1. 1 Techniques for automated localization and correction of design errors Jaan Raik Tallinn University of Technology

2. 2 Design error debug “There has never been an unexpectedly short debugging period in the history of computers.” Steven Levy

3. 3 Design automation crisis productivity gap –58% versus 21% annually transistors on the die Tehnology’s capabilities Designer’s productivity today time 406070 30402 30 2 3 2 System design Logic design Physical design Simulation Schematic entry Placement & routing Hierarchy, generators Logic synthesis High-level synthesis / System-level synthesis Specialized high-level synthesis < 1979 ~ 1983 1986 1988-92 1992-95 ~1996-... Person months / 20 000 logic gates 10 2 30502

4. 4 Verification and debugging Debug = Localization + Correction ~2/3 of development time for verification ~2/3 of verification time for debug Thus nearly half of the development cycle Specify Design DetectLocaliseCorrect Verification Debug Development time:

5. Bugs are getting „smarter“ 5 CREDES Summer School, June 2-3, 2011, Tallinn, Estonia

6. Traditional debug flow 6 Verification Design Spec Error! Counter-examples (waveforms), failed assertions,... ??? Too much information Too little information

7. Automated debug flow 7 Verification Design Spec Error! Corrected design, Repair log,... Error localization Error correction

8. Outline Verification basics Automated debug at the gate-level RTL debug methods –Localization: SAT; correction: resynthesis –Localization: path tracing; correction: mutation General discussion, future trends Prototype tools, on-going activities CREDES Summer School, June 2-3, 2011, Tallinn, Estonia 8

9. 9 Automated debug techniques “To err is human - and to blame it on a computer is even more so.” Robert Orben

10. 10 Concept of design error: –Mostly modeled in implementation, sometimes in specification Main applications: –Checking the synthesis tools –Engineering change, incremental synthesis –Debugging Debugging design errors

11. What leads to debugging? Design behavior doesn’t match expected behavior When does this occur? During simulation of design Formal tools (property/equivalence check) Checkers identify the mismatch 11 Debugging design errors

12. 12 Design error diagnosis Classification of methods: –Structure-based/specification-based –Explicit/Implicit fault model (model-free) –Single/multiple error assumption –Simulation-based/symbolic

13. 13 Debugging combinational logic Thoroughly studied in 1990s Many works by Aas, Abadir, Wahba & Borrione, others Also studied, at TUT (Ubar & Jutman) –Used structural BDDs for error localization

14. 14 Explicit error model (Abadir) functional errors of gate elements –gate substitution –extra gate –missing gate –extra inverter –missing inverter connection errors of signal lines –extra connection –missing connection –wrong connection

15. 15 Missing gate error (Abadir)

16. 16 Mapping stuck-at faults to design errors Abadir: Complete s-a test detects all single gate replacements (AND,OR,NAND,NOR), extra gates (simple case), missing gates (simple case) and extra wires.

17. Combinational fault diagnosis 0110 T 6 0010011 Fault F 5 located FaultsF 1 andF 4 are not distinguishable Fault localization by fault table No match, diagnosis not possible Test responses: 17

18. 18 Mapping stuck-at faults to design errors

19. 19 Distribution of design errors

20. 20 Explicit model: disadvantages High number of errors to model Some errors still not modeled

21. 21 Implicit design error models Do not rely on structure Circuit under verification as a black box I/O pin fault models

22. 22 Design error correction Classification: –Error matching approach –Resynthesis approach

23. 23 Design error correction Happens in a loop: –An error is detected and localized –Correction step is applied –Corrected design must be reverified –... Until the design passes verification

24. 24 Ambiguity of error location Since there is more than one way to synthesize a given function, it is possible that there is more than one way to model the error in an incorrect implementation correction can be made at different locations

25. 25 SAT-based RTL debug Mux-enrichment –Muxes added to RTL code blocks –Mux select values select free inputs for the symptom blocks –Synthesis is applied to find logic expressions generating the signatures for these free inputs Cardinality constraints Test vector constraints Smith, Veneris, et al., TCAD, 2005

26. 26 SAT-based RTL debug a) Mux enrichment, b) cardinality constraints

27. 27 SAT-based RTL debug SAT provides locations of signals where errors can be corrected Multiple errors considered! They also provide the partial truth table of the fix Correction by resynthesis This is also a disadvantage: –Why should we want to replace a bug with a more difficult one?

28. Path tracing for localization One of the first debug methods Backtracing mismatched outputs (sometimes also matched outputs) Dynamic slicing → critical path tracing (RTL) 28

29. Mutation-based correction Locate error suspects by backtracing Correct by mutating the faulty block (replace by a different function from a preset library) An error-matching approach 29

30. Testbench-based approach 30 1. Identify injection location 1. Identify injection location 2. Apply mutation operators accordingly 2. Apply mutation operators accordingly Original system description Injected system description if (fn==1) else if (fn==2)... if (fn==4) else if (fn==5)... if (fn==1) else if (fn==2)... if (fn==4) else if (fn==5)... 1 1 2 2 4 4 5 5

31. Arithmetic Operator Replacement (AOR) Set of arithmetic operators = {addition, subtraction, multiplication, division, modulo} Replace each occurrence of arithmetic operator with all the other operators in the set a = b + c; a = b – c; a = b * c; a = b / c; a = b % c; 31

32. Logical Connector Replacement (LCR) Set of logical connectors = {and, nand, nor, or, xor} Replace each occurrence of logical connector with all the other connectors in the set if (a & b) … if !(a & b) … if !(a | b) … if (a | c) … if (a ^ c) … 32

33. Relational Operator Replacement (ROR) Set of relational operators = {equal, not_equal, greater_than, less_than, greater_than_or_equal, less_or_equal_then} Replace each occurrence of relational operator with all the other operators in the set if (a == b) … if (a != b) … if (a > b) … if (a < b) … if (a >= c) … if (a <= c) … 33

34. Unary Operator Injection (OUI) Set of unary operators = {negative, inversion} Replace each occurrence of unary operator with the other operator in the set 34 a = !b; a = ~b;

35. More mutation examples Constant value mutation Replacing signals with other signals Mutating control constructs..... CREDES Summer School, June 2-3, 2011, Tallinn, Estonia 35

36. Approaches for SW & HW Vidroha Debroy and W. Eric Wong, Using Mutation to Automatically Suggest Fixes for Faulty Programs, Software Testing, Verification and Validation Conf., June 2010. Raik, J.; Repinski, U.; et al. High-level design error diagnosis using backtrace on decision diagrams. 28th Norchip Conference 15-16 November 2010. 36

37. Motivational example 37 a-b b:=a-b

38. Motivational example 38 Passed sequence Failed sequence

39. Motivational example 39 ready b ready:=1 ready:=0 res=1 state:=s1state:=s5state:=s3state:=s2state:=s0state:=s1a=ba≠ba>b a=a  b a:=in1 b:=in2 ready b ready:=0 res=1 state:=s1state:=s2state:=s4state:=s2state:=s0state:=s1a≠b abab a:=in1 b:=in2 b:=a  b Backtrace cone: Passed sequence Backtrace cone: Failed sequence

40. Statistical analysis Ranking according to suspiciousness: 40 Suspiciousness score Circuit blocks

41. Fault localization experiments 41 Step1: Critical path tracing of mismatched outputs (max Failed) Step2: Max ratio (Failed/Passed+Failed) of backtrace cones

42. Advantages Mutation-based repair is readable Helps keeping user in the loop Likely to provide a „global“ repair, for all stimuli 42

43. Future trends The quality of localization and correction is dependent on input stimuli Thus, diagnostic test generation needed Readable, small correction prefered: –Correction holds normally only wrt given input vectors (e.g. Resynthesis) –Why should we replace an easily detectable bug with a more difficult one?! 43

44. Idea: HLDD-based correction A canonical form of high-level decision diagrams (HLDD) using characteristic polynomials It allows fast probabilistic proof of equivalence of two different designs. Extended towards correction 44

45. Prototype tools, activities CREDES Summer School, June 2-3, 2011, Tallinn, Estonia 45

46. DIAMOND Kick-off, Tallinn, February 2-3, 2010 46 FP7 Project DIAMOND Start January 2010, duration 3 years Total budget 3.8M € –EU contribution 2.9M € Effort 462.5 PM The IBM logo is a registered trademark of International Business Machines Corporation (IBM) in the United States and other countries.

47. 47 The DIAMOND concept Specification ImplementationPost-Silicon Design Flow Design errors, soft errors,... Holistic fault models Fault diagnosis Fault correction Reliable Nanoelectronics Systems

48. 48 FORENSIC FoREnSiC – Formal Repair Engine for Simple C For debugging system-level HW Idea by TUG, UNIB and TUT at DATE’10 Front-end converting simple C descriptions to flowchart model completed 1st release expected by the end of 2011

49. 49 Forensic Flow

50. ZamiaCAD: IDE for HW Design ZamiaCAD is an Eclipse-based development environment for hardware designs Design entry Analysis Navigation Simulation Scalable! Co-operation with IBM Germany, R. Dorsch 50

51. 51 To probe further... Functional Design Errors in Digital Circuits: Diagnosis, Correction and Repair K. H. Chang, I. L. Markov, V. Bertacco............................................... Publisher: Springer Pub Date: 2009