Verification of integer multipliers on the arithmetic bit level by Stoffel, Dominik & Kunz, Wolfgang
Veriﬁcation of Integer Multipliers on the Arithmetic Bit Level
Dominik Stoffel Wolfgang Kunz
Institute of Computer Science, University of Frankfurt/Main, Germany
Abstract
One of the most severe short-comings of currently available equiva-
lence checkers is their inability to verify integer multipliers. In this
paper, we present a bit level reverse-engineering technique that can
be integrated into standard equivalence checking ﬂows. We propose
a Boolean mapping algorithm that extracts a network of half adders
from the gate netlist of an addition circuit. Once the arithmetic bit
level representation of the circuit is obtained, equivalence checking
can be performed using simple arithmetic operations. Experimental
results show the promise of our approach.
1 Introduction
In recent years, implementation veriﬁcation by equivalence check-
ing has become widely accepted. Modern equivalence check-
ers can handle circuits with hundreds of thousands of gates and
have replaced gate-level simulation in many design ﬂows. Equiv-
alence checkers can perform extremely well if the two designs to
be compared contain a high degree of structural similarity. This
is usually the case after a conventional synthesis ﬂow. Similar-
ity means that the two circuits contain a lot of internal equiva-
lences [2, 10], also called internal cut points [9]. Techniques to
exploit these similarities have enabled equivalence checkers to ver-
ify very large combinational circuits as has been shown by several
authors [1, 2, 7, 9, 10, 12]. On the other hand, if no internal equiv-
alences exist, modern equivalence checkers fail and even for rela-
tively small examples veriﬁcation can become impossible.
Oneofthemainproblemsencounteredwithequivalence checking
inindustrialpracticeis theinabilitytoverifyinteger multipliers. The
problem occurs when an RT-level (register transfer level) descrip-
tion of a circuit must be compared against a gate-level description.
Typically, the latter has been generated from the former by some
synthesis tool and it is the task of the equivalence checker to verify
this synthesis process. The equivalence checker attempts to solve
the problem by synthesizing a gate-level model from the RT model
and by comparing the two gate-level designs. Unfortunately, this is
bound to fail. The problem is that the gate-level model generated by
the equivalence checker will look entirely different compared to the
multiplier produced by the synthesis tool. Commercial equivalence
checkers offer solutions for black-boxing multipliers, however, this
and related solutions are cumbersome and may easily lead to false
negatives.
Several approaches for multiplier veriﬁcation can be considered.
Word-level decision diagrams like BMDs [3] have great promise be-
cause they can efﬁciently represent integer multiplication. However,
they require word-level information about a design which is often
not available and difﬁcult to extract from a given bit level implemen-
tation. Solutions based on bit level decision diagrams such as [1, 13]
suffer from high complexity and may lack robustness, even if the
BDDs are not built for the circuit outputs directly but certain prop-
erties of the arithmetic circuits (e.g. “structural dependence” [13])
are exploited.
An approach based on a standard equivalence checking engine
was proposed by Fujita [5]. Some arithmetic functions such as mul-
tiplication have special properties which can be expressed as recur-
rence equations. For the circuit to be veriﬁed, it is checked whether
the corresponding recurrence equation is valid using a standard cut-
point based equivalence checking engine. The major drawback of
this interesting approach is that for the circuit to be checked, a re-
currence equation must exist and it must be known. This hampers
automation of the veriﬁcation task.
Reverse engineering could be considered as a very pragmatic ap-
proachto multiplierveriﬁcation. Since the numberofpossible archi-
tectures for a multiplier is limited one may incorporate a variety of
architectures in the frontend of the equivalence checker and repeat
the comparison for all of them. We have not experimented with this
approach but we believe that there are many obstacles. Note, that
even within one and the same architecture, e.g. a carry-save adder
(CSA) array, there can be numerous implementation styles that have
hardly any similarity in terms of internal equivalences. As an illus-
tration look at the following four ways of multiplying two decimal
numbers.
167
￿ 239
334
501
1503
39913
167
￿ 239
1503
501
334
39913
239
￿ 167
239
1434
1673
39913
239
￿ 167
1673
1434
239
39913
All four cases can be implemented by the same architectures but
have no internal equivalences at all. The adder stage of each row
computes the accumulated sum of the previous rows. The accu-
mulated sum values are different in all four variations. We experi-
mentally veriﬁed the absence of internal equivalences by means of
16x16 bit multiplier c6288. We modiﬁed the circuit by swapping its
operands. Since multiplication is commutative c6288 with swapped
operands must be equivalent to the original version. Proving this by
our equivalence checker [11], however, turned out to be impossible.
All internal equivalences were lost, except for the ones belonging to
the partial products in the ﬁrst circuit level.
In this paper, we propose a new approach to veriﬁcation of arith-
metic circuits. It can be understood as a reverse engineering process
1
183but at a more detailed level than described above. We propose an ex-
traction technique which decomposes a gate netlist of an arithmetic
circuit into its smallest arithmetic units. However, we do not iden-
tify word operations but bit operations and only consider the addi-
tion of single bits. Our extraction technique generates an arithmetic
bit level description of the circuit. Addition at this level is reduced
to addition modulo 2 and generation of carry signals. The arithmetic
bit level permits a very efﬁcient veriﬁcation algorithm.
In general terms, the proposed approach can be summarized as
follows:
1. Decompose the two combinational circuits – where possible –
into networks of 1-bit addition primitives, such as XOR, half
adder, full adder (arithmetic bit level).
2. Prove equivalence of corresponding circuit outputs on the
arithmetic bit level using commutative and associative laws.
2 Veriﬁcation at the Arithmetic Bit
Level
Arithmeticfunctionsindigital circuits, such asaddition, subtraction,
multiplication and division, are always implemented using addition
as the base function. Subtracting a number
￿
in two’s complement
notation froma number
￿ , for example, is implemented byinverting
all bits of
￿
, adding 1, and adding
￿ . Also multiplication is based
on addition. Hardware multipliers most often are composed of two
stages (Fig. 1). In the ﬁrst stage, the partial products are gener-
ated from the two operand vectors,
￿
and
￿ . The way these partial
productsare generated depends on whether signedor unsigned num-
bers are processed, and whether or not Booth recoding is used. The
partial products are the inputs to the second stage, which is an ad-
dition circuit. We will call the inputs to an addition circuit primary
addends, in the sequel. The addition circuit adds up the primary ad-
dends to produce the ﬁnal result,
￿
￿
￿
￿
￿
￿ . The implementation
of this addition circuit can be chosen from a variety of architectures
differing in performance or area requirements. Most common im-
plementations are an array of carry-save adders (CSA) or a Wallace
tree.
Primary
addend
generation circuit
Addition X
Y
Z = X·Y
Figure 1: Basic multiplier structure
Any combinational circuit which performs the addition of binary
bit vectors such as the addition stage in a multiplier can be repre-
sented as a composition of half and full adders. A half adder is a
circuit that arithmetically adds two binary operands and produces
two binary results, a sum and a carry signal. Figure 2 shows the gate
schematics of a half adder. In the sequel, we will use the half adder
symbol shown on the right side of Figure 2.
Note that a full adder can be assembled from three half adders.
Figure 3 shows a possible implementation of a full adder and the
operand sum 
carry operand
carry
sum  operand
operand
Figure 2: Half adder, schematics and symbol
corresponding half adder network. The third half adder,
￿ , adds
the two carry bits
￿
￿
￿ and
￿
￿
￿ of the other half adders,
￿ and
￿ , and
produces the full adder carry output
￿ . Because the two signals
￿
￿
and
￿
￿ can never assume the logic value 1 at the same time, the carry
output of the third half adder produces a constant 0.
Q
R
P
c2 c1 c1
c2
a
b
c
a
c
b
"0"
carry
sum sum
carry
v
w
v
w
Figure 3: Full adder decomposed into half adders
Once we have a representation of an addition circuit that is only
composed of half adders, we speak of a half adder network or the
arithmetic bit level representation of the circuit. This representa-
tion allows for a very efﬁcient equivalence checking procedure. We
now introduce a mathematical model for the arithmetic bit level and
develop the theoretical background of our veriﬁcation procedure.
Deﬁnition 1 An addition graph is a triple
￿
￿
￿
￿
￿
￿
￿
￿
￿
￿
￿
￿
￿
￿
￿
￿
￿
￿
￿
￿
￿
￿
￿ .
￿
￿
￿
￿
￿
￿
￿
￿
￿
￿
￿ is a bipartite directed graph with vertex set
￿ and di-
rected edge set
￿ . The vertexset
￿ consists of three disjoint subsets,
￿
￿
￿
!
 
#
"
%
$
&
"
%
’ . The vertices in
  have exactly two immediate pre-
decessors, and are called sum nodes. The vertices in
’ have no pre-
decessors and are called primary addends. The vertices in
$ have
no predecessors and are called carry nodes.
￿ is a relation,
￿
￿
(
￿
￿
￿
$
*
)
+
 
,
￿ and
￿ is a set of Boolean functions.
The addition graph is associated with a half adder network as
follows. Each sum node is associated with the sum output of a half
adder in the network. Each carry node is associated with the carry
output of a half adder. Each primary addend is associated with an
input of the half adder network.
Two vertices
- and
￿ are connected by a directed edge
￿
.
-
/
￿
0
￿
1
￿ , if
the half adder associated with
￿ has the signal associated with
- as
operand.
For
￿
3
2
4
$ and
5
6
2
7
  it is
￿
.
￿
8
￿
￿
5
8
￿
#
2
9
￿ if and only if
￿ and
5
are associated with the output signals of the same half adder in the
network.
With each vertex
-
:
2
;
￿ we associate the Boolean function
<
>
=
?
2
￿ in terms of the primary addends that is implemented by the signal
corresponding to
- in the half adder network.
For illustration of this deﬁnition, Figure 4 shows the addition
graph of the full adder of Figure 3. Note that the primary addends
and the carry nodes are the source nodes of an addition graph, and
2
184c
c
"0"
1
2
c
a
b
w
u
v
Figure 4: Addition graph for full adder
arealso referred toas addends inthe following. In Figure4, addends
are represented by boxes, sum nodes are represented by circles. The
relation between carry and sum nodes is indicated by dashed lines.
Nodes
- and
￿ are sinks of the addition graph and correspond to
outputs
- and
￿ of the half adder network.
The modelling of a half adder by two separate nodes in the addi-
tion graph may seem awkward. Note, however, that our deﬁnition
leads to a decomposition of the half adder network into graph enti-
ties such that all but the source vertices correspond to XOR opera-
tions. Therefore, each sum node in the graph can be associated with
the sum modulo 2 of all source nodes in its transitive fanin. This
facilitates the manipulation of the graph structure.
In the following, without loss of generality, we assume that the
addition graph is a forest of trees. If the addition graph obtained
from the original half adder network does not have tree structure, we
can always generate a forest of trees by duplication of appropriate
graph portions including primary addends.
v
p
q
u
v
p
q
u
r
s
t
t
s
r
Figure 5: Addition graph of Lemma 1
Lemma 1 Let
@ and
5 be the operands of a sum node
A in an ad-
dition graph. Further, let
A and
B be the operands of a sum node
- ,
as shown in Figure 5. Let
C and
D be the carry nodes of
A and
- ,
respectively. Exchanging operand
@ with operand
B does not change
<
= and does not change
<
F
E
H
G
&
<
￿
I .
Proof: Function
<
= does not change because addition modulo 2
is commutative. The function
<
F
E
J
G
9
<
￿
I does not change, because
￿
.
@
￿
5
8
￿
K
G
L
￿
0
￿
.
@
H
G
M
5
8
￿
￿
B
0
￿
,
￿
7
￿
N
B
￿
5
>
￿
O
G
L
￿
0
￿
N
B
P
G
M
5
8
￿
￿
@
Q
￿ .
R
Half adder networks implementing practical addition stages have
the special property that each addition tree computes a digit of a
binary encoded integer. The carry signals of the addition tree for
digit
S all feed into the addition tree for the next digit,
S
U
T
￿
V . This
can be exploited when checking the equivalence of addition trees in
practical addition networks.
Lemma 2 The output functions of two addition trees
W and
X
W (Fig-
ure 6) are equivalent if the following conditions are true.
1. The sets of primary addends for
W and
X
W are identical (
’
F
Y
*
￿
’
,
Z
Y ).
2. There exists an addition tree
  such that the set of all carry
nodes being addends for
W is identical with the set of carries
generated in
  . The same holds for
X
W and some addition tree
X
  .
3. The output functions of
  and
X
  are equivalent.
Proof: If the output functions of
  and
X
  are equivalent, then the
sum modulo 2 of all carries generated in
  is equivalent to the sum
modulo 2 of all carries generated in
X
  . This follows from the obser-
vation that
  can be transformed into
X
  by a sequence of operand
swaps according to Lemma 1.
W as well as
X
W compute the modulo 2
sum of the primary addends and the carries of
  .
R
I T
CS
T
~
S ~
CS ~
I T I T
~ (addends of S)
T
S
equivalent
(addends of S)
~ =
Figure 6: Illustration of Lemma 2
Once we have a representation of an addition circuit as a half
adder network, the equivalence check using Lemma 2 is straight-
forward. Note that ﬁnding addition tree
  for addition tree
W in
condition 2 is trivial in practice, since
  is located in the immediate
structural vicinity of
W . The correspondences
X
  with
  and
X
W with
W are known from the given equivalence checking task.
Note the recursive nature of Lemma 2: the equivalence of the
output digit
S (tree
W ) depends on the equivalence of digit
S
\
[
]
V (tree
  ). The terminal case of the recursion is digit 0 where no carry-ins
exist and only condition 1 of the lemma needs to be checked. The
total run-time of the equivalence check according to Lemma 2 is
linear in the number of half adders which is proportional to circuit
size.
Another possibility toverifyaddition circuits on the arithmetic bit
level is to manipulate the circuits using the operation of Lemma 1
until both circuits have the same structure and contain enough inter-
nal equivalences for a standard equivalence checking procedure to
be successful.
The problem that remains to be solved, however, is how to ex-
tract the arithmetic bit level representation from the gate netlist of
an addition circuit. This is subject of the following section.
3 Extracting the Half Adder Network
An additioncircuit can be implementedinmany different ways. Dif-
ferent architectures, e.g. carry-save adder arrays or Wallace trees,
3
185exist, aiming at different design goals. Also for the components and
subcomponents there exists a variety of implementation choices. As
an example of an adder stage which is not constructed from cas-
caded half and full adders, consider the 4-bit carry-lookahead adder
of Figure 7. In order to speed up computation time, the carry signals
in each output cone are generated by a special logic block.
C
a
r
r
y
-
L
o
o
k
a
h
e
a
d
L
o
g
i
c
s
s
s
s
c0
c
c
c
c c
3
2
1
0
4
4
a
a
a
a
b
b
b
b
1
1
2
2
3
3
a
a
a
a
b
b
b
b
0
0
1
1
2
2
3
3
2
1
3
0
0
Figure 7: 4-bit carry-lookahead adder
It is our goal to extract a half adder network that abstracts from
such implementation details. We seek an extraction technique that
produces as output a network of half adders which is functionally
equivalent to the implementation.
3.1 Basic Procedure
Theapproach wepropose is basedon thefollowing assumption: The
predominantoperationatthebitlevelisthecomputationofexclusive
OR. This logic function is part of every implementation of binary
addition. We use Boolean reasoning techniques [11] to detect XOR
relationships in the original circuit. Guided by the detected XORs
weconstructa network ofhalfadders asareference circuit. Westore
implications between nodes in the original circuit and the half adder
network. The stored implications establish a mapping between the
nodes of the original and the reference circuit.
Asanexample, considertheimplementationofafull addershown
in Figure 8.
Using Boolean reasoning techniques it is possible to prove that
the signal
^ can be expressed as the exclusive OR of signals
_ and
‘
. As a consequence, in the reference circuit, we insert a half adder
node
A with operands
_ and
‘
and store implications reﬂecting the
equivalence of the sum output of the half adder and node
^ . Also,
signal
C can be expressed as the exclusive OR of
^ and
￿ . We insert
a half adder node
- with operands
^ and
￿ and store the equivalence
of the sum output with signal
C .
Now that the half adders
A and
- exist, it is possible to express
signal
D as an exclusive OR of the carry outputs
￿
￿ of
A and
￿
￿
of
- . Also, we can identify the implication
￿
￿
￿
a
V
3
b
c
￿
￿
￿
e
d
which is equivalent to
￿
￿
￿
￿
￿
￿
4
d , for all possible input vectors of
the adder circuit. Therefore we insert half adder
￿ with operands
￿
￿
￿
a
b
e
q
u
i
v
a
l
e
n
t
e
q
u
i
v
a
l
e
n
t
e
q
u
i
v
a
l
e
n
t
"0"
v
w
x
u
c
c
c
1
2
p
q
Figure 8: Full adder implementation and mapped half adder net-
work
and
￿
￿ , and we store the information that the carry output of this half
adder produces a constant 0. We also store an equivalence pointer
between the sum output of
￿ and the output
D of the adder circuit.
We now have a complete mapping of the adder circuit as a half adder
network.
Note that although function
D implements the majority function,
D
￿
￿
7
￿
.
_
+
T
‘
￿
f
￿
g
T
6
_
‘
￿
L
_
‘
T
6
_
\
￿
￿
T
‘
￿ , of the inputs
_ ,
‘
,
￿ and not an
XOR function of any of these operands, we can still ﬁnd a mapping
for this node by using signals from the reference circuit.
When detecting an XOR relationship of the form
h
#
￿
4
_
￿
G
‘
for
some signal
h in the original circuit, with
_ and
‘
being signals in
the original or in the reference circuit, it is actually not sufﬁcient
to insert a half adder with operands
_ and
‘
. It could be that an
operand has to be inverted in order to make the half adder useful
as an operand later. Since the correct operand phases cannot be de-
termined by the XOR detection (
h
￿
￿
i
_
+
G
‘
￿
_
+
G
‘
), we add not
only one half adder for each XOR found but all four half adders
corresponding to the four possible combinations of inversions of the
operands.
The Boolean analysis underlying this procedure is local and of
fairly low complexity. An efﬁcient implementation can be based not
only onimplicationtechniquesbutjust aswellondecision diagrams,
SAT solving or structural hashing [9].
3.2 Local half adder network extensions
In practical implementations, the calculation of sum and carry sig-
nals may be locally separated and restructured, e.g. to improve
timing. If such local optimizations have been performed, the ba-
sic procedure of Section 3.1 may not always be sufﬁcient to deter-
mine a complete mapping of the circuit. However, since the internal
nodes of our addition trees represent only XOR functions, “reverse-
engineering” these treesusing commutative and associative transfor-
mations is simple. We analyze the current structure of the reference
circuit and locally add promising new half adders. Then we retry to
map the unmapped nodes using the new half adders as operands.
As an example, consider a circuit computing some additions ac-
4
186cordingtothehalfaddernetwork shown inFigure9. Inthisnetwork,
a
b
c
d
"0"
full adder
g
e
f
h
P
Q
R
S
Figure 9: Arithmetic bit level representation (example)
function
< is the output of a chain of half adders. Signal
j traverses
three XOR stages before reaching
< . In a practical implementation,
it may be of advantage to compute
< by an XOR tree rather than a
chain. Figure 10 shows such an implementation. Also shown are the
half adders inserted after applying the basic procedure described in
Section3.1. Note that inthis example it is not possible toexpress the
a
c
f
d
b
g
h
a
c
d
b
CARRY function of full adder
e
Figure 10: Implementation of example of Fig. 9 with added refer-
ence circuitry
carry function of signal
k as an XOR of any two half adder signals
in the reference circuit. Hence, we fail to completely map the gate
netlist to a half adder network as in Figure 9.
If, as in this example, the computation of sum and carry signals
has been locally separated and the XOR trees in the sum have been
restructured, certain carry functions can no longer be expressed in
terms of the available signals in the reference circuit and cannot be
mapped. This leads to “gaps” in the extracted network.
In order to map such gaps, we proceed as follows. First, for each
gap, we identify its mapped inputs. Then, by a topological analysis
in the extracted half adder network, we identify the signal where the
sum of the input functions is computed. We then restructure the half
adder network using commutative and associative laws such that the
operands needed to map the gap functions are produced. For ex-
ample, in Figure 10, signals
_ ,
‘
and
l are the inputs of a gap. We
search in the half adder network a signal computing the sum of
_ ,
‘
and
l . By backtracing in the addition graph, we determine for each
input its addends (primary addends and carry nodes). Then, by for-
ward tracing we identify the sum node summing up these addends.
In Figure 10, we identify function
< which computes the sum of
_ ,
‘
,
￿ and
j . Next, we restructure the half adder network such that
an addition chain with the operands
_ ,
‘
and
l is obtained and lo-
cally extend the half adder network by this addition chain. If several
addition chains are possible, all of them are inserted. In our exam-
ple, the addition chain is the series of half adders
￿ ,
￿ and
￿ of
Figure 9 and can be added (not shown) to the half adder network of
Figure 10. Now, signal
k can be expressed as the XOR of two carry
signals in the reference circuit, yielding the half adder
  of Figure 9
and completing the mapping.
3.3 Algorithm
extract half adder network(
$ )
m
/* input:
$ , original gate netlist */
R :=
n ; /* reference circuit */
/* STEP 1: search for XORs in original circuit,
$ */
extraction pass(
$ ,
￿ ,
$ );
/* STEP 2: search for XORs in reference circuit,
￿ */
extraction pass(
$ ,
￿ ,
￿ );
/* STEP 3: complete mapping for yet unmapped nodes */
for all unmapped nodes
h in
$
m
locally extend half adder network R for
h ;
o
extraction pass(
$ ,
￿ ,
￿ );
/* STEP 4: ﬁnd cover */
foreach output
h of circuit
$
m
/* DFS backtrace in half adder network */
select a half adder
p mapped on
h ;
push
p on stack;
while stack not empty
m
pop half adder
p from stack; mark
p ;
foreach operand
q of
p
m
select a half adder
S mapped on
q ;
push
S on stack;
o
Q
o
Q
o
remove unmarked half adders;
return R;
o
Table 1: Algorithm for half adder network extraction
Table 1 shows the pseudo-code of the proposed algorithm for half
adder network extraction. The algorithm consists of four phases.
The ﬁrst two phases consist of the steps introduced in the example
of Figure 8. The third phase targets the remaining unmapped nodes
as described in Section 3.2. In each of these phases, subroutine ex-
traction pass() shown in Table 2 is called which performs one pass
over the original circuit, analyzing whether XOR relationships ex-
ist for every node that has not been mapped by a half adder yet.
Depending on the phase, the XOR operands are searched either in
the original or in the reference circuit. Finally, in the last phase, a
backtrace procedure is started to collect a set of half adders form-
ing a cover for the given addition circuit. This cover is used for the
5
187extraction pass(
$ ,
￿ ,
r )
m
/*
$ : original gate netlist */
/*
￿ : reference circuit */
/*
r : circuit to choose XOR operands from */
for all unmapped nodes
h in
$
m
while (exist
_
K
￿
‘
2
s
r with
h
￿
￿
L
_
1
G
‘
)
m
insert corresponding half adders
t
J
u in R;
store equivalences of half adder sums with
h ;
mark nodes in
$ covered by
t
u as mapped;
o
￿
o
o
Table 2: Subroutine performing a half adder extraction pass
equivalence check of Section 2.
Note that our procedure is robust also in cases where the basic
building blocks are not half or full adders. Consider the example
in Figure 7. In the ﬁrst phase of the algorithm of Table 1 we iden-
tify the XORs performing the additions. For each XOR a half adder
is inserted in the reference circuit. In the second phase we express
each of the outputs
￿
￿ ,
￿
￿ ,
￿
F
v and
￿
F
w of the carry-lookahead logic as
XORs in terms of carry outputs of the inserted half adders, complet-
ing the mapping. It is interesting to note that the resulting half adder
network is of carry-propagate (“ripple carry”) structure.
4 Veriﬁcation Framework
The proposed approach can be added as an additional heuristic to
existing equivalence checking frameworks. Equivalence checking
is run for given circuits in the usual way until standard techniques
abort by lack of internal equivalences. If there are large regions
without internal equivalences, the extraction procedure of Section 3
isactivated, attemptingtogenerateanarithmetic bitlevel representa-
tion of the pathological region. This can be successful, if the region
is indeed an arithmetic block. If the circuit contains a multiplier,
standard equivalence checking will be successful in identifying in-
ternal equivalences for many nodes in the circuit, including the par-
tial products of the multiplier. However, it will fail to process the
subsequent addition circuit. After extracting the arithmetic bit level
representation the veriﬁcation can be completed.
In this paper, we focus on verifying the equivalence of addition
circuits with dissimilar structure as they appear in different mul-
tiplier architectures. Another multiplier architecture parameter is
the use of Booth recoding, which affects not the addition circuit
but the primary addend generation step of Figure 1. The multipli-
cand is re-encoded to produce a smaller set of partial products to
be accumulated by the addition circuit. In order to verify multi-
pliers with Booth recoding in a veriﬁcation framework using the
proposed approach, it is necessary that the frontend producing the
gate-level description of the speciﬁcation generates both, the non-
Booth-encoded and the Booth-encoded partial products bits. The
equivalence checker will then express the extracted half adders in
whatever partial products have been used in the design under veri-
ﬁcation. We have not yet implemented this in our veriﬁcation tool,
therefore the experimental results of Section 5 have been obtained
for non-Booth-encoded multipliers only.
Note that the proposed extraction procedure will fail to extract an
arithmetic bit level description if the multiplier circuit contains an
error. This, however, is easily detected by a simulation step earlier
in the veriﬁcation ﬂow. Observe that multipliers are highly random-
pattern testable so that a buggy design is usually detected by only a
small number of random patterns.
If it is desirable to represent the arithmetic circuit by a word-
level decision diagram, our approach can also be of interest. It
was already pointed out in [3, 4, 8] that knowledge about the sub-
components of a multiplier can be very useful in BMD construc-
tion. It seems likely that the arithmetic bit level representation as
extracted by the procedure of Section 3 could be a good basis for
heuristically guiding a BMD construction process along the lines
of [4, 6].
5 Experimental Results
The described techniques have been implemented as a part of the
HANNIBAL [11] tool. Table 3 shows the results for extracting the
half adder networks for a number of multiplier circuits. The ﬁrst
column shows the circuit name, the next three columns show the bit
widths of multiplication operands,
￿
,
￿ , and result,
￿ , and the last
column shows the run time of the algorithm. The CPU times are
given in seconds on a 450 MHz PC running Linux.
circuit bit vector widths CPU time
name
￿
￿
￿ (secs.)
mult8x8 8 8 16 3
dw csa 8x8 8 8 16 3
dw nbw 8x8 8 8 16 12
mult16x16 16 16 32 40
dw csa 16x16 16 16 32 34
dw nbw 16x16 16 16 32 132
c6288 16 16 32 76
c6288nr 16 16 32 56
c6288opt 16 16 32 36
dw csa 16x26 16 26 42 98
dw nbw 16x26 16 26 42 156
Table 3: Experimental results for half adder extraction
Circuits mult8x8 and mult16x16 are 8- and 16-bit multipliers pro-
duced by a self-written generator for multipliers in CSA array ar-
chitecture. The circuits denoted by preﬁx dw csa and dw nbw are
multipliers in CSA array and Wallace tree architecture, respectively.
They have been created using a commercial CAD system (Synop-
sys Design Compiler). Circuit c6288 is the well-known 16x16 bit
multiplier from the ISCAS-85 benchmark set, circuit c6288nr is its
non-redundant version, and circuit c6288opt is the result of optimiz-
ing c6288 using SIS with script.rugged.
For all these architectures, the arithmetic bit level could be ex-
tracted within short CPU times. Note that due to the Boolean nature
6
188of our extraction technique the arithmetic bit level can also be ob-
tained if the multiplier has been been optimized using standard logic
synthesis techniques. This is illustrated by means of c6288opt and
logic synthesis by SIS.
We veriﬁed the equivalence between any pair of multipliers with
the same operand widths using the equivalence check of Lemma 2.
After the arithmetic bit level was extracted, the actual equivalence
check in all cases took only a fraction of a second.
6 Conclusion
In this paper, we propose a method for equivalence checking of in-
teger multipliers based on a bit level reverse-engineering approach.
Themain challenge is to efﬁciently extract an arithmetic bit level de-
scription of a circuit from a given gate netlist. The presented extrac-
tion algorithms have been tested on different multiplier architectures
and proved very promising. We are currently extending our tool to
differenttypes ofprimary addends sothatBooth-recodedmultipliers
canalsobehandled. Thepresentedapproachcaneasilybeintegrated
into standard equivalence checking frameworks and can increase the
robustness of conventional equivalence checkers for arithmetic cir-
cuits.
7 Acknowledgment
We are grateful to Stefan H¨ oreth and Thomas Rudlof from
SIEMENS, ZT SE 4, for fruitful discussions and for providing the
multiplier examples generated by a commercial synthesis tool.
References
[1] J. R. Bitner, J. Jain, M. S. Abadir, J. A. Abraham, and D. S.
Fussell, “Efﬁcient Algorithmic Circuit Veriﬁcation Using In-
dexed BDDs,” in Proc. Fault Tolerant Computing Symposium
(FTCS-94), pp. 266–275, 1994.
[2] D. Brand, “Veriﬁcation of Large Synthesized Designs,” in
Proc. Intl. Conf. on Computer-Aided Design (ICCAD-93),
pp. 534–537, 1993.
[3] R. Bryant and Y. A. Chen, “Veriﬁcation of Arithmetic Func-
tions by Binary Moment Diagrams,” in Proc. Design Automa-
tion Conference (DAC-95), pp. 535–541, 1995.
[4] Y.-A. Chen and J.-C. Chen, “Equivalence Checking of Integer
Multipliers,” in Proc. Asia and South Paciﬁc Design Automa-
tion Conference (ASPDAC-01), (Yokohama, Japan), 2001.
[5] M. Fujita, “Veriﬁcation of Arithmetic Circuits by Comparing
Two Similar Circuits,” in Proc. International Conference on
Computer Aided Veriﬁcation (CAV ’96).
[6] K. Hamaguchi, A. Morita, and S. Yajima, “Efﬁcient Construc-
tionofBinaryMoment DiagramsforVerifyingArithmetic Cir-
cuits,” in Proc. Internation Conference on Computer-Aided
Design (ICCAD-95), pp. 78–82, November 1995.
[7] J. Jain, R. Mukherjee, and M. Fujita, “Advanced Veriﬁcation
Techniques Based on Learning,” in Proc. 32nd ACM/IEEE
Design Automation Conference (DAC-95), pp. 420–426, June
1995.
[8] M. Keim, M. Martin, B. Becker, R. Drechsler, and P. Molitor,
“Polynomial Formal Veriﬁcation of Multipliers,” in VLSI Test
Symp., pp. 150–155, 1997.
[9] A. K¨ uhlmann and F. Krohm, “Equivalence Checking Using
Cuts and Heaps,” in Proc. Design Automation Conference
(DAC-97), pp. 263–268, Nov. 1997.
[10] W. Kunz, “An Efﬁcient Tool for Logic Veriﬁcation Based on
Recursive Learning,” in Proc. Intl. Conference on Computer-
Aided Design (ICCAD-93), pp. 538–543, Nov. 1993.
[11] W. Kunz and D. Stoffel, Reasoning in Boolean Networks -
Logic Synthesis and Veriﬁcation Using Testing Techniques.
Boston: Kluwer Academic Publishers, 1997.
[12] Y. Matsunaga, “An Efﬁcient Equivalence Checker for Com-
binational Circuits,” in Proc. Design Automation Conference
(DAC-96), pp. 629–634, June 1996.
[13] T. Stanion, “Implicit Veriﬁcation of Structurally Dissimilar
Arithmetic Circuits,” in Proc. International Conference on
Computer Design (ICCD-99), pp. 46–50, October 1999.
7
189