

0

clk

ctrl ctrl1

&

r1[0]

ctrl

r2[0]

1

&&&

r

clk







s

s ss

r1 r+1

m1 0

r2 r1+1s ss


r2 r1+1s s

r2[2]&r2[1]&r2[0]

&

&clk

ctrlm1

r1[2]

clk

&r1[1]&r1[0]&

r

&

&clk

ctrlm

r[2]

r[1]

r[0]

ctrl2 ctrl3

0

clk

ctrl ctrl1

?

r

clk

&


r2[2]

clk

&r2[1]&r2[0]&

r

&

&clk

ctrlm1

r1[2]

clk

&r1[1]&r1[0]&

r

&

&clk

ctrlm

r[2]

r[1]

r[0]

ctrl2 ctrl3

0

clk

ctrl ctrl1

(r+1)+1


r2[2]

clk

&r2[1]&r2[0]&

r

&

&clk

ctrlm1

r1[2]

clk

&r1[1]&r1[0]&

r

&

&clk

ctrlm

r[2]

r[1]

r[0]

ctrl2 ctrl3

0

clk

ctrl ctrl1

the equivalent termsare used as “cutpoints”



s

s

s

s


s

s

s

s

r2[2]

clk

&r2[1]&r2[0]&

r

&

&clk

ctrlm1

ctrl2 ctrl3

the equivalent termsare used as “cutpoints”

r1[2]

r1[1]

r1[0]

use again information of equivalence classes to obtain simpler formula


&a[2]a[1]

a[0]

a+1

Reuse hashed result no need to build OBDDs again


?r2 r1+1s s

r2[2]&r2[1]&r2[0]

&

&clk

ctrlm1

r1[2]

clk

&r1[1]&r1[0]&

r

&

&clk

ctrlm

r[2]

r[1]

r[0]

ctrl2 ctrl3

0

clk

ctrl ctrl1

clk

&

r








s

s ss

r1 r+1 m1 1

r2 0s

s

Other case ...


&

ctrlm1

r1[2]

clk

&r1[1]&r1[0]&

r

& clk

m

r[2]

r[1]

r[0]

ctrl2 ctrl3

0 ctrl10

clk

ctrl

&

1

ctrl0

&&&

1 &

clk

r

clkr2[2]

r2[1]

r2[0]


r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm

datapath-operations are performed on separate blocks from standard libraries


clk

&&&

r

&clk

ctrlm

INC

3

3

no decision diagrams required for symbolic simulation

datapath-operations are performed on separate blocks from standard libraries

use high-leveloperation “inc”


r r+1;if m = 0


r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm

cycle equivalent


r[2]

clk

&r[1]&r[0]&

r

&

&clk

ctrlm

if m = 0then r r+2;else r 000;

NOTcycle equivalent


Experimental Results

Verificationcheck number spec impl time

(1) RWA (one cycle) 1 1 -(2) RWA (one instruction) 3 3 -(3) MPA (with cycle-equiv.) 1 1 13(4) MPA (w/o cycle-equiv.) 92

cyclesdd-checks

1.7 s5.5 s74 s

786 s 8 10

Synthesis tool: Synopsys® Design Compiler™


Application Area equivalence checking at different

levels of abstraction behavioral rtl structural rtl gate-level FMCAD’00, ASIAN’99, CHARME’99 et al

first application to property verification register binding verification C. Blank, Wave’2000


Limitations

verification of finite sequences the maximum number of loop iterations

has to be known verification problem can be reduced for

many cyclic designs with infinite loops to

check of acyclic sequences

examples used in experiments still notnearly so complex as commercial designs


Conclusion sequential verification of examples at

different levels of abstraction

flexible use of an open library of different equivalence detection techniques good compromise between

accuracy and speed

good debugging support

joint work withTIMA laboratory, Grenoble

darmstadt university of technology- 1 - sequential verification by symbolic simulation darmstadt...

Documents

z x rfadrr memadr1 val

z val rfadrr7

z x rfadrr7i

x memadr2twert memadr2

r adr1

rwe reri

i78 i87

rfadrb b