# Verification of Gate-level Arithmetic Circuits by Function Extraction

Maciej Ciesielski, Cunxi Yu, Walter Brown, Duo Liu University of Massachusetts, Amherst, USA Andre Rossi Université de Bretagne-Sud - Lab STICC, France

52nd Design Automation Conference

# Introduction

#### □ Hardware verification

- Checking if the design meets specification
  - Equivalence checking
  - Property, model checking
  - Functional verification

### Formal Verification methods

- Canonical diagrams (BDD), SAT, SMT
  - Require "bit-blasting", memory explosion
- Theorem proving
  - Requires good knowledge of the design, incomplete
- Computer Algebra
  - Complex math, CPU runtime limitation

# **Related Work**

Computer Algebra method [Wienand'08, Pavlenko'11, Kalla'14]

- Circuit represented in *arithmetic bit level (ABL)*
  - Specification  $F_{spec}$  and implementation *B* defined as polynomials in  $Z_2^n$
  - Reduce *F*<sub>spec</sub> modulo *B* by *polynomial divisions*

$$F_{spec} \xrightarrow{B}_{+} r$$

- If r = 0, the circuit is correct
- Otherwise, *canonical Groebner basis* is needed to determine if *r* = 0
  - Must model all signals as Boolean
    - include polynomials  $\langle x^2 x \rangle$  for all signals *x*
  - Complex math, unnecessary
- Provided main motivation for our work



### **Previous Work**

Linear Algebra Model [Basith FMCAD'11, Ciesielski HVC'13]

- Use linear algebraic model of the circuit
- Circuit represented as network of adders (HA, FA)
  - described using only linear equations



Logic gates derived from HAs (*linear*)

## Linear Algebra Approach



### Major limitations

- Limited to linear network of HAs with few connecting gates
- Translating gate-level to HA network (ABL) is difficult
- Difficult to extend to non-linear circuits

### This Work - Nonlinear Model

□ Algebraic Model  $\neg a = 1 - a$  $a \land b = a \cdot b$  $a \lor b = a + b - ab$ a ⊕ b = a + b - 2ab



- $\Box \text{ Main idea}: F_{spec} = (Sig_{out}-Sig_{in}) \rightarrow 0 \mod B$ 
  - replace by  $Sig_{in} \rightarrow Sig_{out}$  (forward rewriting)
  - or by  $Sig_{out} \rightarrow Sig_{in}$  (backward rewriting)
- Gate-level rewriting
  - Forward rewriting  $(PI \rightarrow PO)$ 
    - Polynomial division
    - Replacing input expression by output expression
  - Backward rewriting (PO  $\rightarrow$  PI)  $\leftarrow$ 
    - Replacing gate output by the expression in its inputs

- e.g., OR gate : *z* = *a* + *b* - *ab* 

### **Backward Rewriting - Method**

Example: 2-bit adder





- Rewriting example  $z_0 + 2z_1 + 4z_2$ 
  - OR gate:  $z_0 + 2z_1 + 4(e + g eg)$

# **Backward Rewriting - Issues**

### Rewriting issues

- Ordering of rewriting affects performance
- Internal expressions may explode: "fat-belly" issue
- Technology mapped circuits contain complex gates
  - AOI21, OAI221, etc.
- Heavily optimized circuits are difficult

### Heuristics

- Properly ordered rewriting
  - Topological, dependence
- Handles complex gates
  - Provide cuts in complex gates
- Binary signals modeled by  $x^2 \rightarrow x$



### **Results – CPU Performance**

#### □ Performance for original & lightly synthesized designs

- Synthesis performed by ABC "resyn"
- Verified designs
  - Multipliers, matrix multiplier, A\*B+C, squarer, etc.
  - Up-to 5 million gates
  - 256+ bit-widths
- ~Linear CPU time
- Memory : quadratic in # gates



# **Comparison with Other Methods**

#### SAT

used ABC "miter"

#### SMT

- Algebraic model, similar to ours
- Boolean model, similar to SAT
- Formality (Synopsys)



| CSA-Multiplier |         |           | SAT      | SMT       | Commercial |
|----------------|---------|-----------|----------|-----------|------------|
| Op size        | # gates | Our [sec] | Lingling | Boolector | Formality  |
| 4              | 86      | 0.01      | 0.01     | 0.01      | 0.81       |
| 12             | 481     | 0.04      | TIME OUT | 2030.91   | 108.1      |
| 64             | 41.4 K  | 5.50      | -        | TIME OUT  | 675.4      |
| 128            | 164 K   | 39.64     | -        | -         | TIME OUT   |

TIME OUT = AFTER 3600 SEC

# Conclusions

Functional verification by extracting arithmetic function

### Method: backward rewriting

- Extracts the function of arithmetic circuits
- Correctly model Boolean signals
- More effective than forward, but complex

#### Limitations

- Less efficient for highly bit-optimized arithmetic circuits
- Potential memory explosion
- Bit composition of the output needs to be known

### □ Future work

- Diagnostics and logic debugging (using back/forward rewriting)
- Application to floating-point and cryptographic arithmetic circuits

# Thank you !