1
Automatically Exploring Structural Symmetry in Symbolic Trajectory EvaluationYongjian Li The State Key Laboratory of Computer Science Chinese Academy of SciencesWilliam N. N. HungSynopsys Inc.
Xiaoyu SongPortland State University
Presented by Yongjian Li1OutlineIntroductionA formal netlist modelSyntax and semantics of trajectory logicSymmetry reductionApplying symmetry reduction automaticallyCase study on CAMsConclusion and future work22 STE overviewX value + symbolic simulation Provides a theoretical foundation for symbolic evaluation of partially ordered state spaceUsed in Intel, Motorola etc Directly using EXLIF netlist as circuit modelSpecification is asImpoverished temporal logical specificationPoweful capacity Sucesfully used for data-dominated circuits
3
3Related workClassical semantic work in STE literature (Carl Seger et al., 1995; Mark D. Aagaard et al., 2002. )usually assuming a next state function Ycore techniques: symbolic indexing and parametric representationcombining with theorem provingrather cumbersome to reason about combinational parts of a circuitA closure semantics on a netlist model(Roorda and Classen, 2005,2006)a closure function from the structure of a netlist, which can be seen as a special next state function convenient in reasoning about combinational partssat-based refinement44Related work(cont.)Symmetry reduction in STE (Pandey 1997 )use sub-graph isomorphismdetecting symmetry manuallydid not answer why symmetry in circuit netlist structure implies symmetry in next state function Symmetry reduction in STE (Darbari 2006)propose a structured model -- a high level modeling language recording the symmetry of a circuit make a connection from the model to STE : proving the symmetry in the structured model derives symmetry in the corresponding next-state function55Our contributionA formal BLIF netlist model in IsabelleFormally define the structural symmetry A soundness theorem guaranteeing the correctness of symmetry reductionApplying symmetry reduction automatically as a tactic in Forte66A formal netlist model
7The first rule specifies an empty netlist , The second adds an input node;The third adds a delay component a sequential entityThe last adds a combinational gate7Next state functionGiven a netlist nl, a next state function Y can be formally induced, which is a closure function, i.e., Y is monotonic .Y is idempotent.Y is extensive.(See Rooda et al, 2005 and Li et al, 2009 for the detail)8nl: a netlist g1: gate c a b tab1 L2: Delay c c.Y: a next state function Y s c = s (a) & s( b ).
8Syntax and Semantics of trajectory formula9
Is1 Is0 set nodes value as 1 and 0When is the guarded formulaAndList frs is the conjunction of formulasNext is the temporal operator9Syntax and Semantics of trajectoty assertion10
A trajectory is a fix-point of function Y nlAn ste assertion is A leadsto C10Causal Subnetlist on an Assertion11
11A Causal Subnetlist on an Assertion is a closure which is related with the evaluation of the assertion
Example12
12The following example intepretates the intuititive meanings of :
Evaluating an assertion in its causal subnetlist13
13Symmetric structures 14
If m is an output of an entity in netlist nl, then f m is also a similar structured entity in netlist nl14Motivating Example15
nl0nl1
In this figure, nl0 is symmetric to the netlist nl1.15Symmetry properties 16
16Symmetry reduction 17
The first law says that if nl satifies the assetion .., then nl;
In the second law, both nl1 and nl2 are subnetlists of one netlist nl.17Motivating Example18
By the second law, we have 18Substitutions on Trajectory Formulas19
In forte, sometimes we need do substitution on Boolean guards in STE assertion in some context.After a substitution {ba1/ba0,bb0/bb1}
19Applying Symmetry Reduction Automatically--problemHave a lemma:
Try to prove another lemma:
20
20Overall strategy21
21Implementation 22
22Codes main body23
23Codes (1) matching formulas24
24Codes (2) Computing symmetry25
25Codes (2) Computing symmetry26
26Case study on CAMs27
CAM is is hardware lookup-tables.
An example specifies that once tagin matches one tag stored, then the hit will rise27Case study on CAMs28
A fully-encoding style specification:This is a fully-encoding style specification, not an symmbolic indexed specification
28Symmetry Reduction in CAMs
29
Reduced toReduced to
For any I, The input tag is matched with the i-th stored tag , then the node matchi is 1. can be reduced to the case when I is zero.
Therefore, we only need directly run ste for the second assertion, then we can prove the first assetion by symmetry reduction, no need to run ste again..
The input is only matched with the with the i-th stored tag, then the node matchi is 1.29DiscussionFor n-t-d CAMs (n entries, t- tag width, d- data width) in full encoding style
Need theorem proving techniques to make assertions can be applied by symmetry reductionStructure symmetry between two bits of a bit-vector such as match, dout in CAMS
30No Sym reductionSym reduction
For property on hitn*t2*tFor property on dout (t+d)*n+t2t+dFor Cams with this configuration, the bdd variables used are compared.But we need 30Discussion (continued)Exploring structure symmetries needs time especially, when the properties checked involves many Next operators Compared and related with symbolic indexingNeed human guidance to make assertions to be applied by symmetry reduction in ours, then can be done automatically Need human guidance to make an index symbolic indexing assertion, then fully automatic ally checked by running STEOne indexing case is symmetric to each other
3131Conclusion and future workTheoretical result of symmetry reduction Formalize the correspondence between structure symmetry and property symmetryreformulated in a netlist based closure semantics frameworkAutomatic symmetry reductionworks on a netlist model, automatically checking structure symmetry onlineuse heuristics inherited in verification problem itself3232Conclusion and future workLink Isabelle with Forte? take both the advantage of Isabelle' strong theorem proving and Forte's symbolic simulation features difficulty: interface between each other Need more detail of Forte's document (but Forte can not be downloaded now!)3333Question & Answer Thank You !
34