# ADDING DUAL VARIABLES TO ALGEBRAIC REASONING FOR GATE-LEVEL MULTIPLIER VERIFICATION

#### Daniela Kaufmann<sup>1</sup> Paul Beame<sup>2</sup> Armin Biere<sup>1,3</sup> Jakob Nordström<sup>4,5</sup>

#### 13th Pragmatics of SAT workshop

Haifa, Israel

August 1, 2022

 $\boxtimes$  jn@di.ku.dk

<sup>&</sup>lt;sup>1</sup>Johannes Kepler University, Linz, Austria

<sup>&</sup>lt;sup>2</sup>University of Washington, Seattle, WA, USA

<sup>&</sup>lt;sup>3</sup>Albert-Ludwigs-University Freiburg, Germany

<sup>&</sup>lt;sup>4</sup>University of Copenhagen, Denmark

<sup>&</sup>lt;sup>5</sup>Lund University, Sweden

# ADDING DUAL VARIABLES TO ALGEBRAIC REASONING FOR GATE-LEVEL MULTIPLIER VERIFICATION

### Daniela Kaufmann<sup>1</sup> Paul Beame<sup>2</sup> Armin Biere<sup>1,3</sup> Jakob Nordström<sup>4,5</sup>

#### 13th Pragmatics of SAT workshop

Haifa, Israel

August 1, 2022

⊠ jn@di.ku.dk

Thanks to Daniela for the slides!

<sup>&</sup>lt;sup>1</sup>Johannes Kepler University, Linz, Austria

<sup>&</sup>lt;sup>2</sup>University of Washington, Seattle, WA, USA

<sup>&</sup>lt;sup>3</sup>Albert-Ludwigs-University Freiburg, Germany

<sup>&</sup>lt;sup>4</sup>University of Copenhagen, Denmark

<sup>&</sup>lt;sup>5</sup>Lund University, Sweden

# Bugs in hardware are expensive!

Circuit verification prevents issues like the famous Pentium FDIV bug

#### **Multiplier verification**

**Given:** Gate-level integer multiplier for fixed bit-width **Input format:** AND-Inverter Graph

**Question:** For all possible  $a_i, b_i \in \mathbb{B}$ :

$$(2a_1 + a_0) * (2b_1 + b_0) = 8s_3 + 4s_2 + 2s_1 + s_0$$
?



#### Satisfiability Checking (SAT)

- SAT 2016 Competition
- Exponential running time for solvers

#### Satisfiability Checking (SAT)

- SAT 2016 Competition
- Exponential running time for solvers

#### **Theorem Proving**

- Used in industry
- Requires manual effort
- Automated techniques rely on hierarchical information

#### Satisfiability Checking (SAT)

- SAT 2016 Competition
- Exponential running time for solvers

#### **Decision Diagrams**

- First technique to detect Pentium bug
- Rely on manual decomposition

### **Theorem Proving**

- Used in industry
- Requires manual effort
- Automated techniques rely on hierarchical information

#### Satisfiability Checking (SAT)

- SAT 2016 Competition
- Exponential running time for solvers

### **Theorem Proving**

- Used in industry
- Requires manual effort
- Automated techniques rely on hierarchical information

#### **Decision Diagrams**

- First technique to detect Pentium bug
- Rely on manual decomposition

#### Algebraic Approach

- Dramatic progress since 2015
- Polynomial encoding
- Automated approach
- Works for non-trivial multiplier designs

## **Basic Idea of Algebraic Approach**



For more details on circuit verification using computer algebra, see, e.g., [Kaufmann, 2020]

### From Circuits to Polynomials

#### Gate polynomials $G(C) \subseteq \mathbb{Z}[X]$

```
\begin{array}{lll} -s_3 + l_{24} & -l_{22} + a_1b_1 \\ -s_2 + l_{28} & -l_{20} + l_{18}l_{16} - l_{18} - l_{16} + 1 \\ -s_1 + l_{20} & -l_{18} + l_{14}l_{12} - l_{14} - l_{12} + 1 \\ -s_0 + l_{10} & -l_{16} + l_{14}l_{12} \\ -l_{28} + l_{26}l_{24} - l_{26} - l_{24} + 1 & -l_{14} + a_0b_1 \\ -l_{26} + l_{22}l_{16} - l_{22} - l_{16} + 1 & -l_{12} + a_1b_0 \\ -l_{24} + l_{22}l_{16} & -l_{10} + a_0b_0 \end{array}
```



## From Circuits to Polynomials

#### Gate polynomials $G(C) \subseteq \mathbb{Z}[X]$

$$\begin{array}{lll} -s_3 + l_{24} & -l_{22} + a_1b_1 \\ -s_2 + l_{28} & -l_{20} + l_{18}l_{16} - l_{18} - l_{16} + 1 \\ -s_1 + l_{20} & -l_{18} + l_{14}l_{12} - l_{14} - l_{12} + 1 \\ -s_0 + l_{10} & -l_{16} + l_{14}l_{12} \\ -l_{28} + l_{26}l_{24} - l_{26} - l_{24} + 1 & -l_{14} + a_0b_1 \\ -l_{26} + l_{22}l_{16} - l_{22} - l_{16} + 1 & -l_{12} + a_1b_0 \\ -l_{24} + l_{22}l_{16} & -l_{10} + a_0b_0 \end{array}$$

#### Boolean axioms / value constraints $B(C) \subseteq \mathbb{Z}[X]$

$$a_1, a_0 \in \mathbb{B} \qquad -a_1^2 + a_1, \ -a_0^2 + a_0, \ b_1, b_0 \in \mathbb{B} \qquad -b_1^2 + b_1, \ -b_0^2 + b_0$$



## From Circuits to Polynomials

#### Gate polynomials $G(C) \subseteq \mathbb{Z}[X]$

$$\begin{array}{lll} -s_3 + l_{24} & -l_{22} + a_1b_1 \\ -s_2 + l_{28} & -l_{20} + l_{18}l_{16} - l_{18} - l_{16} + 1 \\ -s_1 + l_{20} & -l_{18} + l_{14}l_{12} - l_{14} - l_{12} + 1 \\ -s_0 + l_{10} & -l_{16} + l_{14}l_{12} \\ -l_{28} + l_{26}l_{24} - l_{26} - l_{24} + 1 & -l_{14} + a_0b_1 \\ -l_{26} + l_{22}l_{16} - l_{22} - l_{16} + 1 & -l_{12} + a_1b_0 \\ -l_{24} + l_{22}l_{16} & -l_{10} + a_0b_0 \end{array}$$

#### Boolean axioms / value constraints $B(C) \subseteq \mathbb{Z}[X]$

$$a_1, a_0 \in \mathbb{B}$$
  $-a_1^2 + a_1, -a_0^2 + a_0,$   
 $b_1, b_0 \in \mathbb{B}$   $-b_1^2 + b_1, -b_0^2 + b_0$ 

#### Specification $S_n \in \mathbb{Z}[X]$

$$8s_3 + 4s_2 + 2s_1 + s_0 - 4b_1a_1 - 2b_1a_0 - 2b_0a_1 - b_0a_0$$



# **Verification Technique**

#### Verification algorithm

$$\text{Reduce specification } \sum_{i=0}^{2n-1} 2^i s_i - \left(\sum_{i=0}^{n-1} 2^i a_i\right) \left(\sum_{i=0}^{n-1} 2^i b_i\right) \text{ by elements of } G(C) \cup B(C)$$

based on fixed variable order until no further reduction possible

Then: C is multiplier  $\Leftrightarrow$  final remainder zero

**Easy:** Multipliers containing a ripple-carry adder

Hard: Multipliers containing a generate-and-propagate adder, e.g., carry-lookahead adder



# **Multiplier – Carry-Lookahead Adder**



# **Multiplier – Carry-Lookahead Adder**



# **Multiplier – Carry-Lookahead Adder**



$$o = o_2 \lor l_0$$
  $-o + o_2 + l_0 - o_2 l_0,$   
 $o_2 = o_1 \lor l_1$   $-o_2 + o_1 + l_1 - o_1 l_1,$   
 $o_1 = l_3 \lor l_2$   $-o_1 + l_3 + l_2 - l_3 l_2$ 



$$\begin{aligned} o &= o_2 \lor l_0 & -o + o_2 + l_0 - o_2 l_0, \\ o_2 &= o_1 \lor l_1 & -o_2 + o_1 + l_1 - o_1 l_1, \\ o_1 &= l_3 \lor l_2 & -o_1 + l_3 + l_2 - l_3 l_2 \end{aligned}$$



$$o = l_0 + l_1 - l_0 l_1 + l_2 - l_0 l_2 - l_1 l_2 + l_0 l_1 l_2 + l_3 - l_0 l_3 - l_1 l_3 + l_0 l_1 l_3 - l_2 l_3 + l_0 l_2 l_3 + l_1 l_2 l_3 - l_0 l_1 l_2 l_3$$

 $15 = 2^4 - 1$  monomials

$$o = o_2 \lor l_0$$
  $-o + o_2 + l_0 - o_2 l_0,$   
 $o_2 = o_1 \lor l_1$   $-o_2 + o_1 + l_1 - o_1 l_1,$   
 $o_1 = l_3 \lor l_2$   $-o_1 + l_3 + l_2 - l_3 l_2$ 



$$o = l_0 + l_1 - l_0 l_1 + l_2 - l_0 l_2 - l_1 l_2 + l_0 l_1 l_2 + l_3 - l_0 l_3 - l_1 l_3 + l_0 l_1 l_3 - l_2 l_3 + l_0 l_2 l_3 + l_1 l_2 l_3 - l_0 l_1 l_2 l_3$$

 $15 = 2^4 - 1$  monomials

 $n ext{ OR Gates} \Rightarrow 2^{n+1} - 1 ext{ monomials}$ 

### **Previous Approach: SAT & Computer Algebra**

[Kaufmann et al., 2019]



# **Previous Approach: SAT & Computer Algebra**

[Kaufmann et al., 2019]



## **Previous Approach: SAT & Computer Algebra**

[Kaufmann et al., 2019]



### **Problem: Proof Certificates**



Possible to simulate DRUP proofs in PAC, but does not scale [Kaufmann et al., 2020]

# Contributions of Our DATE '22 Paper [Kaufmann et al., 2022]



#### Encoding

- Dual variables
- Compact representation of polynomials



#### Novel carry rewriting method

- Uses dual encoding
- Tail substitutions



No need for SAT solver



Uniform practical algebraic calculus (PAC) certificate

### 1st Contribution: Dual Variables

Provide more compact notation for inverters







### 1st Contribution: Dual Variables

Provide more compact notation for inverters

#### **Dual variables**

Whenever two variables  $l_i, f_i \in \{0, 1\}$  satisfy  $f_i = 1 - l_i$ , we have  $f_i = dual(l_i)$ 





■ Practical algebraic calculus well-studied under the name polynomial calculus [Clegg et al., 1996, Razborov, 1998, Impagliazzo et al., 1999, Buss et al., 2001, Alekhnovich and Razborov, 2003, Galesi and Lauria, 2010, Beck et al., 2013, Bonacina and Galesi, 2015, Mikša and Nordström, 2015]...

- Practical algebraic calculus well-studied under the name polynomial calculus [Clegg et al., 1996, Razborov, 1998, Impagliazzo et al., 1999, Buss et al., 2001, Alekhnovich and Razborov, 2003, Galesi and Lauria, 2010, Beck et al., 2013, Bonacina and Galesi, 2015, Mikša and Nordström, 2015]...
- Often with dual variables [Alekhnovich et al., 2000] to avoid annoying blow-up when encoding and reasoning with CNF formulas

- Practical algebraic calculus well-studied under the name polynomial calculus [Clegg et al., 1996, Razborov, 1998, Impagliazzo et al., 1999, Buss et al., 2001, Alekhnovich and Razborov, 2003, Galesi and Lauria, 2010, Beck et al., 2013, Bonacina and Galesi, 2015, Mikša and Nordström, 2015]...
- Often with dual variables [Alekhnovich et al., 2000] to avoid annoying blow-up when encoding and reasoning with CNF formulas
- Polynomial calculus without dual variables exponentially weaker [de Rezende et al., 2021]

- Practical algebraic calculus well-studied under the name polynomial calculus [Clegg et al., 1996, Razborov, 1998, Impagliazzo et al., 1999, Buss et al., 2001, Alekhnovich and Razborov, 2003, Galesi and Lauria, 2010, Beck et al., 2013, Bonacina and Galesi, 2015, Mikša and Nordström, 2015]...
- Often with dual variables [Alekhnovich et al., 2000] to avoid annoying blow-up when encoding and reasoning with CNF formulas
- Polynomial calculus without dual variables exponentially weaker [de Rezende et al., 2021]
- What we see here is exactly this problem in practice

- Practical algebraic calculus well-studied under the name polynomial calculus [Clegg et al., 1996, Razborov, 1998, Impagliazzo et al., 1999, Buss et al., 2001, Alekhnovich and Razborov, 2003, Galesi and Lauria, 2010, Beck et al., 2013, Bonacina and Galesi, 2015, Mikša and Nordström, 2015]...
- Often with dual variables [Alekhnovich et al., 2000] to avoid annoying blow-up when encoding and reasoning with CNF formulas
- Polynomial calculus without dual variables exponentially weaker [de Rezende et al., 2021]
- What we see here is exactly this problem in practice
- Theory suggests: use dual variables!

$$o = o_2 \lor l_0$$
  $-o + o_2 + l_0 - o_2 l_0,$   
 $o_2 = o_1 \lor l_1$   $-o_2 + o_1 + l_1 - o_1 l_1,$   
 $o_1 = l_3 \lor l_2$   $-o_1 + l_3 + l_2 - l_3 l_2$ 



$$o = o_2 \lor l_0$$
  $-o + o_2 + l_0 - o_2 l_0,$   
 $o_2 = o_1 \lor l_1$   $-o_2 + o_1 + l_1 - o_1 l_1,$   
 $o_1 = l_3 \lor l_2$   $-o_1 + l_3 + l_2 - l_3 l_2$ 



$$o = l_0 + l_1 - l_0 l_1 + l_2 - l_0 l_2 - l_1 l_2 + l_0 l_1 l_2 + l_3 - l_0 l_3 - l_1 l_3 + l_0 l_1 l_3 - l_2 l_3 + l_0 l_2 l_3 + l_1 l_2 l_3 - l_0 l_1 l_2 l_3$$

$$o = 1 - f_0 f_1 f_2 f_3$$

# **Practical Difficulty**

Key Method for polynomial inference: Gröbner basis algorithm

Relies on reduction method based on fixed variable order that will immediately eliminate one of each pair of dual variables

**Practice:** During verification, always reduce specification by the dual constraint  $-f_i - l_i + 1$  of a gate variable  $l_i$  before reducing by its gate constraint

Has the effect that all occurrences of  $f_i$  in the specification will be flipped to  $l_i$  before reducing  $l_i$ 

**Problem:** Compact representation is unfolded

## **Practical Difficulty**

Key Method for polynomial inference: Gröbner basis algorithm

Relies on reduction method based on fixed variable order that will immediately eliminate one of each pair of dual variables

**Practice:** During verification, always reduce specification by the dual constraint  $-f_i - l_i + 1$  of a gate variable  $l_i$  before reducing by its gate constraint

Has the effect that all occurrences of  $f_i$  in the specification will be flipped to  $l_i$  before reducing  $l_i$ 

**Problem:** Compact representation is unfolded

 $\Rightarrow$  Need dedicated preprocessing techniques to keep compact representation

# **Calculating with Dual Variables**

#### **Proposition 1.**

For all Boolean variables  $l_i$  and their dual representation  $dual(l_i) = f_i$  we have  $l_i f_i = 0$ 

" $l_i$  and  $dual(l_i)$  cannot be 1 at the same time"

#### **Proposition 2.**

For all Boolean variables  $l_i$  and their dual representation  $dual(l_i) = f_i$  we have  $l_i + f_i = 1$ 

" $l_i$  and  $dual(l_i)$  add up to 1"

# **Dual Mergeable**

Call  $m_1$  and  $m_2$  dual mergeable iff  $m_1=cf_i\tau$  and  $m_2=cl_i\tau$  for c constant,  $\tau$  term Call monomial  $\mathrm{dmerge}(m_1,m_2)=c\tau$  their dual merge

# **Dual Mergeable**

Call  $m_1$  and  $m_2$  dual mergeable iff  $m_1=cf_i\tau$  and  $m_2=cl_i\tau$  for c constant,  $\tau$  term Call monomial  $\mathrm{dmerge}(m_1,m_2)=c\tau$  their dual merge

#### **Algorithm:** Merging monomials(*p*)

```
Input: Polynomial p
    Output: Simplified polynomial r
 1 q \leftarrow \text{sort-degree-lex}(p); r \leftarrow 0;
 2 while q \neq 0 do
          a_l \leftarrow \operatorname{lm}(q); t \leftarrow \operatorname{tail}(q); simplify \leftarrow \bot;
          while t \neq 0 and \deg(q_t) = \deg(\operatorname{lt}(t)) and \neg simplify do
                 a_t \leftarrow \operatorname{lt}(t);
                 if a_t and a_t are dual mergeable then
                      q \leftarrow q - q_l - q_t + \text{dmerge}(q_l, q_t);
                   simplify \leftarrow \top:
                 else t \leftarrow t - q_t:
10
           if \neg simplify then r \leftarrow r + q_1 : q \leftarrow q - q_1:
11 return sort-lex(r);
```

# **Example of Dual Mergeable Monomials**

### Example

```
Let p = l_1 f_2 f_3 + l_1 f_2 l_3 + l_1 l_2 f_3 + f_1 f_2 + l_2 \in \mathbb{Z}[l_1, l_2, l_3, f_1, f_2, f_3]
```

Write  $q_i$  to denote polynomial q after iteration i (dual merges indicated)

$$\begin{array}{lll} q_0 = l_1 f_2 f_3 + l_1 f_2 l_3 + l_1 l_2 f_3 + f_1 f_2 + l_2 & r = 0 \\ q_1 = l_1 l_2 f_3 + f_1 f_2 + \boxed{l_1 f_2} + l_2 & r = 0 \\ q_2 = f_1 f_2 + l_1 f_2 + l_2 & r = l_1 l_2 f_3 \\ q_3 = \boxed{f_2} + l_2 & r = l_1 l_2 f_3 \\ q_4 = \boxed{1} & r = l_1 l_2 f_3 \\ q_5 = 0 & r = l_1 l_2 f_3 + 1 \end{array}$$

## 2nd Contribution: Tail Substitution

Allows to introduce sharing on larger topological levels

Consider 
$$p=f-g$$
 and  $p_1,\dots p_6$  in  $\mathbb{Z}[X]$ : 
$$p_1:=-f+h_1h_2 \qquad p_2:=-g+h_3h_4g_0g_5$$
 
$$p_3:=-h_1+g_0g_1g_2 \quad p_4:=-h_3+g_1g_2$$
 
$$p_5:=-h_2+g_3g_4g_5 \quad p_6:=-h_4+g_3g_4$$

## 2nd Contribution: Tail Substitution

Allows to introduce sharing on larger topological levels

```
Consider p=f-g and p_1,\dots p_6 in \mathbb{Z}[X]: p_1:=-f+h_1h_2 \qquad p_2:=-g+h_3h_4g_0g_5 p_3:=-h_1+g_0g_1g_2 \quad p_4:=-h_3+g_1g_2 p_5:=-h_2+g_3g_4g_5 \quad p_6:=-h_4+g_3g_4
```

Have to reduce p by polynomials  $p_1, \ldots, p_6$  to obtain p = 0:

## 2nd Contribution: Tail Substitution

Allows to introduce sharing on larger topological levels

Consider p=f-g and  $p_1,\dots p_6$  in  $\mathbb{Z}[X]$ :  $p_1:=-f+h_1h_2 \qquad p_2:=-g+h_3h_4g_0g_5$   $p_3:=-h_1+g_0g_1g_2 \quad p_4:=-h_3+g_1g_2$ 

Have to reduce p by polynomials  $p_1, \ldots, p_6$  to obtain p = 0:

$$\begin{array}{c} f-g \xrightarrow{p_1} \\ h_1h_2-g \xrightarrow{p_2} \\ h_1h_2-h_3h_4g_0g_5 \xrightarrow{p_3} \\ g_0g_1g_2h_2-h_3h_4g_0g_5 \xrightarrow{p_4} \\ g_0g_1g_2h_2-g_1g_2h_4g_0g_5 \xrightarrow{p_5} \\ g_0g_1g_2g_3g_4g_5-g_1g_2h_4g_0g_5 \xrightarrow{p_6} \\ g_0g_1g_2g_3g_4g_5-g_0g_1g_2g_3g_4g_5=0 \end{array}$$

 $p_5 := -h_2 + g_3 g_4 g_5$   $p_6 := -h_4 + g_3 g_4$ 

$$p_1 := -f + h_1 h_2 \qquad p_2 := -g + h_3 h_4 g_0 g_5$$

$$p_3 := -h_1 + g_0 g_1 g_2 \qquad p_4 := -h_3 + g_1 g_2$$

$$p_5 := -h_2 + g_3 g_4 g_5 \qquad p_6 := -h_4 + g_3 g_4$$

Reduce p = f - g by polynomials  $p_1, \ldots, p_6$  to obtain p = 0

```
p_1 := -f + h_1 h_2 \qquad p_2 := -g + h_3 h_4 g_0 g_5
p_3 := -h_1 + g_0 g_1 g_2 \qquad p_4 := -h_3 + g_1 g_2
p_5 := -h_2 + g_3 g_4 g_5 \qquad p_6 := -h_4 + g_3 g_4
```

Reduce p = f - g by polynomials  $p_1, \ldots, p_6$  to obtain p = 0

Since  $tail(p_4) \mid tail(p_3)$  and  $tail(p_6) \mid tail(p_5)$ , we can derive:

$$p_3 := -h_1 + h_3 g_0$$
  $p_5 := -h_2 + h_4 g_5$ 

$$p_1 := -f + h_1 h_2$$
  $p_2 := -g + h_3 h_4 g_0 g_5$   
 $p_3 := -h_1 + g_0 g_1 g_2$   $p_4 := -h_3 + g_1 g_2$   
 $p_5 := -h_2 + g_3 g_4 g_5$   $p_6 := -h_4 + g_3 g_4$ 

Reduce p = f - g by polynomials  $p_1, \ldots, p_6$  to obtain p = 0

Since  $tail(p_4) \mid tail(p_3)$  and  $tail(p_6) \mid tail(p_5)$ , we can derive:

$$p_3 := -h_1 + h_3 g_0$$
  $p_5 := -h_2 + h_4 g_5$ 

Then substitute tails of  $p_3, p_5$  in  $p_2$ :

$$p_1 := -f + h_1 h_2 \quad p_2 := -g + h_1 h_2$$

$$p_1 := -f + h_1 h_2 \qquad p_2 := -g + h_3 h_4 g_0 g_5$$

$$p_3 := -h_1 + g_0 g_1 g_2 \qquad p_4 := -h_3 + g_1 g_2$$

$$p_5 := -h_2 + g_3 g_4 g_5 \qquad p_6 := -h_4 + g_3 g_4$$

Reduce p = f - g by polynomials  $p_1, \ldots, p_6$  to obtain p = 0

Since  $tail(p_4) \mid tail(p_3)$  and  $tail(p_6) \mid tail(p_5)$ , we can derive:

$$p_3 := -h_1 + h_3 g_0$$
  $p_5 := -h_2 + h_4 g_5$ 

Then substitute tails of  $p_3, p_5$  in  $p_2$ :

$$p_1 := -f + h_1 h_2$$
  $p_2 := -g + h_1 h_2$ 

Hence we have to reduce p only by  $p_1$  and  $p_2$  to derive p=0Somewhat reminiscent of degree-bounded Gröbner basis reduction in [Clegg et al., 1996]

# **Carry Rewriting**

**Goal:** Rewrite encoding of carry look-ahead unit into a ripple-carry unit, which can easily be verified using computer algebra

```
Algorithm: Carry-RewritingInput: Circuit C in AIG formatOutput: Carry-rewritten Gröbner basis of C1F \leftarrow Mark-final-stage-adder(C);2G \leftarrow Dual-Polynomial-Encoding(F);3H \leftarrow Polynomial-Encoding(C \setminus F);4G \leftarrow Eliminate-Pure-Positive-Variables(G);5G \leftarrow Tail-Substitution(G);6G \leftarrow Carry-Unfolding(G);7return G \cup H
```

# **Carry Unfolding**

#### Proposition 3.

Let  $-l_i+\sigma au_i$  for  $1\leq i\leq k$  be a given set of polynomials, with  $l_i\in X$  and  $\sigma, au_i\in [X]$ . Assume  $\forall_{i=0}^k f_i=\mathrm{dual}(l_i)$ . Then  $\prod_{i=0}^k f_i=1-\sigma(1-\prod_{i=0}^k (1- au_i))$ .

### Example

Excerpt of carry-lookahead adder, with  $x_i, y_i$  being the *i*th inputs of the adder,  $c_{i+1}, c_i$  denoting carries, and  $p_i$  being the polynomial encoding of  $x_i \oplus y_i$ :

$$-c_{i+1} + f_4 f_5 f_6 f_7, \quad -c_i + f_1 f_2 f_3, \quad -l_7 + x_i y_i,$$
  
 
$$-l_6 + p_i l_3, \qquad -l_5 + p_i l_2, \qquad -l_4 + p_i l_1$$

Using carry unfolding for  $c_{i+1}$ , we are able to derive

$$-c_{i+1} + f_7 p_i c_i - f_7 p_i + f_7, \quad -c_i + f_1 f_2 f_3 \quad -l_7 + x_i y_i$$

### **TeluMA**

- Integration of dual variables into AMULET 2.0 [Kaufmann et al., 2019]
- Identifies final-stage adders
- Applies carry rewriting automatically
- On-the-fly generation of proof certificates in PAC format

Published version and experimental data available at:

http://fmv.jku.at/teluma

Maintained version available at:

 $\verb|https://github.com/d-kfmnn/teluma|$ 

# **Evaluation: Multiplier Verification**

Verification of 192 unsigned 64-bit multipliers



## **Evaluation: Proof Certificates**

| architecture | n  | [Kaufmann et al., 2019] |         |           | [Kaufmann et al., 2020] |           | Our approach |           |
|--------------|----|-------------------------|---------|-----------|-------------------------|-----------|--------------|-----------|
|              |    | DRUP                    | PAC     | total (s) | PAC                     | total (s) | PAC          | total (s) |
|              |    | # rules                 | # rules |           | # rules                 |           | # rules      |           |
| sp-ar-cl     | 32 | 14 927                  | 33 834  | 1         | 1 597 897               | 164       | 60 336       | 0         |
| sp-bd-ks     | 32 | 17528                   | 34 958  | 1         | 817 956                 | 28        | 54 116       | 0         |
| sp-dt-lf     | 32 | 3 138                   | 33 451  | 1         | 321 720                 | 5         | 47 835       | 0         |
| bp-ct-bk     | 32 | 2 2 7 6                 | 27312   | 1         | 217 128                 | 3         | 36 356       | 0         |
| bp-wt-cl     | 32 | 46 502                  | 30 561  | 2         | 5 536 176               | 3 3 7 5   | 114 665      | 2         |
| sp-ar-cl     | 64 | 65317                   | 139 338 | 8         | -                       | TO        | 289 632      | 4         |
| sp-bd-ks     | 64 | 44 921                  | 142 138 | 6         | 1 440 943               | 74        | 214 378      | 3         |
| sp-dt-lf     | 64 | 28 772                  | 138 539 | 6         | 816 572                 | 19        | 192 805      | 2         |
| bp-ct-bk     | 64 | 19891                   | 105 579 | 5         | 459 262                 | 15        | 136 703      | 2         |
| bp-wt-cl     | 64 | 42 199                  | 118 573 | 19        | -                       | ТО        | 774 044      | 24        |

All benchmarks generated by Arithmetic Model Generator [Homma et al., 2006]

TO = 3600 sec

### **Conclusion & Future Work**

#### **Contributions:**

- Inclusion of dual variables
- Novel tail substitution scheme
- Carry rewriting technique

#### **Results:**

- Speed-up in verification of complex multiplier circuits
- Uniform PAC proof certificate

#### **Future directions:**

- Generalization to more general circuit verification
- Gröbner basis algorithm with dual variables?!
- Pseudo-Boolean solving for circuit verification? [Liew et al., 2020]
- More cross-fertilization between theory and practice!

## **Conclusion & Future Work**

#### **Contributions:**

- Inclusion of dual variables
- Novel tail substitution scheme
- Carry rewriting technique

#### **Results:**

- Speed-up in verification of complex multiplier circuits
- Uniform PAC proof certificate

#### **Future directions:**

- Generalization to more general circuit verification
- Gröbner basis algorithm with dual variables?!
- Pseudo-Boolean solving for circuit verification? [Liew et al., 2020]
- More cross-fertilization between theory and practice!

### Thank you for your attention!

#### References I

[Alekhnovich et al., 2000] Alekhnovich, M., Ben-Sasson, E., Razborov, A. A., and Wigderson, A. (2000).

Space complexity in propositional calculus.

In Proceedings of the 32nd Annual ACM Symposium on Theory of Computing (STOC '00), pages 358-367.

[Alekhnovich and Razborov, 2003] Alekhnovich, M. and Razborov, A. A. (2003).

Lower bounds for polynomial calculus: Non-binomial case.

Proceedings of the Steklov Institute of Mathematics, 242:18–35.

[Beck et al., 2013] Beck, C., Nordström, J., and Tang, B. (2013).

Some trade-off results for polynomial calculus.

In Proceedings of the 45th Annual ACM Symposium on Theory of Computing (STOC '13), pages 813–822.

[Bonacina and Galesi, 2015] Bonacina, I. and Galesi, N. (2015).

A framework for space complexity in algebraic proof systems.

Journal of the ACM, 62(3):23:1-23:20.

#### References II

[Buss et al., 2001] Buss, S. R., Grigoriev, D., Impagliazzo, R., and Pitassi, T. (2001).

Linear gaps between degrees for the polynomial calculus modulo distinct primes.

Journal of Computer and System Sciences, 62(2):267–289.

[Clegg et al., 1996] Clegg, M., Edmonds, J., and Impagliazzo, R. (1996).

Using the Groebner basis algorithm to find proofs of unsatisfiability.

In Proceedings of the 28th Annual ACM Symposium on Theory of Computing (STOC '96), pages 174–183.

[de Rezende et al., 2021] de Rezende, S. F., Lauria, M., Nordström, J., and Sokolov, D. (2021).

The power of negative reasoning.

In Proceedings of the 36th Annual Computational Complexity Conference (CCC '21), volume 200 of Leibniz International Proceedings in Informatics (LIPIcs), pages 40:1–40:24.

[Galesi and Lauria, 2010] Galesi, N. and Lauria, M. (2010).

Optimality of size-degree trade-offs for polynomial calculus.

ACM Transactions on Computational Logic, 12(1):4:1-4:22.

#### References III

[Homma et al., 2006] Homma, N., Watanabe, Y., Aoki, T., and Higuchi, T. (2006). Formal Design of Arithmetic Circuits Based on Arithmetic Description Language. *IEICE Transactions*, 89-A(12):3500–3509.

[Impagliazzo et al., 1999] Impagliazzo, R., Pudlák, P., and Sgall, J. (1999). Lower bounds for the polynomial calculus and the Gröbner basis algorithm.

Computational Complexity, 8(2):127–144.

[Kaufmann, 2020] Kaufmann, D. (2020).

Formal Verification of Multiplier Circuits using Computer Algebra.

PhD thesis, Informatik, Johannes Kepler University Linz.

[Kaufmann et al., 2022] Kaufmann, D., Beame, P., Biere, A., and Nordström, J. (2022).

Adding dual variables to algebraic reasoning for circuit verification.

In Proceedings of the 25th Design, Automation and Test in Europe Conference (DATE '22), pages 1435–1440.

#### References IV

[Kaufmann et al., 2019] Kaufmann, D., Biere, A., and Kauers, M. (2019).

Verifying large multipliers by combining SAT and computer algebra.

In Proceedings of the 19th Conference on Formal Methods in Computer-Aided Design (FMCAD '19), pages 28–36.

[Kaufmann et al., 2020] Kaufmann, D., Biere, A., and Kauers, M. (2020).

From DRUP to PAC and back.

In Proceedings of the Design, Automation & Test in Europe Conference & Exhibition (DATE '20), pages 654–657.

[Liew et al., 2020] Liew, V., Beame, P., Devriendt, J., Elffers, J., and Nordström, J. (2020).

Verifying properties of bit-vector multiplication using cutting planes reasoning.

In Proceedings of the 20th Conference on Formal Methods in Computer-Aided Design (FMCAD '20), pages 194–204.

#### References V

[Mikša and Nordström, 2015] Mikša, M. and Nordström, J. (2015).

A generalized method for proving polynomial calculus degree lower bounds.

In Proceedings of the 30th Annual Computational Complexity Conference (CCC '15), volume 33 of Leibniz International Proceedings in Informatics (LIPIcs), pages 467–487.

[Razborov, 1998] Razborov, A. A. (1998).

Lower bounds for the polynomial calculus.

Computational Complexity, 7(4):291–324.