PolyAdd: Polynomial Formal Verification of Adder Circuits
PPolyAdd: Polynomial Formal Verification of Adder Circuits ∗ Rolf DrechslerInstitute of Computer ScienceUniversity of Bremen28359 Bremen, [email protected]
Abstract
Only by formal verification approaches functional cor-rectness can be ensured. While for many circuits fast ver-ification is possible, in other cases the approaches fail. Ingeneral no efficient algorithms can be given, since the un-derlying verification problem is NP-complete.In this paper we prove that for different types of addercircuits polynomial verification can be ensured based onBDDs. While it is known that the output functions for ad-dition are polynomially bounded, we show in the followingthat the entire construction process can be carried out inpolynomial time. This is shown for the simple Carry Rip-ple Adder, but also for fast adders like the Conditional SumAdder and the Carry Look Ahead Adder. Properties aboutthe adder function are proven and the core principle of poly-nomial verification is described that can also be extended toother classes of functions and circuit realizations.
1. Introduction
Ensuring the functional correctness of circuits and sys-tems is one of the major challenges in today’s circuit andsystem design. While simulation and emulation approachesreach their limits due to the complexity of the system underverification according to Moore’s Law, only formal prooftechniques can ensure correctness according to the specifi-cation (see e.g. [7, 8]). In these approaches proof engines,like BDD, SAT or SMT, are applied.In practice these techniques work often well and can han-dle circuits of several million gates. But it might also hap-pen that the proof fails due to run time or memory con-straints. One of the major difficulties is that this can hardly ∗ Parts of this work have been supported by DFG within in ReinhartKoselleck Project
PolyVer: Polynomial Verification of Electronic Circuits (DR 287/36-1). be predicted resulting in non-robust behavior of the tools.For this, a deeper understanding is required which circuitscan be handled efficiently and for which ones the formalapproach will fail.In the context of the highly relevant class of arithmeticcircuits early studies on BDDs have shown that they arenot well-suited to verify multipliers [5], but using dedicateddata structures, like *BMDs [6] it was possible to representthe output functions of a multiplier polynomially. In [11]it has been shown that not only the outputs can be repre-sented, but for a specific type of Wallace tree multiplier thecomplete verification can be carried out polynomially.In this paper, we consider circuits for addition of two bi-nary numbers. While it is well known that the BDD sizefor the adder function is only linear in the bit size [4], weshow that the complete construction process of the BDDis also bounded polynomially. This is shown for three dif-ferent adder architectures, namely the
Carry Ripple Adder (CRA), the
Conditional Sum Adder (CSA) and the
CarryLook Ahead Adder . Theoretical bounds on the BDD sizesare proven and it is shown that the complete symbolic sim-ulation starting from the inputs to the outputs of the circuitcan by carried out polynomially. Furthermore, for specificfunctions upper bounds on the BDD size are proven.The paper is structured as follows: In Section 2 nota-tions and definitions are reviewed to make the paper self-contained. The adder function and BDDs are introduced.For the three adders the circuit realization is reviewed inSection 3. in Section 4 for the three adder architectures itis proven that formal verification can be done efficiently.Finally, the results are summarized and open problems areaddressed.
2. Notation and Definition
Let f : B n → B be a Boolean function over variable set X n = { x , . . . , x n } . a r X i v : . [ c s . A R ] S e p .1. Adder Function Let a , b and s be three binary numbers of n bits, where s is the sum of a , b and an incoming carry bit c − . Therelation between the sum s and the operands a and b can bedescribed by the following two equations: ∀ n − i =0 c i = a i b i ∨ a i c i − ∨ b i c i − (1) ∀ n − i =0 s i = a i ⊕ b i ⊕ c i − (2)The variable c i is called the i -the carry bit.The core cells of many adder architectures are the HalfAdder (HA) and
Full Adder (FA) cells realizing a 1-bit ad-dition without or with carry input, respectively.The function table of the HA is shown in following table a i b i ha ha ha can be realized by andAND-gate, while ha is described by an ⊕ -gate, i.e.: ha = a i · b i ha = a i ⊕ b i Analogously it follows for the FA with inputs a i , b i and c i − : f a = a i b i ∨ c i − ( a i ∨ b i ) f a = a i ⊕ b i ⊕ c i − Reduced ordered Binary Decision Diagrams (BDDs) [4,9] are Directed Acyclic Graphs (DAGs) where a Shannondecomposition f = x i f x i + x i f x i (1 ≤ i ≤ n ) is carried out in each node. Example 1.
The BDD for the full adder is shown in Figure1.
An important property of BDDs is that the synthesis op-erations, like AND, OR or composition, can be carried outin polynomial time and space. This can be described bythe operator if-then-else (ite) [4, 3] . A sketch of the al-gorithm is as follows, where Rh Rl denote the high- andlow-successors, respectively, and e.g.
F1i is the cofactor to with respect to variable i : Notice that in the following for the discussion and the proofs BDDswithout complemented edges are considered.
Figure 1. BDD for full adder ite(F,G,H) {if (terminal case OR(F,G,H) in computed-table) {return result;} else {let xi be the top variable of (F,G,H);Rh = ite(F1i,G1i,H1i);Rl = ite(F0i,G0i,H0i);if (Rh = Rl) return Rh;R = find_or_add_unique_table(v,Rl,Rh);insert_computed_table(F,G,H,R);return R;}}
The ite -operator has a polynomial worst case behavior,i.e. for graphs F , G and H the result is bound by O ( | F |·| G |·| H | ) . This bound holds under the assumption of an optimalhashing in O (1) . But also in the case of a worst case be-havior of the hashing function, ite remains polynomial (see[10]). To build the BDDs for the output signals of a circuit, thecircuit is traversed in a topological order starting from theinputs. For the inputs signals the corresponding BDDs areinitially generated. Then, for each gate in the circuit the cor-responding synthesis operation based on ite is carried out.This process is called symbolic simulation in the following.
Example 2.
The symbolic simulation for a circuit consist-ing of a single AND gate is shown in Figure 2. igure 2. Symbolic simulation for AND gateFigure 3. Carry Ripple Adder
3. Circuit Realization
In this section different realizations for adder circuits arebriefly reviewed. Only the basic principles are reviewed asfar as it is needed for making the paper self-contained. Formore details see [2].
The
Carry Ripple Adder (CRA) simply consists of a se-quence on n full adders. The cells are connected via thecarry chain (see Figure 3).The CRA is very area efficient, since it only requires alinear number of gates. But the CRA is also very slow, sincethe delay – measured in the number of gates that has to betraversed – is also linear in the number of inputs. The
Conditional Sum Adder (CSA) can be recursivelydescribed. While the lower n/ bits are computed by aCSA of bit-width n/ , for the higher n/ bits the result iscomputed by two CSAs in parallel, where one assumes anincoming carry, while the other does not. Thus, the addermakes use of the fact that the higher bits only depend on theincoming carry from the lower half. Both results are pre-computed and the correct result is selected by a multiplexer Figure 4. Conditional Sum Adder stage. The computation scheme is shown in Figure 4. Forthe 1-bit adders, simply full adders can be used.The CSA is a fast adder, i.e. it has a depth of O ( log ( n )) .The circuit has a gate count of O ( n · log ( n )) . The
Carry Look Ahead Adder (CLA) makes use of afast prefix computation in a block P n (see Figure 5). FromEquation (2) it is obvious that it is sufficient to computethe carry bits c i for all i . This can be done based on parallelprefex computation of the generation and propagation prop-erties for addition. These are described by function g and p ,respectively:1. For ≤ i < n : p i,i = a i ⊕ b i , g i,i = a i b i
2. For i ≤ k < j : p j,i = p k,i p j,k +1 , g j,i = g j,k +1 + ( g k,i p j,k +1 ) ,This means that either a carry bit is generated in the upperpart or a carry is generated in the lower part and is propa-gated through the higher part. Thus, the carry bits can becomputed as ( ≤ i < n ): c i = g i, + p i, c − The CLA has a logarithmic depth and a size linear in thenumber of input variables.
4. Polynomial Verification
It is well known that the size of BDDs for the adder func-tion is dependent on the variable ordering. It has also beenproven that the BDD size is linearly bounded (see Section4.4 in [12]), where exact estimates are given for BDD sizes.There, addition without the incoming carry bit has beenconsidered. The results can be extended to also considerthe incoming carry bit as it is required for all adder circuitsin the following. igure 5. Carry Look Ahead Adder
Theorem 1.
1. The sum bit s i of an adder has the BDDsize bounded by i + 7 .2. The carry bit c i of an adder has the BDD size boundedby i + 6 .Proof. We use the interleaved variable ordering from theleast to the most significant bits.For the sum bits the results from Lemma 4.4.2 in [12]can be generalized, where an upper bound of i +5 has beenproven for the adder function without an incoming carry bit.For the additional carry bit two more nodes are required,i.e. one for the carry bit itself and one for the a variable.The same argument holds for the carry bit, but here onthe lowest level one node is saved, since in case of gen-eration by a i and the incoming carry, b i does not have tobe tested any more (see Figure 6 for the case of 4 vari-ables).It is important to notice that these results were alwaysrelated to the representation size of the output functions, butnot for the entire construction process. Remark 1.
In the following, detailed bounds are not pro-vided, since the goal of this paper is to show that the con-struction process is polynomial.
Thus, it is sufficient to show that each individual step canbe carried out in polynomial time and space. We make useof the following observation:
Remark 2.
If for each internal signal the size of the BDDrepresentation and the number of gates in the circuit is poly-nomially bounded in the number of inputs n , the whole cir-cuit can be formally verified in polynomial time due to thepolynomially bounded synthesis operations on BDDs. This method can be applied to general circuits, but isused for adders only in the following. For the adder circuitsfrom Section 3 the upper bounds hold, that each circuit onlyhas a number of gates polynmial in the numer of inputs n . For the CRA it is very simple to see that the completeconstruction is polynomially bounded. For the HA of theleast significant bit and all FAs the BDD can be locally con-structed and has only a constant size. Due to the structure ofthe CRA each carry output of a cell is connected to the carryinput of the next cell. The substitution of the input variablecan be carried out by the compose algorithm based on ite and has a polynomial worst-case complexity. Furthermore,according to Theorem 1 the size of the BDD for the carrysignal for all i is always linear. Thus, the whole construc-tion process is polynomially bounded, since the composi-tion only has to be carried out n times. Theorem 2.
The BDD for the CRA can be constructed poly-nomially.
The n bit CSA consists of three CSAs of bit-size n/ anda multiplexer stage. From Theorem 1 it follows that each ofthe connecting signals shown in Figure 4 can be representedby a BDD of linear size. Only the carry inputs have to be setto and , respectively. The only operation that has to becarried out is the one corresponding to the MUX unit. Butthis can be described by ite and is polynomially bounded.Thus, we obtain: Theorem 3.
The BDD for the CSA can be constructed poly-nomially.
Remark 3.
The results of Theorems 2 and 3 can easily begeneralized to further adder types that are based on fulladders connected together using MUX cells, like e.g. the
Carry Select Adder in [1] with a runtime of O ( √ n ) . In the CLA the sum bits are computed by determining thecarry bits first and finally EXOR-ing them with the corre-sponding a i and b i inputs according to Equation (2). Thus,the core circuit computes the carry bits starting based on theproperty of generation and propagation, i.e. functions p and g . The union of propagation intervals is based on BooleanAND-operations, i.e. larger interval only propagates a carrybit, if the left and the right part of the interval do so. For thegeneration part it holds that either the left part (using thehigher bits) already propagates or the lower part generates,while the higher part propagates. In both cases, the struc-ture consists of AND- and OR-operations only and it can beseen that the whole structure can be represented by BDDsof polynomial size. More formally, this can be proven asfollows: igure 6. BDD for 4-bit adder function Lemma 1.
1. Function p j,i has the BDD size bounded by j − i ) ( j > i ).2. Function g j,i has the BDD size bounded by j − i ) − ( j > i ).Proof. For function p j,i it holds: p j,i = ( a j ⊕ b j )( a j − ⊕ b j − ) . . . ( a i ⊕ b i ) The BDD for the EXOR of two variables has three nodes.Since each variable only appears once, the correspondingBDDs can simply be connected (see Figure 7 for the case of4 variables).Since the BDD is a cannonical representation, in g j,i = g j,k +1 + ( g k,i p j,k +1 ) the choice of k does not influence the BDD size and wechoose k = j − resulting in g j,i = g j,j + ( g j − ,i p j,j ) . For each pair of variables a l , b l at most 6 nodes can be gen-erated resulting from all combinations of the EXOR and theAND (see Figure 8 for the case of 4 variables). For thetop and bottom variables even some more nodes are saved,i.e. two at the top level and one at the 2nd one, and accord-ingly at the bottom. The exact estimate is not considered(see Remark 1), since a polynomial upper bound case issufficient.Based on this observation, the whole BDD for the CLAcan be computed based on ite . igure 7. BDD for p function for 4 variables Theorem 4.
The BDD for the CLA can be constructed poly-nomially.
5. Conclusion
In this paper it has been proven for three different adderarchitectures that the complete formal verification processcan be carried out polynomially. It was proven that the un-derlying BDDs remain polynomial in the whole construc-tion process. This was ensured by proving upper boundson the BDD sizes for each internal signal. While the BDDsizes for the outputs of the adder functions were known tobe polynomially bounded, this is the first time that for ef-ficient adder circuits of logarithmic run time a polynomialproof process could be ensured.It is focus of future work to identify further classes ofcircuits and functions that can be polynomially verified us-ing BDDs. Furthermore, alternative proof engines on theBoolean level, like SAT or O(K)FDDs, can be considered.Also extension to the word-level, like SMT or WLDDs, willbe studied.
Figure 8. BDD for g function for 4 variables References [1] B. Becker, R. Drechsler, R. Krieger, and S. Reddy. A fastoptimal robust path-delay-fault testable adder. In
EuropeanDesign & Test Conf. , pages 491–498, 1996.[2] B. Becker, R. Drechsler, and P. Molitor.
Technische Infor-matik - Eine Einführung . Pearson Studium, 2005.[3] K. Brace, R. Rudell, and R. Bryant. Efficient implementa-tion of a BDD package. In
Design Automation Conf. , pages40–45, 1990.[4] R. Bryant. Graph-based algorithms for Boolean functionmanipulation.
IEEE Trans. on Comp. , 35(8):677–691, 1986.[5] R. Bryant. On the complexity of VLSI implementations andgraph representations of Boolean functions with applicationto integer multiplication.
IEEE Trans. on Comp. , 40:205–213, 1991.[6] R. Bryant and Y.-A. Chen. Verification of arithmetic func-tions with binary moment diagrams. In
Design AutomationConf. , pages 535–541, 1995.[7] R. Drechsler.
Advanced Formal Verification . Kluwer Aca-demic Publishers, 2004.[8] R. Drechsler.
Formal System Verification . Springer, 2018.9] R. Drechsler and B. Becker.
Binary Decision Diagrams –Theory and Implementation . Kluwer Academic Publishers,1998.[10] R. Drechsler and D. Sieling. Binary decision diagrams intheory and practice.
Software Tools for Technology Transfer ,3:112–136, 2001.[11] M. Keim, M. Martin, B. Becker, R. Drechsler, and P. Moli-tor. Polynomial formal verification of multipliers. In
VLSITest Symp. , pages 150–155, 1997.[12] I. Wegener.