# Formal Verification of Nonlinear Analog Circuits using State Space-Based Model Order Reduction

Yasmine Abu-Haeyeh, Lars Hedrich

Institute for Computer Science, Goethe University Frankfurt, Germany abu-haeyeh/hedrich@em.cs.uni-frankfurt.de

Abstract-Safety-relevant analog implementations of, e.g., sensor-actuator interfaces, demand formal verification methodologies. However, a direct formal verification is not feasible due to the complexity and nonlinearity of analog circuits. This paper employs a state space-based nonlinear model order reduction (MOR) approach with well-suited model order reduction techniques for linearization points. From the original method of sampling the nonlinear state space and clustering the sampled points into regions with similar dynamic behavior, we replaced the dominant pole MOR with a modified Krylov subspace projection method based on Padé-via-Lanczos (PVL). The reduced model quality improves and becomes numerically stable enough to handle analog circuits with hundreds or more (parasitic) poles. The generated Hybrid Automata (HA) can be utilized for formal verification via reachability analysis. We demonstrated the effectiveness of our approach on four nonlinear analog circuits accomplishing significantly less approximation errors of 25X compared to other MOR methods.

Index Terms—Formal Verification, Model Order Reduction, Nonlinear Analog Circuits

## I. INTRODUCTION

Robust formal verification techniques are crucial for safetycritical applications such as medical devices and autonomous driving. However, the complexity and nonlinearity of its analog circuits' transistor models hinder the formal verification methods. These nonlinear circuits can be modeled at high abstraction levels with multiple linear regions, creating a hybrid automaton (HA) - at best, with automatic model order reduction (MOR) techniques.

This paper proposes a new approach for the MOR of nonlinear analog circuits using a state space approach, as shown in Fig. 1. The general method starts by sampling the nonlinear analog circuit's state space. The locations of the HA are identified by clustering the sampled points into different groups and regions based on their eigenvalues using K-means. A MOR on representative points in that region is performed for each region. We propose two alternative MOR algorithms replacing the existing dominant pole order reduction. Additionally, we adapt the following HA generation to the new algorithms. The generated HA exhibits a linear behavior described by a state space representation in each region. Finally, guards and invariants of each region are defined to prepare the HA for reachability analysis and transform the generated behavioral model back to the original state space. The latter enables formal verification of given specifications. Our contributions to this paper are:

• An improvement of the abstraction process to HA by replacing the dominant pole order reduction with an enhanced PVL and a third method, balanced truncation, for comparison reasons.



Fig. 1: The proposed approach overview. Starting from a nonlinear analog circuit, sampling the state space enables linearizing the circuit in each sample point. Then clustering the sampled points according to their eigenvalues to generate a hybrid automaton (HA) to be utilized for reachability analysis or other formal verification methods.

- An explicit algorithmic description and evaluation of the three methods using four nonlinear examples.
- Formal verification of the generated hybrid automata.

The results section shows that the generated behavioral model preserves the original system functionality and presents superior performance.

# **II. PREVIOUS WORK**

Multiple linear model order reduction methods are present in the literature. The modal reduction methods, such as Dominant Pole MOR (DP), where we first convert the system realization to a diagonal realization, then remove the least significant modes. The Balanced Truncation (BT) methods start with a balanced realization of the system, where each state is equally observable and controllable. The least significant states are directly truncated [1],[2]. Finally, Krylov subspace methods, such as Arnoldi, Lanczos, and PVL, where the reduced system transfer function retains its main parameters, the moments. For nonlinear model order reduction, the problem is more challenging. [3] introduced the trajectory piecewise linear modeling approach. It is further improved by [4] using polynomials for each operating point, resulting in weak nonlinear modeling. [5] presents an actual approach using Krylov subspace methods and k-means clustering to group operating points from one or several transient analyses to one representative. However, state space methods provide better control over the modeled part and the nonlinearities compared

to transient trajectory-based methods. It allows piecewise linear hybrid automaton modeling of the whole state space and facilitates formal proofs [6]. The basic modeling technique proposed in [7] integrates the dominant pole MOR in an underlying state space reduction method. Its method suffers from imprecise static gain approximation if the reduction ratio is large and many poles are at lower frequencies.

To address the problems mentioned above, we extend the state space reduction approach by leveraging the Padé-via-Lanczos (PVL) method initially proposed in [8]. We incorporate various follow-up improvements, such as ensuring that the model is passive and stable depending on the underlying circuit's known properties and extending it to support the underlying nonlinear MOR using state spaces.

# III. MODEL ORDER REDUCTION

The Padé-via-Lanczos (PVL) algorithm proves its superior performance in the analysis of large linearized circuits compared to other MOR methods [8]. It can provide a very accurate approximation of the circuit transfer function over a wide frequency range. Starting from the original *m*-order linear SISO system after sampling the nonlinear state space:

$$C \cdot \vec{x} = -G \cdot \vec{x} + \vec{b} \cdot u \tag{1}$$
$$y = \vec{r}^{\mathsf{T}} \cdot \vec{x}$$

Where  $\vec{x} \in \mathbb{R}^n$  is the vector of *n* variables in the system (for analog circuits, mainly voltages and currents),  $G, C \in \mathbb{R}^{n \times n}$  are the linearized conductance and capacitance matrices, the system input *u* and the output *y*.  $\vec{b}$ , and  $\vec{r}^T$  are the input and output vectors, respectively. One can choose a fixed expansion point  $s_0$  such that  $(G+s_0C)$  is non-singular. With that, we can define *M* and *R* in general as follows:

$$M = -(G + s_0 C)^{-1} C \tag{2}$$

$$R = (G + s_0 C)^{-1} b (3)$$

with  $M \in \mathbb{R}^{n \times n}$  and  $R \in \mathbb{R}^n$ . In our target analog circuits, the frequency range of interest is in the lower bound. Hence, we chose  $s_0 = 0$ ; then we can rewrite the description for the original system in (1) as:

$$-M \cdot \vec{x} = -I \cdot \vec{x} + R \cdot u \tag{4}$$
$$v = \vec{r}^{\mathsf{T}} \cdot \vec{x}$$

Where  $I \in \mathbb{R}^{m \times m}$  is the identity matrix. Applying the Lanczos process for the reduction of the matrix M as presented in [8] generates the square matrix  $T_q \in \mathbb{R}^{q \times q}$  which is the best approximation to M, and the Lanczos vectors  $v_q$  and  $w_q$ . The approximation guarantees that  $T_q$  match the maximal number of moments in M. The generated reduced q-order linear system:

$$-T_q \cdot \vec{z} = -I \cdot \vec{z} + \vec{e}_1^{\mathsf{T}} \cdot u$$

$$y = \vec{r}^{\mathsf{T}} \cdot R \cdot \vec{e}_1 \cdot \vec{z}$$
(5)

where  $\vec{e}_1 = [1, 0, ..., 0]^{\mathsf{T}} \in \mathbb{R}^q$  is the first unit vector in the reduced space  $R_q$  and  $\vec{z} \in \mathbb{R}^q$  is the state reduced vector. A further step is required to simplify our reduced model to a hybrid automaton conform form. An Eigendecomposition carries it out as follows:

$$T_q = S_q \cdot \Delta_q \cdot S_q^{-1} \tag{6}$$

$$\Delta_q = diag(\lambda_1, \lambda_2, \dots, \lambda_q) \tag{7}$$

That leads to a final reduced system:

$$\hat{\vec{z}} = \Delta_q^{-1} \cdot \hat{\vec{z}} - \Delta_q^{-1} \cdot S_q \cdot \vec{e}_1^{\mathsf{T}} \cdot u$$

$$y = \vec{r}^{\mathsf{T}} \cdot R \cdot \vec{e}_1 \cdot S_q^{-1} \cdot \hat{\vec{z}}$$
(8)

To evaluate the reachability analysis results and compare them with the original circuit simulation results, a backtransformation from the  $\hat{z}$  space to the original circuit variables can be easily performed by:  $\vec{x} = v_q \cdot S_q^{-1} \cdot \hat{z}$ .

# IV. NONLINEAR MODEL ORDER REDUCTION USING STATE SPACE TECHNIQUE

We aim to generate a low-dimension Hybrid Automaton (HA) from nonlinear analog circuits for formal verification approaches. Additionally, a behavioral model can be automatically generated for system simulation. The base for both goals is sampling the nonlinear state space to gain knowledge of all reachable behavior. This state space sampling



Fig. 2: Steps in generating HA from sampled points in state space: a) Eigenvalues in projected state space leading to region identification, b) generated HA, c) guards and invariants shown in reduced state space.

is the first step of our approach, as shown in Fig. 1. Second, we cluster the operating points in the sampled state space using Kmeans into multiple groups based on the system eigenvalues. The optimal number of clusters is evaluated using the silhouette coefficient. Multiple regions can be identified for each group based on the connection graph expressing the dynamics in the state space. We use a second-order lowpass filter as an example to demonstrate the second step. The result of the clustering is illustrated in Fig. 2 a) where  $\lambda_1$  is the system's first eigenvalue,  $(V_{nin2})$  and  $(V_{nout} - V_{neg})$  are the circuit's main state variables. The system in Fig. 2 a) is clustered into two groups, while group1 consists of two regions. Each region defines a location in the generated HA

where the sampled points exhibit similar behavior. We select a representative operating point from each location's points to gain processing speedup. The operating point of each region is chosen as the closest DC point to the global center at zero input voltage. We apply the PVL model order reduction approach on each region operating point's linearized G and Cmatrices. Hence, each region is automatically abstracted by a reduced-order linear ordinary differential equation (ODE) represented in three locations of the HA shown in Fig. 2 b). An invariant for each location of the HA is computed, describing the region where the differential equation is valid. Additionally, we generate a set of guards describing a location transition and a reset or jump function for each region. In Fig. 2 c), the guards and invariants are shown in the reduced state space for all the locations. Finally, we can run a reachability analysis to verify the abstracted model behavior using the CORA tool formally [9] on the generated HA.

#### V. EXPERIMENTAL RESULTS

We have evaluated our approach on a nonlinear transmission line (TL), an extracted netlist of a buffer, a bandgap voltage reference (Bg), and an active second-order lowpass filter (LPF). We describe all circuits on the transistor level with BSIM transistor models. They all have nonlinear behavior: some will go into a limiting mode (transmission line, buffer, low pass filter) while the bandgap leaves the wanted operating point, e.g., when the supply voltage goes down. We perform all tests in MATLAB environment along with the vera state space sampling tool [10] implemented in C++ and directly integrated with the circuit simulator Gnucap [11]. The main properties of the four examples are listed in Tab. I, along with a comparison of the run time of each of the implemented MOR methods. For the sake of comparison, we are only comparing the time required to run the model order reduction. Dominant Pole is faster than the other two methods since its computational cost is relatively less. However, as proven in all the results, DP fails to preserve the original system static gain and generates a reduced system with significant approximation errors, as shown in Tab. II. On the other hand, the proposed PVL consumes much less time than BT, making PVL the method of choice for model order reduction of large dynamic systems.

TABLE I: Description of the four nonlinear circuits

|                           | TL     | Buffer | Bandgap | LPF    |
|---------------------------|--------|--------|---------|--------|
| Original order (n)        | 38     | 882    | 90      | 24     |
| Original finite order (m) | 22     | 681    | 37      | 12     |
| Reduced order (q)         | 2      | 4      | 3       | 2      |
| Num. of transistors       | 2      | 97     | 43      | 11     |
| Num. of passive elements  | 30     | 4030   | 50      | 5      |
| Num. of regions           | 3      | 2      | 2       | 3      |
| $f_{min}$ (Hz)            | 0      | 0      | 0       | 0      |
| $f_{max}$ (Hz)            | 1.52E3 | 5.66E8 | 7.86E6  | 1.92E9 |
| DP run time (sec)         | 0.0308 | 6.8093 | 0.0245  | 0.0316 |
| BT run time (sec)         | 0.0590 | 17.585 | 0.0595  | 0.0675 |
| PVL run time (sec)        | 0.0270 | 7.4535 | 0.0378  | 0.0385 |

Fig. 3 compares the frequency response of the transmission line model shown in Fig. 1 with its reduced systems generated from the three implemented MOR methods. PVL and BT preserved the original DC gain of 12.5833 through reduction, resulting in a DC gain of 12.5833 and 12.5834, respectively. On



Fig. 3: The nonlinear transmission line frequency response in (dB) reduced to order (2) in location g2r1, where this location presents the linear middle region

the other hand, the DP produced a DC gain of 11.8463 and even higher approximation errors at higher frequencies. However, the frequency range of interest is between 0 and 1.5kHz, where the PVL outperforms other MOR methods as detailed in Tab. II.



Fig. 4: The buffer frequency response reduced to order (4) in location g1r1, where this location presents the desired linear region in the circuit output voltage as shown in the smaller box.

The frequency response of the buffer circuit shown in Fig. 4 outlines the main drawback of the Dominant Pole's inability to preserve the DC gain. On the other hand, BT and the proposed PVL can easily match the original circuit stationary gain. However, the BT at higher frequencies > 10MHz fails to maintain the original circuit's nonlinear behavior.

We compare all three MOR methods in Tab. II for each example in all locations of the generated HA. The relative approximation error is calculated over a sampled frequency range between  $f_{min}$  and  $f_{max}$  reported in Tab. I. One can see that the PVL method outperforms the others in nearly all regions of the HA, especially for critical cases where many parasitic poles exist: the buffer as an extracted netlist or the transmission lines with many stages. PVL exhibits superior results and does not show the significant approximation error of the other two methods. To better judge the improvement from replacing the Dominant Pole MOR with our proposed enhanced PVL, we defined an improvement factor  $IF_{DP}$ . where  $IF_{DP} =$  $\varepsilon_{Proposed}/\varepsilon_{DP}$ , and  $IF_{BT} = \varepsilon_{Proposed}/\varepsilon_{BT}$ . The proposed PVL outperforms BT and DP especially when  $q \ll n$ , hence we can reduce the original system to lower orders with higher accuracy than the other MOR methods. The average improvement factor to DP for the four circuits is 25.93.

#### VI. FORMAL VERIFICATION USING HYBRID AUTOMATA

A significant advantage of the HA is the ability to employ it for formal verification, which is essential in safety-critical

TABLE II: Comparison of relative approximation error of different MOR methods

|      | Region               | $\epsilon_{DP}$                      | $\epsilon_{BT}$              | $\epsilon_{Proposed}$         | $IF_{DP}^{*}$              | $IF_{BT}^{*}$               |
|------|----------------------|--------------------------------------|------------------------------|-------------------------------|----------------------------|-----------------------------|
| TL   | g1r1<br>g1r2<br>g2r1 | 0.1270<br>0.1321<br>0.0700           | 0.0192<br>0.0365<br>0.0264   | 0.0102<br>0.0103<br>0.0078    | 12.499<br>12.812<br>9.0150 | 1.8882<br>3.5414<br>3.3977  |
|      | Average              | 0.1097                               | 0.0274                       | 0.0094                        | 11.442                     | 2.9424                      |
| Buf. | g1r1<br>g2r1         | 0.9997<br>140.91                     | 0.3841<br><b>0.8213</b>      | <b>0.2956</b><br>0.9996       | 3.3820<br>140.96           | 1.2995<br>0.8216            |
|      | Average              | 70.955                               | 0.6027                       | 0.6476                        | 72.173                     | 1.0606                      |
| Bg   | g1r1<br>g2r1         | 2.9530<br>9.3164                     | 0.9115<br>0.9970             | 0.2437<br>0.1557              | 12.116<br>59.833           | 3.7398<br>6.4034            |
|      | Average              | 6.1347                               | 0.9543                       | 0.1997                        | 35.974                     | 5.0716                      |
| LPF  | g1r1<br>g1r2<br>g2r1 | 4.8E-08<br><b>1.0E-07</b><br>6.6E-09 | 2.5E-08<br>1.2E-07<br>0.0264 | 1.8E-08<br>1.2E-07<br>1.3E-09 | 2.6172<br>0.8666<br>5.1539 | 1.3947<br>1.0000<br>2.1E+07 |
|      | Average              | 5.2E-08                              | 0.0088                       | 4.6E-08                       | 2.8793                     | 6.9E+06                     |
| Avg. |                      | 19.30                                | 0.3983                       | 0.2142                        | 25.93                      | 2.1E+06                     |



systems like electronics for autonomous driving. We can verify HA with an reachability checker like CORA [12]. The piecewise linear description of the HA widened by the underlying zonotopes of the formal verification tools can perfectly enclose the behavior of the original circuit. The generated models are more accurate with the proposed PVLbased MOR method, especially the DC-gain (see Sec. V) compared to the dominant pole MOR. Additionally, this can lead to much tighter enclosures of reachable sets. For example, we put a large input step exciting the opamp from Fig. 2. The step starts from a set of starting points, and, therefore, it consists of a set of steps. The resulting reachable region at the output presented in Fig. 5 together with a forbidden region (red) stemming from a Signal Temporal Logic (STL) statement [6]:  $G(v_{nout} > -2.0)$ . This equation states that the output voltage will never (G=globally) reach -2V and below. Finally, CORA can prove this by conducting a reachability analysis, where the result never touches that forbidden region. Other general statements in STL including F for future, U for until and time constraints can be also checked using CORA on these automata. For the same reachability analysis of Fig. 5 we can define for example  $(V_{nout} > -1.0)U_{[0.02,0.1]}(V_{nout} < -0.8)$  meaning that the output voltage will reach values smaller than -0.8 in a given time period. This statement successfully ensures a minimum reaction time or slew rate.

# VII. CONCLUSION

In this paper, we introduced a state space-based approach for the order reduction of nonlinear analog circuits. We generated a reduced dimensional Hybrid Automaton to utilize it for formal verification methods. We integrated an improved PVL method to reduce the computational complexity and achieve processing speedup. Besides changing the kernel method in that methodology, we adapt the subsequent generations of invariants and guards of the HA to the new method. We chose the PVL method for its low approximation error compared to the modal and balanced Truncation MORs. The experimental



Fig. 5: Reachability results of the second order low pass filter applying the proposed PVL. The green and yellow regions are the reachable set for a given input step. The red region is the forbidden region from the  $G(v_{nout} > -2.0)$  STL statement. The light yellow, purple and light blue regions are visualizing the  $(V_{nout} > -1.0)U_{[0.02,0.1]}(V_{nout} < -0.8)$  STL statement for ensuring a certain reaction time.

results of four nonlinear analog circuits confirm the superiority of the proposed MOR approach. Compared to Dominant Pole MOR, it achieves an average improvement factor of 25.93. A reachability analysis shows tight and accurate bounds.

## ACKNOWLEDGMENT

The authors gratefully acknowledge financial support by the German Research Foundation (DFG) project (FAI) under grant HE 2673/11\_2.

## REFERENCES

- B. Moore, "Principal component analysis in linear systems: Controllability, observability, and model reduction," *IEEE transactions* on automatic control, vol. 26, no. 1, pp. 17–32, 1981.
- [2] S. Gugercin and A. C. Antoulas, "A survey of model reduction by balanced truncation and some new results," *International Journal of Control*, vol. 77, no. 8, pp. 748–766, 2004.
- [3] M. Rewienski and J. White, "A Trajectory Piecewise-Linear Approach to Model Order Recution and Fast Simulation of Nonlinear Circuits and Micormachined Devices," *IEEE Transactions on Computer-Aided Design* of Integrated Circuits and Systems, vol. 22, no. 2, pp. 155–170, 2003.
   [4] N. Dong and J. Roychowdhury, "General-purpose nonlinear model-
- [4] N. Dong and J. Roychowdhury, "General-purpose nonlinear modelorder reduction using piecewise-polynomial representations," *IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems*, vol. 27, no. 2, pp. 249–264, 2008.
- [5] H. Aridhi, M. H. Zaki, and S. Tahar, "Enhancing model order reduction for nonlinear analog circuit simulation," *IEEE Transactions on Very Large Scale Integration (VLSI) Systems*, vol. 24, no. 3, pp. 1036–1049, 2015.
- [6] H. Roehm, J. Oehlerking, T. Heinz, and M. Althoff, "STL model checking of continuous and hybrid systems," in *International Symposium on Automated Technology for Verification and Analysis*. Springer, 2016, pp. 412–427.
- [7] A. Tarraf and L. Hedrich, "Behavioral modeling of transistor-level circuits using automatic abstraction to hybrid automata," in *Design Automation* and Testin Europe (DATE), Florence, 2019.
- [8] P. Feldmann and R. Freund, "Efficient Linear Circuits Analysis by Pade Approximation via the Lanczos Process," *IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems*, vol. 14, no. 5, pp. 639–649, 1995.
- [9] N. Kochdumper, A. Tarraf, M. Rechmal, M. Olbrich, L. Hedrich, and M. Althoff, "Establishing reachset conformance for the formal analysis of analog circuits," ASP-DAC: Asia and South Pacific Design Automation Conference, 2020.
- [10] S. Steinhorst and L. Hedrich, "Advanced methods for equivalence checking of analog circuits with strong nonlinearities," *Formal Methods* in System Design, vol. 36, no. 2, pp. 131–147, 2010.
- [11] A. Davis, "An overview of algorithms in Gnucap," in University/Government/Industry Microelectronics Symp., 2003, pp. 360–361.
- [12] M. Althoff, "An Introduction to CORA 2015," Proc. of the Workshop on Applied Verification for Continuous and Hybrid Systems, 2015.