Specify, Compile, Run: Hardware from PSL Speaker: Chen-Hsuan Adonis Lin Advisor: Jie-Hong Roland Jiang 2016年2月22日星期一 2016年2月22日星期一 2016年2月22日星期一 1

Paper Information Title Specify, Compiler, Run: Hardware from PSL Authors R. Bloem and S. Galler and B. Jobstmann and N. Piterman and A. Pnueli and M. Weiglhofer Publication (2007) International Workshop on Compiler Optimization Meets Compiler Verification (COCV). pp /2/22 2

Outline Paper presentation Motivation Introduction to PSL PSL synthesis Case studies Conclusion Possible improvements we could try 2016年2月22日星期一 2016年2月22日星期一 2016年2月22日星期一 3

Outline Paper presentation Motivation Introduction to PSL PSL synthesis Case studies Conclusion Possible improvements we could try 2016年2月22日星期一 2016年2月22日星期一 2016年2月22日星期一 4

Motivation Apply an automatic high-level synthesis process generating gate-level implementation from a spec written in the Property Specification Language (PSL) Not equal to gate-level description from RTL code The most obvious benefit of synthesis is that it removes the need for hand-coding the circuit Less ambitious benefits include the possibility to construct rapid prototypes from spec. and use it to debug the spec. 2016/2/22 5

Outline Paper presentation Motivation Introduction to PSL PSL synthesis Case studies Conclusion Possible improvements we could try 2016年2月22日星期一 2016年2月22日星期一 2016年2月22日星期一 6

Property Specification Language A language developed by Accellera for specifying properties or assertions about hardware designs Accellera Founded in 2000 from the merger of Open Verilog International and VHDL International A standards organization that supports a mix of user and vendor standards and open interfaces development in the area of electronic design automation and IC design and manufacturing The properties can be simulated or formally verified 2016/2/22 7

Property Specification Language (con’t) In September 2004, the standardization on the language has been done in IEEE 1850 working group In September 2005, the IEEE 1850 Standard for Property Specification Language (PSL) was announced 2016/2/22 8

Outline Paper presentation Motivation Introduction to PSL PSL synthesis Case studies Conclusion Possible improvements we could try 2016年2月22日星期一 2016年2月22日星期一 2016年2月22日星期一 9

Preliminary If the spec. of the design is restricted to simpler automata or partial fragments of LTL, the synthesis problem can be solved more efficiently Major progress has been achieved in [NAY06]* Design can be automatically synthesized from LTL formulas belonging to the class of generalized reactivity of rank 1 (GR(1)) In time N 3, N is the size of the state space of the design GR(1) covers the vast majority of properties appearing in spec. of citcuits *[NAY06] : N. Piterman, A. Pnueli, and Y. Sa’ar. Synthesis of reactive(1) designs. In Conference on Verification, Model Checking, and Abstract Interpretation, pages 364–380, /2/22 10

Preliminary (con’t) The spec. shown in this paper should be easy to read for someone familiar with LTL always => G eventually! => F next! => X Atomic proposition p prev(p) holds if p held in the previous cycle rose(p) = fell (p) = next_event! (p)(φ) = 2016/2/22 11

Contributions of this paper They have implemented the approach of [NAY06] in the Anzu, and extended it to produce not only a BDD representing a set of possible implementations, but also an actual circuit This is the first time realistic industrial examples have been tackled 2016/2/22 12

Synthesis of GR(1) properties The question of realizability of PSL sepc. Assume two sets of Boolean variables X and Y X is the set of input variables, controlled by the environment Y is the set of system variables Check whether there exists an open controller satisfying the spec. This controller is Mealy machine 2016/2/22 13

Synthesis of GR(1) properties (con’t) Concentrate on a subset of PSL for which realizability and synthesis can be solved efficiently Spec. are of the form φ = φ e → φ s, and required that φ α for can be rewritten as a conjunction of following parts : a Boolean formula which characterizing the initial states of the implementation : a formula of the form where each B i is a Boolean combination of variables from X ∪ Y and expressions of the form next! v where and otherwise 2016/2/22 14

Synthesis of GR(1) properties (con’t) has the form where each B i is a Boolean formula 2016/2/22 15

Deterministic Monitors In order to allow formulas of other forms (e.g., always (p → (q until r)), where p, q, and r are Boolean, we augment the set of variables by adding deterministic monitors Deterministic Monitors are Buchi automata whose behavior is deterministic according to the choice of inputs and outputs Deterministic automata are easily represented in PSL by three sets of formulas One formula for each edge of the automaton, of the form, where s and s’ identify states and i is an input A Boolean formula representing the initial states to represent the fairness condition, where B is a Boolean formula representing a set of states 2016/2/22 16

Deterministic Monitors (con’t) It should be noted that even with these restrictions, all possible (finite state) designs can be expressed as a set of properties. 2016/2/22 17

Two-players game played between a system and an environment Game structure A multi-graph whose nodes are all the truth assignments to X and Y A node v is connected by edges to all the nodes v’ such that the truth assignments to X and Y satisfy, where v supplies the assignment to the current values and v’ to the next values A play starts by the environment choosing an assignment to X and the system choosing a state in that agrees with this assignment 2016/2/22 18

Two-players game played between a system and an environment (con’t) A play proceeds by the environment choosing a multi- edge and the system choosing one of the nodes connected to this multi-edge The system wins if this interaction produces an infinite play that satisfy The environment is winning => the spec. in unrealizable The system is winning => we synthesize a win strategy This strategy, a BDD, is a nondeterministic representation of working implementation. 2016/2/22 19

Two-players game played between a system and an environment (con’t) 2016/2/22 20

Generating Circuits from BDDs A BDD over the variables X, Y, X’, and Y’ X : input variables Y : output variables Primed version : next state variables The corresponding circuit contains |X|+|Y| flipflops to store the values of inputs and outputs in the last clock tick 2016/2/22 21

Generating Circuits from BDDs (con’t) In every steps The circuits reads the next input variables X’ Determine the next output values using combinational logic with inputs I = X ∪ Y ∪ X’ and outputs O = Y’ 2016/2/22 22

Approaches of the paper They have attempted two methods to build the combinational logic One based on [JT00] The other one based on computing cofactors [JT00] J. H. Kukula and T. R. Shiple. Building circuits from relations. In Conference on Computer Aided Verification, pages 113–123, /2/22 23

Method based on [JT00] The approach of [JT00] yields a circuit that can generate, for a given input, any output allowed by the strategy To the end, it uses a set of extra inputs to the combinational logic It is more general than what we need: a circuit that always yields one valid output given an input This generality comes at a heavy price in terms of size of the logic 2016/2/22 24

Methods based on computing cofactors They write o ∈ O for a combinational output and i ∈ I for a combinational input The strategy is denoted by S O\o is the set of combinational outputs excluding output o For every combinational output o, they construct a function f in terms of I that is compatible with the given strategy BDD 2016/2/22 25

Methods based on computing cofactors (con’t) The algorithm proceeds through the combinational outputs o one by one Step 1 Build S’ : a BDD that restricts only o in terms of I Step 2 Build the positive and negative cofactors (p, n) of S’ with respect to o Find the sets of inputs for which o can be 1 (0, respectively) The combinational inputs that are neither in the positive nor in the negative cofactor are outside of the winning region, thus representing situations that cannot occur 2016/2/22 26

Methods based on computing cofactors (con’t) The function f has to be 1 in p ∧ ¬n and 0 in ¬p ∧ n Give us the set of care states Step 3 Minimize the positive cofactors with the care set to obtain the function f Step 4 Substitute variable 0 in S by f, and proceed next variable The substitution is necessary since combinational outputs may be related 2016/2/22 27

Methods based on computing cofactors (con’t) Pseudo code 2016/2/22 28

Extension 1: Optimize the cofactors Some outputs may not depend on all inputs Remove unnecessary inputs from the functions If cofactors do not overlap when existentially quantifying variable i Variable i is not needed to distinguish between the states where o has to be 1 and where o has to be /2/22 29

Extension 2: Remove dependent variables After computing the combinational logic, they perform dependent variables analysis [AD93] on the set of reachable states to simplify the generated circuit A Boolean function f over x 0,…, x n, a variable x i is functionally dependent Function f can be replaced by a function g (x 0,…,x i- 1,x i+1,…,x n ) [AD93]: A. J. Hu and D. Dill. Reducing BDD size by exploiting functional dependencies. In Proceedings of the Design Automation Conference, pages 266–271, /2/22 30

Outline Paper presentation Motivation Introduction to PSL PSL synthesis Case studies Conclusion Possible improvements we could try 2016年2月22日星期一 2016年2月22日星期一 2016年2月22日星期一 31

Case: GenBuf Dashed boxes represent the environment 2016/2/22 32

PSL specification 2016/2/22 33

Experimental results Time to synthesize GenBuf [KS00]: Building circuit from relations 2016/2/22 34

Experimental results (con’t) Size of the GenBuf circuits 2016/2/22 35

Outline Paper presentation Motivation Introduction to PSL PSL synthesis Case studies Conclusion Possible improvements we could try 2016年2月22日星期一 2016年2月22日星期一 2016年2月22日星期一 36

Conclusion This two cases Writing the formal spec. for the generalized buffer is straightforward The simplicity of the block & clear spec. from IBM Writing a complete formal spec. for the AMBA arbiter is not trivial Many aspects of the arbiter are not defined in ARM’s standard Construction of a complete spec. is an iterative process 2016/2/22 37

Conclusion (con’t) The tool complains about unrealizable spec., but does not offer any help in pinpointing the problem Unexpected behavior is typically very easy to find, but not always easy to remedy Parameter issues (# of senders in GenBuf, # of masters in arbiter) Manual implementation => independent Automatic synthesis => heavily dependent It is hard to find small circuit from among the ones valid 2016/2/22 38

Outline Paper presentation Motivation Introduction to PSL PSL synthesis Case studies Conclusion Possible improvements we could try 2016年2月22日星期一 2016年2月22日星期一 2016年2月22日星期一 39

Possible improvements Replace the parts of ANZU related to building circuits from relations with our new method Detect functional dependency and minimize the circuit 2016/2/22 40

Thanks for your attention 2016年2月22日星期一 2016年2月22日星期一 2016年2月22日星期一 41