I ( C ) . i = 0 i = 0 i = 0 D ANIELA R ITIRC C OMPLEXITY OF C - PowerPoint PPT Presentation

C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING Daniela Ritirc, Armin Biere, Manuel Kauers Johannes Kepler University Linz, Austria SC-Square Workshop 2017 University of Kaiserslautern, Germany 29. July 2017 D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

M OTIVATION & S OLVING T ECHNIQUES Given: a (gate level) multiplier circuit C for fixed-size bitwidth n Motivation verify circuits to avoid issuses ( 4 a 2 + 2 a 1 + 1 a 0 ) ∗ ( 4 b 2 + 2 b 1 + 1 b 0 ) like Pentium FDIV bug 0 a 0 b 2 0 a 0 b 1 0 a 0 b 0 FA FA FA 0 a 1 b 2 a 1 b 1 a 1 b 0 FA FA FA 0 Solving Techniques a 2 b 2 a 2 b 1 a 2 b 0 SAT using CNF encoding FA FA FA 0 Binary Moment Diagrams 32 s 5 + 16 s 4 + 8 s 3 + 4 s 2 + 2 s 1 + 1 s 0 (BMD) Algebraic reasoning Question: For all a i , b i ∈ B : ∑ 2 n − 1 ∑ n − 1 ∑ n − 1 i = 0 2 i s i − � i = 0 2 i a i �� i = 0 2 i b i � ? D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

M OTIVATION & S OLVING T ECHNIQUES SAT verifying even small multipliers (16 Bit) is challenging (empirically) conjecture [Biere’16]: even simple ring-properties, e.g., x · y = y · x , require exponential sized resolution proofs (for gate-level CNF encoding) recent theoretical result [BeameLiew’17]: polynomial sized resolution proofs for simple ring-properties exist no theoretical nor practical results on general multiplier verification D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

M OTIVATION & S OLVING T ECHNIQUES SAT verifying even small multipliers (16 Bit) is challenging (empirically) conjecture [Biere’16]: even simple ring-properties, e.g., x · y = y · x , require exponential sized resolution proofs (for gate-level CNF encoding) recent theoretical result [BeameLiew’17]: polynomial sized resolution proofs for simple ring-properties exist no theoretical nor practical results on general multiplier verification BMD approach not robust requires structural knowledge only works for simple (clean) multipliers D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

I N A N UTSHELL Multiplier 0 a 0 b 2 0 a 0 b 1 0 a 0 b 0 FA FA FA 0 a 1 b 2 a 1 b 1 a 1 b 0 FA FA FA 0 a 2 b 2 a 2 b 1 a 2 b 0 FA FA FA 0 32 s 5 + 16 s 4 + 8 s 3 + 4 s 2 + 2 s 1 + 1 s 0 D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

I N A N UTSHELL Multiplier Gröbner basis B = { 0 a 0 b 2 0 a 0 b 1 0 a 0 b 0 x − a 0 ∗ b 0 , FA FA FA 0 Translation a 1 b 2 a 1 b 1 a 1 b 0 FA FA FA 0 y − a 1 ∗ b 1 , A IG M UL T O P OLY a 2 b 2 a 2 b 1 a 2 b 0 FA FA FA 0 s 0 − x ∗ y , 32 s 5 + 16 s 4 + 8 s 3 + 4 s 2 + 2 s 1 + 1 s 0 } D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

I N A N UTSHELL Multiplier Gröbner basis B = { 0 a 0 b 2 0 a 0 b 1 0 a 0 b 0 x − a 0 ∗ b 0 , FA FA FA 0 Translation a 1 b 2 a 1 b 1 a 1 b 0 FA FA FA 0 y − a 1 ∗ b 1 , A IG M UL T O P OLY a 2 b 2 a 2 b 1 a 2 b 0 FA FA FA 0 s 0 − x ∗ y , 32 s 5 + 16 s 4 + 8 s 3 + 4 s 2 + 2 s 1 + 1 s 0 } n o i t m c u e d Verification t s e y R S A C = 0 ✓ � = 0 ✗ D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

A LGEBRA f = 2 x + 4 y + 3 ∈ Q [ x , y ] g = y + 1 ∈ Q [ x , y ] Ring Q [ x , y ] ring of polynomials with variables x , y and coefficients in Q Polynomial f , g finite sum of monomials D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

A LGEBRA f = 2 x + 4 y + 3 ∈ Q [ x , y ] g = y + 1 ∈ Q [ x , y ] Monomial constant multiple of a term Term power product x e 1 y e 2 for e 1 , e 2 ∈ N Term order well-defined, x > y > 1 Leading monomial/term/coefficient D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

A LGEBRA f = 2 x + 4 y + 3 ∈ Q [ x , y ] g = y + 1 ∈ Q [ x , y ] Ideal generated by f , g I = { q 1 f + q 2 g | q 1 , q 2 ∈ Q [ x , y ] } = � f , g � D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

A LGEBRA I = � f , g � = � 2 x + 4 y + 3 , y + 1 � Ideal generated by f , g I = { q 1 f + q 2 g | q 1 , q 2 ∈ Q [ x , y ] } = � f , g � “ I contains all elements which evaluate to 0, when f and g evaluate to 0” D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

A LGEBRA I = � f , g � = � 2 x + 4 y + 3 , y + 1 � Ideal membership problem Question: h = 6 x + y 3 + y 2 + 12 y + 9 ∈ I ? D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

A LGEBRA I = � f , g � = � 2 x + 4 y + 3 , y + 1 � Ideal membership problem Question: h = 6 x + y 3 + y 2 + 12 y + 9 ∈ I ? for I : a priori not obvious how to check this for a Gröbner basis G : “easy” reduction method really? D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

A LGEBRA I = � f , g � = � 2 x + 4 y + 3 , y + 1 � Ideal membership problem Question: h = 6 x + y 3 + y 2 + 12 y + 9 ∈ I ? for I : a priori not obvious how to check this for a Gröbner basis G : “easy” reduction method really? Gröbner basis every ideal of Q [ X ] has a Gröbner basis construction algorithm by Buchberger D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

A LGEBRA I = � f , g � = � 2 x + 4 y + 3 , y + 1 � Ideal membership problem Question: h = 6 x + y 3 + y 2 + 12 y + 9 ∈ I ? for I : a priori not obvious how to check this for a Gröbner basis G : “easy” reduction method really? Gröbner basis every ideal of Q [ X ] has a Gröbner basis construction algorithm by Buchberger special case: leading terms of ideal generators have no variables in common D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

A LGEBRA I = � f , g � = � 2 x + 4 y + 3 , y + 1 � G = { 2 x + 4 y + 3 , y + 1 } Ideal membership problem Question: h = 6 x + y 3 + y 2 + 12 y + 9 ∈ I ? for I : a priori not obvious how to check this for a Gröbner basis G : “easy” reduction method really? Gröbner basis every ideal of Q [ X ] has a Gröbner basis construction algorithm by Buchberger special case: leading terms of ideal generators have no variables in common G = { f , g } is a Gröbner basis for I D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

A LGEBRA I = � f , g � = � 2 x + 4 y + 3 , y + 1 � G = { 2 x + 4 y + 3 , y + 1 } Ideal membership problem Question: h = 6 x + y 3 + y 2 + 12 y + 9 ∈ I ? for I : a priori not obvious how to check this for a Gröbner basis G : “easy” reduction method really? Reduction multivariate version of polynomial division with remainder divide h by elements of G remainder r contains no term that is a multiple of any of the leading terms of G Notation: r = Remainder( h , G ) D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

A LGEBRA I = � f , g � = � 2 x + 4 y + 3 , y + 1 � G = { 2 x + 4 y + 3 , y + 1 } Ideal membership problem Question: h = 6 x + y 3 + y 2 + 12 y + 9 ∈ I ? D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

A LGEBRA I = � f , g � = � 2 x + 4 y + 3 , y + 1 � G = { 2 x + 4 y + 3 , y + 1 } Ideal membership problem Question: h = 6 x + y 3 + y 2 + 12 y + 9 ∈ I ? Answer: Yes h = 3 ∗ ( 2 x + 4 y + 3 )+ y 2 ∗ ( y + 1 ) Remainder( h , G )=0 D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

A LGEBRA I = � f , g � = � 2 x + 4 y + 3 , y + 1 � G = { 2 x + 4 y + 3 , y + 1 } Ideal membership problem Question: h = 6 x + y 3 + y 2 + 12 y + 10 ∈ I ? D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

A LGEBRA I = � f , g � = � 2 x + 4 y + 3 , y + 1 � G = { 2 x + 4 y + 3 , y + 1 } Ideal membership problem Question: h = 6 x + y 3 + y 2 + 12 y + 10 ∈ I ? Answer: No h = 3 ∗ ( 2 x + 4 y + 3 )+ y 2 ∗ ( y + 1 )+ 1 Remainder( h , G )=1 D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

I DEALS ASSOCIATED TO C IRCUITS Polynomial Representation of Circuit Gates D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

I DEALS ASSOCIATED TO C IRCUITS Polynomial Representation of Circuit Gates Boolean Gate Polynomials u = ¬ v 0 = − u + 1 − v implies u = v ∧ w implies 0 = − u + vw u = v ∨ w 0 = − u + v + w − vw implies u = v ⊕ w 0 = − u + v + w − 2 vw implies D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

I DEALS ASSOCIATED TO C IRCUITS Polynomial Representation of Circuit Gates Boolean Gate Polynomials u = ¬ v 0 = − u + 1 − v implies u = v ∧ w implies 0 = − u + vw u = v ∨ w 0 = − u + v + w − vw implies u = v ⊕ w 0 = − u + v + w − 2 vw implies Field Polynomials 0 = u 2 − u “ u ∈ B ” 0 = u ( u − 1 ) implies D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING

I DEALS ASSOCIATED TO C IRCUITS n-Bit Multipliers a 1 b 1 a 0 b 1 a 1 b 0 a 0 b 0 n ∗ n = 2 n g 1 g 2 g 3 2 n inputs: a 0 ,..., a n − 1 , b 0 ,..., b n − 1 2 n outputs: s 0 ,..., s 2 n − 1 g 4 one variable to each internal gate output: g 0 ,..., g k s 3 s 0 s 2 s 1 D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING