### **Topic IX**

# Formal Hardware Verification (II) ATPG/SAT-Based Engine Basics

系統晶片驗證 SoC Verification

Sep, 2004

### What we will cover in this topic ---

- 1. Circuit modeling summary
  - Assertion property modeling
- 2. Combinational ATPG/SAT algorithms
  - Logic implications
  - Branch and bound process
  - Learning
  - Dynamic decision ordering
- 3. Word-level ATPG
- 4. RAMBO

SoC Verification

Prof. Chung-Yang (Ric) Huang





#### Different ways to view the circuit modeling

### 3. Computational Tree Logic (CTL)



SoC Verification

Prof. Chung-Yang (Ric) Huang

5

#### Different ways to view the circuit modeling

#### 4. Source codes

```
class Circuit
                                                 class Gate
public:
                                                 public:
   Circuit(const string& inFile);
                                                     Gate(unsigned numFanins = 0);
    ~Circuit();
                                                     virtual ~Gate();
   bool simulate(const string&
  vectorFile);
                                                    const string& getName() const;
                                                     virtual bool simulate() = 0;
                                                     friend ostream& operator << (ostream&, const Gate*);
   friend ostream& operator <<
  (ostream&, const Circuit&);</pre>
private:
                                                 protected:
                           _piList;
   vector<Gate *>
                                                     string
   vector<Gate *>
vector<Gate *>
                           _poList;
_seqElmList;
                                                    unsigned
GateValue
                                                                            _id;
                                                                            _value;
                                                                            _flag;
                                                     GateFlag
                                                                           _faninList;
                                                     vector<Gate *>
                                                     vector<Gate *>
                                                                            _fanoutList;
                                                 };
```

SoC Verification

Prof. Chung-Yang (Ric) Huang

### Remember, formal verification is ---



- ◆ Variety of verification methods (often quite different)
- What distinguishes formal?
  - Conveys a promise of mathematical certainty
    - → Guarantees that no behavior or execution of the model can ever be found to contradict the attributes

SoC Verification

Prof. Chung-Yang (Ric) Huang

7

# Attributes (or called "properties") to a circuit in general are <u>temporal logic</u>

We will cover the details of temporal logic later

To simplify the explanation of the formal verification engines,

Let's first focus on the simplest one, assertion property

SoC Verification

Prof. Chung-Yang (Ric) Huang

### **Assertion Property Modeling**

Assure that something bad should never happen



(Note: we don't care about POs)

SoC Verification

Prof. Chung-Yang (Ric) Huang

9

In other words,
proving assert P is true
= proving there is no counter-example for ~P

→ Use a "search engine"

SoC Verification

Prof. Chung-Yang (Ric) Huang

#### **Automatic Test Pattern Generation (ATPG)**

- Deterministic algorithms of generating test patterns for manufacturing faults
- ◆ Developed as early as in 1960's
- ◆In essence, a branch-and-bound algorithm
- ◆2 major steps: fault sensitization + fault propagation



SoC Verification

Prof. Chung-Yang (Ric) Huang

11

The traditional sequential ATPG is very difficult (not applicable to mid-size design).

However, for verification without considering the fault propagation, the sequential ATPG can sometimes be used for large circuit.

To simplify the explanation of ATPG algorithm, we will start from combinational ATPG first.

SoC Verification

Prof. Chung-Yang (Ric) Huang

```
    bool witnessValue(Gate g, value v)

     if (logicImplication(g, v) == false)
3.
        return false;
     if (all signals in circuit have been implied)
        return true;
     pick an unassigned signal s
    if (witnessValue(s, V0) == true)
9.
        return true;
10. backtrack(s);
     if (witnessValue(s, ~V0) == true)
11.
12.
        return true;
13.
     backtrack(s);
14.
     return false;
15.}
```

SoC Verification

Prof. Chung-Yang (Ric) Huang

13

### **Logic Implication**

- ◆Also called "Boolean Constraint Propagation" (BCP)
- Imply values to other gates in both forward and backward directions



Forward implications

**Backward implications** 

SoC Verification

Prof. Chung-Yang (Ric) Huang



```
1. bool witnessValue(Gate g, value v)
      if (logicImplication(g, v) == false)
3.
         return false;
     if (all signals in circuit have been implied)
         return true;
7.
     pick an unassigned signal s
     if (witnessValue(s, V0) == true)
9.
         return true;
10.
     backtrack(s);
11.
      if (witnessValue(s, ~V0) == true)
12.
         return true;
13.
      backtrack(s);
14.
      return false;
15.}
SoC Verification
                                                        16
                     Prof. Chung-Yang (Ric) Huang
```









```
1. bool witnessValue(Gate g, value v)
2. {
     if (logicImplication(g, v) == false)
3.
        return false;
     if (all signals in circuit have been implied)
        return true;
7.
     pick an unassigned signal s
     if (witnessValue(s, V0) == true)
9.
        return true;
    backtrack(s);
10.
     if (witnessValue(s, ~V0) == true)
11.
12.
        return true;
13.
     backtrack(s);
14.
     return false;
15.}
```

SoC Verification

Prof. Chung-Yang (Ric) Huang





Do you see that ATPG algorithm is very similar to SAT?

Actually, they are in principle the same, but just different in data structure

SoC Verification

Prof. Chung-Yang (Ric) Huang

SAT is sometimes called "Satisfiability-based ATPG"

ATPG is sometimes called "Circuit-based SAT"

# The Best Combined advantages from both sides

**SoC Verification** 

Prof. Chung-Yang (Ric) Huang

25

#### **Logic Implication Routines in ATPG/SAT**

- 1. Logic Implication by Recursion
- 2. Logic Implication in Topological Order
- 3. 2 Watch Literals algorithm in zChaff

SoC Verification

Prof. Chung-Yang (Ric) Huang

### **Logic Implication by Recursion**

SoC Verification

```
bool logicImplication(Gate g, value v)
2.
      if (g->hasConflictValue(v)) return false;
      if (g->getValue() != 'x') return true;
      // g has value 'x' \rightarrow can be implied
      g->setValue(v);
6.
      // fanins and fanouts that may be
            implied by g
      List impliedList = checkImplication(g);
10.
      for_each_gate_value(impliedList, gg, vv)
         if (logicImplication(gg, vv) == false)
11.
             return false;
12.
13.
      return true;
14. }
```

Prof. Chung-Yang (Ric) Huang

27

### **Logic Implication by Recursion**

- Pros
  - Easy to implement
  - May lead to conflict earlier
- Cons
  - A gate may be put into impliedList many times by different neighboring gates
    - 1. Value has already been implied, or
    - 2. Too early to evaluate

SoC Verification

Prof. Chung-Yang (Ric) Huang

29

### **Logic Implication in Topological Order**

- ♦ Preprocess
  - All gates are sorted topologically
- Each gate has a field "\_level" = max(fanin->\_level) + 1 1. bool logicImplication() 2. while (more scheduled gates) for scheduled gates (level = maxLevel to 0) apply backward implications and schedule forward implications return false if any conflict; for scheduled gates (level = 0 to maxLevel) 8. apply forward implications and schedule backward implications; return false if any conflict; 12. return true; 13. }

SoC Verification

Prof. Chung-Yang (Ric) Huang



### **Logic Implication in Topological Order**

- **♦**Pros
  - Minimize the number of scheduling
  - Each gate is checked only once in each forward or backward implication
- ◆Cons
  - A gate may be checked more times than necessary

SoC Verification

Prof. Chung-Yang (Ric) Huang

### **Fruitless Implication Checking**

- ◆ Checking if a gate can be implied, but it cannot
- ◆ For example, the all-1's forward implication of an AND gate
  - Only the last '1' can trigger the forward implication
    - The first (n-1) checks are useless
  - Worse case: for n-input AND gate
    - Need to check (1 + 2 + ...+ n) times of fanins
    - O(n<sup>2</sup>)



**SoC Verification** 

Prof. Chung-Yang (Ric) Huang

33

# Trying to avoid fruitless implication checking

- ◆Use a counter to record how many 'x' are in the fanins of a gate (e.g. AND gate)
  - Decrement by 1 when fanin is implied
  - Inccrement by 1 when fanin value is backtracked
  - When no 'x' fanin → forward implication
- ◆ Although this can avoid fruitless implication checking, but the overhead in maintaining the counts could be an overkill...

SoC Verification

Prof. Chung-Yang (Ric) Huang

### Watched-fanin concept

- ◆ In the n-input AND gate case, keep a pointer to one of its fanin that has value 'x' (watched fanin)
  - If other fanin gets implication '1' → don't care
  - If this watched fanin gets implication '1', try to find another 'x' fanin to be new watched fanin
    - If found, update the pointer
    - If not found → imply '1' at the gate



SoC Verification

Prof. Chung-Yang (Ric) Huang

35

### What's the improvement?

- ♦ Worse case O(n²) ?? No
- ◆Suppose watched fanin points to the 1<sup>st</sup> fanin in the beginning
  - We always follow the same direction to find the next 'x' fanin
  - Complexity  $O(2n) \rightarrow O(n)$



SoC Verification

Prof. Chung-Yang (Ric) Huang

### Reducing from O(n) to almost O(C)

- ◆ Watched fanin
  - When one fanin gets an implication, check if this fanin is "watched fanin"
  - → Still need to check for each fanin implication
- ◆ Watching list from watched fanin
  - The watched fanin keeps the list of gates it is watching
    - When a watched fanin gets an implication
    - → Update the watched fanins of the gates in the watching list; remove this watching list
    - → Create the watching lists for the new watched fanins
  - Don't need to evaluate a gate if it is not in the watching list of any fanin



SoC Verification

Prof. Chung-Yang (Ric) Huang

37

### **Caching Effect**

- ◆ The fact
  - Most of the time, the decision orderings at different parts of the decision tree are quite similar during a proof (or even from proof to proof)

→ Fanins of a gate get the implications almost at the same order every time

- ◆ Watched fanin
  - → point to the last implied fanin
  - → After the first backtrack, no evaluations for the previous fanins

SoC Verification

Prof. Chung-Yang (Ric) Huang

Sounds good for all-1's forward implication of an AND gate, but what about 0 implication, backward implication, and other types of gates?

Different watched schemes? (Could be very complex...)

That's why simpler data structure like SAT engine can be more efficient sometimes

SoC Verification

Prof. Chung-Yang (Ric) Huang

39

#### **Review on SAT Clause Construction**

- ◆For an n-input AND gate → (n + 1) clauses
  - 1 clause for all-1's implication
    - Non-controlling fanin value
    - $(a \& b \& c \& d) \rightarrow f$ ■ (!a + !b + !c + !d + f)
    - (n + 1)-literal clause
  - n clauses for 0 implications
    - Controlling fanin value
    - !a → !f
    - (a + !f)
    - 2-literal clauses



SoC Verification

Prof. Chung-Yang (Ric) Huang

### **Logic Implication for SAT**

- ◆Also called "Boolean Constraint Propagation (BCP)" (why?)
- ◆If a literal in a clause gets an implication '1'
  - → The clause is satisfied
- ♦ If a literal in a clause gets an implication '0'
  - → If all but one literals have values '0'
    - The remaining literal will get implication '1'
  - → If all literals have values '0'
    - The clause is evaluated to '0' → a conflict !!

SoC Verification

Prof. Chung-Yang (Ric) Huang

41

#### **Efficient BCP Routine in zChaff**

- ◆ For 2-literal clauses
  - If any literal gets an implication
    - We can conclude the implication of this clause immediately
- ◆ For n-literal clauses (n > 2)

e.g. 
$$f = a \& b \& c$$

- 4-literal clause (!a + !b + !c + f)
- $(!a = 0) & (!b = 0) & (!c = 0) \rightarrow (f = 1)$ •  $a & b & c \rightarrow f$
- $(!a = 0) & (!b = 0) & (f = 0) \rightarrow (!c = 1)$ 
  - a & b & !f → !c
- → Watch f together with a, b, and c
- → 2 watch literals (why?)



SoC Verification

Prof. Chung-Yang (Ric) Huang

### 2-Watched-Literals algorithm in zChaff

- ◆ The first to propose "watched xxx" heuristics
- ◆ For each clause, keep 2 pointers on 2 literals that have values 'x'
  - If any watch literal gets implication '0'
    - Scan in the clause for another literal with value 'x'
    - If found, update the watch literal pointer
    - Else, imply the other watch literal with value '1'



**SoC Verification** 

Prof. Chung-Yang (Ric) Huang

43

#### **Comments on ATPG and SAT Implication**

- zChaff proposed a very simple yet efficient BCP
  - All types of implications can be implemented in the same 2-watched-literal algorithm
- Can ATPG mimic the similar "watched xxx" concept?
  - The previous watched fanin does
    - But only for non-controlling fanin's forward implication
  - (How?) Can it be efficient?

SoC Verification

Prof. Chung-Yang (Ric) Huang

```
1. bool witnessValue(Gate g, value v)
     if (logicImplication(g, v) == false)
3.
       return false;
    if (all signals in circuit have been implied)
        return true;
7. pick an unassigned signal s
    if (witnessValue(s, V0) == true)
9.
        return true;
10. backtrack(s);
11. if (witnessValue(s, ~V0) == true)
12.
        return true;
13. backtrack(s);
14. return false;
15.}
```

**SoC Verification** 

Prof. Chung-Yang (Ric) Huang

45

# How do we know that the target (~P) has been justified?

- ◆ Bottom line
  - The implied values on PIs → Test pattern
  - If we simulate the test pattern, we should be able to witness the target value
- ◆ A conservative approach
  - All the signals in the circuit have been implied
  - Some are redundant assignments
    - e.g. AND gate with value '0'



SoC Verification

Prof. Chung-Yang (Ric) Huang

#### **Justification Frontier**

- ◆ Keep a set of gates that are not yet justified
  - Update the frontier after each decision implications
  - Restore the frontier on backtracks
  - When frontier becomes empty, the target is satisfied



SoC Verification

Prof. Chung-Yang (Ric) Huang

47

### **Justification Frontier (Cont'd)**

- ◆Pros
  - Only justify a minimal set of gates
  - Minimize the assignments on test vectors
  - May avoid useless decisions
- **♦**Cons
  - Overhead in maintaining the justification frontier (in both implementation and runtime)

#### With or without justification frontier??

SoC Verification

Prof. Chung-Yang (Ric) Huang

```
1. bool witnessValue(Gate g, value v)
2. {
3.    if (logicImplication(g, v) == false)
4.        return false;
5.    if (all signals in circuit have been implied)
6.        return true;
7.    pick an unassigned signal s
8.    if (witnessValue(s, V0) == true)
9.        return true;
10. backtrack(s);
11.    if (witnessValue(s, ~V0) == true)
12.        return true;
13. backtrack(s);
14. return false;
15.}
```

SoC Verification

Prof. Chung-Yang (Ric) Huang

49

### **Branch-and-bound Algorithm**

- ◆Binary decision tree
  - Branched by picking a gate for decision
  - Bounded by logic implication conflict
  - Exponential complexity
- ◆When bounded...
  - Backtrack the last implications
  - Make decision on the opposite value, or ---
  - If both values have been tested, return false to parent decision (and it will be bounded, too)

SoC Verification

Prof. Chung-Yang (Ric) Huang

#### Speed-ups on branch-and-bound process

- 1. Better decision ordering
- 2. Learning
- 3. Bound earlier

SoC Verification

Prof. Chung-Yang (Ric) Huang

51

### **Decision Ordering**

- The order of gates that the corresponding decisions are made
  - 1. Order of gates
  - 2. Decision values
  - → Good and bad decisions can lead to exponential difference

(e.g. 2<sup>10</sup> vs. 2<sup>50</sup>)



(Think) Does the decision value matter?
 (i.e. should we decide on '1' or '0' first?)

SoC Verification

Prof. Chung-Yang (Ric) Huang

### **Static Decision Ordering**

- Decision order and values are pre-computed in the beginning and remain unchanged
- Topological
  - Depth-first
  - Breadth-first
  - Guided by gate types
- 2. Probability-based
  - Controllability / Observability
  - Signal probability
  - (Weighted) Random
- 3. Influence-based
  - Literal count
  - #fanins / #fanouts

SoC Verification

Prof. Chung-Yang (Ric) Huang

53

### **Dynamic Decision Ordering**

- Decision order and values are dynamically determined based on current implication values, justification frontier, etc.
  - Use similar criteria as static method
  - But can mix different rules dynamically
- Pros
  - May lead to better decisions
  - Avoid useless decisions
- ◆ Cons
  - Overhead in computing dynamic ordering may be high
  - Effectiveness sometimes is hard to predict

SoC Verification

Prof. Chung-Yang (Ric) Huang

### A closer look at binary decision tree

1. Should the decision orderings on all branches be the same?



### A closer look at binary decision tree

- 2. When conflicts, do we always need to backtrack one decision at a time? Or can we backtrack multiple decisions at once?
  - Called non-chronological backtracking
  - Some portion of the decision tree may not be covered
    - Not a complete search anymore
    - May also miss some bugs
    - But may also find bugs earlier



SoC Verification

Prof. Chung-Yang (Ric) Huang

Remember when we talked about
SAT engine,
we mentioned that
using "conflict analysis"
we can do non-chronological backtracking,
while still achieve complete proof

### How??

SoC Verification

Prof. Chung-Yang (Ric) Huang



# Implication Graph (an exemplar implementation)

- ◆ Implications are grouped into different decision levels
  - · Level 0: target imp; constants
  - Level 1+: decisions
- ◆ Node (gate, value): implications
- ◆ Incoming edge(s) of a node: implication sources (reasons)
  - The nodes with no incoming edges are called "root implication nodes"
  - There should only be ONE root implication node for each decieion level >= 1 (which is the decision in that level)



### **Conflict Analysis**

- When we encounter a decision conflict, we want to figure out the causes so that ---
  - 1. Try to avoid the same conflict
  - 2. Backtrack as many decisions as possible







#### **Conflict-Driven Learning**

- ◆But which constraint to add?
- ◆[Zhang, et al, ICCAD 2001] Experiment shows that "first-UIP" (1-UIP) is the best
  - UIP: Unique Implication Point
    - In a cut that there is only one node in the last (where conflict happens) decision level
    - Starting from the conflict gate, the first encountered UIP is namely first UIP
    - The cut with only decision nodes is called the last-UIP
      - In the previous example, (2) is the last UIP, and (3) is the first UIP

SoC Verification

Prof. Chung-Yang (Ric) Huang

63

#### **UIP for Non-chronological Backtracking**

- ◆ Since in UIP cut there is only one node with the last decision level...
- ◆ And we add a constraint for the UIP cut





# Conflict-Driven Non-Chronological Backtracking --- Algorithm

- When conflict occurs, check if the conflict level == 0 (the target implication level)
  - a) If yes, return unsatisfiability
  - b) Else, continue to 2
- 2. Find the cut with 1-UIP as the conflict causes
- Backtrack to the max decision level of the nodes other than UIP
- 4. The UIP gate will be implied with the opposite value
- 5. Perform the new implication
- 6. If conflict, go to 1, else return to the justification process for the next decision

SoC Verification

Prof. Chung-Yang (Ric) Huang

# **Conflict-Driven Non-Chronological Backtracking --- Properties**

- ◆A complete (exhaustive) proof
- ◆Not a binary decision tree anymore...
  - Becomes a decision queue
  - Conflict → Learned gate
    - → Learned implication
  - Keeps adding learned gates
    - Implication may be slowed down due to increasing #gates
    - Re-synthesize the learned gates???

**SoC Verification** 

Prof. Chung-Yang (Ric) Huang

67

# **Conflict-Driven Non-Chronological Backtracking --- Properties (cont'd)**

- ◆ Learned information is universally true
  - Independent of the target implication, only related to the circuit function
  - The proof efforts between different properties can be shared
    - → Incremental TPG/SAT
- ◆ Decision process can "restart" any time any where!!
  - Can use different decision ordering to explore different area in the decision tree
    - Previous efforts will not be wasted

SoC Verification

Prof. Chung-Yang (Ric) Huang

#### **Amazing Beauty**

Branch-and-bound algorithm for Constraint Satisfaction Problem (CSP) becomes a "constraint refinement process"

Search region is gradually narrowed down

At the end, either becomes empty, or finds the solution

SoC Verification

Prof. Chung-Yang (Ric) Huang

69

#### Speed-ups on branch-and-bound process

- 1. Better decision ordering
- 2. Learning
- 3. Bound earlier

SoC Verification

Prof. Chung-Yang (Ric) Huang

# The constraints learned by conflict analysis are sometimes called

"dynamic learning" because they are learned during the proof process

SoC Verification

Prof. Chung-Yang (Ric) Huang

71

# **Another Kind of Dynamic Learning: Recursive Learning**

- ◆ To justify f = 0
  - (a = 0) or (b = 0)
  - Let S<sub>a</sub> and S<sub>b</sub> be the set of implications from (a = 0) and (b = 0), respectively
  - Let  $S = S_a \cap S_b$ 
    - → (f = 0) implies S

f = 0

- ◆ A recursive process
- Deep recursion could be very expensive

b = 0

Ref: "HANNIBAL: an efficient tool for logic verification based on recursive learning", Wolfgang Kunz, ICCAD 1993

SoC Verification

Prof. Chung-Yang (Ric) Huang

a = 0 -

### **Complexity Analysis**

- 1. Conflict analysis
  - O(N), N is the number of nodes in the last decision level of the implication graph
- 2. Recursive learning
  - O(M<sup>L</sup>), M is the complexity of BCP, and L is the level of recursion
- ◆ [Think] Recursive learning seems very expensive, how can it be useful??

SoC Verification

Prof. Chung-Yang (Ric) Huang

73

# Other than "dynamic learning",

we can also preprocess the circuit to derive some "static learning" information

SoC Verification

Prof. Chung-Yang (Ric) Huang

### **Static Learning (1)**

◆Learn by contrapositive

$$(a \rightarrow b \equiv !b \rightarrow !a)$$

◆e.g.



$$a = 1 \rightarrow b = 1$$
  
Learned  $b = 0 \rightarrow a = 0$ )

The question is: which gate to learn??

Ref: "SOCRATES: A Highly Efficient Automatic Test Pattern Generation System", Schulz *et.al*, TCAD 1988

SoC Verification

Prof. Chung-Yang (Ric) Huang

75

### Static Learning (2)

- Proof-based
  - Since learned information is universally true, we can create some internal interesting properties, and use these properties to derive some interesting learning (by conflict analysis)
- e.g. By simulation, if we find a gate 'g' is very likely to stuck at some value 'v'
  - → Witness "g = !v" (should produce many conflicts)
- ◆ e.g. By simulation, if two signals respond almost the same
   → Witness "p!= q"
- ◆ No matter the proof is finished or not
  - We can always learn something

Ref: Feng Lu, et. al, "A Circuit SAT Solver with Signal Correlation Guided Learning", DATE 2003

SoC Verification

Prof. Chung-Yang (Ric) Huang

Although "learning" in general can lead to more implications and possibly lead to conflicts earlier (i.e. bound earlier) ---

- 1. It may slow down the implication process
- 2. It may affect the decision ordering, which may not necessarily reduce the #decisions

**SoC Verification** 

Prof. Chung-Yang (Ric) Huang

77

#### What can we do to make the learning useful?

- Use learning to find better decision ordering
  - zChaff uses learned information to refine the decision ordering
  - BerkMin uses learned information to increase emphasis on "locality" of decisions

SoC Verification

Prof. Chung-Yang (Ric) Huang

# zChaff's Variable State Independent Decaying Sum (VSIDS) Decision Heuristic

- (1) Each variable in each polarity has a counter, initialized to 0.
- (2) When a clause is added to the database, the counter associated with each literal in the clause is incremented.
- (3) The (unassigned) variable and polarity with the highest counter is chosen at each decision.
- (4) Ties are broken randomly by default, although this is configurable
- (5) Periodically, all the counters are divided by a constant.

Zhang, et al, DAC 2001

SoC Verification

Prof. Chung-Yang (Ric) Huang

79

### **Berkmin – Decision Making Heuristics**

- E. Goldberg, and Y. Novikov, "BerkMin: A Fast and Robust Sat-Solver", *Proc. DATE* 2002, pp. 142-149.
- Identify the most recently learned clause which is unsatisfied
- ◆ Pick most active variable in this clause to branch on
- Variable activities
  - updated during conflict analysis
  - decay periodically
- If all learnt conflict clauses are satisfied, choose variable using a global heuristic
- Increased emphasis on "locality" of decisions

SoC Verification

Prof. Chung-Yang (Ric) Huang

#### What can we do to make the learning useful?

- 1. Use learning to find better decision ordering
  - zChaff uses learned information to refine the decision ordering
  - BerkMin uses learned information to increased emphasis on "locality" of decisions
- With conflict analysis, decision can restart any time
  - Change to different decision ordering heuristic to explore different area in the input space
- 3. Re-synthesis the learned information
  - Two-level to multi-level circuit
  - Any other idea?

**SoC Verification** 

Prof. Chung-Yang (Ric) Huang

81

#### **Conflict vs. Success-Driven Learning**

Motivation: Traditional TPG approach finds only 1 solution, can we find more (or all) the solutions?

- How to record the solutions?
  - Hash table?
- Success-driven learning
  - Similar to conflict learning
  - When we find one solution, say (v1, v2, ..., vn), add a blocking gate "v1 && v2 && ... vn = 0" so that
    - This solution won't be repeated
    - May lead to new implication
    - Can continue the justification process for the next solution
  - At the end, all the solutions are recorded as set of blocking gates

SoC Verification

Prof. Chung-Yang (Ric) Huang

### What we will cover in this topic ---

- 1. Circuit modeling summary
  - Assertion property modeling
- 2. Combinational ATPG/SAT algorithms
  - Logic implications
  - Branch and bound process
  - Learning
  - Dynamic decision ordering
- 3. Word-level ATPG
- 4. RAMBO

SoC Verification

Prof. Chung-Yang (Ric) Huang

83

#### **Word-Level ATPG**

- Motivations
  - High-level (RTL and up) design usually contains many word-level constructs like "adder", "data bus", etc
  - Arithmetic constraints are best solved by arithmetic methods (e.g. Linear algebra)
- Observations
  - Control signals are usually good candidates for earlier decisions
  - Signals on a data bus usually share same operators
    - Better treated as a word rather than several bits

SoC Verification

Prof. Chung-Yang (Ric) Huang

#### **Word-Level ATPG**

1. Divide circuit into "control" and "datapath"



- 2. Apply branch-and-bound algorithm on control circuit first
- 3. Solve the remaining datapath equations by arithmetic techniques
  - If solved, done
  - Else find another solution from the control circuit and repeat 3

SoC Verification

Prof. Chung-Yang (Ric) Huang

85

# RAMBO: Redundancy Addition and removal for Multi-level Boolean Optimization

- ◆ Redundancy to a circuit
  - When removing some signal/gate of a circuit, the circuit functionality remains unchanged
- Motivations
  - Removing redundancy in a circuit can gradually lead to small area or timing
  - When deliberately adding some redundancy to a circuit, may cause other part of the circuit become redundant
    - Incremental circuit restructuring (rewiring)
    - Can be used for incremental optimization (e.g. timing, area, etc)

SoC Verification

Prof. Chung-Yang (Ric) Huang

### **Redundancy in a Combinational Circuit**

- ◆ Redundancy in a combinational circuit
  - = Single-stuck-at fault untestable



- 1. How do we know a wire in a combinational circuit is redundant?
  - → Its corresponding stuck-at fault is untestable
  - → s-a-1 for AND inputs, s-a-0 for OR inputs
- 2. If a wire is NOT redundant, can we add an extra wire to make this wire redundant?
  - → Yes, but the extra wire itself must be redundant
  - → Add a redundant wire to make the originally irredundant wire become redundant

SoC Verification

Prof. Chung-Yang (Ric) Huang





### **RAMBO Algorithm**

[Cheng et.al. TCAD 1995]

- Given a target wire, perform its mandatory assignments (MA) for its corresponding s-a fault
  - MA = Implications of
    - 1. Fault sensitization @ fault site
    - 2. Fault propagation @ the side inputs of the dominators
- 2. For each gate  $g_m$  in the set of MA,

For each dominator  $g_{\mbox{\tiny d}}$ , test the fault on the added wire ( $g_{\mbox{\tiny m}} 
ightarrow g_{\mbox{\tiny d}}$ )

- a. If value( $g_m$ ) = 0 and  $g_d$  is an AND  $\rightarrow$  direct connection, s-a-1 fault
- b. If  $value(g_m) = 1$  and  $g_d$  is an AND  $\rightarrow$  add an inverter, s-a-1 fault
- c. If  $value(g_m) = 0$  and  $g_d$  is an OR  $\rightarrow$  add an inverter, s-a-0 fault
- d. If  $value(g_m) = 1$  and  $g_d$  is an OR  $\rightarrow$  direct connection, s-a-0 fault
- 3. Any untestable fault in 2.a ~ 2.d corresponds to a redundant wire to remove the target wire

SoC Verification

Prof. Chung-Yang (Ric) Huang





### **RAMBO Algorithm Complexity**

- ◆Need to perform (M \* D) redundancy tests
  - M: number of gates in MA
  - D: number of dominators
  - → Could be a BIG number
- ◆ "Perturb and Simplify" (Chang, et. al. TCAD 1996)
  - Propose several rules to filter out impossible candidates
  - → Possibly some big number

SoC Verification

Prof. Chung-Yang (Ric) Huang

# How do we add "something" to a circuit and guarantee it is redundant?

◆ Add a wire



◆Add a gate



SoC Verification

Prof. Chung-Yang (Ric) Huang

95

#### Add a Redundant Wire

- lacktriangle e.g. Add to the input of an AND gate  $g_d$ 
  - 1. Test the output s-a-0 fault of this AND gate
  - 2. Perform MA of this fault



3. For each gate  $g_s$  in the MA, there is a corresponding redundant wire (or with inverter) to  $g_d$ 

Why??

SoC Verification

Prof. Chung-Yang (Ric) Huang

# An Efficient Redundancy Addition and Removal Algorithm

- 1. Given a target wire on  $g_t$ , perform MA( $g_t$ )
  - Adding a wire from a gate g<sub>s</sub> in MA(g<sub>t</sub>) to any of its dominator g<sub>d</sub> can make this target wire redundant
  - e.g. value( $g_s$ ) = 0  $\rightarrow$  AND gate  $g_d$



SoC Verification

Prof. Chung-Yang (Ric) Huang

97

# An Efficient Redundancy Addition and Removal Algorithm

- 1. Given a target wire on  $g_t$ , perform  $MA(g_t)$ 
  - Adding a wire from a gate g<sub>s</sub> in MA(g<sub>t</sub>) to any of its dominator g<sub>d</sub>
    can make this target wire redundant
  - e.g. value( $g_s$ ) = 0  $\rightarrow$  AND gate  $g_d$
- 2. Given a destination gate  $g_d$ (dominator of the target wire  $g_t$ ), perform MA( $g_d$ )
  - Any wire from a gate  $g_s$  in  $\mathrm{MA}(g_d)$  to this gate  $g_d$  can be redundant
  - e.g. value( $g_s$ ) = 1  $\rightarrow$  AND gate  $g_d$



SoC Verification

Prof. Chung-Yang (Ric) Huang

# An Efficient Redundancy Addition and Removal Algorithm

- 1. Given a target wire on  $g_t$ , perform MA( $g_t$ )
  - Adding a wire from a gate g<sub>s</sub> in MA(g<sub>i</sub>) to any of its dominator g<sub>d</sub> can make this target wire redundant
  - e.g. value( $g_s$ ) = 0  $\rightarrow$  AND gate  $g_d$
- 2. Given a destination gate  $g_d$ (dominator of the target wire  $g_t$ ), perform MA( $g_d$ )
  - Any wire from a gate  $g_s$  in MA( $g_d$ ) to this gate  $g_d$  can be redundant
  - e.g. value( $g_s$ ) = 1  $\rightarrow$  AND gate  $g_d$
- → Perform an intersection on  $MA(g_t)$  and  $MA(g_d)$ , any contradiction on  $g_s$ , implies an alternative wire  $(g_s \rightarrow g_d)$  for the target wire on  $g_t$

[ref: "A New Reasoning Scheme for Efficient Redundancy Addition and Removal", Chang, et. al. TCAD 2003]

SoC Verification

Prof. Chung-Yang (Ric) Huang

99

#### Add a Redundant Gate

- lacktriangle e.g. Add to the output of an AND gate  $g_d$ 
  - 1. Test the output s-a-1 fault of this AND gate
  - 2. Perform MA of this fault



3. For each gate  $g_s$  in the MA, there is a corresponding redundant gate (or with inverter) on  $g_d$ 

Why??

SoC Verification

Prof. Chung-Yang (Ric) Huang

# How do we add "something" to a circuit and guarantee it is redundant?

- ◆ Add a wire
- ◆ Add a gate @ destination
- ◆ Add a gate @ source



◆Add a circuit (How??)

SoC Verification

Prof. Chung-Yang (Ric) Huang