Download presentation
Presentation is loading. Please wait.
Published byRuby Mason Modified over 9 years ago
1
Compositional Verification for System-on-Chip Designs SRC Student Symposium Paper 16.5 Nishant Sinha Edmund Clarke Carnegie Mellon University
2
Nishant Sinha, Carnegie Mellon University 2 Overview Compositional Reasoning Verifying HDL challenges Synchronous Intermediate Language (SIL) Automated Compositional Reasoning for SIL An example Making it efficient
3
Nishant Sinha, Carnegie Mellon University 3 Compositional Reasoning Verification of a concurrent hardware/software system by direct composition does not scale –State space explosion Compositional Reasoning is a divide-and-conquer approach to alleviate the state space explosion M1M1 M2M2 P? M1M1 M2M2 P1?P1? P2?P2? P
4
Nishant Sinha, Carnegie Mellon University 4 HDL Verification Hardware Description Languages (HDLs) –Verilog, SystemC, SystemVerilog –Basis of industrial SoC design Towards formal verification –Problems: informally specified semantics, language peculiarities –Need standard formal semantics Although informal semantics differ, several notions/operators are common –Synchronous execution via delta-cycles, blocking/non-blocking assignments We define a synchronous intermediate language (SIL) with common HDL operators and constructs
5
Nishant Sinha, Carnegie Mellon University 5 Synchronous Intermediate Lang. (SIL) A SIL Program consists of one or more modules –Modules execute synchronously –Communicate by global shared variables Each module specified in an imperative style –Initialization and Combinational Logic blocks Variable Types: bit-vectors, integers Guarded control flow Blocking (Immediate)/ Non-blocking (Delayed) assignments
6
Nishant Sinha, Carnegie Mellon University 6 A SIL Program Example Module bus { INIT { ack = 0;} LOGIC { } do :: true ! if :: !req ! ack <= 0; :: else ! ack <= 2; fi; pause; od; } Module node { INIT { req = false; err = false;} LOGIC { } do :: true ! req <= true; if :: ack==0 ! err <= false; :: else ! err <= true; fi; pause; od; } bv ack; bool req, err;
7
Nishant Sinha, Carnegie Mellon University 7 SIL Safety Property Checking We have defined SIL program semantics in terms of composition of Kripke Structures The specification is provided as a Communicating Finite Automata (CFA) –Alphabet = { (I,O) | I and O are constraints on previous and next states} Kripke M µ CFA P –Finite language containment: L(M) µ L(P) (err:1, ack: X) (err:0, ack: X)
8
Nishant Sinha, Carnegie Mellon University 8 Automated Compositional Reasoning Assume-Guarantee Reasoning (AGR) –M 1, M 2 are Kripke structures, P is a CFA Automatically generate assumption CFA A –Based on work by Cobleigh et al. ’03 Use learning algorithm for regular languages, L* –L* is assisted by a model checker M 1 || A P M 2 A M 1 || M 2 P AG - Non Circular
9
Nishant Sinha, Carnegie Mellon University 9 L* learner Learning Regular languages: L* Proposed by D. Angluin, improved by Rivest et al. –Learning regular sets from queries and counterexamples, Information and Computation, 75(2), 1987. –Learns the minimal DFA corresponding to an unknown regular lang. Minimally adequate Teacher IsMember( trace ) IsCandidate( DFA D ) a b a b Unknown Regular Language U ±Counterexample/ Yes Modelchecker Yes/No Minimum DFA Polynomial in the number of states and length of max counterexample
10
Nishant Sinha, Carnegie Mellon University 10 Automated AGR using L* R 1 : M 1 || A P R 2 : M 2 A true L* Assumption Generation A CE CE Analysis Actual CE M 1 || M 2 P -CE for A +CE for A Teacher M 1 || M 2 P true
11
Nishant Sinha, Carnegie Mellon University 11 AGR for SIL programs Continued from previous example.. –M 1 = node, M 2 = bus, –P checks for (err==1) An assumption CFA A for module M 1 is (req == X, ack != 0) (req == X, ack == 0) (req == X, ack == X) Environment should never write (ack != 0) M 1 || A P M 2 A M 1 || M 2 P
12
Nishant Sinha, Carnegie Mellon University 12 Making it efficient Two main problems: –Each module itself has a huge state space Idea: Use Bounded model checker as a teacher Fast membership query replies –Naïve learning suffers from alphabet explosion Idea: Cluster alphabet during learning Fewer membership queries Ongoing implementation in SYMODA –SYnchronous MODular Analyzer
13
Nishant Sinha, Carnegie Mellon University 13 Related Work RTL Verilog program verification –Via Predicate abstraction Andraus et al., Jain et al. –Via Symbolic Simulation Kolbl et al. Via Translations to SMV-like languages –Verilog: VIS, Brayton et al. –SystemC: Moy et al., Tahar et al. None of these approaches are compositional
14
Nishant Sinha, Carnegie Mellon University 14 Related Work Compositional Hardware Verification –Mcmillan ’99 (using SMV) –Khashidashvili et al. ’06 (net-list level) –Chen et al. ’06 (using Murphi) –… None of the above approaches are automated
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.