1 / 16

Semi-Formal Verification at IBM

Jason Baumgartner, Viresh Paruthi, Robert Kanzelman, Hari Mony IBM Corporation. Semi-Formal Verification at IBM. Outline. What is semi-formal verification (SFV)? Challenges in industrial-strength SFV SixthSense: IBM’s SFV Toolset SFV Applications at IBM Conclusion.

joseph-benjamin
Download Presentation

Semi-Formal Verification at IBM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Jason Baumgartner, Viresh Paruthi, Robert Kanzelman, Hari Mony IBM Corporation Semi-Formal Verification at IBM

  2. Outline • What is semi-formal verification (SFV)? • Challenges in industrial-strength SFV • SixthSense: IBM’s SFV Toolset • SFV Applications at IBM • Conclusion

  3. What is Semi-Formal Verification (SFV)? • A method to leverage formal algos in resource-bounded way • Used to find bugs too complex / deep for pure formal search • Often iterates between random simulation, formal algos

  4. Challenges of Effective SFV • SFV is only effective if a formal search is triggered near a fail • Otherwise, does not improve falsification capability of formal search • Approaches: • State prioritization: try to trigger iterations from new / interesting states • Light-houses / stepping-stones: use formal analysis to identify states leading towards fail • Can use formal algos to try to tunnel between these • Clever input generation: make simulation itself “smarter” • Or weaken formal algos through lossiness

  5. Industrial SFV Experience • SFV is a very useful technology • Critical for deep bugs • Key to scaling formal algos to large, complex designs • However, advances in SFV technologies tend to have marginal benefit for many industrial designs • Increasing exhaustive search depth capability by 1 will likely expose more bugs than incremental SFV advances • E.g., improvements to SAT technology

  6. Abstraction-Guided Search • Abstraction-guided stepping stones: promising technology • But for many complex designs it does not work very well • Abstraction is obviously prone to dead-ends • Abstract depth may not match concrete depth • May memout if abstraction becomes too large • Management of large preimages may also slow SFV • May yield too shallow of preimages, saturating in a few iterations • Abstract preimages do not adequately simplify (shorten) search • Less effective than target enlargement, since approximate

  7. Advancing SFV Technologies • We feel that SFV is still a relatively immature technology • Numerous directions for improvement, such as: • Abstraction-guided search • Difficult to obtain a small enough abstraction which captures the deep behavior of design • Need a customized abstraction-refinement scheme? • State prioritization and clever input stimuli generation: • Borrow from and improve upon testcase generation technologies • Improved methods to leverage formal analysis to define and reach prioritized states • Please continue research in this area!!

  8. SixthSense: IBM’s SFV Toolset • SixthSense is a system of cooperating algorithms • Semi-Formal engines • Formal engines • Transformation engines: simplification / abstraction algorithms • Transformation-Based Verification (TBV) framework • Exploits maximal synergy between various algorithms • Redundancy removal, retiming, induction, localization, ... • Incrementally chop problem into simpler sub-problems until solvable • Used for functional verification + sequential equiv checking

  9. Counterexample Trace consistent with Original Design Design + Properties 140000 registers Problem decomposition via synergistic transforms All transformations are transparent to the user All results are in terms of original design SixthSense Min-Area Retiming Engine retimed trace 75000 registers Localization Engine retimed, localized trace 150 registers Reachability Engine Transformation-Based Verification Framework

  10. SixthSense: IBM’s SFV Toolset • Transforms yield exponential speedups to semi-formal applications, as well as to formal applications • Very useful to enable deeper exhaustive search • Simplify the sequential design once, unfold many times • Unfolding amplifies the benefit of the simplification • Transforms can even be integrated within SAT • Applied directly to unfolded instance • Unfolding opens up more reduction potential • TBV impact is particularly profound on high-performance designs • Though useful on all types of logic we have encountered

  11. Example SixthSense Engines • Combinational rewriting • Sequential redundancy removal • Min-area retiming • Sequential rewriting • Input reparameterization • Localization • Target enlargement • State-transition folding • Isomorphic property decomposition • Unfolding • Semi-formal search • Symbolic sim: SAT+BDDs • Symbolic reachability • Induction • Interpolation • … • Expert System Engine automates optimal engine sequence experimentation

  12. Applications • Wide-spread adoption of FV requires scalability to sim-sized testbenches • Easier to specify larger functional units vs. components thereof • E.g: specify IEEE-compliant FPU check, vs. criteria for correctness of each FPU pipeline-stage controller • Scalability implies the need for SFV • SFV can wring through bugs even if size too big for proofs • Nonetheless, strong motivation to tune tool for large-scale proofs! • A robust toolset needs to integrate falsification + proof threads • In many cases, large-scale proof is possible without a need for manual decompositions

  13. Applications • Virtually all SixthSense applications benefit from semi-formal search • Assertion-based verification • Typically done by designers • Lesser experience level with FV and toolset • Testbenches developed with little thought about “proof strategy” • SFV very useful to wring out bugs • Reference-model based verification • Comprehensive checks, usually implemented as an abstract reference model • For larger units, often benefits from SFV to wring out early bugs

  14. Applications • Silicon-failure recreation efforts: When a chip misbehaves… • On-chip debug facilities offer partial insight into cause • Usually have a good idea of property to check, “buggy region” • SFV very useful since often requires a fairly large design slice • And bug-hunting vs. proving is “the mission” • Coverage analysis • Leverage formal algos to help simulation reach hard-to-hit scenarios • Sequential equiv checking: semi-formal search useful to find mismatches, assist in guessing equivalent gates

  15. Conclusion • SFV is an enabling technology for wide-spread FV usage • Eliminates “risk” associated with developing a complex formal spec, only to choke FV tool • Enables greater return on spec investment at higher, more encompassing interfaces • SFV will wring out bugs early – even if expert manual decomposition performed later to yield proofs • Encourages development of meaningful specs, reusable in sim + emulation • Minimizes learning curve: corner-case bugs found by casual users • No need for a team of PhDs to use the formal tool!

  16. Conclusion • SFV advances useful for certain classes of designs • However, they can easily get lost on many designs • More research is needed! • SixthSense approach: increase formal BMC depth by synergistic transformations • Simplify the sequential design once, unfold many times • Also simplify the unfolded instance within the SAT engine, within the SFV engine • Powerful SFV engine will benefit a variety of tasks: functional verification + sequential equiv checking

More Related