

# Applications of SAT in EDA

- \* Test Pattern Generation:
  - Stuck-at, Delay faults, etc.
    Redundancy Removal
- Circuit Delay Computation
- \* Combinational Equivalence Checking
- Sounded/Unbounded Model Checking
- Superscalar processor verification
- \* FPGA routing
- \* Noise analysis













### Delay Computation Using SAT

Can circuit delay be  $\geq \Delta$ ?

Characteristic Function [McGeer,ICCAD'91]



 $\chi^{y,t}$  Use characteristic functions  $\chi^{y,t}$  to represent circuit delay computation as an instance of SAT !

 $\chi^{y,t} = 1 \Leftrightarrow$  node *y* stabilizes no ealier than *t* 

# Combinational Equivalence Checking $\mathbf{C}_{\mathsf{A}}$ z = 1? CB If z = 1 is unsatisfiable, the two circuits are equivalent !

### Bounded Model Checking (BMC)

\* Bounded Model Checking (Biere, et al., TACAS 1999)

- + Property checking method based on finite unfolding of transition relation interleaved with checks of the property
  - ♦ Sound in its pure form no false positives are possible ♦ Incomplete cannot guarantee correctness of property
- Basic method

♦ CNF-based

Use CNF-based SAT solver to represent unfolding and proof UNSAT for correctness of property ♦Circuit-based

- Use ATPG-like reasoning to show untestability ∻Hybrid

  - Use circuit rewriting and SAT checking interleaved • e.g. based on AND/INV graphs

- Given
  - ◆ A finite transition system M
  - A property P (representing "good" states)
- \* Note: We restrict our attention to safety properties
- \* Does M allow a counterexample to  $\neg P$  of k transitions or fewer?



### Applications

#### \* Debugging

- ♦ Can find counterexamples using a SAT solver
- Proving properties
  - Only possible if a bound on the length of the shortest counterexample is known
  - I.e., we need a *diameter* bound. The diameter is the maximum length of the shortest path between any two states
  - Worst case is exponential. Obtaining better bounds is sometimes possible, but generally intractable

## Unbounded Model Checking (UMC)

We consider a variety of methods to exploit SAT and BMC for unbounded model checking

- K-step induction
- ◆ Abstraction
   ♦ Counterexample-based
- ♦ Non-counterexample-based
   ♦ Exact image computations
- ♦ SAT solver tests for fixed point ♦ SAT solver computes image
- Over-approximate image computations

#### Improvements (Sheeran, FMCAD 2000)

- \* Assert correctness of properties proven for previous
  - frames  $tp^{k}(s_{0},s_{k}) = \bigwedge_{0 \le i < k} p(s_{i}) \wedge t(s_{i},s_{i+1})$
  - Helps pruning the search, especially for optimization in this talk
- Simple paths constraints

  Do not allow that a state is visited twice

 $tp_{simple}^{k}(s_{0}, s_{k}) = \bigwedge_{0 \le i < k} p(s_{i}) \land t(s_{i}, s_{i+1}) \land \bigwedge_{0 \le i < i \le k} s_{i} \neq s_{j}$ 

- Does not really help in practice
- *K*-step inductiveness: - In addition to  $BMC_k$  check also  $inv^k = tp^k(s_0, s_k) \land \neg p(s_k)$ - Makes proof complete

#### SAT versus BDDs (McMillan, CAV 2002)



Note low variance in times for BDD based Nederligwecorrelation between the two methods. Benchmarks may be Biggestize Banet log Biblys. be B Good Elbertheriogrerall. when BDD's fail. But note relative immaturity of SAT based method

#### Context

- \* SAT is the quintessential NP-complete problem
- Theoretically well-studied
- Practical algorithms for large problem instances started emerging in the last five years
- ✤ Has many applications in EDA and other fields
- Can potentially have similar impact on EDA as BDDs
- EDA professionals should have good working knowledge of SAT formulations and algorithms

### **Research Directions**

#### \* Algorithms

- Explore relation between different techniques
   backtrack search; conflict analysis; recursive learning; branch-merge rule; randomization & restarts; clause inference; local search (?); BDDs (?)
- Address specific solvers (circuits, incremental, etc.)
  Develop visualization aids for helping to better
  - understand problem hardness
- Applications
  - Industry has applied SAT solvers to different applications
    - ♦ SAT research requires challenging and representative publicly available benchmark instances !

### Conclusion

- SAT solvers are very effective at ignoring irrelevant facts
- \* SAT solvers can produce refutations
- \* We can exploit in a number of ways
  - ♦ BMC
  - Abstraction for UMC
  - Abstract image computations using interpolation

This makes it possible to model check *localizable* properties large systems

- Approaches that compute exact images sacrifice this quality of SAT solvers
  - still useful as alternative to BDD's
- For non-localizable properties, SAT-based BMC and UMC do not perform well
- The capacity of SAT-based UMC is smaller than the one of BMC
  - Need to settle for bounded results
  - Debugging solution instead of complete verification
  - ♦ Use UMC only in late verification phases