With the increase in the complezity of present day systems, proving the correctness of a design has become a major concern. Simulation based methodologies are genepally inadequate to validate the correctness of a design with a reasonable confidence. More and more designers are moving towards formal methods t o guarantee the correctness of their designs. In this paper we survey some state-of-the-art techniques used t o perform automatic verification of combinational circuits.
Introduction
Successful design of a complex digital system requires verifying the correctness of the implementation with respect to its intended functionality. Tkaditionally, the task of design validation is carried out by means of simulation. In a Simulation based approach, the designer needs to create a complete set of test vectonr which represents all possible inputs to the system. The outputs for each of these test vectors are analyzed to guarantee the correctness of the design. This process is highly CPU-time intensive: in almost all practical situations it is infeasible to exhaustively simulate a design to guarantee its correctness.
Due to the limitations of a simulation based approach, various formal verification strategies are becoming increasingly popular. By using these techniques, it is possible to guarantee the correctness of a design under all possible input combinations.
The process of designing a complex system usually starts with an abstract model of the system. This model is subjected to extensive simulation after which it becomes the "golden specification" of the design. From this abstract model, a detailed implementation is derived in a hierarchical manner. First the abstract model is translated into a synthesizable behavioral RTL model representing the block structure behavior of the design. This behavioral RTL model is then translated into a structural model which is a logic level description of the system. From the structural RTL model a transistor netlist and subsequently the physical layout of the design is derived.
In a successful design methodology it is essential to catch bugs early in the design cycle. For this, the functionality of the design is verified at every level of hierarchy against the original ("golden") specification. This kind of formal verification in which different implementations of the same design are compared to check their equivalence is known as implementation verification. Implemen- In this paper we will focus only on the second phase. We will describe some recent advances made in the area of verifying the equivalence of two Boolean networks. More specifically, we will focus only on the Verification of combinational circuits i.e., circuits in which the outputs depend only on the current inputs (as opposed to sequential circuits in which the outputs depend not only on the present inputs but also on the past sequence of inputs). Some sequential verification problems can also be reduced to a combinational Verification problem (e.g. when the corresponding latches in the two designs can be identified). Although techniques exist for verifying general sequential circuits, currently it is not practical to verify large industrial designs using them.
The combinational verification problem can be stated as follows: Given two Boolean netlists, check if the corresponding outputs of the two circuits are equal for all possible inputs. This problem is NP-hard and hence a general solution which can handle arbitrary Boolean functions is not likely to exist. However, since the functions that are implemented in practice are not random Boolean functionr, various techniques have been developed which can succemfully verify large d e s i p .
Research in combinational equivalence checking hm seen significant and rapid improvements since introduction of OBDDs [13] . Thus In the worst case these methods can require exponential space (in the number of inputs). We will discuss some techniques for dealing with this "memory explosion" problem in BDD representatiom.
The second approach consists of identifying equivalent points and implications between the two circuits. Using this information the process of equivalence checking can be simplified. Since a typical design proceeds by a series of local changes, in most cases there are a large number of implications between the two circuits to be verified. These implication based techniques have been very successful in verifying large circuits and form the basis of most combinational verification systems. W e will discuss some of these techniques in section 3.
Methods Based on Decision Diagrams
In this approach, the output functions of the two networks are (i.e. isomorphic).
A BDD over a set of X, = ( 1 1 , . . . xn} of Boolean variabl a directed acyclic graph with one source and at most two sinks labeled by 0 and 1. Each non-sink (internal) node is labeled by a variable in Xn and has two outgoing edges -corresponding to where the variable evaluates to a 0 or to a 1. For a given assignment to the variables, the function value is evaluated by tracing a path from the root to the terminal. the evaluation starts at the e1 x, the outgoing edge with (see Figure 1 ) .
by the repeated application of t rtex whose two branches point to the same vertex should be deleted. details on ROBDDs, and the implementation of a typical ROBDD package, please refer to [lo, 13, 161. canonical and henc rectly be s often a e and memory intensive process. The size of an ROBDD repsenting a Boolean function can be exponential in the number of primary inputs in the worst case. This problem is commonly lem. In the followwhich deal with the ification, their const memory explosion problem during ROBDD construction.
of the outputs. These techniques for the first time successfully demonstrated that ROBDDs could be U er significant advance in vari oduction of dynamic variabl procedure a periodic reordering of vari duce the memory requirement. Given a graph G, a variable U is successively moved to each position in the ordering list and the resulting graph size is examined. The variable is finally assigned somewhat expensive, dynamic breadth-first manipulation idea which gives an order of magnitude performance gain over the conventional ROBDD packages.
The main drawback of this approach is that as only a few levels are kept in the main memoryat a time, it is difficult to dynamically reorder the ROBDD during an operation.
Node Decompositions
ROBDDs employ a decomposition known as the "Shannon Decomposition" in which a function f is decomposed in terms of a variable x as follows:
Here fz represents the positive cofactor off with respect to x and is obtaining by replacing variable x by the value 1. Similarly, j~ represents the negative cofactor with respect to z and is obtained by replacing x by 0.
Canonical but fundamentally different data structures such as ordered Functional Decision Diagrams (OFDDs) [39 ] and Ordered Kronecker Functional Decisions Diagrams (OKFDDs) [22] have also been proposed to extend the set of functions that can be efficiently symbolically manipulated. In OFDDs the function is decomposedusing the "Reed-Muller" ( "Davio" ) expansion. In this decomposition, the function f is represented as either:
OFDDs are canonical like ROBDDs and hence can be used in verification. There are some functions for which ROBDDs are exponential but OFDDs are polynomial. Thus OFDDs extend the class of functions which can be verified in polynomial memory resources, but conversely there are functions for which OFDDs are exponentially larger than ROBDDs. OKFDDs try to benefit from both decompositions; each variable has an associated decomposition which can be either Reed-Muller or Shannon. Variables are ordered and every occurrence of a given variable must use the same decomposition. Although in theory OKFDDs can be exponentially more compact than both OFDDs and ROBDDs, in practice they seem to have provided only a modest improvement over ROBDDs (approx. 35%). Another strategy to reduce the BDD sizes in function representation is to relax the total ordering requirement of ROBDDs. One such relaxation is to allow variables to occur in any order but at most once along any path from the root to the terminal. Such BDDs are called Free BDDs (Figure l(b) ). In general free BDDs are not canonical and their manipulationis an intractable problem [23] . However, in [26] it was shown that restricted forms of free BDDs known as typed-Free BDDs are canonical and can be easily manipulated. In typed-Free BDDs, for any given variable assignment, the resulting paths in all graphs contain variables in the same order. The variable ordering for different assignments might be different. Unfortunately, the practical problems in choosing a good type can greatly reduce the flexibility gained from relaxing the variable ordering constraints. Some heuristics for generating typed Free BDDs were presented in [S, 71. Typed-free BDDs extend the class of functions which can be represented in polynomial space but there are still some practical functions for which Free BDDs are exponential (e.g. integer multiplier).
Non-Canonical BDDs

Partitioned ROBDDs
All the BDD methods discussed so far represent a function over the entire Boolean space as a single graph (rooted at a unique source). It was shown in [33,31, 531 that exponentially more compact representations can be obtained by partitioning the Boolean space and representing the functionality over each partition as a separate graph. This compactness in representation is achieved without sacrificing the desirable properties of the underlying graph which is used to represent each partition. In [33,31] this notion of partitioning was used to discuss a function representation scheme called partitioned-ROBDD, which was then extensively developed, theoretically as well as experimentally, in [53] . In partitioned-ROBDD every partition of the Boolean space is represented as an ROBDD. Different partitions can have different ordering. It was shown that partitioned-ROBDDs provide a compact, canonical and efficiently manipulable representation for Boolean functions. The notion of partitioning is general and can be applied to any BDD representation.
It w a s shown in [33, 31, 531 that the class of functions representable in polynomial space by monolithic ROBDDs is strictly contained in the class of functions that have a polynomially sized partitioned-ROBDD representation. Similarly, it was shown in [53] that the class of functions with polynomially sized Free BDDs is strictly contained in the class of functions with polynomially sized partitioned-Free BDDs. Note, partitioned-ROBDDs can be exponentially smaller than even free BDDs. Further, for combinational verification only one partition needs to be present in the memory at a given time. This further reduces the total memory requirement of verification. Using this representation, some industrial circuits could be verified for the first time [53] . One can try to construct only a limited number of partitions and abort the computationafter some preset time limit. Thus, even though only part of the Boolean space could be analyzed, at least some partial information about the function can be obtained. Also, when a design is erroneous, there is a high likelihood that the erroneous minterms are distributed in more than one partition and can be detected by processing only a few partitions. Experience with erroneous circuits suggests that in almost all cases the errors can be detected by constructing only one or two partitions [33].
Partitioned-ROBDDs allow a control on the space/time resources and functional-coverage as well as on the success of verification experiments. Using such data structures the success of a verification experiment may possibly be ensured by changing the parameters of decomposition and the number of partitions that need to be created. Since this data structure is still a subject of intensive research, its full impact can be judged only with time.
2.6
Combining Bottom-up and Top-down approaches of ROBDD construction
In this section we discuss a mixed bottom-up/topdown approach for ROBDD construction which attempts to minimize the intermediate peak memory requirement during ROBDD construction -a critical issue in practical use of OBDDs. Though the following discussion is with respect to ROBDDs, it should be equally applicable to other BDD methods as well.
Traditionally, ROBDDs for a givennetlist are built in a bottomup manner. To construct the ROBDD for a given node, ROBDDs of all the nodes that are present in the transitive fan-in of that node are constructed in terms of the primary inputs before the ROBDD of the target node is construct In this method, the peak intermediate memory requirement can often far exceed the final (canonical) representation size of the given function. This places a limit on the complexity of ci hat can be verified using ROBDDs, and also usually dict e time required for ROBDD construction. In [52, 361, techniques to reduce the intermediate peak memory requirement by a suitable combination of bottom-up and top-down approaches were presented. Using these techniques, ROBDDs for many circuit outputs can be constructed for which the ional method fails. The reduction in peak mpanied by a significant speed up in the Let us look at an example where the memory requirement for a bottom-up scheme is exponential while the decomposition/composition approach requires only polynomial resources.
Consider the function shown in Figure 2 . Here f and g are two internal nodes. Assume that the ROBDD of g is exponential in terms of the primary inputs (PIS) for any variabl ther assume that all the otherinternal only polynomial memory resources. If to build the ROBDD of the primary output y in a bottom-up fashion we will need to build the ROBDD of g in terms of the PIS. But si of g is exponential for any given variable ordering, the peak memory required in the bottom up scheme will be exponential. The ROBDD of 9. We can introduce a new build the ROBDD of y in terms of this requirement and extend the class of circuits that can be efficiently processed using ROBDDs.
The previous example shows that in a typical ROBDD construction procedure there is frequent functional simplification due to Boolean Absorption: x V ( x A y) = z and Boolean Cancelation: 
PIS. The functionality of the decomposition points is expressed as
ROBDDs in terms of previously intr and Pfs. Finally, the decomposition obtain a canonical ROBDD of the output function.
Two issues need to be addressed here:
les to get the monolit the intermediate memory explosion during the composition phase is low. A reduction in memory is achieved since the intermediate points of large ROBDD sizes are avoided and also because dynamic variable reordering has to focus only on the target function and hence is more effective. Such an approach is fully compatible with other approaches of reducing memory (like variable ordering) and can be seamlessly integrated within any ROBDD package. Therefore, there seems to be no apparent trade-off in using it.
Probabilistic Verification
Another important way of verifying two circuits is to probabilistically check their equivalence [9, 341. In probabilistic verification, every minterm of a function f is converted into an integer value under some random integer assignment p to the i All the integer values are then arithmetically added code Hp(f) for f . One can assert, with a low probability of error, that f g ifl Hp( f) = H p ( g ) . The arithmetic evaluations are carried in an integer field, that is, all arithmetic operations are done modulo some prime p . If f , g are functions of n-variables, and E denotes the upper bound on the error probability, then if p > n , a reasonable assumption, E C? n l p . Otherwise c C? 1 -emn/P. The probability of erroneously deciding that functions are equivalent decreases erponeniially with the number of m s : after k t u n s , the error probability is ck.
191 suggested probabilistic verification of Boolean functions through hashing their free BDD representation to an integer value under some random integer assignment p to the ' Alternately, it was shown in [34] that we can also trary representation of Boolean functions by first i given function as an integer-valued arithmetic expression. This arithmetic expressioncan then be evaluatedon integer assignments to its input variables. B y using the properties of such integervalued arithmetic transformations, many analysis techniques were developed to probabilistically verify Boolean as well as other discrete functions with a negligible probability by decomposing a circuit into regions which variable support set, and using such arithmetic transforms it was shown that an n-bit ALU requiring O ( n 2 ) time using ROBDDs requires only linear resources with the probabilistic method [34] .
In [34] some other methods for exploiting Boolean function properties for efficient hashing were also discussed. For example, it was shown that if the space of each function is partitioned into mutually disjoint subspaces then the hash code of the function corresponding to each partition can be calculated independently; the hash code of the function is the sum of the hash codes of individual partitions. This implies that to check if H p ( f ) = H p ( g ) , we can partition and hash both f and g independently. We do not need to keep the partitions of both f , and 9 , in the memory at the same time. Fbther, it is not necessary that both f and g have been partitioned identically. The effectiveness of this technique was shown on special classes of functions like Hidden-WeightedBit (HWB) function in [34] . The techniques presented in [53] are directly applicable to probabilistic verification as well and provide automatic ways to generate such partitiom.
Another technique called collapre-with-compose [34] allows efficient hashing of functions when orthogonal partitions cannot be easily found. This algorithm generates the hash code of the function directly from a decomposed representation without having to build the monolithic ROBDD of the output. For many difficult circuits in ISCAS-85 benchmark circuits, it was shown in [34] that this method can significantly outperform the monolithic ROBDD methods.
Since one is deriving the integer representation of a function rather than its Boolean representation, one can often obtain the hash code by exploiting the algebraic properties of a higher level representation, circumventingits conversion to a Boolean representation. This was illustrated in (341 where hash code for an n-input HWB function was computed from its abstract specification in 8(n3) time using only @(n) space. Similarly, the hash code for integer multiplier could be obtained 5 times more efficiently from the arithmetic specification of the multiplication function than from its circuit description using only a minimal of space.
Verification of Arithmetic Circuits
So far we have discussed methods to compare two logic circuits at the bit-level. For many arithmetic circuits this may not be a desirable thing. First, the BDD data structure that is used for bit level verification may grow exponentially with the size of the circuit (for example, integer multiplication). Secondly, even if we can guarantee that the two netlists are equivalent that doesn't necessarily imply that the circuit is implementing the correct specification. To overcome these limitations of bit-level verification, a different approach for verifying arithmetic circuits was proposed in [44, Hybrid Decision Diagrams (HDDs) [20] . Out of these, the "BMD and the HDD data structures are of particular interest as they can represent integer multiplication efficiently. However, the verification strategy presented in [lq can not take advantage of this fact. This is because in the verification methodology, a bit level representation of the multiplier has to be created first which is then translated into the word-level representation. To circumvent this problem, [lq proposes a hierarchical verification strategy. This strategy requires a well-defined structure for the multiplier which has to be known a priory. This manual intervention somewhat reduces the appeal of both "BMDs and HDDs. In [28] a heuristic to efficiently construct *BMDs is presented which works well for integer multipliers but unfortunately not for other circuits like dividers and exponentiation.
[25] proposes a verification method which uses the recurrence equations of various arithmetic circuits such as multipliers, square functions, cube functions etc. to verify them. For example, a multiplier satisfies the recurrenceequation, f(z+1, y) = f(z,y)+y where f(i, y) = xy. Thus, to prove f(z, y) represents a multiplier, we need to prove f(i + 1,y) = f(z,y) + y, where i,y are input vectors for given circuit. Each side of the equation is represented as a separate circuit, and both circuits are efficiently compared by techniques such as such as [48, 351 which exploit the fact that the given circuits have very similar internal structures. As only a multiplier obeys the above recurrence relation, we can verify that the given circuit is indeed a multiplier without needing to represent the specification. ( F V g ) where x is then implicitly existentially quantified out. To quantify out z we move towards the terminal vertices using the sifting procedures similar to ones used in [so] . BEDs can be seen as extending this idea to allow arbitrary operators and allowing these operators to remain in the graph. Equivalence of f , g can be checked by sifting variables/operators through a graph of f E! g till it can ed to reduce to 0. Such techniques can be efficient if r in which variables should be sifted can be However given the fact BEDs are quite sensit the order in which the variables/operators should be sifted, more research needs to be done to determine an appropriate sifting order. 
Boolean Expression Diagrams
Learning Techniques: Detecting Indirect Implications
There are several verification methods that extr temal correspondences between two given networks based methods. Learning involves the extraction of cations between nodes in a circuit. Recursive Learning (RL) [43], and Functional Learning (FL) [50, 35] are two of the more popular learning techniques. The concepts of FL and RL are illustrated below by means of an example. InRL wenotethat G = l canbesatisfiedbyeitherH=O, Z=X or H = X , Z = 0. However, Z = 0 implies that b = 1 which in turn implies that H=O. Therefore, G = 1 implies H = 0. Here, given a value assignment in the circuit, the deduction process recursively analyzes the effect of each justification vector, and intersects the common "effect" of every justification vector that can satisfy the given circuit condition. The result of this intersection process is the implication of the original value assignment in the circuit. The time complexity of recursive learning is exponential in the number of recursion levels, and in practice is limited to two or three levels of recursions. Both recursive learning as well as functional learning are called a complete method for learning in digital circuits, i.e. given sufficient time, they can determine all constant-value relationships in the circuit, Le., all cases where a constant Boolean value v E {0,1} at a given gate implies another constant Boolean value at another gate. However, since FL is based upon BDD based manipulations, it can, relatively more conveniently, detect more complex relationships between a set of functions with another set of functions: for example, a gate f = 0 may simply imply that disjunction of a set of functions must be 1. Or, under f = 0, some gates must assume identical value.
Techniques for Exploiting Internal Equivalences
There are several verification methods that exploit internal correspondences between two given networks. Berman et al.
[SI proposed a technique to use internal equivalences in order to establish the functional equivalence of two networks. A min-cut based algorithm for decomposing networks was proposed to break down the entire verification problem into smaller sub-problems. A set of potentially equivalent gate pairs are identified in the two networks; later the equivalence of the paired gates is decided using exhaustive simulation. Now, using a cut of equivalent gates, it is attempted to verify if the given circuits are also equivalent. However, this method was plagued with the problem of false-negatives. A false negative refers to a situation where although the two functions which are being compared are equivalent, the verification algorithm incorrectly classifies them as different. Cerny and Mauras [18] introduced the notion of cwsscontrollability and cross-observability among the internal nodes on the appropriate cutsets in the two given networks to check for equivalence. By cross-controllability at a cutset A they refer to the combination of Boolean values that can be produced at A; by cross-observability at A they refer to the combination of Boolean values which if produced a t A will imply that given primary output pairs will assume identical Boolean values. The circuits are now equivalent if it can be proved that cToss-contTollability E crossobservability for any cutset A. However, no systematic algorithm for choosing an "appropriate" cutset was presented and we do not know of any wide scale utilization of this technique.
Brand (111 proposed an ATPG based technique to determine equivalences between the internal nodes in two given circuits. This method can h d nodes which are equivalent under the observability don't care (ODC) set. Given two circuits C1 and Cz, and two potentially equivalent nodes ni E C1 and nz E Cz, a new XOR gate Y , is introducedin C1 such that nl and n 2 are the two fanins of Y.' Fig. 9 shows an example of such a miter circuit. 
Learning Based Verification Techniques
Recently, several leaning ba ques for combinational verification have been proposed. combinational verification tool, HANNIBAL, based on recursive learning was presented. HANNIBAL operates in two distinct phases. In the first phase, learning is carried out at all the nodes in the two networks for a user specified number of learning levels; often, this phase itself can verify several primary outputs of the two networks. In the second phase, using the learning information derived in the first phase, an ATPG tool is invoked for verifying the remaining primary outputs. In [49] another verification tool, VERIFUL, was presented which is based on functional learning. This tool also has two phases like HANNIBAL. Here learning is carried out at each gate g using ROBDDs. These ROBDDs are built using a cutset that is at a structural distance2 d away from g. Here The learning based techniques have several limitations. First, they are unable to derive all internal equivalences in limited computational resources. All the known learning techniques discover equivalences between internal gates in circuits using two indirect implications: to find if f 5 g they individually determine if f * 9, and then if 9 f . However, finding indirect implications, whether through ROBDD operations [49] or techniques such as recursive learning [43], can be relatively expensive. Another problem is that there is no simple method to determine, a priori, the number of levels of learning that will be required on a given pair of circuits. Hence, a complete automation of learning based verification tools may be difficult.
Recently another efficient technique that analyzes internal similarities between circuits using ROBDDs waa proposed in [48] . Beginning from gates closest to primary inputs is calculated for all potentially equivalent gate ROBDDs. The equivalent gates between two ci as shown in Figure 9 . The ROBDDs are built using internal varioduced at gates that have already been shown to be equi
The set of internal variables (gates) is chogates that have a path to another gate in the same set. This technique gives up to an order of magnitude speed-up over [58] on many benchmark circuits.
BDD Hash Based Techniques
Using such techniques many internal equivalent gates can be identified rather easily without always explicitly carrying out an XOR between pair of potentially equivalent candidates [41, 511. While constructing 0 struction is suspended DDs of the set of the OBDD was already processed, the OBDD construction for the rest of the circuit is again resumed. To identify such eqyivalent gates, the primary inputs of given circuits form the first cutset for building BDDs for the gates in the network and the gates are processed in a breadth first order. The gates are hashed into a hash table, BDD-hash, using the pointer to their BDDs as the keys. The hashing mechanism is shown in Figure 10 . The dotted lines show cutsetl and cutset2 respectively. The cutsetl consists of the primary inputs to the network. BDDs for the gates n3, n4 and n5 are built in terms of cutsetl. The gates n4 and n5 hash to the same collision chain in BDD-hash because they have identical BDDs in terms of cutsetl. Heuristics based on the size of the shared BDD data structure and the number of structural levels of circuitry for which BDDs are built using any cutset are used to limit the size of BDDs at any time. They are also used to introduce new cutsets based on already discovered equivalent gates. If false negative is required to be resolved between any two potentially equivalent candidate gates g,h, then we can compose the g @ h OBDD in terms of the cutset of gates where for each member on this cutset we have already found a functionally equivalent gat internal equivalences can fail on circuits that have relatively few equivalent nodes. Therefore, such a technique needs to be combined with a learning algorithm to make use of the indirect implicetion relations that exist between the nodes of the two circuits. To verify inequivalent circuits or internal nodes, use of ATPG techniques appears essential. Finally, in cases where both internal equivalence and learning techniques prove inadequate, verification techniques should be augmented by functional partitioning, possibly using representations such as partitioned-ROBDDs.
