Presentation is loading. Please wait.

Presentation is loading. Please wait.

Penn ESE 535 Spring 2008 -- DeHon 1 ESE535: Electronic Design Automation Day 23: April 27, 2008 Processor Verification.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Penn ESE 535 Spring 2008 -- DeHon 1 ESE535: Electronic Design Automation Day 23: April 27, 2008 Processor Verification."— Presentation transcript:

1 Penn ESE 535 Spring 2008 -- DeHon 1 ESE535: Electronic Design Automation Day 23: April 27, 2008 Processor Verification

2 Penn ESE 535 Spring 2008 -- DeHon 2 Today Specification/Implementation Abstraction Functions Correctness Condition Verification Self-Consistency

3 Penn ESE 535 Spring 2008 -- DeHon 3 Specification Abstract from Implementation Describes observable/correct behavior

4 Penn ESE 535 Spring 2008 -- DeHon 4 Implementation Some particular embodiment Should have same observable behavior –Same with respect to important behavior Includes many more details than spec. –How performed –Auxiliary/intermediate state

5 Penn ESE 535 Spring 2008 -- DeHon 5 Important Behavior Same output sequence for input sequence –Same output after some time? Timing? –Number of clock cycles to/between results? –Timing w/in bounds? Ordering?

6 Penn ESE 535 Spring 2008 -- DeHon 6 Abstraction Function Map from implementation state to specification state –Use to reason about implementation correctness –Want to guarantee: AF(Fi(q,i))=Fs(AF(q),i) AF Fs Fi

7 Penn ESE 535 Spring 2008 -- DeHon 7 Familiar Example Memory Systems –Specification: W(A,D) R(A)  D from last D written to this address –Specification state: contents of memory –Implementation: Multiple caches, VM, pipelined, Write Buffers… –Implementation state: much richer…

8 Penn ESE 535 Spring 2008 -- DeHon 8 Memory AF Maps from –State of caches/WB/etc. To –Abstract state of memory Guarantee AF(Fi(q,I))==Fs(AF(q),I) –Guarantee change to state always represents the correct thing

9 Penn ESE 535 Spring 2008 -- DeHon 9 Abstract Timing For computer memory system –Cycle-by-cycle timing not part of specification –Must abstract out Solution: –Way of saying “no response” Saying “skip this cycle” Marking data presence –(tagged data presence pattern)

10 Penn ESE 535 Spring 2008 -- DeHon 10 Filter to Abstract Timing Filter input/output sequence Os(in)  out FilterStall(Impl in ) = in FilterStall(Impl out ) = out Forall sequences Impl in –FilterStall(Oi(Impl in )) = Os(FilterStall(Impl in ))

11 Penn ESE 535 Spring 2008 -- DeHon 11 DLX Datapath DLX unpipelined datapath from H&P (Fig. 3.1 e2, A.17 e3)

12 Penn ESE 535 Spring 2008 -- DeHon 12 Processors Pipeline is big difference between specification state and implementation state. Specification State: –Register contents (incl. PC) –Memory contents

13 Penn ESE 535 Spring 2008 -- DeHon 13 Revised Pipeline DLX repipelined datapath from H&P (Fig. 3.22 e2, A.24 e3)

14 Penn ESE 535 Spring 2008 -- DeHon 14 Processors Pipeline is big difference between specification state and implementation state. Specification State: –Register contents (incl. PC) –Memory contents Implementation State: +Instruction in pipeline +Lots of bits  Many more states  State-space explosion to track

15 Penn ESE 535 Spring 2008 -- DeHon 15 Compare

16 Penn ESE 535 Spring 2008 -- DeHon 16 Observation After flushing pipeline, –Reduce implementation state to specification state Can flush pipeline with series of NOPs or stall cycles

17 Penn ESE 535 Spring 2008 -- DeHon 17 Pipelined Processor Correctness w = input sequence w f = flush sequence –Enough NOPs to flush pipeline state Forall states q and prefix w –Fi(q,w w f )  Fs(q,w w f ) –Fi(q,w w f )  Fs(q,w) FSM observation –Finite state in pipeline –only need to consider finite w

18 Penn ESE 535 Spring 2008 -- DeHon 18 Pipeline Correspondence [Burch+Dill, CAV’94]

19 Penn ESE 535 Spring 2008 -- DeHon 19 Equivalence Now have a logical condition for equivalence Need to show that it holds –Is a Tautology Or find a counter example

20 Penn ESE 535 Spring 2008 -- DeHon 20 Ideas Extract Transition Function Segregate datapath Symbolic simulation on variables –For q, w’s Case splitting search –Implication pruning

21 Penn ESE 535 Spring 2008 -- DeHon 21 Extract Transition Function From HDL Similar to what we saw for FSMs

22 Penn ESE 535 Spring 2008 -- DeHon 22 Segregate Datapath Big state blowup is in size of datapath –Represent data symbolically/abstractly Independent of bitwidth –Not verify datapath/ALU functions as part of this Can verify ALU logic separately using combinational verification techniques Abstract/uninterpreted functions for datapath

23 Penn ESE 535 Spring 2008 -- DeHon 23 Burch&Dill Logic Quantifier-free Uninterpreted functions (datapath) Predicates with –Equality –Propositional connectives

24 Penn ESE 535 Spring 2008 -- DeHon 24 B&D Logic Formula = ite(formula, formula, formula)  (term=term)  psym(term,…term)  pvar | true | false Term = ite(formula,term,term)  fsym(term,…term)  tvar

25 Penn ESE 535 Spring 2008 -- DeHon 25 Sample Regfile: –(ite stall regfile (write regfile dest (alu op (read regfile src1) (read regfile src2))))

26 Penn ESE 535 Spring 2008 -- DeHon 26 Sample Pipeline

27 Penn ESE 535 Spring 2008 -- DeHon 27 Example Logic arg1: –(ite (or bubble-ex (not (= src1 dest-ex))) (read (ite bubble-wb regfile (write regfile dest-wb result)) src1) (alu op-ex arg1 arg2))

28 Penn ESE 535 Spring 2008 -- DeHon 28 Symbolic Simulation Create logical expressions for outputs/state –Taking initial state/inputs as variables

29 Penn ESE 535 Spring 2008 -- DeHon 29 Case Splitting Search Satisfiability Problem Pick an unresolved variable Branch on true and false Push implications Bottom out at consistent specification Exit on contradiction Pragmatic: use memoization to reuse work

30 Penn ESE 535 Spring 2008 -- DeHon 30 Review: What have we done? Reduced to simpler problem –Simple, clean specification Abstract Simulation –Explore all possible instruction sequences Abstracted the simulation –Focus on control –Divide and Conquer: control vs. arithmetic Used Satisfiability for reachability in search in abstract simulation

31 Penn ESE 535 Spring 2008 -- DeHon 31 Achievable Burch&Dill: Verify 5-stage pipeline DLX –1 minute in 1994

32 Penn ESE 535 Spring 2008 -- DeHon 32 Self Consistency

33 Penn ESE 535 Spring 2008 -- DeHon 33 Self-Consistency Compare same implementation in two different modes of operation –(which should not affect result) Compare pipelined processor –To self w/ NOPs separating instructions So only one instruction in pipeline at a time

34 Penn ESE 535 Spring 2008 -- DeHon 34 Self-Consistency w = instruction sequence S(w) = w with no-ops Show: Forall q, w –F(q,w) = F(q,S(w))

35 Penn ESE 535 Spring 2008 -- DeHon 35 Sample Result [Jones, Seger, Dill/FMCAD 1996] n.b. Jones&Seger at Intel

36 Penn ESE 535 Spring 2008 -- DeHon 36 Sample Result [Skakkebæk, Jones, and Dill / CAV 1998] Verification running on P2-200MHz

37 Penn ESE 535 Spring 2008 -- DeHon 37 Key Idea Implementation State reduces to Specification state after finite series of operations Abstract datapath to avoid dependence on bitwidth

38 Penn ESE 535 Spring 2008 -- DeHon 38 Admin Last Class Final office hours T4pm Assignment 7 due May 13 th I did make it clear you cannot pass class without completing the programming assignments (3,4,5).

39 Penn ESE 535 Spring 2008 -- DeHon 39 Big Ideas Proving Invariants Divide and Conquer Exploit structure

Download ppt "Penn ESE 535 Spring 2008 -- DeHon 1 ESE535: Electronic Design Automation Day 23: April 27, 2008 Processor Verification."

Similar presentations

Finite State Machines (FSMs)

Finite State Machines (FSMs)
CSCI 4717/5717 Computer Architecture

CSCI 4717/5717 Computer Architecture
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Caltech CS184 Spring2003 -- DeHon 1 CS184b: Computer Architecture (Abstractions and Optimizations) Day 4: April 7, 2003 Instruction Level Parallelism ILP.

Caltech CS184 Spring DeHon 1 CS184b: Computer Architecture (Abstractions and Optimizations) Day 4: April 7, 2003 Instruction Level Parallelism ILP.
PART 5: (2/2) Processor Internals CHAPTER 15: CONTROL UNIT OPERATION 1.

PART 5: (2/2) Processor Internals CHAPTER 15: CONTROL UNIT OPERATION 1.
Penn ESE370 Fall2011 -- DeHon 1 ESE370: Circuit-Level Modeling, Design, and Optimization for Digital Systems Day 24: November 4, 2011 Synchronous Circuits.

Penn ESE370 Fall DeHon 1 ESE370: Circuit-Level Modeling, Design, and Optimization for Digital Systems Day 24: November 4, 2011 Synchronous Circuits.
1/1/ /e/e eindhoven university of technology Microprocessor Design Course 5Z008 Dr.ir. A.C. (Ad) Verschueren Eindhoven University of Technology Section.

1/1/ /e/e eindhoven university of technology Microprocessor Design Course 5Z008 Dr.ir. A.C. (Ad) Verschueren Eindhoven University of Technology Section.
6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.

6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.
Penn ESE 535 Spring 2009 -- DeHon 1 ESE535: Electronic Design Automation Day 13: March 4, 2009 FSM Equivalence Checking.

Penn ESE 535 Spring DeHon 1 ESE535: Electronic Design Automation Day 13: March 4, 2009 FSM Equivalence Checking.
Chapter 16 Control Unit Operation No HW problems on this chapter. It is important to understand this material on the architecture of computer control units,

Chapter 16 Control Unit Operation No HW problems on this chapter. It is important to understand this material on the architecture of computer control units,
Caltech CS184b Winter2001 -- DeHon 1 CS184b: Computer Architecture [Single Threaded Architecture: abstractions, quantification, and optimizations] Day6:

Caltech CS184b Winter DeHon 1 CS184b: Computer Architecture [Single Threaded Architecture: abstractions, quantification, and optimizations] Day6:
1  2004 Morgan Kaufmann Publishers Chapter Six. 2  2004 Morgan Kaufmann Publishers Pipelining The laundry analogy.

1  2004 Morgan Kaufmann Publishers Chapter Six. 2  2004 Morgan Kaufmann Publishers Pipelining The laundry analogy.
Penn ESE 535 Spring 2008 -- DeHon 1 ESE535: Electronic Design Automation Day 22: April 23, 2008 FSM Equivalence Checking.

Penn ESE 535 Spring DeHon 1 ESE535: Electronic Design Automation Day 22: April 23, 2008 FSM Equivalence Checking.
Penn ESE680-002 Spring2007 -- DeHon 1 ESE680-002 (ESE534): Computer Organization Day 11: February 14, 2007 Compute 1: LUTs.

Penn ESE Spring DeHon 1 ESE (ESE534): Computer Organization Day 11: February 14, 2007 Compute 1: LUTs.
Chapter 16 Control Unit Implemntation. A Basic Computer Model.

Chapter 16 Control Unit Implemntation. A Basic Computer Model.
Pipelined Processor II CPSC 321 Andreas Klappenecker.

Pipelined Processor II CPSC 321 Andreas Klappenecker.
Chapter 15 IA 64 Architecture Review Predication Predication Registers Speculation Control Data Software Pipelining Prolog, Kernel, & Epilog phases Automatic.

Chapter 15 IA 64 Architecture Review Predication Predication Registers Speculation Control Data Software Pipelining Prolog, Kernel, & Epilog phases Automatic.
Penn ESE535 Spring 2009 -- DeHon 1 ESE535: Electronic Design Automation Day 12: March 2, 2009 Sequential Optimization (FSM Encoding)

Penn ESE535 Spring DeHon 1 ESE535: Electronic Design Automation Day 12: March 2, 2009 Sequential Optimization (FSM Encoding)
Penn ESE535 Spring 2009 -- DeHon 1 ESE535: Electronic Design Automation Day 8: February 11, 2009 Dataflow.

Penn ESE535 Spring DeHon 1 ESE535: Electronic Design Automation Day 8: February 11, 2009 Dataflow.

Similar presentations

Ads by Google