ALGEBRAIC APPROACH TO ARITHMETIC DESIGN VERIFICATION M.A. Basith, T. Ahmad, A. Rossi *, M.

Download Report

Transcript ALGEBRAIC APPROACH TO ARITHMETIC DESIGN VERIFICATION M.A. Basith, T. Ahmad, A. Rossi *, M. 

ALGEBRAIC APPROACH TO
ARITHMETIC DESIGN
VERIFICATION
M.A. Basith, T. Ahmad, A. Rossi *, M. Ciesielski
ECE Dept. Univ. Massachusetts, Amherst
* Univ. Bretagne Sud, Lorient France
Department of Electrical and Computer Engineering
Introduction
 Design Verification
• A dominating factor in design flow
 Formal Verification
• Equivalence checking, model checking, property checking, etc.
• Verification of combinational designs – a solved problem
• Remains challenging for sequential circuits, but big progress
 Verification of Arithmetic Designs and Data-paths
• Difficult, bit blasting makes it not scalable
 This Work
• Verifying functionality of arithmetic designs
• Not exactly EC, but comparing design to a “golden model” (reference signature)
• Using algebraic rather than Boolean or symbolic approach
Department of Electrical and Computer Engineering
2
Related Work
 Canonical representations
•
•
BDD, too fine-grained [Bryant’85]
BMD [Bryant’95] and TED [Ciesielski’06], too-low grained
•
y2
y1
y0
cannot express output bits as a function of word-level inputs
Transforms bit-vector expressions into ILP constraints
Cannot handle large designs, variable width limitation
1
x2
 ILP based Data-path Verification [Brinkmann’02]
•
•
4
2
4
x1
x0
2
1
0
1
 Term rewriting for RTL equivalence checking [Vasudevan’07]
•
•
Database of rewrite rules for typical multiplier implementation schemes
Cannot be automated for non-standard implementations
 Symbolic Algebra Methods [Shekhar’05]
•
•
•
Solving vanishing polynomial (modulo 2m) using finite ring algebra
Uses Grobner basis, scripting with Maple tools
Cannot handle complex arithmetic designs
Department of Electrical and Computer Engineering
3
Related Work, cont’d.
 Arithmetic Bit-Level (ABL) [Wienand CAV’08, Pavlenko DATE’11]
•
•
•
•
•
Represents design as network of HA (ABL)
Creates algebraic expression of Boolean-level information
Requires structural similarity
Complex math, Grobner basis
Can it handle very large designs ?
 ABL provided main motivation for our approach
• No need for Grobner basis
• No need for deriving and manipulating large polynomials
• Use only linear expressions
Department of Electrical and Computer Engineering
4
Our Approach
 Represent arithmetic design on ABL
• Network of gates, HAs and FAs
 Write linear equations to represent data flow
 Compute algebraic signature of the network
 Prove functionality by matching signature
with reference signature (specification)
Department of Electrical and Computer Engineering
5
Arithmetic Network Model
 Half-Adder
 Full-Adder
• Binary inputs ( a, b)
• Binary outputs ( S, C)
Department of Electrical and Computer Engineering
• Binary inputs ( a, b , cin)
• Binary outputs ( S, C)
6
Gate Level Models
x+y=1
Department of Electrical and Computer Engineering
7
Mathematical Representation
xI - Inputs
xO - Outputs
xS - Internal signals
Network Equations:
Department of Electrical and Computer Engineering
8
Mathematical Representation
xI - Inputs
xO - Outputs
xS - Internal signals
Network Equations:
In matrix form:
Ax=b
A – m x n constraint matrix (network)
x – n-vector representing signals
b – constant vector
A
Department of Electrical and Computer Engineering
x
b
9
Reference Signature
Functionality provided by user
SigI (N) = x1 + x2 + x3 + x4 + x5 + x6 + x7
(input signature)
Reference Signature
Ref(N) =
SigO(N) – SigI(N)
= 4x8 + 2x9 + x10 - x1 - x2 - x3 - x4 - x5 - x6 - x7
SigO(N) = 4x8 + 2x9 + x10
(output signature)
Department of Electrical and Computer Engineering
10
Reference Signature - definition
 Reference Signature, Ref(N)
• Provides relationship between input and output variables
• Difference between the output signature and input signature
Ref(N) = SigO − SigI
Mathematically
rO – output signature vector
rI – input signature vector
xO – primary output vector
xI – primary input vector
Department of Electrical and Computer Engineering
11
Reference Signature - example
Reference Signature for a 7-3 counter:
or, equivalently
T
Output Signature = 3-bit encoding of the output word
Input Signature = sum of the input bits
Department of Electrical and Computer Engineering
12
Algebraic Signature
The network is similarly represented by its Algebraic Signature
 Algebraic signature, Sig(N)
• Defines relationship between input, output and internal signal variables
(xI xO xS)
• It is a linear combination of x = [xI xO xS]T
where rT = [rI rO rS]
 It can be computed directly from matrix A
AT α = r
by choosing a linear combination α of rows of matrix A
 Goal:
• compute α that will eliminate internal variables xS (rS = 0)
• the resulting signature should match the reference signature
Department of Electrical and Computer Engineering
13
Verification Goal
 Prove that the network (implementation) matches the
specification given by the reference signature.
That is:
 Given the reference signature Ref(N) (specification)
 Compute algebraic signature Sig(N) (implementation)
 Check if Sig(N) = Ref(N) ?
 For the network to be correct the two signatures should match
Department of Electrical and Computer Engineering
14
Computing Algebraic Signature
n – total number of signals in the network
m – number of linear equations in the system
Ax=b
AI xI + AO xO + AS xS = b
AI – columns associated with xI
AO – columns associated with xO
AS - columns associated with xS
Department of Electrical and Computer Engineering
xI - primary input variables
xO - primary output variables
xS - internal signal variables
15
Computing Algebraic Signature
 Algebraic signature Sig(N) relates I/O and internal signals
 Sig(N) can be obtained as a linear combination of rows of A
that matches Ref(N)
0 (ideally)
α – vector of integer coefficients that reduces matrix A to signature vector r
 Ideally, want rs = 0 (eliminate all internal signals)
Department of Electrical and Computer Engineering
16
Completing the Signature
 If the system is infeasible, relax rS and solve for α
If there is no solution: design is incorrect
 Otherwise compute rS
If rS = 0, design is correct
 What oif rS ≠ 0, is the design incorrect?
Department of Electrical and Computer Engineering
17
Computing Algebraic Signature – example (rs=0)
xI= {x1, x2, x3 ,x4, x5 ,x6, x7}
xO = {x8, x9, x10}
xS = {x11, x12, x13, x14, x15}
r
α
A
*
=
-x1 –x2 –x3 –x4 –x5 –x6 –x7 +4x8 +2x9 +x10
-x1 –x2 –x3 +2x11 +x12
-x4 –x5 –x6 +2x13 +x14
-x7 +x10 –x12 –x14 +2x15
4x8 +2x9 -2x11 -2x13 -2x15
Department of Electrical and Computer Engineering
18
Computing Algebraic Signature – example (rs0)
Ref(N)
Network equations:
Sig(N)
Residual Expression
• rS set to 0, system is infeasible
• rS relaxed, gives residual expression
Department of Electrical and Computer Engineering
19
Residual Expression
 Residual Expression, RE(N) = Sig(N) − Ref(N) = rST xS
• An expression associated with the internal signals xS
 RE(N) should evaluate to zero for the design to be correct
• Need additional Boolean constraints
 To prove RE = 0, we need additional constraints to impose on N
• Structural Constraints
• Caused by fanout of internal signals, equality constraints
• Boolean Constraints
• Internal signals of FA, can be propagated in the network
Department of Electrical and Computer Engineering
20
Proving RE = 0 with Boolean constraints
Computation of Signature:
Algebraic Signature:
Residual Expression:
Boolean Constraints:
 RE(N) = 0
Reference Signature:
Now Ref(N) = Sig(N): design is correct
Department of Electrical and Computer Engineering
21
Functional Verification Flow
Department of Electrical and Computer Engineering
22
Comparison with SMT Solvers


Problem can be modeled as SAT
Need to show that
• Without Boolean constraints, RE ≠ Φ.
is unSAT
• With Boolean constraints, RE = Φ.
(MO = out of memory 4GB, TO = timeout after 1800 sec)
Department of Electrical and Computer Engineering
23
Results – Large Multipliers
CPU runtime for computing algebraic signature for n-bit integer
multipliers with additional constraints propagated in the network.
Department of Electrical and Computer Engineering
24
Results – Booth-encoded Multipliers
Complexity: O(N2) in number of gates
CPU runtime for computing algebraic signature for n-bit integer Booth-encoded
multipliers with additional constraints propagated in the network.
Department of Electrical and Computer Engineering
25
Conclusions
 Developed a new technique for functional verification of
arithmetic circuits based on computing algebraic signature
 Application
• RTL and gate-level Verification
• Given reference signature, system tries to match the signatures
• Equivalence Checking
• Comparing two networks on the basis of their signatures
• Property Checking
• Represent property P by its algebraic signature, SigP(N) = rT xP
• Check for consistency with reference signature APT α = rP
• Extracting circuit behavior
• Use SigO(N) to compute SigI(N)
 Limitations: limited to linear networks (Wallace trees, etc.)
Department of Electrical and Computer Engineering
26
Thank You
Department of Electrical and Computer Engineering
27
Outline




Introduction and Motivation
Related Work
Algebraic Modeling of Arithmetic Networks
Mathematical Formulation
• Computing the signature
• Residual expression and Boolean constraints
 Relation to SMT Techniques
 Results
 Conclusion and Future Work
Department of Electrical and Computer Engineering
28
Verification Methods
 Boolean methods
•
•
Good for gate-level designs
Inefficient for arithmetic designs
 Decision diagrams and SAT solvers
• Requires “bit-blasting” (too low-level for arithmetic)

Symbolic Algebra
• Too high level: limited to polynomial expressions or infinite precision
 SMT
• Generalization of Boolean SAT
• Lack of adequate models to handle arithmetic designs
 This Work
• Functional verification of arithmetic circuits by computing algebraic signature
Department of Electrical and Computer Engineering
29
Related Work - Summary
 Decision diagrams and Boolean SAT
• Not able to handle arithmetic functions efficiently
 ILP Methods
• Computationally prohibitive for large designs
 Symbolic Algebra
• Limited to small designs that can be represented as polynomials
 ABL Methods
• Assumes structural similarity, which is often absent
• Uses Grobner basis (overkill ?)
 Our Method
• No assumption about structural similarity
• Handles arithmetic on bit-level using algebra
• Fast and scalable (but limited to linear networks)
Department of Electrical and Computer Engineering
30
Complexity Graph
Complexity:O(N2)
Computational complexity of our approach
Department of Electrical and Computer Engineering
31
Future Work
 Need to learn additional Boolean Constraints
• Is this problem as difficult as the original one?
 Data-Path Verification
• Obtain a reference signature for the entire data-path
• Partition design into smaller blocks
 Debugging
• Identify bugs in the circuit
• Analyze Simplex phase I (pre-solver) of the LP solver
• If LP is infeasible, non-zero values of variables provide information which
equations prevent the LP from being feasible
• If LP is feasible, but RE cannot be reduced to zero, content of RE will be
used to reason about bugs
Department of Electrical and Computer Engineering
32