# Fast Formal Verification of Multiplier Circuits using Computer Algebra



Daniela Kaufmann fmv.jku.at/kaufmann





## Bugs in hardware are expensive!



## Computer Algebra



## Specification



## Model

|             | Δ.                                | roder                         |
|-------------|-----------------------------------|-------------------------------|
| $s_3 = g$   | $_1 \wedge g_4$                   | $-s_3+g_1g_4,$                |
| $s_2 = g_1$ | $_{oldsymbol{\perp}}\oplus g_{4}$ | $-s_2 - 2g_4g_1 + g_4 + g_1,$ |
| $g_4 = g_5$ | $g_2 \wedge g_3$                  | $-g_4+g_2g_3,$                |
| $s_1 = g_2$ | $g_3 \oplus g_3$                  | $-s_1 - 2g_2g_3 + g_2 + g_3,$ |
| $g_1 = a$   | $_1 \wedge b_1$                   | $-g_1 + a_1b_1,$              |
| $g_2 = a$   | $0 \wedge b_1$                    | $-g_2 + a_0b_1,$              |
| $g_3 = a$   | $1 \wedge b_0$                    | $-g_3 + a_1b_0,$              |
| $s_0 = a$   | $0 \wedge b_0$                    | $-s_0 + a_0 b_0,$             |
| a           | $a_1 \in \mathbb{B}$              | $-a_1^2 + a_1,$               |
| a           | $a_0 \in \mathbb{B}$              | $-a_0^2 + a_0,$               |
| b           | $e_1 \in \mathbb{B}$              | $-b_1^2 + b_1,$               |

### Reduction

 $-b_0^2 + b_0$ 

 $b_0 \in \mathbb{B}$ 

 $8s_3 + 4s_2 + 2s_1 + s_0 - 4a_1b_1 - 2a_1b_0 - 2a_0b_1 - a_0b_0$  $4s_2 + 8g_4g_1 + 2s_1 + s_0 - 4a_1b_1 - 2a_1b_0 - 2a_0b_1 - a_0b_0$  $4g_4 + 2s_1 + 4g_1 + s_0 - 4a_1b_1 - 2a_1b_0 - 2a_0b_1 - a_0b_0$ 

## Contributions

### **Precise Formalization**

Let  $I(C) = \{ p \in \mathbb{Q}[X] \mid p(X) = 0 \text{ for all } a_0, \dots, a_{n-1}, b_0, \dots, b_{n-1} \in \mathbb{B} \}.$ Let  $J(C) = \langle -s_3 + g_1 g_4, -s_2 - 2g_1 g_4 + g_4 + g_1, \ldots \rangle \subseteq \mathbb{Q}[X].$ 

A circuit C is a multiplier iff  $\sum_{i=0}^{2n-1} 2^i s_i - (\sum_{i=0}^{n-1} 2^i a_i) (\sum_{i=0}^{n-1} 2^i b_i) \in I(C)$ .

**Soundness and completeness:** For acyclic circuits C, we have J(C) = I(C).

## Incremental Column-Based Algorithm

[FMCAD'17]

[FMCAD'17]



**Proof Certificates** 

[SC2'18]

## Practical algebraic calculus:

Sequence  $P = (p_1, \dots p_n)$ , where each  $p_k$  is obtained by:



 $p_i$  appearing earlier in the proof, q arbitrary  $*: p_i, q, qp_i;$ 

Certificates are obtained as by-product of polynomial reduction.

## Simplified Rewriting Techniques

• Previously: Identify syntactic patterns.



- New: Identify single-dependency variables.
- Eliminate internal variables.
- Uses elimination theory of Gröbner bases.

## Modular Reasoning

[FMCAD'19]

[DATE'18, FMCAD'19]

- Use polynomial ring  $\mathbb{Z}_{2^l}[X]$ , with  $l \in \mathbb{N}$ , instead of  $\mathbb{Q}[X]$ .
- Eliminates certain vanishing monomials.
- Allows verification of truncated multipliers.

## SAT & Computer Algebra

[FMCAD'19, DATE'20]

- Substitute final stage adders by simpler adder circuits.
- Correctness of replacement is verified using SAT.



## Experimental Results

### **Verification Tool AMulet** [github.com/d-kfmnn/amulet] • 192 multiplier architectures. • Input bit-width n = 64. RevSCA-2.0 (S) 200 • Time out: 300 sec. Comparing to • ABC: M. Ciesielski et al., TCAD, 2019. • RevSCA: A. Mahzoon et al., DAC, 2019. • RevSCA-2.0: A. Mahzoon et al., 2020. #Instances

### **AMulet & Proof Checker PACtrim**

[fmv.jku.at/pac]

• Time in min.

- Scales up to bit-width 2048.
- None of related work produces certificates.

| architecture b | 1 1,1     | Verify |     |       | Verify + Certificates |               |     |       | Check Certificates |     |       | total |       |
|----------------|-----------|--------|-----|-------|-----------------------|---------------|-----|-------|--------------------|-----|-------|-------|-------|
|                | bit-width | sub    | sat | c.alg | tot                   | sub           | sat | c.alg | tot                | sat | c.alg | tot   | total |
| btor           | 512       | 0      | 0   | 16    | 16                    | 0             | 0   | 23    | 23                 | 0   | 7     | 7     | 30    |
| kjvnkv         | 512       | 0      | 0   | 13    | 13                    | $\parallel 0$ | 0   | 15    | 15                 | 0   | 9     | 9     | 25    |
| sp-ar-rc       | 512       | 0      | 0   | 13    | 13                    | $\parallel 0$ | 0   | 16    | 16                 | 0   | 10    | 10    | 26    |
| sp-dt-lf       | 512       | 1      | 0   | 25    | 26                    | $\parallel$ 1 | 0   | 25    | 26                 | 0   | 11    | 11    | 37    |
| sp-wt-bk       | 512       | 1      | 0   | 26    | 27                    | $\parallel 0$ | 0   | 26    | 26                 | 0   | 11    | 11    | 38    |
| btor           | 1024      | 2      | 0   | 177   | 179                   | 2             | 0   | 219   | 219                | 0   | 51    | 51    | 272   |
| kjvnkv         | 1024      | 2      | 0   | 91    | 93                    | $\parallel 2$ | 0   | 172   | 172                | 0   | 72    | 72    | 245   |
| btor           | 2048      | 17     | 0   | 1493  | 1 510                 | 17            | 0   | 2552  | 2552               | 0   | 430   | 430   | 2982  |
| kjvnkv         | 2048      | 18     | 0   | 1129  | 1147                  | 18            | 0   | 2077  | 2077               | 0   | 1228  | 1228  | 3307  |