Optimal Redundancy Removal
without Fixedpoint Computation
Mike Case†, Jason Baumgartner, Hari Mony, Bob Kanzelman
IBM System and Technology Group
FMCAD 2011
† Now
with Calypto Design Systems
FMCAD 2011
Outline
 Introduction
 The Proof Graph
 Proof Graph + Induction
 Proof Graph + TBV
 Experimental Results
2
Mike Case
FMCAD 2011
Redundancy Removal
 Redundancy Removal
A

B
Commonly called
a “merge”
 Synthesis for verification
Combinational
Simplification
3
Mike Case
Retiming
Redundancy
Removal
Interpolation
FMCAD 2011
Proof Methods
 Induction
Base Case:
(A=B)0
Inductive Step: (A=B)t implies (A=B)t+1
 TBV (Transformation-Based Verification)
A
B
4
Mike Case
miter
Any Model
Checking Flow
FMCAD 2011
Using induction
or TBV
Fixed-Point Flow
function redundancyRemoval() {
conjecture that all gates are equivalent
random simulation + refine equiv. classes
bounded model checking + refine equiv. classes
while (proveEquivalences() returns a counterexample) {
simulate the counterexample + refine equiv. classes
}
merge the remaining equivalences
}
5
Mike Case
Problem: Merge only at
the end. Timeouts?
Problem: Repeatedly
tests the same
equivalences until all
are proved
FMCAD 2011
Our Contributions
 Track dependencies between equivalences
– Which subset(s) of equivalences are soundly proved, despite the
existence of counterexamples?
 Benefits:
– Partial results
– Don’t re-test soundly proved equivalences
– Skip SAT calls that cannot lead to merges
 Induction: up to 75% less runtime 97% reduction in SAT calls
 TBV:
6
Mike Case
up to 90% less runtime 80% fewer calls to interpolation
FMCAD 2011
Outline
 Introduction
 The Proof Graph
 Proof Graph + Induction
 Proof Graph + TBV
 Experimental Results
7
Mike Case
FMCAD 2011
Dependencies
 Suppose induction cannot prove A=B
but can prove (A=B)^(C=D)
 Then A=B depends on C=D
 “Proof graph” used to track such dependencies
8
Mike Case
FMCAD 2011
The Proof Graph
 Nodes: equivalence classes, edges: “depends on”
Node 1
Represents
Equiv Class 1
Node 3
Node 2
Represents:
Equiv Class 3
Node 4
Represents:
Equiv Class 4
Represents
Equiv Class 2
 Observation: something is soundly proved iff all of its
dependencies are soundly proved
9
Mike Case
FMCAD 2011
Redundancy Removal w/ Proof Graph
while (there are suspected equivalences) {
setup the current iteration + build the proof graph
while (candidates = getProofCandidates()) {
switch (proveEquivalences(candidates)) {
case proved:
update the proof graph + try early merging
case counterexample:
simulate the counterexample + refine equivalences
update the proof graph
}}}
10
Mike Case
FMCAD 2011
Outline
 Introduction
 The Proof Graph
 Proof Graph + Induction
 Proof Graph + TBV
 Experimental Results
11
Mike Case
FMCAD 2011
Proof Dependencies
Suspected equivalences:
(A=B)^(C=D)
Inductive step:
[(A=B)^(C=D)]T implies [(A=B)^(C=D)]T+1
Boolean Satisfiability problems:
(A≠B)T+1 such that (A=B)T and (C=D)T
...
Results:
(A≠B)T+1 is unsatisfiable, and the proof depends on (C=D)T
New edge: (A=B)  (C=D)
12
Mike Case
FMCAD 2011
Structural Dependencies
 Speculative reduction
 Dependencies
?
A2
A1
A2
?
= B2
?
= B2
≡
C2
A1
B1
≡
= D2
B1
C1
≡
D1
(A=B)  (C=D)
New edges:
(A=B)  (A=B)
13
Mike Case
FMCAD 2011
Proof Graph Algorithms By Example
proved
=0
soundlyProved = 0
falsified
=0
Node 1
proved
=0
soundlyProved = 0
falsified
=0
Node 3
Node 2
proved
=0
soundlyProved = 0
falsified
=0
proved
=0
soundlyProved = 0
falsified
=0
14
Mike Case
Node 4
FMCAD 2011
Proof Graph Algorithms By Example
proved
=0
soundlyProved = 0
falsified
=0
Node 1
proved
=0
soundlyProved = 0
falsified
=0
Node 3
Node 2
proved
=0
soundlyProved = 0
falsified
=0
proved
=0
soundlyProved = 0
falsified
=0
15
Mike Case
Node 4
FMCAD 2011
Proof Graph Algorithms By Example
proved
=0
soundlyProved = 0
falsified
=0
Node 3
Node 1
proved
=0
soundlyProved = 0
falsified
=0
Node 2
proved
=1
soundlyProved = 0
falsified
=0
proved
=0
soundlyProved = 0
falsified
=0
16
Mike Case
Node 4
FMCAD 2011
Proof Graph Algorithms By Example
proved
=1
soundlyProved = 1
falsified
Node 3
Node 1
proved
=0
soundlyProved = 0
falsified
=0
Node 2
proved
=1
soundlyProved = 1
falsified
=0
proved
=0
soundlyProved = 0
falsified
=0
17
Mike Case
Node 4
=0
FMCAD 2011
Proof Graph Algorithms By Example
proved
=1
soundlyProved = 1
falsified
=0
Node 3
Node 1
proved
=0
soundlyProved = 0
falsified
=0
Node 2
proved
=1
soundlyProved = 1
falsified
=0
proved
=0
soundlyProved = 0
falsified
=0
18
Mike Case
Node 4
FMCAD 2011
Proof Graph Algorithms By Example
proved
=1
soundlyProved = 1
falsified
=0
Node 3
Node 1
proved
=0
soundlyProved = 0
falsified
=0
Node 2
proved
=1
soundlyProved = 1
falsified
=0
proved
=0
soundlyProved = 0
falsified
=1
19
Mike Case
Node 4
FMCAD 2011
Outline
 Introduction
 The Proof Graph
 Proof Graph + Induction
 Proof Graph + TBV
 Experimental Results
20
Mike Case
FMCAD 2011
TBV Review
 Problems
–Long runtime
Suspected
Redundancies
–Frequent restarts
Netlist
21
Mike Case
Speculative
Reduction
+
Miter Creation
Spec
Reduced
Netlist
Logic
Synthesis
Interpolation
FMCAD 2011
TBV Dependencies
 No inductive hypothesis  no proof dependencies
 Structural dependencies:
?
A
=
New edge:
B
?
C
22
Mike Case
= D
(A=B)  (C=D)
FMCAD 2011
Outline
 Introduction
 The Proof Graph
 Proof Graph + Induction
 Proof Graph + TBV
 Experimental Results
23
Mike Case
FMCAD 2011
SixthSense Experiment Setup
 1300 Benchmarks
– IBM property checking and SEC benchmarks
– Hard HWMCC 2010
– Largest AIG is 5.3M Ands and 330k registers
 Redundancy removal w/ k=1 induction
 Redundancy removal w/ TBV
(combinational simplification + interpolation)
24
Mike Case
FMCAD 2011
Experimental Results : Runtime
Induction
25
Mike Case
TBV
FMCAD 2011
Experimental Results : Number of Proofs
Induction
26
Mike Case
TBV
FMCAD 2011
Conclusion
 Major enhancement to redundancy removal
–Minor book-keeping overhead
–Reduces the runtime of our engine
–Reduces the number of SAT calls
–Provides partial results
 Used everyday within IBM
27
Mike Case