Presentation is loading. Please wait.

Presentation is loading. Please wait.

Specification and Encoding of Transaction Interaction Properties Divjyot Sethi Yogesh Mahajan Sharad Malik Princeton University Hardware Verification Workshop.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Specification and Encoding of Transaction Interaction Properties Divjyot Sethi Yogesh Mahajan Sharad Malik Princeton University Hardware Verification Workshop."— Presentation transcript:

1 Specification and Encoding of Transaction Interaction Properties Divjyot Sethi Yogesh Mahajan Sharad Malik Princeton University Hardware Verification Workshop Edinburgh July 15, 2010 1 www.gigascale.org

2 Gap Between Specification and Implementation Consequences for Verification Need humans to translate correctness conditions between them Incomplete, expensive, error prone Significant barrier to automation in verification. Specification Objects are units of data Concurrent computation on these objects I mplementation Objects are functional logic blocks Concurrent communication between these objects Packet HT Instr OpImmediateRsRt Frame l1l1 lnln M1M2M3 Pipeline Mapping of concurrent functions onto concurrent hardware blocks is captured by humans Drives efforts to move design and verification to levels above RTL.

3 3 Time Transaction Sequence Order Modeling Concurrent Computation Using Transactions Transaction is a unit of work Transactions can be concurrent Transaction sequences Permits reasoning about Individual transactions Interactions between transactions e.g. pipeline hazards T1T1 T2T2 T3T3 Shared Resource

4 Transaction Interaction Properties Examples – Contention Mutual exclusion – Sequencing Ordering of packets in a router Pipeline hazards – Priority Choosing among concurrent processes 4 Generally deal with ordering of individual transaction instances.

5 Transaction Interaction Properties in RTL Lack high-level information – Where are the instructions? Need to instrument the design to capture high-level objects – Instructions in flight Need to state the property in terms of instrumented variables Human intervention limits automation 5 Example: RAW Pipeline Hazard Easier with a transaction-level model with explicit ordering information.

6 Transaction- Level Model Transaction Interaction Property Synthesized RTL Automated Encoding Finite Model + Temporal Logic Property This Work Previous Work (CODES+ISSS 09) Big Picture Verified Synthesis + Model Check This

7 Talk Outline Motivation Modeling Transactions and Interaction Properties Encoding for Model Checking Experiments Related Work Summary 7

8 Transaction-Level Model Individual Transaction – Explicit start and end steps – Guarded transitions – Model as a Kripke structure Infinite array of transactions – Index value refers to specific transaction State – Local Transaction state – present step & local variables – Local variables constant after a transaction ends – Global shared state 8 i T1T1 T2T2 TiTi M1M1 Global State Local State Of T i End Step Start Step Guarded Transitions Modeled as an infinite Kripke structure Parametric, but not symmetric in i

9 Property Specification using Indexed Temporal Logic 9  i,j j>i  G~( read j & ~write i & F(write i )) Example: RAW hazard property i, j are transaction indices  I, P(I)   [L(I),g] General Form of property: I: Set of index variables, one for each interacting transaction P(I): Predicate on the set of indices I capturing relationship among interacting transactions  [L(I),g]: Temporal logic formula on transaction local indexed variables and global variables Indexed transaction local variables Indexed Temporal Logic Formula

10 Talk Outline Motivation Modeling Transactions and Interaction Properties Encoding for Model Checking Experiments Related Work Summary 10

11 Encoding for Model Checking 11 i T1T1 T2T2 TiTi M1M1 Global State Indexed State Infinite State Model  I, P(I)   [v(I),g] + Finite State Model LTL/CTL Formula + Model Check This Encode

12 Handling Infinite State 12 i T1T1 T2T2 TiTi M1M1 Global State Indexed State Infinite State Model  I, P(I)   [v(I),g] + Observation 1: Only a finite number of active transactions possible due to finite resources Finite state for active transactions S1S1 S2S2 SKSK State of active transactions User specified upper bound Independently verified

13 Handling Infinite State 13 i T1T1 T2T2 TiTi M1M1 Global State Indexed State Infinite State Model  I, P(I)   [v(I),g] + But, properties may refer to local variables of transactions that have ended. Observation 2: Can exploit non-determinism. Non-deterministically select |I| transactions for tracking past history. The model checker will implicitly consider all possible values. E1E1 E2E2 E |I| Local variables of selected transactions Number of interacting transactions

14 Encoding the Predicate 14 i T1T1 T2T2 TiTi M1M1 Global State Indexed State Infinite State Model  I, P(I)   [v(I),g] + But, predicate evaluation needs the potentially infinite index value of the interacting transactions. Observation 3: Can handle several (all?) useful predicates without explicit index value storage. Ordering Constraints P(i, j) : i > j Separation Constraints P(i, j) : i − j > m P(i, j) : i − j < m Equality Constraints: P(i, j) i = j + m Inequality constraints P(i, j) : i  j + m Predicate FSM ND_Select i ND_Select j I = {i,j}

15 Encoding for Model Checking 15 i T1T1 T2T2 TiTi M1M1 Global State Indexed State Infinite State Model  I, P(I)   [v(I),g] + Key Components Predicate FSM ND_Select i ND_Select j S1S1 S2S2 SKSK State of active transactions E1E1 E2E2 E |I| Local variables of ended transactions

16 Talk Outline Motivation Modeling Transactions and Interaction Properties Encoding for Model Checking Experiments Related Work Summary 16

17 Experiments Design examples – Simple router Property: Flits are processed in order – Simple processor Property: Absence of RAW hazard Input: – Designs specified using a transaction-level model – Properties specified using indexed temporal logic Output: – Synthesized SMV for finite model and LTL property – Model checked using Cadence SMV 17

18 Model Checking Results 18 All experiments done on Intel Core 2 Duo 2.5GHz 3 GB RAM Machine with Windows XP

19 Talk Outline Motivation Modeling Transactions and Interaction Properties Encoding for Model Checking Experiments Related Work Summary 19

20 Related Work Summary 20

21 Talk Outline Motivation Modeling Transactions and Interaction Properties Encoding for Model Checking Experiments Related Work Summary 21

22 Summary Transaction-based higher-level models enable reasoning without resorting to design instrumentation Main Contributions: – Infinite Kripke structure model for transactions with explicit indices – Indexed temporal logic for specifying transactions interactions properties – Finite encoding of design and property exploiting Finiteness of hardware resources Non-determinism in model checkers Specific ordering relationships of interacting transactions – Initial prototype demonstration 22

23 Related Papers Y. Mahajan, C. Chan, A. Bayazit, S. Malik, and W. Qin, “Verification driven formal architecture and microarchitecture modeling,” in MEMOCODE ’07: Proceedings of the 5th IEEE/ACM International Conference on Formal Methods and Models for Codesign. Washington, DC, USA: IEEE Computer Society, 2007, pp. 123–132. Y. Mahajan and S. Malik, “Automating hazard checking in transaction-level microarchitecture models,” in FMCAD ’07: Proceedings of the Formal Methods in Computer Aided Design. Washington, DC, USA: IEEE Computer Society, 2007, pp. 62–65. D. Schwartz-Narbonne, C. Chan, Y. Mahajan, and S. Malik, “Supporting RTL flow compatibility in a microarchitecture-level design framework,” in CODES+ISSS ’09: Proceedings of the 7th IEEE/ACM international conference on Hardware/software codesign and system synthesis. New York, NY, USA: ACM, 2009, pp. 343–352. 23

Download ppt "Specification and Encoding of Transaction Interaction Properties Divjyot Sethi Yogesh Mahajan Sharad Malik Princeton University Hardware Verification Workshop."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Functional Decompositions for Hardware Verification With a few speculations on formal methods for embedded systems Ken McMillan.

Functional Decompositions for Hardware Verification With a few speculations on formal methods for embedded systems Ken McMillan.
Analysis of Computer Algorithms

Analysis of Computer Algorithms
Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.

Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
purpose Search : automation methods for device driver development in IP-based embedded systems in order to achieve high reliability, productivity, reusability.

purpose Search : automation methods for device driver development in IP-based embedded systems in order to achieve high reliability, productivity, reusability.
Model Checking for an Executable Subset of UML Fei Xie 1, Vladimir Levin 2, and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories,

Model Checking for an Executable Subset of UML Fei Xie 1, Vladimir Levin 2, and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories,
Give qualifications of instructors: DAP

Give qualifications of instructors: DAP
2011.07.21 - Presenter: PCLee VLSI Design, Automatic and Test, 2005. (VLSI-TSA-DAT).

Presenter: PCLee VLSI Design, Automatic and Test, (VLSI-TSA-DAT).
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by Intel.

Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by Intel.
Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.

Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.

ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.

6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.
Presenter: PCLee – 2011.03.02. This paper outlines the MBAC tool for the generation of assertion checkers in hardware. We begin with a high-level presentation.

Presenter: PCLee – This paper outlines the MBAC tool for the generation of assertion checkers in hardware. We begin with a high-level presentation.
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.
Teaching MC to Undergrads. Abhik Roychoudhury National University of Singapore.

Teaching MC to Undergrads. Abhik Roychoudhury National University of Singapore.
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
CS 151 Digital Systems Design Lecture 37 Register Transfer Level

CS 151 Digital Systems Design Lecture 37 Register Transfer Level
Presenter : Yeh Chi-Tsai System-on-chip validation using UML and CWL Qiang Zhu 1, Ryosuke Oish 1, Takashi Hasegawa 2, Tsuneo Nakata 1 1 Fujitsu Laboratories.

Presenter : Yeh Chi-Tsai System-on-chip validation using UML and CWL Qiang Zhu 1, Ryosuke Oish 1, Takashi Hasegawa 2, Tsuneo Nakata 1 1 Fujitsu Laboratories.

Similar presentations

Ads by Google