Non-Restoring Integer Square Ro ot: A Case Study in Design by Principled Optimization 1 1 2 1 John O'Leary , Miriam Leeser , Jason Hickey , Mark Aagaard 1 Scho ol Of Electrical Engineering Cornell University Ithaca, NY 14853 2 Department of Computer Science Cornell University Ithaca, NY 14853 Abstract. Theorem proving techniques are particularly well suited for reasoning ab out arithmetic ab ove the bit level and for relating di erent levels of abstraction. In this pap er we showhow a non-restoring integer square ro ot algorithm can b e transformed to a very ecient hardware implementation. The top level is a Standard ML function that op erates on unb ounded integers. The b ottom level is a structural description of the hardware consisting of an adder/subtracter, simple combinational logic and some registers. Lo oking at the hardware, it is not at all obvious what function the circuit implements. At the top level, we prove that the algorithm correctly implements the square ro ot function. We then show a series of optimizing transformations that re ne the top level algorithm into the hardware implementation. Each transformation can b e veri ed, and in places the transformations are motivated by knowledge ab out the op erands that we can guarantee through veri cation. By decomp osing the veri cation e ort into these transformations, we can show that the hardware design implements a square ro ot. Wehave implemented the algorithm in hardware b oth as an Altera programmable device and in full-custom CMOS. 1 Intro duction In this pap er we describ e the design, implementation and veri cation of a sub- tractive, non-restoring integer square ro ot algorithm. The top level description is a Standard ML function that implements the algorithm for unb ounded integers. The b ottom level is a highly optimized structural description of the hardware implementation. Due to the optimizations that have b een applied, it is very dif- cult to directly relate the circuit to the algorithmic description and to prove that the hardware implements the function correctly.We showhow the pro of can b e done by a series of transformations from the SML co de to the optimized structural description. At the top level, wehave used the Nuprl pro of development system [Lee92] to verify that the SML function correctly pro duces the square ro ot of the input. We then use Nuprl to verify that transformations to the implementation preserve the correctness of the initial algorithm. Intermediate levels use Hardware ML [OLLA93], a hardware description lan- guage based on Standard ML. Starting from a straightforward translation of the SML function into HML, a series of transformations are applied to obtain the hardware implementation. Some of these transformations are expressly con- cerned with optimization and rely on knowledge of the algorithm; these trans- formations can b e justi ed by proving prop erties of the top-level description. The hardware implementation is highly optimized: the core of the design is a single adder/subtracter. The rest of the datapath is registers, shift registers and combinational logic. The square ro ot of a 2n bit wide numb er requires n cycles through the datapath. Wehavetwo implementations of square ro ot chips based on this algorithm. The rst is done as a full-custom CMOS implementation; the second uses Altera EPLD technology. Both are based on a design previously published by Bannur and Varma [BV85]. Implementing and verifying the design from the pap er required clearing up a numb er of errors in the pap er and clarifying many details. This is a go o d case study for theorem proving techniques. At the top level, we reason ab out arithmetic op erations on unb ounded integers, a task theorem provers are esp ecially well suited for. Relating this to lower levels is easy to do using theorem proving based techniques. Many of the optimizations used are applicable only if very sp eci c conditions are satis ed by the op erands. Verifying that the conditions hold allows us to safely apply optimizations. Automated techniques such as those based on BDDs and mo del checking are not well-suited for verifying this and similar arithmetic circuits. It is dicult to come up with a Bo olean statement for the correctness of the outputs as a function of the inputs and to argue that this sp eci cation correctly describ es the intended b ehavior of the design. Similarly, sp eci cations required for mo del checkers are dicult to de ne for arithmetic circuits. There have b een several veri cations of hardware designs which lift the rea- soning ab out hardware to the level of integers, including the Sob el Image pro- cessing chip [NS88], and the factorial function [CGM86]. Our work di ers from these and similar e orts in that we justify the optimizations done in order to realize the square ro ot design. The DDD system [BJP93] is based on the idea of design byveri ed transformation, and was used to derive an implementation of the FM9001 micropro cessor. High level transformations in DDD are not veri ed by explicit use of theorem proving techniques. The most similar researchisVerkest's pro of of a non-restoring division algo- rithm [VCH94]. This pro of was also done by transforming a design description to an implementation. The top level of the division pro of involves consideration of several cases, while our top level pro of is done with a single lo op invariant. The two implementations vary as well: the division algorithm was implemented on an ALU, and the square ro ot on custom hardware. The algorithms and im- plementations are suciently similar that it would b e interesting to develop a single veri ed implementation that p erforms b oth divide and square ro ot based on the research in these two pap ers. The remainder of this pap er is organized as follows. In section 2 we describ e the top-level non-restoring square ro ot algorithm and its veri cation in the Nuprl pro of development system. We then transform this algorithm down to a level suitable for mo delling with a hardware description language. Section 3 presents a series of ve optimizing transformations that re ne the register transfer level description of the algorithm to the nal hardware implementation. In section 4 we summarize the lessons learned and our plans for future research. 2 The Non-Restoring Square Ro ot Algorithm p x where x is the radicand, y is the ro ot, An integer square ro ot calculates y = and b oth x and y are integers. We de ne the precise square ro ot ptobethe real valued square ro ot and the correct integer square ro ot to b e the o or of the precise ro ot. We can write the sp eci cation for the integer square ro ot as shown in De nition 1. De nition 1 Correct integer squareroot 2 2 y is the correct integer square ro ot of x =^ y x<y +1 Wehave implemented a subtractive, non-restoring integer square ro ot algo- 2n rithm [BV85]. For radicands in the range x = f0::2 1g, subtractive metho ds n1 b egin with an initial guess of y =2 and then iterate from i =n 1 :::0. In each iteration we square the partial ro ot y , subtract the squared partial ro ot from the radicand and revise the partial ro ot based on the sign of the result. There are two ma jor classes of algorithms: restoring and non-restoring [Flo63]. In restoring algorithms, we b egin with a partial ro ot for y = 0 and at the end of each iteration, y is never greater than the precise ro ot p. Within each iteration th 2 i, we set the i bit of y , and test if x y is negative; if it is, then setting the th th i bit made y to o big, so we reset the i bit and pro ceed to the next iteration. Non-restoring algorithms mo dify each bit p osition once rather than twice. th 2 Instead of setting the the i bit of y , testing if x y is p ositive, and then p ossibly th resetting the bit; the non-restoring algorithms add or subtract a 1 in the i bit 2 of y based on the sign of x y in the previous iteration. For binary arithmetic, the restoring algorithm is ecient to implement. However, most square ro ot hardware implementations use a higher radix, non-restoring implementation. For higher radix implementations, non-restoring algorithms result in more ecient hardware implementations. The results of the non-restoring algorithms do not satisfy our de nition of correct, while restoring algorithms do satisfy our de nition. The resulting value of y in the non-restoring algorithms mayhave an error in the last bit p osition. For the algorithm used here, we can show that the nal value of y will always b e either the precise ro ot for radicands which are p erfect squares or will b e o dd and b e within one of the correct ro ot. The error in non-restoring algorithms is easily b e corrected in a cleanup phase following the algorithm. Belowwe showhow a binary, non-restoring algorithm runs on some values for n =3. Note that the result is either exact or o dd. 2 x =18 = 10100 iterate 1 y = 100 x y =+ 10 2 2 iterate 2 y = 110 x y = iterate 3 y = 101 2 x =15 = 01111 iterate 1 y = 100 x y = 10 2 2 iterate 2 y = 010 x y =+ iterate 3 y = 011 2 x =16 = 10000 iterate 1 y = 100 x y =0 10 2 In our description of the non-restoring square ro ot algorithm, we de ne a datatyp e state that contains the state variables.