1 / 25

Serdar Tasiran

Using a Formal Specification and a Model Checker to Monitor and Guide Simulation Verifying the Multiprocessing Hardware of the Alpha 21364 Microprocessor. Serdar Tasiran

willa
Download Presentation

Serdar Tasiran

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using a Formal Specification and a Model Checker to Monitor and Guide SimulationVerifying the Multiprocessing Hardware of the Alpha 21364 Microprocessor Serdar Tasiran Koç University, Istanbul, Turkey(formerly Compaq/HP Systems Research Center) Yuan Yu(Microsoft Research, formerly Compaq)Brannon Batson(Intel, formerly Compaq)

  2. But first Formal Methods(i.e. mathematical, algorithmic)for Software and Hardware Designsor“Why should you care?”

  3. French Guyana, June 4, 1996 $800 million software failure

  4. Mars, July 4, 1997 Lostcontactduetoreal-time priority inversion bug

  5. Faulty division algorithm (Intel Pentium) $475 million replacement cost Faulty floppy disk controller (Toshiba) $2.1 billion court settlement

  6. $4 billion development effort > 50% system integration & validation cost

  7. 400 horses 100microprocessors

  8. Cost of Finding Flaws Late Comp 302, Spring 2003

  9. ANALYSIS SCIENCE Natural Systems ENGINEERING Artificial Systems PURE Abstract Systems THEORY Veri/Falsification APPLIED Concrete Systems EXPERIMENT DESIGN

  10. DESIGN VERI/FALSIFICATION • by simulation • by test INFORMAL (ad hoc) Poor coverage High recovery cost • by proof • by algorithm FORMAL (systematic)

  11. Register Transfer Level (RTL) System (Behavioral) Level Transistor Level Layout Level Gate Level Typical Abstraction Layers for a Hardware Design

  12. Design Process • Design :specify and enter the design intent Verify: verify the correctness of design and implementation Implement: refine the design through all phases

  13. Register Transfer Level (RTL) System (Behavioral) Level Transistor Level Layout Level Gate Level Flavors of Verification Design Verification:Does the design make sense? If I implemented it as designed, would it satisfy the design requirements? Implementation Verification:Is the implementation at the lower layer of abstraction consistent with the higher level?

  14. Systems Design and Verification Challenges • Heterogeneity (analog, digital, HW/SW) • Complexity (~billion transistors, ~millions of lines of code) • Time-to-market

  15. Processor Complexity Avg. Human IQ 180 160 140 120 100 80 50 Role of Computer-Aided Design and Verification Tools: Helping humans cope Intelligence Quotient Transistors PPC603 10M Pentium 80486 Pentium Pro 1M PPC601 80386 68020 MIPS R4000 68040 68000 100K 8086 10K 4004 8080 1K 100 10 1 1975 1980 1985 1990 1995

  16. p q Formal Verification Tools • Description of system • to be verified: • Finite state machine • Code written in a hardware • description language • Specification: • Temporal logic formula • Algorithm- or protocol-level description for design G(p Þ F q) Verifier No Yes Error trace

  17. Simulation Not complete Need to generate expected behavior Difficult to cover corner cases CPU intensive have to run billions of cycles Can handle large systems Formal Verification Complete wrt specification No need to generate expected behavior Corner cases are automatically taken care of Most of the state-of-the-art methods are memory intensive Memory usage is strongly related with the size of systems to be verified Simulation vs. Formal Verification

  18. Exploring the State Space of an FSM • Implicit methods: Representsets of states with decision • diagrams • Representation size not • proportional to number of states • But still memory limited

  19. 11 10 stars 7 10 transistors 100,000 10 states

  20. The Moral … • Verification is a serious problem • Formal verification methods are great, but not practical yet on complex systems • Simulation is practical, but can’t provide strong enough guarantees • Next part of talk: A hybrid technique: • Simulation + formal verification

More Related