UC Berkeley UC Berkeley Electronic Theses and Dissertations
Total Page:16
File Type:pdf, Size:1020Kb
UC Berkeley UC Berkeley Electronic Theses and Dissertations Title Reasoning about High-Level Constructs in Hardware/Software Formal Verification Permalink https://escholarship.org/uc/item/66w7w52b Author Long, Jiang Publication Date 2017 Peer reviewed|Thesis/dissertation eScholarship.org Powered by the California Digital Library University of California Reasoning about High-Level Constructs in Hardware/Software Formal Verification by Jiang Long A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Electrical Engineering and Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor Robert K. Brayton, Chair Professor Alberto Sangiovanni Vincentelli Professor Xinyi Yuan Summer 2017 Reasoning about High-Level Constructs in Hardware/Software Formal Verification Copyright 2017 by Jiang Long 1 Abstract Reasoning about High-Level Constructs in Hardware/Software Formal Verification by Jiang Long Doctor of Philosophy in Electrical Engineering and Computer Science University of California, Berkeley Professor Robert K. Brayton, Chair The ever shrinking feature size of modern electronic chips leads to more designs being done as well as more complex chips being designed. These in turn lead to greater use of high-level specifications and to more sophisticated optimizations applied at the word -level. These steps make it more difficult to verify that the final design is faithful to the initial specification. We tackle two steps in this process and their formal equivalence checking to help verify the correctness of the steps. First, we present LEC, a combinational equivalence checking tool that is learning driven. It focuses on data-path equivalence checking with the goal of transforming the two logics under comparison to be more similar in order to reduce the complexity of a final Boolean (bit-level) solving. LEC does equivalence checking of combinational logic between two RTL (word-level) designs, one the original and one an optimized RTL version. LEC features an open architecture such that users and developers can learn with the system as new designs and optimizations are met, and then it can be modularly extended with new proof procedures as they are discovered. To address the use of higher level specifications, we build a simple trusted C to Verilog trans- lation procedure based on the LLVM compiler infrastructure. The translator was designed to implement an almost vertatim translation of the C language operators and control structures 2 into the Verilog always ff and always comb blocks through traversing LLVM Bytecode pro- grams. The procedure reliably bridges the language barrier between software and hardware and allows hardware synthesis and verification techniques to be applied readily. In combination, these two procedures allow for equivalence checking between a software-like specification and an optimized word-level RTL implementation. i Contents Contents i List of Figures v List of Tables vii 1 Introduction 1 1.1 Motivation . 1 1.2 Thesis Contribution . 3 2 Data-path Design Space and Verification 4 2.1 Introduction . 5 2.2 Data-path Optimization: The Design Space . 6 2.3 About Adding a Set of Numbers . 10 2.4 Empirical Study: Eight-Operand Adder-Tree Equivalence Checking . 11 2.5 Survey: Data-Path Formal Verification Techniques . 15 3 LEC: Learning-Driven Equivalence Checking 29 3.1 Overview: A Learning Process - Philosophy . 29 3.2 Tool Flow and Organization . 31 3.3 The LEC Widgets . 33 3.4 System Integration: Proof-tree Infrastructure . 53 3.5 Case Studies . 56 3.6 Experimental Results . 61 3.7 Comparison with Related Work . 65 3.8 Conclusion . 67 4 A Simple Trusted Translation Procedure from C to Verilog 68 4.1 Introduction . 69 4.2 Background . 74 4.3 Translating SSA to Verilog . 81 4.4 Experiments . 90 4.5 Related works . 95 ii 4.6 Conclusions . 96 5 Conclusion and Possible Future Extensions 97 Bibliography 99 iii Acknowledgments First and foremost, I would like to thank my advisor Prof. Robert K. Brayton for accepting me into his PhD program in Fall 2008. I remembered his Phil Kaulfman award ceremony at DAC 2008, where he concluded this award speech by answering a question from the audience on what is his secrets in advising his students: Leave them alone, don't mess them up, give a hand when they are in need of a help. At times, I was indeed left alone, given space(maybe too much) to explore my interest, stretch my ability and forge forward on my own, but obtaining his guidance and support at times of doubt and breaking point which carried me through the PhD journey. I would not start nor reach the finishing point without Bob's support or guidance. I would also like to thank Dr. Alan Mishchencko for introducing me to Bob's research group in the first place. His enthusiasm, deep devotion and extertise to the design and implementation of ABC not only provides us with a research foundation but also bring us closer to the industry for accessing real practical problems. In that, I would like to thank Dr. Mike Case for sharing an interesting problem with our research group which led to the starting point of this thesis work in data-path equivalence checking. I am thankful to my Qual exam committee members, Prof. Sanjit Seisha, Prof. Andreas Kuehlmann, and Prof. Xinyi Yuan for overseeing the exam. The thesis work is built upon Verific Inc.'s HDL compiler frontends, without them, it would not be possible. Personally, I would like to thank Baruch Sterin, Niklas Een, Yen-sheng Ho, Yu-yun Dai for the invigorating group discussions and introducing me to Python, bitbucket, hg and many other new tools which are the building blocks in the thesis implementation. iv >生_有¯, 而知_无¯。 以有¯随无¯, 殆已; 已而:知者, 殆而已ã。 庄P (300. BC) Life has its bound, Thou learning does not. With the bounded to follow the unbounded, Trying thee; Knowningly pursue the unknown, Trying trying thee. Zhuang Zi (300. BC) v List of Figures 1.1 Design Abstraction Levels . 2 2.1 A × B = Sum of n2 partial products . 11 2.2 Linear Adder Tree described in Verilog . 12 2.3 adder tree structure. 13 2.4 ABC's dcec results . 14 2.5 Complexity scale of SAT-Sweeping . 14 2.6 Bit-level to word-level transformation . 15 2.7 Use of UIF . 17 3.1 Miter logic . 30 3.2 Overall tool flow . 32 3.3 Illustration WNK node in C++ class . 32 3.4 Proof process . 34 3.5 Model Tree from Structural Hashing Widget . 37 3.6 Model Tree from Constant Reduction Widget . 38 3.7 Model Tree from PEP Reduction Widget . 39 3.8 Model Tree from the Abstraction Widget . 39 3.9 Case-split Transformation Widget . 43 3.10 Algebraic Transformations . 43 3.11 Algebraic transformation Widget . 44 3.12 Miter network . 46 3.13 Constant Learning and Reduction Widgets . 48 3.14 PEP Learning and Reduction Widgets . 49 3.15 Annotated reduced graph . 52 3.16 Branching sub-model tree . 54 3.17 Illustration of proof log . 55 3.18 Sub-model proof tree . 57 3.19 Addition implementation . 59 3.20 Proof log . 60 vi 3.21 WNK network for adder-shift tree of lemma 64 (Figure 3.20 line 26, equation (3.33) ) ( pi, po. +,fg,[m:n] are input, output, full-adder, concat and extract operators. The number after ' ' is the bit-width of the node. ) . 62 4.1 C vs RTL equivalence checking . 70 4.2 sum02 true-unreach-call.c . 71 4.3 C-to-Verilog Translation . 73 4.4 A single-clock synchronous circuit . 74 4.5 Verilog factorial implementation . 76 4.6 Waveform for Module verilog factorialwithn =6................. 77 4.7 C to SSA IR illustration . 78 4.8 LLVM CFG . 80 4.9 SSAb from SSA in Figure 4.7c with phi node reverted . 82 4.10 Verilog Model . 83 4.11 SSA access and utility functions . 86 4.12 SSAb to Verilog Translation . 87 4.13 Translation to Verilog continued . 88 4.14 Translated Verilog module from the SSAb in Figure 4.9 . 89 4.15 Waveform for Verilog module factorial . 90 4.16 test:bitvector-loops/overflow false-unreach-call1.i . 93 4.17 Software Verification Benchmark: bitvector category . 94 vii List of Tables 2.1 Result of three data-path transformations . 10 2.2 Internal similarities between Adder Trees in Figure 2.3 . 13 2.3 ACL2 Axioms . 22 3.1 Supported operators (unsigned) . 32 3.2 Lemma Types(MM is the current model) . 35 3.3 Rewriting rules . 40 3.4 Rewriting Widget . 41 3.5 Disjunctions of s-lemmas . 54 3.6 Conjunction of e-lemmas . 54 3.7 Benchmark comparison (Timeout 24 hours) . 63 4.1 2015 Software Verification Competition: Bit-Vector category . 72 4.2 Verilog language elements . 75 4.3 C language elements . 76 4.4 fpu 100 : 32-bit FPU . 91 4.5 fpu double: 64-bit FPU . 92 1 Chapter 1 Introduction One of the driving force of high-level language constructs is the need to raise the abstraction level for productivity. 1.1 Motivation The technological driving.