how do i use all this?. how do i use all this, really?

How do I use all this?

How do I use all this, really?

How do I use all this, really?– Detailed step-by-step description of a

pipeline verification example

Outline

1 Informal Introduction

2 Formal Definitions Reactive Systems

Witnessed Refinement Proofs

Slicing Reactive Systems

Decomposing Refinement Proofs

3 Formal Example: Three-Stage Pipeline

4 Informal Example: Dataflow Processor Array

isaRegFile

src1src2dest outstall isaOut

isaAlu

Specification: ISA

isaRegFileop

src1src2dst outstal

lisaOut

isaAlu

load r1 1

xnor r2 r1 r1

store r2

r1 := 1

r2 := 0

out := 0

Notes:

1. Store instruction results in an output

2. Memory hierarchy is not represented

3. Why do we need “stall” ?

regFile

out out

FETCH EXECUTE WRITE-BACK

regFile

opr2res

isaRegFileop

src1src2dst outstal

lisaOut

regFile

opr2res

isaAlu

Goal: Establish Pipeline refines ISA

isaRegFileop

src1src2dst outstal

lisaOut

regFile

opr2res

isaAlu

need for “stall” in ISA

isaRegFileop

src1src2dst outstal

lisaOut

regFile

opr2res

isaAlu

witnessed refinement

isaRegFile isaAlu

Limitation: State explosion

isaRegFileop

src1src2dst outstal

lisaOut

regFile

opr2res

isaAlu

Why not decompose

proof?

regFile

out out

FETCH EXECUTE WRITE-BACK

regFile

out out

WRITE-BACK

EXECUTE

regFile

isaRegFileop

src1src2dst outstal

lisaOut

outout

isaAlu

Why not decompose

proof?

isaRegFileop

src1src2dst outstal

lisaOut

regFile

outout

isaAlu

Why not decompose

proof?

isaRegFileop

src1src2dst outstal

lisaOut

regFile

isaAlu

Why not decompose

proof?

isaRegFileop

src1src2dst outstal

lisaOut

regFile

opr2res

isaAlu

Decompositon does not work!

isaRegFile

isaAlu

isaRegFile

isaAlu

isaRegFile

src1src2dst outstal

lisaOut

resp2dst

regFile

opr2res

“out” proof isaAlu

isaRegFileop

src1src2dststal

outout

isaAlu

“out” proof

isaRegFileop

src1src2dststal

regFile

outout

isaAlu

“out” proof

isaRegFileop

src1src2dststal

regFile

isaAlu

“out” proof

isaRegFileop

src1src2dststal

resp2dst

regFile

isaRegFileop

src1src2dststal

resp2dst

regFile

outisaOut

regFile

out out

WRITE-BACK

isaRegFile

src1src2dst outstal

lisaOut

resp2dst

regFile

opr2res

“res” proof isaAlu

isaRegFile

src1src2dststal

isaRegFile

src1src2dststal

res resp2dst

EXECUTE

isaRegFile

src1src2dst outstal

lisaOut

resp2dst

regFile

opr2res

“opr1” proof isaAlu

isaRegFileop

src1src2dststal

resp2dst

regFile

“opr1” proof isaAlu

isaRegFileop

src1src2dststal

resp2dst

regFile

“opr1” proof

opr1opr1

isaAlu

regFile

EXECUTE

WRITE-BACK

isaRegFile

src1src2dst outstal

lisaOut

resp2dst

regFile

opr2res

isaAlu

But.. is this really practical?

But.. is this really practical?– Verification of VGI multiprocessor

Outline

1 Informal Introduction

2 Formal Definitions Reactive Systems

Witnessed Refinement Proofs

Slicing Reactive Systems

Decomposing Refinement Proofs

3 Formal Example: Three-Stage Pipeline

4 Informal Example: Dataflow Processor Array

• VGI = “Video-Graphics-Image”• Designed by Infopad group at

Berkeley • Purpose: web-based image

processing• Designed using

– VHDL (control) – Schematics (Data path)

VGI Architecture

• 16 clusters with 6 processors in each - 4 compute, 1 memory, 1 I/O

• ~30K logic gates per processor• ~800 latches per processor• Pipelined compute processors• Low latency data transfer between

processors - complex control

VGI Architecture

Complex handshakepipeline

pipeline pipeline

pipeline

FIFO buffer

ISA ISA

Complex handshakepipeline

pipeline pipeline

pipeline

Verification

• Different time scales• Implementation

– two-phase clock– level-sensitive latches – activity on both HI and LO phases of

• Specification – no clk signal

Sample Operator

I’ = Sample I at

Runs of I’ = Runs of I sampled at instances where holds

pipeline

pipeline pipeline

pipeline

ISA ISA

Difficulty - Verification

• Size of the VGI chip – ~800 latches in each compute

processor– 64 compute processors

• Need “divide and conquer”

Step 1: Network of Processors to Single Processor

pipeline

pipeline pipeline

pipeline

ISA ISA

pipeline

pipeline pipeline

pipeline

ISA ISA

pipeline

pipeline pipeline

pipeline

ISA ISA

pipeline

ISAISA

pipeline

clkclk

Step 2: Single Processor

• Single processor still has ~800 latches• Need “divide-and-conquer” again

pipeline

CommStage

ALUGateLevel

REGFILE

ALUSpec

ISA REGFILE

FIFObuffer

Input from upstream processor

VGI Results

• All lemmas (exceptALU) checked by Mocha in a few minutes

• 3 bugs in communication control found and fixed

• Abstract definitions crucial - designer insight needed

how do i use all this?. how do i use all this, really?

isaregfile op inp src1

isaalu op inp src1 src2

res stall p2op

isaout isaalu slide

proof slide

isaalu res

proof isaalu slide

opr1 opr2 res slide

Documents

how do we use energy

how do you use analytics?

how do people use energy final

how do people use plants?

how do i use studywiz

how do salesforce admins use realzips?

how much energy do we use?

how do i use use the group instant feature?

how do i use easybib ?

how do economists use evidence?

how do people use twitter?

how do lawyers use social media?

how do living things use energy?. objective: where do...

how do i use gotowebinar?

how do our clients use conops?

how do people use water resources

how do we use the mole?

how do marine organisms use light?

how do we use air & water

how do you use electricity?