1 / 23

Specification and Encoding of Transaction Interaction Properties

www.gigascale.org. Specification and Encoding of Transaction Interaction Properties. Divjyot Sethi Yogesh Mahajan Sharad Malik Princeton University Hardware Verification Workshop Edinburgh July 15, 2010. Gap Between Specification and Implementation. Consequences for Verification

kacy
Download Presentation

Specification and Encoding of Transaction Interaction Properties

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. www.gigascale.org Specification and Encoding of Transaction Interaction Properties Divjyot Sethi Yogesh Mahajan Sharad Malik Princeton University Hardware Verification Workshop Edinburgh July 15, 2010

  2. Gap Between Specification and Implementation Consequences for Verification • Need humans to translate correctness conditions between them • Incomplete, expensive, error prone • Significant barrier to automation in verification. • Specification • Objects are units of data • Concurrent computation on these objects Instr Op Rs Rt Immediate Frame l1 M1 M2 M3 Mapping of concurrent functions onto concurrent hardware blocks is captured by humans Packet ln H T • Implementation • Objects are functional logic blocks • Concurrent communication between these objects Drives efforts to move design and verification to levels above RTL. Pipeline

  3. Modeling Concurrent Computation Using Transactions Time • Transaction is a unit of work • Transactions can be concurrent • Transaction sequences • Permits reasoning about • Individual transactions • Interactions between transactions • e.g. pipeline hazards T1 T2 T3 Transaction Sequence Order Shared Resource

  4. Transaction Interaction Properties • Examples • Contention • Mutual exclusion • Sequencing • Ordering of packets in a router • Pipeline hazards • Priority • Choosing among concurrent processes Generally deal with ordering of individual transaction instances.

  5. Transaction Interaction Properties in RTL • Lack high-level information • Where are the instructions? • Need to instrument the design to capture high-level objects • Instructions in flight • Need to state the property in terms of instrumented variables • Human intervention limits automation Example: RAW Pipeline Hazard Easier with a transaction-level model with explicit ordering information.

  6. Big Picture Automated Encoding Transaction-LevelModel Finite Model + Temporal Logic Property Transaction Interaction Property + Model Check This Verified Synthesis This Work Previous Work (CODES+ISSS 09) Synthesized RTL

  7. Talk Outline • Motivation • Modeling Transactions and Interaction Properties • Encoding for Model Checking • Experiments • Related Work • Summary

  8. Transaction-Level Model Start Step Guarded Transitions • Individual Transaction • Explicit start and end steps • Guarded transitions • Model as a Kripke structure • Infinite array of transactions • Index value refers to specific transaction • State • Local • Transaction state • present step & local variables • Local variables constant after a transaction ends • Global shared state End Step T1 M1 Parametric, but not symmetric in i T2 Ti i Global State Local State Of Ti Modeled as an infinite Kripke structure

  9. Property Specification using Indexed Temporal Logic Indexed transaction local variables Example: RAW hazard property i, j are transaction indices i,jj>i G~( readj & ~writei & F(writei))  [L(I),g]  I, P(I) Indexed Temporal Logic Formula • General Form of property: • I: Set of index variables, one for each interacting transaction • P(I): Predicate on the set of indices I capturing relationship among interacting transactions • [L(I),g]: Temporal logic formula on transaction local indexed variables and global variables

  10. Talk Outline • Motivation • Modeling Transactions and Interaction Properties • Encoding for Model Checking • Experiments • Related Work • Summary

  11. Encoding for Model Checking Infinite State Model + I, P(I)  [v(I),g] Encode M1 LTL/CTL Formula + Global State T1 T2 Ti Finite State Model i Encode Indexed State Model Check This

  12. Handling Infinite State Infinite State Model + I, P(I)  [v(I),g] • Observation 1: Only a finite number of active • transactions possible due to finite resources • Finite state for active transactions M1 S1 Global State Ti T1 T2 S2 State of active transactions i SK Indexed State User specified upper bound Independently verified

  13. Handling Infinite State Infinite State Model + I, P(I)  [v(I),g] But, properties may refer to local variables of transactions that have ended. Observation 2: Can exploit non-determinism. Non-deterministically select |I| transactions for tracking past history. The model checker will implicitly consider all possible values. M1 Global State Ti T2 T1 i E1 Number of interacting transactions E2 Local variables of selected transactions Indexed State E|I|

  14. Encoding the Predicate Infinite State Model + I, P(I)  [v(I),g] • But, predicate evaluation needs the potentially • infinite index value of the interacting • transactions. • Observation 3: Can handle several (all?) useful • predicates without explicit index value storage. • Ordering Constraints • P(i, j) : i > j • Separation Constraints • P(i, j) : i − j > m • P(i, j) : i − j < m • Equality Constraints: P(i, j) • i = j + m • Inequality constraints • P(i, j) : i j + m M1 Global State T1 T2 Ti ND_Selecti Predicate FSM i ND_Selectj I = {i,j} Indexed State

  15. Encoding for Model Checking Infinite State Model + I, P(I)  [v(I),g] Key Components M1 E1 S1 E2 S2 Global State Ti T2 T1 E|I| i SK Local variables of ended transactions State of active transactions ND_Selecti Predicate FSM Indexed State ND_Selectj

  16. Talk Outline • Motivation • Modeling Transactions and Interaction Properties • Encoding for Model Checking • Experiments • Related Work • Summary

  17. Experiments • Design examples • Simple router • Property: Flits are processed in order • Simple processor • Property: Absence of RAW hazard • Input: • Designs specified using a transaction-level model • Properties specified using indexed temporal logic • Output: • Synthesized SMV for finite model and LTL property • Model checked using Cadence SMV

  18. Model Checking Results All experiments done on Intel Core 2 Duo 2.5GHz 3 GB RAM Machine with Windows XP

  19. Talk Outline • Motivation • Modeling Transactions and Interaction Properties • Encoding for Model Checking • Experiments • Related Work • Summary

  20. Related Work Summary

  21. Talk Outline • Motivation • Modeling Transactions and Interaction Properties • Encoding for Model Checking • Experiments • Related Work • Summary

  22. Summary • Transaction-based higher-level models enable reasoning without resorting to design instrumentation • Main Contributions: • Infinite Kripkestructure model for transactions with explicit indices • Indexed temporal logic for specifying transactions interactions properties • Finite encoding of design and property exploiting • Finiteness of hardware resources • Non-determinism in model checkers • Specific ordering relationships of interacting transactions • Initial prototype demonstration

  23. Related Papers • Y. Mahajan, C. Chan, A. Bayazit, S. Malik, and W. Qin, “Verification driven formal architecture and microarchitecture modeling,” in MEMOCODE ’07: Proceedings of the 5th IEEE/ACM International Conference on Formal Methods and Models for Codesign. Washington, DC, USA: IEEE Computer Society, 2007, pp. 123–132. • Y. Mahajan and S. Malik, “Automating hazard checking in transaction-level microarchitecture models,” in FMCAD ’07: Proceedings of the Formal Methods in Computer Aided Design. Washington, DC, USA: IEEE Computer Society, 2007, pp. 62–65. • D. Schwartz-Narbonne, C. Chan, Y. Mahajan, and S. Malik, “Supporting RTL flow compatibility in a microarchitecture-level design framework,” in CODES+ISSS ’09: Proceedings of the 7th IEEE/ACM international conference on Hardware/software codesign and system synthesis. New York, NY, USA: ACM, 2009, pp. 343–352.

More Related