

SAN JOSE, CA, USA FEBRUARY 24-27, 2025

Automating Datapath Verification and Bug Correction via Equality Saturation

Emiliano Morini, Samuel Coward, <u>Rafael Barbalho</u>, Theo Drane, George A. Constantinides

Intel and Imperial College London



## Datapath Debug and Verification







Automatically correct datapath bugs

Automatically decompose datapath equivalence proof





# **Equality Saturation**





$$(x \ll 1) + x$$

$$(x * 2) + x$$

$$x * 3$$







- Represent RTL designs as an e-graph
- Discover equivalent designs via constructive rewriting
- Maintain complete history



#### ROVERIFIX Database of correct designs Rewrite Front-End E-Graph → VeriLang Analysis Extract Front-End VeriLang E-Graph Impl egg VeriLang Rewrites Fixed Back-End

- Initialize Spec e-graph apply datapath rewrites
- 2. Insert FIX(spec, impl) into e-graph
- 3. Propagate FIX operators to isolate the bug
- 4. Extract the design closest to imple that is equivalent to spec

### Datapath Rewrite Examples:

- $a \ll (b+c) \rightarrow (a \ll b) \ll c$
- $a \times (b \ll c) \rightarrow (a \times b) \ll c$



### Results

### Fix automatically generated by ROVERIFIX

```
module spec(A,B,C,out);
input logic [7:0] A, B, C;
input logic [9:0] out;

uire [8:0] add_right;

assign add_right = B + C;
assign out = A + add_right;

module impl(A,B,C,out);
input logic [7:0] A, B, C;
output logic [9:0] out;
wire [7:0] add_8bit;

assign add_8bit = A + B; // carry-out discarded
assign out = A + add_right;
assign out = add_8bit + C;
```

#### Proof automatically decomposed by ROVERIFY



Average 2.8x
speedup in proof
time across datapath
benchmarks

