Patent Grant
7627842
In the verification of digital circuits, signals in the circuits are “compared” in some manner in order to draw a conclusion on the “correctness” of one or more properties of the circuits. For example, to determine if two circuits with identical state encoding will behave identically under some excitations, one can simply compare the simulated values of the corresponding state-points in the two circuits when the circuits are subjected to the same excitations. Alternatively, one can show that the two circuits will behave identically under all possible excitations with a formal methodology wherein the functions of the corresponding state-points in the two circuits are proved to be functionally equivalent. This method is known as formal equivalence checking and it is in the category of verification methods known as formal verification. In this case, the circuits are partitioned into combinational logics by the key-points in the circuit, examples of which include the sequential elements in the circuits, such as flip-flop, registers, and latches, and primarily inputs and outputs of the circuits. That is, every combinational logic cone in the circuit is bounded by key-points. The key-points in the two circuits to be compared for equivalence are corresponded by means of a key-point mapping, which in the simplest case, corresponds, or maps, one key-point from a first circuit to one key-point to from a second circuit. If the two circuits are equivalent, then every corresponding key-point at the output of logic cones in the two circuits will realize the same combinational logic function with respect to the corresponded key-points at the input of the logic cones.
In yet another example, a circuit can be verified against a specification wherein the specification refers to some signals in the circuit to be verified. An example specification might say “the signal called S in the circuit is always zero.” In this example, the referenced signal in the circuit is “S” and “is always zero” is the condition (or property) to be verified. This type of verification is generally called property checking.
In the preceding examples, verification is dependent on the correspondences of signals (for example, between two circuits to be verified, or between a specification and a circuit, etc.) to be verified. In addition, such correspondence information can also be used in formal verification even if the signals are not explicitly being compared as part of the verification. For example, an efficient method in comparing the functions of two signals in two circuits is to first determine the functions of some intermediate signals. Such intermediate signals, known as cut-points, if they correspond between the two circuits, can be used to simplify the comparison of the final functions significantly.
Finding correspondence between two circuits is problem having a wide applicability to many fundamental problems in circuit design, synthesis, and verification. Many methods can be either fully automated, requiring information embedded in the circuits, or can require user intervention, and can be implemented in many circuit design and verification tools. However, these can require the corresponding signals to be identical. In some instances, ad hoc solutions exist to handle specific special cases whose applicability is restricted. Some embodiments of the present invention describe techniques for performing the verification of circuits where signals in the circuits or specifications are encoded such that a direct correspondence may be impossible or incorrect.
Some embodiments can be applied to the problem of equivalence checking of two or more circuits. Some embodiments can be readily applied to other problems, such as those that are mentioned above, including, for example, verification of circuits against specifications, and functional equivalence between state points. Some embodiments of the present invention describe techniques for performing the verification of circuits where signals in the circuits or specifications are encoded such that a direct correspondence may be impossible or incorrect.
Further details of aspects, objects, and advantages of the invention are described below in the detailed description, drawings, and claims. Both the foregoing general description and the following detailed description are exemplary and explanatory, and are not intended to be limiting as to the scope of the invention.
In some cases, N-bit signal X={xN-1, xN-2, . . . ,x0} is implemented as an encoded M-bit signal Y={yM-1,YM-2, . . . ,y0} whose encoding is given by the encoding function ƒX→Y that maps a pattern of the signal X to a pattern of the signal Y. The encoding can have properties such as redundancy and/or completeness. If ƒ is a one-to-many mapping, that is, there exists at least a pattern in X where it can be encoded as more than one possible pattern in Y, then ƒ implements a redundant encoding (or the signal Y is a redundant code). If the number of possible patterns in Y is less than 2M, then the encoding is incomplete, i.e., not every possible value of Y is a valid encoding of X.
One method of describing the encoding is to explicitly list out all the possible mappings in the encoding function as a table. For example, the following table shows a simple encoding of a single bit signal {x0} to a “differential” two-bit {y1, y0} signals.
Each row in the table represents a mapping from a pattern in signal X to a pattern in signal Y. The order in which the patterns are listed in the table is not important. For example, given a signal of {0}, it can be encoded to either {0,0} or { 1,1}. Since the signal {0} can be encoded to more than one pattern, this encoding is redundant. This encoding is complete since all possible values of {y1, y0} appear in the table. However, the following encoding, while redundant as above, is incomplete since one of the possible {1,1} does not exists in the table. That is, there is no possible pattern in X that can be encoded into a pattern in Y as (1, 1}.
Using the encoding shown above, we can now illustrate the difficulty of comparing encoded signals with three scenarios.
In the first scenario, a comparison is performed between the Boolean functions of an encoded signal and a decoded signal. This situation commonly arises in the comparison between a specification (either as a circuit or a property) with an implementation where the specification is described using the decoded pattern, and the implementation is described using the encoded signal. With the encoding, a direct comparison of the Boolean function is not possible since the two signals {x0} and {y1, y0} do not correspond to begin with (one being a one-bit Boolean function and the other being a two-bit Boolean function).
In the second scenario, a comparison is performed between the Boolean functions of two encoded signals using the same encoding function. While there may be no problem in finding correspondence between the two signals since they are of the same size, the Boolean functions of the two encoded signals need not be identical if the encoding is a redundant encoding. For example, if we compare the two encoded signals {1,1} versus {0,0}, while their Boolean functions are not identical, the two patterns in fact represent the same decoded value of {0}.
In the final scenario, suppose a comparison is performed between Boolean functions of two signals encoded using different encoding functions. Clearly, there would be a problem in both finding correspondence between the signals as well as comparing their Boolean functions.
Some embodiments use logic to both recreate the original decoded as well as to re-encode the signal to guarantee the correctness of the implementation using the encoded signals. In some embodiments wherever references to the original decoded signal X is needed, a block of logic can be inserted serially into the encoded signal Y as shown in
The decoding logic DEC realizes the mapping from the encoded signal pattern to the decoded signal pattern. In addition, if the encoding function ƒ is incomplete, then there is a possibility that the encoded signal is in error. In such a case, the error signal E is asserted. Notice that if the encoding function is complete, then the error signal E is unlikely be asserted can therefore be omitted. In one example of using the error signal, in formal equivalence checking, it can be unnecessary to find a correspondence between this error signal and the circuits undergoing verification. Instead, the error signal can be tested for the possibility of asserting the error value. For example, if a non-zero error signal indicates an error, and a zero signal indicates no error, then if the error signal is proved to be a constant zero value, then the error condition cannot happen in the circuit and the encoding process (in the circuits to be verified), is not in error.
The encoding logic ENC realizes the mapping from the decoded signal pattern to the encoded signal pattern. In addition, if the encoding function ƒ is redundant, then a single input pattern to ENC can be mapped to multiple patterns at the output of ENC. Therefore, ENC has an additional pseudo input that can be used to select, for example, all possible output patterns (such as in any order, with or without overlapping). In some embodiments, if all possible patterns are applied to the one or more pseudo inputs, then all possible mappings specified in the encoding function and/or only those mappings specified in the encoding function, are exercised. In formal equivalence checking, a correspondence does have to be found between these pseudo inputs and the circuits undergoing verification. These pseudo inputs can become “free-variables” in the comparison, and a result indicating the equivalency between the two circuits can imply that the two circuits are equivalent under any pseudo input pattern.
The logic to decode and/or encode the signal can be performed using a logic function, addition function or look-up table from an encoding table. The logic may be embodied as software, hardware, or any combination of software and hardware.
In this next section, a description is provided of an embodiment of the invention as part of a system that is used to perform equivalence checking of arithmetic values represented using carry-save signals. An arithmetic value is most compactly implemented in binary logic with a vector including an ordered list of N binary bits {bN, bN-1, . . . , b0} whose arithmetic value is given by
bN2N+bN-12N−1+. . . +b0
For example, the binary vector {0,1,1,0} represents the arithmetic value of 6. For a carry-save signal, two vectors are used to represent one arithmetic value. The two vectors, typically called the sum vector S={SN, SN-1, . . . , S0} and the carry vector C={CN, CN-1, . . . , C0}, represents the value obtained by the addition of the arithmetic values of the sum and the carry vector, respectively. That is, the unsigned arithmetic value of (S,C) is:
cN2N+cN-12N-1+. . . +c0+sN2N+SN-12N-1+. . . +s0
or more compactly as
S+C
For example, given the carry-save vectors C={0,1,1,0} and S={1,0,0,0}, the value of X is 14. Notice that the encoded signals have twice the number of bits than the original signal. The following table gives the encoding function for a two bit vector {y1, y0} to the carry-save signals of S={y11, y01) and C={y10, y00}.
This encoding is a redundant encoding since, for example, the value {0,0} can be encoded as ({0,0}, {0,0}) or ({0,1}, {1,1}). In addition, the encoding is complete since all 16 possible values of ({y11, y01}, {y10, y00}) appears in the table.
For the DEC logic, since the encoding function is complete, it can be realized as a look-up table from the encoding table, or more simply as an addition.
For the ENC logic, since the encoding function is redundant, we must provide for additional pseudo inputs so that the ENC logic can output all possible patterns. A simple way to achieve this is to generate the carry-save vectors as
(X-P, P)
where P is the N-bit pseudo input.
The DEC and ENC logic for the carry-save signals are shown in
Some embodiments verify digital circuits including carry-save signals. The carry-save signals in the circuits are first identified by a user, automatically by a tool (e.g., implied by the circuit connections), and/or another way, such that the signal and its encoding function can be determined. The decoding logic and the encoding logic are inserted into the paths of the carry-save signals (either explicitly by an actual modification to the circuit representation, implicitly, and/or by another manner such, that the effects of the encoding and decoding logics are realized and the signals created by the decoding and encoding logic are revealed. Correspondence can be found between the decoded signals, revealed by the decoding logic, of the circuits to be verified. The pseudo signals produced by the decoding logics can be left as free-variables to the formal equivalence checking algorithms. With correspondences found between key-points (e.g., boundary points) in the circuits, the desired property can then be verified
However, by inserting the decoding and encoding function, D1 and E1, respectively, as illustrated in
According to one embodiment of the invention, computer system 500 performs specific operations by processor 504 executing one or more sequences of one or more instructions contained in system memory 506. Such instructions may be read into system memory 506 from another computer readable/usable medium, such as static storage device 508 or disk drive 510. In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention.
The term “computer readable medium” or “computer usable medium” as used herein refers to any medium that participates in providing instructions to processor 504 for execution. Such a medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media. Non-volatile media includes, for example, optical or magnetic disks, such as disk drive 510. Volatile media includes dynamic memory, such as system memory 506. Transmission media includes coaxial cables, copper wire, and fiber optics, including wires that comprise bus 502. Transmission media can also take the form of acoustic or light waves, such as those generated during radio wave and infrared data communications.
Common forms of computer readable media includes, for example, floppy disk, flexible disk, hard disk, magnetic tape, any other magnetic medium, CD-ROM, any other optical medium, punch cards, paper tape, any other physical medium with patterns of holes, RAM, PROM, EPROM, FLASH-EPROM, any other memory chip or cartridge, carrier wave, or any other medium from which a computer can read.
In an embodiment of the invention, execution of the sequences of instructions to practice the invention is performed by a single computer system 500. According to other embodiments of the invention, two or more computer systems 500 coupled by communication link 520 (e.g., LAN, PTSN, or wireless network) may perform the sequence of instructions required to practice the invention in coordination with one another.
Computer system 500 may transmit and receive messages, data, and instructions, including program, i.e., application code, through communication link 520 and communication interface 512. Received program code may be executed by processor 504 as it is received, and/or stored in disk drive 510, or other non-volatile storage for later execution.
While the invention may be practiced as computer instructions to practice a method, it is noted that the method of the invention may be embodied as logic that can be implemented using software, hardware, or any combination of software and hardware.
In the foregoing specification, the invention has been described with reference to specific embodiments thereof. It will, however, be evident that various modifications and changes may be made thereto without departing from the broader spirit and scope of the invention. For example, the above-described process flows are described with reference to a particular ordering of process actions. However, the ordering of many of the described process actions may be changed without affecting the scope or operation of the invention. The specification and drawings are, accordingly, to be regarded in an illustrative rather than restrictive sense.
This application claims the benefit of U.S. Provisional Application Ser. No. 60/475,814, filed Jun. 3, 2003, which is hereby incorporated by reference in its entirety.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5377122 | Werner et al. | Dec 1994 | A |
| 5493508 | Dangelo et al. | Feb 1996 | A |
| 5519627 | Mahmood et al. | May 1996 | A |
| 5553002 | Dangelo et al. | Sep 1996 | A |
| 5657240 | Chakradhar et al. | Aug 1997 | A |
| 5841663 | Sharma et al. | Nov 1998 | A |
| 5892687 | Moricz et al. | Apr 1999 | A |
| 6026222 | Gupta et al. | Feb 2000 | A |
| 6026226 | Heile et al. | Feb 2000 | A |
| 6052524 | Pauna | Apr 2000 | A |
| 6053947 | Parson | Apr 2000 | A |
| 6053948 | Vaidyanathan et al. | Apr 2000 | A |
| 6056784 | Stanion | May 2000 | A |
| 6086626 | Jain et al. | Jul 2000 | A |
| 6148436 | Wohl | Nov 2000 | A |
| 6163876 | Ashar et al. | Dec 2000 | A |
| 6249901 | Yuan et al. | Jun 2001 | B1 |
| 6295627 | Gowni et al. | Sep 2001 | B1 |
| 6324678 | Dangelo et al. | Nov 2001 | B1 |
| 6336206 | Lockyear | Jan 2002 | B1 |
| 6360356 | Eng | Mar 2002 | B1 |
| 6378112 | Martin et al. | Apr 2002 | B1 |
| 6446243 | Huang et al. | Sep 2002 | B1 |
| 6470478 | Bargh et al. | Oct 2002 | B1 |
| 6490717 | Pedersen et al. | Dec 2002 | B1 |
| 6505328 | Van Ginneken et al. | Jan 2003 | B1 |
| 6522767 | Moskowitz et al. | Feb 2003 | B1 |
| 6530073 | Morgan | Mar 2003 | B2 |
| 6567959 | Levin et al. | May 2003 | B2 |
| 6574778 | Chang et al. | Jun 2003 | B2 |
| 6591400 | Yang | Jul 2003 | B1 |
| 6601024 | Chonnad et al. | Jul 2003 | B1 |
| 6742174 | Chen et al. | May 2004 | B1 |
| 6785815 | Serret-Avila et al. | Aug 2004 | B1 |
| 6842884 | Lai et al. | Jan 2005 | B2 |
| 6848084 | Pandey et al. | Jan 2005 | B1 |
| 6961854 | Serret-Avila et al. | Nov 2005 | B2 |
| 6993730 | Higgins et al. | Jan 2006 | B1 |
| 7000168 | Kurtas et al. | Feb 2006 | B2 |
| 7103824 | Halford | Sep 2006 | B2 |
| 20030005418 | Sridhar et al. | Jan 2003 | A1 |
| 20030107595 | Ciolfi | Jun 2003 | A1 |
| Number | Date | Country | |
|---|---|---|---|
| 60475814 | Jun 2003 | US |
