COEN7501: Formal Hardware Verification

Transcription

1 COEN7501: Formal Hardware Verification Prof. Sofiène Tahar Hardware Verification Group Electrical and Computer Engineering Concordia University Montréal, Quebec CANADA

2 Accident at Carbide plant, India Causes: Corroding non-stainless steel pipes, Improper maintenance Loss: 3,787 deaths, over 500,000 people exposed Cost: $470 million, December 2-3, 1984 E. Broughton. The Bhopal Disaster and its Aftermath: A Review. Environmental Health, 4(6):1-6, May S. Tahar Formal Verification Probabilistic Analysis 2

3 Train Derailment in Germany Main cause of failure: wheel design, a single fatigue crack in one of the wheels Loss: 101 dead, 88 injured Cost: $30 Million, June 3,1998 Investigative Documentary on National Geographic Channel. Derailment at Eschede (High Speed Train Wreck), Seconds From Disaster., S. Tahar Formal Verification Probabilistic Analysis 3

4 Space Shuttles Challenger and Columbia Challenger (January 28, 1986) Columbia (February 1, 2003) Challenger: Cause: Failure of the pressure seal in the aft field joint of the right Solid Rocket Booste Design was unacceptably sensitive to a number of factors Columbia: During re-entry, damaged tiles in the heat shield allowed the hot gases to penetrate and destroy the internal wing structure, rapidly causing the in-flight breakup of the veh Loss: Entire crew in both accidents Rogers Commission report, Report of the Presidential Commission on the Space Shuttle Challenger Accident, Volume 1, chapter 4, page S. Tahar Formal Verification Probabilistic Analysis 4

5 5 Design Errors Floatingpoint division bug Patriot Missile Failure, a classical case of rounding error Floatingpoint to Integer conversion

6 Design Challenges 6 S. Tahar Formal Verification Probabilistic Analysis

7 What is Verification? 7 S. Tahar Formal Verification Probabilistic Analysis

8 Verification Technology 8 S. Tahar Formal Verification Probabilistic Analysis

9 Functional Verification - Simulation Most widely used system analysis approach Construct a computer based model of the system Analyze the behavior of the system model under a number of test cases to deduce properties of interest Easy to use May generate inaccurate results Practically impossible to test for all possible cases S. Tahar Formal Verification Probabilistic Analysis 9

10 Simulation A Practical Example Question: How long does it take to verify a 64-bit Floating Point Division Unit Answer: There are (2 64 x 2 64 ): test cases At 1 test/ s, it will take years!!! S. Tahar Formal Verification Probabilistic Analysis 10

11 Simulation Another Practical Example Question: How long does it take to verify a 256-bit RAM Memory Unit Answer: There are = bits to test At 1 test/ps and using all matters in our galaxy to build computers of the size of a single electron, it will take years to verify 0.05%!!! S. Tahar Formal Verification Probabilistic Analysis 11

12 Verification Gap 12 The situation is worsening as technology evolves S. Tahar Formal Verification Probabilistic Analysis

13 Functional Verification Formal Methods Construct a computer based mathematical model of the system along with its random components Use mathematical reasoning to check functional properties of interest Accurate results Consideration of all cases is implicit Sometimes is difficult and time consuming 13

14 Simulation Example Check if y>x for the given system (x is a natural number) x ( x 1 ) 2 y Test vectors (x) System output (y) y>x 1 4 True 2 9 True 5 36 True True True True ?????? 14

15 Formal Methods Example Check if y>x for the given system (x is a natural number) x ( x 1 ) 2 y 1 y>x Problem statement 2 (x+1) 2 >x Implementation 3 (x+1).(x+1)>x Definition of Square 4 (x+1).x+(x+1).1>x Distributivity 5 x.x+1.x+x.1+1.1>x Distributivity 6 x.x+x+x+1>x Multiplicative Identity 7 x.x+x+1+x>x Additive Commutivity 8 x.x+x+1>0 Addition Cancellation 9 True Natural numbers > 0 15

16 Most Widely used Formal Methods Equivalence Checking Model Checking Theorem proving S. Tahar System-on-Chip Formal Probabilistic Verification Analysis 16

17 Equivalence Checking System 1 System 2 Logic Formula 1 Logic Formula 2 Equivalence Checker True, if both formulas equivalent Counterexample, otherwise Both systems modeled as a Logic Formulas Formulas specified in Propositional Logic Allows automatic proof of equivalence (decidable and complete) Applicable on Combinational Systems (Circuits) Sequential (FSM) equivalence checking very costly S. Tahar System-on-Chip Formal Probabilistic Verification Analysis 17

18 Equivalence Checking Advantages Automatic (Push button type analysis tools) No proofs involved Diagnostic counter examples Disadvantages Limited expressiveness Combinational Circuits Equivalence Checking Tools VIS (Verification Interacting with Synthesis) - U. of California, Berkeley MDG (Multiway Decision Graphs) - U. de Montreal Conformal, Formality, etc S. Tahar System-on-Chip Formal Probabilistic Verification Analysis 18

19 Model Checking System is modeled as a State Transition Graph Properties are specified in Temporal Logic Allows the description of time-varying behaviour of systems Exhaustive verification by searching the state space of the system model to determine if the property holds 19

20 Model Checking Advantages Automatic (Push button type analysis tools) No proofs involved Diagnostic counter examples Disadvantages Limited expressiveness State-space explosion problem Model Checking Tools SMV (Symbolic Model Verifier) - Carnegie Mellon U. VIS (Verification Interacting with Synthesis) - U. of California, Berkeley SPIN, SLAM, PRISM, etc 20

21 Theorem Proving System is modeled as a function in some appropriate logic Properties are modeled as theorems in the same logic These theorems are interactively verified based on mathematical reasoning in a computer based proof system (Theorem Prover) 21

22 Theorem Prover A theorem prover consists of A notation (syntax) to express logic a small set of fundamental axioms (facts) A Boolean variable can be True or False: a.(a = T) (a =F) a small set of inference (deduction) rules Equality is transitive: a b c. (a = b) (b = c) (a = c) Soundness is assured as every new theorem must be created from The basic axioms and primitive inference rules Any other already proved theorems or inference rules Theory (collection of verified theorems in a file) Facilitate the reusability of pre-verified results 22

23 Theorem Proving Advantages High expressiveness Can be essentially used to analyze any system that can be expressed mathematically Less risk of mistakes (human errors) Some parts of the proofs can be automated Disadvantages Detailed and explicit human guidance required The state-of-the-art is limited Theorem Proving Tools Boyer-Moore (First-order Logic) U. of Texas, Austin PVS (Higher-order Logic) Stanford Research Institute HOL (Higher-order-logic) U. of Cambridge, UK 23

24 Some Formal Methods Myths Formal methods can only be used by mathematicians They are primarily based on mathematical concepts that is usually transparent to the user The reasoning process is itself prone to errors, so why bother? We opt to reduce design bugs not eliminate them Using formal methods tends to slow the design process The early detection of design bugs are allows us to speed up the overall design process 24

25 Formal Methods Applications Formal methods are widely used for the functional verification of many applications Microprocessors Software Conformance Cache Coherence Protocols Telecommunication Protocols Security Protocols Transportation Their utilization in the performance analysis domain has been somewhat limited though 25

26 Cost of Verification 26 Verification accounts for 60-70% of project cost (human, computing and time) Increasing VLSI technology and design complexity (1.7 billion transistors on chip) Traditional simulation limited to a tiny percentage of test cases Situation is most serious for safety critical applications Many research groups and companies are using formal verification as complement simulation

27

28 Hardware Verification Group Hardware Verification Group (HVG) founded in 1996 by Prof. Sofiene Tahar Recognized as University Research Center in 2007 Mission: develop Methodologies, Algorithms and Tools for Formal Verification of Hardware and Embedded Systems Currently composed of 25 researchers Faculty Postdoc PhD Master s

29 Current Research Interests System-on-a-Chip Verification Verification of Probabilistic Systems Verification of Security Systems Analog and Mixed Signal Verification Verification of Optical Systems Multiway Decision Graphs Verification Applications (with industry)

30 Tools Development

31 Industrial Applications Amirix

32 HVG Home Page

33 HVG Laboratories

34 HVG Global Visibility

35 HVG (Visitors World Map)

36 Academic Partners 36

37 Free Ad! Anyone interested for a more information on Formal Verification? Visit 37