Jason Baumgartner

• IBM

Industrial hardware verification tasks often require checking a large number of properties within a testbench. Verification tools often utilize parallelism in their solving orchestration to improve scalability, either in portfolio mode where different solver strategies run concurrently, or in partitioning mode where disjoint property subsets are ve...

Verification is a critical task in the development of correct computing systems. Simulation remains the predominantly used technique to identify design flaws, due to its scalability. However, simulation intrinsically suffers from low functional coverage, hence often fails to identify all design flaws. Formal verification (FV) is a promising approac...

A computer-implemented method of invariant-guided abstraction includes a processor of a computing device generating one or more invariants corresponding to a design under verification by executing a proof algorithm with an input comprising at least a portion of the design and a specified resource limit. The method further includes deterministically...

Leveraging existing Binary Decision Diagrams (BDDs) to enhance circuit reductions in a system model representing a state machine as a netlist. The netlist is evaluated to determine the regions with the greatest potential reductions. BDD sweeping is performed to identify redundancies in the netlist. BDD rewriting implements the circuit reductions by...

According to one aspect of the present disclosure, a method and technique for vectorization of bit-level netlists is disclosed. The method includes: receiving a bit-level netlist defining a plurality of registers; analyzing propagation of read data associated with the registers through logic of the bit-level netlist; and forming a plurality of vect...

A method for determining correctness of a transformation between a first finite state automaton (FSA) and a second FSA, wherein the first FSA comprises a representation of a regular expression, and the second FSA comprises a transformation of the first FSA includes determining a third FSA, the third FSA comprising a cross product of the second FSA...

Phase abstraction may be utilized to increase efficiency of model checking techniques. A liveness property may be checked in respect to a phase abstracted model by modifying the liveness property in accordance with the phase abstracted model. A fairness property may be modified to ensure that the fairness property is held by the model checker. A co...

Liveness properties such as "will every request eventually get a grant?" are crucial to the verification of a variety of design types. Liveness properties may only be falsified by infinite-length counterexamples, represented using lasso-shaped traces with a prefix (e.g., showing a particular request) followed by a repeating suffix loop (e.g., showi...

A mechanism is provided for efficiently determining Boolean satisfiability (SAT) using lazy constraints. A determination is made as to whether a SAT problem is satisfied without constraints in a list of constraints. Responsive to the SAT problem being satisfied without constraints, a set of variable assignments that are determined in satisfying the...

A computer-implemented method simplifies a netlist, verifies the simplified netlist using induction, and remaps resulting inductive counterexamples via inductive trace lifting within a multi-algorithm verification framework. The method includes: a processor deriving a first unreachable state information that can be utilized to simplify the netlist;...

A computer-implemented method includes a processor identifying, within the netlist, at least one strongly connected components (SCCs) that has a reconvergent fanin input with at least two input paths from the reconvergent fanin input having a different propagation delay to the SCC. The method then computes an additive diameter for the netlist compr...

A mechanism is provided for increasing the scalability of transformation-based formal verification solutions through enabling the use of phase abstraction on logic models that include memory arrays. The mechanism manipulates the array to create a plurality of copies of its read and write ports, representing the different modulo time frames. The mec...

We consider generalized counterexamples in the context of liveness property checking. A generalized counterexample comprises only a subset of values necessary to establish the existence of a concrete counterexample. While useful in various ways even for safety properties, the length of a generalized liveness counterexample may be exponentially shor...

A computer-implemented method includes receiving an input containing a candidate netlist, a target, and a number, K, of cycles of interest, where K represents a number of cycles required to be analyzed for the proof-based abstraction. In response to receiving the inputs, a computing device builds an inductively unrolled netlist, utilizing random, s...

A mechanism is provided for simplifying a netlist before computational resources are exceeded. For each of a set of suspected equivalences in a proof graph of a netlist, a determination is made as to whether equivalence holds for at least one of an equivalence or an equivalence class by identifying whether the equivalence or equivalence class is ei...

A mechanism is provided in an integrated circuit simulator for tracking array data contents across three-value read and write operations. The mechanism accounts for write operations with data values and address values having X symbols. The mechanism performs writes to a tree data structure that is used to store the three-valued contents to the arra...

A method, system, and computer program product for reducing the size of a logic network design, prior to verification of the logic network design. The method includes eliminating registers to reduce the size of the logic network design; thereby, increasing the speed and functionality of the verification process, and decreasing the size of the logic...

Methods and systems are provided for reducing an original circuit design into a simplified circuit design by merging gates that may not be equivalent but can be demonstrated to preserve target assertability with respect to the original circuitry design. A composite netlist is created from the simplified netlist and the original netlist. The composi...

A logic synthesis program, method and system for simplifying and/or reducing a logic design receives output from a logic simulator that uses symbolic values for stimulus and contains symbolic values in the logic simulator output. Relationships between the nodes dependent on symbolic values can be used to merge nodes or otherwise simplify the logic...

A technique for performing an analysis of a logic design (that includes a native memory array embodied in a netlist) includes detecting an initial transient behavior in the logic design as embodied in the netlist. The technique also includes determining a duration of the initial transient behavior and gathering reduction information on the logic de...

A technique for verification of a retimed logic design using liveness checking includes assigning a liveness gate to a liveness property for an original netlist and assigning a fairness gate to a fairness constraint for the original netlist. In this case, the fairness gate is associated with the liveness gate and is asserted for at least one time-s...

A technique for verification of a logic design using a liveness-to-safety conversion includes assigning liveness gates for liveness properties of a netlist and assigning a single loop gate to provide a loop signal for the liveness gates. Assertion of the single loop gate is prevented when none of the liveness gates are asserted. A first state of th...

Verification benefits from removing logic that is not relevant for a proof. Techniques for doing this are known as localization abstraction. Abstraction is often performed by selecting a subset of gates to be included in the abstracted model; the signals feeding into this subset become unconstrained cut-points. In this paper, we propose several imp...

This paper introduces a new technique for a fast computation of the Cone-Of-Influence (COI) of multiple properties. It specifically addresses frameworks where multiple properties belongs to the same model, and they partially or fully share their COI. In order to avoid multiple repeated visits of the same circuit sub-graph representation, it propose...

While SAT-based algorithms have largely displaced BDD-based verification techniques due to their typically higher scalability, there are classes of problems for which BDD-based reachability analysis is the only existing method for an automated solution. Nonetheless, reachability engines require a high degree of tuning to perform well on challenging...

Localization is a powerful automated abstraction-refinement technique to reduce the complexity of property checking. This process is often guided by SAT-based bounded model checking, using counterexamples obtained on the abstract model, proofs obtained on the original model, or a combination of both to select irrelevant logic. In this paper, we pro...

Wide-operand modular math functions pose an enormous challenge for verification. We present a novel method to verify a modular reduction engine implemented as a finite state machine (FSM), leveraging a combination of model checking and theorem proving. As a first step of the verification, preconditions and post-conditions for each state transition...

Industrial verification and synthesis tools routinely identify and eliminate redundancies from logic designs. In the former case, redundancy removal yields critical speedups to the overall verification process. In the latter case, redundancy removal constitutes a primary mechanism to optimize the final fabricated circuit. Redundancy identification...

Logic synthesis and formal verification both rely on scalable reachable state characterization for numerous purposes. One popular technique is over-approximate reachability analysis using an iterative ternary simulation. This method trades precision of reachability characterization for a high degree of computational efficiency. Although effective o...

State-of-the-art hardware model checkers and equivalence checkers rely upon a diversity of synergistic algorithms to achieve adequate scalability and automation. While higher-level decision procedures have enhanced capacity for problems of amenable syntax, little prior work has addressed (1) the generalization of many critical synergistic algorithm...

Sequential equivalence checking (SEC) technologies, capable of demonstrating the behavioral equivalence of two designs, have grown dramatically in capacity over the past decades. The ability to efficiently identify and leverage internal equivalence points to reduce the domain of the overall SEC problem is central to SEC scalability. However, condit...

This paper addresses the presence of logic which has relevance only during initial time frames in a hardware design. We examine transient logic in the form of signals which settle to deterministic constants after some prefix number of time frames, as well as primary inputs used to enumerate complex initial states which thereafter become irrelevant....

The process of sequential redundancy identification is the cornerstone of sequential synthesis and equivalence checking frameworks. The scalability of the proof obliga- tions inherent in redundancy identification hinges not only upon the ability to cross-assume those redundancies, but also upon the way in which these assumptions are lever- aged. In...

The ability of logic transformations to enhance safety property checking has been well-established, and many industrial-strength verification solutions accordingly rely upon a variety of synthesis and abstraction techniques for speed and scalability. However, little prior work has addressed the applicability of such transformations in the domain of...

We consider the problem of optimal netlist sim- plification in the presence of constraints. Because constraints restrict the reachable states of a netlist, they may enhance logic minimization techniques such as redundant gate elimination which generally benefit from unreachability invariants. However, optimizing the logic appearing in a constraint...

This work presents a technology-independent syn- thesis optimization that is effective in reducing the total number of state elements of a design. It works by identifying and eliminat- ing dependent state elements which may be expressed as functions of other registers. For scalability, we rely exclusively on SAT- based analysis in this process. To...

High-end hardware design flows mandate a variety of sequential transformations to address needs such as performance, power, post-silicon debug and test. Industrial demand for robust sequential equivalence checking (SEC) solutions is thus becoming increasingly prevalent. In this paper, we discuss the role of SEC within IBM. We motivate the need for...

In our high-performance powerPC* processor, the correctness of the so-called pervasive interconnect bus system, which provides, among others, test and debug access via external interfaces like JTAG, is of utmost importance. In this paper, we describe our approach informally verifying the correctness of this bus system to combat the coverage problem...

Pervasive Logic is a broad term applied to the variety of logic present in hardware designs, yet not a part of their p rimary functionality. Examples of pervasive logic include initia lization and self-test logic. Because pervasive logic is intertwined wi th the func- tionality of chips, the verification of such logic tends to re quire very deep se...

form only given. This talk focuses on the IBM internal (semi-)formal verification toolset SixthSense. We first provide a high-level overview of the SixthSense tool, developed to perform functional verification as well as sequential equivalence checking. We introduce the various synergistic transformation and verification engines it encompasses, enc...

The modeling of design environments using constraints has gained widespread industrial application, and most verification languages include constructs for specifying constraints. It is therefore critical for verification tools to intelligently leverage constraints to enhance the overall verification process. However, little prior research has addre...

This paper discusses our experiences and results in applying functional formal verification (FFV) techniques to the design of the IBM pSeries® microprocessor and communication subsystem. We describe the evolution of FFV deployment across several generations of this product line, including tool and algorithmic improvements, as well as methodological...

We present several improvements to general-purpose sequential redundancy removal. (1) We propose using a robust variety of synergistic transformation and verification algorithms to process the individual proof obligations. This enables greater speed and scalability, and identifies a significantly greater degree of redundancy, than prior approaches....

Automatic formal verification techniques generally require exponential resources with respect to the number of primary inputs of a netlist. In this paper, we present several fully-automated techniques to enable maximal input reductions of sequential netlists. First, we present a novel min-cut based localization refinement scheme for yielding a safe...

In this paper we describe a fully-automated methodology for formal verification of fused-multiply-add floating point units (FPUs). Our methodology verifies an implementation FPU against a simple reference model derived from the processor's architectural specification, which may include all aspects of the IEEE specification including denormal operan...

State-equivalence based reduction techniques, e.g. bisimulation minimization, can be used to reduce a state transition system to facilitate subsequent verification tasks. However, the complexity of computing the set of equivalent state pairs often exceeds that of performing symbolic property checking on the original system. We introduce a fully-aut...

Transformation-based verification has been proposed to synergisti- cally leverage various transformations to successively simplify and decompose large problems to ones which may be formally discharged. While powerful, such systems require a fair amount of user sophistication and experimentation to yield greatest benefits - every verification proble...

Bounded model checking (BMC) has gained widespread industrial use due to its relative scalability. Its exhaustiveness over all valid input vectors allows it to expose arbitrarily complex design flaws. However, BMC is limited to analyzing only a specific time window, hence will only expose those flaws which manifest within that window and thus conne...

High-performance hardware designs often intersperse combinational logic freely between level-sensitive latch layers (wherein each layer is transparent during only one clock phase), rather than utilizing master-slave latch pairs with no combinational logic between. While such designs may generally achieve much faster clock speeds, this design style...

High-performance hardware designs often intersperse combinational logic freely between level-sensitive latch layers (wherein each layer is transparent during only one clock phase), rather than utilizing master-slave latch pairs with no combinational logic between. While such designs may generally achieve much faster clock speeds, this design style...

Formal verification methods are becoming increasingly popular in the verification of digital systems and protocol checking of communication systems due to their inherent exhaustive nature. Model checking in particular has become quite extensively used in verifying the performance and functional specification of sequential logic. One characteristic...

This paper describes a structurally-guided framework for the decom- position of a verification task into subtasks, each solved by a specialized algo- rithm for overall efficiency. Our contributions include the following: (1) a struc- tural algorithm for computing a bound of a state-transition diagram's diameter which, for several classes of netlist...

This paper describes the methods and simulation techniques used to verify the microarchitecture design and functional performance of the IBM POWER4 processor and the POWER4-based Regatta system. The approach was hierarchical, based on but considerably expanding the practice used for verification of the CMOS-based IBM S/390 Parallel Enterprise Serve...

In this paper we present the application of generalized reti ming for temporal property checking. Retiming is a structural transformation that relo- cates registers in a circuit-based design representation w ithout changing its ac- tual input-output behavior. We discuss the application of retiming to minimize the number of registers with the goal o...

In this paper, we present two techniques for improving min-area retiming that combine the actual register minimization with combinational optimization. First, we discuss an on-the-fly retiming approach based on a sequential AND/inverter/register graph. With this method, the circuit structure is sequentially compacted using a combination of register...

In this paper we present two techniques for improving min-area retiming that combine the actual register mini- mization with combinational optimization. First, we dis- cuss an on-the-fly retiming approach based on a sequen- tial AND/INVERTER/REGISTER graph. With this method the circuit structure is sequentially compactedusing a com- bination of reg...

A c-slow netlist N is one which may be retimed to another netlist N ’, where the number of latches along each wire of N ’ is a multiple of c. Leiserson and Saxe [1, page 54] have shown that by increasing c (a process termed slowdown) and retiming, any design may be made systolic, thereby dramatically decreasing its cycle time. In this paper we deve...

A common technique in high-performance hardware design is to intersperse combinatorial logic freely between level-sensitive latch layers (wherein one layer is transparent during the “high ” clock phase, and the next during the “low”). Such logic poses a challenge to verification – unless the two-phase netlist N may be abstracted to a full-cycle mod...

There has been a growing interest in applying formal methods for functional and performance verification of complex and safety critical designs. Model checking is one of the most common formal verification methodologies utilized in verifying sequential logic due to its automated decision procedures and its ability to provide “counter examples” for...

In the past, hardware design validation has relied primarily on simulation. New techniques such as model checking have been introduced but no objective study investigating the advantages such techniques provide over simulation has been made. Simulation is model checking over a trace elicited by executing a test vector; model checking can be viewed...

Formal verification methods are becoming increasingly popular in the verification of digital systems and protocol checking of communication systems due to their inherent exhaustive nature. Model checking in particular has become quite extensively used in verifying the performance and functional specification of sequential logic. One characteristic...

Hardware escapes in complex ASIC designs are very costly to fix in terms of both money and time. It is therefore necessary for design bugs to be detected and removed as early as possible in the design cycle. One cost-effective way of debugging a design is to simulate a software model of the design. However it has been traditionally difficult to mea...

We present a technique for automatic verification of pipelined microprocessors using model checking. Antecedent conditioned slicing is an efficient abstraction technique for hardware de-signs at the Register Transfer Level (RTL). Antecedent conditioned slicing prunes the verification state space, using information from the antecedent of a given LTL...