Content uploaded by Khaled Elleithy

Author content

All content in this area was uploaded by Khaled Elleithy

Content may be subject to copyright.

Content uploaded by Khaled Elleithy

Author content

All content in this area was uploaded by Khaled Elleithy

Content may be subject to copyright.

A

Rule-based Approach for High Speed Adders Design Verification

Khaled M.

Elleithy

&

Mostafa

A.

kef

College of Computer Science and Engineering

King Fahd University of Petroleum and Minerals

Dhahran

3

1262,

Saudi Arabia

Abstract--In this paper, a rule-based framework for formal

hardware verification is presented. The PROVER system

(PROduction system for hardware VERification)

is

implemented using CLIPS (C Language Integrated Production

System). The environment supports verification at different

levels of hardware specification. The rule-based framework has

been tested on the design of high speed adders.

1.

INTRODUCTION

With the current advances in Very Large Scale Integration

(VLSI) it is impossible to produce free

of

errors designs

using ad-hoc methods. It is essential to detect as many errors

as

possible before any fabrication stage. In the case of large

scale devices, e.g., microprocessors, the applicability of

automated theorem provers to prove the mathematical

theorem of equivalency between design and specification is

of considerable interest.

An input algorithm may be specified using a specific

algorithmic specification language. An architecture may be

specified using a realization specification language. The role

of Design can be viewed as

a

transformation process between

the algorithm specification language and the realization

specification language.

The objective of any design procedure is to produce an

architecture that correctly implements the required behavior

subject to a given set of constraints on area and timing. It is

very expensive to fabricate a design before verifying the

functional correctness of the design. There are two

approaches for verification; simulation and formal

verification. Simulation is efficient with small size

Architectures where it is possible to exhaustively run the

simulator. Formal verification

is

suitable for large size

architectures.

A verification methodology is formal

if

it satisfies the

following characteristics[ 11:

e

There is a formal framework to describe the architecture.

There

is

a formal technique

to

prove the equivalency of

the implementation and the specification without

physically construct or simulate the design.

0

It is possible to manipulate and study the design's

performance without the physical implementation.

The heart of any formal verification methodology, then, is

the availability

of

a formal specification language where

formal proofs can be driven. Logic is one

of

the widely used

specification languages for verification. First order logic has

been used in a number of systems[2-41. Higher order logic

has been used in a number of applications[5-8]. Joyce[7-81

used the HOL system to verify a microprocessor. Temporal

logic

is

an appropriate approach for specifying timing

characteristics of a design. Temporal logic has been

successfully used for verification in[9-

lo].

Automated 'Theorem Provers are efficient in proving the

correctness in large scale architectures where the proof of

correctness is done automatically. In this paper we are

introducing a novel approach for formal verification based on

a

production system. The

PROVER

(PROduction system for

hardware VERification)[ 1 1-12] (Figure

1)

is implemented

using the CLIPS (C Language Integrated Production

System)[l3]. CLIPS is written in

C

to support the goal of

high portability, extendibility, low-cost and ease of

integration with external systems [14]. CLIPS, as a

production system

[

151, provides pattern-directed control

of

a

problem-solving process. The paper is organized

as

follows:

in section

2

the PROVER system is introduced, the

verification of high speed adders using the PROVER

is

given in section 3. Finally, section

4

offers conclusions and

future extensions.

Knowledge

Base

Cell

Library

Figure

1.

PROVER'S

Block

Diagram.

2.

PROVER

SYSTEM

PROVER

is

a production based system for formal hardware

Verification.

PROVERS

input has

two

components for the

verifiable circuit: implementation description and behavioral

description. The implementation description would be one or

a combination of different hardware descriptions. These

descriptions include transistors, gates, logical, functional, and

module descriptions. PROVER has a knowledge base

consists of a formal Cell Library and Rules. Cell library

274

0-7803-2428-5195

$4.00

0

1995

IEEE

Authorized licensed use limited to: University of Bridgeport. Downloaded on February 24,2010 at 13:26:21 EST from IEEE Xplore. Restrictions apply.

contains a predefined set of hardware components. It

Consists of five sub libraries to represent the five levels of

hardware descriptions. These sub libraries are Transistor-

level Library

(TL),

Gate-level Library

(GL),

Logic-level

Library

(LL),

Function-level Library

(FL),

and Module-level

Library

(ME).

The block diagram of PROVER is shown in

Figure

2.

The incremental approach is used in developing

PROVER. In this approach, a subset of the domain is

considered first and a prototype

is

built. Then this prototype

is expanded to the other subsets of the domain.

A

formal verification methodology based on

transformation rules between different levels

is

used.

Verification rules are required to prove that a given

specification at level

X

is equivalent to specification at level

X+I

.

The following verification rules are implemented:

T-to-G rules:

transform from transistor level to gate level,

G-to-L rules:

transform from gate level to logical level,

0

L-to-F rules:

transform from logical level to functional

0

F-to-M rules:

transform from functional level to module

level, and

level.

The rules define possible transformation from one level to

another. Also, they reflect the semantic of each level

description.

Any synchronouslasynchronous digital system can be

verified using pre-verified constructs from the cell library.

Verified components at any level are added to the cell library

in the appropriate level. For ease of expandability, verified

components are made modular

so

that they can be used for

verifying modules of different word length, e.g., a definition

of

a Conditional Sum adder can be used for verification in

cases of 16,32, and 64 bits.

3.

HIGH

SPEED ADDERS VERIFICATION

In this section a number of high speed adders are considered

as case studies for PROVER environment. The system is

used to prove the functional correctness of a Conditional

Sum Adder (CoSA), Carry Select Adder (CSA), a Carry

Look-ahead Adder (CLA) and a Block Carry Lookahead

Adder (BCLA) adder. The verification is carried for different

word lengths

to

study the verification complexity.

3.

I

Condition

Sum

Adder

Condition sum adder is an adder where

two

simultaneously

provisional

sums

are generated. Then, the true sum outputs

are selected based on the input carry. Figure

2

shows 7-bits

condition sum adder. The PROVERS input consists of the

modules functional description and the modules'

interconnections. The input description of a 7-bit Conditional

Sum Adder is shown in Figure 3.

Proof

Strategy:

The

Function-level Library

(FL)

is

activated

to prove the correctness of the conditional sum adder. The

following rules are fired.

A6

86

A5

85 A4

84

A3

83

A2

82

AI

81

A0

80

s:

c:*,

e

c

P,,

Figure 2. 7-Bit Conditional

Sum

Adder

(Conditional-sum-adder

8

(C-cell

8

INPUT

AO BO

AI

RI

A2 B2 A3

B3 A4B4 A5B5 A6B6 A7B7

s1-0 c1-0 s1-1 c1-1 s2-0 C2-0

S2,-1 C2-1 S3-0 C3-0 S3-1 C3-1

S4,-0 C4-0 S4-1 C4-1 S5-0

C5-0 S5-1 C5-1 S6-0 C6-0

S6-1 C6-1 S7-0 C7-0 S7-1 C7-1)

OUTPUT

SO-0

CO-0

SO-I

CO-1

(Mux

2 INPUT

SO-0

SO-1

CO-0

CO-1

cin

OUTPUT

sOc0)

(MUX

2 INPUT

~2-0

~2-1 ~2-0 ~2-1

CI-0

OUTPUT ~2-2-0 ~2-2-0)

(MUX

2 INPUT ~2-0~2-1 ~2-0~2-1 cl-1

OUTPUT ~2-2-1 ~2-2-1)

(Mux

2 INPUT ~4-0 ~4-1 ~4-0 ~4-1 ~3-0

OUTPUT ~4-2-0 ~4-2-0)

(MUX

2 mpur

~4- OS^-I

~4-o

~4-I c3-~

OUTPUT ~4-2-1 ~4-2-1)

(MUX

2 INPUT ~6-0 ~6-1 ~6-0 ~6-1 ~5-0

OUTPUT ~6-2-0 ~6-2-0)

(MUX

2 INPUT ~6-0~6-1 ~6-0 ~6-1 ~5-1

OUTPUT ~6-2-1 ~6-2-1)

(MUX

3 INPUT sl-Osl-1 ~2-2-0~2-2-1

c2-2-0 c2-2-1

CO

OUTPUT

SI

s2 c2)

(MUX

3 INPUT ~5-0 ~5-1 ~6-2-0 ~6-2-1

~6-2-0 ~6-2-1 ~4-2-0

OUTPUT ~5-3-0 ~6-3-0 ~6-3-0)

(MUX

3 INPUT

~5-0

~5-1 ~6-2-0 ~6-2-1

~6-2-0 ~6-2-1 ~4-2-1

OUTPUT ~5-3-1 ~6-3-1 ~6-3-1)

(MUX

5

INPUT ~3-0 ~3-1 ~4-2-0 ~4-2-1

~5-3-0 ~5-3-1 ~6-3-0

~6-3-1 ~6-3-0 ~6-3-1 ~2

OUTPUT s3 s4 s5 s6 c6)

OUTPUT s7 cout)

(Mux

2 PIPUT ~7-0 ~7-1 ~7-0 ~7-1 ~6

Figure

3.

Input Description

of

7-bit

Conditional Sum Adder.

275

Authorized licensed use limited to: University of Bridgeport. Downloaded on February 24,2010 at 13:26:21 EST from IEEE Xplore. Restrictions apply.

(a) full-adder rule

if

y 1 is the sum of a full adder with three inputs

xl,

x2

and y2

=

is the carry of a full adder with three inputs

then

express the full adder with three inputs xl, x2 and x3

(b)

sum-rule

if

and x3

XI,

x2 and x3

and

two

outputs yl and y2

there is a Conditional-sum with

two

inputs x and

y

and

and a multiplexer of

two

inputs

SO,

sl and control c

then

express the output

o

as the sum of a full adder with

(c)

carry-rule

if

outputs

SO

and

SI

and output

o

three inputs x, y and c

there is a Conditional-carry with

two

inputs x and y and

and a multiplexer of

two

inputs

SO

and

s

1, control c

then

express the ouiput

o

as the carry

of

a full adder with

(d) Conditional-cell rule-1

if

there is a Conditional-cell

of

two

inputs x and y

then

express the conditional-sum and conditional-carry as

outputs

SO

and sl

and output

o

three inputs x, y and c

and four outputs

SO,

sl,

CO

and cl

follows:

outputs

SO

and

sl

outputs

CO

and cl

(e) Conditional-cell rule-2

if

there is a conditional-cell of n bits

then

express each bit by itself

(f)

Multiplexer rule

if

there are three multiplexers as follows:

Conditional-sum has two inputs

x

and

y

and

two

Conditional-carry has

two

inputs x and y and

two

multiplexer1 has inputs

il,

i2

&

cl and output

01

multiplexer 2 has inputs

il,

i2 and c2 and output 02

multiplexer

3

has inputs 01,

02

and c3

&

output

03

then

combine the three multiplexers in one multiplexer

as: multiplexer has inputs

il,

i2 and c3 output

03

First, the Multiplexer rule expands all circuit bus

multiplexer into single bit multiplexer. Then Multiplexer

Composition rule combines as many single bit as possible.

This rule generates multiplexers with outputs as

SO

S1

..

S7.

Second, Conditional-cell rule-2 expands the

bus

conditional

cells into single bit conditional cell. Then conditional-cell

rule express each bit as conditional sum and conditional carry

functions. Sum and carry rules combines the multiplexer

generated from step one and the conditional sum and

conditional carry to

form

the equations of sum and carry

functions. Some of these equations will be combined to form

the full-adder descriptions.

Analysis:

The previous proof can be easily extended

to

n-bit

conditional sum adder through the general definitions

of

the

used modules. PROVER results are obtained for verifying

8,

16,24 and 32 bits conditional sum adders.

3.2

Carry Select Adder

(CSA)

Carry select adder is a fast asynchronous adder based on a

carry acceleration approach. The adder

is

partitioned into

fixed size sections where section additions are processed

simultaneously with appropriate carry input selecting the

right

Sum.

A

section size

is

set to 4-bits. This adder is

verified using PROVER. The methodology is applied to

verify an n-bit adder, where n is

8,

16,24 and 32 bits. The

PROVER'S input consists of the modules functional

description and interconnections of modules represented

using

CLIPS.

3.3

Curry

Look

Ahead (CLA) Adder

A

carry lookahead (CLA) technique is used to speed up the

carry propagation in a ripple carry adder. A carry look ahead

adder consists of carry-generate-propagate unit

(CGP),

summation unit, and carry-look-ahead (CLA) unit. The

PROVERS input consists of the modules functional

description and interconnections of the modules. The

methodology is applied to verify an n-bit adder, where n is

8,

16,24 and 32 bits.

3.4

Curry

Look

Ahead Adder based

on

4-bits blocks

A

two

level carry look ahead adder can be implemented

using 4-bit block

of

carry look ahead blocks. The PROVER'S

input consists of the modules functional description and the

modules' interconnections. The methodology is applied to

verify an n-bit adder, where n is

8,

16,24 and 32 bits.

4.

DISCUSSION

AND

CONCLUSIONS

The verification time, number of rules fired and numbers of

facts used versus the word length are shown in Figures

4,

5

and

6.

The verification time is a function of the adder size.

The adder size is a function of the word length. It has been

proved in

[

161 that Carry lookahead and Carry Select adders

have an area of

@(E),

n

is the number

of

bits, while the

Conditional Sum Adder has an area

of

@(E

log

n)

.

The

verification time, number of rules fired and numbers of facts

are consistent with the asymptotic complexities of the

adders' area versus the number of bits, i.e., the verification

time increases linearly in the cases of Carry Lookahead and

Carry select adders while increases

in

order

n

log

M

in case

of Conditional Sum Adder. In summary, the verification time

is increased linearly with the circuit size.

We have argued in this paper that verifying large scale

systems is no more a straight forward process that can be

completely achieved using traditional approaches

of

simulation.

A

rule-based framework for formal hardware

verification has been presented. The PROVER system is

implemented using CLIPS. The framework has a knowledge

base consists of a Cell Library and Rules. The functional

276

Authorized licensed use limited to: University of Bridgeport. Downloaded on February 24,2010 at 13:26:21 EST from IEEE Xplore. Restrictions apply.

correctness of Conditional

Sum

adder, Carry select adder,

and Carry Lookahead adder using both

a

direct and indirect

implementation have been proved for different word sizes.

Results

show

that

32

bit adders can be verified functionally

in few seconds and the verification time is increasing linearly

with the circuit size.

rm

C

,/

3

Bo1

.E

I

/

m

IO

0

but

aut

16Ut

u-w

32611

Adder

size

Figure

4.

Runtime Versus Adder Size

18

0

I

but

BYt

16M

2dm

32M

Adder

Size

Figure

5.

Number of Facts used versus Adder Size.

IYI

1M

Ea

I

cblt

Bbn

16M

26M

UM

Adder

Sue

Figure

6.

Number

of

Rules Fired Versus Adder Size

ACKNOWLEDGMENTS

The authors

wish

to

acknowledge King Fahd

University

of

Petroleum and Minerals for utilizing the various facilities

in

preparation and presentation

of

this paper.

REFERENCES

Elleithy,

"Formal

Hardware Verification:

of

VLSI Architectures:

Current Status and Future directions," 5th International Conference

on

Microelectronics, Dhahran, Saudi Arabia,

1993,

pp.

197-201.

Uehara,

T.,

et al., "DDL Verifier and Temporal Logic,"

Proc. CHDL

83:

IFIP

6th

Int?

Symp. Computer Hardware Description Lung. and

their Applications,

Pittsburgh, May

1983,

pp.

91-102.

Eveking, "Formal Verification of Synchronous Systems,"

Formal

Aspects of VLSI Design: Proc. 1985 Edinburgh Con$ VLSI,

G. J.

Milne and

P.

A.

Subrahmanyam, eds., North Holland Publishing,

Amsterdam,

1986,

pp.

137-151.

Hunt,

W.

A.,

"FM8501:

A

verified Microprocessor,"

IFIP

WG

10.2

Workshop, From HDL Descriptions to Guaranteed Correct Circuits

Design,

North Holland Publishing, Amsterdam, Sept.

1986,

pp.

85-

114.

Hanna, F. K. and Daeche, "Specification and Verification of Digital

Systems Using Higher order Logic,"

IEEproc.,

Vol.

133,

Pt.

E,

No.

5,

Sept.

1986,

pp.

242-254.

Gordon, M.

J.

C.,

"Why High-Order Logic is a Good Formalism for

Specifying and Verifying Hardware,"

Formal Aspects of

VLSI

Design: Proc. 1985 Edinburgh Con$ VLSI,

G.

Milne

&

P.

Subrahmanyam, eds., North Holland Pub., Amsterdam,

1986,

pp.

Joyce,

J.,

Birtwistle, and Gordon,

M.

"Proving a Computer Correct in

Higher Order Logic,"

Tech. Rept.

No.

100, Computer Laboratory,

The Univ. ofcambridge,

Cambridge, England,

1986.

Joyce, J., "Formal Verification and Implementation of a

Microprocessor,"

VLSI

Specification, Verrjcation, and Synthesis,

Birtwistle,

G.

and Subrahmanyam,

P.A.,

eds., North Holland,

Amsterdam, The Netherlands,

1988,

pp.

371-378.

Bochmann,

G.

V., "Hardware Specification with Temporal Logic:

An

Example,"

IEEE

Trans. Computers,

Mar.

1982,

pp.

223-23

1.

Fujita, M., et al., "Logic Design Assistance with Temporal Logic,"

Proc. CHDL

85:

IFIP 7th Int'l Symp. Computer Hardware

Description Lung.

Cy:

their Applications,

Aug.

1985,

pp.

129-137.

Aref, M. A. and Elleithy,

K.

M.,

"PROVER:

A

Production System

for Formal Hardware Verification,"

Fgth International ConJe

on

Microelectronics,

Dhahran, Dec.

1993,

pp.

210-213.

Elleithy,

K.

M.

and Mostafa Aref, M.

A.,

"A

ProductionBased

System for Formal Verification of Digital Signal Processing

Architectures,"

TwenpSeventh Asilomar Conf

on

Signals, Systems

&

Computers,

Pacific Grove, California, Nov.

1-3, 1993.

CLIPS Reference Manual,

Version

6,

Software Technology Branch,

Lyndon B. Johnson Space Center, June

1993.

Mettrey, "A Comparative Evaluation of Expert System

Tools,"

IEEE

Computer,

Vol.

24,

No.

2,

Feb.

1991,

pp.

19-31.

George

F.

Luger, William A. Stubblefield,

Artzjcial Intelligence and

the design of Expert System,

The BenjamidCummings publishing

Company,

1989.

Sklansky,

J.,

"An

Evaluation ofSeveral Two-Summand Binary

Adders,"

IRE

Trans.

EC-9,

No.

2,

June

1960,

pp.

213-226.

153-177.

277