Mechanical Verification of Adder Circuits using Rewrite RuleLaboratory

Abstract

A methodology for mechanically verifying generic adder circuits is proposed using the rewrite-rule based theorem prover {\it Rewrite\ Rule\ Laboratory} ({\it RRL}). Proofs of properties of adder circuit descriptions are done by rewriting and induction. Carry lookahead adder circuit is described using {\it powerlists}, a data structure introduced by Misra to support {\it divide-and-conquer} strategy used for designing data-parallel algorithms. This description uses an algorithm for {\it parallel\ prefix} computation on powerlists due to Adams. Reasoning about properties of this algorithm can be of independent interest since parallel prefix operator has been found useful in many data-parallel algorithms. The correctness of the carry-lookahead adder (i.e., the adder indeed implements addition on numbers) is established by showing its equivalence to a recursive description of the ripple-carry adder, which is shown to correctly implement addition on natural numbers. The ripple carry adde r circuit is described in two different but equivalent ways: using powerlists employing the divide-and-conquer strategy, as well as using linear lists employing the linear decomposition strategy. The description of the ripple carry adder using powerlists is useful for showing equivalence of its input-output behavior to that of carry lookahead adder, whereas the description using linear lists is useful for showing its correctness with respect to addition on natural numbers. Descriptions of adder circuits using powerlists are based on Adams‘ work who also gave a hand proof of their correctness using the powerlist algebra. The emphasis in this paper is to {\it generate\ proofs\ mechanically\ by\ a\ theorem\ prover} . {\em RRL} exploits the algebraic laws of the powerlist algebra as rewrite rules, and uses heuristics for mechanizing proofs by induction using the cover set method to generate such proofs. The regularity in hardware circuits gets refl ected in compact descriptions generated using the divide-and-conquer strategy as well as in mechanically generated proofs by induction. Mechanical proofs generated by {\em RRL} closely follow the well-crafted hand-proofs which is quite encouraging. A comparison with Adams‘ hand generated proof is also made. There is strong evidence that the proposed methodology for generating proofs should scale up for large circuits exhibiting regularity that can be described using divide-and-conquer strategy in terms of powerlists.