Automated Design Debugging With Maximum Satisfiability
ABSTRACT As contemporary very large scale integration designs grow in complexity, design debugging has rapidly established itself as one of the largest bottlenecks in the design cycle today. Automated debug solutions such as those based on Boolean satisfiability (SAT) enable engineers to reduce the debug effort by localizing possible error sources in the design. Unfortunately, adaptation of these techniques to industrial designs is still limited by the performance and capacity of the underlying engines. This paper presents a novel formulation of the debugging problem using MaxSAT to improve the performance and applicability of automated debuggers. Our technique not only identifies errors in the design but also indicates when the bug is excited in the error trace. MaxSAT allows for a simpler formulation of the debugging problem, reducing the problem size by 80% compared to a conventional SATbased technique. Empirical results demonstrate the effectiveness of the proposed formulation as runtime improvements of 4.5 × are observed on average. This paper introduces two performance improvements to further reduce the time required to find all error sources within the design by an order of magnitude.

Conference Paper: Hyperplane initialized local search for MAXSAT
[Show abstract] [Hide abstract]
ABSTRACT: By converting the MAXSAT problem to Walsh polynomials, we can efficiently and exactly compute the hyperplane averages of fixed order k. We use this fact to construct initial solutions based on variable configurations that maximize the sampling of hyperplanes with good average evaluations. The Walsh coefficients can also be used to implement a constant time neighborhood update which is integral to a fast next descent local search for MAXSAT (and for all bounded pseudoBoolean optimization problems.) We evaluate the effect of initializing local search with hyperplane averages on both the first local optima found by the search and the final solutions found after a fixed number of bit flips. Hyperplane initialization not only provides better evaluations, but also finds local optima closer to the globally optimal solution in fewer bit flips than search initialized with random solutions. A next descent search initialized with hyperplane averages is able to outperform several stateofthe art stochastic local search algorithms on both random and industrial instances of MAXSAT.Proceedings of the 15th annual conference on Genetic and evolutionary computation; 07/2013  [Show abstract] [Hide abstract]
ABSTRACT: Maximum Satisfiability (MaxSAT) is an optimization version of SAT, and many real world applications can be naturally encoded as such. Solving MaxSAT is an important problem from both a theoretical and a practical point of view. In recent years, there has been considerable interest in developing efficient algorithms and several families of algorithms have been proposed. This paper overviews recent approaches to handle MaxSAT and presents a survey of MaxSAT algorithms based on iteratively calling a SAT solver which are particularly effective to solve problems arising in industrial settings. First, classic algorithms based on iteratively calling a SAT solver and updating a bound are overviewed. Such algorithms are referred to as iterative MaxSAT algorithms. Then, more sophisticated algorithms that additionally take advantage of unsatisfiable cores are described, which are referred to as coreguided MaxSAT algorithms. Coreguided MaxSAT algorithms use the information provided by unsatisfiable cores to relax clauses on demand and to create simpler constraints. Finally, a comprehensive empirical study on nonrandom benchmarks is conducted, including not only the surveyed algorithms, but also other stateoftheart MaxSAT solvers. The results indicate that (i) coreguided MaxSAT algorithms in general abort in less instances than classic solvers based on iteratively calling a SAT solver and that (ii) coreguided MaxSAT algorithms are fairly competitive compared to other approaches.Constraints 10/2013; · 0.74 Impact Factor 
Conference Paper: Verifying refutations with extended resolution
[Show abstract] [Hide abstract]
ABSTRACT: Modern SAT solvers use preprocessing and inprocessing techniques that are not solely based on resolution; existing unsatisfiability proof formats do not support SAT solvers using such techniques. We present a new proof format for checking unsatisfiability proofs produced by SAT solvers that use techniques such as extended resolution and blocked clause addition. Our new format was designed with three goals: proofs should be easy to generate, proofs should be compact, and validating proofs must be simple. We show how existing preprocessors and solvers can be modified to generate proofs in our new format. Additionally, we implemented a mechanicallyverified proof checker in ACL2 and a proof checker in C for the proposed format.Proceedings of the 24th international conference on Automated Deduction; 06/2013
Page 1
1
Automated Design Debugging with
Maximum Satisfiability
Yibin Chen, Student Member, IEEE, Sean Safarpour, Member, IEEE,
Joao MarquesSilva, Senior Member, IEEE, Andreas Veneris, Senior Member, IEEE
Abstract— As contemporary VLSI designs grow in complexity,
design debugging has rapidly established itself as one of the
largest bottlenecks in the design cycle today. Automated debug
solutions such as those based on Boolean Satisfiability (SAT)
enable engineers to reduce the debug effort by localizing possible
error sources in the design. Unfortunately, adaptation of these
techniques to industrial designs is still limited by the performance
and capacity of the underlying engines. This paper presents a
novel formulation of the debugging problem using MaxSat to
improve the performance and applicability of automated debug
gers. Our technique not only identifies errors in the design but
also indicates when the bug is excited in the error trace. MaxSat
allows for a simpler formulation of the debugging problem, re
ducing the problem size by 80% compared to a conventional SAT
based technique. Empirical results demonstrate the effectiveness
of the proposed formulation as runtime improvements of 4.5×
are observed on average. This work introduces two performance
improvements to further reduce the time required to find all
error sources within the design by an order of magnitude.
I. INTRODUCTION
The complexity of digital designs in the semiconductor
industry has increased exponentially over the last few decades.
Even though innovations in design tools and methodologies
have made significant progress in reducing human error, de
signing a circuit free of functional errors remains a challenge.
Functional verification and debugging tasks have established
themselves as major bottlenecks in the design process, requir
ing up to 70% of the total design effort [1].
Due to the risk inherent in today’s highly complex design
flows, engineers are increasingly adopting automated design
and verification tools to ensure correctness [2], [3]. However,
once verification fails, localizing and rectifying the erroneous
behavior (debugging) remains a predominantly manual task
lacking sufficient automation. As design complexity increases,
larger design and verification teams and the usage of third
party IP further complicate the debugging task. It is therefore
Yibin Chen is with Vennsa Technologies, Inc., Toronto, ON M5V 3B1,
Canada (email: chenyibin@gmail.com).
Sean Safarpour is with Vennsa Technologies, Inc., Toronto, ON M5V 3B1,
Canada (email: sean@vennsa.com).
Joao MarquesSilva is with the School of Electronics and Computer
Science, University College Dublin, Belfield, Dublin 4, Ireland (email:
jpms@ucd.ie).
Andreas Veneris is with the Department of Computer Science and the
Department of Electrical and Computer Engineering, University of Toronto,
Toronto, ON M5S 3G4, Canada (email: veneris@eecg.toronto.edu).
Manuscript received September 27, 2009; revised March 30, 2010. This
paper was recommended by Associate Editor Robert F. Damiano.
Copyright (c) 2010 IEEE. Personal use of this material is permitted.
However, permission to use this material for any other purposes must be
obtained from the IEEE by sending an email to pubspermissions@ieee.org.
not surprising that on average 60% of the verification effort is
spent on debugging [4] and the costs of identifying the root
cause of an error are growing rapidly. Automated debugging
solutions are essential to accelerate these tasks.
Techniques based on simulation [5], path tracing [6], and
Binary Decision Diagrams (BDDs) [7] have been proposed in
literature to enhance the efficiency of error localization and
diagnosis. More recently, the performance of engines based
on Boolean Satisfiability (SAT) [8] have encouraged further
research into formal debugging techniques. The purpose of
these techniques is to automatically identify the source of
functional errors based on constraints specifying the circuit’s
expected behavior.
In the SATbased debugging approach presented in [8],
design errors are located by first adding correction models
to the circuit implementation. A correction model can be
dedicated hardware that indicates whether a circuit component
can be rectified to correct the circuit. The problem is then
transformed into a Boolean formula in Conjunctive Normal
Form (CNF) and constrained using the expected behavior of
the circuit. Solving the CNF problem using a Boolean SAT
solver implicates a set of suspect error locations which could
be responsible for the error.
Based on the above formulation numerous derivative works
such as [9], [10] and [11] have significantly improved the
performance and scalability of automated debuggers to make
them applicable for industrial designs. However, enhancing
the performance (runtime) and capacity (memory) of these
techniques remain an ongoing challenge. Contemporary de
buggers still have difficulty handling large industrial designs
and the correction models greatly increase the size of the
CNF problem. Moreover, existing techniques are limited to
identifying where the most likely error locations are in the
design (spatial error locations). They do not determine when
in the error trace the bug occurs (temporal error locations).
Temporal information is very important for diagnosing and
correcting the design [12] as they allow the designer to track
down more easily when in the error trace the error occurs.
In this paper a novel approach to design debugging us
ing Partial Maximum Satisfiability (Partial MaxSat) is pre
sented [13], [14]. Similar to SAT problems, Partial MaxSat
problems are Boolean Satisfiability problems expressed in
CNF. However, instead of finding an assignment to a satisfiable
CNF formula, MaxSat solvers find the largest satisfiable subset
of CNF clauses in an unsatisfiable problem. In essence, the
inverse of that subset identifies a set of error locations which
could be responsible for the bug. Our novel formulation
Page 2
2
allows us to identify all errors locations both spatially and
temporally, while significantly reducing the size of CNF prob
lems compared to SATbased debugging. Our Partial MaxSat
formulation can improve the performance of debugging while
providing solutions at a finer granularity.
In addition, this paper also proposes two techniques to
improve debugger performance. First, we present a method
to quickly enumerate similar Partial MaxSat solutions based
on results obtained from the solver. These allow us to reduce
the number of solver iterations required to find all solutions.
Next, we show how tuples of related clauses can be grouped
such that they are treated as a single highlevel constraint.
These tuples increase the granularity of the solutions and
reduce the search space of the problem, improving run time.
Groupings based on modules and time frames allow for more
relevant solutions to be found at lower error cardinalities.
We demonstrate how groupings can be used to implement
hierarchical debugging [15] with Partial MaxSat to find both
modulelevel and gatelevel error locations.
Experimental results show that our approach can find error
locations 4.5× faster on average and using 80% smaller CNF
problems. The optimization techniques presented allow us
to identify all MaxSat solutions using 87.5% fewer solver
iterations while improving the run time per iteration by 1.6×.
As the performance of MaxSat solvers is still improving at a
rapid pace [16], our formulation will become more effective
as engine technology progresses.
The remainder of this paper is structured as follows. First,
some background information on SATbased automated de
bugging and MaxSat solvers is provided. Then our MaxSat
formulation for combinational circuits is presented in Sec
tion III. The formulation is extended to finding spatial and
temporal error locations in sequential circuits in Section IV.
An algorithm to reduce the number of MaxSat iterations to
find all solutions is presented in Section V. Section VI uses
groupings to leverage the hierarchical structure of the circuit to
improve performance. Finally the experiments, related works,
and conclusions are provided in Sections VII, VII and IX
respectively.
II. BACKGROUND
A. SATbased Automated Debugging
Functional design debugging occurs at the stage of the
design cycle when the Register Transfer Level (RTL) imple
mentation of the design has failed verification (simulation or
formal). The output of the verification effort is an error trace
proving the existence of a bug. In the context of this paper,
design debugging seeks to locate all possible error sources in
the implementation.
In the SATbased debugging formulation presented in [8],
the circuit is first enhanced with a correction model by adding
a multiplexer at the output of each gate or module. The select
line of the multiplexer controls whether the correction model is
active or inactive. If the correction model is inactive, the circuit
behaves according to its implementation. If the correction
model is active, the output of the gate is left unconstrained
and can be replaced with a value that can correct the error.
For sequential circuits, an Iterative Logic Array (ILA) [6] is
constructed by unrolling the circuit for the length of the error
trace. The correction model is added as in the combinational
case but multiplexer select lines for the same gate are shared
across all time frames. The problem is converted into CNF and
constrained using the the stimulus vector and the expected
output values from the error trace. Additional constraints
(usually implemented using an adder) limit the number of
correction models that can be simultaneously activated. This
number is also known as the error cardinality Ng of the
problem.
Finding all satisfying assignment to the resulting formula
effectively finds a set of functionally equivalent error locations,
that if corrected could fix the bug. Sets of error locations are
said to be functionally equivalent if they cannot be functionally
distinguished from each other under a given stimulus trace [6].
The debugger is limited to finding the set of all functionally
equivalent error locations.
Based on this formulation numerous advances to enhance
the performance of debuggers have been proposed. The work
from [9] presents a QBF based debugging formulation using
universal quantifiers which allows for sequential circuit de
bugging without the need for an ILA. In [11] the concept of
abstraction refinement is used to reduce the size of the SAT
problem and improve performance. In [10], the authors take
advantage of unsatisfiable cores to speed up the debugging
process for multiple fault diagnosis problems. This approach
extracts a set of unsatisfiable cores from the CNF problem
and prunes potential error locations not contained in any of
the cores. A SATbased exact debugger then finds the error
locations from the reduced problem.
B. Maximum Satisfiability
This section reviews MaxSat [16] and its extensions, and
briefly overviews recent algorithms for MaxSat, capable of
handling large complex problem instances. Given an unsat
isfiable CNF formula Φ, the MaxSat problem consists of
identifying an assignment to the problem variables such that
the number of satisfied clauses from Φ is maximized [17].
The MaxSat problem is a wellknown NPHard optimization
problem.
In the Partial MaxSat [18] problem the CNF formula is
organized into a set of hard clauses, which must be satisfied,
and a set of soft clauses, which may or may not be satisfied,
i.e. Φ = ΦH· ΦS. For Partial MaxSat problems the objective
is to find an assignment that satisfies all the hard clauses and
that maximizes the number of satisfied soft clauses.
In the remainder of this paper, hard clauses will be repre
sented in square brackets and soft clauses in round brackets.
For example, consider the following formula:
Φ = [x1+ x2][x3] · (x1)(x2)(x3+ x1)
The first two clauses are hard clauses, and so must be satisfied,
whereas the remaining three clauses are soft clauses and may
or may not be satisfied.
In the recent past [17], the most effective MaxSat algorithms
have been based on branchandbound (B&B), supported by
(1)
Page 3
3
Fig. 1. Correct and erroneous combinational circuit
effective lower bounding and dedicated inference techniques.
Nevertheless, most of the experimental evaluation associated
with B&B MaxSat solvers assume random and handmade
problem instances, which unfortunately often bear little re
lationship with hard industrial instances. Recent work has
addressed alternative approaches, aiming the use of MaxSat
algorithms in industrial settings, and focusing on instances de
rived from realistic applications. The most effective algorithms
are based on solving MaxSat with unsatisfiable subformula
identification and relaxation [18]–[20].
III. CLAUSE LEVEL DEBUGGING OF
COMBINATIONAL CIRCUITS
In this section the MaxSat debug formulation for combina
tional circuits is presented. In order to express the debugging
problem as a MaxSat problem, the circuit must first be
converted into CNF. For the purpose of this paper we assume
that circuits consist of singleoutput logic gates and CNF
conversion occurs on a per gate basis in linear time [21],
[22]. The goal of our debugging formulation is to identify a
tuple of clauses in the CNF representation that are most likely
responsible for the failure.
A. Partial MaxSat Formulation for Combinational Circuits
The Partial MaxSat formulation to debug a combinational
circuit C given a correct specification is as follows:
Φ = [I][O] · CNF(C)
(2)
where CNF(C) is the CNF representation of the erroneous
circuit, I represents the input constraints, and O are the
corresponding expected output constraints. The input and
expected output constraints are modeled using hard clauses (as
indicated by the square brackets) as their values are assumed
to be correct. Since I excites the erroneous behavior of C
which is eventually observed at the output, the actual output
of C does not match the expected output O. The formula Φ
is therefore inherently unsatisfiable.
A MaxSat solver finds an assignment to Φ such that the set
of satisfied clauses is maximized. The complement of this set
represents the minimum set of clauses whose removal makes
Φ satisfiable. These clauses are the most likely error sources
responsible for the unsatisfiability of the problem. For the
remainder of this paper this complement set will be referred
to as the MaxSat solution. Each of these clauses in turn can
be mapped to a set of gates that could be the cause of the
erroneous behavior. Note that these clauses can originate from
the same or different gates.
Example 1 Consider the circuit given in Figure 1. Figure 1(a)
represents the correct circuit implementation according to the
specification. In the erroneous circuit of Figure 1(b) the NOR
gate at the output is mistakenly implemented using an OR
gate. Given the input stimulus {i = 1,j = 1,k = 0} the
actual output of the erroneous circuit is c = 1. The expected
output response is c = 0. The MaxSat debug formulation of
this circuit expressed in CNF is given as follows:
[i][j][k][c]
A: (i + a)(j + a)(i + j + a)
B: (k + b)(k + b)
C: (a + c)(b + c)(a + b + c)
For clarity we included the gates represented by each set of
clauses in the above CNF.
Since the erroneous circuit cannot produce the expected
response the problem is unsatisfiable. The maximum number
of clauses that can be satisfied for this problem is 10 out of
12. A Partial MaxSat solution for this problem consists of two
UNSAT clauses. One of the solution sets that may be returned
by a Partial MaxSat solver is:
S1= {C : (a + c),C : (b + c)}
For clarity the gate to which each of the solutions map to is
given before each clause. Both clauses in S1correctly imply
that somehow correcting gate C will fix the observed failure.
We refer to this method of debugging as clauselevel debug
ging. The number of clauses in the solution is known as the
error clause cardinality of the solution. Clauselevel debugging
differs from SATbased gatelevel debugging techniques in that
it seeks to find a set of erroneous clauses instead of a set
of erroneous gates. However, the motivation behind both of
these techniques is identical. Just as gatelevel debugging finds
erroneous gates in order to map them to bugs in the RTL code,
clauselevel errors can also be mapped to gates in the netlist
or code in the RTL.
Clauselevel debugging solves the debugging problem at a
lower level of granularity since a single gate requires multiple
clauses to specify its behavior. Intuitively this means that
instead of the gate, rows in the gate’s truth table are identified
as erroneous. A single erroneous gate may result in multiple
UNSAT clauses in the MaxSat solution. Consequently, while
the cardinality of the clauselevel solution is indeed minimal,
the number of gates in the corresponding gatelevel solution
(its gatelevel cardinality) might not be minimal.
For instance, in Example 1, the solver could have alterna
tively returned one of three other possible solutions:
S2= {A : (i + j + a),C : (b + c)}
S3= {C : (a + c),B : (k + b)}
S4= {A : (i + j + a),B : (k + b)}
All solutions are of minimum error clause cardinality 2.
However, the corresponding cardinality of gatelevel solutions
may vary. For S2 (gates A and C), S3 (gates B and C) and
S4(gates A and B) the gatelevel cardinality is 2 whereas for
S1(only gate C) the gatelevel cardinality is 1. The maximum
number of UNSAT clauses due to a single gate is given by
Page 4
4
the following theorem.
Theorem 1: Let G be a singleoutput logic gate that can
drive both a value of 1 and 0 at its output. Then the maximum
number of clauses that can be UNSAT in CNF(G) is mg−1,
where mgis the number of clauses in the CNF representation
of the gate.
Proof: Let y be the output variable of gate G. In order
to force y to a value of 1, CNF(G) must include a clause
with literal y. Similarly, to force an output value of 0, one of
the clauses in CNF(G) must include the literal y. Both the
literals y and y must appear in CNF(G) at least once and
they cannot appear in the same clause. Therefore, assigning
any value to y causes at least one clause in CNF(G) to be
satisfied. Thus MaxSat can return a maximum of (mg− 1)
clauses per gate.
For instance, in Example 1, the behavior of gate A is
represented by three clauses in the CNF. Thus mg = 3
for A. The maximum number of clauses given any variable
assignment to the CNF for gate A is 2.
B. Finding all MaxSat solutions
In practice, Φ has multiple solutions of minimum cardinality
but the cardinality of the desired solution may not minimal.
ConventionalSATbased debuggers find all solutions of a given
error cardinality Ngto ensure completeness. Ngis defined as
the maximum number of distinct gates contained in a solution.
Similarly, clauselevel debuggers need to find all solutions up
to a maximum cardinality Nc. As with Ng the error clause
cardinality Ncis the maximum number of clauses in Φ that are
responsible for the bug. Existing MaxSat solvers can iteratively
provide these solutions but a mechanism to block previous
solutions is needed to avoid duplicates.
For solutions of cardinality one (i.e. the MaxSat solution
only contains one clause) converting the single clause to a hard
clause effectively blocks the solution. For cardinality m > 1
however,convertingeach clause to a hard clause would prevent
these clauses from occurring in other solutions.
To illustrate this fact consider again Example 1. Suppose
that the solution S2 is found in the first MaxSat iteration.
Then converting the clauses (i + j + a) and (b + c) to hard
clauses would not only block S2 but also the solutions S1
and S4 since each of these solutions contains one of those
clauses. Relevant solutions might be inadvertently overlooked
depending on the order in which solutions are found.
Instead, the Partial MaxSat problem must be reformulated
such that at least one of the solution clauses evaluates to true.
To prevent a specific set of clauses {Cl1,Cl2,...,Clm} from
being returned as a MaxSat solution, the following hard clause
must be added to the CNF problem:
Clb= [Cll
1+ Cll
2+ ··· + Cll
idenote the sets of literals
m]
(3)
In the above equation, we let Cll
in the respective Cli clause. Since the set of literals in Clb
is the union of literals from all the solution clauses, at least
one of the clauses in {Cl1,Cl2,...,Clm} must be satisfied.
For instance in Example 1 the solution S2can be blocked by
adding the clause [i + j + a + b + c] to Φ.
All solutions of cardinality ≤ Nccan be identified by con
tinuously blocking solutions of minimum cardinality. Using
Ncwe can guarantee that all solutions of a certain gatelevel
cardinality Ng are found. The relationship between the solu
tions obtained when using either Ncor Ngfor combinational
circuits is given by the following theorem.
Theorem 2: Let mclbe the largest value of mgfor any gate
in the circuit and let Egbe the set of all MaxSat solutions of
gatelevel cardinality Ng. Let Ecbe the set of all solutions of
given a maximum error clause cardinality Nc= Ng·(mcl−1).
Then Eg⊆ Ec.
Proof: By contradiction. Suppose that S ∈ Egis a solution
such that S / ∈ Ec. Then S > Ng· (mcl− 1) where S
denotes the number of clauses in S. However, the maximum
number of clauses that can be UNSAT for a single gate is
mg− 1 and mcl≥ mg. Since Scis of gatelevel cardinality
Ng, S ≤ Ng· (mcl− 1). Therefore Sg ∈ Ec contradicting
our initial assumption.
For Example 1, the highest value of mg is 3 so mcl= 3.
To find all gatelevel solutions of cardinality 1, Ncmust be 2.
Note that the gatelevel cardinality of the solutions can vary
between Ncand Ng.
IV. CLAUSE LEVEL DEBUGGING OF
SEQUENTIAL CIRCUITS
A. Partial MaxSat Formulation for Sequential Circuits
In this section the MaxSat formulation for combinational
circuits is extended to sequential circuits. Our formulation
takes as its inputs the sequential circuit C, a sequence of
stimulus vectors I1,I2,...,Ik and expected output sequence
O1,O2,...,Ok. The variable k is the number of clock cycles
in the error trace over which the behavior of C is modeled.
The problem is also constrained by an initial state vector
IS. The Iterative Logic Array (ILA) of the circuit, otherwise
known as the time frame expansion model, is constructed by
unrolling the combinational portion of the circuit k times. This
effectively translates the sequential problem into a combina
tional one. The ILA can then be converted into a Boolean
Satisfiability instance in CNF. The input to the MaxSat solver
Φ is given by:
Φ =
k?
i=1
[Ii][Oi] · [IS] · CNF(ILAk(C))
(4)
where ILAk(C) denotes the time frame expansion of C for
k time frames.
Example 2 Consider the erroneous circuit in Figure 2(a). The
correct circuit is derived by replacing gate A with an OR gate.
The ILA representation of the circuit for three clock cycles is
given in Figure 2(b). For clarity some irrelevant gates and
constraints are omitted in the figure.
The initial state of the circuit is given by a0= 0 and b0= 0.
The input vectors [i1= 0,j1= 1] and [i2= 0,j2= 1] cause
the value at the fanout of gate A to differ from the correct
values in time frames 1 and 2. The effects of these two error
excitations are then propagated and observed in time frame 3
where the actual output (out3= 1) of the trace differs from the
Page 5
5
Fig. 2. Erroneous circuit and its ILA representation
expected output (out3= 0). The MaxSat solutions for Nc= 2
are as follows:
S1= {A1: (i1+ a1),A2: (i2+ a2)}
S2= {A1: (i1+ a1),B3: (a2+ b3)}
S3= {A1: (i1+ a1),C3: (b3+ c3)}
S4= {B2: (a1+ b2),A2: (i2+ a2)}
S5= {B2: (a1+ b2),B3: (a2+ b3)}
S6= {B2: (a1+ b2),C3: (b3+ c3)}
S7= {C3: (b2+ c3),A2: (i2+ a2)}
S8= {C3: (b2+ c3),B3: (a2+ b3)}
S9= {C3: (b2+ c3),C3: (b3+ c3)}
From these solutions, S1correctly implicates gate A as the
source of the bug. The remaining solutions result from the
presence of two propagation paths from the error excitations to
the output signal out3. One propagation path passes through
the gates A1→ B2→ C3→ out3while the other path goes
through A2→ B3→ C3→ out3.
In the worst case the error could be excited in every clock
cycle. Since a gate is replicated k times in ILAk(C) and the
maximum number of clauses per gate is mcl, an error clause
cardinality of Nc= Ng·(mcl−1)·k would be required to find
all solutions of cardinality Ng. It is clear that the performance
of the Partial MaxSat formulation depends on the number of
error excitations where the erroneous behavior is propagated
to an output. Previous work [23] show that errors in simulation
traces are excited in temporal proximity to the outputs at which
the bug is observed. From our experiments we also find that for
the majority of cases the error is excited for only a few clock
cycles (often only once or twice) before its effects can be first
seen at the outputs. This experimental observation obviously
works in favor of our formulation as MaxSat finds the least
number of error excitations required to observe the bug.
Moreover, unlike conventional gatelevel debuggers, our
MaxSat formulation is not limited to finding a set of erroneous
gates for a given error cardinality. Errors from the same or
different gatelevel sources are not distinguished at the clause
level. For instance in Example 2 solution S1 implicates two
excitations of gate A as the cause of the problem. Solution S2
indicates that an excitation of gate A followed by an excitation
of gate B could be the bug. In both cases the number of
excitations is two but no distinction is made whether these
excitations come from the same or different gates. As a result,
once an error clause cardinality Ncis specified, all clauselevel
errors are found irrespective of their corresponding gates. Nc
can be more appropriately specified as:
Nc= Nep· (mcl− 1)
(5)
where Nep is the maximum expected number of gatelevel
error excitations and propagations for a given stimulus trace.
Note that Nepand Ngdescribe two different concepts. Ng,
describes an estimated number of spatial error locations that
exist in the design irrespective of time frames or clock cycles.
Nep, however, describes an estimate of the maximum number
of times the error is active in a particular error trace. In other
words, the value of Ng relates to number of error location
of the bug in the RTL, while Nep relates to the observed
erroneous behavior of a particular simulation trace. Similar
to Ng, the user can provide an estimate for Nep based on
trace length and the complexity of the problem [8].
B. Extracting Temporal Information
An advantage of clauselevel debugging is that both gate
level error sources and temporal bug information is provided.
Since the circuit is replicated once for every clock cycle,
each clause in the MaxSat solution of Φ represents an error
location both spatially and temporally. Thus each solution
clause automatically indicates when during the error trace the
bug is active. For instance in Example 2, the clause (i1+a1)
in S1indicates that gate A in time frame 1 could be one of the
causes of the bug. The solution S1 therefore states that gate
A must be active in time frames 1 and 2 to cause the error.
Another advantage of the temporal information provided
is that it establishes a more specific relationship between
each of the gates in the solution. In gatelevel debugging,
when considering higher cardinality solutions, we can only
determine that the locations in the solution act together to
cause the error. However, the order in which each of these
error locations act is unknown. Since temporal information
is included in our MaxSat formulation, we can determine the
sequence in which the individual gates are related. For instance
solution S2in Example 2 indicates that an excitation of gate
A in time frame 1 followed by an excitation of gate B in time
frame 3 may be the cause of the error in the design. In contrast,
traditional SATbased debugging would only indicate that the
gates A and B can act together to cause the bug.
Another approach is to aggregate the error information from
all MaxSat solutions by creating a histogram showing the
number of suspected error sources found for each time frame.
The frequency of solutions per time frame can provide hints
about when the errors are excited in the trace. The error is
more likely to be propagated through circuit elements close to
the actual error excitation so generally the time frames with
the highest frequency of solutions are the best candidates. This
aggregate temporal information can help the designer analyze
the error trace [14]. Example graphs for different circuits are
provided in Section VII for the Experiments.