Formal verification is fundamental in many phases of digital systems design. The most successful verification procedures employ Ordered Binary Decision Diagrams (OBDDs) as canonical representation for both Boolean circuit specifications and logic designs, but these methods require a large amount of memory and time. Due to these limitations, several models of Decision Diagrams have been studied and other verification techniques have been proposed. In this paper, we have used probabilistic verification with Galois (or finite) field GF(2 m ) modifying the CUDD package for the computation of signatures in classical OBDDs, and for the construction of Mod2-OBDDs (also known as -OBDDs). Mod2-OBDDs have been constructed with a two-level layer of -nodes using a positive Davio expansion (pDE) for a given variable. The sizes of the Mod2-OBDDs obtained with our method are lower than the Mod2-OBDDs sizes obtained with other similar methods.
Introduction
One of the most important aspects during circuit design is the verification, i.e., checking for functional equivalence. The translation of a circuit design from a highlevel specification to a physical implementation depends on the correct transformation of its description at higher levels of abstraction to equivalent descriptions at more detailed levels. At logic level, verification consists of checking the equivalence of a Boolean function specification and its logic implementation. Most of the current successful equivalence checkers use Binary Decision Diagrams (BDDs) [1, 2] or their derivatives as a core of the equivalence deduction engine. OBDDs [3, 4] are used as canonical representations for both Boolean circuit specifications and logic designs. While OBDD-based methods have been quite successful in verifying combinational and sequential circuits, they have significant limitations. For many circuits, verification systems that represent functions as OBDDs require a large amount of memory and time, and for some circuits the resource requirements are unacceptably large. Furthermore, OBDD sizes are quite sensitive to the ordering of their Boolean variables [5, 6] . Various techniques have been proposed to reduce the memory complexity of BDDs by exploiting the structural and functional similarities of the circuits [7] [8] [9] . Some alternative to BDD-based equivalence checkers use Boolean Satisfiability (SAT) [10, 11] or SAT-like methods (ATPG [12] , recursive learning [13] ) as a principal engine.
In spite of the considerable advances in the area, the growing complexity of the verification instances motivates exploring the alternative approaches. Verification performed using OBDDs can be considered as a Deterministic Verification, in which if the OBDDs of the functions are the same (isomorphic), then these functions are said to be equivalent [14] . Another method that can be considered in order to circumvent the above limitations is the Probabilistic Verification, based on the theory of Blum, Chandra and Wegman [15] , in which numeric codes or signatures represent the functions to be verified. This method is based on algebraic transforms of Boolean functions, so that a function can be substituted by its algebraic representation. A signature representing the function is then obtained assigning numeric codes (randomly selected from a finite field) to the variables in the algebraic representation, and then evaluating the result. The comparison is then performed over signatures, not over data structures representing the functions [16] . Signatures can be computed more efficiently than graph-based representations, consume less time and space, and distinguish any pair of Boolean functions with a very high probability of success. By performing several such runs with different random input variable assignments, the resultant algebraic simulation has a probability of error in verification that decreases exponentially from an initially small value [16] . The probabilistic approach presents significant advantages over deterministic methods using OBDDs. In deterministic verification, OBDDs are canonical representations of functions to be verified, and provide a basis for efficient computation. In probabilistic verification, functions are represented by signatures, not by a large data structure. Graph-based data structures are used only in intermediate evaluation steps. Therefore, more general OBDD-based models have been studied which can be used as such intermediate data structures [17] [18] [19] [20] .
In this paper, we consider Mod2-OBDDs [21] (also known as -OBDDs) which are extensions of OBDDs. Mod2-OBDDs are non canonical representations of Boolean functions. For canonical representations as OBDDs, testing the equivalence of two OBDDs simply reduces to the comparison of their pointers. For non canonical representations as Mod2-OBDDs, a deterministic equivalence test requires time cubic in the number of nodes [22] , and thus, it seems not to be suitable for practical purposes. In [21] , a fast probabilistic equivalence test for Mod2-OBDDs that requires only a linear number of arithmetic operations is used.
In this contribution, a very efficient OBDD package (CUDD package from Colorado University) has been modified in order to construct Mod2-OBDD representations of Boolean functions given in multilevel BLIF, and probabilistic verification based on Galois field GF(2 m ) arithmetic for the equivalence test (signatures comparison) has been used. The addition of two elements from a binary extension field GF (2 m ) is simply a bitwise XOR of their corresponding binary representations, the subtraction is exactly the same as addition, and the complexity of the multiplication depends on the irreducible generating polynomial or the basis selected to represent the field elements [23] [24] [25] . These properties justify the use of GF(2 m ) as finite field. Firstly, OBDDs with signatures have been constructed. The signature-inclusion is carried out by including a 32 bit signature field on each OBDD-node and computing the signature in the synthesis process. This signature-OBDD obtained has the same number of nodes as the original OBDD, but with the signature computed for the Boolean function that it represents. Secondly, Mod2-OBDDs have been constructed by the inclusion of a two-level layer of -nodes. This layer is created-using the positive Davio expansion (pDE) for a selected variable-in the synthesis of the BLIF file for the function.
Signature is so computed for the Mod2-OBDD and is compared with signature obtained with the signature-OBDD for the equivalence test. Times and sizes are compared for the three used structures (OBDDs, signature-OBDDs and Mod2-OBDDs).
The paper is structured as follows: In Section 2, some basic concepts concerning Mod2-OBDDs are introduced. In Section 3, probabilistic equivalence test using Galois field GF (2 m ) is presented. In Section 4, modifications on CUDD package for signature computation are outlined. Section 5 deals with the introduction of -nodes for the Mod2-OBDD construction. In Section 6, experimental results are presented. Finally, some conclusions are included in Section 7.
Mod2-OBDDs
Mod2-OBDDs have been defined in [21] . A Mod2-OBDD (also known as -OBDDs) over a set X n = {x 1 ,x 2 ,…,x n } of Boolean variables is a directed acyclic connected graph P where each node has out-degree 2 or 0. There is a distinguished non-terminal node, the root, which has in-degree 0. The two terminal nodes with out-degree 0, the 0-sink and the 1-sink, are labeled with the Boolean constants 0 and 1, respectively. The remaining non-terminal nodes v are either labeled with Boolean variables x i X n (denoted as branching or decision nodes), or with the binary Boolean operation XOR (-nodes). The function f P associated with a Mod2-OBDD P is determined as follows. Given an input assignment a= (a 1 ,a 2 ,…,a n ){0,1} n , the Boolean values assigned to the leaves extend to Boolean values associated with all nodes of P as follows:
 
The value f P (a) of the Boolean function f P represented by a Mod2-OBDD P is the value 1 or 0 associated with the root of P under the assignment a. A more compact representation can be obtained by using complemented edges [26] .
code or signature for a Boolean function. The probabilistic comparison of two functions can be carried out by evaluating their representations on a randomly chosen vector of values selected from a finite field and comparing the results (signatures) obtained from the evaluation. If the signatures are different, then the functions are inequivalent with certainty. If they are equal, then the functions are equivalent with a small probability of error.
The signature for a Boolean function f(x n-1 ,…,x 0 ) is generated by selecting random numerical values for each x i . These values can be selected from any field, but we will use the finite field GF(p m ), with p prime and m  N, representing a Galois field with p m elements. The evaluation of the function (with these randomly selected values assigned to its inputs) is carried out by the replacement of f(x n-1 ,…,x 0 ) by an equivalent arithmetic function defined over the finite field. This replacement is determined by an algebraic transformation of the Boolean function in terms of polynomials over the finite field. If we assign the polynomial p x =x to a Boolean variable x, we can transform [16] the Boolean functionsf and f 1  f 2 into the arithmetic expressions 1p f and p f1  p f2 , respectively, where p f represents the polynomial assigned to the Boolean function f. By using the law of DeMorgan and idempotence, we can also transform f 1  f 2 and f 1 f 2 into p f1 +p f2 p f1  p f2 and p f1 +p f2 2  p f1  p f2 , respectively. It must be noted that the above arithmetic operations are carried out on the selected finite field.
In this paper, we consider the Galois field GF(2 m ) which is a characteristic 2 finite field with 2 m elements, each of them represented as an m-bit vector. GF (2 m ) is an extension field of the ground field GF(2)={0,1}. The nonzero elements of GF (2 m ) are generated by a primitive element , where  is a root of a primitive irreducible (2) . The nonzero elements of GF (2 m ) can be represented as the
be expressed as a polynomial of  with degree less than
Arithmetic in a field of characteristic 2 is essentially modulo arithmetic. Therefore, the addition of two polynomials becomes the bitwise XOR of the corresponding binary representations, and subtraction is the same as addition. Multiplication of two polynomials is the most important and one of the most complex and time-consuming operations. Complexity depends on many factors, such as the selection of the irreducible polynomial or the basis selected to represent the field elements: polynomial, dual or normal bases [25] . Because of its characteristic 2, the product 2p f1 p f2 in GF (2 m ) is zero, and the above polynomial for the XOR is simplified to the GF ( n/p. Therefore the error probability associated with the probabilistic equivalence check can be reduced by either increasing the size of the field, or by making multiple runs (using on each run an independent set of random assignments and computing the signatures for the functions). If the signatures are different, we are sure that the two functions are not the same. If they are equal, we choose a new set of input assignments and reevaluate. The probability of erroneously deciding that the functions is equal decreases exponentially with the number of such runs.
Applying these concepts, the probabilistic equivalence test of two functions represented by their Mod2-OBDDs is determined by the algebraic transformation of the Mod2-OBDDs in terms of polynomials over GF (2 m 
The polynomial associated with a Mod2-OBDD P is the polynomial associated with the root of P, so the equivalence test of two functions is the signature comparison of their Mod2-OBDD roots polynomials evaluated at the randomly chosen set of input variables selected from GF (2 m ). Let P f and P g be two Mod2-OBDDs representing the Boolean functions f and g, and assume that a 0 ,…,a n-1  GF(2 m ) are generated independently and uniformly at random. For the Boolean signatures p f and p g computed for the Mod2-OBDDs P f and P g it holds [28] that p f (a 0 ,…,a n-1 )=p g (a 0 ,…,a n-1 ), if f=g, and Prob (p f (a 0 ,…,a n-1 ) =p g (a 0 ,…,a n-1 ))<½, if fg. Therefore, if two given signatures p f (a 0 ,…,a n-1 ) and p g (a 0 ,…,a n-1 ) are equal, then the functions f and g are equal only with a certain probability. An estimation of the probability that the signatures for two nodes representing different Boolean functions in a Mod2-OBDD P are equal can be found in [28] . By using s different signatures per node the error probability computes to at most 
where size(P) denotes the number of nodes of the Mod2-OBDD P, n is the number of variables, and |GF| the cardinality of the finite field GF(2 m ). For our experiments given in Section 6, we use the field GF (2 16 ). Therefore, if we have, for example, a Mod2-OBDD with 10 7 nodes depending on 100 variables, we should use 6 different signatures per node in order to obtain an error probability of less than 6.3110 -4 . It must be noted that for the circuit c1908 studied in section 6, for example, we should use 4 different signatures in order to obtain an error probability of less than 1.2510 -5 . However, this is an error bound. In fact, in our experiments and for only one signature per node, all the experiments performed in order to check the equivalence of two different circuits, were successfully detected by obtaining two different signatures. Furthermore, the work here presented is a first approach that can be further improved.
Including Signatures on CUDD Package
We have used for our implementations the CUDD package, one of the most efficient OBDD packages [29] . CUDD package has been modified in order to include signatures into OBDD nodes, and compute the signature of the Boolean function represented by an OBDD. The signature of the function will be the signature of the root node(s) of the OBDD. We name these decision diagrams signature-OBDDs (or s-OBDDs for simplicity). When the s-OBDD for a function has been constructed, then it can be verified comparing its signature with the signature computed by the construction of the Mod2-OBDD.
CUDD modifications consist of the inclusion of two new fields for each OBDD node: a 1-bit decision-x or field used to distinguish a decision node from a-node, and a 32-bit signature field used for the signature of the node. The most significant 16-bits of this field store the initial signature randomly assigned to the variable associated with the node, and the least significant 16-bits store the signature of the (sub)function represented by the node. Therefore, GF (2 16 ) is used for signature representation.
In the synthesis process, Boolean operations are implemented using the ite operator [30] defined as a ternary Boolean function for three inputs F, G, H by "If F then G else H". This is equivalent to ite(F,G,H)=FG+FH and can be evaluated by recursive application of the Shannon decomposition f=xf| x=1 +xf| x=0 , where positive and negative cofactors f| x=1 and f| x=0 are the function f evaluated at x=1 and x=0, respectively. Positive and negative cofactors of a function associated with a decision node v, l(v)=x, are derived by simply returning the 1-successor and the 0-successor of v, respectively. In our approach, signature computation is performed in the synthesis process using the Shannon decomposition. Let 
where the properties and transformations of Boolean functions into arithmetic expressions given in Section 3 have been used. If the polynomial basis for the representation of the field elements is used, then the signature 1+[x] is simply the complementation of the least significant bit of [x] . When the signature [v] of the function represented by v has been computed, then it is stored at the least significant 16-bits of the signature field of v. Therefore, the signature of a Boolean function represented by an OBDD can be computed in the synthesis process (ite operation). An OBDD with signatures is named signature-OBDD (s-OBDD).
Introduction of -Nodes into the OBDD
Mod2-OBDD for a Boolean function is created by the introduction of an upper two-level layer of -nodes while the OBDD is being constructed. The main advantage of a data structure with OBDDs and -nodes is that the signature for a -node can be directly computed by simply performing the bitwise exclusive-or of the signature associated to its 1-and 0-successors (if Galois field is used). We have constructed Mod2-OBDDs for combinational circuits given in BLIF format. For the introduction of the two-level layer of -nodes, we have used the positive Davio expansion. The positive Davio expansion (pDE) of a function f with reference to a variable x i is given by the following expression:
Using this expansion, an upper layer of two -nodes is constructed for the function as shown in Figure 1 . This structure is given in Figure 1 (b) for a circuit with many outputs and when a given variable x i is selected for the pDE. This expansion could be used for the whole circuit construction in Mod2-OBDD form, but we have restricted the -nodes inclusion to a two-level layer of -nodes and for a selected input variable for the pDE. This general structure has been selected because the number of -nodes in the Mod2-OBDD impacts on its size. For many circuits, a few -nodes lead to small sizes of Mod2-OBDDs, but too many -nodes lead to large Mod2-OBDDs [28] . The introduction of a limited number of -nodes in a mainly OBDD structure, tries to take advantage of both approaches (Mod2-OBDDs and OBDDs). This two-level layer structure is constructed in the synthesis of the BLIF circuit. In BLIF, there are primary inputs, outputs and internal gates. A gate can have only primary inputs as fanins, or can have primary inputs and/or internal gates as inputs. A gate is represented with several lines, each line representing a cube, and the disjunction of these cubes provides the function of that gate. In general, the cubes are not disjoint. Each entry of a line, gives the value (0, 1 or ) that an input to that gate takes.
For the construction of the Mod2-OBDD with twolevel layer -nodes, we select a primary input x i with reference to which the positive Davio decomposition is performed. We will use the same variable for the pDE in all gates of the circuit. For each gate, we will get two functions and that represent the negative and positive cofactors, respectively, with reference to the selected variable x i . For any gate of the circuit, two cases can be distinguished: a) the gate only has primary inputs as fanins, and b) the gate has primary inputs and/or internal gates as inputs.
In case a), for each line (cube) of the gate we have to perform the conjunction of all the primary inputs different from x i (we name the result of this conjunction as product). Then the value that the input x i has for that cube is checked. The possible cases we can take for computing the negative and positive cofactors for each cube ( and ) are the following: The graph so created for internal gates has a structure similar to Figure 1(a) , except that then and else edges of the lower -node are not multiplied by the x i variable. This is because all decomposition in the circuit is carried out with respect to this variable and internal gates are used only as an intermediate step in order to get the outputs of the circuit, so it is not necessary. We must perform these multiplications if the gate is an output, obtaining the structure given in Figure 1(a) . The Mod2-OBDD obtained with this method, is not a canonical representation. As we are interested in the signature computation of the circuit using this data structure, the graph can be simplified not including x i variable in the Mod2-OBDD. The contribution of the variable is considered multiplying the signature of the lower -node in Figure 1(a) by the signature initially assigned to the variable x i . By this way the size of the final Mod2-OBDD is even more reduced. The structure finally obtained is given in Figure 1(b) , with an upper two-level layer of -nodes and classical OBDDs (in fact, signature-OBBDs) at the lower part of the graph. The -nodes used are introduced in the CUDD package by their specification in the decision-xor field of the nodes, and signatures are stored in their signature field. All arithmetic operations involved above must be performed over GF (2 m ) using the signature field of the nodes (decision and -nodes).
For the experimental results given in the following section, the variable x i selected to perform the positive Davio decomposition has been the first variable given in the initial ordering for the benchmarks. It must be noted that several heuristics for variable ordering could be used, such as those based on topological or logic information of the circuit [31, 33] . Therefore, the variable x i selected to perform the Davio decomposition could be the first variable obtained in these new orderings.
Experimental Results
Experiments polynomial basis for representation of the field elements, and the multiplication algorithm used has been the one given in [32] . Firstly, OBDDs and s-OBDDs for some of the given benchmarks have been constructed, and their construction times have been compared. In the 2 nd column of Table 1, the ratios between the times needed to construct s-OBDDs and OBDDs of the benchmarks are given. The number of nodes (sizes) of both graphs is the same. The difference is that s-OBDD computes the signature of the circuit. From the results, it can be observed that the s-OBDD construction is 2.3 times slower in average than OBDD construction (with mux.blif as worst case). Despite of this, the construction of s-OBDDs has not an excessive cost in time in comparison with OBDDs, because we can get canonical representation in OBDD form together with the signature(s) of the circuit, so we could perform deterministic and/or probabilistic verifications. It is important to note that the more time needed for the s-OBDD construction is mainly due to the GF(2 m ) multiplication of signatures. Therefore, the use of more efficient multiplication algorithms [23] will reduce the time needed for the s-OBDD construction.
f f Secondly, we have constructed two-level layer Mod2-OBDDs for the benchmarks, as given in Section 5. The times needed for their construction have been compared with the times needed for s-OBDD construction, and their signatures have been compared in order to check the correctness of the results (probabilistic verification). In the 3 rd column of Table 1 , the ratios between the times We can also compare our method with other similar approaches given in the literature. The comparison of the sizes obtained by our method with the best results obtained in the work of Meinel and Sack [34] for some Benchmarks is given in Table 3 . In [34] , Mod2-OBDDs are constructed depending on a threshold factor, and dynamic variable reordering techniques are neither used. From this comparison, it can be observed that the Mod2-OBDD sizes obtained by Meinel and Sack (with threshold factor equal to 1.0) are 0.99 times smaller than OBDD sizes, while the two-level layer Mod2-OBDD sizes obtained using our approach is 0.83 times smaller than OBDD sizes. In this table, ratio represents the ratio between the Mod2-OBDD and OBDD sizes.
Finally, from the experimental results, it can be observed that the probabilistic verification procedure using signature-OBDDs and two-level layer Mod2-OBDDs seems to be a promising approach for verification. The times needed for the construction of signature-OBDDs are not very large compared with the times needed for the construction of classical OBDDs, and the times needed for two-level layer Mod2-OBDD construction are always smaller than the times needed for s-OBDDs. Furthermore, the two-level layer Mod2-OBDDs sizes are in average smaller (in some cases, much smaller) than classical OBDDs sizes. The comparison of our experimental results with similar work done in the literature shows the suitability of our approach in order to obtain Mod2-OBDDs with reduced sizes. The achieved results could be further improved by trying heuristics for initial variable ordering, using dynamic variable reordering [34] , [35] , and using efficient multiplication algorithms over GF (2 m ), which is part of our ongoing work.
Conclusions
Probabilistic approach seems to be a promising alternative for circuit verification. For probabilistic methods where Galois fields GF (2 m ) are used, Mod2-OBDDs are suitable data structures for signature computation due tothe properties of finite fields with characteristic 2. In this work, a highly optimised package (CUDD) for OBDD construction has been modified to compute signatures in the synthesis process (signature-OBDD) and in order to construct two-level layer Mod2-OBDDs using positive Davio expansion with reference to a selected variable. Signatures obtained from signature-OBDDs and those obtained from Mod2-OBDDs are then compared for checking correctness (probabilistic verification). Experimental results have proven that the signature computation has not an excessive time cost and that Mod2-OBDDs with controlled number of -nodes provide reduced sizes compared with classical OBDDs, so probabilistic verification can be a suitable alternative to classical verification methods. Comparisons with experimental results obtained by other similar approaches found in the literature have been also given, proving that our method is very suitable for the construction of reduced Mod2-OBDDs.
