The present invention relates to methods to improve the speed, accuracy and efficiency of Reverse Engineering of electronic circuits. The present invention is further drawn to computer systems and software to improve the speed, accuracy and efficiency of integrated circuits.
Integrated circuits (ICs) are a relatively new technology generally comprising a small piece of semiconducting material, upon which transistors, connectors, and other functional units have been imprinted. Originally ICs were large, ungainly, and relatively simple devices, but have since evolved to a level of enormous complexity. Modern ICs can contain many millions of transistors in a single square centimeter. In general, ICs are designed from complex libraries of subcircuits that are carefully mapped, tested and documented for their intended use.
There are times, however, when an IC must be understood without the aid of the manufacturer""s documentation. The process of understanding a circuit without specifications is called xe2x80x9cReverse Engineering.xe2x80x9d Situations requiring Reverse Engineering can arise under a number of circumstances. IC manufacturers, for example, often go out of business, or stop production of certain ICs, thereby presenting difficulties to dependent customers. Such a customer may need to understand the gate-level functionality of the IC in order to re-manufacture it. In addition, Reverse Engineering of ICs is useful for intellectual property analysis, competitive analysis, malfunction analysis, security analysis, or the verification of a manufacturer""s specifications during the design process.
Reverse Engineering is the inverse of the design process. The design process begins with an abstract description of a target device and, through a succession of refinements, produces an implementable design. Reverse Engineering begins with the disassembly of a manufactured device and ends with an abstract description of its functionality. In the case of ICs, the disassembly process consists of obtaining an image of the IC""s internal structure and extracting a transistor-level netlist from the image. This netlist description then undergoes transformation to successively higher levels of abstraction until it becomes a suitably high-level description of the circuit""s behavior.
The Reverse Engineering of a modern IC presents a number of substantial difficulties. IC manufacturers generally endeavor to make ICs as small as possible, but with as much functionality as possible. In addition, manufacturers will often attempt to obfuscate the most important features of the circuit, with the intent to hinder Reverse Engineering. To the reverse engineer, who may begin with only a general understanding of the IC""s function and an unmarked image of the IC itself, the task of unraveling a modern IC can seem impossible.
The art of Reverse Engineering of ICs has not advanced particularly far. It is standard practice to attempt Reverse Engineering of an IC without the aid of software suited to that task. In such a xe2x80x9cmanualxe2x80x9d process, an image of the IC of interest will be magnified, allowing engineers to meticulously examine possible subcircuits. Often entire rooms are devoted to IC graphs used in the process of Reverse Engineering. This process is slow and obviously limited to ICs of a less complicated nature. Advancements in the art have languished, partly because of a failure to recognize possibilities for automation, and partly because of the seemingly insurmountable computational barriers to automation.
Notably, syntactic matching, although suggested as early as 1985, has never been demonstrated to successfully reverse engineer circuits of non-trivial complexity. Syntactic matching relies on a library of known subcircuits, and attempts to find exact matches for these subcircuits within a larger circuit. To accomplish this, the syntactic matching program must attempt to match every known library instance gate by gate with the unknown IC. For ICs of even trivial complexity, this process very quickly becomes computationally intractable. In addition, syntactic matching is very literal, and does not easily compensate for slight changes in a subcircuit that have no effect on function. For these reasons, syntactic matching has remained a laboratory practice.
Another possible approach involves semantic matching. Semantic matching seeks to reduce a subcircuit to a canonical form, which is dependent only on the input to output mapping of the circuit. The canonical form is then matched against a library of known canonical forms. Semantic matching is less literal than syntactic matching and more able to handle non-functional variations in a subcircuit. Semantic matching, however, is even more computationally intensive than syntactic matching. A straight semantic matching approach would involve examination of every possible subcircuit in an IC for relevance. For example, consider an IC with gates labeled 1 through N. The semantic matcher must start with gate 1, and assume that it itself forms a subcircuit. The semantic matcher must then look at gate 1 and gate 2 to see if they form a subcircuit together. Next gate 1 and gate 3, and so on until gate 1 and gate N are considered. The next iteration would examine gate 1, gate 2 and gate 3, and so forth. The effort required for this process is at least exponentially related to the number of gates in the IC. Semantic matching has thus not been successfully demonstrated prior to the present invention.
It is therefore an object of the invention to provide an improved automated aid for the Reverse Engineering of circuits or other components.
It is a further object of the present invention to provide an improved automated aid for the Reverse Engineering of ICs.
It is a further object of the present invention to provide an improved method for the use of syntactic matching for the Reverse Engineering of complex ICs.
It is a further object of the present invention to provide an improved method for the use of semantic matching for the Reverse Engineering of complex ICs.
It is a further object of the present invention to provide an improved method for the use of syntactic and semantic matching in cooperation for the Reverse Engineering of complex ICs.
It is a further object of the present invention to provide an improved automated aid for the use of syntactic and semantic matching in the Reverse Engineering of complex ICs.
It is a further object of the present invention to provide improved support methods for the use of syntactic and semantic matching in the Reverse Engineering of ICs.
It is a further object of the present invention to provide improved computational software to allow an operator to automate as much of the IC Reverse Engineering process as possible.
It is a further object of the present invention to provide improved software with convenient workflow.
It is a further object of the present invention to provide an improved, single software package that allows an operator to conveniently apply syntactic and semantic matching along with support methodologies to certain subsections of an IC at certain times in the Reverse Engineering process, with the goal of expediting the Reverse Engineering process.
It is a further object of the invention to improve the ability to reverse engineer complex ICs.
It is a further object of the present invention to provide a computer system operating with at least one processor and memory that can aid in the process of reverse engineering of ICs.
Further objects and advantages of the present invention, together with the organization and manner of operation thereof, will become apparent from the following detailed description of the invention when taken into conjunction with the accompanying drawings.
The invention relates to a computer system involving software and a method with multiple steps to analyze a circuit having a plurality of electronic or optical elements to determine the sequence of functions within the circuit. The invention is directed specifically toward the Reverse Engineering of ICs, but can be used to understand programmable logic arrays, optical switching systems and the like. The invention will be useful in Reverse Engineering, as well as other types of analysis applicable to the design, testing, manufacture, remanufacture and analysis of circuits.
One form of the present invention relates to the computer implementation of software to aid the Reverse Engineering process. The software allows the input of an integrated circuit graph or netlist. The netlist can be prepared for analysis by means of several graphing tools. These tools help the operator search for important pieces of the IC graph on which to focus analysis. The netlist can be then analyzed through means of accompanying matching tools. A library of known components is constructed, and for complicated circuits the IC will be analyzed iteratively, focusing on different subsections in order to simplify the Reverse Engineering process.
Another form of the present invention relates to a method for analyzing circuits and other similar items. An analyst applies one of several computational engines iteratively, arriving successively at a more complete picture of the overall functionality of a circuit.
The above described objects and embodiments are set forth in the following description and illustrated in the drawings described herein.