. This suggests that bit-vector arithmetic can be efficiently modeled as algebra over finite integer rings, where the bit-vector size (m) dictates the cardinality of the ring (Z 2 m ). This paper models the arithmetic datapath verification problem as the equivalence testing of polynomial functions from Z 2 n 1 × Z 2 n 2 × · · · × Z 2 n d → Z 2 m . We formulate the equivalence problem f ≡ g into that of proving whether f − g ≡ 0%2 m . Fundamental concepts and results from "number," "ring," and "ideal theory" are subsequently employed to develop systematic complete algorithmic procedures to solve the problem. We demonstrate the application of the proposed theoretical concepts to high-level (behavioral/RTL) verification of bit-vector arithmetic within practical computer-aided design settings. Using our approach, we verify a set of arithmetic datapaths at RTL, where contemporary verification approaches prove to be infeasible.
I. INTRODUCTION
R EGISTER-TRANSFER level (RTL) descriptions of integer datapaths that implement polynomial computations over bit vectors are found in many practical designs, e.g., in digital signal processing (DSP) for audio, video, and multimedia applications [1] . The growing market for such applications requires sophisticated computer-aided design (CAD) support for design, analysis, and verification. Such designs implement a sequence of ADD, MULT type of algebraic computations over bit vectors for which contemporary verification frameworks do not possess the requisite modeling and manipulation capabilities. Polynomial algebra provides an ideal platform for modeling such arithmetic-intensive designs. However, the word lengths of the bit-vector variables in the design are usually predetermined and fixed according to the desired precision. For the correct modeling of such systems, the effect of these word lengths needs to be accounted for. For example, the largest (unsigned) integer value that a bit vector of size m can represent is 2 m − 1, implying that the bit vector represents integer values reduced modulo 2 m (%2 m ). This suggests that the bit-vector arithmetic can be efficiently modeled as "algebra over finite integer rings of residue classes" Z 2 m [2] . This requires the use of number, ring, and ideal theory concepts for their manipulation. This paper addresses the equivalence verification problem of arithmetic datapath computations over bit vectors where the operands have finite bit widths. The problem is addressed at algorithmic level, behavioral level, or RTL. Fig. 1 depicts the overall design flow for such applications and the corresponding verification problem as it appears in the context of our work.
Initial algorithmic specifications (such as Matlab models) of most signal processing applications involve data representation using floating-point formats. However, they are often implemented with fixed-point architectures in order to optimize the area, delay, and power-related costs of the implementations. Various automated tools exist for this translation [3] . Subsequently, the fixed-point model ("specification") can be translated into an RTL description ("implementation"), performed either manually or by using automated conversion utilities, such as in [4] and [5] . The resulting RTL models can also be optimized using high-level synthesis/restructuring operations (such as [6] - [8] ), leading to (bit-true) equivalent RTL descriptions. The verification problem is to prove that the fixed-point model is computationally equivalent to the converted RTL model or to its optimized/transformed counterpart.
Let us consider specific problem instances that necessitate the use of finite ring algebra for equivalence testing purposes.
0278-0070/$25.00 © 2007 IEEE

A. Finite Word-Length Bit-Vector Arithmetic
For polynomial datapath implementations, the design choice is often that of a "uniform system word length" for the computations [9] . The datapath word length is fixed to a constant (say, m), which is defined by the desired precision. In such cases, m-bit adders and multipliers produce an m-bit output; only the lower m-bits of the outputs are used, and the higherorder bits are ignored. Usually, such computations require appropriate scaling of coefficients and/or signals such that "overflow" can be avoided/ignored and standard fixed-point arithmetic can be implemented. When the datapath size (m) over the entire design is kept constant, then fixed-size bitvector arithmetic manifests itself as "polynomial algebra over the finite integer ring" of residue classes Z 2 m , i.e., addition and multiplication are closed within the finite set of integers {0, . . . , 2 m − 1}. In such cases, symbolically distinct polynomials (those with different degrees and coefficients) can become computationally (bit-true) equivalent. The equivalence verification problem then reduces to that of proving the "computational equivalence" of polynomials, i.e., f ( However, the fixed word-length paradigm is somewhat restrictive. Most designs usually contain operands with different word lengths. For instance, a digital audio-video mixer may perform polynomial arithmetic over a 20-bit audio and a 32-bit video signal [1] . As a practical example, consider the computation performed by a digital image rejection/separation unit that takes as input two signals, namely: 1) a 12-bit vector A[11 : 0] and 2) another 8-bit vector B [7 : 0] . These signals are outputs of a mixer wherein one signal emphasizes on the image signal and the other emphasizes on the desired signal. The design produces a 16-bit output F . The computation performed by the design is described in RTL, as shown in (1) . Note that because of the specified bit-vector sizes, the computation can be "equivalently" implemented as another polynomial G, as shown in (2) input A [11 : 0] 
Such arithmetic datapaths with multiple word-length architectures can be analyzed as polynomial functions from
, where n 1 , n 2 , . . . , n d are the bit widths of input vectors, and m is the output width. So how do we prove the equivalence of such computations? Efficient algorithmic solutions to such problems are the subject of this paper.
B. Problem Modeling
We model the arithmetic computations over bit vectors as follows. 
C. Solution Overview
m are available for fields (R, Q, C), prime rings Z p , Galois fields (GF (p n )), integral, and Euclidean domains, collectively called "unique factorization domains" (UFDs) [2] . In our context, the finite ring formed by the specific modulo value 2 m is a non-UFD due to the presence of zero divisors (e.g., 4 = 2 = 0, 4 · 2 = 0%8) and correspondingly due to lack of multiplicative inverses. Unfortunately, this "disallows" the use of many efficient factorization-based techniques developed over UFDs.
The problem
%n is decidable and is shown to be NP-hard for n ≥ 2 [11] . We transform our problem F %2 m ≡ G%2 m into proving (F − G)%2 m ≡ 0, the well-known "zero-equivalence" problem [11] . For the example described in (1) and (2), we can compute (F − G)%2 16 as 16 . Therefore, our problem reduces to that of testing whether (F − G) is a "vanishing polynomial" %2 m . Formulating the problem in this manner (F − G ≡ 0) has its appeal because it belongs to a class of "ideal membership testing" problems. Moreover, properties of polynomial functions over finite rings have been well-studied topics in number theory and commutative algebra [10] , [12] - [14] . This paper analyzes and extends these results (particularly those of [10] and [13] ) to derive systematic and efficient algorithmic procedures for equivalence checking and demonstrates their application within a practical CAD-based verification framework.
D. Scope of This Paper
The approach presented in this paper has been applied to verify high-level descriptions of arithmetic datapaths, such as those in C and RTL (Verilog/VHDL), some of which were automatically generated by Matlab (Simulink and filter design toolboxes) [5] . Our technique is applicable to designs that implement unsigned and two's complement (overflow) arithmetic. In the DSP domain, rounding and saturation are also common modes of approximation. Modeling such architectures as polynomial functions over finite rings is significantly more involved and is not the subject of this paper. For the same reason, verification of (behavioral) RTL against its corresponding gate-level implementation (netlist) is also not dealt with in this paper. Even within this scope, we demonstrate that there exists a large class of applications where our approach can very efficiently solve the problem whereas contemporary verification techniques are infeasible.
E. Paper Organization
This paper is organized as follows: Section II reviews related work in very large scale integration (VLSI) CAD, symbolic, and polynomial algebra. Section III covers preliminary concepts regarding ring and ideal theory and describes how our problem relates to ideal membership testing. Section IV describes the mathematical aspects related to proving the equivalence of univariate polynomials and provides a solution overview. These results are extended in Section V to provide an algorithm for multivariate computations with arbitrary inputoutput word lengths. Section VI describes the experimental setup and compares our results with those of contemporary techniques. Finally, Section VII concludes this paper, citing future research directions.
II. REVIEW OF PREVIOUS WORK
A. VLSI-CAD
A variety of canonical directed acyclic graph (DAG) representations have been derived for Boolean functions: Binary Decision Diagrams (BDDs) [15] , Binary Moment Diagrams ( * BMDs) [16] , and their various word-level extensions [17] . However, these are based on variants of bit-level (binary) decomposition principles. Hence, they lack the power of abstraction to model integer-level datapath computations. Taylor Expansion Diagrams (TEDs) [18] have been proposed as canonical DAG representations for multivariate polynomials. However, TEDs do not model modulo arithmetic and hence cannot prove the computational equivalence of polynomials over finite integer rings.
Verification techniques for bit-vector arithmetic such as arithmetic decision procedures, term rewriting, and others can be found in [19] and [20] . Integer arithmetic [21] has also been used in constraint satisfaction for simulation-based validation. However, these techniques use modulo arithmetic concepts to "solve" linear congruences-a different application from "proving polynomial equivalence" in Z 2 m . There exist various DSP applications (such as finite impulse response, infinite impulse response, elliptical wave filters, etc.) whose RTL implementations are mostly "linear and/or multilinear expressions:" these are somewhat easy to verify using theorem provers (HOL), congruence closure, data independence, symmetry, and other abstractions [22] , [23] . However, none of the above can efficiently solve the problem at hand.
B. Ring/Field Theory and Computer Algebra in VLSI-CAD
Pradhan's work [24] represents the characteristic function of a circuit as polynomials over Galois Fields GF(2 m ). Modulo arithmetic concepts have been employed in multiplier verification [25] . While these works find application at circuit-netlist level, they are not scalable enough to address polynomial bitvector computations.
Symbolic algebra tools have been integrated with theorem provers [26] and high-level/RTL synthesis tools [6] , [27] . For example, Peymandoust and DeMicheli [6] exploit Buchberger's seminal work on Grobner's bases [28] to decompose and synthesize a polynomial according to available components in the design library (using their Grobner's bases to decide). This paper can exploit available algorithms from Maple [29] because their application is modeled over the "field" R of real numbers or rationals Q. Unfortunately, porting these techniques to Z 2 m is not straightforward.
C. Symbolic Algebra and Number Theory
Ibarra and Moran have extensively analyzed the decidability of equivalence and simplification of a variety of straightline programs [11] . The zero-equivalence problem f %n ≡ 0 is shown to be NP-hard for n ≥ 2 [11] . Such polynomials that compute 0%n are called "vanishing polynomials." For example, F = 4x
It is a well-known result that all vanishing polynomials over a finite ring are members of an "ideal" in that ring. Such "vanishing ideals" over finite sets of points have been studied over arbitrary fields [30] . This paper presents solutions to such problems in Z 2 m within a CAD-based verification framework.
Over UFDs, the equivalence f ≡ g can also be solved by factorizing the polynomials "uniquely" into their "irreducible" terms and then comparing the coefficients of the ordered terms. Unfortunately, factorization is not unique in non-UFDs (such as in Z 2 m ). Consider, for instance, F (x) = x 2 + 6x in Z 2 3 . It can be factorized into two nonunique irreducibles, namely 1) (x)(x + 6) and 2) (x + 2)(x + 4), in Z 2 3 . Therefore, unique factorization-based techniques cannot be applied here. We have analyzed a large number of symbolic algebra packages [31] , and to the best of our knowledge, none of the available packages provide a "ready-made" procedure that can solve the desired equivalence problem.
Researchers from number theory and commutative algebra have analyzed various properties of polynomial functions over finite rings. The next few sections review these results and extend them to derive "systematic algorithmic procedures" for our applications. First, some preliminary concepts.
III. PRELIMINARIES
This section briefly reviews basic commutative algebra concepts to put our polynomial equivalence problems in perspective. The material is mostly referred from [2] .
Definition 1: A "ring" is a set R with two binary operations "+" and "·" (addition and multiplication) satisfying additive and multiplicative associativity, additive commutativity, left and right distributivity, and existence of additive identity and inverse. A "commutative ring" also satisfies multiplicative commutativity.
The set Z n = {0, 1, . . . , n − 1}, where n ∈ N , also forms a commutative ring with unity. It is called the "residue class ring," where addition and multiplication are defined "modulo" n (%n) according to
For our application, n = 2 m . Definition 2: Integers x, y are called "congruent modulo" n (x ≡ y%n) if n is a divisor of their difference, i.e., n|(x − y).
Definition 3: A "zero divisor" is a nonzero element x of a ring R for which x · y ≡ 0, where y is some other nonzero element of R, and the multiplication x · y is defined according to (5) .
Definition 4: A "field" F is a commutative ring with unity, where every element in F , except 0, has a multiplicative inverse, i.e., ∀ a ∈ F − {0} ∃â ∈ F such that a ·â = 1.
The system Z n forms a field if and only if n is prime. Hence,
is not a field as not every element in Z 2 m has an inverse. Lack of inverses in Z 2 m makes RTL verification complicated since Euclidean algorithms for division and factorization are no longer applicable.
Definition 5: Let R be a ring. A "polynomial" over R in the indeterminate x is an expression of the form
∀a i ∈ R. Elements a i are coefficients, and k is the degree. The element a k is called the "leading coefficient"; when a k = 1, the polynomial is "monic."
The system consisting of the set of all polynomials in x over the ring R, with addition and multiplication defined accordingly, also forms a ring, called the "ring of polynomials" [14] and further to those of the type f : [10] . The following definition of such a polynomial function is taken from [10] and modified, for our application, to rings modulo an integer power of 2. , f (x 1 , x 2 , . . . , x d ) ≡ F (x 1 , x 2 , . . . , x d ) for all x i ∈ Z 2 n i , i = 1, 2, . . . , d, and ≡ denotes congruence (mod 2 m ). It is possible for a polynomial with nonzero coefficients to "vanish" on such mappings; in which case, the polynomials are called "vanishing polynomials," and their functions correspond to "nil polyfunctions." For example, the polynomial
A. Ideals and Ideal Membership Testing
It is important to note that "the set of all vanishing polynomials in a given ring forms an ideal in that ring." Thus, to prove that F − G ≡ 0%2 m , we need to determine if (F − G) is a member of the "vanishing ideal" in Z 2 m .
Definition 7: Let I be a subset of the ring R. Then, I is called an "ideal" of R if 1) 0 ∈ I; 2) I is closed under addition; x, y ∈ I ⇒ x + y ∈ I; 3) x ∈ R and y ∈ I, then x · y ∈ I as well as y · x ∈ I. Definition 8:
. . , i n be the given elements of the commutative ring R. Let I be an ideal of R. If
. . , i n are called the "generators" of the ideal I, and we denote this as I = (i 1 , i 2 , . . . , i n ) .
With regard to our application, it is required to analyze the generators of the ideal of all vanishing polynomials in Z 2 m . The works in [12] and [13] have shown that this ideal can be "finitely" generated over any arbitrary finite integer ring (Z n ). Therefore, we begin with a discussion of the vanishing ideal in Z 2 m [x] and subsequently provide a unique representative expression for all members of this ideal. Section IV outlines an efficient algorithm to determine if any given polynomial vanishes by checking if it corresponds to this unique form. These concepts are extended to polyfunctions in d variables from
Examples are used to demonstrate relevant results; their corresponding proofs can be found in [10] and [13] and are therefore not reproduced here.
IV. UNIVARIATE VANISHING POLYNOMIALS
According to a fundamental result in number theory, for any n ∈ N , n! divides the product of n consecutive numbers. For example, 4! divides 4 × 3 × 2 × 1. This is also true for "any" n consecutive numbers: 4! also divides 99 × 100 × 101 × 102. Consequently, it is possible to find the "least" k ∈ N such that n|k!. We denote this value k as SF (n) [32] , i.e., k = SF (n). The significance of the above concept can be explained as follows: Consider the ring Z 2 3 . The least value k such that 8|k! is k = 4. Therefore, any integer that can be factored into a product of (at least) k = 4 consecutive numbers will vanish in Z 2 3 . This property can be utilized to treat the equivalence problem as a divisibility issue in g(x) ). But, 8|4! too. Therefore, if (f − g), evaluated at x, can be represented as the product of four consecutive numbers (depending on x), then (f − g) would vanish in Z 2 3 . So, what is a natural example of a polynomial with this property? The answer is (x)(x − 1) (x − 2)(x − 3).
In this regard, Chen [14] proposed a set of monic polynomials Y k (x), where each Y i (x) represents (in polynomial form) a product of i consecutive numbers in x. More formally, we have the following definition and its corresponding result.
Definition 9: "Falling factorials" of degree k are defined according to
. . . 2 − 4x in Z 2 3 , written as 4(x)(x − 1), cannot be factorized as Y 4 (x) = x(x − 1)(x − 2)(x − 3). However, the missing factors, (x − 2)(x − 3) in this case, are compensated for by the multiplicative constant 4; therefore, 4x 2 − 4x ≡ 0%2 3 . Singmaster [13] identified the constraint on such multiplicative constants such that the polynomial in question would vanish. We state the following result.
Lemma 2: 
. Therefore, in this case, k = 2 and c 2 = 4, and (2 3 /(2!, 2 3 ))(= 4) divides c 2 (= 4). Because the above condition is satisfied, F (x)%2 3 ≡ 0. Note that if c 2 were replaced by 3, then F (x) = 3(x)(x − 1) would not be a vanishing polynomial as 2 3 /(2!, 2 3 ) would not divide 3.
The above concepts lead to Singmaster's theorem [13] that identifies the necessary and sufficient conditions for a polynomial to vanish over any finite integer ring. We restate the result for Z 2 m . 
where n = SF (2 m ) i.e., the least n such that 2 m |n!; F n is an arbitrary polynomial; a k is an arbitrary integer;
. Again, n = SF (2 3 ) = 4. However, F cannot be factored into Y 4 (x); therefore, F 4 = 0. Now consider k = n − 1 = 4 − 1 = 3. Since 4x 2 − 4x (quadratic) cannot be factored by Y 3 (x) (cubic), a 3 = 0. However, F can be factored according to Y 2 , leading to a 2 = 1 and b 2 = 4. Therefore, F vanishes in Z 2 3 .
A. Algorithm
From the above results, a systematic complete algorithmic procedure can be derived to identify whether a given polynomial corresponds to the unique form of (9) and, consequently, vanishes over rings of the form Z 2 m (m is the datapath size). The algorithm is given in Fig. 2 . The inputs are the given univariate polynomials F and G in variable x with a uniform bit width of m bits. The main procedure is outlined below.
The computational procedure is outlined in Fig. 3 . polynomial. If the constraints are satisfied, then the procedure iterates over the remaining terms. 6) The procedure converges with the correct answer on whether
Complexity: In the worst case, (n + 1) divisions by Y k expressions are performed on poly. Moreover, in each iteration, the Y k computation requires O(n) multiplications. The worstcase complexity of the algorithm is, therefore, O(n 2 ), where n = SF (2 m ).
V. EQUIVALENCE OF MULTIVARIATE POLYNOMIALS
We now proceed to extend the results of the previous section to polynomials in d variables. In Section I, we had shown how the multiple-word-length bit-vector computation can be modeled as a polynomial function from
Moreover, we had noted that a fixed-size datapath with multiple variables is a special case of the above, where 
where 
Since F can be represented as a product of four consecutive numbers in x 1 , 2 2 |F and F ≡ 0%4. In the above example, both the input variables x 1 and x 2 and the output F are in Z 2 2 . We wish to generalize these results to analyze polynomial functions over
For this purpose, another quantity, i.e., µ i , is defined as [10] 
We now present the following results from [10] . 3 . We show that F is a vanishing polynomial as F can be written according to
Here, SF (2 3 ) = 4, k 1 = 2, and k 2 = 1. Note that µ 1 = min{2 1 , 4} = 2 = k 1 and µ 2 = min{2 2 , 4} = 4 > k 2 . Since k 1 ≥ µ 1 , the condition in Lemma 3 is satisfied, and hence, F ≡ 0.
Lemma 4:
We can use Lemma 4 to prove that f is a nil polyfunction. Here, 2 n 1 = 2, 2 n 2 = 4, and 2 m = 8. Also, SF (2 m = 8) = 4, µ 1 = min{2, 4} = 2, and µ 2 = min{4, 4} = 4.
, which divides c 1,2 = 4. Also note that here k 1 < µ 1 and k 2 < µ 2 .
Chen extended the above results to derive necessary and sufficient conditions for a polynomial to vanish as a function from
We state the following theorem [10] .
Theorem 2: Let F be a polynomial representation for the function f from
Then, F is a vanishing polynomial (F ≡ 0) if and only if it can be represented as
where
where µ i is in position i, and µ i is defined according to (11);
are arbitrary polynomials, possibly zero;
is the falling factorial of degree
is as defined in (10); a k ∈ Z is an arbitrary integer;
. Proof: While a detailed proof of the above theorem is provided in [10] , the theorem does follow from Lemma 3 (for each of the d computations Q i Y µ(i) ) and from Lemma 4 (for the computation
The following example illustrates the above concept.
2 , SF (8)} = 4. Therefore, µ(1) = µ 1 , 0 = 2, 0 , and hence, Y µ(1) = Y 2,0 (x 1 , x 2 ). Similarly, µ(2) = 0, µ 2 = 0, 4 . Now, F can be written as
Here, Q 1 = 1, a 1,2 = 1, and b 1,2 = 8/(8, 1! · 2!) = 4. Note that Q 2 and all remaining a k terms are equal to 0. Hence, F can be written in the form given by Theorem 2 and is thus a vanishing polynomial. Again, (12) completely describes the ideal of all vanishing polynomials in d variables over
to Z 2 m . We now describe an algorithm that determines the equivalence of any two given polynomials F and G by determining if F − G can be reduced to this form, implying that
A. Algorithm
The algorithm takes as input the two polynomials F and G in variables x 1 , . . . , x d with corresponding bit widths n 1 , . . . , n d . The output is "true" if F ≡ G. The algorithm is given in Fig. 4 , the main procedure of which is outlined as follows.
1) Find the difference of the two polynomials poly. This is the expression that should vanish to prove equivalence. 2) Order the monomial terms of poly in a descending lexicographic order on the variables. Monomials are compared by their degree in the first variable, with ties broken using the degrees in the second variable, third variable, and so on. 
VI. EXPERIMENTAL SETUP AND RESULTS
We have implemented the proposed algorithms in Perl with calls to Maple 7 [29] for all the algebraic manipulations. Using our algorithms, we have been able to perform verification runs over a number of designs collected from a variety of benchmark suites. The results are presented in Table I .
The first set of examples are datapaths with a single input bitvector variable, which are modeled as univariate polynomials. The anti-aliasing function is from [6] . The second example is a polynomial expression from [34] . The other univariate examples are implementations of elementary function computations. The first benchmark in the set of multivariate datapath instances represents an image rejection computation, as described in Section I. The phase-shift keying function is from [6] and is used in digital communication. The polynomial filters are Volterra models of polynomial signal processing applications taken from [1] . Mibench is a ninth-degree polynomial from a set of automotive applications in [35] . Horner polynomials are from [34] . Polynomial computations commonly used in DSP are often implemented in Horner's form using multiply-add-accumulate (MAC) units. In [6] , it was shown how computations by these MAC units can be extracted as polynomials in Horner's form. The vanishing polynomial examples, for both univariate and multivariate cases, were specifically created to validate our algorithms.
Some of these designs are available as RTL code. The others were available as high-level specifications in Matlab or C code. The RTL code for these reference designs was automatically generated using Matlab Simulink and Filter Design toolboxes (particularly for the digital filter designs). Once the reference RTL descriptions were obtained, they were further optimized using techniques from [6] and [8] . In [6] , the application of high-level restructuring and symbolic algebra-based transformations was presented for high-level synthesis. These include factorization and expansion, tree-height reduction, etc. The recent work in [8] has derived a sequence of polynomial algebra-based transformations to reduce the area cost of the implementation. This is achieved by modulating and segmenting the coefficients and subsequently removing algebraic redundancy (vanishing polynomials). In essence, the technique in [8] attempts to search for a sparser implementation of a given polynomial that occupies lesser area. These transformations were applied to the original RTL description to obtain functionally equivalent implementations. The optimized RTL was then verified for equivalence against the original one.
For equivalence testing, both RTL descriptions were given to the high-level synthesis tool Gaut [36] , and their corresponding data-flow graphs (DFGs) were extracted. Traversing the DFGs from the inputs to the outputs, the polynomial representations were constructed, and the datapath sizes were noted. The algorithms were invoked to find the difference between the two polynomials (both univariate and multivariate) and subsequently verified that it computes zero to prove equivalency. We were able to solve all problems in < 5 s.
We have also performed equivalence checking of the given RTL designs using BDDs, BMDs, and SAT-based approaches.
BDD and SAT: Since gate-level descriptions are required by both BDDs and SAT, we synthesized our designs using a commercially available logic synthesis tool. BDDs were used to verify the resulting netlists using the VIS [37] package. It was found that BDDs could solve the problem for some of the smaller benchmarks (especially for univariate polynomials) due to the simplification achieved by propagating the corresponding coefficients (constants). However, they failed for the rest of the designs.
From the gate-level netlists corresponding to the two designs, we generated miter circuits and converted them to CNF format. ZChaff [38] was used to prove equivalence via unsatisfiability testing. For all the designs, ZChaff could not solve the problem within the time limit of 1000 s.
* BMD: * BMDs have been shown to be effective for multiplier verification as they have linear size complexity for multipliers. However, for higher-degree (k) polynomials, their size increases O(n k ), where n is the bit-vector size. We experimented with * BMDs for verification of our applications and found that * BMDs also do not perform satisfactorily. Note that in our applications, not only do we need to construct * BMDs for higher-degree terms, the word lengths of the vectors are also different. These finite word lengths can distort the * BMD structure, which is explained below.
Consider the computation F For our experiments, we used the concepts presented in [39] to construct * BMDs directly from the RTL for the given word lengths. In [39] , operations for bit-vector manipulations were described, which allow to perform bit-field extraction directly from a given BMD. Using these concepts, * BMDs were constructed directly from the DFGs obtained for the corresponding RTL.
* BMD computation terminated only for up to degree-4 polynomials, and the rest of the designs could not be verified within the time limit.
A. Faulty Designs
We also wanted to analyze the performance of our approach in the presence of bugs. To verify that our algorithm can detect nonequivalence of designs, we experimented with some designs by arbitrarily changing one or more of the coefficients. Table II presents the results for some of the benchmarks. The algorithm was indeed able to verify that the designs were not equivalent and that too very quickly. This result is not surprising. The algorithm may not always have to perform SF (2 m ) iterations-if the conditions on the coefficients (Theorems 1 and 2) are not satisfied in any iteration (i.e., a bug is found), the algorithm terminates.
We also experimented with simulation and SAT tools to evaluate their performance on detecting nonequivalence. For simulation, the vectors were generated (pseudo)randomly and applied to both original and faulty RTLs. Nonequivalence was indeed detected within very few vectors. The results are shown in the third column of Table II . For experiments with SAT, we synthesized both original and modified (faulty) designs into gate-level netlists, generated corresponding miter circuits, and converted them into CNF format. The ZChaff tool was then used to find a satisfying assignment, thereby proving nonequivalence. Indeed, nonequivalence was easily detected using SAT too; the run time is depicted in the fourth column of Table II . The results show that our technique is comparable against simulation and SAT for detecting nonequivalence of designs.
B. Limitations of Our Approach
Many DSP systems implement some form of computation approximation by incorporating various rounding schemes. Our approach is restricted inasmuch as it cannot verify datapaths where the intermediate signals have varying precision (due to "rounding"). In such situations, the varying word-length paradigm cannot be easily captured by formulating it as an ideal membership-testing instance.
In addition to truncation and rounding, saturation arithmetic is also a common mode of arithmetic approximation in the DSP domain. Traditionally, it has been difficult to model such descriptions as polynomials due to the presence of comparison operations. However, when the word lengths are fixed, it might be possible in some cases to abstract them as polyfunctions. For example, consider the computation if (x > 2) then y = x * x * x else y = x * x where x is a 2-bit number, and y is 5 bits wide. The 5-bit output y can be represented as a polyfunction from Z 2 2 → Z 2 5 as Y = (3x 3 + 8x 2 + 22x)%2 5 . Moreover, arithmetic datapaths often contain right-shift operations that cannot be easily modeled in our framework. Analysis of such computations requires substantially more work and is the subject of our future investigations.
VII. CONCLUSION
We have presented a framework for the equivalence verification of arithmetic datapaths wherein the operands have finite prespecified word lengths. Our approach models the design as a polyfunction from Z 2 n 1 × Z 2 n 2 × · · · × Z 2 n d → Z 2 m . Subsequently, to prove the equivalence of the two designs, we transform the problem F %2 m ≡ G%2 m into that of proving F − G ≡ 0%2 m over such mappings. This formulation corresponds to that of testing for membership in the "ideal" of all vanishing polynomials over the given finite ring. Such vanishing ideals have been analyzed, and we have derived efficient algorithmic approaches to test whether a polynomial is a member of this vanishing ideal. Using our algorithms, a variety of benchmarks have been verified. Our approach was able to solve the problem in all cases, where contemporary verification approaches were shown to be infeasible. As part of future work, we are investigating applications of the proposed concepts to datapath computations that implement other modes of arithmetic approximations, such as rounding and saturation.
