We used the program to analyze several blocks of a RAM-Disc-Controller ... proach to Accurate Timing Veri cation Using RTL De- scriptions," Proceedings of the ...
Computing the Path Sensitization Problem in Linear Time P. Altenbernd, J. Strathaus CADLAB Cooperation { University of Paderborn { Siemens-Nixdorf Informationssysteme AG Paderborn, Germany, W4790
Abstract We present a new algorithm which computes in linear time with respect to the size of the circuit if a given path is sensitizable or not. The algorithm is based on a set of sensitizing conditions which are given in the text. Besides handling feedback loops, the algorithm works hierarchically, and considers the delay of each circuit element (dynamic sensitization). The trade-o� made to gain a linear runtime behavior is discussed. The algorithm is implemented as a component of an interactive timing veri er.
1 Introduction At present, timing errors are responsible for most of the failures that occur when a new application-speci c IC is plugged into a system. Timing problems are located and identi ed by timing veri ers. Most timing veri ers can be classi ed into dynamical or statical ones. Dynamic timing veri ers (min, max simulators) su�er from the limitation of required test patterns to nd timing errors. Static timing veri ers require no test vectors, and locate all timing errors. This kind of timing veri cation ignores the operating conditions and functionalities of the components in the design. By static timing veri cation errors are identi ed in paths which can never be sensitized by any input vector (false paths). Any false path leads to a loss of accuracy in the analysis results. False paths conceal the essential critical paths and therefore hide the real problem areas. Correction e�ort may be spent to paths of the design which are not critical for the functionality of the circuit. In order to avoid reporting false paths to the designer, path sensitizing algorithms are of special interest in the eld of static timing veri cation. To decide if a given path is sensitizable or not is called the sensitization problem. Some existing approaches like [6] use case analysis to reduce the number of false paths. But this technique depends on user input which is possibly error prone. Other approaches [1, 2, 7, 10] use static path sensitization techniques to eliminate false paths. This technique may fail, because the delay information of
design components is not considered. In [3, 4, 8] di�erent algorithms are proposed using dynamic path sensitization techniques to nd the sensitizable paths. Du's algorithm [3] may fail under certain conditions (we will discuss this later). The approaches of [4] and [8] lead to exponentially increasing analysis time with respect to increasing dimension of the design for computing the sensitization problem. This paper describes a new e�cient algorithm which computes the sensitization problem in linear time. The algorithm is suitable to analyze any type of circuit including cyclic hierarchical designs. In section 2 we discuss the shortcomings of previously proposed algorithms. After introducing some basic de nitions an e�cient algorithm for computing the sensitization problem is presented in section 3. Some special issues dealing with the hierarchical analysis and feedback loops are discussed. The e�ciency of the proposed algorithm is demonstrated by the experimental results in section 4.
2 Related work First approaches to solve the false path problem are proposed in [1, 2, 7, 10]. These algorithms use static sensitization techniques. This method may deliver incorrect results, because the delay information of design components is not considered. Some paths may be reported to be false paths although they are sensitizable [3, 8].
Figure 1: A simple combinational circuit
Dynamic sensitizing algorithms [3, 4, 8] and the viability algorithm [5] take the delay times of the circuit
elements into account. These techniques are suitable to overcome the limitations of static path sensitizing algorithms. For example see Fig. 1 [3]. Assume all the propagation delays of gates are 1 ns, and all the signal delays are 0 ns. Using static sensitization technique the path P=A-D-F-G is considered to be a false path. But applying the input vector (A=0, B=0, C=0), and considering the propagation delays, G can only be stabilized after 3 ns, because the values of A and B have to be propagated through D and F to determine the value of G. Thus we can claim P to be sensitizable though it is considered to be a false path by the static sensitization.
Figure 2: A simple combinational circuit Considering static and dynamic algorithms in general the proper analysis depends on sensitizing conditions which are a set of constraints to be hold at each gate on a path if it is sensitizable. As previously shown, static algorithms use incorrect sensitizing conditions. But also the dynamic method of Du's algorithm [3] fails at this point. For example see Fig. 2. Assume all the propagating delays of gates are 1 ns and all the signal delays are 0 ns. Du's algorithm reports the path A-C-D to be a false path. But changing the inputs from (A=0, B=1) to (A=1, B=1) changes C from 1 to 0 after 1 ns. The value of D toggles from 1 to 0 after 2 ns. F has not reached its stable value yet. This results in the fact that P is sensitizable. One part of sensitizing conditions is the worst-case arrival time of a gate input. A valid determination of all worst-case arrival times is presented by Perremans' algorithm [8] and by the viability algorithm [5]. These algorithms lead to exponential runtime for computing the sensitization problem. Furthermore these methods cannot handle feedback loops. Du [3] simpli es the worst-case arrival times to max delay from sink-values (mdfs-values). This method has linear time complexity. The simpli cation has consequences to the properness of the sensitizing algorithm. Some paths will be reported to be sensitizable, though they are false paths. This is only a minor disadvantage, since it leads to a rather pessimistic analysis. Du's mdfs-calculation cannot deal with feedback loops, but we found a method to overcome this problem. We think that the positive aspects of the simpli cation, the runtime and the cycle han-
dling, are much more important than its above mentioned disadvantage. Propagating values through the circuit must be done in every sensitizing algorithm. This can be achieved by applying the D-algorithm [9, 1]. Its worstcase runtime behavior is exponential to the number of primary inputs. Du [3] and Perremans [8] use a modi cation of the D-algorithm which di�ers by nonregarding combinational aspects. When reaching the output of an OR-gate with signal value 1, it is assumed that a suitable input vector can always be reached. The runtime of this modi ed D-algorithm is linear with respect to the dimension of the design, but this method fails under certain conditions. The sensitization methods can be generally classi ed in two categories: on-line processing [1, 4, 8, 5] and post processing [3, 7] algorithms. Using on-line path sensitization technique the timing veri er checks during the analysis process if a detected path is sensitizable or not. This method wastes time for analyzing non-critical paths. Post processing techniques are used after all critical paths are determined. This leads to additional e�ort for analyzing non-sensitizable paths during the delay calculation process. Hierarchical analysis is still a problem for sensitizing algorithms. Some proposals [3, 8, 5] are only applicable for at designs, so that hierarchical circuits have to be attened rst. Others, like [10], use truth table information for higher level blocks or equivalent constructs, like BDDs (binary decision diagrams). Truth table representations hide the internal logic and timing behaviors. The SLOCOP-II timing veri cation system [4] uses an event graph to handle only sensitizable paths during the phase of static timing veri cation and assures the correct handling of hierarchies. The event graph is converted by optimization algorithms to a graph which includes no false paths. These algorithms are very time consuming and have the same disadvantages as on-line path sensitization techniques. The algorithm presented in this paper is implemented as a speci c sensitization method in an interactive timing analysis environment. Therefore in our approach we chose post processing sensitization techniques. To achieve proper results we use dynamic sensitization concepts. We de ned new valid sensitizing conditions. We use mdfs-values instead of worstcase arrival times. We extended the mdfs-calculation by a concept for handling feedback loops. We use the modi ed D-algorithm which additionally determines an error factor presenting the probability to compute an incorrect analysis result. Our algorithm is suitable to analyze hierarchical designs by recursive processing steps.
3 The sensitizing algorithm We rst present the basic algorithm which deals with at, logic design. Later we add concepts for handling hierarchy, feedback loops and sequential circuits. Furthermore we restrict our view without loss of generality to only two-inputs-one-output-gates.
3.1 Basic de nitions Our algorithm works on a directed, vertex- and edge-labeled graph G = (V; E). This graph is the internal representation of the particular circuit to be analyzed. The structure of the design is represented by the vertices (describing pins) and edges (describing connections between pins) of the graph. A net is described by a set of directed edges from each sender to each receiver. The delay information is re ected by labels on edges and vertices. De nition: A path is an acyclic sequence of vertices (p1,p2,...,pn) with: for all 1 � i < n: (pi ; pi+1) is an edge of the graph and p1 is a primary input. De nition: A boolean value x is called to be the control value [3] of gate g if { x = 1 and g has a (N)OR-functionality or { x = 0 and g has a (N)AND-functionality. The notation is: x = cv(g). De nition: A boolean value x is called to be the noncontrol value [3] of gate g if { x = 0 and g has a (N)OR-functionality or { x = 1 and g has a (N)AND-functionality. The notation is: x = ncv(g). Note that control values in uence gate outputs immediately. De nition: TP (u) is the delay of the partial path of path P starting from the input of P and ending with vertex u. In the following let P=(p1,...,pn) be a path and g be a gate on P. Assume a and b to be the inputs of g with a 2 P and b 62 P. Let v(u) denote the boolean value of vertex u. De nition: The worst-case arrival time of b is de ned as: � wca(b) = MAX fTP (b) j P 2 P (b)g if P (b) 6= �
1 otherwise with P (b) = fP j P stabilizes v(b) to cv(g) g. De nition: The max delay from sink-value from b is de ned as: mdfs(b) = MAX fTP (b) j P = (p1; :::; b)g
In contrast to the worst-case arrival time, the mdfsvalue need not be produced by a sensitizable path and by a control value. De nition: A path P is called sensitizable if for each gate g along P the following sensitizing conditions
hold. (C1) v(a) = ncv(g) ) v(b) = ncv(g) (C2) v(a) = cv(g) ^ wca(b) < TP (a) ) v(b) = ncv(g)
The intuitive meaning of C1 and C2 is that there exits any input vector that is a�ecting the value of pn
by tracing a signal from p1 to pn along P. The sensitizing conditions satisfy the correctness and robustness criteria de ned by McGeer [5].
3.2 Main algorithm In a preprocessing step all mdfs-values will be calculated. We use these values to abstract the worstcase arrival times in the sensitizing conditions. The sensitizing algorithm can be divided into the scanning phase and the propagation phase. During the scanning phase the current path is traced from its source node towards its target node. For each gate g along the path the sensitizing conditions are evaluated: if v(a) is ncv(g) or v(a) is cv(g) and mdfs(b) is lower than TP (a), ncv(g) is assigned to the value of b. During the propagation phase the assigned values are propagated to all reachable vertices. It is checked whether the conditions lead to inconsistencies (di�erent values belonging to the same vertex), which proofs this path not to be sensitizable. The two phases will be used rst assigning the value 0 to the source vertex of the path, and if inconsistencies appear, a second time with assigning the value 1. In a more formal way the algorithm to sensitize one path can be speci ed as follows. 1. v(p1 ) := 0 . 2. Scanning Phase: For all vertices u 6= p1 : v(u) := undef; For all gates g on P: If (v(a) = ncv(g)) v(b) := ncv(g). If (v(a) = cv(g) and mdfs(b) < TP (a)) v(b) := ncv(g). Assign the resulting output value of g. 3. Propagation Phase: Propagate the values to all reachable vertices and check for inconsistencies (modi ed D-algorithm). 4. If (inconsistencies and v(p1 ) = 0 ) v(p1 ) := 1 ; go to (2). If (inconsistencies and v(p1 ) = 1 ) P is a false path. Otherwise, P is sensitizable. The use of the two phases is demonstrated in Fig. 1 considering the path A-D-F-G. All propagation delays of gates are 1 ns and all the signal delays are 0 ns. The upper digits inside the boxes show the boolean values for starting the sensitizing algorithm with value 0 and the lower one for value 1. The scanning phase rst starts with assigning the value 0 to A. Since 0 is the control value of AND-gate G1 the condition C2 is evaluated. The other input of G1 is not set to any
value, since the corresponding mdfs-value is not less than the current path delay. The output of G1 is set to 0 which is the input value of OR-gate G2. This leads via condition C1 to v(C) := 0 . The result at G2's output is 0. Consequently 0 is assigned to the input of AND-gate (G3), so that the algorithm takes again condition C2 into account. This time the mdfs-value is lower than the current path delay, and we assign v(E) := 1 . The resulting value at G is 0. Now the propagation phase starts. Value 1 at E is propagated to the output of G4. The output of G4 can only be forced to 1 assigning 0 to both inputs of G4. Since no inconsistencies appear, we consider the path to be sensitizable.
our algorithm computes the sensitizing problem in linear time with respect to the dimension of the analyzed design.
3.3 Feedback loops If the graph is acyclic, the calculation of mdfsvalues can be performed by a BFS (Breadth First Search) starting from each primary input running over all edges. Problems arise if the graph is cyclic. The BFS would stop when reaching a cycle, since each mdfs-value depends on the mdfs-values of its predecessors. In order to overcome this we have to consider all vertices belonging to a strong (or strongly connected) component as only one complex vertex. All strong components in a directed graph G = (V; E) can be found in time O(jE j + jV j).
Figure 3: A simple combinational circuit In Fig. 3 [3] an example for a false path (B-D-E-XY) is shown assuming the same delay times as below.
Both starting values cause the scanning phase to assign v(F) := 0 and v(C) := 1 . Hence, the propagation phase nds an inconsistency in both cases when propagating the 1 at C to F, where 0 is assigned before. It can easily be seen that our algorithm starting with value 0 reports the path of Fig. 2 (the example where Du's algorithm fails) to be sensitizable. We use the modi ed D-algorithm in the propagation phase with the following extension. We compute an error factor representing the probability of an inconsistency expressed as percentage of an incorrect analysis result caused by the modi ed D-algorithm. By example, the error factor of a two-input-OR-Gate due to a signal value of 1 at its output is 0:25, because only one of four possible input vectors forces the output to 0. The total error factor due to a given path P is computed by the following formula error factor(P) = 1 ?
k Y i=1
(1 ? error rate(gi ));
where k is the number of gates and error rate(gi ) is the actual error factor of gate gi. If a path P with error factor(P) > 0 can cause a timing error, it should be investigated a second time by using an unmodi ed D-algorithm, or it should be considered to be sensitizable. Since we use mdfs-values instead of worst-case arrival times, and since we use the modi ed D-algorithm,
Figure 4: Example for a mdfs-calculation An algorithm to determine all mdfs-values in cyclic graph works as follows. The main loop of the algorithm performs BFS-strategy. If the BFS reaches a strong component S, a DFS (Depth First Search) is applied to S calculating all mdfs-values of the vertices belonging to S. After terminating the DFS the algorithm continues the BFS-strategy. An example for the resulting values of the mdfs-calculation is shown in Fig. 4. We assume all vertices have a delay of 1 ns. Regarding feedback loops we can state that the worst-case arrival time of an input vertex of the loop is less than the delay time of a signal which was propagated through the loop. Considering the sensitizing conditions C1 and C2, we see that feedback loops have no direct in uence to (non-)sensitizability of paths. Nevertheless, it may be possible that loops cause a signal to feedback an inverting value. In this case an inconsistency would occur in the propagation phase and the sensitizability algorithm will report the path to be non-sensitizable. To avoid this e�ect the inconsistency detection part of the propagation phase has to ignore inverting feedbacks.
3.4 Hierarchy and sequential circuits To deal with hierarchical designs our algorithm performs recursive steps. When reaching a complex block B along the path within the scanning phase we continue by recursively applying the sensitizing algorithm
with respect to B to sensitize the path inside of B. The propagation phase needs not enter a hierarchical block in every case. If a block is adjacent to the path and if no error factor occurred, its work is already done by the recursive call in the scanning phase. Blocks that are non-adjacent to the path must always be analyzed by a recursive call of the propagation phase. The algorithm works top-down. At the lowest level sequential circuits can be found as well as combinational circuits. Unclocked ip ops and level sensitive triggered ip ops are modeled by gates. The resulting model is a 'quasi-logic design circuit', where the sensitizing algorithm works without any restriction. In an additional work we will extend our algorithm to be applicable also for edge triggered ip ops.
CNTB4 104 223 58 (26) 70 (31) 95 (43) 0.4 0.1 8.8 0.039
We have introduced a new sensitizing algorithm performing linear complexity with respect to increasing dimension of the design for analyzing one path. Our method can handle feedback loops, hierarchy and memory cells. Our algorithm uses valid sensitizing conditions in the scanning phase. We simplify the worst-case arrival times to mdfs-values to get linear time complexity and to handle feedback loops. The propagation phase is a modi ed D-algorithm with linear time complexity. The sensitizing algorithm is implemented as a part of an interactive timing veri er. The experimental results show the huge bene ts compared to other approaches and the suitability of the algorithm for practical use.
References
4 Experimental results # cells # timing paths # sensitizable paths (%) # potential sensi. paths (%) # false paths (%) time for searching [s] time for mdfs-calculation [s] time for analyzing [s] average time for analyzing [s]
5 Conclusion
CNTB8 207 716 165 (23) 181 (25) 370 (52) 1.4 0.3 45.6 0.063
CNTB16 383 3584 726 (20) 502 (14) 2356 (66) 5.6 1.0 404 0.113
Table 1: Results The algorithm was implemented in C running under UNIX. We used the program to analyze several blocks of a RAM-Disc-Controller (RCT6). The results are presented in table 1. We used a DFS-algorithm performing exhaustive search to deliver the timing paths. After that we run the sensitizing algorithm on each path. The connectivity within this examples is rather complex. Within all applications we detected a huge number of false paths. For at most 31% of the paths an error factor > 0 is calculated by the propagation phase (potential sensitizable paths in table 1). However, for the majority of the delivered paths the analysis did not end with an error factor > 0, independently whether these paths were indicated to be false paths or not. The algorithm needs maximally 0.113 CPU-seconds (6:5-MIPS machine) to analyze one path, which is an acceptable trade-o� between the computer resource and the time designers waste on false paths. Perremans' sensitizing algorithm [8] needs 1364 CPU-seconds to analyze a 71-cells circuit (using worstcase arrival times instead of mdfs-values and on-line processing). In contrast to this, our method analyzes the 104-cells CNTB4 in 9.3 CPU-seconds (sum of searching, mdfs-calculation and sensitization time).
[1] J. Benkoski, E. Vanden Meersch, L. Claesen, and H. De Man. \E�cient Algorithms for Solving the False Path Problem in Timing Veri cation," Proceedings of ICCAD, pp. 44{47, 1987. [2] D. Brand and V. S. Iyengar. \Timing Analysis using Functional Relationship," Proceedings of ICCAD, pp. 126{129, 1986. [3] David H. C. Du, Steve H. C. Yen, and S. Ghanta. \On the General False Path Problem in Timing Analysis," Proceedings of the 26th DAC, pp. 555{560, 1989. [4] P. Johannes, P. Das, L. Claesen, and H. De Man. \SLOCOP-II: A versatile timing veri cation system for MOSVLSI," Proceedings of the EDAC, pp. 518{523, 1990. [5] Patrick C. McGeer and Robert K. Brayton. \E�cient Algorithms for Computing the Longest Viable Path in a Combinational Network," Proceedings of the 26th DAC, pp. 561{567, 1989. [6] T. M. McWilliams. \Veri cation of Timing Constraints on Large Digital Systems," Proceedings of the 17th DAC, pp. 139{147, 1980. [7] E. Vanden Meersch, L. Claesen, and H. De Man. \A Timing Veri cation for Synchronous CMOS Logic," Proceedings of ESSCIRC, pp. 205{207, 1986. [8] S. Perremans, L. Claesen, and H. De Man. \Static Timing Analysis of Dynamically Sensitizable Paths," Proceedings of the 26th DAC, pp. 568{573, 1989. [9] J. P. Roth. \Diagnosis of Automata Failures: A Calculus and a Method," IBM J. Res. Develop., pp. 278{298, 1966. [10] Kaushik Roy and Jacob A. Abraham. \A Novel Approach to Accurate Timing Veri cation Using RTL Descriptions," Proceedings of the 26th DAC, pp. 638{641, 1989.
