COEN6551: Formal Hardware Verificationtahar/coen6551/notes/intro-coen65… · Some Formal Methods...
Transcript of COEN6551: Formal Hardware Verificationtahar/coen6551/notes/intro-coen65… · Some Formal Methods...
COEN6551: Formal Hardware Verification
Prof. Sofiène TaharHardware Verification Group
Electrical and Computer EngineeringConcordia University
Montréal, QuebecCANADA
Formal Probabilistic Analysis
2
Accident at Carbide plant, India
Cost: $470 million, December 2-3, 1984Loss: 3,787 deaths, over 500,000 people exposedCauses: Corroding non-stainless steel pipes, Improper maintenance
E. Broughton. The Bhopal Disaster and its Aftermath: A Review. Environmental Health, 4(6):1-6, May 2005.
Formal VerificationS. Tahar
Formal Probabilistic Analysis
3
Train Derailment in Germany
Loss: 101 dead, 88 injuredMain cause of failure: wheel design, a single fatigue crack in one of the wheels
Formal VerificationS. Tahar
Cost: $30 Million, June 3,1998
Investigative Documentary on National Geographic Channel. Derailment at Eschede (High Speed Train Wreck), Seconds From Disaster., 2007.
Formal Probabilistic Analysis
4
Space Shuttles Challenger and Columbia
Challenger (January 28, 1986)
Challenger: Cause: Failure of the pressure seal in the aft field joint of the right Solid Rocket BoosteDesign was unacceptably sensitive to a number of factors
Columbia: During re-entry, damaged tiles in the heat shield allowed the hot gases to penetrateand destroy the internal wing structure, rapidly causing the in-flight breakup of the veh
Columbia (February 1, 2003)
Formal VerificationS. Tahar
Loss: Entire crew in both accidents
Rogers Commission report, Report of the Presidential Commission on the Space Shuttle Challenger Accident, Volume 1, chapter 4, page 72. http://history.nasa.gov/rogersrep/v1ch4.htm, 1986.
Formal Probabilistic Analysis
5
… and the list goes on and on …
System-on-Chip VerificationS. Tahar
Formal Probabilistic Analysis
Design Errors
Patriot Missile
Failure, a classical case of rounding
error
Floating-point division
bug
Floating-point to Integer
conversion
6
S. Tahar Formal Verification
Formal Probabilistic Analysis
Design Challenges7
Formal VerificationS. Tahar
Formal Probabilistic Analysis
What is Verification?8
Formal VerificationS. Tahar
Formal Probabilistic Analysis
Verification Technology9
Formal VerificationS. Tahar
Formal Probabilistic Analysis10
Verification by Simulation
Most widely used system analysis approachConstruct a computer based model of the systemAnalyze the behavior of the system model under a
number of test cases to deduce properties of interest
Easy to useMay generate inaccurate results
Practically impossible to test for all possible cases
Formal VerificationS. Tahar
Formal Probabilistic Analysis11
Simulation –A Practical Example
Question: How long does it take to verify a 64-bitFloating Point Division Unit
Formal VerificationS. Tahar
Answer: There are (264 x 264): 2128 test cases At 1 test/s, it will take 1025 years!!!
Formal Probabilistic Analysis12
Simulation –Another Practical Example
Question: How long does it take to verify a 256-bit RAM Memory Unit
S. Tahar
Answer: There are 2256 = 1080 bits to test At 1 test/ps and using all matters in our
galaxy to build computers of the size of a single electron, it will take 1010 years to verify 0.05%!!!
Formal Verification
Formal Probabilistic Analysis
Verification Gap
The situation is worsening as technology evolves
13
Formal VerificationS. Tahar
Formal Probabilistic Analysis14
Verification by Formal Methods
Construct a computer based mathematical model of the system and its specification (properties)
Use mathematical reasoning to check functionalproperties of interest
Accurate results Consideration of all cases is implicit
Sometimes is difficult (limited) and time consuming
S. Tahar Formal Verification
Formal Probabilistic Analysis15
Simulation –Example Check if y>x for the given system (x is a natural number)
Test vectors (x) System output (y) y>x1 4 True
2 9 True
5 36 True
9 100 True
67 4624 True
1000 1002001 True
1000000 ??? ???
2)1( xx y
S. Tahar Formal Verification
Formal Probabilistic Analysis16
Formal Methods –Example Check if y>x for the given system (x is a natural number)
1 y>x Problem statement
2 (x+1)2>x Implementation
3 (x+1).(x+1)>x Definition of Square
4 (x+1).x+(x+1).1>x Distributivity
5 x.x+1.x+x.1+1.1>x Distributivity
6 x.x+x+x+1>x Multiplicative Identity
7 x.x+x+1+x>x Additive Commutivity
8 x.x+x+1>0 Addition Cancellation
9 True Natural numbers > 0
2)1( xx y
S. Tahar Formal Verification
Formal Probabilistic Analysis17
Most Widely used Formal Methods
Equivalence Checking
Model Checking
Theorem proving
S. Tahar System-on-Chip Verification
Formal Probabilistic Analysis18
Equivalence Checking
Both systems modeled as a Logic Formulas Formulas specified in Propositional Logic
Allows automatic proof of equivalence (decidable and complete)
Applicable on Combinational Systems (Circuits) Sequential (FSM) equivalence checking very costly
S. Tahar System-on-Chip Verification
System 1 System 2
Logic Formula 1 Logic Formula 2
True, if both formulas equivalentCounterexample, otherwise
Equivalence Checker
Formal Probabilistic Analysis19
Equivalence Checking
Advantages Automatic (Push button type analysis tools) No proofs involved Diagnostic counter examples
Disadvantages Limited expressiveness Combinational Circuits
Equivalence Checking Tools VIS (Verification Interacting with Synthesis) - U. of California, BerkeleyMDG (Multiway Decision Graphs) - U. de Montreal Conformal, Formality, etc
S. Tahar System-on-Chip Verification
Formal Probabilistic Analysis20
Model Checking
System is modeled as a State Transition Graph Properties are specified in Temporal Logic
Allows the description of time-varying behaviour of systems
Exhaustive verification by searching the state space of the system model to determine if the property holds
S. Tahar Formal Verification
Formal Probabilistic Analysis21
Model Checking
Advantages Automatic (Push button type analysis tools) No proofs involved Diagnostic counter examples
Disadvantages Limited expressiveness State-space explosion problem
Model Checking Tools SMV (Symbolic Model Verifier) - Carnegie Mellon U. VIS (Verification Interacting with Synthesis) - U. of California, Berkeley SPIN , SLAM, PRISM, etc
S. Tahar Formal Verification
Formal Probabilistic Analysis22
Theorem Proving
System is modeled as a function in some appropriate logic
Properties are modeled as theorems in the same logic
These theorems are interactively verified based on mathematical reasoning in a computer based proof system (Theorem Prover)
S. Tahar Formal Verification
Formal Probabilistic Analysis23
Theorem Prover
A theorem prover consists of A notation (syntax) to express logic a small set of fundamental axioms (facts)
A Boolean variable can be True or False: a.(a = T) (a =F) a small set of inference (deduction) rules
Equality is transitive: a b c. (a = b) (b = c) (a = c)
Soundness is assured as every new theorem must be created from The basic axioms and primitive inference rules Any other already proved theorems or inference rules
Theory (collection of verified theorems in a file) Facilitate the reusability of pre-verified results
S. Tahar Formal Verification
Formal Probabilistic Analysis24
Theorem Proving Advantages
High expressiveness Can be essentially used to analyze any system that can be
expressed mathematically Less risk of mistakes (human errors) Some parts of the proofs can be automated
Disadvantages Detailed and explicit human guidance required The state-of-the-art is limited
Theorem Proving Tools Boyer-Moore (First-order Logic) U. of Texas, Austin PVS (Higher-order Logic) Stanford Research Institute HOL (Higher-order-logic) U. of Cambridge, UK
S. Tahar Formal Verification
Formal Probabilistic Analysis25
Some Formal Methods Myths
Formal methods can only be used by mathematicians They are primarily based on mathematical concepts that is
usually transparent to the user
The reasoning process is itself prone to errors, so why bother?We opt to reduce design bugs not eliminate them
Using formal methods tends to slow the design process The early detection of design bugs are allows us to speed up the
overall design process
S. Tahar Formal Verification
Formal Probabilistic Analysis26
Formal Methods Applications
Formal methods are widely used for the functional verification of many applications
Microprocessors
Software Conformance
Cache Coherence Protocols
Telecommunication Protocols
Security Protocols
Transportation
S. Tahar Formal Verification
Formal Probabilistic Analysis
Cost of Verification
Verification accounts for 60-70% of project cost (human, computing and time)
Increasing VLSI technology and design complexity (1.7 billion transistors on chip)
Traditional simulation limited to a tiny percentage of test cases
Situation is most serious for safety critical applications
Many research groups and companies are using formal verification as complement simulation
27
S. Tahar Formal Verification
Formal Probabilistic Analysis38
Free Ad!
Anyone interested for more information on Formal Verification?
Visit http://hvg.ece.concordia.ca
S. Tahar Formal Verification