Andreas Kuehlmann

• University of California, Berkeley

We present a novel, sound, and complete algorithm for deciding safety properties in programs with static memory allocation. The new algorithm extends the program verification paradigm using loop invariants presented in [1] with a counterexample guided abstraction refinement (CEGAR) loop [2] where the refinement is achieved by strengthening loop inv...

The generalization of Property Directed Reachability (PDR) for the theory QF_BV presented in [1] outperforms the original formulation if the required inductive invariant can be represented efficiently as a set of polytopes. However, many QF_BV model checking instances do not belong in this class and can be solved quickly with the original PDR algor...

A method is provided that includes: determining a minimum clock cycle that can be used to propagate a signal about the critical cycle in a circuit design; wherein the critical cycle is a cycle in the design that has a highest proportionality of delay to number of registers; determining for a circuit element in the circuit design, sequential slack a...

In 2011, property directed reachability (PDR) was proposed as an efficient algorithm to solve hardware model checking problems. Recent experimentation suggests that it outperforms interpolation-based verification, which had been considered the best known algorithm for this purpose for almost a decade. In this work, we present a generalization of PD...

Modern synthesis flows apply a series of technology independent optimization steps followed by mapping algorithms which bind the optimized network to a specific technology library. As the exact solution of the mapping problem is computationally intractable, algorithms used in practice use heuristic, typically tree-based approaches. The application...

Much of the contemporary research in the area of software testing and verification has solely focused on advances in technology and has to a large degree ignored the fact that success in software development has as much to do with technology, as it has with psychology. For development tools to be successful in practice, they must not "get in the wa...

Constrained random simulation has been widely adopted in contemporary hardware verification flows. In this methodology, a set of user-specified declarative constraints describe valid input stimuli for the design under test (DUT). A constraint solver produces the simulation input vectors; their generation is interleaved with the actual simulation of...

This chapter covers the problem of deciding functional equivalence of two design descriptions. We focus our presentation on the most commonly used form of equivalence checking, which compares the input/output behavior of two deterministic design models. We define the fundamental problem of equivalence checking and outline a general approach for its...

A systematic investigation is presented about the robust- ness of logic synthesis tools to equivalence-preserving trans- formations of the input Verilog le. We have developed a framework that: 1) parses Verilog behavioral models into an abstract syntax tree; 2) generates random equivalence-pre- serving transformations on the syntax tree, and; 3) wr...

Conventional logic synthesis flows are composed of three separate phases: technology independent optimization, technology mapping, and technology dependent optimization. A fundamental problem with such a three-phased approach is that the global logic structure is decided during the first phase without any knowledge of the actual technology paramete...

Modern logic synthesis systems apply a sequence of loosely-related function-preserving transformations to gradually improve the circuit with respect to certain criteria such as area, performance, power, etc. For the quality of a complete synthesis run, the application order of the transformations for the individual steps are critical as they can pr...

Computational protein design can be formulated as an optimization problem, where the objective is to identify the sequence of amino acids that minimizes the energy of a given protein structure. In this paper, we propose a novel search-based approach that utilizes a Boolean function to encode the solution space where the function's onset represents...

A crisis is a terrible thing to waste". Quotes like this are often heard by experts in the industry and academia but what does this mean to me? How should I change my professional interests? How should I evolve my career? How is EDA going to evolve? The panel represents multiple points of views on these questions. Four experts will review the curre...

We describe a Markov chain Monte Carlo (MCMC)-based algorithm for sampling solutions to mixed Boolean/integer constraint problems. The focus of this work differs in two points from traditional SAT Modulo Theory (SMT) solvers, which are aimed at deciding whether a given set of constraints is satisfiable: First, our approach targets constraint proble...

Yesterday's cell phones have rapidly evolved into versatile multi-media computers heavily loaded with a wide spectrum of technologies to support many functions and use modes. Designing and verifying such complex devices becomes increasingly challenging due to the need to: incorporate larger number of functions and diverse use modes, increased bandw...

Functional verification is a major part of the effort to design electronic systems. Over the years, EDA has developed a suite of tools and methods to address the verification challenges by a patchwork of approaches. However, as the system complexity continues to increase, traditional methods may not be adequate to ensure flawless behavior. In this...

Improvements in the structure of a circuit at the logic level can offer significant benefits, but the consequences on the final design parameters are often difficult to predict. The algorithms and tools necessary to more fully evaluate potential optimizations and to iterate between logic synthesis and other components of the design flow are often p...

Constrained random simulation is the main workhorse in today 's hardware verification flows. It requires the random generation of input stimuli that obey a set of declaratively specified input constraints, which are then applied to validate given design properties by simulation. The efficiency of the overall flow depends critically on (1) the perfo...

Modern combinational equivalence checking (CEC) engines are complicated programs which are difficult to verify. In this paper we show how a modern CEC engine can be modified to produce a proof of equivalence when it proves a miter unsatisfiable. If the CEC engine formulates the problem as a single SAT instance (call this naive), one can use the res...

This paper describes a fast Boolean matching algorithm which checks the containment relationship between an incompletely specified function and a completely specified function under permutation and negation on the input variables. The algorithm is designed for the pattern matching problem in technology mapping. It exploits functional symmetries of...

SAT sweeping is a method for simplifying anAND/INVERTER graph (AIG) by systematically merging graph vertices from the in- puts towards the outputs using a combination of structural hash- ing, simulation, and SAT queries. Due to its robustness and effi- ciency, SAT sweeping provides a solid algorithm for Boolean rea- soning in functional verificatio...

Boolean matching is a powerful technique that has been used in technology mapping to overcome the limitations of structural pat- tern matching. The current basis for performing Boolean matching is the computation of a canonical form to represent functions that are equivalent under negation and permutation of inputs and out- puts. In this paper, we...

Traditional approaches for sequential logic optimization include (1) explicit state-based techniques such as state minimization, (2) structural techniques such as retiming, and (3) methods that exploit sequential don't-cares derived from unreachable states. These approaches optimize a logic circuit as a single component with a single input/output b...

Model checking is a formal technique for automatically ver- ifying that a finite-state model satisfies a temporal property. In model checking, generally Binary Decision Diagrams (BDDs) are used to effi- ciently encode the transition relation of the finite-state model. Recently model checking algorithms based on Boolean satisfiability (SAT) proce- d...

Physical design EDA research in academia has historically been based on infrastructure developed independently by individual contributors. This has led to fragmentation in the community, where interaction, data interchange and comparison of results between tools are difficult. We discuss our early experience with the OpenAccess Gear system, an open...

Linear pseudo-Boolean (LPB) constraints denote inequalities between arithmetic sums of weighted Boolean functions and provide a significant extension of the modeling power of purely propositional constraints. They can be used to compactly describe many discrete electronic design automation problems with constraints on linearly combined, weighted Bo...

In this paper we describe a new logic synthesis approach based on rule-based randomized search using simulated annealing. Our work is motivated by two observations: (1) traditional logic synthesis applies literal count as the primary quality metric during the technology independent optimization phase. This simplistic metric often leads to poor circ...

Traditional timing-driven placement considers only combinational delays and does not take into account the potential of subsequent sequential optimization steps. As a result, the potential of re-balancing path delays through post-placement applications of clock skew scheduling and in-place retiming cannot be fully realized. In this paper we describ...

Bounded model checking (BMC) is an incomplete property checking method that is based on a finite unfolding of the transition relation to disprove the correctness of a set of properties or to prove them for a limited execution length from the initial states. Current BMC techniques repeatedly concatenate the original transition relation to unfold the...

Transformation-based verification has been proposed to synergisti- cally leverage various transformations to successively simplify and decompose large problems to ones which may be formally discharged. While powerful, such systems require a fair amount of user sophistication and experimentation to yield greatest benefits - every verification proble...

In this paper, we discuss the application of circuit-based logical reasoning to simplify optimization problems expressed as integer linear programs (ILP) over circuit states. We demonstrate that a targeted restructuring of the problem formulation based on the circuit topology can significantly improve the performance and capacity of the overall opt...

Bounded model checking (BMC) has gained widespread industrial use due to its relative scalability. Its exhaustiveness over all valid input vectors allows it to expose arbitrarily complex design flaws. However, BMC is limited to analyzing only a specific time window, hence will only expose those flaws which manifest within that window and thus conne...

Bounded model checking (BMC) has gained widespread industrial use due to its relative scalability. Its exhaustiveness over all valid input vectors allows it to expose arbitrarily complex design flaws. However, BMC is limited to analyzing only a specific time window, hence will only expose those flaws which manifest within that window and thus canno...

This paper presents the multi-valued SAT solver CAMA. CAMA generalizes the recently developed speed-up techniques used in state-of-the-art binary SAT solvers, such as the two-literal-watching scheme for Boolean constraint propagation (BCP), conflict-based learning with identifying the first unique implication point (UIP), and non-chronological back...

The application of general clock skew scheduling is practically limited due to the difficulties in implementing a wide spectrum of dedicated clock delays in a reliable manner. This results in a significant limitation of the optimization potential. As an alternative, the application of multiple clocking domains with dedicated phase shifts that are i...

Functional symmetries provide significant benefits for multiple tasks in synthesis and verification. Many applications require the manual specification of symmetries using special language features such as symmetric data types. Methods for automatically detecting symmetries are based on functional analysis, e.g. using BDDs, or structural methods. T...

In this paper we present a fast algorithm for computing the value of a spectral transform of Boolean or multiple-valued functions for a given assignment of input variables. Our current implementation is for arithmetic transform, because our work is primarily aimed at optimizing the performance of probabilistic verification methods. However, the pre...

This paper describes the application of an SPFD-based wire removal technique for circuit implementations utilizing networks of PLAs. It has been shown that a design style based on a multi-level network of approximately equal-sized PLAs results in a dense, fast, and crosstalk-resistant layout. Wire removal is a technique where the total number of wi...

Many tasks in computer-aided design (CAD), such as equivalence checking, property checking, logic synthesis, and false paths analysis, require efficient Boolean reasoning for problems derived from circuits. Traditionally, canonical representations, e.g., binary decision diagrams (BDDs), or structural satisfiability (SAT) methods, are used to solve...

This paper describes a structurally-guided framework for the decom- position of a verification task into subtasks, each solved by a specialized algo- rithm for overall efficiency. Our contributions include the following: (1) a struc- tural algorithm for computing a bound of a state-transition diagram's diameter which, for several classes of netlist...

In symbolic model checking, image computation is the process of computing the successors of a set of states. Containing the cost of image com- putation depends critically on controlling the number of variables that appea r in the functions being manipulated; this in turn depends on the order in which the basic operations of image computation—conjun...

In this paper we present a fast algorithm for evaluating the arithmetic transform of a Boolean function based on its circuit representation. The arithmetic transform has multiple applica- tions in CAD, including the computation of signal probabilities and switching activities of circuit nets and the mapping of Boolean functions onto probabilistic h...

The use of dual-supply voltages at the gate level is an effective technique to limit dynamic power consumption while preserving performance. However, its use in commercial circuit designs is limited primarily due to lack of CAD tool support. Very little work has been carried out to leverage multiple supply voltages for timing, area, and power trade...

In this paper we present the application of generalized reti ming for temporal property checking. Retiming is a structural transformation that relo- cates registers in a circuit-based design representation w ithout changing its ac- tual input-output behavior. We discuss the application of retiming to minimize the number of registers with the goal o...

Many tasks in CAD, such as equivalence checking, property checking, logic synthesis, and false paths analysis require efficient Boolean reasoning for problems derived from circuit structures. Traditionally, canonical representations, e.g., BDDs, or SAT-based search methods are used to solve a particular class of problems. In this paper we present a...

We introduce SImulation Verification with Augmentation (SIVA), a tool for coverage-directed state space search on digital hardware designs. SIVA tightly integrates simulation with symbolic techniques for efficient state space search. Specifically, the core algorithm uses a combination of ATPG and BDDs to generate "directed" input vectors, i.e., inp...

Many tasks in CAD, such as equivalence checking, property checking, logic synthesis, and false paths analysis require efficient Boolean reasoning for problems derived from circuit structures. Traditionally, canonical representations, e.g., BDDs, or SAT-based search methods are used to solve a particular class of problems. In this paper we present a...

SPFDs are a mechanism to express flexibility in Boolean networks. Introduced by Yamashita et al. in the context of FPGA synthesis [1996], they were extended later to general combinational networks. We introduce the concept of sequential SPFDs and provide an algorithm to compute them based on a partition of the state bits. The SPFDs, of each compone...

In this paper, we present two techniques for improving min-area retiming that combine the actual register minimization with combinational optimization. First, we discuss an on-the-fly retiming approach based on a sequential AND/inverter/register graph. With this method, the circuit structure is sequentially compacted using a combination of register...

In this paper we describe a hardware design method for memory and register arrays that allows the application of formal equivalence checking for comparing a high-level register transfer level (RTL) specification with a low-level transistor implementation. Equivalence checking is increasingly applied in practical design flows to verify regular logic...

In this paper we present two techniques for improving min-area retiming that combine the actual register mini- mization with combinational optimization. First, we dis- cuss an on-the-fly retiming approach based on a sequen- tial AND/INVERTER/REGISTER graph. With this method the circuit structure is sequentially compactedusing a com- bination of reg...

The application of CAD algorithms in logical verication and synthesis requires an ecient representation of combinational circuits in terms of a network of Boolean primitives. Typical input descriptions of such circuits contain a large amount of functional redundancy. Previous approaches simplify the network representation by graph hashing, allowing...

This paper presents a verification technique for func- tional comparison of large combinational circuits using a novel combination of known approaches. The idea is based on a tight integration of a structural satisfiability (SAT) solver, BDD sweeping, and random simulation; all three working on a shared graph representation of the circuit. The BDD...

We introduce SImulation Verification with Augmentation (SIVA), a tool for checking safety properties on digital hardware designs. SIVB integrates simulation with symbolic techniques for vector generation. Specifically, the core algorithm uses a combination of ATPG and BDDs to generate input vectors which cover behavior not excited by simulation. Ex...

This paper describes a probabilistic approach to state space search. The presented method applies a ranking of the design states according to their probability of reaching a given target state based on a random walk model. This ranking can be used to prioritize an explicit or partial symbolic state exploration to find a trajectory from a set of ini...

The verification of timed systems is extremely important, but also extremely difficult. Several methods have been proposed to assist in this task, including extensions to symbolic model checking. One possible use of model checking to analyze timed systems is by modeling passage of time as the number of taken transitions and applying quantitative al...

This paper presents a veri#cation technique whichis speci#cally targeted to formally comparing large combinational circuits with some structural similarities. The approach combines the application of BDDs with circuit graph hashing, automatic insertion of multiple cut frontiers, and a controlled elimination of false negativeveri#cation results caus...

Not Available

This paper presents the use of formal methods in the design of a PowerPC microprocessor. The chosen methodology employs two independently developed design views, a register-transfer level specification for efficient system simulation and a transistor level implementation geared toward maximal processor performance. A BDD-based verification tool is...

The use of modern hardware-description languages in the chip design process has allowed designs to be modeled at higher abstraction levels. More powerful modeling styles, such as register-transfer and behavioral level specifications, have spurred the development of high-level synthesis techniques in both industry and academia. However, despite the...

In an effort to fully exploit CMOS performance, custom design techniques are used extensively in commercial microprocessor design. However, given the complexity of current-generation processors and the necessity for manual designer intervention throughout the design process, proving design correctness is a major concern. In this paper we discuss Ve...

Systems for multi-level logic optimization are usually based on a set of specialized, loosely-related transformations which work on a network representation. The sequence of transformations in a synthesis scenario (script) is crucial for the performance of the whole system. This paper presents the application of a genetic algorithm for automatic tu...

This paper describes a diagnosis technique for locating design errors in circuit implementations which do not match their functional specification. The method efficiently propagates mismatched patterns from erroneous outputs backward into the network and calculates circuit regions which most likely contain the error(s). In contrast to previous appr...

High-level synthesis has been an active research field since the early eighties. However, apart from a few exceptions the technology has so far failed to make a smooth transition into the industrial environment. The main reasons are related more to the lack of an integrated methodology, including design entry, simulation, and synthesis, than to the...

A comprehensive timing model for behavioral-level specifications and algorithms for timing analysis in high-level synthesis is described. It is based on a timing network which models the data flow as well as the control flow in the behavioral input specification. The delay values for the network modules are created by invoking the same logic synthe...

A method and algorithms for exploring the design space between the register-transfer and behavioral levels are presented. The method consists of the specification of a high-level state machine, which combines the advantages of a specific control structure, by means of states and transitions, with the flexibility of behavioral descriptions inside ea...

The authors present a new layout style for automatic synthesis of finite state machines which is suitable for full custom as well as sea-of-gate layouts. It is based on a combined use of slice techniques, which result in a compact layout and a matrix layout style to ensure the flexibility of this approach. For the layout optimization, multiple row...

The DPLL approach to the Boolean satisfiability problem (SAT) is a combination of search for a satisfying assignment and logical deduction, in which each process guides the other. We show that this approach can be generalized to a richer class of theories. In particular, we present an alternative to lazy SMT solvers, in which DPLL is used only to f...

Modern combinational equivalence checking (CEC) engines are complicated programs which are dicult to verify. In this paper we show how a modern CEC engine can be mod- ified to produce a proof of equivalence when it proves a miter unsatisfiable. If the CEC engine formulates the problem as a single SAT problem (call this na¨ive), one can use the res-...

Due to the ad-hoc specication methodology, typical ASIC de- signs are highly unbalanced with respect to the timing criticality of their logic paths. Traditional combinational synthesis does not support ìborrowingî of timing slack across registers and therefore may result in a drastic overdesign of many paths and an overall loss of performance. This...

The decomposition of large AND functions into trees of 2-input AND primitives is an important step in logic synthesis systems based on AND/ INV graphs (AIGs). A popular heuristic is to decompose large functions so as to minimize the depth of the resulting AIG. We propose an alternative heuristic which acts on the AIG to reduce the area of the resul...