coen7501: formal hardware verification - concordia university
TRANSCRIPT
COEN7501: Formal Hardware Verification
Prof. Sofiène TaharHardware Verification Group
Electrical and Computer EngineeringConcordia University
Montréal, QuebecCANADA
Formal Probabilistic Analysis
2
Accident at Carbide plant, India
Cost: $470 million, December 2-3, 1984Loss: 3,787 deaths, over 500,000 people exposedCauses: Corroding non-stainless steel pipes, Improper maintenance
E. Broughton. The Bhopal Disaster and its Aftermath: A Review. Environmental Health, 4(6):1-6, May 2005.
Formal VerificationS. Tahar
Formal Probabilistic Analysis
3
Train Derailment in Germany
Loss: 101 dead, 88 injuredMain cause of failure: wheel design, a single fatigue crack in one of the wheels
Formal VerificationS. Tahar
Cost: $30 Million, June 3,1998
Investigative Documentary on National Geographic Channel. Derailment at Eschede (High Speed Train Wreck), Seconds From Disaster., 2007.
Formal Probabilistic Analysis
4
Space Shuttles Challenger and Columbia
Challenger (January 28, 1986)
Challenger: Cause: Failure of the pressure seal in the aft field joint of the right Solid Rocket BoosteDesign was unacceptably sensitive to a number of factors
Columbia: During re-entry, damaged tiles in the heat shield allowed the hot gases to penetrateand destroy the internal wing structure, rapidly causing the in-flight breakup of the veh
Columbia (February 1, 2003)
Formal VerificationS. Tahar
Loss: Entire crew in both accidents
Rogers Commission report, Report of the Presidential Commission on the Space Shuttle Challenger Accident, Volume 1, chapter 4, page 72. http://history.nasa.gov/rogersrep/v1ch4.htm, 1986.
Formal Probabilistic Analysis
Design Errors
Patriot Missile
Failure, a classical case of rounding
error
Floating-point division
bug
Floating-point to Integer
conversion
5
S. Tahar Formal Verification
Formal Probabilistic Analysis9
Functional Verification - Simulation
Most widely used system analysis approachConstruct a computer based model of the systemAnalyze the behavior of the system model under a
number of test cases to deduce properties of interest
Easy to useMay generate inaccurate results
Practically impossible to test for all possible cases
Formal VerificationS. Tahar
Formal Probabilistic Analysis10
Simulation –A Practical Example
Question: How long does it take to verify a 64-bitFloating Point Division Unit
Formal VerificationS. Tahar
Answer: There are (264 x 264): 2128 test cases At 1 test/s, it will take 1025 years!!!
Formal Probabilistic Analysis11
Simulation –Another Practical Example
Question: How long does it take to verify a 256-bit RAM Memory Unit
S. Tahar
Answer: There are 2256 = 1080 bits to test At 1 test/ps and using all matters in our
galaxy to build computers of the size of a single electron, it will take 1010 years to verify 0.05%!!!
Formal Verification
Formal Probabilistic Analysis
Verification Gap
The situation is worsening as technology evolves
12
Formal VerificationS. Tahar
Formal Probabilistic Analysis13
Functional Verification –Formal Methods
Construct a computer based mathematical model of the system along with its random components
Use mathematical reasoning to check functionalproperties of interest
Accurate results Consideration of all cases is implicit
Sometimes is difficult and time consuming
S. Tahar Formal Verification
Formal Probabilistic Analysis14
Simulation –Example Check if y>x for the given system (x is a natural number)
Test vectors (x) System output (y) y>x1 4 True
2 9 True
5 36 True
9 100 True
67 4624 True
1000 1002001 True
1000000 ??? ???
2)1( xx y
S. Tahar Formal Verification
Formal Probabilistic Analysis15
Formal Methods –Example Check if y>x for the given system (x is a natural number)
1 y>x Problem statement
2 (x+1)2>x Implementation
3 (x+1).(x+1)>x Definition of Square
4 (x+1).x+(x+1).1>x Distributivity
5 x.x+1.x+x.1+1.1>x Distributivity
6 x.x+x+x+1>x Multiplicative Identity
7 x.x+x+1+x>x Additive Commutivity
8 x.x+x+1>0 Addition Cancellation
9 True Natural numbers > 0
2)1( xx y
S. Tahar Formal Verification
Formal Probabilistic Analysis16
Most Widely used Formal Methods
Equivalence Checking
Model Checking
Theorem proving
S. Tahar System-on-Chip Verification
Formal Probabilistic Analysis17
Equivalence Checking
Both systems modeled as a Logic Formulas Formulas specified in Propositional Logic
Allows automatic proof of equivalence (decidable and complete)
Applicable on Combinational Systems (Circuits) Sequential (FSM) equivalence checking very costly
S. Tahar System-on-Chip Verification
System 1 System 2
Logic Formula 1 Logic Formula 2
True, if both formulas equivalentCounterexample, otherwise
Equivalence Checker
Formal Probabilistic Analysis18
Equivalence Checking
Advantages Automatic (Push button type analysis tools) No proofs involved Diagnostic counter examples
Disadvantages Limited expressiveness Combinational Circuits
Equivalence Checking Tools VIS (Verification Interacting with Synthesis) - U. of California, BerkeleyMDG (Multiway Decision Graphs) - U. de Montreal Conformal, Formality, etc
S. Tahar System-on-Chip Verification
Formal Probabilistic Analysis19
Model Checking
System is modeled as a State Transition Graph Properties are specified in Temporal Logic
Allows the description of time-varying behaviour of systems
Exhaustive verification by searching the state space of the system model to determine if the property holds
S. Tahar Formal Verification
Formal Probabilistic Analysis20
Model Checking
Advantages Automatic (Push button type analysis tools) No proofs involved Diagnostic counter examples
Disadvantages Limited expressiveness State-space explosion problem
Model Checking Tools SMV (Symbolic Model Verifier) - Carnegie Mellon U. VIS (Verification Interacting with Synthesis) - U. of California, Berkeley SPIN , SLAM, PRISM, etc
S. Tahar Formal Verification
Formal Probabilistic Analysis21
Theorem Proving
System is modeled as a function in some appropriate logic
Properties are modeled as theorems in the same logic
These theorems are interactively verified based on mathematical reasoning in a computer based proof system (Theorem Prover)
S. Tahar Formal Verification
Formal Probabilistic Analysis22
Theorem Prover
A theorem prover consists of A notation (syntax) to express logic a small set of fundamental axioms (facts)
A Boolean variable can be True or False: a.(a = T) (a =F) a small set of inference (deduction) rules
Equality is transitive: a b c. (a = b) (b = c) (a = c)
Soundness is assured as every new theorem must be created from The basic axioms and primitive inference rules Any other already proved theorems or inference rules
Theory (collection of verified theorems in a file) Facilitate the reusability of pre-verified results
S. Tahar Formal Verification
Formal Probabilistic Analysis23
Theorem Proving Advantages
High expressiveness Can be essentially used to analyze any system that can be
expressed mathematically Less risk of mistakes (human errors) Some parts of the proofs can be automated
Disadvantages Detailed and explicit human guidance required The state-of-the-art is limited
Theorem Proving Tools Boyer-Moore (First-order Logic) U. of Texas, Austin PVS (Higher-order Logic) Stanford Research Institute HOL (Higher-order-logic) U. of Cambridge, UK
S. Tahar Formal Verification
Formal Probabilistic Analysis24
Some Formal Methods Myths
Formal methods can only be used by mathematicians They are primarily based on mathematical concepts that is
usually transparent to the user
The reasoning process is itself prone to errors, so why bother?We opt to reduce design bugs not eliminate them
Using formal methods tends to slow the design process The early detection of design bugs are allows us to speed up the
overall design process
S. Tahar Formal Verification
Formal Probabilistic Analysis25
Formal Methods Applications
Formal methods are widely used for the functional verification of many applications Microprocessors Software Conformance Cache Coherence Protocols Telecommunication Protocols Security Protocols Transportation
Their utilization in the performance analysis domain has been somewhat limited though
S. Tahar Formal Verification
Formal Probabilistic Analysis
Cost of Verification
Verification accounts for 60-70% of project cost (human, computing and time)
Increasing VLSI technology and design complexity (1.7 billion transistors on chip)
Traditional simulation limited to a tiny percentage of test cases
Situation is most serious for safety critical applications
Many research groups and companies are using formal verification as complement simulation
26
S. Tahar Formal Verification
Formal Probabilistic Analysis
Hardware Verification Group
Hardware Verification Group (HVG) founded in 1996 by Prof. Sofiene Tahar
Recognized as University Research Center in 2007
Mission: develop Methodologies, Algorithmsand Tools for Formal Verification of Hardwareand Embedded Systems
Currently composed of 25 researchers
Faculty Postdoc PhD Master’s3 2 11 9
S. Tahar Formal Verification
Formal Probabilistic Analysis
Current Research Interests…
System-on-a-Chip Verification
Verification of Probabilistic Systems
Verification of Security Systems
Analog and Mixed Signal Verification
Verification of Optical Systems
Multiway Decision Graphs
Verification Applications (with industry)
S. Tahar Formal Verification
Formal Probabilistic Analysis
Tools Development
http://hvg.ece.concordia.ca/mdg/S. Tahar Formal Verification
Formal Probabilistic Analysis
HVG Global Visibility
http://hvg.ece.concordia.ca/
S. Tahar Formal Verification