Date post: | 04-Jan-2016 |
Category: |
Documents |
Upload: | zachery-guthrie |
View: | 40 times |
Download: | 0 times |
ABC: An Academic ABC: An Academic “Industrial-Strength” “Industrial-Strength”
Verification ToolVerification Tool(based on a tutorial given at CAV’10)(based on a tutorial given at CAV’10)
BVSRCBVSRCBerkeley Verification and Synthesis Berkeley Verification and Synthesis
Research CenterResearch CenterUC BerkeleyUC Berkeley
Robert Brayton, Niklas Een, Alan Mishchenko Robert Brayton, Niklas Een, Alan Mishchenko Jiang Long, Sayak Ray, Baruch Sterin Jiang Long, Sayak Ray, Baruch Sterin
Thanks to:Thanks to: NSF, NSA, SRC, and industrial sponsors, NSF, NSA, SRC, and industrial sponsors, Actel, Altera, Atrenta, IBM, Intel, Jasper, Magma, Oasys, Actel, Altera, Atrenta, IBM, Intel, Jasper, Magma, Oasys,
Real Intent, Synopsys, Tabula, and VerificReal Intent, Synopsys, Tabula, and Verific
22
OverviewOverview General introduction to ABCGeneral introduction to ABC Synergy between synthesis and verificationSynergy between synthesis and verification Introduction to AIGsIntroduction to AIGs Contrast between classical synthesis and ABC synthesisContrast between classical synthesis and ABC synthesis Algorithm example: re-synthesis with don’t cares using SAT and Algorithm example: re-synthesis with don’t cares using SAT and
interpolationinterpolation Equivalence checkingEquivalence checking
Combinational and sequentialCombinational and sequential Recording synthesis history as a way of reducing complexityRecording synthesis history as a way of reducing complexity
ABC+ - orchestrated verification flowABC+ - orchestrated verification flow SimplificationSimplification
Extraction of constraintsExtraction of constraints Phase abstractionPhase abstraction Forward and minimum FF retimiingForward and minimum FF retimiing K-step inductionK-step induction AbstractionAbstraction
SpeculationSpeculation Last gasp: BMC, BDDs, interpolationLast gasp: BMC, BDDs, interpolation
Verification example (super_prove)Verification example (super_prove) Future workFuture work
33
ABCABC A synthesis and verification tool under A synthesis and verification tool under
development at Berkeleydevelopment at Berkeley Started 6 years ago as a replacement for SISStarted 6 years ago as a replacement for SIS Academic public domain toolAcademic public domain tool ““Industrial-strength” Industrial-strength”
Has been employed in commercial offerings of Has been employed in commercial offerings of various CAD companies various CAD companies
In both synthesis and verificationIn both synthesis and verification
Exploits the synergy between synthesis and Exploits the synergy between synthesis and verificationverification
44
A Plethora of ABCsA Plethora of ABCshttphttp://en.wikipedia.org/wiki/Abc://en.wikipedia.org/wiki/Abc ABC (American Broadcasting Company)ABC (American Broadcasting Company)
A television network…A television network… ABC (Active Body Control)ABC (Active Body Control)
ABC is designed to minimize body roll in corner, ABC is designed to minimize body roll in corner, accelerating, and braking. The system uses 13 accelerating, and braking. The system uses 13 sensors which monitor body movement to supply the sensors which monitor body movement to supply the computer with information every 10 ms…computer with information every 10 ms…
ABC (ABC (Abstract Abstract BBase ase CClasslass) ) In C++, these are generic classes at the base of the In C++, these are generic classes at the base of the
inheritance tree; objects of such abstract classes inheritance tree; objects of such abstract classes cannot be created… cannot be created…
Atanasoff-Berry Computer Atanasoff-Berry Computer The The Atanasoff–Berry ComputerAtanasoff–Berry Computer ( (ABCABC) was the first ) was the first
electronicelectronic digitaldigital computingcomputing device. device.[1][1] Conceived in Conceived in 1937, the machine was not programmable, being 1937, the machine was not programmable, being designed only to solve systems of designed only to solve systems of linear equationslinear equations. It . It was successfully tested in 1942. was successfully tested in 1942.
ABC (supposed to mean “as simple as ABC”)ABC (supposed to mean “as simple as ABC”) A system for sequential synthesis and verification at A system for sequential synthesis and verification at
BerkeleyBerkeley
55
Design FlowDesign FlowSystem SpecificationSystem Specification
RTLRTL
Logic synthesisLogic synthesis
Technology mappingTechnology mapping
Physical synthesisPhysical synthesis
ManufacturingManufacturing
ABCABC Verification
Verification
ABCABC - Property - PropertyChecking Checking
Equivalence checkingEquivalence checking
66
Areas Addressed by ABCAreas Addressed by ABC
Combinational synthesisCombinational synthesis AIG rewritingAIG rewriting technology mappingtechnology mapping resynthesis after mappingresynthesis after mapping
Sequential synthesisSequential synthesis retimingretiming structural register sweepstructural register sweep merging seq. equiv. nodesmerging seq. equiv. nodes
VerificationVerification combinational equivalence checkingcombinational equivalence checking bounded sequential verificationbounded sequential verification unbounded sequential verificationunbounded sequential verification equivalence checking using synthesis historyequivalence checking using synthesis history property checking (safety and liveness)property checking (safety and liveness)
77
Synergy – Two KindsSynergy – Two Kinds
1.1. The algorithms and advancements in The algorithms and advancements in verification can be used in synthesis, and vice verification can be used in synthesis, and vice versa.versa.
2.2. One enables the otherOne enables the other Verification enables synthesis - equivalence Verification enables synthesis - equivalence
checking capability enables acceptance of checking capability enables acceptance of sequential transformationssequential transformations retiming retiming use of unreachable states use of unreachable states sequential signal correspondence, etcsequential signal correspondence, etc
Synthesis enables verificationSynthesis enables verification Desire to use sequential synthesis operations (Desire to use sequential synthesis operations (shown by shown by
superior resultssuperior results) spurs verification developments) spurs verification developments
88
Examples of The Synergy Examples of The Synergy
Similar solutionsSimilar solutions e.g. retiming in synthesis / retiming in verificatione.g. retiming in synthesis / retiming in verification
Algorithm migrationAlgorithm migration e.g. BDDs, SAT, induction, interpolation, rewritinge.g. BDDs, SAT, induction, interpolation, rewriting
Related complexity Related complexity scalable synthesis <=> scalable verification scalable synthesis <=> scalable verification
(approximately)(approximately) Common data-structures Common data-structures
e.g. combinational and sequential AIGse.g. combinational and sequential AIGs
99
Evidence of Synergy Between Evidence of Synergy Between Synthesis and VerificationSynthesis and Verification
IBMIBM Has a very capable sequential verification engine – Has a very capable sequential verification engine – SixthSenseSixthSense.. Used throughout IBM to verify property and equivalenceUsed throughout IBM to verify property and equivalence Designers more willing to consider sequential transformations Designers more willing to consider sequential transformations
now.now. ABCABC
Sequential verification was developed to check that new Sequential verification was developed to check that new algorithms were implemented correctlyalgorithms were implemented correctly
Example of a startup companyExample of a startup company Had developed sequential methods to reduce powerHad developed sequential methods to reduce power Needed a verification tool to double check if their ideas and Needed a verification tool to double check if their ideas and
implementations were correct.implementations were correct. Needed a tool to assure customers that results were correct.Needed a tool to assure customers that results were correct.
1010
AIGs (And-Inverter Graphs)AIGs (And-Inverter Graphs)Why AIGs?Why AIGs?
Same reasons hold for both synthesis and verificationSame reasons hold for both synthesis and verification
Easy to construct, relatively compact, robustEasy to construct, relatively compact, robust 1M AIG ~ 12Mb RAM1M AIG ~ 12Mb RAM
Can be efficiently stored on disk Can be efficiently stored on disk 3-4 bytes / AIG node (1M AIG ~ 4Mb file)3-4 bytes / AIG node (1M AIG ~ 4Mb file)
Unifying representationUnifying representation Used by all the different verification enginesUsed by all the different verification engines Easy to pass around, duplicate, saveEasy to pass around, duplicate, save
Compatible with SAT solvers Compatible with SAT solvers Efficient AIG-to-CNF conversion availableEfficient AIG-to-CNF conversion available Circuit-based SAT solvers work directly on AIGCircuit-based SAT solvers work directly on AIG ““AIGs + simulation + SAT” works well in many casesAIGs + simulation + SAT” works well in many cases
1111
Structural hashingStructural hashing Performs AIG compactionPerforms AIG compaction Applied on-the-fly during constructionApplied on-the-fly during construction
Propagates constantsPropagates constants Makes each node structurally uniqueMakes each node structurally unique
F = abc
G = (abc)’
H = abc’ Before After
AIGsAIGs
1212
AIG Memory UsageAIG Memory Usage
Memory allocationMemory allocation Use fixed amount of memory for each nodeUse fixed amount of memory for each node
Can be done by a simple custom memory managerCan be done by a simple custom memory manager Dynamic fanout manipulation is supported!Dynamic fanout manipulation is supported!
Allocate memory for nodes in a topological orderAllocate memory for nodes in a topological order Optimized for traversal in the same topological orderOptimized for traversal in the same topological order
Mostly AIG can be stored in cache – fewer cache misses.Mostly AIG can be stored in cache – fewer cache misses. Small static memory footprint in many applicationsSmall static memory footprint in many applications
Compute fanout information on demandCompute fanout information on demand
1313
Quick Overview of “Classical” Quick Overview of “Classical” (technology independent) (technology independent)
Logic SynthesisLogic Synthesis Boolean networkBoolean network Network manipulation Network manipulation
(algebraic)(algebraic) Elimination (substituting a Elimination (substituting a
node into its fanouts)node into its fanouts) Decomposition (common-Decomposition (common-
divisor extraction)divisor extraction) Node minimization (Boolean)Node minimization (Boolean)
EspressoEspresso Don’t caresDon’t cares
Resubstitution (algebraic or Resubstitution (algebraic or Boolean) Boolean)
Boolean network in SISBoolean network in SIS
aa bb cc dd
ee
xx yy
ff
zz
ze
xd yd xy
ab cd cd
Boolean network in SISBoolean network in SIS
ab
x + c
aa bb cc dd
ee
xx
yy
ff
zzze
yd yd
1414
““Classical” Logic SynthesisClassical” Logic Synthesis
Equivalent AIG in ABCEquivalent AIG in ABC
aa bb cc dd
ff
ee
xxyy
zz
Boolean network in SISBoolean network in SIS
aa bb cc dd
ee
xx yy
ff
zz
ze
xd yd xy
ab cd cd
AIG is a Boolean network of 2-input AND nodes and invertors (dotted lines)
1515
One AIG Node – Many CutsOne AIG Node – Many Cuts
Combinational AIGCombinational AIG
aa bb cc dd
ff
ee
AIG can be used to compute many cuts for each node Each cut in AIG represents a
different SIS node SIS node logic represented by AIG
between cut and root.
No a priori fixed boundaries
Implies that AIG manipulation with cuts is equivalent to working on many Boolean networks at the same time
Different cuts for the same nodeDifferent cuts for the same node
1616
Combinational SynthesisCombinational Synthesis
a b a c
Subgraph 1
b c
a
Subgraph 2
Pre-computing AIG subgraphsPre-computing AIG subgraphs Consider function f = abcConsider function f = abc
a c
b
Subgraph 3
Rewriting AIG subgraphsRewriting AIG subgraphsRewriting node A
Rewriting node B
a b a c
a b a c
A
Subgraph 1
b c
a
A
Subgraph 2
b c
a
B
Subgraph 2
a b a c
B
Subgraph 1
In both cases 1 node is savedIn both cases 1 node is saved
AIG rewritingAIG rewriting minimizes the number of AIG nodes without minimizes the number of AIG nodes without increasing the number of AIG levelsincreasing the number of AIG levels
1717
Combinational RewritingCombinational Rewriting
iterate iterate 1010 times { times {
for for eacheach AIG node { AIG node {
for for eacheach kk-cut-cut
derive node output as function of cut variablesderive node output as function of cut variables
if ( smaller AIG is in the pre-computed library )if ( smaller AIG is in the pre-computed library )
rewriterewrite using improved AIG structure using improved AIG structure
}}
}}Note: For 4-cuts, each AIG node has, on average, 5 cuts Note: For 4-cuts, each AIG node has, on average, 5 cuts compared to a SIS node with only 1 cutcompared to a SIS node with only 1 cut
Rewriting at a node can be very fast – using hash-table Rewriting at a node can be very fast – using hash-table lookups, truth table manipulation, disjoint decompositionlookups, truth table manipulation, disjoint decomposition
1818
Combinational Rewriting IllustratedCombinational Rewriting Illustrated
AIG rewriting looks at one AIG node, AIG rewriting looks at one AIG node, nn, at a time, at a time A set of new nodes replaces the old fanin cone of A set of new nodes replaces the old fanin cone of nn The rewriting can account for a better implementation which can use The rewriting can account for a better implementation which can use
existing nodes in the network (DAG aware).existing nodes in the network (DAG aware).
A synthesis history can be recorded easily with AIGsA synthesis history can be recorded easily with AIGs the old root and the new root nodes are grouped into an equivalence the old root and the new root nodes are grouped into an equivalence
class class (more on this later)(more on this later)
nn nn’’
Working AIG
nn nn’’
History AIG
1919
Comparison of Two SynthesesComparison of Two Syntheses
“ “Classical” synthesisClassical” synthesis
Boolean networkBoolean network Network manipulation Network manipulation
(algebraic)(algebraic) EliminationElimination Decomposition (common Decomposition (common
kernel extraction)kernel extraction) Node minimizationNode minimization
EspressoEspresso Don’t cares computed using Don’t cares computed using
BDDsBDDs Resubstitution Resubstitution
““Contemporary” synthesisContemporary” synthesis
AIG networkAIG network DAG-aware AIG rewriting (Boolean)DAG-aware AIG rewriting (Boolean)
Several related algorithmsSeveral related algorithms RewritingRewriting RefactoringRefactoring BalancingBalancing
Node minimizationNode minimization Boolean decompositionBoolean decomposition Don’t cares computed using Don’t cares computed using
simulation and SATsimulation and SAT Resubstitution with don’t caresResubstitution with don’t cares
Note: here all algorithms are Note: here all algorithms are scalablescalable: : no SOP, no BDDs, no Espressono SOP, no BDDs, no Espresso
2020
Example Algorithm:Example Algorithm:Resubstitution in ABCResubstitution in ABC
Illustrates computation and use of don’t Illustrates computation and use of don’t carescares
Illustrates use of SAT and interpolation.Illustrates use of SAT and interpolation.All done in a scalable wayAll done in a scalable way
2121
Windowing a Node in a Mapped Windowing a Node in a Mapped NetworkNetwork
A A windowwindow for a node in the for a node in the network is the context in network is the context in which the don’t-cares are which the don’t-cares are computed. It includes:computed. It includes: nn levels of the TFI levels of the TFI mm levels of the TFO levels of the TFO all re-convergent paths all re-convergent paths
captured in this scopecaptured in this scope
A window with its PIs and POs can A window with its PIs and POs can be considered as a separate be considered as a separate networknetwork
Window POs
X = Window PIs
n = 3
m = 3
Mapped network – gates or LUTS
is a SIS node, gate, or FPGA LUT
2222
Don’t-Care Computation FrameworkDon’t-Care Computation Framework
…
““Miter” constructed for the window POsMiter” constructed for the window POs
nn
XX
YY
WindowWindow
nn
XX
YY
Same window Same window with inverter before fanoutwith inverter before fanout
C(X)
AIG “care”
network
X
2323
ResubstitutionResubstitution Resubstitution considers a Resubstitution considers a nodenode in a in a BooleanBoolean network network
and expresses it using a different set of faninsand expresses it using a different set of fanins
X X
Computation can be enhanced by use of don’t caresComputation can be enhanced by use of don’t cares
2424
Resubstitution with Don’t-Cares - Resubstitution with Don’t-Cares - OverviewOverview
Consider all or some nodes in Boolean network. Consider all or some nodes in Boolean network.
For each node:For each node:Create window – and care networkCreate window – and care networkSelect candidate divisor nodes in non-fanout cone Select candidate divisor nodes in non-fanout cone
in windowin windowFor each candidate For each candidate subsetsubset of divisors of divisors
If possible, rule it out with If possible, rule it out with simulationsimulationCheck resubstitution infeasibility using Check resubstitution infeasibility using SATSATIf UNSAT, compute resubstitution function using If UNSAT, compute resubstitution function using
interpolationinterpolation
Update the network if improvementUpdate the network if improvement
2525
Resubstitution with Don’t CaresResubstitution with Don’t Cares Given: Given:
node function node function FF((xx)) to be replaced to be replaced care network care network CC((xx)) for the node for the node candidate set of divisors candidate set of divisors {{ggii((xx)})}
Find:Find: A resubstitution function A resubstitution function hh((yy)) such such
that that FF((xx) = ) = hh((gg((xx)))) on the care set on the care set
Substitution TheoremSubstitution Theorem: : A function A function h(y)h(y) exists if and only if for every exists if and only if for every pair of pair of carecare minterms, minterms, xx11 and and xx22, , where where FF((xx11) != ) != FF((xx22) ,) , there exists there exists k k such that such that ggkk((xx11)) !=!= ggkk((xx22))
C(x) F(x) g1 g2 g3
C(x) F(x)
g1 g2 g3
h(g)
= F(x)
2626
Example of ResubstitutionExample of ResubstitutionSubstitution TheoremSubstitution Theorem: Any minterm pair that needs to be : Any minterm pair that needs to be
distinguished by distinguished by FF((xx)) should be distinguished by at least one of should be distinguished by at least one of the candidates {the candidates {ggkk((xx)})}
F(x)F(x) = = (x(x11 x x22)()(xx2 2 xx33))
Two candidate sets:Two candidate sets:{g{g11= = xx11’’xx22, , gg22 = = xx11 xx22’’xx33}}, ,
{g{g33= = xx11 xx22, , gg44 = = xx22 xx33}}
Set Set {{gg33, , gg44}} cannot be cannot be
used for resubstitutionused for resubstitutionwhile set while set {g{g11, g, g22}} can can
((check all minterm pairscheck all minterm pairs).).
xx F(x)F(x) gg11(x)(x) gg22(x)(x) gg33(x)(x) gg44(x)(x)
000000 00 00 00 00 00
001001 00 00 00 00 00
010010 11 11 00 11 00
011011 11 11 00 11 11
100100 00 00 00 11 00
101101 11 00 11 11 00
110110 00 00 00 11 00
111111 00 00 00 11 11
Example:Example:
2727
Checking Resubstitution using SATChecking Resubstitution using SAT
x1
f g1 g2 g3
1 1
1
0 1
f g3 g2 g1 C
x2
B A
C
Note use of care set.Note use of care set.
Resubstitution function exists if and only if problem is unsatisfiable.Resubstitution function exists if and only if problem is unsatisfiable.
F F
Miter for resubstitution checkMiter for resubstitution check
Substitution Theorem: Any minterm pair needed to be distinguished by Substitution Theorem: Any minterm pair needed to be distinguished by FF((xx) should be distinguished by at least one of the candidates {) should be distinguished by at least one of the candidates {ggkk((xx)})}
AIG network
2828
Computing Dependency Function Computing Dependency Function hh - Craig Interpolation- Craig Interpolation
Consider two sets of clauses, Consider two sets of clauses, AA((x, yx, y)) and and BB((y, zy, z), ), where where yy are the only variables common to are the only variables common to AA and and BB. .
A Craig A Craig interpolant interpolant of the pair of the pair ((AA((x, yx, y), ), BB((y, zy, z)))) is a is a function function hh((yy)) depending only on the common depending only on the common variables variables yy such that such that AA((x, yx, y) ) hh((yy)) BB((y, zy, z))
It exists iff It exists iff AA((x, yx, y) ) BB((y, zy, z) = 0) = 0
AA((x, yx, y)) BB((y, zy, z))
hh((yy))
Boolean space Boolean space (x,y,z)(x,y,z)
2929
Computing Dependency Function Computing Dependency Function hh by Interpolation (Implementation)by Interpolation (Implementation)
Problem: Problem: Find function Find function hh((yy)), such that , such that CC((xx) ) [ [hh((gg((xx)) )) FF((xx)])], i.e. , i.e. FF((xx)) is expressed in is expressed in
terms of terms of {{ggkk}}. . Solution:Solution: Prove the corresponding SAT problem “unsatisfiable”Prove the corresponding SAT problem “unsatisfiable” Derive unsatisfiability resolution proof [Goldberg/Novikov, DATE’03]Derive unsatisfiability resolution proof [Goldberg/Novikov, DATE’03] Divide clauses into A clauses and B clausesDivide clauses into A clauses and B clauses Derive interpolant from the unsatisfiability proof [McMillan, CAV’03]Derive interpolant from the unsatisfiability proof [McMillan, CAV’03] Use interpolant as the dependency function, Use interpolant as the dependency function, hh((gg)) Replace Replace FF((xx)) by by hh((gg)) if cost function improved if cost function improved
Notes on this solutionNotes on this solution uses don’t caresuses don’t cares does not use Espressodoes not use Espresso is more scalableis more scalable
x1
f g1 g2 g3
1 1
1
0 1
f g3 g2 g1 C
x2
B A
C
AA BB
yy
AA BBhh
3030
Sequential VerificationSequential Verification Property checkingProperty checking
Create miter from the design and Create miter from the design and the safety propertythe safety property
Special construction for livenessSpecial construction for liveness Biere, Artho, Schuppan
Equivalence checkingEquivalence checking Create miter from two versions Create miter from two versions
of the same designof the same design
Assuming the initial state is Assuming the initial state is givengiven
The goal is to prove that the The goal is to prove that the output of the miter is 0, for all output of the miter is 0, for all states reachable from the initial states reachable from the initial state.state.
D2D2D1D1
Equivalence checking miterEquivalence checking miter
0
D1D1
Property checking miterProperty checking miter
0
pp
3131
Sequential Equivalence Checking Sequential Equivalence Checking and Sequential Synthesisand Sequential Synthesis
Complexity Problem:Complexity Problem: Although iterated retiming and combinational Although iterated retiming and combinational
synthesis (synthesis (these two methods are scalablethese two methods are scalable) has ) has been shown to be very scalable and effective,been shown to be very scalable and effective,
sequential equivalence checking for this has sequential equivalence checking for this has been shown to be as hard as general sequential been shown to be as hard as general sequential equivalence checking (PSPACE complete)equivalence checking (PSPACE complete)
How to make it simpler? How to make it simpler? leave a trail of synthesis transformations leave a trail of synthesis transformations (History)(History)
3232
Recording a HistoryRecording a History
ObservationObservationEach transformation can be broken down into Each transformation can be broken down into
a sequence of small stepsa sequence of small stepsCombinational rewritingCombinational rewritingSequential rewritngSequential rewritngRetimingRetimingUsing ODC’s obtained from a windowUsing ODC’s obtained from a window
How do we easily and uniformly record the How do we easily and uniformly record the history of this?history of this?
3333
Easily Recording Synthesis HistoryEasily Recording Synthesis History
Two AIG managers are usedTwo AIG managers are used Normal Working AIG (WAIG) Normal Working AIG (WAIG) History AIG (HAIG)History AIG (HAIG)
Combinational structural hashing is Combinational structural hashing is used in both managersused in both managers
Two node-mappings are supportedTwo node-mappings are supported Every node in WAIG points to a node Every node in WAIG points to a node
in HAIGin HAIG Some nodes in HAIG point to other
nodes in HAIG that are sequentially equivalent
WAIG
HAIG
3434
Sequential Rewriting ExampleSequential Rewriting Example(combined retiming and combinational rewriting)(combined retiming and combinational rewriting)
Sequential Sequential cut: cut: {a,b,b{a,b,b11,c,c11,c},c}
rewriterewrite
Rewriting step.
The History AIG The History AIG accumulates accumulates sequential sequential
equivalenceequivalence classes classes..
Sequentiallyequivalent
new new nodesnodes
History AIG
History AIG after rewriting step.History AIG after rewriting step.
3535
PracticalityPracticalityConceptuallyConceptually this is easy. Just modify each synthesis this is easy. Just modify each synthesis
algorithm with the followingalgorithm with the following
Use of HAIG makes SEC easier (only coNP-complete)Use of HAIG makes SEC easier (only coNP-complete)
PracticallyPractically it is more of a coding effort to record the history it is more of a coding effort to record the history than we thoughtthan we thought Since little interest so far, not fully implemented in ABC.Since little interest so far, not fully implemented in ABC. It still might be of interest to a company that does both synthesis It still might be of interest to a company that does both synthesis
and verificationand verification
Working AIGWorking AIG createAigManager <--->createAigManager <---> deleteAigManager <--->deleteAigManager <---> createNode <---> createNode <--->
replaceNode <--->replaceNode <---> deleteNode_recur <--->deleteNode_recur <--->
History AIGHistory AIG createAigManager createAigManager deleteAigManagerdeleteAigManager createNode, createNode,
setWaigToHaigMappingsetWaigToHaigMapping setEquivalentHaigMappingsetEquivalentHaigMapping do nothingdo nothing
3636
Integrated Verification FlowIntegrated Verification Flow
1.1. SimplificationSimplification
2.2. AbstractionAbstraction
3.3. SpeculationSpeculation
4.4. High Effort VerificationHigh Effort Verification
3737
Integrated Verification FlowIntegrated Verification Flow
1.1. SimplificationSimplification Initial fast simplification of the logicInitial fast simplification of the logic Forward Forward retimeretime and do FF correspondence and do FF correspondence Min FF Min FF retimeretime Extract implicit Extract implicit constraintsconstraints**** and use them to find signal and use them to find signal
equivalences equivalences (ABC command (ABC command scorr –cscorr –c)) Fold back the constraints Fold back the constraints
add a FF so that if ever a constraint is not satisfied, make the add a FF so that if ever a constraint is not satisfied, make the output 0 forever after that.output 0 forever after that.
TrimTrim away irrelevant inputs away irrelevant inputs (do not fanout to FF or POs)(do not fanout to FF or POs) Try Try phase abstraction phase abstraction (look for periodic signals)(look for periodic signals) Heavy Heavy simplifysimplify
((kk-step signal correspondence and deep rewriting)-step signal correspondence and deep rewriting)
** (see paper of Cabodi et. al.)** (see paper of Cabodi et. al.)
3838
Sequential SAT SweepingSequential SAT Sweeping(signal correspondence)(signal correspondence)
• Naïve approachNaïve approach• Build output miter – call SATBuild output miter – call SAT
works well for many easy problemsworks well for many easy problems
Better approach - SAT sweepingBetter approach - SAT sweeping • based on based on incrementalincremental SAT solving SAT solving
• detects possibly equivalent nodes using detects possibly equivalent nodes using simulationsimulation
• candidate constant nodescandidate constant nodes• candidate equivalent nodescandidate equivalent nodes
• runs runs SATSAT on the intermediate miters in a on the intermediate miters in a topological ordertopological order
• refines candidates using counterexamplesrefines candidates using counterexamples
Proving internal equivalences in a topological order
A
B
SAT-1SAT-1D CC
SAT-2SAT-2
?
?
Related to combinational CECRelated to combinational CEC
D2D2D1D1
3939
Improved CECImproved CECFor hard CEC instancesFor hard CEC instancesHeuristic: skip some equivalencesHeuristic: skip some equivalences results in results in
5x reduction in runtime5x reduction in runtimesolving previously unresolved problemssolving previously unresolved problems
Given a combinational miter with Given a combinational miter with equivalence class {A, B, A’, B’}equivalence class {A, B, A’, B’}
Possible equivalences: Possible equivalences:
A = B, A = A’, A = B’, B = A’, B = B’, A’ = B’A = B, A = A’, A = B’, B = A’, B = B’, A’ = B’
- only try to prove A=A’ and B=B’only try to prove A=A’ and B=B’
- do not try to prove do not try to prove
A = B, A’ = B’, A’ = B A = B, A’ = B’, A’ = B A = B’ A = B’ D2D2D1D1
BBAA A’A’
B’B’
4040
Sequential SAT SweepingSequential SAT Sweeping(signal correspondence)(signal correspondence)
Similar to combinational SAT sweeping Similar to combinational SAT sweeping detects node equivalencesdetects node equivalences ButBut the equivalences are the equivalences are sequential sequential
guaranteed to hold guaranteed to hold onlyonly on the reachable state space on the reachable state space
Every combinational equivalence is a sequential oneEvery combinational equivalence is a sequential one run combinational SAT sweeping firstrun combinational SAT sweeping first
A A setset of sequential equivalences are proved by of sequential equivalences are proved by kk-step -step inductioninduction Base caseBase case Inductive caseInductive case Efficient implementation of induction is key!Efficient implementation of induction is key!
4141
Base CaseBase Case(just BMC)(just BMC)
arbitrary statearbitrary state
Candidate equivalences: {A = B}, {C = D}
A
B
SAT-3D C
SAT-4
A
B
SAT-1D C
SAT-2
??
??
??
??
PI0
PI1
initial initial statestate
Proving internal equivalencesinternal equivalences in initialized frames 1 through k
Proving Proving internal internal equivalencesequivalences in in a topological a topological order in frame order in frame kk+1+1
A
B
SAT-1SAT-1D C
SAT-2SAT-2
A
B
D C
A
B
D C
AssumingAssuming internal internal equivalences in equivalences in uninitializeduninitialized frames frames 1 through 1 through kk
00
00
00
00
??
??
PI0
PI1
PIk
Inductive CaseInductive Case
kk-step Induction-step Induction
kk = 2 = 2
If proof of any one If proof of any one equivalence fails equivalence fails need to start overneed to start over
4242
Efficient ImplementationEfficient ImplementationTwo observations:Two observations:1.1. Both base and inductive cases of Both base and inductive cases of kk-step induction are -step induction are combinational SAT combinational SAT
sweeping sweeping problemsproblems Tricks and know-how from the above are applicableTricks and know-how from the above are applicable
base case is just BMC base case is just BMC The same integrated package can be usedThe same integrated package can be used
starts with simulationstarts with simulation performs node checking in a topological orderperforms node checking in a topological order benefits from the counter-example simulationbenefits from the counter-example simulation
2.2. Speculative reductionSpeculative reduction Deals with how assumptions are used in the inductive caseDeals with how assumptions are used in the inductive case
4343
Speculative ReductionSpeculative Reduction
Assume equivalences are valid Assume equivalences are valid add XORs to create add XORs to create newnew POs POsmerge fanouts, rehash logic merge fanouts, rehash logic
AB
Adding assumptions without speculative reduction
0
AB
Adding assumptions with speculative reduction
0
A
B
D C
A
B
D C
A
B
D C
PI0
PI1
PIk
Down stream logic Down stream logic can be simplified.can be simplified.
Some down stream Some down stream equivalences equivalences become trivialbecome trivial
4444
Integrated Verification FlowIntegrated Verification Flow(continued)(continued)
2.2. AbstractionAbstraction Use new Use new CBA/PBACBA/PBA method* method*
Uses single instance of SAT solverUses single instance of SAT solver Uses counter-example based abstraction which Uses counter-example based abstraction which
is refined with proof-based abstractionis refined with proof-based abstraction
Checked afterward with BMC, BDDs, and Checked afterward with BMC, BDDs, and simulation for CEX’s and refined with CBA if simulation for CEX’s and refined with CBA if found.found.
* N. Een, A. Mishchenko, and N. Amla, "A single-instance incremental SAT formulation of proof- and counterexample-based abstraction". Proc. IWLS'10.
4545
Counterexample-Based Counterexample-Based Abstraction (CBA)Abstraction (CBA)
start with set of FF, start with set of FF, AA = Ø (all flops are PIs) = Ø (all flops are PIs)abstraction engine will add flops to abstraction engine will add flops to AA ( (concretizeconcretize flops) flops)
new flops will refute spurious counterexamplesnew flops will refute spurious counterexamples
xx00xx11xx22xx33xx44
ss00ss11ss22
xx00xx11xx22xx33xx44
ss00ss11ss22
~Property~Property
11
1100
11
11
0000
1111
11
0011
000000
&&
&&
4646
Proof-Based Abstraction (PBA)Proof-Based Abstraction (PBA)Starts with an UNSAT Starts with an UNSAT kk-trace-traceInspects the proof: flops not present are Inspects the proof: flops not present are
abstracted.abstracted.
Benefit:Benefit:More precise than CBA.More precise than CBA.
Drawback:Drawback:Have to unroll the full design.Have to unroll the full design.
In contrast, CBA starts with a very small design.In contrast, CBA starts with a very small design.
4747
Combined AbstractionCombined Abstraction
Use CBA to grow the abstraction bottom up.Use CBA to grow the abstraction bottom up.Apply PBA only on the current abstraction Apply PBA only on the current abstraction
(not the full design) when (not the full design) when kk frames is UNSAT frames is UNSATDo everything in a single incremental SAT Do everything in a single incremental SAT
instance.instance.
depth 0: depth 0: SAT, SAT, SAT, SAT, SAT, SAT, SAT, SAT, UNSATUNSAT
depth 1depth 1: SAT, : SAT, UNSATUNSAT
depth 2: depth 2: SAT, SAT, SAT, SAT, SAT, SAT, UNSATUNSAT
……Depth = # frames unrolled.Depth = # frames unrolled.
4848
Incremental SATIncremental SAT
Extend the Extend the solve()solve() method in MiniSat: method in MiniSat:Accept as input a set of literals to be treated as Accept as input a set of literals to be treated as
unit clauses for this call only.unit clauses for this call only.For UNSAT results, output the subset of those For UNSAT results, output the subset of those
literals used in the proof.literals used in the proof.
Very minor extension of a modern SAT solverVery minor extension of a modern SAT solverAllows PBA to be done Allows PBA to be done without proof-loggingwithout proof-logging
(major extension).(major extension).
4949
Activation LiteralsActivation LiteralsAssumptions to Assumptions to solve()solve() allow selectively activating allow selectively activating
constraints:constraints:
a a → → ((f f [[k+k+1]1] ↔ f ↔ finin[[kk]), all ]), all kk
where where aa is an activation literal, is an activation literal, ff is a flop is a flop
Every flop in the BMC trace has its own activation Every flop in the BMC trace has its own activation literal.literal.
All activation literals are passed as All activation literals are passed as assumptionsassumptions to to solve()solve()..
The set returned by The set returned by solve()solve() can be used for PBA. can be used for PBA.
5050
Integrated Verification FlowIntegrated Verification Flow(continued)(continued)
3.3. SpeculationSpeculation ** ** Especially useful for SEC Especially useful for SEC Simulation used to find Simulation used to find candidatecandidate equivalences. equivalences.
These are equivalences that we could not prove by These are equivalences that we could not prove by induction (sequential SAT sweeping)induction (sequential SAT sweeping)
These are used to build a “speculative miter”These are used to build a “speculative miter” The result is double-checked with BMC, BDDs The result is double-checked with BMC, BDDs
or simulation for CEX’s and refined if necessary.or simulation for CEX’s and refined if necessary.
** H. Mony, J. Baumgartner, V. Paruthi, and R. Kanzelman, ** H. Mony, J. Baumgartner, V. Paruthi, and R. Kanzelman, “Exploiting suspected redundancy without proving it”. “Exploiting suspected redundancy without proving it”. Proc. DAC’05Proc. DAC’05..
5151
Speculative Reduced Miter (SRM)Speculative Reduced Miter (SRM) Assume candidate equivalences are validAssume candidate equivalences are valid
Merge fanouts, rehash logic, add XORs to create Merge fanouts, rehash logic, add XORs to create newnew POs POs New POs are New POs are proof obligationsproof obligations
The result is a Speculatively Reduced Model (SRM)The result is a Speculatively Reduced Model (SRM) SRM is UNSAT iff all candidate equivalences hold!SRM is UNSAT iff all candidate equivalences hold!
Equivalences include original outputs (= 0)Equivalences include original outputs (= 0) SRM has a different circuit structureSRM has a different circuit structure SRM is often easier to proveSRM is often easier to prove
Can try to prove each output separately.Can try to prove each output separately.
AB
Adding assumptions without speculative reduction
0
AB
Adding assumptions with speculative reduction
0
5252
Speculation Shortcut Speculation Shortcut At any step, have BMC with At any step, have BMC with k k frames, where all frames, where all
equivalences that remain, hold for the equivalences that remain, hold for the kk frames frames At next frame some equivalences fail to not holdAt next frame some equivalences fail to not hold Can still use old SRM up through frame Can still use old SRM up through frame kk
No need to remove disproved equivalencesNo need to remove disproved equivalences Just add clauses topologically up to next equivalenceJust add clauses topologically up to next equivalence
Prove it and merge fanouts orProve it and merge fanouts or Disprove it and just continue to next equivalenceDisprove it and just continue to next equivalence
Already learned clauses can be keptAlready learned clauses can be kept Uses only Uses only one SAT instanceone SAT instance
just keep adding clauses to itjust keep adding clauses to it
SRMSRM11 SRMSRM22 SRMSRM33 SRMSRM44 SRMSRM55 SRMSRMkk
5353
Integrated Verification FlowIntegrated Verification Flow(continued)(continued)
4.4. Final Final high-efforthigh-effort verification (prove or disprove) verification (prove or disprove)
Prove: (give long run-time limits and/or large Prove: (give long run-time limits and/or large conflict limits)conflict limits)
Try BDD reachability Try BDD reachability if problem small enough (< 200 PI, < 200 FFs)if problem small enough (< 200 PI, < 200 FFs)
Try interpolationTry interpolation Try inductionTry induction
In rare cases, can prove outputs using induction.In rare cases, can prove outputs using induction.
Disprove: (give large run-time and conflict limits)Disprove: (give large run-time and conflict limits) Try heavy BMC on Try heavy BMC on initialinitial simplified circuit (before simplified circuit (before
abstraction or speculation done).abstraction or speculation done).
5454
InterpolationInterpolation Input:Input: Sequential AIG with single output representing a property Sequential AIG with single output representing a property
Property holds when the output is 0Property holds when the output is 0 Method:Method: Over-approximate reachability analysis Over-approximate reachability analysis
Using over-approximations, instead of exact sets of reachable statesUsing over-approximations, instead of exact sets of reachable states Output:Output: Proof that Proof that
1.1. the property holds, or the property holds, or 2.2. a real CEX is provided, ora real CEX is provided, or3.3. ““undecided”undecided”
Implementation:Implementation: A sequence of SAT calls on unrolled time- A sequence of SAT calls on unrolled time-frames that is similar to BMCframes that is similar to BMC
T1 T2 T3 Tn P=1Ik
BA
~property
interpolant
interpolant
inter1
UNSAT
inter2
5555
Still an important back-end of the verification flowStill an important back-end of the verification flow Also useful to find CEX’s during abstraction and Also useful to find CEX’s during abstraction and
speculation refinementspeculation refinement Several ideas, old and new, can be put together to Several ideas, old and new, can be put together to
implement a implement a newnew improved engine improved engine New method for hypergraph partitioningNew method for hypergraph partitioning Use of several BDD managersUse of several BDD managers
Long live BDDs!Long live BDDs!
BDD-Based ReachabilityBDD-Based Reachability
BDDWe tried to ban BDDs in ABC
5656
Examples of Running ABC+Examples of Running ABC+
1.1. Example 1 of simplifying and final proof Example 1 of simplifying and final proof with interpolationwith interpolation
2.2. ProveProve python code python code
3.3. Example 2 of refinement after speculationExample 2 of refinement after speculation
4.4. Super_proveSuper_prove python code python code
5.5. Example 3 of Example 3 of super_provesuper_prove
6.6. Example 4 of speculation before Example 4 of speculation before abstractionabstraction
5757
Read_fileRead_file IE1.aigIE1.aigPIs = 532, POs = 1, FF = 2389, ANDs = 12049PIs = 532, POs = 1, FF = 2389, ANDs = 12049proveprove
SimplifyingSimplifyingNumber of constraints = 3Number of constraints = 3Forward retiming, quick_simp, scorr_constr, trm: PIs = 532, POs = 1, FF = 2342, ANDs = 11054Forward retiming, quick_simp, scorr_constr, trm: PIs = 532, POs = 1, FF = 2342, ANDs = 11054Simplify: PIs = 532, POs = 1, FF = 2335, ANDs = 10607Simplify: PIs = 532, POs = 1, FF = 2335, ANDs = 10607Phase abstraction: PIs = 283, POs = 2, FF = 1460, ANDs = 8911Phase abstraction: PIs = 283, POs = 2, FF = 1460, ANDs = 8911quick_verify quick_verify AbstractingAbstractingInitial abstraction: PIs = 1624, POs = 2, FF = 119, ANDs = 1716, max depth = 39Initial abstraction: PIs = 1624, POs = 2, FF = 119, ANDs = 1716, max depth = 39Testing with BMCTesting with BMCbmc3 -C 100000 -T 50 -F 78: No CEX found in 51 framesbmc3 -C 100000 -T 50 -F 78: No CEX found in 51 framesLatches reduced from 1460 to 119Latches reduced from 1460 to 119Simplify: PIs = 1624, POs = 2, FF = 119, ANDs = 1687, max depth = 51Simplify: PIs = 1624, POs = 2, FF = 119, ANDs = 1687, max depth = 51Trimming: PIs = 158, POs = 2, FF = 119, ANDs = 734, max depth = 51Trimming: PIs = 158, POs = 2, FF = 119, ANDs = 734, max depth = 51Simplify: PIs = 158, POs = 2, FF = 119, ANDs = 731, max depth = 51Simplify: PIs = 158, POs = 2, FF = 119, ANDs = 731, max depth = 51quick_verifyquick_verifySpeculatingSpeculatingInitial speculation: PIs = 158, POs = 26, FF = 119, ANDs = 578, max depth = 51Initial speculation: PIs = 158, POs = 26, FF = 119, ANDs = 578, max depth = 51Fast interpolation: reduced POs to 24Fast interpolation: reduced POs to 24Testing with BMCTesting with BMCbmc3 -C 150000 -T 75: No CEX found in 1999 framesbmc3 -C 150000 -T 75: No CEX found in 1999 framesPIs = 158, POs = 24, FF = 119, ANDs = 578, max depth = 1999PIs = 158, POs = 24, FF = 119, ANDs = 578, max depth = 1999Simplify: PIs = 158, POs = 24, FF = 119, ANDs = 535, max depth = 1999Simplify: PIs = 158, POs = 24, FF = 119, ANDs = 535, max depth = 1999Trimming: PIs = 86, POs = 24, FF = 119, ANDs = 513, max depth = 1999Trimming: PIs = 86, POs = 24, FF = 119, ANDs = 513, max depth = 1999
Verifying Verifying Running reach -v -B 1000000 -F 10000 -T 75: BDD reachability abortedRunning reach -v -B 1000000 -F 10000 -T 75: BDD reachability abortedRUNNING interpolation with 20000 conflicts, 50 sec, max 100 frames: RUNNING interpolation with 20000 conflicts, 50 sec, max 100 frames: 'UNSAT‘'UNSAT‘
Elapsed time: 457.87 seconds, total: 458.52 secondsElapsed time: 457.87 seconds, total: 458.52 seconds
Example Example (use of (use of proveprove))
5858
NOTES:1. The file IE1.aig is first read in and its statistics are reported as 532 primary inputs, 1 output,
2389 flip-flops, and 12049 AIG nodes.2. 3 implicit constraints were found, but they were only mildly useful in simplifying the problem.3. Phase abstraction found a cycle of length 2 and this was useful for simplifying the problem to
1460 FF from 2335 FF. Note that the number of outputs increased to 2 because the problem was unrolled 2 time frames.
4. Abstraction was very successful in reducing the FF count to 119. This was proved valid out to 39 time frames.
5. BMC verified that the abstraction produced is actually valid at least to 51 frames, which gives us good confidence that the abstraction is valid for all time.
6. Trimming reduced the inputs relevant to the abstraction from 1624 to 158 and simplify reduced the number of AIG nodes to 731.
7. Speculate produced a speculative reduced model (SRM) with 24 new outputs to be proved and low resource interpolation proved 2 of them. The SRM model is simpler and has only 578 AIG nodes. The SRM was tested with BMC and proved valid out to 1999 frames.
8. Subsequent trimming and simplification reduced the PIs to 86 and the AIG nodes to 513.9. The final verification step first tried BDD reachability allowing it 75 sec. and to grow to up to
1M BDD nodes. It could not converge with these resources so it was aborted. Then interpolation was able to prove UNSAT, and hence all 24 outputs are proved.
10. Although quick_verify was applied between simplification and abstraction, and between abstraction and speculation, it was not able to prove anything, so its output is not shown.
11. The total time for this proof was 457 sec. run on a Lenovo X301 laptop.
5959
def prove(a): global x_factor,xfi,f_name max_bmc = -1 K = 0 set_globals() status = pre_simp() if status <= Unsat: return RESULT[status] ABC('trm') ABC('write backup 0’) K = K +1 set_globals() if ((n_ands() < 30000) and
(a == 1) and (n_latches() < 300)): status = quick_verify(0) if ((status == Unsat) or (status == Sat)): return RESULT[status]' status = abstract() ABC('trm') status = process_status(status) if ((status <= Unsat) or status == Error): return RESULT[status] ABC('write backup 1’) K = K +1
if status == Undecided_reduction: status = quick_verify(1) status = process_status(status) if status <= Unsat: if status == Sat: status = final_verify_recur(K-1) return RESULT[status] if n_ands() > 15000: K = 2 else: status = speculate() ABC('trm') status = process_status(status) if ((status == Unsat) or status == Error): return RESULT[status] if status == Sat: K = K-1 else: ABC('write backup 2’) K = K +1 status = final_verify_recur(K) return RESULT[status]
Python Code for Python Code for proveprove
6060
def pre_simp(): """This uses a set of simplification algorithms which preprocesses a design. Includes forward retiming, quick simp, signal correspondence with constraints, trimming away PIs, and strong simplify""" set_globals() try_forward() quick_simp() status = try_scorr_constr() if ((n_ands() > 0) or (n_latches()>0)): abc('trm') print 'Forward, quick_simp, scorr_constr,: ', print_circuit_stats() status = process_status(status) if status <= Unsat: return status
simplify() print 'Simplify: ', print_circuit_stats() if n_latches() == 0: return check_sat() try_phase() if n_latches() == 0: return check_sat() if ((n_ands() > 0) or (n_latches()>0)): abc('trm') status = process_status(status) if status <= Unsat: return status status = try_scorr_constr() abc('trm') return process_status(status)
Python Code for Python Code for pre_simppre_simp
6161
def simplify(): n=n_ands() abc('scl') if n > 30000: abc('&get;&scl;&put') n = n_ands() if n < 100000: abc("&dc2;&put;dr;&get;&lcorr;&dc2;&put; dr;&get;&scorr;&fraig;&dc2;&put;dr") n = n_ands() if n<45000: abc("&get;&scorr -F 2;&put;dc2rs") else: abc("dc2rs") n = n_ands() if n <= 30000: if n > 15000: abc("dc2rs") else: abc("scorr -F 2;dc2rs")
n = max(1,n_ands()) if n < 20000: # try deeper k-step induction m = int(min( 60000/n, 16) if m >= 4: j = 4 while j <= m: set_size() abc('scl;dr;dc2;scorr -C 5000 -F %d'%j) if check_size() == 1: break j = 2*j continue
Python Code for Python Code for simplifysimplify
6262
Example 2 (cont.)Example 2 (cont.)Running speculateRunning &equiv2 with C = 100000, T = 25.000000 sec., F = 200 -S 1 -R 25Initial speculation: PIs = 587, POs = 52, FF = 111, ANDs = 1880, max depth = 46RUNNING simulation iteratively. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Iterating BMC or BDD reachabilityRunning bmc3 -C 150000 -T 75.000000 -F 92.000000CEX in frame 20 for output 40Spec. Red. Miter: PIs = 587, POs = 48, FF = 115, ANDs = 1937, max depth = 46. . . Running bmc3 -C 150000 -T 75.000000 -F 92.000000CEX in frame 20 for output 34Spec. Red. Miter: PIs = 587, POs = 47, FF = 115, ANDs = 1938, max depth = 46………..………..Runningbmc3 -C 150000 -T 75.000000 -F 92.000000CEX in frame 33 for output 9Spec. Red. Miter: PIs = 587, POs = 28, FF = 116, ANDs = 1898, max depth = 46Running bmc3 -C 150000 -T 75.000000 -F 92.000000No cex found in 91 framesWRITING tst22_smp_abs_spec.aig: PIs = 477, POs = 28, FF = 116, ANDs = 1898, max depth = 91
Verifying backup number 2: PIs = 477, POs = 28, FF = 116, ANDs = 1898, max depth = 91. . .RUNNING interpolation with 20000 conflicts, 50 sec, max 100 framesWRITING tst22_smp_abs_spec_final.aig: PIs = 476, POs = 28, FF = 115, ANDs = 1810, max depth = 91Total time taken by prove = 318.884223 sec.Out[6]: 'UNSAT'
Refinement after speculation
6363
super_provesuper_prove
If the final result is undecided and there is more If the final result is undecided and there is more than one output caused by speculation: than one output caused by speculation: prove easy outputs first (by induction and prove easy outputs first (by induction and
interpolation)interpolation)use use proveprove second time on reduced multiple second time on reduced multiple
output resultoutput resultuse use proveprove on each output separately on each output separately
6464
def super_prove():“””Does initial prove. If after speculation there are multiple outputs left, it will try to prove each output separately in reverse order. It will quit if an output is proved SAT. If still undecided, it will try “deep” proving (Reachability or Interpolation) or disproving (BMC) on original simplified version."""
global max_bmc, init_initial_f_name, initial_f_name init_initial_f_name = initial_f_name max_bmc = -1 x = time.clock() result = prove(0) # Initial prove print result if not result == 'UNDECIDED': print 'Total time taken by super_prove = %f sec.'%(time.clock() - x) return result if n_pos() > 1: result = prove_g_pos(0) # Prove each output separately after
#second prove try print result if result == 'UNSAT': print 'Total time taken by super_prove = %f sec.'%(time.clock() - x) return result y = time.clock() result = BMC_VER_result(1) # Do deep prove or disprove print 'Total time taken by last gasp verification = %f sec.'%(time.clock() - y) print 'Total time = %f sec.'%(time.clock() - x) return result
super_provesuper_prove
6565
Example 3Example 3IE3PIs = 30, POs = 1, FF = 965, ANDs = 7408Executing super_proveInitial: PIs = 30, POs = 1, FF = 965, ANDs = 7408Running pre_simpForward, quick_simp, scorr_comp, trm: PIs = 30, POs = 1, FF = 776, ANDs = 7073. . . Simplify: PIs = 30, POs = 1, FF = 688, ANDs = 5362WRITING IE3_smp.aig: PIs = 30, POs = 1, FF = 688, ANDs = 5362Running abstractStart: PIs = 30, POs = 1, FF = 688, ANDs = 5362Abstraction good to 30 framesFirst abstraction: PIs = 503, POs = 1, FF = 215, ANDs = 2223, max depth = 30Running simulation iteratively. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Iterating BMC or BDD reachabilityNew abstraction: PIs = 503, POs = 1, FF = 215, ANDs = 2223, max depth = 30RUNNING bmc3 -C 100000 -T 50.000000 -F 60No CEX found in 59 framesLatches reduced from 688 to 215WRITING IE3_smp_abs.aig: PIs = 213, POs = 1, FF = 215, ANDs = 2223, max depth = 59Running quick_verify. . . After trimming: PIs = 213, POs = 1, FF = 215, ANDs = 2052, max depth = 59RUNNING interpolation with 10000 conflicts, max 20 sec and 100 frames. . . No success, max_depth = 59
Solved by speculation and proving each output separatelySolved by speculation and proving each output separately
6666
Running speculateRunning &equiv2 with C = 100000, T = 25.000000 sec., F = 200 -S 1 -R 25Initial speculation: PIs = 213, POs = 32, FF = 212, ANDs = 2051, max depth = 59RUNNING simulation iteratively. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Iterating BMC or BDD reachabilityRunning bmc3 -C 150000 -T 75.000000 -F 118.000000No cex found in 117 framesWRITING IE3_smp_abs_spec.aig: PIs = 213, POs = 32, FF = 212, ANDs = 2051, max depth = 117Verifying backup number 2: PIs = 213, POs = 32, FF = 212, ANDs = 2051, max depth = 117. . .RUNNING interpolation with 20000 conflicts, 50 sec, max 100 framesUndecidedWRITING IE3_smp_abs_spec_final.aig: PIs = 213, POs = 32, FF = 212, ANDs = 1960, max depth = 117Time taken = 255.318055 sec.
Example 3 (cont.)Example 3 (cont.)
6767
********** Proving each output separately ************[4, 5, 7, 8, 28, 30]Reduced POs from 32 to 20Proving output 19Initial: PIs = 213, POs = 1, FF = 207, ANDs = 1901Running pre_simpForward, quick_simp, scorr_comp, trm: PIs = 212, POs = 1, FF = 197, ANDs = 1899. . . Simplify: PIs = 212, POs = 1, FF = 197, ANDs = 1890Running abstractStart: PIs = 212, POs = 1, FF = 197, ANDs = 1890Abstraction good to 332 framesFirst abstraction: PIs = 353, POs = 1, FF = 56, ANDs = 780, max depth = 332Running simulation iteratively. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Iterating BMC or BDD reachabilityNew abstraction: PIs = 353, POs = 1, FF = 56, ANDs = 780, max depth = 332RUNNING bmc3 -C 100000 -T 50.000000 -F 664No CEX found in 663 framesLatches reduced from 197 to 56Running quick_verify. . . After trimming: PIs = 217, POs = 1, FF = 56, ANDs = 744, max depth = 663RUNNING interpolation with 10000 conflicts, max 20 sec and 100 framesInterpolation went to in 663 framesTime for proof = 14.821251 sec.******** PROVED OUTPUT 19 ********….
Example 3 (cont.)Example 3 (cont.)
6868
……
Time for proof = 7.381485 sec.Time for proof = 7.381485 sec.******** PROVED OUTPUT 1 **************** PROVED OUTPUT 1 ********Proving output 0Proving output 0Initial: PIs = 213, POs = 1, FF = 207, ANDs = 1902Initial: PIs = 213, POs = 1, FF = 207, ANDs = 1902Forward, quick_simp, scorr_comp, trm: PIs = 212, POs = 1, FF = 197, ANDs = 1900Forward, quick_simp, scorr_comp, trm: PIs = 212, POs = 1, FF = 197, ANDs = 1900. . . Simplify: PIs = 212, POs = 1, FF = 197, ANDs = 1891. . . Simplify: PIs = 212, POs = 1, FF = 197, ANDs = 1891Running abstractRunning abstractFirst abstraction: PIs = 385, POs = 1, FF = 24, ANDs = 305, max depth = 230First abstraction: PIs = 385, POs = 1, FF = 24, ANDs = 305, max depth = 230Running simulation iterativelyRunning simulation iteratively. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Iterating BMC or BDD reachabilityIterating BMC or BDD reachabilityNew abstraction: PIs = 385, POs = 1, FF = 24, ANDs = 305, max depth = 230New abstraction: PIs = 385, POs = 1, FF = 24, ANDs = 305, max depth = 230RUNNING bmc3 -C 100000 -T 50.000000 -F 460RUNNING bmc3 -C 100000 -T 50.000000 -F 460No CEX found in 459 framesNo CEX found in 459 framesLatches reduced from 197 to 24Latches reduced from 197 to 24Running quick_verifyRunning quick_verify. . . After trimming: PIs = 102, POs = 1, FF = 24, ANDs = 293, max depth = 459. . . After trimming: PIs = 102, POs = 1, FF = 24, ANDs = 293, max depth = 459RUNNING interpolation with 6387 conflicts, max 12 sec and 100 framesRUNNING interpolation with 6387 conflicts, max 12 sec and 100 framesInterpolation went to in 459 framesInterpolation went to in 459 framesTime for proof = 18.021230 sec.Time for proof = 18.021230 sec.******** PROVED OUTPUT 0 **************** PROVED OUTPUT 0 ********Proved all outputs. The problem is proved UNSATProved all outputs. The problem is proved UNSATTotal time = 560.434390 sec.Total time = 560.434390 sec.Total time taken by super_prove = 815.753979 sec.Total time taken by super_prove = 815.753979 sec.Out[12]: Out[12]: 'UNSAT'UNSAT''
Example 3 (cont.)Example 3 (cont.)
6969
[brayton@mima] ~/abc/aig/> ~/baruch/pyabc/bin/super_prove_noisy smvhd3_prop0_fixed2.aig[brayton@mima] ~/abc/aig/> ~/baruch/pyabc/bin/super_prove_noisy smvhd3_prop0_fixed2.aigInitial: PIs = 97, POs = 1, FF = 972, ANDs = 6199Initial: PIs = 97, POs = 1, FF = 972, ANDs = 6199x_factor = 1.000000x_factor = 1.000000Running pre_simpRunning pre_simpRUNNING signal correspondence with constraintsRUNNING signal correspondence with constraintsForward, quick_simp, scorr_constr, trm: PIs = 97, POs = 1, FF = 845, ANDs = 6056Forward, quick_simp, scorr_constr, trm: PIs = 97, POs = 1, FF = 845, ANDs = 6056. . PIs = 97, POs = 1, FF = 813, ANDs = 5661. . PIs = 97, POs = 1, FF = 813, ANDs = 5661. Simplify: PIs = 97, POs = 1, FF = 800, ANDs = 5391. Simplify: PIs = 97, POs = 1, FF = 800, ANDs = 5391RUNNING signal correspondence with constraintsRUNNING signal correspondence with constraintsWRITING smvhd3_prop0_fixed2_smp.aig: PIs = 97, POs = 1, FF = 800, ANDs = 5391WRITING smvhd3_prop0_fixed2_smp.aig: PIs = 97, POs = 1, FF = 800, ANDs = 5391
Running abstractRunning abstractStart: PIs = 97, POs = 1, FF = 800, ANDs = 5391Start: PIs = 97, POs = 1, FF = 800, ANDs = 5391Neen abstraction params: Bob = 20, Method #3, 50000 conflicts, 5 stable, 62 sec., 200 framesNeen abstraction params: Bob = 20, Method #3, 50000 conflicts, 5 stable, 62 sec., 200 framesAbstraction good to 12 framesAbstraction good to 12 framesFirst abstraction: PIs = 248, POs = 1, FF = 649, ANDs = 4798, max depth = 12First abstraction: PIs = 248, POs = 1, FF = 649, ANDs = 4798, max depth = 12Running simulation iterativelyRunning simulation iteratively. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Iterating BMC or BDD reachabilityIterating BMC or BDD reachabilityNew abstraction: PIs = 248, POs = 1, FF = 649, ANDs = 4798, max depth = 12New abstraction: PIs = 248, POs = 1, FF = 649, ANDs = 4798, max depth = 12RUNNING bmc3 -C 100000 -T 50.000000 -F 18RUNNING bmc3 -C 100000 -T 50.000000 -F 18CEX in frame 12 for output 0CEX in frame 12 for output 0New abstraction: PIs = 235, POs = 1, FF = 662, ANDs = 4868, max depth = 12New abstraction: PIs = 235, POs = 1, FF = 662, ANDs = 4868, max depth = 12
Example 4Example 4 SEC problem - got bad SEC problem - got bad abstraction after ABSTRACT abstraction after ABSTRACT
7070
::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::: repeated many timesrepeated many timesNew abstraction: PIs = 213, POs = 1, FF = 684, ANDs = 4948, max depth = 12New abstraction: PIs = 213, POs = 1, FF = 684, ANDs = 4948, max depth = 12RUNNING bmc3 -C 100000 -T 50.000000 -F 18RUNNING bmc3 -C 100000 -T 50.000000 -F 18CEX in frame 12 for output 0CEX in frame 12 for output 0New abstraction: PIs = 212, POs = 1, FF = 685, ANDs = 4951, max depth = 12New abstraction: PIs = 212, POs = 1, FF = 685, ANDs = 4951, max depth = 12RUNNING bmc3 -C 100000 -T 50.000000 -F 18RUNNING bmc3 -C 100000 -T 50.000000 -F 18No CEX found in 14 framesNo CEX found in 14 framesLatches reduced from 800 to 685Latches reduced from 800 to 685WRITING smvhd3_prop0_fixed2_smp_abs.aig: PIs = 207, POs = 1, FF = 685, ANDs = 4951, WRITING smvhd3_prop0_fixed2_smp_abs.aig: PIs = 207, POs = 1, FF = 685, ANDs = 4951, max depth = 14max depth = 14Running quick_verifyRunning quick_verify. . PIs = 207, POs = 1, FF = 685, ANDs = 4917, max depth = 14. . PIs = 207, POs = 1, FF = 685, ANDs = 4917, max depth = 14. After trimming: PIs = 198, POs = 1, FF = 683, ANDs = 4825, max depth = 14. After trimming: PIs = 198, POs = 1, FF = 683, ANDs = 4825, max depth = 14RUNNING interpolation with 10000 conflicts, max 20 sec and 100 framesRUNNING interpolation with 10000 conflicts, max 20 sec and 100 frames. . PIs = 198, POs = 1, FF = 683, ANDs = 4825, max depth = 14. . PIs = 198, POs = 1, FF = 683, ANDs = 4825, max depth = 14. No success, max_depth = 14. No success, max_depth = 14Running speculateRunning speculateRunning &equiv2 with C = 100000, T = 25.000000 sec., F = 200 -S 1 -R 25Running &equiv2 with C = 100000, T = 25.000000 sec., F = 200 -S 1 -R 25Initial speculation: PIs = 198, Initial speculation: PIs = 198, POs = 569POs = 569, FF = 370, ANDs = 3803, max depth = 14, FF = 370, ANDs = 3803, max depth = 14RUNNING simulation iterativelyRUNNING simulation iteratively. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7171
Iterating BMC or BDD reachabilityIterating BMC or BDD reachabilityRunning bmc3 -C 150000 -T 90.000000 -F 21.000000Running bmc3 -C 150000 -T 90.000000 -F 21.000000CEX in frame 20 for output 273CEX in frame 20 for output 273Spec. Red. Miter: PIs = 198, POs = 576, FF = 371, ANDs = 3842, max depth = 19Spec. Red. Miter: PIs = 198, POs = 576, FF = 371, ANDs = 3842, max depth = 19. . PIs = 198, POs = 576, FF = 218, ANDs = 1364, max depth = 19. . PIs = 198, POs = 576, FF = 218, ANDs = 1364, max depth = 19Running bmc3 -C 150000 -T 90.000000 -F 28.000000Running bmc3 -C 150000 -T 90.000000 -F 28.000000CEX in frame 20 for output 329CEX in frame 20 for output 329Spec. Red. Miter: PIs = 198, POs = 575, FF = 371, ANDs = 3839, max depth = 19Spec. Red. Miter: PIs = 198, POs = 575, FF = 371, ANDs = 3839, max depth = 19. . PIs = 198, POs = 575, FF = 218, ANDs = 1360, max depth = 19. . PIs = 198, POs = 575, FF = 218, ANDs = 1360, max depth = 19Running bmc3 -C 150000 -T 90.000000 -F 28.000000Running bmc3 -C 150000 -T 90.000000 -F 28.000000BMC/Reach found true cex: Output = 0, Frame = 21 BMC/Reach found true cex: Output = 0, Frame = 21 (Thus ABSTRACT gave bad model)(Thus ABSTRACT gave bad model)WRITING smvhd3_prop0_fixed2_smp_abs_spec.aig: PIs = 130, POs = 575, FF = 182, WRITING smvhd3_prop0_fixed2_smp_abs_spec.aig: PIs = 130, POs = 575, FF = 182, ANDs = 1150, max depth = 21, CEX depth = 21ANDs = 1150, max depth = 21, CEX depth = 21CEX in frame 21CEX in frame 21
Trying speculate on initial backup number 0: PIs = 97, POs = 1, FF = 800, ANDs = 5391, Trying speculate on initial backup number 0: PIs = 97, POs = 1, FF = 800, ANDs = 5391, max depth = 21max depth = 21Running &equiv2 with C = 100000, T = 25.000000 sec., F = 200 -S 1 -R 25Running &equiv2 with C = 100000, T = 25.000000 sec., F = 200 -S 1 -R 25Initial speculation: PIs = 97, Initial speculation: PIs = 97, POs = 597POs = 597, FF = 507, ANDs = 4595, max depth = 21, FF = 507, ANDs = 4595, max depth = 21RUNNING simulation iterativelyRUNNING simulation iteratively. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Iterating BMC or BDD reachabilityIterating BMC or BDD reachabilityRunning bmc3 -C 150000 -T 90.000000 -F 31.000000Running bmc3 -C 150000 -T 90.000000 -F 31.000000CEX in frame 19 for output 324CEX in frame 19 for output 324Spec. Red. Miter: PIs = 97, POs = 595, FF = 507, ANDs = 4595, max depth = 21Spec. Red. Miter: PIs = 97, POs = 595, FF = 507, ANDs = 4595, max depth = 21
7272
::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::::::::::::::: repeated many timesrepeated many timesSpec. Red. Miter: PIs = 97, Spec. Red. Miter: PIs = 97, POs = 585POs = 585, FF = 512, ANDs = 4677, max depth = 63, FF = 512, ANDs = 4677, max depth = 63. . PIs = 97, POs = 585, FF = 296, ANDs = 1674, max depth = 63. . PIs = 97, POs = 585, FF = 296, ANDs = 1674, max depth = 63. Running bmc3 -C 150000 -T 90.000000 -F 94.000000. Running bmc3 -C 150000 -T 90.000000 -F 94.000000No cex found in 93 framesNo cex found in 93 frames
RUNNING interpolation with 20000 conflicts, 50 sec, max 100 framesRUNNING interpolation with 20000 conflicts, 50 sec, max 100 frames. . PIs = 97, POs = 585, FF = 276, ANDs = 1536, max depth = 93. . PIs = 97, POs = 585, FF = 276, ANDs = 1536, max depth = 93Size unchanged in new SRMSize unchanged in new SRM. Undecided. UndecidedWRITING smvhd3_prop0_fixed2_smp_abs_spec_final.aig: PIs = 47, POs = 585, FF = 276, WRITING smvhd3_prop0_fixed2_smp_abs_spec_final.aig: PIs = 47, POs = 585, FF = 276, ANDs = 1526, max depth = 93ANDs = 1526, max depth = 93Time for proof = 728.320000 sec.Time for proof = 728.320000 sec.UNDECIDED but reducedUNDECIDED but reducedBeginning prove_g_posBeginning prove_g_pos
Number of outputs reduced to 5 by induction and fast interpolationNumber of outputs reduced to 5 by induction and fast interpolation
7373
************Trying second level prove****************************Trying second level prove****************Initial: PIs = 47, POs = 5, FF = 276, ANDs = 1524, max depth = 93Initial: PIs = 47, POs = 5, FF = 276, ANDs = 1524, max depth = 93x_factor = 1.000000x_factor = 1.000000Running pre_simpRunning pre_simpForward, quick_simp, scorr_constr, trm: PIs = 47, POs = 5, FF = 276, ANDs = 1524, max Forward, quick_simp, scorr_constr, trm: PIs = 47, POs = 5, FF = 276, ANDs = 1524, max depth = 93depth = 93. . PIs = 47, POs = 5, FF = 276, ANDs = 1524, max depth = 93. . PIs = 47, POs = 5, FF = 276, ANDs = 1524, max depth = 93. Simplify: PIs = 47, POs = 5, FF = 276, ANDs = 1524, max depth = 93. Simplify: PIs = 47, POs = 5, FF = 276, ANDs = 1524, max depth = 93WRITING smvhd3_prop0_fixed2_smp_abs_spec_final_smp.aig: PIs = 47, POs = 5, FF = WRITING smvhd3_prop0_fixed2_smp_abs_spec_final_smp.aig: PIs = 47, POs = 5, FF = 276, ANDs = 1524, max depth = 93276, ANDs = 1524, max depth = 93
Running abstractRunning abstractStart: PIs = 47, POs = 5, FF = 276, ANDs = 1524, max depth = 93Start: PIs = 47, POs = 5, FF = 276, ANDs = 1524, max depth = 93Neen abstraction params: Bob = 190, Method #3, 50000 conflicts, 5 stable, 62 sec., 1395 Neen abstraction params: Bob = 190, Method #3, 50000 conflicts, 5 stable, 62 sec., 1395 framesframesAbstraction good to 29 framesAbstraction good to 29 framesFirst abstraction: PIs = 297, POs = 5, FF = 26, ANDs = 190, max depth = 93First abstraction: PIs = 297, POs = 5, FF = 26, ANDs = 190, max depth = 93Running simulation iterativelyRunning simulation iteratively. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Iterating BMC or BDD reachabilityIterating BMC or BDD reachabilityNew abstraction: PIs = 297, POs = 5, FF = 26, ANDs = 190, max depth = 93New abstraction: PIs = 297, POs = 5, FF = 26, ANDs = 190, max depth = 93RUNNING bmc3 -C 100000 -T 50.000000 -F 139RUNNING bmc3 -C 100000 -T 50.000000 -F 139No CEX found in 93 framesNo CEX found in 93 framesLatches reduced from 276 to 26Latches reduced from 276 to 26 (Now ABSTRACT works well)(Now ABSTRACT works well)WRITING smvhd3_prop0_fixed2_smp_abs_spec_final_smp_abs.aig: PIs = 93, POs = 5, WRITING smvhd3_prop0_fixed2_smp_abs_spec_final_smp_abs.aig: PIs = 93, POs = 5, FF = 26, ANDs = 190, max depth = 93FF = 26, ANDs = 190, max depth = 93
7474
Running quick_verifyRunning quick_verify. . PIs = 93, POs = 5, FF = 26, ANDs = 181, max depth = 93. . PIs = 93, POs = 5, FF = 26, ANDs = 181, max depth = 93Size unchanged in new SRMSize unchanged in new SRM. After trimming: PIs = 93, POs = 5, FF = 26, ANDs = 181, max depth = 93. After trimming: PIs = 93, POs = 5, FF = 26, ANDs = 181, max depth = 93RUNNING interpolation with 6004 conflicts, max 12 sec and 100 framesRUNNING interpolation with 6004 conflicts, max 12 sec and 100 framesundecidedundecidedRunning reachx -t 12Running reachx -t 12Reachability went to -1 frames,Reachability went to -1 frames,UNSATUNSATWRITING smvhd3_prop0_fixed2_smp_abs_spec_final_smp_abs_final.aig: PIs = 93, WRITING smvhd3_prop0_fixed2_smp_abs_spec_final_smp_abs_final.aig: PIs = 93, POs = 5, FF = 26, ANDs = 181, max depth = 93POs = 5, FF = 26, ANDs = 181, max depth = 93Time for second level prove = 65.370000 sec.Time for second level prove = 65.370000 sec.Second prove returned UNSATSecond prove returned UNSATUNSATUNSATTotal time taken by super_prove = 807.590000 sec.Total time taken by super_prove = 807.590000 sec.
7575
Verification Engines (Summary)Verification Engines (Summary) SimplifiersSimplifiers
Combinational synthesisCombinational synthesis Sequential synthesisSequential synthesis
RetimingRetiming Sequential SAT sweeping (k-step induction)Sequential SAT sweeping (k-step induction)
Re-parametrization (Re-parametrization (not implemented yet in ABC currentlynot implemented yet in ABC currently)) Retiming (most forward and minimum FF)Retiming (most forward and minimum FF)
Bug-hunters (Bug-hunters (also part of abstraction methodsalso part of abstraction methods)) random simulation (sequential)random simulation (sequential) bounded model checking (BMC)bounded model checking (BMC) hybrid of simulation and BMC (“semi-formal”)hybrid of simulation and BMC (“semi-formal”) BDD reachabilityBDD reachability
ProversProvers K-step induction, with and without constraintsK-step induction, with and without constraints Interpolation (over-approximate reachability)Interpolation (over-approximate reachability) BDDs (exact reachability)BDDs (exact reachability) Explicit state space enumeration (‘Explicit state space enumeration (‘eraera’)’)
7676
Future WorkFuture Work Improved BDD reachability engine (we hope)Improved BDD reachability engine (we hope)
We have threeWe have three One is quite weak (HWMCC’08)One is quite weak (HWMCC’08) We have just integrated a better oneWe have just integrated a better one May have a much better one later.May have a much better one later.
Improved interpolation engineImproved interpolation engine Working on a new versionWorking on a new version
Improved circuit-based SAT solverImproved circuit-based SAT solver Currently used in signal correspondence to simplify Currently used in signal correspondence to simplify
larger circuitslarger circuits Faster but sometimes limited quality Faster but sometimes limited quality
Will be improved to see if it can compete with MiniSat Will be improved to see if it can compete with MiniSat 1.14c1.14c
7777
To Learn MoreTo Learn More
Read recent papers Read recent papers http://www.eecs.berkeley.edu/~alanmi/http://www.eecs.berkeley.edu/~alanmi/publicationspublications
Send email Send email [email protected]@eecs.berkeley.edu [email protected]@eecs.berkeley.edu
Visit BVSRC webpage Visit BVSRC webpage www.bvsrc.orgwww.bvsrc.org
7878
7979
endend