combining acl2 and an automated verification tool to
play

Combining ACL2 and an Automated Verification Tool to Verify a - PowerPoint PPT Presentation

Aug 22, 2023 •212 likes •404 views

Combining ACL2 and an Automated Verification Tool to Verify a Multiplier Jun Sawada and Erik Reeber IBM Austin Research Laboratory University of Texas at Austin August 16, 2006 Introduction Implemented prototype mechanism for extending

  1. Combining ACL2 and an Automated Verification Tool to Verify a Multiplier Jun Sawada and Erik Reeber IBM Austin Research Laboratory University of Texas at Austin August 16, 2006

  2. Introduction � Implemented prototype mechanism for extending ACL2 with external tools � Integrated IBM’s SixthSense Verification Tool to ACL2 � Use SixthSense to verify smaller properties automatically. � Use ACL2 to prove problems too difficult to verify with SixthSense. � Applied the technique to the verification of an industrial multiplier design written in VHDL. Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  3. Outline � Prototype External Tool Mechanism � ACL2SIX: Extending ACL2 with SixthSense � Multiplier Design � Booth Encoder Verification � Compression Verification � Conclusion Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  4. Prototype External Tool Mechanism � A new ACL2 hint that extends the ACL2 theorem prover with functions that implement � new theorem proving procedures � external tool interfaces � Extension is dynamic � Implemented as program-mode functions � Prototype modifies ACL2 source � Only 57 lines of modification � To-do list entry contains additional features � Allows users to declare trusted clause-processors Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  5. :External Example (defun generalize-expr (clause expr new-var state) (cond ((or (not (symbolp new-var)) (var-in-expr-listp new-var clause)) (mv (list "ERROR: Target must be a new variable~%”) nil state)) (t (mv nil (list (substitute-expr-list expr new-var clause)) state)))) (thm (implies (and (natp a) (natp (foo))) (equal (nthcdr a (nthcdr (foo) x)) (nthcdr (+ a (foo)) x))) :hints (("Goal" :external (generalize-expr '(foo) 'b)) ("Goal'" :induct (nthcdr b x)))) Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  6. SixthSense � We use the :external extension mechanism to integrate ACL2 with SixthSense � IBM internal verification tool � Operates on a finite-state machine described in VHDL. � Uses transformation-based verification approach � BDDs & SAT Solvers � Re-timing engine � Semi-formal counter-example search engine � It formally proves safety properties of FSMs � When a property is found invalid, it returns a counter example as a waveform. Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  7. ACL2SIX Flow Chart ACL2 SixthSense ACL2 Property about VHDL Design VHDL VHDL Property Design ACL2VHDL Translation SixthSense Execution Check Result Yes No Reduced Counter Clause Example Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  8. ACL2SIX Extension � There is no ACL2 model of hardware design! � VHDL signals are represented in ACL2 logic with function stubs sigbit and sigvec : (sigbit entity signame cycle phase) (sigvec entity signame (lbit hbit) cycle phase) � ACL2SIX translates these stubs to the appropriate signals in the VHDL design. � Besides sigbit and sigvec , only ACL2VHDL primitives, such as bv+ , bv-and , and bv-or can be used in the verified property. Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  9. ACL2SIX Example (defun add32 () ‘(add32 (port (clk :in std_ulogic) ADD32 (a :in std_ulogic_vector (0 31)) (b :in std_ulogic_vector (0 31)) a b (sum :out std_ulogic_vector (0 31))) (extra-assigns (clk “c0”))) ADD (defthm adder-adds (implies (and (integerp n) (<= 1 n)) d (equal clk clk (bv+ (sigvec (add32) a (0 31) (1- n) 2) q (sigvec (add32) b (0 31) (1- n) 2)) (sigvec (add32) sum (0 31) n 2)) ) sum :hints ((“Goal” :external (acl2six ((:cycle-expr n) (:ignore-init-cycles 1)))))) Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  10. Booth Multiplier � 53bit x 54bit multiplier � Used to compute double-precision floating-point multiplication � Written in VHDL � Output consists of two vectors, whose sum is equal to its product. � Uses Booth-encoding algorithm, with a number of carry-save adder stages. � Sixthsense cannot verify entire system, or even a single stage of the multiplier. Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  11. Multiplier Dataflow Cycle #: 0.5 1.0 1.5 2.0 2.5 3.5 4.0 Opt. Booth Encoder … Sum Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 A … … C … Carry Vectors: 27 18 12 6 4 2 A X C = Sum + Carry Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  12. Multiplier Correctness Theorem (defthm multiplier-correct (implies (and (integerp n) (<= 7 n)) (equal (bv+ (Sum-output n 1) (Carry-output n 1)) (bv (* (bv-val (A-input (- n 4) 2)) (bv-val (C-input (- n 4) 2))) 108)))) Bv+ computes the binary sum. � (bv i n) returns the n -bit vector representing i . � Input A-input and C-input defined using sigvec. � Similarly with Output Sum-output and Carry-output. � Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  13. Booth Encoder Encoding Table � Reduces the multiplication to 100 → -2 * y summation 101 → -1 * y � Half as many partial-products of the 110 → -1 * y grade-school method. 111 → 0 * y 000 → 0 * y � Two’s Complement Notation 001 → 1 * y � Looks at three bits at a time 010 → 1 * y Example: 23 * 3 011 → 2 * y 000011 010111.0 * 110 -1 * 3 * 2 0 = -3 011 2 * 3 * 2 2 = 24 1 * 3 * 2 4 = 48 010 + 69 Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  14. Levels of Booth Encoder Models ACL2 multiply * Algorithmic ACL2 Model � Algorithms of n-bit Booth Encoder � ACL2 19 lines of ACL2 � Verified to implement a multiplier by Algorithmic � induction Intermediate ACL2 Model ACL2 � Stepping stone between algorithmic and Intermediate � bit vector models Bit Vector ACL2 Model ACL2 � Only using subset of ACL2 that is � translatable to VHDL Bit Vector VHDL Model � ACL2SIX High-performance industrial design � Optimized to decrease # wires VHDL � Equivalent to Bit Vector Model, by � SixthSense Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  15. Multiplier Dataflow Cycle #: 0.5 1.0 1.5 2.0 2.5 3.5 4.0 Opt. Booth Encoder … Sum Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 A … … C … Carry Vectors: 27 18 12 6 4 2 A X C = Sum + Carry Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  16. Compression Algorithm S0 0 S1 0 S0 0 + S0 1 + S0 2 = S1 0 + S1 1 CSA 0 S0 1 S1 1 S0 2 � 3-to-2 Carry-Save Adder (CSA) takes 3 inputs and produces 2 outputs, preserving the sum. � 4-to-2 CSA reduces 4 inputs to 2. � Compression Stage 1 consists of nine 3-to-2 CSAs. � Verifying sum-preservation on a single CSA can be done by SixthSense, but not nine CSAs combined. Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  17. Compression Verification � Use SixthSense to sum preservation of CSA � e.g., S1 0 + S1 1 = S0 0 + S0 1 + S0 2 � Make a rewrite rule to help simplification. � e.g., S1 0 = S0 0 + S0 1 + S0 2 - S1 1 � Chain of rewriting (with assoc. rules). S1 0 + S1 1 + S1 2 + …… + S1 17 ⇒ S0 0 + S0 1 + S0 2 - S1 1 + S1 1 + S1 2 + …… + S1 17 ⇒ S0 0 + S0 1 + S0 2 + S1 2 + …… + S1 17 … ⇒ S0 0 + S0 1 + S0 2 + S0 3 + …… + S0 26 Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  18. Multiplier Verification � Combine with Booth Encoder verification � S5 0 + S5 1 = A * C � Analysis � No bugs � Increased assurance � Can re-run proof if multiplier is modified � Low-level modifications only are seen by SixthSense! � About one month of human effort � Sixthsense: 7 work days � ACL2: 14 work days Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

  19. Conclusion � Added prototype mechanism for extending ACL2 with external tools � Integrated SixthSense and ACL2 � Avoided most of the VHDL semantics � Improved automation in verification of VHDL designs � Provided counter-example generation � Applied to multiplier verification � All low-level details are verified automatically by SixthSense. � Beyond scope of SixthSense alone Combining ACL2 and an Automated ACL2 Workshop 2006 Verification Tool to Verify a Multiplier

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm

Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm

Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm May 28, 2020 1/27 V ERIFICATION OF RTL D ESIGN WITH ACL2 Requirements for RTL verification by theorem proving: Semantics-preserving

422 views • 27 slides
A Suite of Hard ACL2 Theorems Arising in Refinement-Based Processor Verification Panagiotis

A Suite of Hard ACL2 Theorems Arising in Refinement-Based Processor Verification Panagiotis

A Suite of Hard ACL2 Theorems Arising in Refinement-Based Processor Verification Panagiotis (Pete) Manolios Sudarshan Srinivasan Georgia Institute of Technology 1 Introduction Hardware verification is an area of strength for ACL2.

422 views • 20 slides
Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu

Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu

Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu Northeastern University Boston, MA, USA 1 ACL2 2 ACL2 Formal verification based on pure, first-order Common Lisp. Used to model critical

909 views • 61 slides
ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya http://staff.computing.dundee.ac.uk/katya/acl2ml/ 12 July 2014 ACL214 J. Heras ACL2(ml): Machine-Learning for ACL2 1/23 Outline Some Challenges in ACL2 1 An overview of

871 views • 56 slides
GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification

GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification

GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification Inductive invariants are easy to prove Provable by SAT for finite state machines In ACL2, can use GL. Downsides:

596 views • 12 slides
to verify fy systems soft ftware Chris Hawblit itzel F*: expressive and automated verification

to verify fy systems soft ftware Chris Hawblit itzel F*: expressive and automated verification

Combining tactics, normalization, and SMT solv lvin ing to verify fy systems soft ftware Chris Hawblit itzel F*: expressive and automated verification higher-order logic type nat10 = x:int{0 &lt;= x /\ x &lt; 10} tactics (as of

806 views • 33 slides
Automated Verification of Automated Verification of asynchronous CIRCUITS USING CIRCUIT

Automated Verification of Automated Verification of asynchronous CIRCUITS USING CIRCUIT

ASYNC08 Automated Verification of Automated Verification of asynchronous CIRCUITS USING CIRCUIT asynchronous CIRCUITS USING CIRCUIT Petri nets Petri nets Iva n Polia kov, Andre y Mokhov, Da nil Sokolov, Ashur Ra fie v, Ale x Ya kovle v

474 views • 25 slides
Combining SAT solving with Integer Programming for Inductive Verification of Lustre Programs 3rd

Combining SAT solving with Integer Programming for Inductive Verification of Lustre Programs 3rd

Introduction Verification Analysis Summary Combining SAT solving with Integer Programming for Inductive Verification of Lustre Programs 3rd December 2004 Anders Franz en Combining SAT and ILP Introduction Verification Analysis

776 views • 58 slides
Industrial Hardware and Software Verification with ACL2 Warren A. Hunt, Jr. 1 , Matt Kaufmann 1 ,

Industrial Hardware and Software Verification with ACL2 Warren A. Hunt, Jr. 1 , Matt Kaufmann 1 ,

Industrial Hardware and Software Verification with ACL2 Warren A. Hunt, Jr. 1 , Matt Kaufmann 1 , J Strother Moore 1 , and Anna Slobodova 2 1 Department of Computer Science University of Texas at Austin and 2 Centaur Technology, Inc. Austin, TX.

483 views • 29 slides
Automatic Verification of Polynomial Rings Fundamental Properties in ACL2 Inmaculada Medina

Automatic Verification of Polynomial Rings Fundamental Properties in ACL2 Inmaculada Medina

Dpto. de Ciencias de la Computacin e Inteligencia Artificial U NIVERSIDAD DE S EVILLA Dpto. de Lenguajes y Sistemas Informticos U NIVERSIDAD DE C ADIZ Automatic Verification of Polynomial Rings Fundamental Properties in ACL2 Inmaculada

535 views • 24 slides
Combining Verification and Conformance Testing for Validating Reactive Systems Vlad Rusu, Thierry

Combining Verification and Conformance Testing for Validating Reactive Systems Vlad Rusu, Thierry

Combining Verification and Conformance Testing for Validating Reactive Systems Vlad Rusu, Thierry Jron, and Herv Marchand First.Last@irisa.fr IRISA/INRIA Rennes, project Vertecs http://www.irisa.fr/vertecs Combining verification and

632 views • 38 slides
A Framework for Asynchronous Circuit Modeling and Verification in ACL2 Cuong Chau 1 , Warren A.

A Framework for Asynchronous Circuit Modeling and Verification in ACL2 Cuong Chau 1 , Warren A.

A Framework for Asynchronous Circuit Modeling and Verification in ACL2 Cuong Chau 1 , Warren A. Hunt, Jr. 1 , Marly Roncken 2 , and Ivan Sutherland 2 { ckcuong,hunt } @cs.utexas.edu, marly.roncken@gmail.com, ivans@cecs.pdx.edu 1 The University of

766 views • 50 slides
Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming

Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming

Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming Introduction ACL2 ( r ) is a variant of ACL2 that supports the irrational numbers It is distributed with the ACL2 sources The foundations of ACL2

479 views • 29 slides
COMP60332: Automated Reasoning and Verification Konstantin Korovin and Renate Schmidt Theme:

COMP60332: Automated Reasoning and Verification Konstantin Korovin and Renate Schmidt Theme:

COMP60332: Automated Reasoning and Verification Konstantin Korovin and Renate Schmidt Theme: Ontology Engineering and Automated Reasoning K. Korovin &amp; R. Schmidt Automated Reasoning and Verification 1 / 10 Outline 1 Why Automated

371 views • 22 slides
Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2

Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2

Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2 Workshop, FLoC, Seattle, August 16, 2006 1 Introduction ACL2 provides a powerful congruence-based rewriting capability. However, some have

537 views • 19 slides
Symbolic String Verification: Combining String Analysis and Size Analysis Fang Yu Tevfik Bultan

Symbolic String Verification: Combining String Analysis and Size Analysis Fang Yu Tevfik Bultan

Symbolic String Verification: Combining String Analysis and Size Analysis Symbolic String Verification: Combining String Analysis and Size Analysis Fang Yu Tevfik Bultan Oscar H. Ibarra Deptartment of Computer Science University of California

477 views • 36 slides
Computational Optimization Augmented Lagrangian NW 17.3 Upcoming Schedule No class April 18

Computational Optimization Augmented Lagrangian NW 17.3 Upcoming Schedule No class April 18

Computational Optimization Augmented Lagrangian NW 17.3 Upcoming Schedule No class April 18 Friday, April 25, in class presentations. Projects due unless you present April 25 (free extension until Monday for 4/25 presenters). Monday, April

302 views • 17 slides
Matrix Multiplication Matrix multiplication is an operation with properties quite different from

Matrix Multiplication Matrix multiplication is an operation with properties quite different from

Matrix Multiplication Matrix multiplication is an operation with properties quite different from its scalar counterpart. To begin with, order matters in matrix multiplication. That is, the matrix product AB need not be the same as the matrix

695 views • 58 slides
Extracting INT8 Multipliers from INT18 Multipliers Bogdan Pasca, Martin Langhammer, Gregg

Extracting INT8 Multipliers from INT18 Multipliers Bogdan Pasca, Martin Langhammer, Gregg

Extracting INT8 Multipliers from INT18 Multipliers Bogdan Pasca, Martin Langhammer, Gregg Baeckler, Sergey Gribok Intel Corporation Context Machine learning increase density of small-precision arithmetic INT8 - commonly used for

442 views • 40 slides
Quiz I Give our two primary interpretations of matrix-vector multiplication. I Give the

Quiz I Give our two primary interpretations of matrix-vector multiplication. I Give the

Quiz I Give our two primary interpretations of matrix-vector multiplication. I Give the matrix-vector definition of matrix-matrix multiplication. 2 1 2 3 4 3 I Let A = 0 1 2 3 5 . 4 0 0 0 1 1. What is the rank of A ? 2. What is the

576 views • 23 slides
High-level State Machines &amp; RTL Design Prof. Usagi Recap: Clock signal 0ns 10ns 20ns

High-level State Machines &amp; RTL Design Prof. Usagi Recap: Clock signal 0ns 10ns 20ns

High-level State Machines &amp; RTL Design Prof. Usagi Recap: Clock signal 0ns 10ns 20ns 30ns 40ns 50ns 60ns 70ns 80ns 90ns Clock -- Pulsing signal for enabling latches; ticks like a clock The clock's period must be longer than

658 views • 40 slides
Reading multivariate data Surajit Ray Reader, University of Glasgow DataCamp Multivariate

Reading multivariate data Surajit Ray Reader, University of Glasgow DataCamp Multivariate

DataCamp Multivariate Probability Distributions in R MULTIVARIATE PROBABILITY DISTRIBUTIONS IN R Reading multivariate data Surajit Ray Reader, University of Glasgow DataCamp Multivariate Probability Distributions in R Course topics Read and

470 views • 32 slides
Robust multivariate methods for compositional data Peter Filzmoser Department of Statistics and

Robust multivariate methods for compositional data Peter Filzmoser Department of Statistics and

Robust multivariate methods for compositional data Peter Filzmoser Department of Statistics and Probability Theory Vienna University of Technology Compstat Paris, France August 23, 2010 Vienna University of Technology Contents

288 views • 26 slides
An Integrated View into Multivariate Associations Inferred from TCGA Cancer Data Dick Kreisberg

An Integrated View into Multivariate Associations Inferred from TCGA Cancer Data Dick Kreisberg

An Integrated View into Multivariate Associations Inferred from TCGA Cancer Data Dick Kreisberg Institute for Systems Biology Shmulevich Group Nov 17, 2011 Visual Analytics Emergent Technologies Browser-based

477 views • 10 slides

More recommend