52nd Design Automation Conference

Maciej Ciesielski, Cunxi Yu, Walter Brown, Duo LiuUniversity of Massachusetts, Amherst, USA

Andre RossiUniversité de Bretagne-Sud - Lab STICC, France

Verification of Gate-level Arithmetic Circuits by Function Extraction

Introduction

q Hardware verificationn Checking if the design meets specification

• Equivalence checking• Property, model checking• Functional verification ß

q Formal Verification methodsn Canonical diagrams (BDD), SAT, SMT

• Require “bit-blasting”, memory explosionn Theorem proving

§ Requires good knowledge of the design, incompleten Computer Algebra

§ Complex math, CPU runtime limitation

52ndDAC: Verification of Gate-level Arithmetic Circuits by Function Extraction 2

Related Work

q Computer Algebra method [Wienand’08, Pavlenko’11, Kalla’14]

n Circuit represented in arithmetic bit level (ABL)• Specification Fspec and implementation B defined as polynomials in Z2

n

• Reduce Fspec modulo B by polynomial divisions

n If r = 0, the circuit is correctn Otherwise, canonical Groebner basis is

needed to determine if r = 0• Must model all signals as Boolean

– include polynomials <x2-x> for all signals x• Complex math, unnecessary

n Provided main motivation for our work

52ndDAC: Verification of Gate-level Arithmetic Circuits by Function Extraction 3

Fspec r

NOR

XOR

AND

HA

(gates, Add, Mult, etc.)

B

ImplementationSpecification Fspec

Previous Work

q Linear Algebra Model [Basith FMCAD’11, Ciesielski HVC’13]

n Use linear algebraic model of the circuit

n Circuit represented as network of adders (HA, FA)• described using only linear equations

n Logic gates derived from HAs (linear)

52ndDAC: Verification of Gate-level Arithmetic Circuits by Function Extraction 4

HA

C S

a b

a+ b = 2C + S

FA

C S

a b cin

a+ b+ cin = 2C + S

Linear Algebra Approachq Input and Output Signatures

q Major limitationsn Limited to linear network of HAs with few connecting gatesn Translating gate-level to HA network (ABL) is difficultn Difficult to extend to non-linear circuits

52ndDAC: Verification of Gate-level Arithmetic Circuits by Function Extraction 5

HA

C S

FA

C S

a0a1 b1 b0

z0z1z2

Transform Sigin into Sigout

to prove thatSigIn = Sigout

Sigout = z0 + 2z1 + 4z2

Sigin = a0 + 2a1 + b0 + 2b1

This Work - Nonlinear Model

q Algebraic Model

q Main idea : Fspec = (Sigout-Sigin) ® 0 mod Bn replace by Sigin® Sigout (forward rewriting)n or by Sigout® Sigin (backward rewriting)

q Gate-level rewritingn Forward rewriting (PI ® PO)

• Polynomial division• Replacing input expression by output expression

n Backward rewriting (PO ® PI) ß• Replacing gate output by the expression in its inputs

– e.g., OR gate : z = a + b - ab52ndDAC: Verification of Gate-level Arithmetic Circuits by Function Extraction 6

¬a =1− aa∧b = a ⋅ba∨b = a+ b− aba⊕ b = a+ b− 2ab

ORab

z

a1 a0b0b1

z1z2 z0

f0

f1

f2

f3

e dc

g

Backward Rewriting - Method

q Example: 2-bit adder

n Rewriting example• OR gate:

52ndDAC: Verification of Gate-level Arithmetic Circuits by Function Extraction 7

z0 + 2z1 + 4z2z0 + 2z1 + 4(e+ g� eg)

ß

Transform Sigout into Sigin

to prove thatSigIn = Sigout

Sigout = z0 + 2z1 + 4z2

Sigin = (a0 + 2a1)+ (b0 + 2b1)

logic

logic

logic

AOI21

logic

Backward Rewriting - Issuesq Rewriting issues

n Ordering of rewriting affects performancen Internal expressions may explode: “fat-belly” issuen Technology mapped circuits contain complex gates

§ AOI21, OAI221, etc.n Heavily optimized circuits are difficult

q Heuristicsn Properly ordered rewriting

§ Topological, dependencen Handles complex gates

• Provide cuts in complex gatesn Binary signals modeled by x2® x

52ndDAC: Verification of Gate-level Arithmetic Circuits by Function Extraction 8

Results – CPU Performance

q Performance for original & lightly synthesized designsn Synthesis performed by ABC “resyn”n Verified designs

• Multipliers, matrix multiplier, A*B+C, squarer, etc.• Up-to 5 million gates• 256+ bit-widths

n ~Linear CPU timen Memory : quadratic

in # gates

52ndDAC: Verification of Gate-level Arithmetic Circuits by Function Extraction 9

Comparison with Other Methodsn SAT

n used ABC “miter”n SMT

n Algebraic model, similar to oursn Boolean model, similar to SAT

n Formality (Synopsys)

TIME OUT = AFTER 3600 SEC

52ndDAC: Verification of Gate-level Arithmetic Circuits by Function Extraction 10

XOR=?0

Multiplier

Ref. Mult

CSA-MultiplierOur [sec]

SAT SMT CommercialOp size # gates Lingling Boolector Formality

4 86 0.01 0.01 0.01 0.81

12 481 0.04 TIME OUT 2030.91 108.1

64 41.4 K 5.50 - TIME OUT 675.4

128 164 K 39.64 - - TIME OUT

Conclusions

q Functional verification by extracting arithmetic functionq Method: backward rewriting

n Extracts the function of arithmetic circuitsn Correctly model Boolean signalsn More effective than forward, but complex

q Limitationsn Less efficient for highly bit-optimized arithmetic circuitsn Potential memory explosion n Bit composition of the output needs to be known

q Future workn Diagnostics and logic debugging (using back/forward rewriting)n Application to floating-point and cryptographic arithmetic circuits

52ndDAC: Verification of Gate-level Arithmetic Circuits by Function Extraction 11

Thank you !

52ndDAC: Verification of Gate-level Arithmetic Circuits by Function Extraction 12