Spectral Approach to Verifying Non-linear Arithmetic Circuits by Yu, Cunxi et al.
ar
X
iv
:1
90
1.
02
95
0v
1 
 [c
s.S
C]
  9
 Ja
n 2
01
9
Spectral Approach to Verifying Non-linear Arithmetic Circuits
Cunxi Yu, Tiankai Su, Atif Yasin, Maciej Ciesielski
University of Massachusetts, Amherst
ycunxi,ayasin,tiankaisu,ciesiel@umass.edu
ABSTRACT
This paper presents a fast and effective computer algebraic method
for analyzing and verifying non-linear integer arithmetic circuits
using a novel algebraic spectral model. It introduces a concept of
algebraic spectrum, a numerical form of polynomial expression; it
uses the distribution of coefficients of the monomials to determine
the type of arithmetic function under verification. In contrast to
previous works, the proof of functional correctness is achieved by
computing an algebraic spectrum combined with local rewriting of
word-level polynomials. The speedup is achieved by propagating
coefficients through the circuit using And-Inverter Graph (AIG)
datastructure. The effectiveness of themethod is demonstratedwith
experiments including standard and Booth multipliers, and other
synthesized non-linear arithmetic circuits up to 1024 bits contain-
ing over 12 million gates.
ACM Reference Format:
Cunxi Yu, Tiankai Su, Atif Yasin, Maciej Ciesielski. 2019. Spectral Approach
to Verifying Non-linear Arithmetic Circuits. In ASPDAC ’19: 24th Asia and
South Pacific Design Automation Conference (ASPDAC ’19), January 21–24,
2019, Tokyo, Japan.ACM,NewYork, NY, USA, 8 pages. https://doi.org/10.1145/3287624.3287662
1 INTRODUCTION
Importance of arithmetic verification problem grows with an in-
creased use of arithmetic modules in modern systems, such as sig-
nal processing, security engineering, and cryptographic applica-
tions. There has been a considerable progress in formal verifica-
tion of arithmetic designs in the last decade. In particular, com-
puter algebra techniques that use polynomial representation of a
gate-level arithmetic circuit, show significant advantages in ana-
lyzing arithmetic circuits [17][5][25][18][21][19]. This is in con-
trast to other formal methods, such as BDDs or SAT, that rely
on a strictly Boolean circuit representation. The verification prob-
lem using computer algebraic methods is typically formulated as a
proof that the implementation satisfies the specification, which is
solved by polynomial division or by algebraic rewriting.
The techniques that play a major role in synthesis and veri-
fication, are abstraction and reverse engineering [22][28]. Formal
verification techniques can benefit greatly from abstracting func-
tionality of the circuits being verified. For example, word-level ab-
straction specifically focuses on extracting a word-level represen-
tation of the function implemented by a gate-level design, which
Permission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed
for profit or commercial advantage and that copies bear this notice and the full cita-
tion on the first page. Copyrights for components of this work owned by others than
ACMmust be honored. Abstracting with credit is permitted. To copy otherwise, or re-
publish, to post on servers or to redistribute to lists, requires prior specific permission
and/or a fee. Request permissions from permissions@acm.org.
ASPDAC ’19, January 21–24, 2019, Tokyo, Japan
© 2019 Association for Computing Machinery.
ACM ISBN 978-1-4503-6007-4/19/01. . . $15.00
https://doi.org/10.1145/3287624.3287662
can significantly reduce the complexity of verifying a large sys-
tem. In the past, the verification and abstraction problems relied
entirely on explicit functional methods. In this paper, we describe
an implicit approach to verification and word-level abstraction of
arithmetic circuits by introducing a novel representation, called al-
gebraic spectrum. We describe an efficient algorithm for construct-
ing such a spectrum, a compact way to represent the polynomial
model of the circuit.
2 BACKGROUND
2.1 Formal Verification of Arithmetic Circuits
Verification of arithmetic circuits is performed using a variant of
combinational equivalence checking, referred to as arithmetic com-
binational equivalence checking (ACEC) [21]. Several approaches
have been applied to verify an arithmetic circuit against its func-
tional specification, including decision diagrams, satisfiability, the-
orem proving, and computer algebra. Different variants of canon-
ical, graph-based representations have been proposed, including
Binary Decision Diagrams (BDDs) [2], Binary Moment Diagrams
(BMDs) [3], Taylor Expansion Diagrams (TED) [4], and other hy-
brid diagrams. While BDDs have been used extensively in logic
synthesis, their applicability to verification of arithmetic circuits
is limited by the prohibitively high memory requirements imposed
by complex arithmetic circuits, such as multipliers. Boolean satisfi-
ability (SAT) and satisfiability modulo theories (SMT) solvers have
also been applied to solve ACEC problems [9]. Several state-of-the-
art SAT and SMT solvers have been applied to those problems,
including MiniSAT[23], Lingeling[1], Boolector [16], and others.
However, the complexity of ACEC for large arithmetic circuits has
been shown to be extremely high [18] [25]. Alternatively, the prob-
lem can be modeled as equivalence checking against an arithmetic
specification given by a bit-vector formula, but the complexity of
this method is the same as the ACEC method [25].
2.2 Computer Algebra Approach
Computer algebra methods are considered to be best suited to solve
arithmetic verification problems [25][19]. Using thesemethods, the
verification problem is formulated as a proof obligation, stating
that the implementation satisfies the specification [5, 17–19, 21, 25?
, 26]. Computer algebra offers a way to accomplish this using the
theory of Gröbner basis and the ideal membership testing to check
if the specification belongs to the ideal generated by the imple-
mentation. It can be solved by performing a series of divisions of
the specification polynomial by a set of polynomials (bases) repre-
senting circuit components and checking if the remainder of the
division reduces to zero.
An alternative approach to arithmetic verification of gate-level
circuits has been proposed using an algebraic rewriting technique,
described in more detailes in the next section. With this approach,
ASPDAC ’19, January 21–24, 2019, Tokyo, Japan C. Yu et al.
the polynomial representing the encoding of the primary outputs
(the output signature) is transformed into a polynomial expressed
in terms of the primary inputs (the input signature) [5]. Thismethod,
in fact, extracts an arithmetic function implemented by the cir-
cuit, hence it is termed function extraction. It has been successfully
applied to standard, non-optimized 512-bit multipliers due to the
simplification of polynomials achieved during rewriting [25] [21].
Although these approaches show good performance in verifying
arithmetic circuits with well-defined structure, they suffer from
polynomial size explosion when applied to synthesized and heav-
ily bit-optimized gate-level netlists.
A comprehensive review of the state-of-the-art computer alge-
bra methods for arithmetic circuit verification can be found in [19].
The authors formally prove soundness and completeness of the
two complementary approaches: the polynomial rewriting method
of [25][21] and the ideal membership testing of [17]. The difficul-
ties of verifying bit-optimized and technology mapped multipliers
have been discussed as well. They also propose an incremental ap-
proach to arithmetic circuit verification by column-based polyno-
mial reduction. In addition, computer algebra methods have been
applied to logic debugging [6, 8, 13, 24] and approximations of
arithmetic circuits [7, 24].
2.3 Function Extraction using Algebraic
Rewriting
This section briefly reviews the function extraction technique that
motivation our approach. It computes a unique bit-level polyno-
mial function implemented by the circuit directly from its gate-
level implementation [5]. It uses an algebraic model of the circuit,
with logic gates represented by the following algebraic expressions,
with circuit signals treated as Boolean variables.
¬a = 1 − a
a ∧ b = a · b
a ∨ b = a + b − a · b
a ⊕ b = a + b − 2a · b
(1)
Functional correctness of the circuit is proved by rewriting the
word-level expression of the output signature, Siдout , into a word-
level expression at the primary inputs (PI), the input signature,
Siдin . The rewriting process successively applies Eq. (1), combined
with algebraic simplification of the polynomial, to arrive at each
step at a unique polynomial expression. Specifically, such an ex-
pression is a pseudo-Boolean polynomial in the variables associ-
atedwith the set of signals separating primary inputs from primary
outputs (PO), referred to as a cut. The rewriting is performed in
reverse-topological order, from PO to PI: once a given variable (out-
put of a gate) is substituted by an algebraic expression of the gate
inputs, it will be eliminated from the current cut expression and
will never appear again. As a result, the final polynomial (Siдin ) is
expressed only in the primary input variables, and hence provides
the function computed by the circuit.
This paper describes a novel and more efficient approach to
function extraction by applying two new concepts: 1) generating
polynomial coefficients without explicit polynomial rewriting, us-
ing AIG traversal; and 2) spectral analysis to reason about the func-
tion of the intermediate polynomials by analyzing their coefficients.
a3 a2 a1 a0
b3 b2 b1 b0
a3b0 a2b0 a1b0 a0b0
a3b1 a2b1 a1b1 a0b1
a3b2 a2b2 a1b2 a0b2
a3b3 a2b3 a1b3 a0b3
z7 z6 z5 z4 z3 z2 z1 z0
N(i) 0 1 2 3 4 3 2 1
C(i) 128 64 32 16 8 4 2 1
(a) (b)
i
N(i)
4
3
2
1
0 0       1        2        3        4        5        6        7   
C(i) 1       2       4        8       16      32       64    128   
Figure 1: Spectrum of a four-bit Multiplier
3 SPECTRAL METHOD
3.1 Algebraic Spectrum
Consider the n-bit integer multiplication scheme, shown in Figure
1(a) for n = 4. The ovals represent partial product terms that are
added column-wise for each bit of the result. Let i be a bit position
of the result, i = 0, ..., 2n − 1. Note that N (2n − 1)=0 since there are
no partial product with coefficient of 22n−1.
Let Ci = 2
i be the coefficient associated with column i of the
result, and let Ni be the number of product terms added at that bit
position. The polynomial expression corresponding to the encoded
word-level result is then:
F =
n−1∑
j=0
2j aj ·
n−1∑
k=0
2kbk =
n−1∑
j=0
n−1∑
k=0
2j+k (ajbk ) (2)
It is easy to see that each monomial 2j+kajbk , for any pair of val-
ues of j,k , has the same coefficient, Ci = 2
j+k , where i = j + k .
The number of monomials with coefficient Ci are represented us-
ing Ni . For example, for a 2-bit unsigned multiplier with output
F = (a0 + 2a1)(b0 + 2b1) = a0b0 + 2a0b1 + 2a1b0 + 4a1b1, there
is one monomial with coefficient 20=1, two monomials with coef-
ficient 21=2, and one monomial with coefficient 22=4. Hence, the
set of coefficients for this polynomial, listed in the increasing order
of coefficient value, is C = {1, 2, 2, 4} and the set N = {1, 2, 1}.
Similarly, for the 4-bit multiplier shown in Figure 1, we have:
N = {1, 2, 3, 4, 3, 2, 1}, where the values of Ni are listed in the in-
creasing order of the output bits, from LSB to MSB. In general, the
value of Ni for an n-bit multiplier, with bits i = 0, ..., 2n − 2, can be
computed as follows:
Ni =
{
i + 1 if i≤ n − 1
2n − 1 − i if i≥ n
(3)
The distribution of coefficients values Ni (Ci ) defines the algebraic
spectrum of the polynomial and can be used to determine the type
of the arithmetic function under investigation.
Definition 1: Given a polynomial P =
∑
Cipi , where Ci is an
integer coefficient and pi is a monomial, product of some variables.
Let C = {Ci } be the set of coefficients of P and let Ni represent
the number of product terms pi with the same coefficient Ci . The
algebraic spectrum S for polynomial P is then defined as an ordered
set of pairs (Ni ,Ci ), for all distinct values of coefficients Ci . That
is, S = {(Ni ,Ci )}. Example 1: Let P = 3p3 + 4p2 + 4p4 + 6p1, with
monomials ordered by increasing values of its coefficients, Then
the set of distinct coefficients is C = {3, 4, 6} and the spectrum
S = {(1, 3), (2, 4), (1, 6)}.
Spectral Approach to Verifying Non-linear Arithmetic Circuits ASPDAC ’19, January 21–24, 2019, Tokyo, Japan
Spectrum S can be visualized by a graph, as shown in Figures
1, 2, and 3. The shape of the spectrum (triangle for two-input mul-
tiplier, bell curve for 3-operand multipliers, or constant line for
adders, etc.) remains the same for a given arithmetic function and
does not depend on the number of bits. Furthermore, it does not
depend on the internal structure of the circuit but only on the arith-
metic function it implements. A correct shape of the spectrum is
one evidence of circuit correctness, but one still needs to perform
canonical rewriting for final confirmation. However, an incorrect
spectrum can effectively prove that the circuit is buggy (Section 4).
Figure 2 shows the spectra for two-operand (2-variable spectrum)
and three-operand multipliers (3-variable spectrum) for different
bit-widths.
 0
 1
 2
 3
 4
 5
 0  1  2  3  4  5  6  7  8  9
N
(i)
i
2-bit
3-bit
4-bit
5-bit
(a) F = A · B.
 0
 5
 10
 15
 20
 25
 0  2  4  6  8  10  12  14
N
(i)
i
2-bit
3-bit
4-bit
5-bit
(b) F = A · B · C .
Figure 2: Spectral diagrams for multipliers for { 2,3,4,5 } bit-widths.
Algebraic spectrum for an adder can be similarly derived. Clearly,
for ann-bit binary adder with two inputsA,B, the sum S =
∑n−1
i=0 2
iai+∑n−1
i=0 2
ibi =
∑n−1
i=0 2
i (ai +bi ). Hence the number of coefficientsCi
with value 2i is exactly two, and the spectrum is a constant func-
tion, Ni=2, where i = 0, ...,n − 1. Again, the (n + 1)
st element of
N associated with the carry out bit is not shown since N2n=0. Al-
gebraic spectrum for a 4-bit adder is shown in Figure 3. Similar
formulas and graphs can be derived for other datapath operators,
such as MAC, fused multiply/add operation, and others1.
1
2
i
N(i)
0 1 2 3 4
i=3     i=2      i=1    i=0
2       2        2       2 N(i)
C(i) 8       4        2       1    
0
C(i) 1       2       4       8      16 
Figure 3: Spectrum of a four-bit Adder: F = A + B.
Note that in a monolithic arithmetic function (i.e., function com-
posed of only one arithmetic operator) each monomial contains
the same number of variables. For example: an adder
∑
2i (ai +
bi ) will contain only single-variable terms, regardless of the num-
ber of operands; a 2-input multiplier
∑
2j+k (ajbk ) contains only
two-variable terms; a 3-operand multiplier will contain only three-
variable terms; etc. However, a fused multiplierA+B ·C =
∑
2iai +
1More algebraic spectrum are available in our online spectrum gallery.
https://ycunxi.github.io/cunxiyu/spectrum_gallery.html
∑
2j+k (bjck )will contain both a single-variable terms {ai } and two-
variable terms {bjck }. In this case the polynomial P representing
the function implemented by the circuit is composed of a set of
polynomials {P(k)}, where k is the number of variables in each
product term pi . The spectrum is then computed for each value of
k , denoted Sk . An example of such a spectrum is shown in Figure
4 for a fused multiply-add function, A + B · C , composed of spec-
tra S1 (with single-variable monomials) and S2 (with two-variable
monomials).
i
N(i)
1
C(i) 1        2        4        8       16      32
0
2
3
0 1 2 3 4 5
i
N(i)
1
C(i) 1        2        4        8       16      32
0
2
3
0 1 2 3 4 5
Figure 4: Spectrum of a 3-bit MAC composed of a single-variable and two-
variable spectra, S = {S1, S2}.
The idea of partitioning the spectrum into components {Sk }, each
for a different monomial size (number of variables), also applies to
intermediate polynomials generated during rewriting. It can prove
useful in determining when a particular arithmetic function ap-
pears in the implementation, as explained in the next section. For
example, during rewriting of a sub-expression P = 2C + S of a
half-adder, with carry C = a · b and sum S = a + b − 2ab , the
expression P = 2C + a + b − 2ab may temporarily exist before
C is substituted with ab , which subsequently reduces P to a + b .
This means that some intermediate polynomialsmaymap into one-
variable and two-variable spectra, S1, S2. The same is true for the
multiplier whose intermediate polynomials may contain monomi-
als with three or more variables, while the final spectrum is only
of S2 type.
3.2 Using Spectrum for Function Extraction
Asmentioned earlier, the spectrumof an arithmetic circuit depends
only on the arithmetic function it computes and not on its gate-
level implementation. This is illustrated with an example of a 3-
bit unsigned Booth and a CSA multiplier. Figure 5 summarizes the
rewriting process by showing the initial spectrum (identical for
both multipliers); one intermediate spectrum for each multiplier
"half way" through the rewriting process; and the final, identical
spectra.
At each step, the intermediate polynomial P is divided into sev-
eral sets, depending on the number of variables in its monomials,
andmapped onto the corresponding spectrumSk . The first column
in the figure represents S1, the second represents S2, and the third
represents S3. The initial polynomial P = Siдout , contains only
single-variable monomials, namely z0+2z1+4z2+8z3+16z4+32z5, cor-
responding to the word-level encoding of the output, and is the
same for both multipliers. Hence the initial spectrum is the same
for both, as shown in Figure 5(a). During rewriting, the size of some
monomials increases to 2 or 3 variables, which is captured by the
spectra S2 and S3, shown in Figure 5(b). Upon the completion of
the rewriting the polynomial associated with the primary inputs,
P = Siдin , contains only monomials of size 2, in both multipliers.
Hence, the spectrum S2 of the two multipliers is identical, if the cir-
cuit is a bug-free multiplier. As expected, the intermediate spectra
ASPDAC ’19, January 21–24, 2019, Tokyo, Japan C. Yu et al.
for the two multipliers are different, since they are implemented
using different algorithms and have different internal structures.
However, the final spectra of both circuits at the primary inputs
match the spectrum S2 of the multiplication, showing that they
both implement the multiplication function. A buggy circuit may
contain monomials with a larger number of variables with coeffi-
cients that do not match those of the correct circuit, which will be
an indication of a bug.
i
N(i)
i
N(i)
1
C(i) 1        2        4        8       16      32
0
i
N(i)
Booth & CSA 
Multiplier
0 1 2 3 4 5
1-var 2-var 3-var
(a) Initial spectrum.
i
N(i)
1
C(i) 1        2        4        8       16      32
0
3
i
N(i)
1
C(i) 1        2        4        8       16      32
0
7
i
N(i)
2
C(i) 1        2        4        8       16      32
0
3
1
CSA 
Multiplier
i
N(i)
1
C(i) 1        2        4        8       16      32
0
2
i
N(i)
1
C(i) 1        2        4        8       16      32
0
2
i
N(i)
2
C(i) 1        2        4        8       16      32
0
5
Booth 
Multiplier
0 1 2 3 4 5 0 1 2 3 4 5 0 1 2 3 4 5
0 1 2 3 4 5 0 1 2 3 4 5 0 1 2 3 4 5
1-var 2-var 3-var
(b) Intermediate spectra.
i
N(i)
0 1 2 3 4
C(i) 1        2        4        8       16      32
0
5
i
N(i)
1
C(i) 1        2        4        8       16      32
0
2
i
N(i)
C(i) 1        2        4        8       16      32
0
3
Booth & CSA 
Multiplier
0 1 2 3 4 5 0 1 2 3 4 5
1-var 2-var 3-var
(c) Final recorded spectrum.
Figure 5: Spectra of a three-bit Booth-multiplier and a CSA-multiplier of
the four recorded expressions.
3.3 Using Spectrum in Arithmetic Verification
According to Definition 1, algebraic spectrum is a more abstract
and compact representation of an arithmetic function compared
to a polynomial representation. However, the spectrum alone, as
defined here, is not canonical. This is because it only deals with the
distribution of coefficients and does not differentiate between the
variables in the product termspi . As a result, different polynomials
may map into the same spectrum, as shown in this example.
Example 2: Let P1 and P2 be the polynomial expressions of two
multiplications, P1 = (a0 + 2a1)(b0 + 2b1) = a0b0 + 2a0b1 + 2a1b0 +
4a1b1, and P2 = (a1+2a0)(b0+2b1) = a1b0+2a1b1+2a0b0+4a0b1;
obviously they are not functionally equivalent. The difference be-
tween P1 and P2 is in the bit composition of the first operands.
Yet, the spectrum of both polynomials are identical, S = S2 =
{(1, 1), (2, 2), (1, 4)}, each with distinct coefficients C = {1, 2, 4}.
Hence, such defined spectrum is not canonical.
Tomake the representation canonical and useful for verification,
we need to relate it to the input variables, while avoiding comput-
ing the input signature by the expensive backward rewriting of the
entire circuit. This can be accomplished by local rewriting of the
polynomial associated with the spectrum, as explained next.
4 SPECTRUM COMPUTATION WITHOUT
EXPLICIT REWRITING
In this section we introduce a method that extracts algebraic spec-
trumwithout performing explicit rewriting. We shall rely here on a
functional representation of the circuit using anAnd-Inverter Graph
(AIG) representation of the gate-level circuit. In particular we will
use AIG to propagate the weights through adder trees, present in
some form in most arithmetic circuits.
4.1 Adder-tree Extraction and Coefficient
Propagation
AIG provides a compact way to represent combinational logic cir-
cuits. It is a directed acyclic graph whose internal nodes represent
two-input AND functions and the edges are labeled to indicate an
optional signal inversion [15][12] [14]. Any Boolean network can
be transformed into an AIG using DeMorgan’s law. We will use
AIG structure to extract adder trees by detecting XOR3 and MAJ3
functions with identical inputs since they represent the sum and
the carry of the adder, respectively. ABC provides a method to ex-
tract adder-tree structure from a gate-level netlist[14]. It does it
by computing cuts, sets of AIG nodes called leaves, such that each
path from PIs ton passes through the leaf nodes. A cut isK-feasible
if the number of leaves does not exceed K . This approach, imple-
mented by an ABC procedure &atree, proceeds as follows:
• Compute 3-feasible cuts of AIG nodes and their truth tables.
• Store the cuts in the hash table ordered by their inputs.
• Detect pairs of 3-input cuts with identical inputs, such that
the Boolean functions of the two cuts with shared inputs
belong to the NPN classes of XOR3 and MAJ3 [11].
As soon as the XOR3 and MAJ3 pairs are detected, the HAs and
FAs are automatically extracted. Details are provided in [11].
Our approach to compute spectrum by extracting adder-tree is
based on the observation that arithmetic circuits, such as multi-
pliers, are implemented with an adder-tree and a partial product
generator, in some form. Extraction of adder trees has important
advantage over the computation of individual gates since the adder
function can be represented by a linear relation: a+b+cin = 2C+S ,
where a,b, cin are the binary inputs and C,S are the carry-out
and sum of of the full adder (FA), respectively. Similar formula
can be obtained for a half-adder (HA), with cin = 0. With this,
the signal weights, represented by coefficients Ci , needed to con-
struct the spectrum can be computed by simply propagating the
weights from the known linear polynomial of the output signa-
ture Siдout =
∑
2ir i through the adder tree, until they reach the
non-linear partial product generator logic. During the backward
propagation, the weight of the carry bit of HA/FA is always 2× the
weights of the inputs (which always have the same weight), and
the weight of the sum bit is the same as the weight of the inputs.
Once the propagation reaches partial products, standard backward
rewriting is applied, but now to a relatively shallow logic. This
can significant reduce the computation efforts compared to back-
ward rewriting on adder-tree [27], since weight propagation re-
quires much less computations than regular backward rewriting.
Propagation of the weights in a Booth multiplier, which contains
Spectral Approach to Verifying Non-linear Arithmetic Circuits ASPDAC ’19, January 21–24, 2019, Tokyo, Japan
recorded partial products, is also possible; it is discussed later in Ex-
ample 4. We first illustrate the algorithm of constructing spectrum
with an example of a 2-bit multiplier, Figures 6 and 7.
a
1
b
0
a
0
b
1
a
1
b
1
m
0
m
1
m
3
m
2
m0 m1 m2 m3
9 14 18
16
a0 b0
13
12
17
1011
15
a1b1
XOR XOR
(a) (b)
Figure 6: A synthesized two-bit multiplier. (a) gate-level netlist; (b) AIG
representation. Values inside the nodes represents node names.
(a) (b)
N(i)
C(i) 1               2               4
Figure 7: Coefficient propagation in a 2-bit multiplier: (a) Netlist with
adder-tree detected; (b) Constructed algebraic spectrum S = S2.
Example 3 (CSA multiplier): A mapped gate-level netlist of
a 2-bit CSA-multiplier and its AIG are shown in Figure 6. Here
ni denotes node labeled i in the figure. Computing 3-feasible cuts
in the AIG reveals the following matching: node n14 is an XOR3
and node n12 is a MAJ3 on shared inputs (n10, n11, 0). Similarly,
nodes n18 and n16 form an XOR3, MAJ3 pair on inputs (n12, n15,
0). This corresponds to two half-adders (HA), composed of gates
(18, 16), and gates(14, 12), shown in Figure 7(a). The weights of all
the signals are then propagated backward from PO to PI in reverse-
topological order, using linear expression 2C + S = a + b for the
HAs.
First, the weights (signal coefficients) of HA(18,16) are propa-
gated to cut f1. As a result, the weight of gate 18 (signal S) is 2
2.
Hence, both inputs of gates 18,16 must have weight 22. Similarly,
at cut f0, the weights of inputs of gates 14 and 12 are 2
1. The algo-
rithm terminates at this point since there are no more HA or FA
nodes. The spectrum, shown in Figure 7(b) represents the distri-
bution of coefficients at cut f0, with outputs of gates 9, 10, 11, 15.
The spectrum indicates that the circuit is a 2-bit multiplier, but,
as noted earlier, we need additional steps to find the composition
of the operands to confirm the results. On the other hand, the in-
correct spectrum can be used to quickly determine that the circuit
is buggy, i.e., it does not satisfy the expected arithmetic function.
This is explained by the following theorem regarding the necessary
condition for a circuit to be a multipliers.
Theorem: The circuit is a multiplier only if its spectrum S is a
single 2-variable spectrum S2 that satisfies Eq.(3).
Proof:Assume that S contain other spectra Si than S2, i.e., i = 1,
or i > 2. Then, according to Definition 1, the functional specifica-
tion F of the circuit must include at least one monomial with a
single variable or with more than two variables, which contradicts
the definition of multiplication (Eq.2). Similarly, if S = S2, but S2
does not match Eq.(3) of the multiplier’s spectrum, then some of
the coefficients do not match the definition of the multiplication
operation (Eq.2), and hence it cannot be a correct multiplier.
4.2 Extracting Arithmetic Function from the
Spectrum
In order to get the full information and extract the true arithmetic
function of the circuit, a canonical polynomial expression in terms
of PI needs to be derived. This can be readily accomplished by com-
bining the computation of the spectrumwith local rewriting of the
associated polynomial, as explained by the following.
Definition 2: Let S={ (N1,C1), . . . , (Nm ,Cm) } be an algebraic
spectrumwith coefficientsC = {C1, ...,Cm}. By definition, each el-
ement (Ni ,Ci ) of S is associatedwithNi monomials, {p
1
i ,p
2
i , ...,p
Ni
i },
each with a coefficient Ci . The polynomial corresponding to spec-
trum S , with variables representing the monomials pi , is called a
Spectral Polynomial, SP(S), and has the following form: SP(S) =∑m
i=1(
∑Ni
j=1 Cip
j
i ).
By construction, it is a linear polynomial reconstructed from
the spectrum that represents a polynomial expression of a cut at a
set of variables {pi }. To obtain the input signature, Siдin we just
need to express each variable pi in terms of the primary inputs
PI, which can be done by backward rewriting. In the case of an
adder, each pi is already a primary input, PI, so the SP(S) is the
input signature, Siдin . For a standard, non-Booth multiplier, with
simple partial products, each variable pi is a product of some input
variables ajbk . And in the case of a Booth multiplier, each pi can
be expressed as a non-linear polynomial in terms of PI, typically a
sum of products of the input variable (see Example 5).
Example 4: Consider again the 2-bitmultiplier and its spectrum
in Figure 7. The spectrum derived by the adder-tree extraction cor-
responds to the cut f0 and has the following form: {(1, 1), (2, 2), (1, 4)}.
The corresponding spectral polynomial is SP = p1+2p2+2p3+4p4,
where the individual variables pi correspond to outputs of gates
9, 10, 11, 15, respectively. They can be traced by backward rewrit-
ing to PI as follows: p1 = a0b0;p2 = a0b1;p3 = a1b0;p4 = a1b1.
This results in the input polynomial Siдin = a0b0+2a0b1+2a1b0+
4a1b1, a canonical representation of the 2-bit multiplier circuit.
In summary, the idea is to first generate the spectrum of the lin-
ear portion of the circuit and then use it to derive the input signa-
ture by polynomial rewriting based on Definition 2. In contrast to
the original rewriting approach, the polynomial rewriting is done
here only on a local non-linear portion of the circuit. By combining
spectral analysis and local backward rewriting we can generate a
canonical arithmetic function representation, Siдin , and use it to
solve the verification and abstraction problems.
4.3 Handling Booth Multipliers
We conclude this section by analyzing the application of our ap-
proach to Boothmultipliers. The logic of partial product generators
depends on the multiplication algorithm used in constructing the
ASPDAC ’19, January 21–24, 2019, Tokyo, Japan C. Yu et al.
multiplier. For example, CSA-multiplier uses an AND array, while
Booth-multiplier uses recoded partial products. Nonetheless, once
the adder-tree is detected, the algebraic spectrum is extracted in
the same fashion, regardless of the type of the multiplier. Booth-
encoded multiplier has more complex partial product logic with
fewer product terms in order to minimize area and the delay of the
multiplier. The following example illustrates our approach of spec-
trum construction and polynomial generation by fast local rewrit-
ing using a 3-bit Booth-multiplier.
Example 5 (3-bit radix-4 Booth-multiplier): Polynomial ex-
pressions of all the partial products of this Booth multiplier are
shown in Eq.(4). Arithmetic function of the circuit is the weighted
sum of these partial products, with the weights shown on the left.
Note that someof the partial products contain three variables. How-
ever, it can be shown that those products are redundant, because
they cancel each other in the weighted sum. In Eq.(4 the underlined
3-variable terms will be cancelled. For example, a2b1b2, which ap-
pears inpp31 andpp21, will get cancelled in the partial sum 2
5pp31+
24pp21, so that 2
4a2b1b2+2
3(−2a2b1b2)=0. The same is true for other
3-variable terms, resulting in a 2-variable spectrum only. The re-
maining 2-variable terms form the final polynomial: aob0+2a0b1+
2a1b0 + 4a1b1 + 4a2b0 + 4a0b2 + 8a2b1 + 8a1b2 + 16a2b2, represent-
ing a 3-bit multiplication. This polynomial will be derived from the
spectrum polynomial, as discussed in Example 4,
22 · 23 : pp31 = a2b1b2
22 · 22 : pp21 = −2a2b1b2 + a1b1b2 + a2b1 + a2b2
22 · 21 : pp11 = −2a1b1b2 + a0b1b2 + a1b1 + a1b2
22 · 20 : pp01 = −2a0b1b2 + a0b1 + a0b2
23 : pp30 = a2b0b1 − a2b1
22 : pp20 = −2a2b0b1 + a1b0b1 − a1b1 + a2b0
21 : pp10 = −2a1b0b1 + a0b0b1 − a0b1 + a1b0
20 : pp00 = −2a0b0b1 + a0b0
(4)
5 RESULTS
Table 1: CPU runtime (seconds) of verifying pre- and post-synthesized
gate-level CSA multipliers compared to techniques in [25][21][19][20];
source: gate-level netlist from [25].MO =Memory out of 16 GB. TO = Time
Out (3 hrs). ES = Error state reported.
Size
Pre-synthesized Post-synthesized
[25] [21] [19] [20] Ours [25] [19] [20] Ours
64 1.9 TO 801 4.0 0.1 5.5 1073 418 0.1
128 8.1 - ES ES 0.8 40 ES ES 0.9
256 33 - - - 7.8 285 - - 8.4
512 130 - - - 30 MO - - 42
1024 MO - - - 9638 MO - - 9817
The technique described in this paper has been implemented
in C++ and integrated with the ABC tool [14]. The program takes
as input the gate-level netlist in Verilog, BLIF or AIG format, and
produces algebraic spectrumand the final polynomial, Siдin , of the
circuit. The experiments involved computing the spectrum for var-
ious multipliers and arithmetic combinational datapath circuits in
the original (non-optimized) and synthesized versions, with syn-
thesis performed by ABC. The benchmarks involve the CSA and
radix-4 Boothmultipliers, taken from [25][10][19]. The experiments
were conducted on a PC with Intel(R) Xeon CPU E5-2420 v2 2.20
GHz x12 with 32 GB memory.
Two types of experiments were performed: 1) verification, in
which the computed polynomial Siдin is compared with the given
specification polynomial; and 2) function abstraction, where the
computed spectrum is analyzed to determine the type of arith-
metic function implemented by the circuit. The verification results
are compared with the state-of-the-art approaches presented in
[25][19][20]. For word-level abstraction, our approach is compared
with the simulation graph-based technique [22] and computer al-
gebra method of [28]. The comparison with the contemporary for-
mal methods such as SAT, SMT and commercial tools are not pro-
vided in this paper; computer algebraic approach has already been
shown to be orders of magnitude faster than those techniques [25].
Table 2: Runtime (seconds) of verifying multipliers implemented using dif-
ferent architectures; source:AIG from [25][21][19][20].MO =Memory out
of 16 GB. TO = Time Out (3 hrs). UAT = Unstructured adder-tree detected.
ES = Error state reported.
n-bit MULT benchmarks [25] [21] [19] [20] Ours
128
btor; btor-resyn3;
abc; abc-resyn3;
CSA; CSA-resyn3;
MO TO ES ES 1.5
abc-booth;
abc-booth-resyn3
MO TO ES ES 0.5
sp-ar-rc [AOKI] - TO ES ES 1.5
bp-ar-rc-dc2(resyn3) [AOKI];
sp-ar-rc-dc2(resyn3) [AOKI]
- - - - UAT
256
abc; abc-resyn3 MO TO - - 14
abc-booth; abc-booth-resyn3 MO TO - - 3.5
abc-buggy; abc-booth-buggy - - - - UAT
1024
abc; abc-resyn3 - - - - 9482
abc-booth; abc-booth-resyn3 - - - 139
Verification results for the original and synthesized multipli-
ers are shown in Tables 1 and 2. The CPU times are compared
to [25][21][19][20]. Multipliers btor are generated from Boolec-
tor [16]; CSA-multipliers are taken from [25]. The multipliers in
the third and fourth rows of Table 2 are AOKI multipliers [10],
used in works of [21][19][20]. The naming of AOKI multipliers
is explained in [21]. Multipliers abc and abc-booth are generated
by ABC, using command [gen -N -m] and [%blast -b]. The results
show that the verification based on spectralmethod is significantly
faster than the other methods. Furthermore, while it has been pre-
viously shown that synthesis can adversely affect the verification
efficiency [25][19], the spectral method is equally efficient for both
synthesized and non-synthesized multipliers. However, three fail-
ure cases were observed while applying spectral method to AOKI
multiplier circuits. They include circuits bp-wt-cl (Boothmultiplier
with Wallace-tree and Carry-look-ahead adder), sp-ar-rc-dc2; and
bp-ar-rc-dc2 (optimized Booth and standard multipliers with Rip-
ple Carry Adder). For these circuits, the process of constructing
spectra did not work due to the presence of unstructured adder tree
(UAT) component that could not be handled by the ABC adder ex-
traction feature. Note that verifying large Booth-multiplier is much
faster than verifying the CSA and ABC-generated multipliers. This
is because Boothmultiplier has much smaller adder-tree and signif-
icantly fewer gates. Specifically, the tested 1024-bit CSA-multiplier
has over 12 million gates, and 1024-bit Booth-multiplier has only
3million gates.
Spectral Approach to Verifying Non-linear Arithmetic Circuits ASPDAC ’19, January 21–24, 2019, Tokyo, Japan
We also tested the application of our spectral method on buggy
multipliers. The last row of Table 2 includes two 256-bit buggymul-
tipliers, abc-buggy and abc-booth-buggy. The bugs are introduced
randomly inside the adders of these two multipliers. As a result,
the clean adder-tree could not be detected, because it does not ex-
ist. One interesting observation is that in theAIG of a buggy circuit,
the place where the adder-tree breaks is close to the bug location.
This can be used in the future to identify and find bug location.
Abstraction results: extracting word-level specifications from
gate-level complex arithmetic circuits are shown in Table 3.We use
three types of circuits that are constructed with multiplication and
addition, and a three-operand multiplier. The multiplications in
these datapaths are implemented using ABC-generated multipliers.
It shows that our approach can efficiently identify the word-level
operations in the gate-level datapaths. In contrast, the approach of
[22] cannot tell whether there exists multiplication or addition in
these circuits; and our approach is much faster than [28].
Table 3: Results of extracting word-level specification from complex arith-
metic circuits. TO = TIME OUT (3600 s); error = Wrongly reported that no
multiplication nor addition component exist; TO*: finished in 23,760 s.
256-bit [22] [28] Ours
F=A×B+C error TO* 1×mult;1×add 44.7 s
F=A×(B+C) error TO 2×mult 45.1 s
F=A×B×C error TO 1×mult3 68.5 s
6 CONCLUSIONS
The paper presents a novel spectral analysis method for arithmetic
circuit verification. Our approach extracts and analyzes an arith-
metic function implemented by the circuit by efficient computa-
tion of the input signature polynomial; explicit algebraic rewriting
is largely avoided by propagating signal weights through an adder
tree using AIG adder-tree extraction. The method described here
can be used for word-level function extraction of an arithmetic cir-
cuit and for functional checking of the gate-level circuit against
its polynomial specification. The experimental results show that it
outperforms the currently known approaches in verification and
abstraction for gate-level arithmetic circuits.
This work is naturally limited to integer combinational arith-
metic circuits whose function can be expressed by polynomials;
it is not directly applicable to dividers, transcendental, and other
functions that do not have a closed-form polynomial representa-
tion. The benefit of fast spectrum computation and adder-tree ex-
traction strongly depends on the structure of the circuit; the more
unstructured the adder-tree portion is, the more burden will fall
on algebraic rewriting instead of the spectrum computation. For
architectures with highly unstructured (or absent) adder trees the
adder-tree extraction may even fail, and the size of intermediate
polynomials that need to be computed instead may become pro-
hibitively large.
Applying spectral method to debugging and analysis of faulty
circuits requires more insight. In principle, a bug in a circuit will
manifest itself by the fact that the final input polynomial does not
match the expected spectral specification. However, those circuits
are even more prone to failing the adder-tree extraction and can
cause exponential blowup in the polynomial size during rewrit-
ing. In any case, the method can be used to quickly disprove that
whether the circuit implements the expected type of the function,
such as multiplication.
ACKNOWLEDGMENT
This work was supported by an award from the National Science
Foundation, No. CCF-1617708. The authors thankAlanMishchenko
for his help in integrating the tool with ABC.
REFERENCES
[1] Armin Biere. 2013. Lingeling, plingeling and treengeling entering the sat com-
petition 2013. Proceedings of SAT Competition (2013), 51–52.
[2] Randal E Bryant. 1986. Graph-based algorithms for boolean function manipula-
tion. IEEE Trans. on Computers 100, 8 (1986), 677–691.
[3] Yirng-An Chen and Randal Bryant. 1997. *PHDD: An Efficient Graph Represen-
tation for Floating Point Circuit Verification. Technical Report CMU-CS-97-134.
School of Computer Science, Carnegie Mellon University.
[4] M. Ciesielski, P. Kalla, and S. Askar. 2006. Taylor Expansion Diagrams: A Canon-
ical Representation for Verification of Data Flow Designs. IEEE Trans. on Com-
puters 55, 9 (Sept. 2006), 1188–1201.
[5] M Ciesielski, C Yu, W Brown, D Liu, and André Rossi. 2015. Verification of Gate-
level Arithmetic Circuits by Function Extraction. In 52nd DAC. ACM, 52–57.
[6] Farimah Farahmandi and Prabhat Mishra. 2016. Automated Test Generation
for Debugging Arithmetic Circuits. In Proceedings of the conference on Design,
automation and test in Europe (DATE). EDA Consortium.
[7] Saman Froehlich, Daniel Große, and Rolf Drechsler. 2018. Approximate hard-
ware generation using symbolic computer algebra employing grobner basis. In
Design, Automation & Test in Europe Conference & Exhibition (DATE), 2018. IEEE,
889–892.
[8] Samaneh Ghandali, Cunxi Yu, Duo Liu, Brown Walter, , and Maciej Ciesielski.
2015. Logic Debugging of Arithmetic Circuits. In IEEE Computer Society Annual
Symposium on VLSI (ISVLSI). IEEE, 113–118.
[9] Evgueni Goldberg, Mukul Prasad, and Robert Brayton. 2001. Using SAT for com-
binational equivalence checking. In Proceedings of the conference on Design, au-
tomation and test in Europe. IEEE Press, 114–121.
[10] Naofumi Homma, Yuki Watanabe, Takafumi Aoki, and Tatsuo Higuchi. 2006.
Formal design of arithmetic circuits based on arithmetic description language.
IEICE transactions on fundamentals of electronics, communications and computer
sciences 89, 12 (2006), 3500–3509.
[11] Zheng Huang, Lingli Wang, Yakov Nasikovskiy, and Alan Mishchenko. 2013.
Fast Boolean matching based on NPN classification. In FPT‘13.
[12] Andreas Kuehlmann and Florian Krohm. 1997. Equivalence checking using cuts
and heaps. In DAC’97. ACM, 263–268.
[13] Alireza Mahzoon, Daniel Große, and Rolf Drechsler. 2018. Combining Symbolic
Computer Algebra and Boolean Satisfiability for Automatic Debugging and Fix-
ing of Complex Multipliers. In ISVLSI’18. IEEE, 351–356.
[14] Alan Mishchenko et al. 2007. ABC: A system for sequential synthesis and veri-
fication. URL http://www. eecs. berkeley. edu/˜ alanmi/abc (2007).
[15] Alan Mishchenko, Satrajit Chatterjee, and Robert Brayton. 2006. DAG-aware
AIG Rewriting: A Fresh Look at Combinational Logic Synthesis. In 43rd DAC.
ACM, 532–535.
[16] Aina Niemetz, Mathias Preiner, and Armin Biere. 2015. Boolector 2.0. Journal
on Satisfiability, Boolean Modeling and Computation 9 (2015).
[17] E. Pavlenko, M. Wedler, D. Stoffel, W. Kunz, et al. 2011. STABLE: A new QF-BV
SMT solver for hard verification problems combining Boolean reasoning with
computer algebra. In DATE. 155–160.
[18] Tim Pruss, Priyank Kalla, and Florian Enescu. 2016. Efficient Symbolic Compu-
tation for Word-Level Abstraction From Combinational Circuits for Verification
Over Finite Fields. TCAD’16 35, 7 (2016), 1206–1218.
[19] Daniela Ritirc, Armin Biere, and Manuel Kauers. 2017. Column-wise verification
of multipliers using computer algebra. In FMCAD’17.
[20] Daniela Ritirc, Armin Biere, andManuel Kauers. 2018. Improving and Extending
the Algebraic Approach for Verifying Gate-Level Multipliers. In DATE’18.
[21] Amr Sayed-Ahmed, Daniel Große, Ulrich Kühne, Mathias Soeken, and Rolf
Drechsler. 2016. Formal Verification of Integer Multipliers by Combining Grob-
ner Basis with Logic Reduction. In DATE’16. 1–6.
[22] Mathias Soeken, Baruch Sterin, Rolf Drechsler, and Robert Brayton. [n. d.]. Sim-
ulation Graphs for Reverse Engineering. FMCAD 2015 ([n. d.]).
[23] Niklas Sorensson and Niklas Een. 2005. Minisat v1. 13-a sat solver with conflict-
clause minimization. SAT 2005 (2005), 53.
[24] Tiankai Su, Atif Yasin, Cunxi Yu, and Maciej Ciesielski. 2018. Computer Al-
gebraic Approach to Verification and Debugging of Galois Field Multipliers. In
Circuits and Systems (ISCAS), 2018 IEEE International Symposium on. IEEE, 1–5.
[25] Cunxi Yu, Walter Brown, Duo Liu, André Rossi, and Maciej J. Ciesielski. 2016.
Formal Verification of Arithmetic Circuits using Function Extraction. IEEE Trans.
on CAD of Integrated Circuits and Systems 35, 12 (2016), 2131–2142.
ASPDAC ’19, January 21–24, 2019, Tokyo, Japan C. Yu et al.
[26] Cunxi Yu and Maciej Ciesielski. 2017. Efficient Parallel Verification of Galois
Field Multipliers. In ASP-DAC’17. IEEE, 1–6.
[27] Cunxi Yu, Maciej Ciesielski, and Alan Mishchenko. 2018. Fast Algebraic Rewrit-
ing Based on And-Inverter Graphs. IEEE Transactions on Computer-Aided Design
of Integrated Circuits and Systems 37, 9 (2018), 1907–1911.
[28] Cunxi Yu and Maciej J. Ciesielski. 2016. Automatic word-level abstraction of
datapath. In ISCAS’16. 1718–1721.
