Abstract. In this paper we give a short overview of the decision diagrams, and define a special class of high-level decision diagrams (HLDD) for formal representation of digital systems. We show how the HLDDs can be used for high-level verification of digital systems. For this purpose, HLDDs are represented by characteristic polynomials as a canonical form of HLDDs. The polynomials can be used for proving the equivalence between two HLDDs, which have the same functionalities but may have different internal structures. Some possibilities are shown how to cope with the complexity of the verification problem.
INTRODUCTION
As the complexity of digital systems continues to increase, the traditional gate level modelling of systems, especially for verification and test generation purposes, has become obsolete. Economical and practical reasons have pushed the designers to apply automatic test pattern generation at higher abstraction levels to implement functional or hierarchical test strategies, or to approach design validation with the goal to early identify and remove design errors at higher functional levels, saving time and money. Thus many functional automated test pattern generators (ATPG) have been proposed in the literature to generate effective test sequences at the higher [ 1−3 ], behaviour [ 4, 5 ] or functional register-transfer levels [ 6, 7 ] . A special case of functional techniques are ATPGs, based on perturbation of statements in the digital circuit model using VHDL or RTL [ 8, 9 ]. Hierarchical approach [ 10, 11 ], compared to pure functional approach, lies in the possibility of constructing test plans on higher levels and modelling faults on more detailed lower levels, which results in better test quality. The efficiency of high-level test generation for complex digital systems depends essentially on selecting the diagnostic model of the system and the way how to represent and handle the faults of the system. High-level functional ATPGs can be divided into two main categories: random-based and deterministic. The first set adopts simulation-based strategies, guided by genetic algorithms or other probabilistic techniques [ 2, 3 ] . They rely on functional fault models and simulation of HDL descriptions (e.g. SystemC, VHDL, Verilog, etc.) of the design. These ATPGs are fast, but they cannot guarantee high fault coverage and they tend to generate very long test sequences. Deterministic ATPGs are based on mathematical strategies to allow a complete exploration of the system's state space [ 4, 6, 7, 10, 11 ], thus covering corner cases, but they require a larger amount of timing and memory resources.
In search for efficient high-level models, recently a number of papers has been published on implementing assignment decision diagram (ADD) models [ 12 ] combined with SAT methods to address register-transfer level (RTL) test pattern generation [ 6, 7 ] . A promising approach is to use high-level decision diagrams (HLDD) [ [ 19, 20, 26, 27 ]. While traditionally BDDs are generated by Shannon's expansions, which allow to extract only the Boolean function of the logic circuit, the SSBDDs are generated by a superposition procedure that extracts both, function and data about structural paths of the circuit. This feature makes them preferable for diagnosis related tasks like fault modelling, simulation, test generation and fault location.
HLDDs represent a generalization of SSBDDs for modelling the functions and structure of digital systems on higher behaviour, functional or RTL abstraction levels. HLDDs are an excellent way to represent cause-effect and effectcause relationships at higher levels of system abstraction as a basis for fault diagnosis in technical systems. They allow to skip dedicated low-level technical problems, related to semiconductor technology and to concentrate only on the highlevel logic abstractions to carry out diagnostic reasoning. This is the only way how to handle today's complex systems. Moreover, the test related procedures, developed for SSBDDs, can be easily generalized for HLDDs to handle digital systems, represented at higher levels. In [ 28 ] two methods for synthesis of HLDDs were proposed. The first method is based on symbolic execution of procedural descriptions, which corresponds to functional representation of the system, e.g. on the behavioural level. The second one is based on iterative superposition of HLDDs, and the created model corresponds to the high-level structural representation of the system. The second method can be regarded as the generalization of the superposition of SSBDDs [ 29 ] .
An example of a structurally synthesized HLDD, which represents a RTL data path of a digital system shown in Fig. 1 with functions of the components in Table 1 , is depicted in Fig. 2 4 represent multiplexers and decoders). The whole DD describes the behaviour of the input logic of the register R 2 . The bold path in Fig. 2 shows the active mode of the system in the case of input control vector (y 1 , y 2 , y 3 , y 4 ) = (1, 0, 3, 2), which means that during this clock cycle the system calculates the multiplication R 2 = R 1 · R 2 . The structural relationships between the HLDD and the original system are highlighted by dotted lines in Fig. 2 . The area in Fig. 2 denoted by R 2 corresponds to the DD for the subcircuit R 2 , consisting of register R 2 with its input logic in Fig. 1 ; the area denoted by R 2 + M 3 corresponds to the composite DD for the subcircuit, consisting of components M 2 , multiplier, M 3 and R 2 , highlighted by dark colour in Fig. 1 ; the area, denoted by c(M 1 ), corresponds to the DD for the subcircuit consisting of the components M 1 and adder; finally, the area denoted by d(M 2 ) corresponds to the DDs for the subcircuit, consisting of the components M 2 and multiplier. In the HLDDs the internal nodes represent the control part of a system and the terminal nodes represent the data manipulation part of the latter. In the general case a system is described by a set of HLDDs, where each HLDD represents a controlled input logic of a register.
In this paper we will show how the HLDDs can be used for high-level verification purposes (more precisely, for probabilistic equivalence checking), for example in the cases when we have got two HLDD representations of a system: (1) high level specification, and (2) high level implementation. We will describe the diagrams by sets of characteristic polynomials and show how to use them in practice. The idea to represent digital systems as polynomials is not new, one can find similar ideas adapted for gate level models in papers [ 30, 31 ]. An attempt to move up to the higher levels was made in [ 32 ] . However, at these levels we do not have such convenient and well-known formal representation of the system as boolean expressions are for the gate level. Before strarting to compute a polynomial we need an initial definition of the function it describes. The multivalued decision diagrams proposed for this purpose in [ 32 ] is not the best choice: computing them is the problem itself. This work combined with our previous paper [ 28 ] gives a way to get the canonical form of the digital system at higher levels directly from its description.
The paper is organized as follows. In Section 2 we give the formal definition of HLDDs, in Section 3 we show the possibility of representing the HLDDs by characteristic polynomials, which can be used as a canonical form of HLDDs. In Section 4 we show how the characteristic polynomials can be used for proving the equivalence between two HLDDs, which may have different internal structures. Section 5 concludes the paper.
DEFINITION OF HLDD
In this section we define the objects being studied in the current article: HLDDs and functions represented by them, further called HLDD functions.
Consider a digital system (Z, F ) as a network of subsystems or components where Z is the set of variables (Boolean, Boolean vectors or integers), which represent connections between components, inputs and outputs of the network. Let 
The We shall denote the set of terminal nodes by V T , the set of non-terminal nodes by V N and the set of all successors of the node v by Γ(v). (α 1 , . . . , α n ) ∈ D i . We will use a formula
high-level decision diagram representing the function
as a shorthand for the algorithm: 
CHARACTERISTIC POLYNOMIALS
There are two ways to generate an HLDD for some digital system: one based on procedural description and another based on iterative superposition. These methods are described in [ 28 ] . Further research on HLDD properties requires us to make the following important assumption: each path in the diagram does not contain any of the control variables twice. Diagrams generated by the first algorithm really have such property. The second method can theoretically produce such paths. If we encounter the same variable two times in a path, we can duplicate all variables between the occurrencies of this variable and make an equivalent diagram without such redundancies. Let a path contain nodes, labelled by variables Figure 4 illustrates the transformation described above. Some vertex and all edge labels are not shown because they are not important. We have a path x → y → z → x that is being split in two chains x → y → z and y → z → x.
Suppose now that we have two HLDDs, representing the same functionality. They can look very different as the next examples illustrate.
Example 3. Figure 5 shows two HLDDs of the same function. The only difference is how we evaluate this function. The first diagram represents the situation when we first check the value of the variable X, then, if X equals 2, we check the Y value. The second diagram displays the process of evaluation starting with checking Y . Let us suppose we have two diagrams G 1 and G 2 , with the same sets of control variables and terminal nodes and wish to prove that they are equivalent. Actually it means that the function (1) for both diagrams is the same. 
Proof. We have D(S) different vectors in
If f is a polynomial of such degree then we get the exact result, otherwise there will be some error. Note that for x = x 0 , ..., x n we will always get the exact result: P (x i ) = y i = f (x i ) and it is a polynomial of lowest degree that gives such result. This is the property we are interested in the current paper. Although in numerical analysis textbooks only the case of one-variable function is usually studied, these results can be easily transferred to the multiple-variable case. So, our sought-for polynomial P i is the Lagrange polynomial that evaluates to 1 for each vector from D i and to 0 for each vector from D(S)\D i :
The degree of this polynomial is at most
. Let us prove that this is the only polynomial of such degree.
-
The basis. Let n = 1. Assume we have 2 polynomials, P (x 1 ) and Q(x 1 ),
Then the polynomial P − Q has |D(x 1 )| roots, from 1 to |D(x 1 )|, which could be only in case P ≡ Q. -The induction step. The proof is similar to the basis case one: assume we have 2 polynomials, P (x 1 , ..., x n ) and
After assigning values to x 1 we get |D(x 1 )| pairs of (n − 1)-variable polynomials. They are pairwise equal by induction hypothesis. Thus, the polynomial function We shall call the right side of formula 2 the characteristic polynomial of the node v T i . The Algorithm 1 shows how to get such polynomials for a certain diagram. Here we shall prove that it is correct. 
Algorithm 1. Evaluation of characteristic polynomials.
Input: HLDD G Output: The set of characteristic polynomials for G we shall evaluate polynomials node by node. A polynomial for node v will be denoted by P v ; order all nodes in G topologically. Let T be an array of ordered nodes;
Proof. Let W be a set of all paths from the root node to some terminal node v T . Each path w ∈ W activated by the assignment (
will be represented in the resulting polynomial by the following summand:
(This can be easily proved by induction). The resulting polynomial will be the sum of these summands over all paths from W . As we have assumed in the beginning of the chapter, all variables in w are different. So, l ≤ n. The only difference between summands in (2) and (3) is the bound of the first product sign: generally, the path w should not contain all variables; some of them may be missing. This means that one path actually represents (2) (none of the summands will appear twice, because all paths have the same source node and thus assignments of corresponding paths will differ for at least one variable; otherwise they would never branch off).
Example 5. Let us now find the characteristic polynomials for HLDD from Example 1. First of all we change the labels of edges labelled by 0 to 5 for the one going from node q and to 2 for others. We have 4 paths to the first terminal node: (q = 5), (q = 1), (q = 3, x C = 1), (q = 4, x A = 2). Thus,
For the second node we have two paths (q = 2, x B = 2) and (q = 3, x C = 2), so the second polynomial will be
Finally, paths (q = 2, x B = 2) and (q = 4, x A = 1) give us the third polynomial: 
PRACTICAL USAGE OF CHARACTERISTIC POLYNOMIALS
A skeptically minded reader, after looking at Eq. (2), may notice that the evaluation of such polynomial for a large modern digital system would take huge amount of time. This is true. However, we can get a lot of useful information about the function without evaluating it directly in analytical form. Here we are giving an algorithm that can be used in HLDD verification and is residing in complexity class P . It evaluates the coefficients of lower degrees. Before we provide it we should agree on mapping from D(z) to Z. Generally, each mapping is good except the ones containing zeroes. Multiplication by zero will lose information about some paths. Thus, for example in case of D(z) = 0, 1, ..., |D(z)| − 1 it is better to use mapping h(z) = z + 1. Indeed, assume 0 ∈ D(z) and we need to evaluate the constant term. In this case all assingnments with z = 0 will produce summands Algorithm 2. Evaluating polynomial coefficients of degrees ≤ k.
Input: HLDD G, maximal degree k Output: Set of polynomials, one per each terminal node, that contain members of the characteristic polynomials with degree ≤ k order all nodes in G topologically. Let T be an array of ordered nodes;
containing factor z in Eq. (2). The constant terms of these summands are equal to 0, so they are not taken into account when we evaluate the last coefficient of the whole polynomial. Once we have chosen the proper mapping we can use Algorithm 2 to calculate all coefficients of degrees ≤ n. This method cannot allow us to be 100% confident that our two diagrams are equivalent but if they are not then it can be found very quickly. We continue with an example.
Example 6. Let us introduce an error to the diagram in Fig. 3 . For instance, let the edge (x B , A + B ) now point to the first terminal node, C , as it is shown in Fig. 7 . The characteristic polynomial of the third terminal node remains the same, while 2 others will change: As we see, even only the check for constant terms would detect the error. 
CONCLUSIONS
A novel method for probabilistic equivalence checking of digital systems was proposed. It is based on representing the high-level dedcision diagrams as the model of digital systems by the sets of characteristic polynomials. It was shown that this representation is canonical, i.e. the sets of polynomials for equivalent diagrams are the same up to the names of the variables. Computing the full set of polynomials is unfeasible for large diagrams as it demands checking all assignments to the control variables. To cope with this problem we have developed a polynomial algorithm for probabilistic checking.
The algorithm calculates coeficients of low-degree summands up to the given fixed degree k. If the coeficients do not coincide, then the HLDDs are definitely different; if the coefficients coincide, then the HLDDs are with high probability equivalent whereas the probability depends on the chosen degree of k. To prove that the HLDDs are not equivalent is possible also by only comparing constant terms of the polynomial. For instance, in Example 6, we can see, that even a small erroneous change in the diagram is detectable by comparing constant terms.
The technique itself does not have limitations. However, for some classes of digital systems, optimization techniques may be needed to create efficient HLDD models, but this topic does not belong to the scope of the paper. Also, the equivalence checking of the terminal node functions was left uncovered. The general idea is that those functions are usually simple ones and can be verified using gate level methods. Nevertheless we plan to look at those functions more intently in our future research.
