algebraic approach to arithmetic design verification

Department of Electrical and Computer Engineering

M.A. Basith, T. Ahmad, A. Rossi *, M. CiesielskiECE Dept. Univ. Massachusetts, Amherst

* Univ. Bretagne Sud, Lorient France

ALGEBRAIC APPROACH TO ARITHMETIC DESIGN

VERIFICATION

2Department of Electrical and Computer Engineering

Introduction Design Verification

• A dominating factor in design flow

Formal Verification• Equivalence checking, model checking, property checking, etc.• Verification of combinational designs – a solved problem• Remains challenging for sequential circuits, but big progress

Verification of Arithmetic Designs and Data-paths• Difficult, bit blasting makes it not scalable

This Work• Verifying functionality of arithmetic designs

• Not exactly EC, but comparing design to a “golden model” (reference signature)

• Using algebraic rather than Boolean or symbolic approach


Related Work

4

10

x0

x1

x2

12

4

y0

y1

y2

21

Canonical representations• BDD, too fine-grained [Bryant’85]• BMD [Bryant’95] and TED [Ciesielski’06], too-low grained

• cannot express output bits as a function of word-level inputs

ILP based Data-path Verification [Brinkmann’02]• Transforms bit-vector expressions into ILP constraints• Cannot handle large designs, variable width limitation

Term rewriting for RTL equivalence checking [Vasudevan’07]• Database of rewrite rules for typical multiplier implementation schemes• Cannot be automated for non-standard implementations

Symbolic Algebra Methods [Shekhar’05]• Solving vanishing polynomial (modulo 2m) using finite ring algebra • Uses Grobner basis, scripting with Maple tools• Cannot handle complex arithmetic designs


Related Work, cont’d.

Arithmetic Bit-Level (ABL) [Wienand CAV’08, Pavlenko DATE’11]

• Represents design as network of HA (ABL)• Creates algebraic expression of Boolean-level information• Requires structural similarity• Complex math, Grobner basis• Can it handle very large designs ?

ABL provided main motivation for our approach• No need for Grobner basis• No need for deriving and manipulating large polynomials• Use only linear expressions


Our Approach

Represent arithmetic design on ABL• Network of gates, HAs and FAs

Write linear equations to represent data flow

Compute algebraic signature of the network

Prove functionality by matching signature with reference signature (specification)


Arithmetic Network Model Half-Adder

• Binary inputs ( a, b) • Binary outputs ( S, C)

Full-Adder• Binary inputs ( a, b , cin)

• Binary outputs ( S, C)


Gate Level Models

x + y = 1


Mathematical Representation

xI - Inputs

xO - Outputs

xS - Internal signals

Network Equations:


Mathematical Representation

xI - Inputs

xO - Outputs

xS - Internal signals

Network Equations:

In matrix form:

A x = bA – m x n constraint matrix (network)

x – n-vector representing signals

b – constant vector

A

x

b


Reference Signature

Functionality provided by userSigI (N) = x1 + x2 + x3 + x4 + x5 + x6 + x7

(input signature)

SigO(N) = 4x8 + 2x9 + x10

(output signature)

Reference SignatureRef(N) = SigO(N) – SigI(N)

= 4x8 + 2x9 + x10 - x1 - x2 - x3 - x4 - x5 - x6 - x7


Reference Signature - definition

Reference Signature, Ref(N) • Provides relationship between input and output variables• Difference between the output signature and input signature

Ref(N) = SigO − SigI

Mathematically

rO – output signature vector xO – primary output vector

rI – input signature vector xI – primary input vector


Reference Signature - exampleReference Signature for a 7-3 counter:

or, equivalently

Output Signature = 3-bit encoding of the output word

Input Signature = sum of the input bits

T


Algebraic SignatureThe network is similarly represented by its Algebraic Signature Algebraic signature, Sig(N)

• Defines relationship between input, output and internal signal variables

(xI xO xS)

• It is a linear combination of x = [xI xO xS]T

where rT = [rI rO rS]

It can be computed directly from matrix A

AT α = rby choosing a linear combination α of rows of matrix A

Goal: • compute α that will eliminate internal variables xS (rS = 0)

• the resulting signature should match the reference signature


Verification Goal Prove that the network (implementation) matches the

specification given by the reference signature.

That is: Given the reference signature Ref(N) (specification) Compute algebraic signature Sig(N) (implementation) Check if Sig(N) = Ref(N) ?

For the network to be correct the two signatures should match


Computing Algebraic Signature

n – total number of signals in the network

m – number of linear equations in the system

A x = b

AI xI + AO xO + AS xS = b

AI – columns associated with xI xI - primary input variables

AO – columns associated with xO xO - primary output variables

AS - columns associated with xS xS - internal signal variables


Computing Algebraic Signature

Algebraic signature Sig(N) relates I/O and internal signals

Sig(N) can be obtained as a linear combination of rows of A that matches Ref(N)

α – vector of integer coefficients that reduces matrix A to signature vector r

Ideally, want rs = 0 (eliminate all internal signals)

0 (ideally)


Completing the Signature If the system is infeasible, relax rS and solve for α

If there is no solution: design is incorrect Otherwise compute rS

If rS = 0, design is correct

What oif rS ≠ 0, is the design incorrect?


Computing Algebraic Signature – example (rs=0)

xI= {x1, x2, x3 ,x4, x5 ,x6, x7}

xO = {x8, x9, x10}

xS = {x11, x12, x13, x14, x15}

A α

r

*

-x1 –x2 –x3 –x4 –x5 –x6 –x7 +4x8 +2x9 +x10

=

α

r

A α

r


Computing Algebraic Signature – example (rs0)

Ref(N)

Sig(N)Network equations:

Residual Expression• rS set to 0, system is infeasible• rS relaxed, gives residual expression


Residual Expression

Residual Expression, RE(N) = Sig(N) − Ref(N) = rST xS

• An expression associated with the internal signals xS

RE(N) should evaluate to zero for the design to be correct• Need additional Boolean constraints

To prove RE = 0, we need additional constraints to impose on N• Structural Constraints

• Caused by fanout of internal signals, equality constraints

• Boolean Constraints• Internal signals of FA, can be propagated in the network


Proving RE = 0 with Boolean constraints

Reference Signature:

Computation of Signature:

Algebraic Signature:

Residual Expression:

Boolean Constraints:

RE(N) = 0

Now Ref(N) = Sig(N): design is correct


Functional Verification Flow


Comparison with SMT Solvers

• Without Boolean constraints, RE ≠ Φ. (MO = out of memory 4GB, TO = timeout after 1800 sec)

• With Boolean constraints, RE = Φ.

Problem can be modeled as SAT Need to show that is unSAT


Results – Large Multipliers

CPU runtime for computing algebraic signature for n-bit integer multipliers with additional constraints propagated in the network.


Results – Booth-encoded Multipliers

CPU runtime for computing algebraic signature for n-bit integer Booth-encoded multipliers with additional constraints propagated in the network.

Complexity: O(N2) in number of gates


Conclusions Developed a new technique for functional verification of

arithmetic circuits based on computing algebraic signature Application

• RTL and gate-level Verification• Given reference signature, system tries to match the signatures

• Equivalence Checking• Comparing two networks on the basis of their signatures

• Property Checking• Represent property P by its algebraic signature, SigP(N) = rT xP

• Check for consistency with reference signature APT α = rP

• Extracting circuit behavior• Use SigO(N) to compute SigI(N)

Limitations: limited to linear networks (Wallace trees, etc.)


Thank You


Outline Introduction and Motivation Related Work Algebraic Modeling of Arithmetic Networks Mathematical Formulation

• Computing the signature• Residual expression and Boolean constraints

Relation to SMT Techniques Results Conclusion and Future Work


Verification Methods Boolean methods

• Good for gate-level designs • Inefficient for arithmetic designs

Decision diagrams and SAT solvers • Requires “bit-blasting” (too low-level for arithmetic)

Symbolic Algebra • Too high level: limited to polynomial expressions or infinite precision

SMT• Generalization of Boolean SAT• Lack of adequate models to handle arithmetic designs

This Work• Functional verification of arithmetic circuits by computing algebraic signature


Related Work - Summary Decision diagrams and Boolean SAT

• Not able to handle arithmetic functions efficiently

ILP Methods• Computationally prohibitive for large designs

Symbolic Algebra• Limited to small designs that can be represented as polynomials

ABL Methods• Assumes structural similarity, which is often absent• Uses Grobner basis (overkill ?)

Our Method• No assumption about structural similarity• Handles arithmetic on bit-level using algebra• Fast and scalable (but limited to linear networks)


Complexity Graph

Computational complexity of our approach

Complexity:O(N2)


Future Work Need to learn additional Boolean Constraints

• Is this problem as difficult as the original one? Data-Path Verification

• Obtain a reference signature for the entire data-path• Partition design into smaller blocks

Debugging• Identify bugs in the circuit• Analyze Simplex phase I (pre-solver) of the LP solver

• If LP is infeasible, non-zero values of variables provide information which equations prevent the LP from being feasible

• If LP is feasible, but RE cannot be reduced to zero, content of RE will be used to reason about bugs

algebraic approach to arithmetic design verification

Documents