Abstract-The large number of latches in current designs increase the complexity of formal verification and logic synthesis, since the growth of latch number leads the state space to explode exponentially. One solution to this problem is to find the functional dependencies among these latches. Then, these latches can be identified as dependent latches or essential latches, where the state space can be constructed using only the essential latches. This paper proposes an approach to find the functional dependencies among latches in a sequential circuit by using SAT solvers with the Craig interpolation theorem. In addition, the proposed approach detects sequential functional dependencies existing in the reachable state space only. Experimental results show that our approach could deal with large sequential circuits with up to 1.5K latches in a reasonable time and simultaneously identify the combinational and sequential dependent latches.
I. INTRODUCTION
In the formal verification of sequential systems, a main task is to test the equivalence of two given sequential circuits, also called sequential equivalence checking (SEC). Examining two sequential circuits S1 and S2 for equivalence can be reduced to a reachability analysis by building a product machine of the two sequential circuits (called a miter in [4] ). Since the state space of a product machine is the Cartesian product of the state space of S1 and S2, and it grows exponentially with the increase of the number of latches in it, the corresponding reachability analysis of the machine will become more difficult. Also, the performance of SEC strongly depends on the reachability analysis [5] of the product machine. In addition to SEC, many other tasks for sequential circuits, such as property checking or model checking [19] , can be reduced to a reachability analysis as well. Hence, reachability analysis plays an important role in the formal verification of sequential systems and its efficiency would influence the performance of formal verification for sequential circuits dramatically.
There are many approaches, such as early quantification [12] , approximative state space traversal [7] [9] [20] , and functional dependencies [10] [24] , to improve the efficiency of reachability analysis. Functional dependencies, which this work focusing on, is to identify dependent latches in a machine. Since some latches in a system might functionally depend on the other latches, it is possible that not all latches in a system have to be considered during the reachability analysis. Therefore, the identification of dependent latches, that functionally depend on the other latches within the system, plays an important role in reducing the state space of a product machine. It also helps to minimize the number of latches in a sequential circuit.
To identify the dependent latches in a sequential circuit, the functional dependencies between these latches must be discovered. The functional dependencies are the relationships between these latches, and their corresponding Boolean functions are called dependency functions. With information obtained about dependency function, dependent latches can be replaced by other latches. Hence, a sequential circuit might be optimized by removing these dependent latches without changing the circuit's functionality [16] . In addition, disregarding dependent latches can avoid the explosive expansion of Binary Decision Diagram (BDD) [2] size during the BDD-based reachability analysis [10] .
This work was supported in part by the National Science Council of R.O.C. under Grant NSC 97-2220-E-007-042 and NSC 97-2220-E-007-034.
Equivalence relation (Fi ≡ Fj) and opposition relation (Fi = ¬Fj) are examples of some typical functional dependencies. [11] and [24] have proposed algorithms to identify them. However, there may exist many other relations among these latches. For instance, AND relation (Fi = Fj • F k ) is another relation. An approximate approach in [13] directly extracts dependency functions from the latches' transition functions by using BDDs. But the scalability of the approach is still restricted to the BDD size. As a result, this approach might not efficiently identify all functional dependencies among latches. Therefore, another approach [15] detects the functional dependency by using a SAT solver with the Craig interpolation theorem [6] . With the great recent advances on SAT solvers [8] [17] , this approach can identify more functional dependencies among latches.
Although [15] exploited a SAT solver to find more functional dependencies among latches, the identified dependency functions may not be precise enough because of using maximal input support candidates. Furthermore, it only reports which latches have a dependency function, but does not explicitly indicate the dependent latches. Thus the identified results cannot be directly used for further applications. On the other hand, since [15] extracts the functional dependency from the latches' transition functions, its functional dependency is a combinational functional dependency, which holds in the whole state space. As for the sequential functional dependency, which holds only in the reachable state space, [15] cannot explore it. The sequential functional dependency is capable of identifying additional dependent latches in a circuit after a specific timeframe.
The contributions of this paper are as follows: (I) An ordered destroyed cost heuristic is derived to minimize the input support candidates such that as many dependent latches are identified as possible. The corresponding dependent functions among the latches are derived as well. (II) An efficient method for discovering sequential functional dependencies among latches by exploiting the incremental SAT technique and the early detection of dependent latches are proposed. As a result, more dependent latches could be identified at each timeframe.
II. PRELIMINARIES

A. Functional dependency of latches
Definition 1: A latch's transition function is a Boolean function f (X) whose input domain consists of the primary inputs (PIs) and pseudo primary inputs (PPIs). The PPI is the output signal of a latch. This determines the next state value of this latch. Note that the replaced latch might depend only on a subset of the substituted latch set {s1(X), . . . , sn(X)} when the dependency function is written as r(X) = d(s1(X), . . . , sn(X)).
B. Existence of functional dependency
A necessary and sufficient condition to examining the existence of functional dependency among latches is described as follows. Theorem 1 [13] : Given the transition function of a replaced latch r and the transition functions of substituted latches S, 
is always true for all input combinations of X.
Theorem 1 can be used to examine whether the dependency function d exists or not.
C. Exploration of functional dependency by SAT solvers
1) Identification model: [15] defines a general model, as seen in Fig. 1 , to establish whether the dependency function exists by using a SAT solver. This method will extract the combinational part of a sequential circuit with l latches. This combinational part includes each latch's transition function with the PIs, PPIs, and pseudo primary outputs (PPOs), the input signal of latches, as the signals (the primary outputs will be ignored in this work). 3) Model transformation to a SAT problem: The circuit part Combon and Comb of f of the model in Fig. 1 can be converted to conjunctive normal forms (CNFs) Con and C of f , respectively [1] . Similarly, the constraint part can be converted to a CNF :
. Therefore, the complete CNF of the identification model is The summaries above are based on the following theorem in [15] . Theorem 2 [15] : Given the transition function r(X) of a replaced latch and the transition functions s1(X), . . . , sn(X) of substituted latches, a dependency function d exists between the replaced latch and substituted latches if, and only if, the corresponding C model is unsatisfiable. This Boolean formula I is called the interpolant of C a and C b . The interpolant can be constructed in linear time from the refutation proof [14] [18] [21] , and current SAT solvers [8] [17] can easily produce it from an unsatisfiable problem. 
D. Determination of dependency function by Craig Interpolation
Theorem 4 [15]: For the CNF
C model = Con ∧ C of f ∧ y0 ∧ ¬y * 0 ∧ (y1 ≡ y * 1 ) ∧ . . . ∧ (yn ≡ y * n ), if it is unsatisfiable, we can partition C model into Ca and C b (i.e., C model = Ca∧C b ) with Ca = Con∧y0 and C b = C of f ∧ ¬y * 0 ∧ (y1 ≡ y * 1 ) ∧ . . . ∧ (yn ≡ y * n ).
III. THE LIMITATIONS OF THE STATE OF THE ART
A. The difference between functional dependencies and dependent latches
The dependency functions among latches can be explored by previous work [15] , but it still has a gap to the dependent latch identification. For instance, if three latches A, B, and C in a sequential circuit have circular functional dependencies:
. The previous method could only report that three functional dependencies exist but cannot identify which latches are dependent.
B. The effect of input support candidate selection
To identify all functional dependencies in a sequential circuit, the previous work would take all the other latches as the input support candidates, named maximal input support candidates in this work, to explore the dependency function of a latch. But with maximal input support candidates, the dependency functions obtained in the previous work may contain some redundant input supports and rely on dependent latches, and these results do not benefit the dependent latch maximization. Two simple examples, as shown in Fig. 2(a) and Fig. 2(b) , are used to demonstrate the effects of input support candidate selection. Fig. 2(a) is a sequential circuit with three latches (f1, f2, f3) and three PIs (a, b, c) . As the previous work examines whether f3's functional dependency exists, it would take {f1, f2}, the maximal input support candidates, as its input support candidates. With the proposed identification model, it sets n to 2 in the constraint part of the model, and regards y0 and y1, y2 in the model as the replaced latch f3 and the substituted latches f1, f2 , respectively. As a result, it will get a dependency function f3 = f1 • f2 as can be observed from Fig. 2(a) . However, if f3's input support candidates are restricted to {f1}, a more simplified, but not intuited dependency function f3 = f1 would be found. This is because
1) Dependency functions containing redundant input supports:
In this work, we will remove as many redundant variables from the input support candidate set as possible, to obtain more simplified dependency functions.
2) Dependency functions relying on dependent latches: Fig. 2 (b) is a sequential circuit with four latches (f1, f2, f3, f4) and two PIs (a, b). As the previous work examines whether f3's functional dependency exists, it would take {f1, f2, f4}, the maximal input support candidates, as its input support candidates. As a result, it would get a dependency function f3 = f4. Dealing in the same way with f1, f2 and f4, it will also get f4 = f3, and will regard f1 and f2 as independent latches. Although the dependency functions of f3 and f4 do not have redundant input supports, that is, they are simplified dependency functions, these results will significantly influence the dependent latch identification. According to the dependency functions of f3 and f4 explored by the previous work, only one of them can be identified as a dependent latch, so the other one should be an essential latch. In this work, however, the input support candidates of f3 and f4 will be restricted to {f1, f2}, and their corresponding dependency functions f3 = f1 • f2 and f4 = f1•f2 will be obtained. According to the dependency functions, f3 and f4 can be simultaneously identified as dependent latches.
IV. THE ORDERED DESTROYED COST HEURISTIC
In this section, an example in Fig. 3 is used to demonstrate the heuristic for the dependent latch identification in sequential circuits. At first, the identification model is used to determine which latch's dependency function exists with maximal input support candidates, that is, by considering all other latches as input support candidates. But its dependency function will not currently be derived due to inaccuracy. Thus, two sets of latch P : {L1, L2, L3, L9, L10} and I : {L4, . . . , L8} are distinguished, where P is the set of possibly dependent latches in which functional dependencies exist, and I is the set of independent latches.
A. Refinement of the set P by the set I Latches in I do not have any functional dependency, hence, they cannot be identified as dependent latches. That is, they are the essential latches of the circuit and can be used as the substituted latches to replace the latches in P . We can determine whether the latches in P : {L1, L2, L3, L9, L10} depend solely on the latches in I : {L4, . . . , L8}. In addition, constant latches in a circuit will also be identified in this step since constant latches can be presented as
Fig . 3 . A demonstrating example.
having functional dependencies over any input support candidates. For example, to examine whether L1 depends only on the set I or is a constant latch using the identification model, the n is set to 5 in the constraint part of the model, and y0 and y1, . . . , y5 are regarded as the replaced latch L1 and the substituted latches L4, . . . , L8 , respectively. The other latches in P can also be examined in the same manner. In Fig. 3 it can be found that L9 and L10 are the latches dependent on I, and their input support candidate sets are refined from {L1, . . . , L8, L10} and {L1, . . . , L9} to {L4, . . . , L8}, and no constant latch exists in this example. As a result, L9 and L10 are put with set R, which collects the dependent latches depending on I and the constant latches. Then, set P is updated from {L1, L2, L3, L9, L10} to {L1, L2, L3}.
B. Refinement of the set P by the ordered destroyed cost
After the refinement by I, the latches in P either depend on some of the latches in P itself or some of the latches in P and I. That is, each latch Li in P whose dependency function exists with input support candidates P \{Li} or (P \{Li})∪I. Next, P is divided into two disjointed sets PR and PI , where the latches in PR are dependent on PI ∪ I. The goal is to maximize the PR set and minimize the PI set. This is because the more latches in PR, the more latches that can be identified as dependent latches.
An ordered destroyed cost is proposed as the guide for the heuristic to move latches from P to PI . The same example is used to demonstrate how to evaluate and use the destroyed cost. The physical meaning of the destroyed cost will be discussed at the end of this section.
To evaluate the destroyed cost of L3, denoted as dc3, L3 is removed from the input support candidates of latches L1 and L2, and the identification model is used to examine how many functional dependencies would not exist without L3. That is, the number of Lj's functional dependencies with candidates (P \ {L3, Lj}) ∪ I that will be destroyed by removing L3 are counted. In this example, both L1's functional dependency with input support candidates {L2, L4, . . . , L8} and L2's functional dependency with input support candidates {L1, L4, . . . , L8} would be destroyed without L3, according to the identification model. This results in the destroyed cost of L3=2.
After all calculations, we obtain the destroyed cost dc1=1, dc2=1, and dc3=2. According to the descending order of the destroyed cost, Li with the highest dci is removed to PI and it is checked whether the remaining latches in P depend solely on the updated PI ∪ I. If a latch in P satisfies this dependency condition, it can be moved to PR. If P is not empty, Li can be further moved with the next highest dci to PI and the operations mentioned above can be iterated.
For this example, L3 with dc3=2 is first moved to PI , and the remaining latches {L1, L2} in P are checked to see if they functionally depend on the updated PI ∪I (updated PI : {L3}) using the identification model. In this iteration, {L1, L2} have dependency functions with input support candidates PI ∪I. Thus, they are moved 7B-1 to PR. Finally, P is empty, and the heuristic has partitioned P into PI : {L3} and PR : {L1, L2}. All latches in PR functionally depend on PI ∪I. The pseudo code of evaluating the destroyed cost of latches in P is shown in Fig. 4 .
EvaluateDestroyedCost( )
Input : set P , set I Output : dci of each Li in P for each latch L i in P for all other latches Lj (j = i) in P { Check existence of F D j with input candidates The results of this example using the proposed heuristic are shown in Fig. 5 . In this example, the approach can identify four latches (PR : {L1, L2}, R : {L9, L10}) as the combinational dependent latches by selecting (PI : {L3}, I : {L4, . . . , L8}) as the essential (substituted) latches. In addition, dependent latches' dependency functions can be explored with more accurate input support candidates as compared to the maximal input support candidates used in [15] . According to Theorem 4, the Boolean formulae of each dependency function can also be derived, as shown in the bottom of Next, the physical meaning of the ordered destroyed cost is explained. It was observed that latches with similar behavior would have the same destroyed cost. Therefore, grouping the latches by the destroyed cost and consecutively moving Li from the same group to PI until this group becomes empty would speed up the identification process. Furthermore, dealing first with groups having a higher destroyed cost might identify more dependent latches. This is because latches in the higher cost group might have a higher probability of replacing more dependent latches. In this example, If L3(dc3=2) is moved to PI , it can replace two latches, L1 and L2, with the independent latches {L4, L5}. However, if L1(dc1=1) is moved to PI , only one latch, L2 or L3, could be replaced because the exact input support sets of L2 and L3 are L2 = {L3, L4} and L3 = {L1, L2}, respectively. Therefore, the order in which latches are moved from P to PI will influence the results obtained.
C. Sequential functional dependency in the reachable state space
To find more functional dependencies which exist in the reachable state space but not in the whole state space, an identification model with t timeframes is proposed, as shown in Fig. 6 . To build this identification model, (0, . . . , t−1) circuit parts of the model in Fig. 1 are expanded by wiring internal PPOs and PPIs, and then connecting the same constraint part as that in Fig. 1 at the end of model. This model can detect the dependency for multiple timeframes. This functional dependency across multiple timeframes is called the sequential functional dependency in this paper.
To find the functional dependency at timeframe t, the identification model is first constructed as shown in Fig. 6 . Then the same method as that mentioned in Section II is used to detect the dependencies in the constraint part of Fig. 6 . In addition, given that a sequential system begins with an unrestricted initial state S0, the reachable state space at each timeframe would be monotonically reduced and a fixed point of reachable state space would be reached. That is, Sj ⊆ Si if j > i (St is the reachable state space at the t th timeframe). Therefore, with the property of state space shrinking, if the functional dependency of Li does not exist at timeframe t, it might exist at timeframe k (k > t). However, the functional dependency of Li found at the timeframe t must still hold at the succeeding timeframe k (k > t). This approach will feed PI ∪ I, which is found at the current timeframe, to the next timeframe model to get more dependencies until run time limit is reached. If that is found, the previous dependency functions will be updated. Before feeding PI ∪ I to the next timeframe model, a refined process will be conducted to examine whether latches in PI are actually used by a dependent latch's dependency functions at the current timeframe. This is because that the heuristic might not obtain the optimal results every time, therefore, this process is used to refine the results. If some latches in PI are not used, they will be removed from PI to P and the operations mentioned above will be iterated. For the last example, PI ∪I = {L3}∪{L4, L5, L6, L7, L8} is fed into the next timeframe model. Since L3 in PI is actually used by the derived dependency functions of L1 and L2, the refined process will be terminated. At the next timeframe, a new sequential dependency function (L6 = ¬L7 • L8) can be found. Hence, there is one more dependent latch L6 after timeframe 2. The previous dependent latches' dependency functions which depend on L6 are also updated. In this example, the dependency function of L9 is updated from (L9 = L6 + L7 + L8) to (L9 = ¬L7 • L8 + L7 + L8 = L7 + L8) and the dependency function of L10 is updated from (L10 = ¬(L6 +L7 +L8)) to (L10 = ¬(¬L7 • L8 + L7 + L8) = ¬(L7 + L8)) if L6 is considered as a dependent latch after timeframe 2. The combinational and sequential dependent latches identified by this approach are summarized in Fig.  7 .
Dependent latches: {L1, L2, L9, L10} after timeframe 1
Corresponding dependency functions:
Dependent latches: {L1, L2, L6, L9, L10} after timeframe 2 Corresponding dependency functions: The following paragraphs will explain an accelerated technique used for the sequential dependent latch identification and introduce the application of the found sequential functional dependencies.
1) Accelerated technique for the sequential dependent latch identification:
The accelerated technique consists of two parts, the incremental technique [25] of SAT solvers and the early detection of dependent latches. To find the sequential functional dependency at timeframe t using SAT solvers, it needs to set the variables in the CNFs of circuit parts belonging to timeframe (0, . . . , t − 1). Since these variables at timeframe (0, . . . , t−1) have been processed, much useful information is available to speed up the process at timeframe t. Thus, the heuristic uses the incremental technique of SAT solvers to reuse the learned clauses at timeframe (0, . . . , t−1). Furthermore, dependent latches existing at timeframe t (t ≥ 1) must also exist at timeframe t (t > t ), that is, sequential dependent latches existing at timeframe t (t > 1) may have already existed at timeframe t (1 ≤ t ≤ t − 1) . Therefore, these dependent latches detected earlier at timeframe t (1 ≤ t ≤ t−1) are recorded and much run time could be saved in identifying all sequential dependent latches at timeframe t (t > 1). In other words, to identify dependent latches at timeframe t, our approach would identify dependent latches from timeframe 1 to t, and only latches in PI ∪ I at the current timeframe are needed for the next timeframe.
2) Application of sequential functional dependency: This heuristic can find the combinational functional dependency existing in the whole state space, as well as the sequential functional dependency existing in the reachable state space only. Therefore, an application of this work is to reduce the efforts of reachability analysis. With information about the sequential functional dependency at each timeframe, the reachability analysis engine which traverses the reachable state space of a sequential circuit can ignore some dependent latches after a certain timeframe. Hence, the searching space is significantly reduced. Furthermore, for a sequential circuit allowed to run t don'tcare initializing cycles from unrestricted initial states before entering the normal operation states, the state space in timeframe (0, . . . , t−1) can be ignored (delay replaceability in [23] ). Thus, the sequential functional dependencies found at timeframe t could be used to further optimize the design.
V. EXPERIMENTAL RESULTS
The proposed heuristic is implemented within SIS [22] environment and MiniSAT [8] is used as the SAT solver. The experiments are conducted on a Linux platform (CentOS 4.4) with a 2.194 GHz machine and 8GBytes memory. To show the scalability of the algorithm, a set of larger sequential circuits (more flip-flops (FFs)) are selected from ISCAS'89 and ITC'99 benchmarks.
The experimental results are shown in two subsections. Section V.A shows the capability of identifying dependent latches of our approach. Section V.B shows how dependent latch identification quantitatively benefits the reachability analysis. The reason that the proposed approach does not compare against [15] is that [15] reports the functional dependencies rather than the dependent latches. Therefore, only the results of the proposed approach are reported. Table I , this approach can recognize the dependent latches such that fewer latches have to be considered in the reachability analysis. In the experiment, we observed that the proposed approach identifies more dependent latches with the ISCAS benchmarks than with the ITC benchmarks. This indicates that fewer dependent latches are in the ITC benchmarks with unrestricted initial states.
2) Sequential dependent latch identification:
The experimental results on the sequential functional dependency in the reachable state space are shown in Table II. The CPU time limit is set to 10, 000 seconds. Columns 1 and 2 list the benchmarks and the number of FFs in it. Column 3 lists the number of identified dependent latches considered in all state space (i.e., at the timeframe 1). The results of sequential functional dependency are listed in Columns 4 through 6. Column 4 shows the number of dependent latches identified after the timeframe in Column 5. Column 6 shows the ratio of additionally identified sequential dependent latches as compared with total FFs in Column 2 (i.e., ((|Dep.| in Column 4) − (|Dep.| in Column 3)) / |FF|). Column 7 lists how many timeframes can be unfolded and examined within 10, 000 seconds run time limit. The ratio of the number of overall dependent latches identified after the timeframe in Column 5 is shown in the final column.
The experimental results show that other sequential functional dependencies may exist in the circuit, which can be used for reachability analysis and sequential circuit optimization. Take s5378 as an example: the state space could be reduced from 2 164 to 2 156 by ignoring the combinational dependent latches. Furthermore, the state space could be shrunk from 2 156 to 2 111 by ignoring other sequential dependent latches after the timeframe 14. However, after the timeframe 14, there are no additional sequential dependent latches can be identified. The reasons for it are the state space might has shrunk to a fixed point or some sequential dependent latches exist after the timeframe 107. But we cannot identify them with the 7B-1 
B. Reachability analysis enhancement with the dependent latch identification
This subsection provides the experimental results of the reachability analysis with and without using the results of the dependent latch identification within VIS [3] environment, the state-of-the-art academic formal verification tool. The experiments are conducted on a Linux platform (CentOS 4.4) with a 2.194 GHz machine and 8GBytes memory. The sequential circuits in ISCAS'89 which have dependent latches identified are selected as the benchmarks.
Although both the combinational and sequential dependent latches in a sequential circuit can be identified by our approach, the experiments only consider the combinational ones since VIS does not allow setting the sequential dependent latches during reachability analysis. The optimized version of one benchmark is derived by removing out the combinational dependent latches of the original circuit. The initial states of all latches in the optimized circuits are set to 0. But for the original circuits, only the essential latches are set to 0. The dependent latches in the original circuits are set to the values with respect to the dependency functions under the essential latches' setting. The dynamic variable ordering technique in BDD, sift algorithm, is used in the experiments (VIS command, "dynamic var ordering -e sift"). We conduct the experiments with a run time limit, and compare the results in term of the number of reached states and BDD size.
The experimental results of reachability analysis of the original and the optimized circuits with the same run time limit are shown in Table III . Columns 1 and 2 list the benchmarks and the corresponding run time limit. Longer run time limits are for more complicated circuits. The results of the original and the optimized benchmarks are listed in Columns 3 through 10. The timeframe column shows the timeframe reached within the run time limit. The number of reached states and the corresponding BDD size are listed in the next two columns. Column 11 lists the improvement ratio of the optimized circuit to the original one in term of the number of reached states. The final column lists the ratio of the BDD size reduction.
Take s13207 as an example, the original circuit has 669 FFs and the optimized circuit has 510 FFs by removing out 159 combinational dependent latches (R + PR = 5 + 154). With 600, 000 seconds run time limit, the original circuit reaches 4.82309e + 15 states in the 43 th timeframe while the optimized circuit reaches 1.44247e + 17 states in the 60 th timeframe. The fewer FFs in the optimized circuits made additional 17 timeframes evolved and 2890.76% (2990.76 − 100) more states reached. In addition, the optimized s5378 circuit also reached 140.98% (240.98 − 100) more states than the original one but had 71.09% BDD size reduction. For the circuit without state improvement, s9234, s15850, s38584 and s38417, the optimized versions still saved 26.10%, 25.67%, 34.67% and 30.85% BDD size, respectively. The BDD size savings make the reachability analysis proceed further possibly if the time limit is loosened.
VI. CONCLUSIONS
An algorithm has been proposed to efficiently identify combinational dependent latches and explore their dependency functions with the more accurate input support candidates. In addition, a multitimeframe model was constructed to identify additional sequential dependent latches existing in the reachable state space. With the dependency functions identified, the complexity of performing reachability analysis and sequential depth exploration can be reduced by disregarding these dependent latches.
