ABC: ABC: An Industrial-Strength Academic An Industrial-Strength Academic Synthesis and Verification ToolSynthesis and Verification Tool

(based on a tutorial given at CAV 2010)(based on a tutorial given at CAV 2010)

Berkeley Verification and Synthesis Research CenterBerkeley Verification and Synthesis Research CenterUC BerkeleyUC Berkeley

Robert Brayton, Niklas Een, Alan Mishchenko Robert Brayton, Niklas Een, Alan Mishchenko Jiang Long, Sayak Ray, Baruch SterinJiang Long, Sayak Ray, Baruch Sterin

Thanks to:Thanks to: NSA, SRC, and industrial sponsors, NSA, SRC, and industrial sponsors, Altera, Atrenta, Cadence, Calypto, IBM, Intel, Jasper, Microsemi, Oasys, Altera, Atrenta, Cadence, Calypto, IBM, Intel, Jasper, Microsemi, Oasys,

Real Intent, Synopsys, Tabula, and VerificReal Intent, Synopsys, Tabula, and Verific

22

OverviewOverviewWhat is ABC?What is ABC?Synthesis/verification synergySynthesis/verification synergy Introduction to AIGsIntroduction to AIGsRepresentative transformationsRepresentative transformations Integrated verification flowIntegrated verification flowVerification example Verification example Future workFuture work

33

A Plethora of ABCsA Plethora of ABCshttphttp://en.wikipedia.org/wiki/Abc://en.wikipedia.org/wiki/Abc ABC (American Broadcasting Company)ABC (American Broadcasting Company)

A television network…A television network… ABC (Active Body Control)ABC (Active Body Control)

ABC is designed to minimize body roll in corner, ABC is designed to minimize body roll in corner, accelerating, and braking. The system uses 13 accelerating, and braking. The system uses 13 sensors which monitor body movement to supply the sensors which monitor body movement to supply the computer with information every 10 ms…computer with information every 10 ms…

ABC (ABC (Abstract Abstract BBase ase CClasslass) ) In C++, these are generic classes at the base of the In C++, these are generic classes at the base of the

inheritance tree; objects of such abstract classes inheritance tree; objects of such abstract classes cannot be created… cannot be created…

Atanasoff-Berry Computer Atanasoff-Berry Computer The The Atanasoff–Berry ComputerAtanasoff–Berry Computer ( (ABCABC) was the first ) was the first

electronicelectronic digitaldigital computingcomputing device. Conceived in device. Conceived in 1937, the machine was not programmable, being 1937, the machine was not programmable, being designed only to solve systems of designed only to solve systems of linear equationslinear equations. It . It was successfully tested in 1942. was successfully tested in 1942.

ABC (supposed to mean “as simple as ABC”)ABC (supposed to mean “as simple as ABC”) A system for sequential synthesis and verification at A system for sequential synthesis and verification at

BerkeleyBerkeley

44

ABCABC Started 6 years ago as a replacement for SISStarted 6 years ago as a replacement for SIS Academic public-domain toolAcademic public-domain tool ““Industrial-strength” Industrial-strength”

Focuses on efficient implementationFocuses on efficient implementation Has been employed in commercial offerings of Has been employed in commercial offerings of

several CAD companiesseveral CAD companies

Exploits the synergy between synthesis and Exploits the synergy between synthesis and verificationverification

55

Design FlowDesign Flow

System SpecificationSystem Specification

RTLRTL

Logic synthesisLogic synthesis

Technology mappingTechnology mapping

Physical synthesisPhysical synthesis

ManufacturingManufacturing

ABCABC Verification

Verification

PropertyPropertyChecking Checking

Equivalence Equivalence checkingchecking

66

Synthesis and VerificationSynthesis and Verification

SynthesisSynthesisGiven a Boolean functionGiven a Boolean function

Represented by a truth table, BDD, or a circuitRepresented by a truth table, BDD, or a circuit

Derive a “good” circuit implementing itDerive a “good” circuit implementing itVerificationVerification

Given a (very large) circuitGiven a (very large) circuitProve that its output is always constantProve that its output is always constant

77

Synthesis/Verification Synergy Synthesis/Verification Synergy

Similar solutionsSimilar solutions e.g. retiming in synthesis / retiming in verificatione.g. retiming in synthesis / retiming in verification

Algorithm migrationAlgorithm migration e.g. BDDs, SAT, induction, interpolation, rewritinge.g. BDDs, SAT, induction, interpolation, rewriting

Related complexity Related complexity scalable synthesis <=> scalable verification scalable synthesis <=> scalable verification

Common data-structures Common data-structures combinational and sequential AIGscombinational and sequential AIGs

88

Areas Addressed by ABCAreas Addressed by ABC

Combinational synthesisCombinational synthesis AIG rewritingAIG rewriting technology mappingtechnology mapping resynthesis after mappingresynthesis after mapping

Sequential synthesisSequential synthesis retimingretiming structural register sweepstructural register sweep merging seq. equiv. nodesmerging seq. equiv. nodes

Combinational verificationCombinational verification SAT solvingSAT solving SAT sweepingSAT sweeping combinational equivalence combinational equivalence

checking (CEC)checking (CEC)

Sequential verificationSequential verification bounded model checking bounded model checking

(BMC)(BMC) unbounded model/equiv unbounded model/equiv

checking (MC/EC)checking (MC/EC) safety/liveness propertiessafety/liveness properties exploits synthesis historyexploits synthesis history

99

TerminologyTerminology

Logic functionLogic function (e.g. (e.g. F = ab+cdF = ab+cd)) Variables (e.g.Variables (e.g. b b)) Minterms (e.g. Minterms (e.g. abcdabcd)) Cube (e.g. Cube (e.g. abab))

Logic networkLogic network Primary inputs/outputsPrimary inputs/outputs Logic nodesLogic nodes Fanins/fanoutsFanins/fanouts Transitive fanin/fanout coneTransitive fanin/fanout cone Cut and window (defined later)Cut and window (defined later) Primary inputsPrimary inputs

Primary outputsPrimary outputs

FaninsFanins

FanoutsFanoutsTFOTFO

TFITFI

1010

AIG (And-Inverter Graphs) AIG (And-Inverter Graphs) DDefinition and efinition and EExamplesxamples

cdcdabab 0000 0101 1111 1010

0000 00 00 11 00

0101 00 00 11 11

1111 00 11 11 00

1010 00 00 11 00

F(a,b,c,d) = ab + d(ac’+bc)

F(a,b,c,d) = ac’(b’d’)’ + c(a’d’)’ = ac’(b+d) + bc(a+d)

cdcdabab 0000 0101 1111 1010

0000 00 00 11 00

0101 00 00 11 11

1111 00 11 11 00

1010 00 00 11 00

6 nodes

4 levels

7 nodes

3 levels

b ca c

a b d

a c b d b c a d

AIG is a Boolean network composed of two-input ANDs and invertersAIG is a Boolean network composed of two-input ANDs and inverters

1111

Propagates constants and merges structural equivalencesPropagates constants and merges structural equivalences Is applied on-the-fly during AIG constructionIs applied on-the-fly during AIG construction Results in circuit compactionResults in circuit compaction

Example: F = abc G = (abc)’ H = abc’

Before structural hashing After structural hashing

Structural HashingStructural Hashing

1212

Why AIGs?Why AIGs?Same reasons hold for both synthesis and verificationSame reasons hold for both synthesis and verification

Easy to construct, relatively compact, robustEasy to construct, relatively compact, robust 1M AIG ~ 12Mb RAM1M AIG ~ 12Mb RAM

Can be efficiently stored on disk Can be efficiently stored on disk 3-4 bytes / AIG node (1M AIG ~ 4Mb file)3-4 bytes / AIG node (1M AIG ~ 4Mb file)

Unifying representationUnifying representation Used by all the different verification enginesUsed by all the different verification engines Easy to pass around, duplicate, saveEasy to pass around, duplicate, save

Compatible with SAT solvers Compatible with SAT solvers Efficient AIG-to-CNF conversion availableEfficient AIG-to-CNF conversion available Circuit-based SAT solvers work directly on AIGCircuit-based SAT solvers work directly on AIG ““AIGs + simulation + SAT” works well in many casesAIGs + simulation + SAT” works well in many cases

1313

AIG Memory UsageAIG Memory Usage

Fixed amount of memory for each nodeFixed amount of memory for each node Can be done by a simple custom memory managerCan be done by a simple custom memory manager Dynamic fanout manipulation is supported!Dynamic fanout manipulation is supported!

Allocate memory for nodes in a topological orderAllocate memory for nodes in a topological order Optimized for traversal in the same topological orderOptimized for traversal in the same topological order

Mostly AIG can be stored in cache – fewer cache misses.Mostly AIG can be stored in cache – fewer cache misses.

Small static memory footprint in many applicationsSmall static memory footprint in many applications

Compute fanout information on demandCompute fanout information on demand

1414

““Classical” Logic SynthesisClassical” Logic Synthesis

Equivalent AIG in ABCEquivalent AIG in ABC

aa bb cc dd

ff

ee

xxyy

zz

Boolean network in SISBoolean network in SIS

aa bb cc dd

ee

xx yy

ff

zz

ze

xd yd xy

ab cd cd

AIG is a Boolean network of 2-input AND nodes and invertors (dotted lines)

1515

One AIG Node – Many CutsOne AIG Node – Many Cuts

Combinational AIGCombinational AIG

aa bb cc dd

ff

ee

Each AIG cut represents a

different logic node AIG manipulation with cuts is

equivalent to working on many Boolean networks at the same time

Different cuts for the same nodeDifferent cuts for the same node

1616

Combinational SynthesisCombinational Synthesis

a b a c

Subgraph 1

b c

a

Subgraph 2

Pre-computing AIG subgraphsPre-computing AIG subgraphs Consider function f = abcConsider function f = abc

a c

b

Subgraph 3

Rewriting AIG subgraphsRewriting AIG subgraphsRewriting node A

Rewriting node B

a b a c

a b a c

A

Subgraph 1

b c

a

A

Subgraph 2

b c

a

B

Subgraph 2

a b a c

B

Subgraph 1

In both cases 1 node is savedIn both cases 1 node is saved

AIG rewritingAIG rewriting minimizes the number of AIG nodes without minimizes the number of AIG nodes without increasing the number of AIG levelsincreasing the number of AIG levels

1717

Combinational RewritingCombinational Rewriting iterate iterate 1010 times { times {

for for eacheach AIG node { AIG node {

for for eacheach kk-cut-cut

derive node output as function of cut variablesderive node output as function of cut variables

if ( smaller AIG is in the pre-computed library )if ( smaller AIG is in the pre-computed library )

rewriterewrite using improved AIG structure using improved AIG structure

}}

}}Note: For 4-cuts, each AIG node has, on average, 5 cuts Note: For 4-cuts, each AIG node has, on average, 5 cuts compared to a SIS node with only 1 cutcompared to a SIS node with only 1 cut

Rewriting at a node can be very fast – using hash-table Rewriting at a node can be very fast – using hash-table lookups, truth table manipulation, disjoint decompositionlookups, truth table manipulation, disjoint decomposition

1818

ResubstitutionResubstitution

ResubstitutionResubstitution means expressing means expressing one function in terms of othersone function in terms of others Given Given f(x) f(x) and and {gi(x)}{gi(x)}, is it possible , is it possible

to express to express ff in terms of a subset of in terms of a subset of functions functions gigi??

If so, what is function If so, what is function f(g)f(g)??

f(g)

g1 g2 g3f(x)

xx

An efficient truth-table-based and SAT-based solution existsAn efficient truth-table-based and SAT-based solution exists Runs in seconds for functions with hundreds of I/OsRuns in seconds for functions with hundreds of I/Os

A. Mishchenko, R. Brayton, J.-H. R. Jiang, and S. Jang, "Scalable A. Mishchenko, R. Brayton, J.-H. R. Jiang, and S. Jang, "Scalable don't care based logic optimization and resynthesis", Proc. FPGA'09.don't care based logic optimization and resynthesis", Proc. FPGA'09.

1919

Technology MappingTechnology MappingInput: A Boolean network (And-Inverter Graph)

Output: A netlist of K-LUTs implementing AIG and optimizing some cost function

The subject graph The mapped netlist

TechnologyMapping

a b c d

f

e a b c d e

f

2020

Comparison of Two SynthesesComparison of Two Syntheses

“ “Classical” synthesisClassical” synthesis

Boolean networkBoolean network Network manipulation Network manipulation

(algebraic)(algebraic) EliminationElimination Decomposition (common Decomposition (common

kernel extraction)kernel extraction) Node minimizationNode minimization

EspressoEspresso Don’t cares computed using Don’t cares computed using

BDDsBDDs Resubstitution Resubstitution

““Contemporary” synthesisContemporary” synthesis

AIG networkAIG network DAG-aware AIG rewriting (Boolean)DAG-aware AIG rewriting (Boolean)

Several related algorithmsSeveral related algorithms RewritingRewriting RefactoringRefactoring BalancingBalancing

Node minimizationNode minimization Boolean decompositionBoolean decomposition Don’t cares computed using Don’t cares computed using

simulation and SATsimulation and SAT Resubstitution with don’t caresResubstitution with don’t cares

Note: here all algorithms are Note: here all algorithms are scalablescalable: : no SOP, no BDDs, no Espressono SOP, no BDDs, no Espresso

2121

Formal VerificationFormal Verification Property checkingProperty checking

Create miter from the design and Create miter from the design and the safety propertythe safety property

Special construction for livenessSpecial construction for liveness Biere et al, Proc. FMICS’06

Equivalence checkingEquivalence checking Create miter from two versions Create miter from two versions

of the same designof the same design

Assuming the initial state is Assuming the initial state is givengiven

The goal is to prove that the The goal is to prove that the output of the miter is 0, for all output of the miter is 0, for all states reachable from the initial.states reachable from the initial.

D2D2D1D1

Equivalence checking miterEquivalence checking miter

0

D1D1

Property checking miterProperty checking miter

0

pp

2222

Outcomes of VerificationOutcomes of Verification

SuccessSuccess The property holds in all reachable statesThe property holds in all reachable states

FailureFailure A finite-length counter-example (CEX) is foundA finite-length counter-example (CEX) is found

UndecidedUndecided A limit on resources (such as runtime) is reachedA limit on resources (such as runtime) is reached

2323

Inductive InvariantInductive Invariant

An An inductive invariantinductive invariant is a is a Boolean function in terms of Boolean function in terms of register variables, such thatregister variables, such that It is true for the initial state(s)It is true for the initial state(s) It is inductive It is inductive

assuming that is holds in one assuming that is holds in one (or more) time-frames allows us (or more) time-frames allows us to prove it in the next time-frameto prove it in the next time-frame

It does not contain “bad states” It does not contain “bad states” where the property failswhere the property fails

InitReached

BadInvariant

State space

2424

Inductive Invariant (cont.)Inductive Invariant (cont.) It does not matter how inductive invariant is derived!It does not matter how inductive invariant is derived! If it is available in any form (as a circuit, BDD or CNF), If it is available in any form (as a circuit, BDD or CNF),

it can be checked for correctness using a third-party it can be checked for correctness using a third-party tooltool This way, verification proof can be certifiedThis way, verification proof can be certified

Comment 1:Comment 1: If the property is true, the set of all If the property is true, the set of all reachable states is an inductive invariantreachable states is an inductive invariant

Comment 2:Comment 2: In practice, computing the set of all In practice, computing the set of all reachable states is often impossible. reachable states is often impossible. In such cases, an inductive invariant is an over-In such cases, an inductive invariant is an over-approximation of reachable states.approximation of reachable states.

2525

Verification EnginesVerification Engines Bug-huntersBug-hunters

random simulation random simulation bounded model checking (BMC)bounded model checking (BMC) hybrids of the above two (“semi-formal”)hybrids of the above two (“semi-formal”)

ProversProvers K-step induction, with or without uniqueness constraintsK-step induction, with or without uniqueness constraints BDDs (exact reachability)BDDs (exact reachability) Interpolation (over-approximate reachability)Interpolation (over-approximate reachability) Property directed reachability (over-approximate reachability)Property directed reachability (over-approximate reachability)

TransformersTransformers Combinational synthesisCombinational synthesis ReparameterizationReparameterization RetimingRetiming

2626

Integrated Verification FlowIntegrated Verification Flow

PreprocessingPreprocessing Creating a miterCreating a miter Computing the intial state, etcComputing the intial state, etc

Handling combinational problemsHandling combinational problems Handling sequential problemsHandling sequential problems

Start with faster enginesStart with faster engines Continue with slower enginesContinue with slower engines Run main induction loopRun main induction loop Call last-gasp enginesCall last-gasp engines

2727

Command “dprove” in ABCCommand “dprove” in ABC transforming initial state (“undc”, “zero”)transforming initial state (“undc”, “zero”) converting into an AIG (“strash”)converting into an AIG (“strash”) creating sequential miter (“miter -c”)creating sequential miter (“miter -c”) combinational equivalence checking (“iprove”)combinational equivalence checking (“iprove”) bounded model checking (“bmc”)bounded model checking (“bmc”) sequential sweep (“scl”)sequential sweep (“scl”) phase-abstraction (“phase”)phase-abstraction (“phase”) most forward retiming (“dret -f”) most forward retiming (“dret -f”) partitioned register correspondence (“lcorr”)partitioned register correspondence (“lcorr”) min-register retiming (“dretime”)min-register retiming (“dretime”) combinational SAT sweeping (“fraig”)combinational SAT sweeping (“fraig”) for ( K = 1; K for ( K = 1; K 16; K = K * 2 ) 16; K = K * 2 )

signal correspondence (“scorr”)signal correspondence (“scorr”) stronger AIG rewriting (“dc2”)stronger AIG rewriting (“dc2”) min-register retiming (“dretime”)min-register retiming (“dretime”) sequential AIG simulationsequential AIG simulation

interpolation (“int”)interpolation (“int”) BDD-based reachability (“reach”)BDD-based reachability (“reach”) saving reduced hard miter (“write_aiger”)saving reduced hard miter (“write_aiger”)

Preprocessors

Combinational solver

Faster engines

Slower engines

Main induction loop

Last-gasp engines

2828

Typical Run of SEC in ABCTypical Run of SEC in ABCabc - >abc - > miter –cm r\orig\s38584.1.blif r\rrr\s38584.1_r.blif miter –cm r\orig\s38584.1.blif r\rrr\s38584.1_r.blif

abc - > abc - > dprove –vbdprove –vb

Original miter: Latches = 4162. Nodes = 23649.Original miter: Latches = 4162. Nodes = 23649.Sequential cleanup: Latches = 3777. Nodes = 22081. Time = 0.07 secSequential cleanup: Latches = 3777. Nodes = 22081. Time = 0.07 secForward retiming: Latches = 5196. Nodes = 21743. Time = 0.24 secForward retiming: Latches = 5196. Nodes = 21743. Time = 0.24 secLatch-corr (I= 15): Latches = 4311. Nodes = 19670. Time = 2.88 secLatch-corr (I= 15): Latches = 4311. Nodes = 19670. Time = 2.88 secFraiging: Latches = 4311. Nodes = 18872. Time = 0.35 secFraiging: Latches = 4311. Nodes = 18872. Time = 0.35 secMin-reg retiming: Latches = 2280. Nodes = 18867. Time = 0.93 secMin-reg retiming: Latches = 2280. Nodes = 18867. Time = 0.93 secK-step (K= 1,I= 8): Latches = 2053. Nodes = 16602. Time = 13.19 secK-step (K= 1,I= 8): Latches = 2053. Nodes = 16602. Time = 13.19 secMin-reg retiming: Latches = 2036. Nodes = 16518. Time = 0.14 secMin-reg retiming: Latches = 2036. Nodes = 16518. Time = 0.14 secRewriting: Latches = 2036. Nodes = 14399. Time = 1.64 secRewriting: Latches = 2036. Nodes = 14399. Time = 1.64 secSeq simulation : Latches = 2036. Nodes = 14399. Time = 0.29 secSeq simulation : Latches = 2036. Nodes = 14399. Time = 0.29 secK-step (K= 2,I= 9): Latches = 1517. Nodes = 10725. Time = 14.81 secK-step (K= 2,I= 9): Latches = 1517. Nodes = 10725. Time = 14.81 secMin-reg retiming: Latches = 1516. Nodes = 10725. Time = 0.14 secMin-reg retiming: Latches = 1516. Nodes = 10725. Time = 0.14 secRewriting: Latches = 1516. Nodes = 10498. Time = 1.09 secRewriting: Latches = 1516. Nodes = 10498. Time = 1.09 secSeq simulation : Latches = 1516. Nodes = 10498. Time = 0.45 secSeq simulation : Latches = 1516. Nodes = 10498. Time = 0.45 secK-step (K= 4,I= 8): Latches = 0. Nodes = 0. Time = 11.89 secK-step (K= 4,I= 8): Latches = 0. Nodes = 0. Time = 11.89 sec

Networks are equivalent. Time = 48.16 secNetworks are equivalent. Time = 48.16 sec

2929

Combinational Equivalence Checking Combinational Equivalence Checking (command ‘cec’) (command ‘cec’)

Naïve approachNaïve approach• Build output miter – call SATBuild output miter – call SAT

works well for many easy problemsworks well for many easy problems

Better approach - SAT sweepingBetter approach - SAT sweeping • based on based on incrementalincremental SAT solving SAT solving

• detect possibly equivalent nodes using detect possibly equivalent nodes using simulationsimulation

• candidate constant nodescandidate constant nodes• candidate equivalent nodescandidate equivalent nodes

• run run SATSAT on the intermediate miters in a on the intermediate miters in a topological ordertopological order

• refine candidates using counterexamplesrefine candidates using counterexamplesProving internal equivalences in a topological order

D2D2D1D1

A

B

SAT-1SAT-1D CC

SAT-2SAT-2

?

?

3030

Improved CEC (command ‘&cec’)Improved CEC (command ‘&cec’)For hard CEC instancesFor hard CEC instances

Heuristic: skip some equivalencesHeuristic: skip some equivalencesResults in Results in

5x reduction in runtime5x reduction in runtimeSolving previously unresolved problemsSolving previously unresolved problems

Given a combinational miter with Given a combinational miter with equivalence class equivalence class {A, B, A’, B’}{A, B, A’, B’}

Possible equivalences: Possible equivalences:

A = B, A = A’, A = B’, B = A’, B = B’, A’ = B’A = B, A = A’, A = B’, B = A’, B = B’, A’ = B’

- only try to prove only try to prove A=A’A=A’ and and B=B’B=B’

- do not try to prove do not try to prove

A = B, A’ = B’, A’ = B A = B, A’ = B’, A’ = B A = B’ A = B’ D2D2D1D1

BBAA A’A’

B’B’

3131

CEC Under Permutation

A resource-aware combination of graph-based, A resource-aware combination of graph-based, simulation-based, and SAT-based techniquessimulation-based, and SAT-based techniques

Works for circuits with 100s of I/Os in about 1 minWorks for circuits with 100s of I/Os in about 1 min ABC command ”bm”ABC command ”bm” (developed at U of Michigan) (developed at U of Michigan)

Hadi Katebi and Igor Markov, Hadi Katebi and Igor Markov, ““Large-scale Boolean Matching”, Proc. DATE’10.

CEC

Yes or No (and counterexample)

Design1 Design2

CEC

Yes or No (and counterexample)

Boolean matcher

Design1 Design2

3232

HWMCC 2011HWMCC 2011 44thth Hardware Model Checking Competition Hardware Model Checking Competition

Held at FMCAD’11 in Austin, TX (Oct 30 – Nov 2, 2011)Held at FMCAD’11 in Austin, TX (Oct 30 – Nov 2, 2011) Organized byOrganized by

Armin Biere, Armin Biere, Keijo Heljanko, Siert Wieringa, Niklas Soerensson ParticipantsParticipants

6 universities submitted 14 solvers + 4 solvers that won previous 6 universities submitted 14 solvers + 4 solvers that won previous competitionscompetitions

BenchmarksBenchmarks 465 benchmarks from different sources465 benchmarks from different sources

Resources Resources 15 min, 7Gb RAM, 4 cores15 min, 7Gb RAM, 4 cores Using 32 node cluster, Intel Quad Core 2.6 GHz, 8 GB, UbuntuUsing 32 node cluster, Intel Quad Core 2.6 GHz, 8 GB, Ubuntu

3333Courtesy Armin Biere

3434Courtesy Armin Biere

3535Courtesy Armin Biere

3636

Future WorkFuture Work Exploring new directionsExploring new directions

Satisfiability Modulo Theories (SMT)Satisfiability Modulo Theories (SMT) Software verificationSoftware verification Using concurrency, etcUsing concurrency, etc

Improving bit-level enginesImproving bit-level engines Application-specific SAT solversApplication-specific SAT solvers A modern BDD packageA modern BDD package Improved sequential logic simulators Improved sequential logic simulators

combining random, guided and symbolic simulationcombining random, guided and symbolic simulation Improved abstraction refinementImproved abstraction refinement … … and may be a new engine or twoand may be a new engine or two

3737

To Learn MoreTo Learn More

Visit BVSRC webpage Visit BVSRC webpage www.bvsrc.orgwww.bvsrc.org

Read recent papers Read recent papers http://www.eecs.berkeley.edu/~alanmi/http://www.eecs.berkeley.edu/~alanmi/publicationspublications

Send email Send email alanmi@eecs.berkeley.edualanmi@eecs.berkeley.edu brayton@eecs.berkeley.edubrayton@eecs.berkeley.edu

3838