centaur verification approach
play

Centaur Verification Approach Jared Davis, Warren Hunt, Jr., Anna - PowerPoint PPT Presentation

Feb 20, 2023 •248 likes •576 views

Centaur Verification Approach Jared Davis, Warren Hunt, Jr., Anna Slobodova, Sol Swords Bob Boyer, Gary Byers, Matt Kaufmann, Robert Krug November, 2010 Computer Sciences Department Centaur Technology, Inc. University of Texas 7600-C N.

  1. Centaur Verification Approach Jared Davis, Warren Hunt, Jr., Anna Slobodova, Sol Swords Bob Boyer, Gary Byers, Matt Kaufmann, Robert Krug November, 2010 Computer Sciences Department Centaur Technology, Inc. University of Texas 7600-C N. Capital of Texas Hwy 1 University Way, M/S C0500 Suite 300 Austin, TX 78712-0233 Austin, Texas 78731 hunt@cs.utexas.edu hunt@centtech.com TEL: +1 512 471 9748 TEL: +1 512 418 5797 FAX: +1 512 471 8885 FAX: +1 512 794 0717 Page 1 (Centaur Technology, UT Austin) Centaur Verification Approach October, 2010 1 / 32

  2. Outline 1 VIA Nano TM X86-64 Microprocessor 2 Core Technology: ACL2 3 A Simple Embedded Language 4 ECC Example 5 Centaur Formal Verification Toolflow 6 The Verilog-to-E Translator 7 The E -Language 8 Centaur Nano Media-Unit, Verification 9 Redux: The Centaur Verification Tool Relationships 10 Conclusion Page 2 (Centaur Technology, UT Austin) Centaur Verification Approach October, 2010 2 / 32

  3. Introduction We have verified add, sub, multiply, divide (microcode), compare, convert, logical, shuffle, blend, insert, extract, min-max instructions from Centaur’s 64-bit, X86-compatible, Nano TM microprocessor. Media unit implements over 100 X86 SSE and X87 instructions. Multiplier implements scalar & packed X86, X87, and FMA. For our verifications, we use a combination of AIG- and BDD-based symbolic simulation, case splitting, and theorem proving. We create a theorem for each instruction to be verified. We use ACL2 to mechanically verify each proposed theorem. We discuss our verification approach for formally verifying execution-unit instructions for the Centaur Nano TM – the Nano TM is used by Dell, HP, Lenovo, OLPC, and Samsung. Page 3 (Centaur Technology, UT Austin) Centaur Verification Approach October, 2010 3 / 32

  4. VIA Nano TM X86-64 Microprocessor VIA Nano TM X86-64 Microprocessor Contemporary Example Full X86-64 design including VMX 40-nanometer design of 97.5M transistors AES, DES, SHA, and random-number generator hardware Built-in security processor Runs 40 operating systems and four VMs Page 4 (Centaur Technology, UT Austin) Centaur Verification Approach October, 2010 4 / 32

  5. VIA Nano TM X86-64 Microprocessor Centaur Technology Centaur Technology, Inc., is a whole-owned subsidiary of VIA. Entire X86 processor design team is in Austin, Texas 100+ people specify, design, validate, bring up, test, build burn-in fixtures and programs – everything but chip manufacturing Roughly 20 people write RTL Around 20 work in validation Approximately 25 work in design About 30 work in test, manufacturing, bring up Three systems support Ten or so group leads, flat management Three support (payroll, benefits, reception, etc.) FV group is about 4 FTEs – high ratio! Extremely efficient organization, flat management, everyone expected to pull their own weight and then some... Page 5 (Centaur Technology, UT Austin) Centaur Verification Approach October, 2010 5 / 32

  6. VIA Nano TM X86-64 Microprocessor Centaur 64-bit Design Comments X86 designs are complicated, and to be cost and performance competitive, they are necessarily full custom. Low cost, small size, low power 64-bit (Intel EMT64-compatible) architecture Virtual Machine (Intel VMX-compatible) design Latest SSEx instructions 64-bit EA, 48-bit Virtual Address 40-bit Physical Address Targeted at low-power, low-cost applications: netbooks, low-power workstations, and embedded designs. Page 6 (Centaur Technology, UT Austin) Centaur Verification Approach October, 2010 6 / 32

  7. Core Technology: ACL2 Core Technology: ACL2 Our work is based on the ACL2 logic and its mechanical theorem prover. First-order predicate calculus with recursion and equality. Atomic data objects Complex rationals: 5 , -12 , 3/4 , \#C(3 4) Characters: #\a , #\8 , #\Tab Strings: "abc" , "aBc" , "ABC" Symbols: X , DEF , |abc| , |54-fifty4| Data constructor Pairs: (CONS 7 "ghi") , ’(7 . "ghi") Sophisticated quotation and abbreviation mechanisms Functions – subset of Common Lisp 31 primitive functions 200+ defined functions Guards defined for all functions Page 7 (Centaur Technology, UT Austin) Centaur Verification Approach October, 2010 7 / 32

  8. Core Technology: ACL2 Fibonacci Function Example (defun fib (x) (declare (xargs :guard (natp x))) (mbe :logic (if (zp x) 0 (if (= x 1) 1 (+ (fib (- x 2)) (fib (- x 1))))) :exec (if (< x 2) x (+ (fib (- x 2)) (fib (- x 1)))))) Any such function can be memoized. (memoize ’fib :condition ’(< 40 x)) Page 8 (Centaur Technology, UT Austin) Centaur Verification Approach October, 2010 8 / 32

  9. Core Technology: ACL2 Equivalent Function Proof Statement (defun f1 (fx-1 fx n-more) (declare (xargs :guard (and (natp fx-1) (natp fx) (natp n-more)))) (if (zp n-more) fx (f1 fx (+ fx-1 fx) (1- n-more)))) (defun fib2 (x) (declare (xargs :guard (natp x))) (if (zp x) x (f1 0 1 (1- x)))) (defthm fib2-is-fib (implies (natp x) (equal (fib2 x) (fib x)))) Page 9 (Centaur Technology, UT Austin) Centaur Verification Approach October, 2010 9 / 32

  10. Core Technology: ACL2 Symbolic Simulation Proof Examples An obvious observation about the factorial function. (def-gl-thm fib-in-range :hyp (and (natp x) (<= 4 x) (<= x 6)) :concl (or (equal (fib x) 3) (equal (fib x) 5) (equal (fib x) 8)) :g-bindings ‘((x ,(g-number (list (list 0 1 2 3))))) :rule-classes nil) A simple arithmetic fact. (def-gl-thm 4-5-6-is-less-than-7-8-9 :hyp (and (natp x) (natp y) (<= 4 x) (<= 7 y) (<= x 6) (<= y 9)) :concl (< x y) :g-bindings ‘((x ,(g-number (list (list 0 1 2 3 4)))) (y ,(g-number (list (list 5 6 7 8 9))))) :rule-classes nil) Page 10 (Centaur Technology, UT Austin) Centaur Verification Approach October, 2010 10 / 32

  11. Core Technology: ACL2 Symbolic Simulation in ACL2 We have developed a verified framework for ACL2 that provides a means for symbolic simulation. Defined functions can be mechanically generalized. Each mechanically defined generalized function is automatically verified. Such generalized functions, given finite sets, can be symbolically executed. Our framework allows the results of symbolic simulation of ACL2 functions to be used as a part of a proof. Our work provides a symbolic-simulation capability for the entire ACL2 logic. Page 11 (Centaur Technology, UT Austin) Centaur Verification Approach October, 2010 11 / 32

  12. A Simple Embedded Language A Simple Embedded Language To illustrate embedding a HDL within ACL2, we define the semantics of a Boolean logic based on IF trees. (defun if-termp (term) (defun if-evl (term alist) (declare (xargs :guard t)) (declare (if (atom term) (xargs :guard (eqlablep term) (and (if-termp term) (let ((fn (car term)) (eqlable-alistp alist)))) (args (cdr term))) (if (atom term) (and (consp args) (cdr (assoc term alist)) (consp (cdr args)) (if (if-evl (cadr term) alist) (consp (cddr args)) (if-evl (caddr term) alist) (null (cdddr args)) (if-evl (cadddr term) alist)))) (eql fn ’if) (if-termp (car args)) (if-termp (cadr args)) (if-termp (caddr args)))))) Page 12 (Centaur Technology, UT Austin) Centaur Verification Approach October, 2010 12 / 32

  13. A Simple Embedded Language Example IF Tree and Verification by Symbolic Execution (to-if ’(implies (and x y) (or x y))) ==> ’(IF (IF X Y NIL) (IF X T Y) T) Our language of IF trees only contains one logical connective. (def-gl-thm if-evl-example :hyp (and (booleanp a) (booleanp b)) :concl (if-evl ’(IF (IF X Y NIL) (IF X T Y) T) ‘((NIL . nil) (T . t) (X . ,a) (Y . ,b))) :g-bindings ‘((a ,(g-boolean 0)) (b ,(g-boolean 1)))) Page 13 (Centaur Technology, UT Austin) Centaur Verification Approach October, 2010 13 / 32

  14. A Simple Embedded Language The Centaur Verification Tool Relationships Nano "Golden" X86 binary Model code ACL2 X86 ISA specification TP fragments Simulation VIA Nano ACL2 Verilog Symbolic Integer specifications and microcode Simulation ACL2 Verilog Output and Next Translator State Equations VIA Nano E (EMOD) Wire and State EMOD( type, , inputs, st ) Equations Equality ACL2 Transistor Analyzer Nano Spice Node SYM_SIM( , inputs, st ) Netlist Equations Switches with strengths Sized capacitors Cadence Available Nano Masks Database Translators? Nano GDS2 Nano OPC GDS2 Page 14 (Centaur Technology, UT Austin) Centaur Verification Approach October, 2010 14 / 32

  15. ECC Example ECC Example data data_err "Memory" corrected_output_bits 64 8 64 64 ecc_gen syn1 syn2 64 64 ecc_gen correctable_error 8 8 8 1 72 ecc_decode errors syn_err 1 uncorrectable_error Error Injection Model to analyze the ECC circuitry. Syndrome unit produces error-correcting code ECC unit decodes syndrome to produce 1-hot, correction position Page 15 (Centaur Technology, UT Austin) Centaur Verification Approach October, 2010 15 / 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
idt The Windows Microprocessor for Business Applications More on IDT / Centaur: www. winchip.com

idt The Windows Microprocessor for Business Applications More on IDT / Centaur: www. winchip.com

INTEGRATED DEVICE TECHNOLOGY idt The Windows Microprocessor for Business Applications More on IDT / Centaur: www. winchip.com Reach Mike Bruzzone: campmkting@aol.com or 408/492-8637 mb 2/8/98 INTEGRATED DEVICE TECHNOLOGY Centaur Technology

683 views • 37 slides
Industrial Hardware and Software Verification with ACL2 Warren A. Hunt, Jr. 1 , Matt Kaufmann 1 ,

Industrial Hardware and Software Verification with ACL2 Warren A. Hunt, Jr. 1 , Matt Kaufmann 1 ,

Industrial Hardware and Software Verification with ACL2 Warren A. Hunt, Jr. 1 , Matt Kaufmann 1 , J Strother Moore 1 , and Anna Slobodova 2 1 Department of Computer Science University of Texas at Austin and 2 Centaur Technology, Inc. Austin, TX.

483 views • 29 slides
A Toolbox for Property Checking from Simulation using Incremental SAT Rob Sumners Centaur

A Toolbox for Property Checking from Simulation using Incremental SAT Rob Sumners Centaur

A Toolbox for Property Checking from Simulation using Incremental SAT Rob Sumners Centaur Technology rsumners@centtech.com ...terrible title... Rob Sumners Centaur Technology rsumners@centtech.com Motivation: extending simulation..

753 views • 17 slides
Anna Slobodova Formal Verification Team Shilpi Goel Anna Slobodova Rob Sumners Sol Swords

Anna Slobodova Formal Verification Team Shilpi Goel Anna Slobodova Rob Sumners Sol Swords

Using Formal Methods in an Organization with a Simulation-Based Mentality IWLS 2017 Anna Slobodova Formal Verification Team Shilpi Goel Anna Slobodova Rob Sumners Sol Swords Centaur Technology Founded in 1995 as a startup to lower cost of

795 views • 17 slides
An integrated approach to P systems formal verification Marian Gheorghe 1,2 , Florentin Ipate 2 ,

An integrated approach to P systems formal verification Marian Gheorghe 1,2 , Florentin Ipate 2 ,

An integrated approach to P systems formal verification Marian Gheorghe 1,2 , Florentin Ipate 2 , Raluca Lefticaru 2 , Ciprian Dragomir 1 1 University of Sheffield 2 University of Pitesti Summary Integrated formal verification approach

497 views • 16 slides
An Automata Based Approach for Verification of Information Flow Properties Deepak DSouza,

An Automata Based Approach for Verification of Information Flow Properties Deepak DSouza,

An Automata Based Approach for Verification of Information Flow Properties Deepak DSouza, Raghavendra K.R., Barbara Sprick Indian Institute of Science, Bangalore, India An Automata Based Approach for Verification of Information Flow

696 views • 58 slides
An end-to-end approach for the verification problem: learning the right distance Joo Monteiro

An end-to-end approach for the verification problem: learning the right distance Joo Monteiro

An end-to-end approach for the verification problem: learning the right distance Joo Monteiro 1,2 , Isabela Albuquerque 1 , Jahangir Alam 1,2 , R Devon Hjelm 3,4 , Tiago H. Falk 1 1-Institut National de la Recherche Scientifique (INRS-EMT)

650 views • 30 slides
TOMORROW for Centaur Theatres 2020 Wildside Festival The way to dusty death is

TOMORROW for Centaur Theatres 2020 Wildside Festival The way to dusty death is

Hooks and Crooks Specially presents: TOMORROW for Centaur Theatres 2020 Wildside Festival The way to dusty death is cataclysmic climate change in this impressive mash-up of Shakespeare and environmental activism . -Montral

412 views • 5 slides
Symbolic String Verification: An Automata-based Approach Fang Yu Tevfik Bultan Marco Cova

Symbolic String Verification: An Automata-based Approach Fang Yu Tevfik Bultan Marco Cova

Outline Motivation Symbolic String Verification Experiments Conclusion Symbolic String Verification: An Automata-based Approach Fang Yu Tevfik Bultan Marco Cova Oscar H. Ibarra Dept. of Computer Science University of California Santa

465 views • 35 slides
COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction)

COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction)

COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction) Mykola (Nikolaj) S. Nikitchenko Taras Shevchenko National University of Kyiv Linz, JKU, November 08-19, 2012 1 Contents Introduction

783 views • 40 slides
ADVANTAGES OF A MULTILATERAL APPROACH TO THE VERIFICATION OF FUTURE NUCLEAR DISARMAMENT ACTIVITIES

ADVANTAGES OF A MULTILATERAL APPROACH TO THE VERIFICATION OF FUTURE NUCLEAR DISARMAMENT ACTIVITIES

ADVANTAGES OF A MULTILATERAL APPROACH TO THE VERIFICATION OF FUTURE NUCLEAR DISARMAMENT ACTIVITIES David Cliff, Researcher As presented at the NPT PrepCom, Vienna, Tuesday 8 May 2012 Thank you all for coming. To begin with, Id like to

269 views • 6 slides
Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop

Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop

Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop 2018 This talk is for hint abusers This might be you if: You cant be bothered to figure out a good rewriting strategy You just dont know

541 views • 30 slides
Analyzing Khipu in ACL2 Rob Sumners Centaur Technology rsumners@centtech.com Brief introduction

Analyzing Khipu in ACL2 Rob Sumners Centaur Technology rsumners@centtech.com Brief introduction

Analyzing Khipu in ACL2 Rob Sumners Centaur Technology rsumners@centtech.com Brief introduction to khipu Khipu (from the Quechan for knot) are structured combinations of woven strings tied into knots used as a form of

397 views • 17 slides
Continuous Quality Verification An Approach to Process Validation Liz Coulson, Head of Quality

Continuous Quality Verification An Approach to Process Validation Liz Coulson, Head of Quality

Continuous Quality Verification An Approach to Process Validation Liz Coulson, Head of Quality and Regulatory Policy, Pfizer Jean-Louis Robert, Chair of Quality Working Party Lina Ertle, AFSSaPS 29/09/2009 EMEA/Efpia QbD Application Workshop -

334 views • 19 slides
An Algorithmic Approach to Global Asymptotic Stability Verification of Hybrid Systems Miriam

An Algorithmic Approach to Global Asymptotic Stability Verification of Hybrid Systems Miriam

An Algorithmic Approach to Global Asymptotic Stability Verification of Hybrid Systems Miriam Garca Soto &amp; Pavithra Prabhakar IMDEA Software Institute &amp; Kansas State University EMSOFT16 Pittsburgh, PA, USA October, 2016 1 Hybrid

574 views • 54 slides
Publishing date: 19/ 01/ 2015 Document title: 4b - Oil and gas UK slides ACER meeting 5 Dec 2014

Publishing date: 19/ 01/ 2015 Document title: 4b - Oil and gas UK slides ACER meeting 5 Dec 2014

Publishing date: 19/ 01/ 2015 Document title: 4b - Oil and gas UK slides ACER meeting 5 Dec 2014 We appreciate your feedback Please click on the icon to take a 5 online survey and provide your feedback about this document UK gas industry

348 views • 15 slides
Ordering Metro Lines by Block Crossings Martin Fink Lehrstuhl f ur Informatik I Universit

Ordering Metro Lines by Block Crossings Martin Fink Lehrstuhl f ur Informatik I Universit

Ordering Metro Lines by Block Crossings Martin Fink Lehrstuhl f ur Informatik I Universit at W urzburg Joint work with Sergey Pupyrev 1 /18 Metro Maps Vienna 2 /18 Metro Maps Paris 3 /18 Metro Maps Metro Lines 4

1.2k views • 119 slides
Evaluating the Impact of Interconnections in Quantum-dot Cellular Automata (QCA) Frank Sill Torres

Evaluating the Impact of Interconnections in Quantum-dot Cellular Automata (QCA) Frank Sill Torres

Evaluating the Impact of Interconnections in Quantum-dot Cellular Automata (QCA) Frank Sill Torres 1,2 , Robert Wille 1,3 , Marcel Walter 2 , Philipp Niemann 1,2 , Daniel Groe 1,2 , Rolf Drechsler 1,2 1 DFKI GmbH (Germany), 2 University of Bremen

379 views • 18 slides
Secure By Design: Codified Controls For Cloud Services This talk will introduce the idea and

Secure By Design: Codified Controls For Cloud Services This talk will introduce the idea and

Secure By Design: Codified Controls For Cloud Services This talk will introduce the idea and method used by JPMorgan Chase &amp; Co. to get cloud services approved for use in an accelerated timeline. This idea and method are now a project at

540 views • 24 slides
Lattice Cryptography: Introduction and Open Problems Daniele Micciancio Department of Computer

Lattice Cryptography: Introduction and Open Problems Daniele Micciancio Department of Computer

Lattice Cryptography: Introduction and Open Problems Daniele Micciancio Department of Computer Science and Engineering University of California, San Diego August 2015 Daniele Micciancio (UCSD) Lattice Cryptography: Introduction and Open

1.21k views • 91 slides
video to text task Jia Chen 1 , Shizhe Chen 2 , Qin Jin 2 , Alexander Hauptmann 1 1 Carnegie Mellon

video to text task Jia Chen 1 , Shizhe Chen 2 , Qin Jin 2 , Alexander Hauptmann 1 1 Carnegie Mellon

INF entrance to TRECVID2018 video to text task Jia Chen 1 , Shizhe Chen 2 , Qin Jin 2 , Alexander Hauptmann 1 1 Carnegie Mellon University 2 Renmin University of China Content Recap and what's new Network architecture Limitation of

363 views • 14 slides
Model Checking as A Reachability Problem Moshe Y. Vardi Rice University Engines of Progress:

Model Checking as A Reachability Problem Moshe Y. Vardi Rice University Engines of Progress:

Model Checking as A Reachability Problem Moshe Y. Vardi Rice University Engines of Progress: Semiconductor Technology Gordon Moore (co-founder of Intel) predicted in 1965 that the transistor density of semiconductor chips would double

486 views • 38 slides
Dominance as a New Trusted Computing Primitive for the IoT Meng Xu (Georgia Tech) Manuel Huber

Dominance as a New Trusted Computing Primitive for the IoT Meng Xu (Georgia Tech) Manuel Huber

1 Dominance as a New Trusted Computing Primitive for the IoT Meng Xu (Georgia Tech) Manuel Huber (Fraunhofer AISEC) Zhichuang Sun (Northeastern University) Paul England (Microsoft Research) Marcus Peinado (Microsoft Research) Sangho Lee

4.28k views • 49 slides

More recommend