The Synergy between
Logic Synthesis and
Equivalence Checking
R. Brayton
UC Berkeley
Thanks to SRC, NSF, California Micro Program and industrial sponsors,
Actel, Altera, Calypto, Intel, Magma, Synplicity, Synopsys, Xilinx
Outline
 Emphasize
mostly synthesis
 Look at the operations of classical logic
synthesis
 Contrast these with newer methods based on
ideas borrowed from verification

Themes will be scalability and verifiability
 Look
at new approaches to sequential logic
synthesis and verification
Two Kinds of Synergy
1. Algorithms and advancements in verification
used in synthesis and vice versa.
2. Verification enables synthesis
•
Ability to equivalence check enables use and
acceptance of sequential operations

retiming, unreachable states, sequential redundancy
removal, etc.
3. Synthesis enables verification
•
Desire to use sequential synthesis operations spurs
verification developments
Examples of The Synergy

Similar solutions


Algorithm migration


e.g. BDDs, SAT, induction, interpolation, rewriting
Related complexity


e.g. retiming in synthesis / retiming in verification
scalable synthesis <=> scalable verification
(approximately)
Common data-structures

e.g. combinational and sequential AIGs
Quick Overview of
“Classical” Logic Synthesis

Boolean network
 Network manipulation (algebraic)



Node minimization



Elimination
Decomposition (common kernel extraction)
Espresso
Don’t cares
Resubstitution (algebraic or Boolean)
“Classical” Logic Synthesis
Boolean network in SIS
Equivalent AIG in ABC
f
f
z
ze
xd  yd  xy
x
z
y
ab
x
cd  cd
y
e
a
b
c
d
e
a b c
d
AIG is a Boolean network of 2-input
AND nodes and invertors (dotted lines)
One AIG Node – Many Cuts
Combinational AIG
f
AIG can be used to compute
many cuts for each node



a
b
c
d
e
Different cuts for the same node
Each cut in AIG represents a
different SIS node
No a priori fixed boundaries
Implies that AIG manipulation
with cuts is equivalent to
working on many Boolean
networks at the same time
Combinational Rewriting
iterate 10 times {
for each AIG node {
for each k-cut
derive node output as function of cut variables
if ( smaller AIG is in the pre-computed library )
rewrite using improved AIG structure
}
}
Note: each AIG node has, on average, 5 4-cuts compared
to a SIS node with only 1 cut
Rewriting at a node can be very fast – using hash-table
lookups, truth table manipulation, disjoint decomposition
Combinational Rewriting Illustrated
Working AIG
n
n’
History AIG
n
n’
AIG rewriting looks at one AIG node, n, at a time



A set of new nodes replaces the old fanin cone of n
History AIG contains all nodes ever created in the AIG
The old root and the new root nodes are grouped into an
equivalence class (more on this later)
Comparison of Two Syntheses
“Classical” synthesis
“Contemporary” synthesis


 AIG network
Boolean network
 DAG-aware AIG rewriting (Boolean)
Network manipulation

Several related algorithms
(algebraic)



Node minimization
 Node minimization



• Rewriting
Elimination
• Refactoring
Decomposition (common
• Balancing
kernel extraction)
Espresso

Boolean decomposition
Don’t cares computed
using

Don’t
cares computed using
simulation and SAT
BDDs
Resubstitution  Resubstitution with don’t cares
Node Minimization Comparison
f
f
ze
xd  yd  xy
x
z
y
ab
cd  cd
e
a
b
c
d
Call ESPRESSO on node function
a
b
c
d
e
Evaluate the gain for all k-cuts of the node
and take the best result
Note: Computing cuts becomes a fundamental computation
Types of Don’t-Cares
 SDCs

Input patterns that never appear as an input
of a node due to its transitive fanin
 ODCs

Input patterns for which the output of a node
is not observable
 EXDCs

Pre-specified or computed external don’t
cares (e.g. subsets of unreachable states)
Illustration of SDCs and ODCs
(combinational)
F

y
x
Limited

satisfiability
a
a
b
F
b
c
x = 0, y = 1
a = 1, b = 1
is an SDC for node F
is an ODC for F
Limited
observability
Scalability of Don’t-Care Computation

Scalability is achieved by windowing


Window defines local context of a node
Don’t-cares are computed and used in

Post-mapping resynthesis
• a Boolean network derived from AIG network using
technology mapping

High-effort AIG minimization
• an AIG with some nodes clustered
Windowing a Node in the Network

Definition


A window for a node in the
network is the context in which
the don’t-cares are computed
A window includes
n levels of the TFI

m levels of the TFO

all re-convergent paths
captured in this scope
Window with its PIs and POs can
be considered as a separate
network
Boolean network
Window POs
m=3


n=3
Window PIs
Don’t-Care Computation Framework
“Miter” constructed for the window POs
…
n
n
Y
Y
X
X
Window
Same window
with inverter
Implementation of Don’t-Care
Computation
Compute the care set

Simulation
1
• Simulate the miter using random patterns
• Collect PI (X) minterms, for which the output
of miter is 1
• This is a subset of a care set

Satisfiability
•
•
•
•
•

Derive set of network clauses
Add the negation of the current care set,
Assert the output of miter to be 1,
Enumerate through the SAT assignments
Add these assignments to the care set
Illustrates a typical use of simulation
and SAT


Simulate to filter out possibilities
Use SAT to check if the remainder is OK (or
if a property holds)
n
n
Y
X
Y
X
Resubstitution
Resubstitution considers a node in a Boolean network
and expresses it using a different set of fanins
X
X
Computation can be enhanced by use of don’t cares
Resubstitution with Don’t-Cares Overview
Consider all or some nodes in Boolean network
 Create window
 Select possible fanin nodes (divisors)
 For each candidate subset of divisors



Rule out some subsets using simulation
Check resubstitution feasibility using SAT
Compute resubstitution function using interpolation
• A low-cost by-product of completed SAT proofs

Update the network if there is an improvement
Resubstitution with Don’t Cares

Given:




node function F(x) to be replaced
care set C(x) for the node
candidate set of divisors {gi(x)} for
re-expressing F(x)
C(x) F(x)
Find:

= F(x)
A resubstitution function h(y) such
that F(x) = h(g(x)) on the care set
C(x) F(x)

g1 g2 g3
SPFD Theorem: Function h exists
if and only if every pair of care
minterms, x1 and x2, distinguished
by F(x), is also distinguished by
gi(x) for some i
h(g)
g1 g2 g3
Example of Resubstitution

Any minterm pair distinguished by F(x) should also be
distinguished by at least one of the candidates gi(x)
Given:
F(x) = (x1 x2)(x2  x3)
Two candidate sets:
{g1= x1’x2, g2 = x1 x2’x3},
{g3= x1  x2, g4 = x2 x3}
Set {g3, g4} cannot be
used for resubstitution
while set {g1, g2} can.
x
F(x)
g1(x)
g2(x)
g3(x)
g4(x)
000
0
0
0
0
0
001
0
0
0
0
0
010
1
1
0
1
0
011
1
1
0
1
1
100
0
0
0
1
0
101
1
0
1
1
0
110
0
0
0
1
0
111
0
0
0
1
1
Checking Resubstitution using SAT
Miter for resubstitution check
A
1
B
1
1
0
1
C
Ff
g1
x1
g2
g3
g1
g2
g3 Ff
C
x2
Note use of care set.
Resubstitution function exists if and only if SAT problem is unsatisfiable.
Computing Dependency Function h
by Interpolation (Theory)


Consider two sets of clauses, A(x, y) and B(y, z),
such that A(x, y)  B(y, z) = 0
 y are the only variables common to A and B.
An interpolant of the pair (A(x, y), B(y, z)) is a
function h(y) depending only on the common
variables y such that A(x, y)  h(y)  B(y, z)
Boolean space (x,y,z)
h(y)
A(x, y)
B(y, z)
Computing Dependency Function h
by Interpolation (Implementation)
Problem:
 Find function h(y), such that C(x)  [h(g(x))  F(x)], i.e. F(x) is expressed in
terms of {gi}.
Solution:
 Prove the corresponding SAT problem “unsatisfiable”
 Derive unsatisfiability resolution proof [Goldberg/Novikov, DATE’03]
 Divide clauses into A clauses and B clauses
 Derive interpolant from the unsatisfiability proof [McMillan, CAV’03]
 Use interpolant as the dependency function, h(g)
 Replace F(x) by h(g) if cost function improved
A
h
B
1
B
B
AA
1
1
0
1
Notes on this solution
 uses don’t cares
 does not use Espresso
 is more scalable
y
C
f
g1
x1
g2
g3
g1
g2
g3
x2
f
C
Sequential Synthesis and
Sequential Equivalence Checking (SEC)
 Sequential
SAT sweeping
 Retiming
 Sequential
equivalence checking
Theme – ensuring verifiability
SAT Sweeping
Combinational CEC
?
•
SAT
Naïve approach
•
Build output miter – call SAT
• works well for many easy problems
•
Applying SAT to the
output of a miter
?
SAT-2
D
PIk
?
C
SAT-1
A
B
Proving internal equivalences
in a topological order
Better approach - SAT sweeping
•
based on incremental SAT solving
• Detects possibly equivalent nodes
using simulation
• Candidate constant nodes
• Candidate equivalent nodes
• Runs SAT on the intermediate
miters in a topological order
• Refines the candidates using
counterexamples
Sequential SAT Sweeping

Similar to combinational in that it detects node
equivalences


But the equivalences are sequential – guaranteed to hold only
in the reachable state space
Every combinational equivalence is a sequential one,
not vice versa
 run combinational SAT sweeping beforehand

Sequential equivalence is proved by k-step induction



Base case
Inductive case
Efficient implementation of induction is key!
k-step Induction
Base Case
Inductive Case
?
Candidate equivalences: {A = B}, {C = D}
?
SAT-4
D
?
?
C
Proving internal
equivalences in
a topological
order in frame
k+1
D
SAT-1
A
B
PIk
D
PI0
?
C
SAT-1
A
B
Assuming internal
equivalences to in
uninitialized frames
1 through k
A
0
B
PI1
D
Init state
Proving internal equivalences in
initialized frames 1 through k
0
C
SAT-2
D
?
C
0
SAT-3
A
B
PI1
SAT-2
0
C
A
PI0
B
Symbolic state
Efficient Implementation
Two observations:
1.
Both base and inductive cases of k-step induction are
runs of combinational SAT sweeping

Tricks and know-how from the above are applicable

The same integrated package can be used
• starts with simulation
• performs node checking in a topological order
• benefits from the counter-example simulation
2.
Speculative reduction

Deals with how assumptions are used in the
inductive case
Speculative Reduction
Given:



Sequential circuit
The number of frames to unroll (k)
Candidate equivalence classes
• One node in each class is designated as the representative
Speculative reduction moves fanouts to the representatives



Makes 80% of the constraints redundant
Dramatically simplifies the timeframes (observed 3x reductions)
Leads to saving 100-1000x in runtime during incremental SAT
0
0
A
A
B
Adding assumptions
without speculative reduction
B
Adding assumptions
with speculative reduction
Guaranteed Verifiability
for Sequential SAT Sweeping
Theorem:
The resulting circuit after sequential SAT
sweeping using k-step induction can be
sequentially verified by k-step induction.
Verification
Synthesis
D1
K-step
induction
K-step
induction
D2
D1
D2
(use some other k-step induction prover)
0
Experimental Synthesis Results

Academic benchmarks


Industrial benchmarks


25 test cases (ITC ’99, ISCAS ’89, IWLS ’05)
50 test cases
Comparing three experimental runs

Baseline
• comb synthesis and mapping

Register correspondence (Reg Corr)
• structural register sweep
• register correspondence using partitioned induction
• comb synthesis and mapping

Signal correspondence (Sig Corr)
•
•
•
•
structural register sweep
register correspondence using partitioned induction
signal correspondence using non-partitioned induction
comb synthesis and mapping
Experimental Synthesis Results
Academic Benchmarks
Baseline
Reg Corr
Ratio
Sig Corr
Ratio
Registers
809.9
610.9
0.75
544.3
0.67
6-LUTs
2141
1725
0.80
1405
0.65
6.8
6.33
0.93
5.83
0.86
16.7
7.2
0.43
29.8
1.78
Delay
Runtime, sec
Industrial Benchmarks
Baseline
Reg Corr
Registers
1583
1134
0.71
1084
0.68
6-LUTs
7472
6751.5
0.90
6360
0.85
8.5
8.5
1.00
8.5
1.00
40.6
3.3
0.08
74.2
1.82
Depth
Runtime, sec
Ratio
Single clock domain
Sig Corr
Ratio
Numbers
are
geometric
averages
and their
ratios
Sequential Synthesis and
Equivalence Checking
 Sequential
SAT sweeping
 Retiming
 Sequential
equivalence checking
Retiming and Resynthesis

Sequential equivalence checking after
1) combinational synthesis, followed by
2) retiming, followed by
3) combinational synthesis
…
is PSPACE-complete

How to make it simpler?
How to Make It Simpler?
Like Hansel and Gretel – leave a trail of
bread crumbs
Recording Synthesis History

Two AIG managers are used


Working AIG (WAIG)
History AIG (HAIG)
WAIG
• Combinational structural hashing is
used in both managers

Two node-mappings are supported


Every node in WAIG points to a node
in HAIG
Some nodes in HAIG point to other
nodes in HAIG that are sequentially
equivalent
HAIG
Recording History for Retiming
WAIG
Step 1
Create
retimed
node
Step 2
Transfer fanout in
WAIG and note
equivalence in HAIG
Step 3
Recursively
remove old logic
and continue
building new logic

backward retiming is similar
HAIG
Sequential Rewriting
Sequential cut:
{a,b,b1,c1,c}
History AIG
Sequentially
equivalent
rewrite
new
nodes
Rewriting step.
History AIG after rewriting step.
The History AIG accumulates
sequential equivalence classes.
Recording History with Windowing
and ODCs

In window-based synthesis using ODCs,

sequential behavior at window PIs and POs is
preserved
HAIG
Multi-input, multioutput window
not necessarily
sequentially equivalent

In HAIG, equivalence classes of window outputs can
be used independently of each other
AIG Procedures Used for
Recording History

WAIG





createAigManager
deleteAigManager
createNode
replaceNode
deleteNode_recur

HAIG





createAigManager
deleteAigManager
createNode,
setWaigToHaigMapping
setEquivalentHaigMapping
do nothing
Using HAIG for Tech-Mapping

HAIG contains all AIG structures


The accumulated structures can be used to improve
the quality of technology mapping



Original and derived
By reducing structural bias (Chatterjee et al, ICCAD’05)
By performing integrated mapping and retiming
(Mishchenko et al, ICCAD’07)
HAIG-based mapping is scalable and leads to delay
improvements (~20-30%) with small area degradation
Using HAIG for Equivalence
Checking



Sequential depth of a window-based
sequential synthesis transform is the
largest number of registers on any
path from an input to an output of the
window
Theorem 1: If transforms recorded in
HAIG have sequential depth 0 or 1,
the equivalence classes of HAIG
nodes can be proved by simple
induction (k=1) over two time-frames
Theorem 2: If the inductive proof of
HAIG passes without counterexamples, then
the original and final designs are
sequentially equivalent
Sequential depth = 1
unsat
1
unsat
1
A A’
B B’
0
0

A A’
#2
B B’
#1
Experimental SEC Results
Example
b15
b17
s13207
s35932
s38417
s38584
systemcaes
tv80
usb_funct
wb_conmax
wb_dma
aes_core
ethernet
GeoMean Ratios
Example Statistics
PI
PO
Lat
36
70
449
37
97
1415
31
121
669
35
320
1728
28
106
1636
12
278
1452
260
129
670
14
32
359
128
121
1746
1130 1416
770
217
215
563
259
129
530
98
115 10544
RegCorr
0.34
0.67
0.06
0.57
1.05
0.70
0.07
0.22
1.95
0.64
0.11
0.14
4.93
11.13
Runtime Distribution (seconds)
SigCorr
SEC
Mapping
6.26
11.79
12.24
11.32
19.23
12.46
0.22
0.31
0.46
1.83
5.43
5.47
2.65
8.59
6.09
1.12
4.11
3.36
1.42
2.81
11.17
0.94
1.28
0.46
12.65
29.64
11.36
17.08
2.03
45.03
0.49
1.29
2.54
1.25
1.65
27.51
3.68
19.66
4.15
60.49
90.87
141.45
Notes:
1.
2.
3.
4.
Comparison is done before and after register/signal correspondence
RegCorr, SigCorr and Mapping are synthesis runtimes
SEC is comparison done in usual way without HAIG
“HAIG” is the runtime of HAIG-based SEC
•
•
Includes the runtime of speculative reduction and inductive proving
Does not include the runtime of collecting HAIG (~1% of synthesis time)
HAIG
0.13
0.16
0.05
0.07
0.12
0.05
0.10
0.05
0.08
0.05
0.15
0.12
0.08
1.00
Summary and Conclusions

Development of algorithms from either synthesis
or verification are effective in the other
 Leads to new improved ways to



synthesize
equivalence check
Sequential synthesis can be effective but must
be able to equivalence check


Limit scope of sequential synthesis
Leave a trail of bread crumbs
end