formal verification tutorial
play

Formal Verification Tutorial Breaking Through the Knowledge Barrier - PowerPoint PPT Presentation

Jan 26, 2023 •112 likes •1.48k views

Formal Verification Tutorial Breaking Through the Knowledge Barrier Sean Safarpour - Synopsys, Inc. Iain Singleton - Synopsys, Inc. Shaun Feng - Samsung Austin R&D Center Syed Suhaib - Nvidia Corp. Mandar Munishwar - Qualcomm, Inc.

  1. What Makes a Good Helper Property? • Invariants for proofs – Describing relation between signals in design and formal testbench – Proving simpler properties on the relationship inside COI of target property – Properties related to the main property (for all DAC invariants antecedents were a subset of expression in main property) • Covers for bug hunting – Hit deep extremes in the design (counters full, credit empty etc.) – Cover interesting corner cases (long gaps between input/output toggling etc.) Iain Singleton - Synopsys, Inc 35

  2. Induction • Induction is another powerful technique which can help with difficult properties • An inductive property says that if something is true now, it must be true in the future a==b |=> a==b Iain Singleton - Synopsys, Inc 36

  3. Induction and Initial State Abstraction • Combining induction with initial state abstraction enhances its power – Antecedent relies on consequent currently being true – Stops many spurious failures • Sequential depth problem hugely reduced • Counterexamples can be reached very quickly Iain Singleton - Synopsys, Inc 37

  4. Induction and Initial State Abstraction Example – Small State Machine INIT INIT timer = 8192 timer = 8192 STOP RUN STOP RUN mismatch count = 4096 count = 4095 as_state_equal: assert property (design_state == tb_state); Lots of sequential depth to bug Iain Singleton - Synopsys, Inc 38

  5. Induction and Initial State Abstraction Example – Small State Machine INIT INIT timer = 8192 timer = 8192 STOP RUN STOP RUN mismatch count = 4096 count = 4095 as_ind_state_equal: assert property (design_state == tb_state |=> design_state == tb_state); No reset to design Depth 1 constraints that design and tb counter and timer are equal in initial state Instant 2 cycle CEX Iain Singleton - Synopsys, Inc 39

  6. State Space Exploration End state Initial state Iain Singleton - Synopsys, Inc 40

  7. Induction and Invariants – Combining the Power • Finding invariants that will help with convergence is a challenge • Inductive invariants can be very powerful tools for improving convergence • Tool capabilities can be used to help with this – Find a CEX from a non-reset state – Construct an inductive invariant property to prove this CEX cannot happen – Add this CEX as helper property and step forward for new CEX Iain Singleton - Synopsys, Inc 41

  8. Summary • Formal is being used on bigger and more complex designs • For successful formal application on such designs advanced techniques are required • Induction and invariants are two powerful formal techniques which can enhance convergence • Finding helpful invariants can be challenging • Advanced tool features can be used to help develop inductive invariants from non-reset design states • When all else fails – deep state space bug hunting can find difficult corner cases using formal Iain Singleton - Synopsys, Inc 42

  9. Q&A

  10. Agenda • Introduction : Sean Safarpour (20 min) • Induction & Invariants – Steps to Convergence : Iain Singleton (45 min) • Efficient Formal Modeling Techniques : Shaun Feng (45 min) Break (10 min) • Architectural Formal Verification for Coherency : Syed Suhaib (45 min) • Formal Sign-off : Mandar Munishwar (45 min) 44

  11. Efficient Formal Modeling Techniques Xiushan “Shaun” Feng Samsung Austin R&D Center Email: s.feng@samsung.com

  12. Agenda • Formal verification basics • Abstractions • Symbolic constants with examples • Conclusion Shaun Feng - Samsung 46

  13. Formal Verification Basics RTL TL Mod Model As Assertions + + Mod Modeling For ormal Verification Too ool No Debug Pas ass Yes Shaun Feng - Samsung 47

  14. Formal Modeling Goals • Goals: – Reduce state space – abstraction – Cut down the number of assertions – Allow formal to quickly find bugs if there is any • Approaches: – Cutpoints/blackboxes/shrinking – Assume-guarantee (or divide-conquer) – Symbolic constants – etc. Shaun Feng - Samsung 48

  15. Agenda • Formal verification basics • Abstractions • Symbolic constants with examples • Conclusion Shaun Feng - Samsung 49

  16. Cutpoints and Blackboxes • Can apply to Cutpoint Applied – Counters … X – RAMs/ROMs – Large arrays RTL Model – … Math functions – Unnecessary logic … • Conservative – No false proven – Deep proof bounds • Side effect Blackbox Applied – False failings … … – May need constraints … … … RTL Model … Shaun Feng - Samsung 50

  17. Shrunk Design module FOO #(parameter bit_iwdth = 10) ( module FOO #(parameter bit_width = 1) ( output reg[bit_width-1:0] AllocPrt, output reg[bit_width-1:0] AllocPrt, output reg[127:0] DeAllocData, output reg[127:0] DeAllocData, input Alloc, input Alloc, input [127:0] Data, input [127:0] Data, input DeAlloc, input DeAlloc, input DeAllocPtr, input DeAllocPtr, … … ) ) local param addr_size = 2^bit_width local param addr_size = 2^bit_width reg [127:0] MEM[addr_size]; reg MEM[addr_size]; … … assign DeAllocData = {127{1’b0},MEM[ DeAllocPtr]; assign DeAllocData = MEM[DeAllocPtr]; …. …. endmodule endmodule • Address space • FIFO – Cache coherence needs only one address – Depth of FIFO can be reduced • Data size – IO flopped delay can be removed • Other symmetric structures – 1 bit may be enough for data integrity check Shaun Feng - Samsung 51

  18. Assertion/Design Partition • Assertion partition Partition – Grouping assertions with same COI – Using proven assertions as assumptions Logic cone Assertions 1 RTL Model 1 Logic cone • Design partition Assertions 1 – Using assertion groups to partition design Logic cone Assertions 2 – One formal test for each partition RTL Model Logic cone Assertions 2 RTL Model 2 Shaun Feng - Samsung 52

  19. Preloading • Instead of starting formal at initial state, we can start at a valid pre- defined state – Configuration registers – Counters – FSM – Cache/memory – A witness trace of a cover property Shaun Feng - Samsung 53

  20. Preloading MESI State address value MEMORY 0 0 state address value S I S 0 0 0 X 0 0 wr add0 1 CPU 1 CPU 2 CPU 3 Shaun Feng - Samsung 54

  21. Counter Abstraction • Not all values of a counter are valid. – 32bit counter has 2^32 possible values – Abstract away the counter and assume possible values. • Initial values of counters – Usually, counters are initialized to predefined values (e.g, 0) – Counter-example can happen with a large counter value – a long trace to hit – Counter initial value abstraction helps to shorten the trace Shaun Feng - Samsung 55

  22. Counter Abstraction Example Counter Value Abstraction Initial Value Abstraction reg [bit_width-1:0] counter; TCL control file: cutpoint DUT.counter always_ff @(posedge clock) begin assume {condition |-> DUT.counter inside { 0, 1, 2, 4 }} if (reset) `ifdef FORMAL_ON `else counter <= ‘b0; `endif else if (…) counter <= counter + 1’b1; end Shaun Feng - Samsung 56

  23. Assume-Guarantee • General approach: – Break down a big problem into a few sub-problems – Assume sub-problems – Prove big problem with added assumptions – Prove sub-problems • Techniques can be used: – Design partition – Blackboxes – Cutpoints – Assertion re-writing Shaun Feng - Samsung 57

  24. Over Constraints Used as Abstraction • Over constraints are not always bad – Smaller state space – Finer-grain control of inputs • formal test bench can have both over and under constraints valid design space formal space 2^n exponential state space Shaun Feng - Samsung 58

  25. Agenda • Formal verification basics • Abstractions • Symbolic constants • Conclusion Shaun Feng - Samsung 59

  26. Symbolic Constants • A random value after reset • Will hold its value throughout the whole formal proof (@ posedge clk) ##1 $stable(SymC[31:0]) Time 0 … clk … A random number [0..2^32) Sym Constant Shaun Feng - Samsung 60

  27. Symbolic Constant Examples • Priority Arbiter • Round Robin Arbiter • In order transport example Shaun Feng - Samsung 61

  28. Priority Arbiter // if m<n, Req[m] has higher prority than Req[n] // if there is a Req[m], Req[n] cannot be granted High // without grant m first property priority_pair (m,n); @( posedge clk) disable iff (~reset_n) Req[0] Gnt[0] not ( ((m < n) && req[m] & !gnt[m]) throughout (gnt[n])[->1])); Req[1] Gnt[1] . Priority . endproperty Arbiter . . generate Req[N-1] Gnt[N] for ( genvar m = 0; m<=N; m++) begin for ( genvar n = 0; n<=N; n++) begin assert property (priority_pair(m,n)); Low end end endgenerate Shaun Feng - Samsung 62

  29. Use Symbolic Constants localparam WIDTH = $clog2(N); logic [WIDTH-1:0] m, n; ASM_SYM_CONST_m_n: assume property (@( posedge n_clock) disable iff (!n_resetb) ##1 $stable(m) && $stable(n) && m < N && n < N ); AST_PRI_ARB: assert property (@( posedge n_clock) disable iff (!n_resetb) not (strong(((m < n) && req[m] & !gnt[m]) throughout (gnt[n])[- >1])) ); ); • M, N are random values at reset, but will hold the values after reset. Shaun Feng - Samsung 63

  30. Round Robin Arbiter • Strong fairness • Severed request gets the lowest priority • Rotated priority Assertion Checks N-1 0 … … requests • Fairness • One hotness Round Robin Arbiter • Round robin (rotated priority) … grant Shaun Feng - Samsung 64

  31. Cases Req X is just served, expect to serve Y later 10…. N-1 0 Case 1 Y > X, i  (X, Y), req[i] ==0 Y X 00000000……………………………………………...000000 1 Case 2 N-1 X > Y, Y==0, i  (X, N-1], req[i] ==0 X Y 10……..............0 Case 3 N-1 X > Y, X==N-1, i  [0, Y), req[i] ==0 Y X 0………........0 10…..…….......0 Case 4 N-1 N>X > Y>0, i  (X, N-1]  [0, Y), req[i] ==0 Y X Shaun Feng - Samsung 65

  32. Assertions localparam WIDTH = $clog2(N); logic [WIDTH-1:0] X, Y; ASM_SYM_CONST_X_Y: assume property (@( posedge n_clock) disable iff (!n_resetb) ##1 $stable(X) && $stable(Y) && X < N && Y < N); generate for ( genvar i = 0; i < N; i++) begin : location_asm ASM_CASE1: assume property (@( posedge n_clock) disable iff (!n_resetb) Y > X && Y>i && i>X |-> Req[i]==0); ASM_CASE2: assume property (@( posedge n_clock) disable iff (!n_resetb) X > Y && Y ==0 && i > X |-> Req[i]==0); ASM_CASE3: assume property (@( posedge n_clock) disable iff (!n_resetb) X > Y && X==N-1 && i < Y |-> Req[i]==0); ASM_CASE4: assume property (@( posedge n_clock) disable iff (!n_resetb) X > Y && (i > X | i < Y) |-> Req[i]==0); end endgenerate AST_RR_ARB: assert property (@( posedge n_clock) disable iff (!n_resetb) ##1 $ past (Req[X] && Gnt[X]) && Req[Y] && Y !=X |-> $ onehot (Gnt) && Gnt[Y] ); AST_RR_ONEHOT: assert property (@( posedge n_clock) disable iff (!n_resetb) $ onehot0 (Req) |-> Gnt == Req ); AST_RR_FAIR: assert property (@( posedge n_clock) disable iff (!n_resetb) not ((Req[X] &&~Gnt[X])[*N]) ); Shaun Feng - Samsung 66

  33. Zoom in Fairness Assertion AST_RR_FAIR: assert property (@( posedge n_clock) disable iff (!n_resetb) not((Req[X]&& ~Gnt[X])[*N])); • What happened if N is very big. AST_RR_FAIR: assert property (@( posedge n_clock) disable iff (!n_resetb) X!=Y |-> not(Req[X] throughout Gnt[Y][->2]) ); Shaun Feng - Samsung 67

  34. In Order Transport • Data comes out in order • No drop of data DUT … • No spurious data comes out • No duplication of data !B A Inputs Bad outputs B !A C B A A A Shaun Feng - Samsung 68

  35. Modeling Input monitor state machine • A standard FIFO is used – With full/empty state • Input/output FSMs INIT • 3-state FSM A !A&!B/push SA – SA: seen A SA – SAB: seen A, B – INIT: initial state A/push SA B SAB assume property (##1 $stable( A ) && $stable( B ) A/push SAB !A/push SAB && A!= B ); Shaun Feng - Samsung 69

  36. Modeling – Cont. Output monitor state machine Flow control ASM_EOC_COND: assume property ( fifo.full || rand_stop INIT |-> in != A && in!= B && in_vld && A !A&!B/pop completed ); SA ASM_EOC: assume property ( A/pop B completed |=> completed && !in_vld ); SAB A/pop !A/pop Shaun Feng - Samsung 70

  37. Implementation DUT … Output monitor Input monitor INIT INIT A A pop SA SA push B B SAB SAB FIFO pop |-> fifo.out == output_monitor.state Checker: Shaun Feng - Samsung 71

  38. Symbolic Constant in Simulation • Symbolic constants can not be used directly for simulation. – $stable () can be replaced by a random number. localparam WIDTH = $clog2(N); logic [WIDTH-1:0] m; `ifdef FORMAL ASM_SYM_CONST_m: assume property (@( posedge n_clock) disable iff (!n_resetb) ##1 $stable (m) && m< N ); `else initial begin assert(std::randomize(m)); end `endif AST_PRI_ARB: assert property (@( posedge n_clock) disable iff (!n_resetb) not ((req[m] & !gnt[m])[*N]) ); Shaun Feng - Samsung 72

  39. Conclusion • Efficient formal verification modeling techniques are crucial to formal verification – Simplify formal modeling code – Improve runtime • Abstraction is the key – Abstractions with cost (false counter examples) – Understand designs and find the right balance Shaun Feng - Samsung 73

  40. Q&A

  41. Agenda • Introduction : Sean Safarpour (20 min) • Induction & Invariants – Steps to Convergence : Iain Singleton (45 min) • Efficient Formal Modeling Techniques : Shaun Feng (45 min) Break (10 min) • Architectural Formal Verification for Coherency : Syed Suhaib (45 min) • Formal Sign-off : Mandar Munishwar (45 min) 75

  42. Architectural Formal Verification of Coherency Manager Syed Suhaib - Nvidia Corp. Email: ssuhaib@nvidia.com

  43. Agenda • Coherency Manager • Verification Methodology • Coherency Manager’s Architectural Model • Results Syed Suhaib - Nvidia

  44. Coherency Manager DMA Cluster1 Cluster2 Coherency Manager (CM) Agents Cache Cache WrAck Snoop Fill Coherency Manager (CM) SnpRsp/ Read WriteBack Main Memory Agent1 Agent2 Syed Suhaib - Nvidia

  45. Verification Challenges • High Complexity DMA Cluster1 Cluster2 Agents Cache Cache • Large DUT Coherency Manager (CM) Main Memory • Traditional Simulation Doesn’t Work Well! – Slow – Coverage Challenges – Stub models for multiple Clusters • Tricky Syed Suhaib - Nvidia 79

  46. Verification Challenges • Formal Verification (FV) DMA Cluster1 Cluster2 Agents Cache Cache – Impractical to apply FV on entire system • State space Coherency Manager (CM) Main Memory – May create a custom setup • Black-box sub-units and add assumptions • Onion-peeling effort – Getting rid of non-relevant micro-arch details Syed Suhaib - Nvidia

  47. Steps of Architectural Verification 1. Code Architectural models of Coherency Manager components affecting coherency 2. Prove Coherence on interconnection of Architectural models (FPV) 3. Prove Architectural models against Coherency Manager RTL subunits (FPV) CM RTL CM Arch Model Prove Relevant to Arch Model Arch Coherency Model Irrelevant to No Model Coherency Prove Prove Relevant to Coherence Arch Model Arch Coherency Model Irrelevant to No Model Coherency Syed Suhaib - Nvidia

  48. Coherency Manager Block Diagram DMA Cluster1 Cluster2 Agents Coherency Model Cluster1 I/F Cluster2 I/F DMA I/F (C1I) (C2I) Client Interconnect (CIC) Coherency Engine (CE) Memory Interconnect (MIC) Bridge2 Bridge1 Architectural Model Interface Model MC SYSRAM IO Fabric No Model Syed Suhaib - Nvidia

  49. Cluster1 vs. Cluster2 Interface Model Invalid Valid Cluster1 Cluster2 Unique Shared Interface ACE Proprietary Coherency Protocol MOESI MESI M O Dirty I Cache-line Model Oski ACE VIP Coded in- Clean E S house reqrsp AR R data AW W reqrsp CM CM Cluster1 Cluster2 B data AC CR wrack CD Syed Suhaib - Nvidia

  50. Cluster1 Interface (C1I) Model DMA Cluster1 Cluster2 Agents Coherency Model Cluster1 I/F Cluster2 I/F DMA I/F (C1I) (C2I) Client Interconnect (CIC) Coherency Engine (CE) Memory Interconnect (MIC) Syed Suhaib - Nvidia 84

  51. Cluster1 Interface (C1I) Model Clus luste ter1 • Tracks progress of requests for a particular C1I->Cluster1 Cluster1>C1I cache-line Clus luste ter1 I/F /F • Read Tracker (C1I) XBAR->C1I • Write Tracker CIC->C1I • Snoop Tracker C1I->CIC Clien lient t Interconnect t • Trackers can be replicated for multiple cache- (CIC) CE->CIC lines CIC->CE Cohe oherency En Engin gine e (CE) Syed Suhaib - Nvidia

  52. Snoop Tracker Clus luste ter1 Reset CIC->C1I C1I->Cluster1 Cluster1>C1I WAIT_FOR_ CIC_REQ Clus luste ter1 I/F /F (C1I) XBAR->C1I CIC->C1I C1I->CIC Clien lient t Interconnect t (CIC) CE->CIC CIC->CE Cohe oherency En Engin gine e (CE) Syed Suhaib - Nvidia 86

  53. Snoop Tracker Clus luste ter1 Reset CIC->C1I C1I->Cluster1 C1I->Cluster1 Cluster1>C1I MY CIC SNP WAIT_FOR_ WAIT_FOR_ REQ, No FillOwn CIC_REQ C1I_REQ Clus luste ter1 I/F /F Pending (C1I) XBAR->C1I CIC->C1I C1I->CIC Clien lient t Interconnect t (CIC) CE->CIC CIC->CE Cohe oherency Engin En gine e (CE) Syed Suhaib - Nvidia 87

  54. Snoop Tracker Clus luste ter1 Reset CIC->C1I C1I->Cluster1 C1I->Cluster1 Cluster1>C1I MY CIC SNP WAIT_FOR_ WAIT_FOR_ REQ, No FillOwn CIC_REQ C1I_REQ Clus luste ter1 I/F /F Pending (C1I) XBAR->C1I CIC->C1I C1I->CIC MY CIC Clien lient t SNP REQ, BLOCK_SNP_ Interconnect t but Old TO_C1I (CIC) FillOwn pending CE->CIC CIC->CE Cohe oherency Engin En gine e (CE) Syed Suhaib - Nvidia 88

  55. Snoop Tracker Clus luste ter1 Reset CIC->C1I C1I->Cluster1 C1I->Cluster1 Cluster1>C1I MY CIC SNP WAIT_FOR_ WAIT_FOR_ REQ, No FillOwn CIC_REQ C1I_REQ Clus luste ter1 I/F /F Pending (C1I) XBAR->C1I CIC->C1I FillOwn Complete C1I->CIC MY CIC Clien lient t SNP REQ, BLOCK_SNP_ Interconnect t but Old TO_C1I (CIC) FillOwn pending CE->CIC CIC->CE Cohe oherency En Engin gine e (CE) Syed Suhaib - Nvidia 89

  56. Snoop Tracker Clus luste ter1 Reset CIC->C1I C1I->Cluster1 Cluster1->C1I C1I->Cluster1 Cluster1>C1I MY CIC SNP WAIT_FOR_ WAIT_FOR_ WAIT_FOR_ REQ, My Snoop No FillOwn Req sent? CIC_REQ C1I_REQ C1I_RSP Clus luste ter1 I/F /F Pending (C1I) XBAR->C1I CIC->C1I FillOwn Complete C1I->CIC MY CIC Clien lient t SNP REQ, BLOCK_SNP_ Interconnect t but Old TO_C1I (CIC) FillOwn pending CE->CIC CIC->CE Cohe oherency En Engin gine e (CE) Syed Suhaib - Nvidia 90

  57. Snoop Tracker Clus luste ter1 Reset CIC->C1I C1I->Cluster1 Cluster1->C1I C1I->Cluster1 Cluster1>C1I MY CIC SNP WAIT_FOR_ WAIT_FOR_ WAIT_FOR_ REQ, My Snoop No FillOwn Req sent? CIC_REQ C1I_REQ C1I_RSP Clus luste ter1 I/F /F Pending (C1I) XBAR->C1I My Snoop Rsp rcvd? CIC->C1I FillOwn Complete C1I->CIC C1I->CIC MY CIC Clien lient t SNP REQ, WAIT_FOR_ BLOCK_SNP_ Interconnect t but Old CIC_RSP TO_C1I (CIC) FillOwn pending CE->CIC CIC->CE Cohe oherency Engin En gine e (CE) Syed Suhaib - Nvidia 91

  58. Snoop Tracker Clus luste ter1 Reset CIC->C1I C1I->Cluster1 Cluster1->C1I C1I->Cluster1 Cluster1>C1I MY CIC SNP WAIT_FOR_ WAIT_FOR_ WAIT_FOR_ REQ, My Snoop No FillOwn Req sent? CIC_REQ C1I_REQ C1I_RSP Clus luste ter1 I/F /F Pending (C1I) XBAR->C1I My Snoop Rsp rcvd? CIC->C1I FillOwn Complete C1I->CIC C1I->CIC MY CIC Clien lient t SNP REQ, WAIT_FOR_ BLOCK_SNP_ Interconnect t but Old CIC_RSP TO_C1I (CIC) FillOwn pending CE->CIC CIC->CE Cohe oherency MY CIC SNP RSP En Engin gine e (CE) Syed Suhaib - Nvidia 92

  59. Snoop Tracker Clus luste ter1 Reset CIC->C1I C1I->Cluster1 Cluster1->C1I C1I->Cluster1 MY CIC WAIT_FOR_ WAIT_FOR_ WAIT_FOR_ SNP REQ, My Snoop Cluster1>C1I CIC_REQ No FillOwn C1I_REQ Req sent? C1I_RSP Pending Clus luste ter1 I/F /F (C1I) My Snoop Rsp rcvd? FillOwn Complete XBAR->C1I C1I->CIC MY CIC CIC->C1I SNP REQ, WAIT_FOR_ BLOCK_SNP_ C1I->CIC but Old TO_C1I CIC_RSP FillOwn Clien lient t pending Interconnect t (CIC) MY CIC SNP RSP CE->CIC CIC->CE ➢ Properties: Cohe oherency ➢ Final Snoop response must be as per original snoop request. Engin En gine e (CE) ➢ Snoop should push Fillown. Syed Suhaib - Nvidia 93

  60. Read Tracker Clus luste ter1 WAIT_FOR_ WAIT_FOR_ WAIT_FOR_ MY ACE MY CIC ACE_REQ RD REQ CIC_REQ RD REQ CIC_RSP C1I->Cluster1 Cluster1>C1I MY FillOwn RSP MY ACE RACK Clus luste ter1 I/F /F (C1I) XBAR->C1I WAIT_FOR_ WAIT_FOR_ CIC->C1I MY ACE RRSP with RLAST ACE_ACK ACE_RSP C1I->CIC Clien lient t Interconnect t (CIC) ➢ Properties: CE->CIC ➢ Read Request Consistency CIC->CE ➢ Read Re-order buffer entry reuse ➢ FIFO ordering rules on RRESP (on per ARID basis) Cohe oherency Engin En gine e (CE) ➢ SoDev Ordering properties Syed Suhaib - Nvidia 94

  61. C1I Properties • Only 1 outstanding coherent request allowed for a Clus luste ter1 cache-line C1I->Cluster1 Cluster1>C1I Clus luste ter1 I/F /F • If cache-line is not Unique, there should not be a dirty (C1I 1I) XBAR->C1I CIC->C1I write back C1I->CIC Clien lient t Interconnect t (CIC) CE->CIC CIC->CE Cohe oherency En Engin gine e (CE) Syed Suhaib - Nvidia

  62. Coherency Engine Architectural Model • Snoop Filter DMA Clu Cluster1 Cluster2 Clu • Generates Proper FillOwn/WriteAck for each Cl Clie ient Interco connect ct (CIC CIC) Read/Write request • Models Full-Address Chain & Hazards Co Coherency Eng Engine (CE CE) • Doesn’t Model: Data Values Me Memory Int nterco connect (MI MIC) Syed Suhaib - Nvidia

  63. Components of CE Architectural Model 1. Read Request FIFO – Serialize read requests. – CE processes 1 read / address at a time. 2. Top-Of-FIFO State Machine – Models actions executed by CE to process a single read request / cacheline. 3. Snoop State Machine – Track outstanding snoops for tracked cacheline address. 4. Write Tracker: Tracks outstanding writebacks from agents. Syed Suhaib - Nvidia

  64. Top-of-FIFO State Machine IDLE Tracked Req Snoop Read Needed, but older dirty WB waiting for MIC ack Read needed && No Write Else Ack pending from MIC Needed Got WAIT_ WAIT_ Read MIC ISSUE_RD SNOOPS WR_ACK Needed Ack Read Snoop returned dirty data Snoops done Read Issued Still Needed Read Not Needed originally, or now WAIT_ENTRY_ DEALLOC Done with Req Syed Suhaib - Nvidia

  65. CM Architectural Model Architectural Model Interface Model reqrsp AR/R reqrsp AW/B Cluster1 I/F (C1I) Cluster1 AC/CR req wrack rsp Client Coherency Interconnect Engine (CE) (CIC) snoop rdrsp reqrsp reqrsp wrack reqrsp reqrsp Cluster2 I/F (C2I) Cluster2 wrack rdreq/wrreq wrack snpreq owngnt rddata/wrrsp snprsp ownreq ACE Memory DMA I/F DMA Agents Interconnect (MIC) Syed Suhaib - Nvidia

  66. Results • Coherency Verification $onehot0({ (cl_state_cluster1==Unique), (cl_state_cluster2==Unique), (cl_state_dma==Unique) }) • Protocol Compliance Syed Suhaib - Nvidia

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Verification for an Internet of Secured Things Tutorial at the 3 rd World Congress on Formal

Formal Verification for an Internet of Secured Things Tutorial at the 3 rd World Congress on Formal

Formal Verification for an Internet of Secured Things Tutorial at the 3 rd World Congress on Formal Methods, 2019 Allan Blanchard, Nikolai Kosmatov, Fr ed eric Loulergue some slides authored by Julien Signoles Email: allan.blanchard@cea.fr,

1.69k views • 154 slides
Formal Verification of Masked Implementations Sonia Bela d Benjamin Gr egoire CHES 2018

Formal Verification of Masked Implementations Sonia Bela d Benjamin Gr egoire CHES 2018

Formal Verification of Masked Implementations Sonia Bela d Benjamin Gr egoire CHES 2018 - Tutorial September 9th 2018 1 / 47 1 Side-Channel Attacks and Masking 2 Formal Tools for Verification at Fixed Order 3 Formal Tools

1.24k views • 97 slides
Theorem Proving for Verification John Harrison Intel Corporation Galois talk (repeat of CAV

Theorem Proving for Verification John Harrison Intel Corporation Galois talk (repeat of CAV

Theorem Proving for Verification John Harrison Intel Corporation Galois talk (repeat of CAV tutorial) Portland 16th September 2008 (10:30 12:00) 0 Formal verification Formal verification: mathematically prove the correctness of a design

738 views • 53 slides
Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry 1 Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches HOL Light Floating point

366 views • 25 slides
Practical Formal Verification of MPI and Thread Programs Ganesh Gopalakrishnan, School of

Practical Formal Verification of MPI and Thread Programs Ganesh Gopalakrishnan, School of

Practical Formal Verification of MPI and Thread Programs Ganesh Gopalakrishnan, School of Computing, University of Utah, Salt Lake City, UT 84112 A Half-Day Tutorial Proposed for ICS 2009 http:// www.cs.utah.edu / formal_verification

1.3k views • 102 slides
Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic 1 Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal verification Machine-checked proof Automatic and interactive approaches HOL Light

539 views • 19 slides
Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms 1 Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of bugs Formal verification Levels of verification HOL Light Formalizing mathematics

353 views • 19 slides
Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA http://www.clifford.at/papers/2018/riscv-formal/ About assertion based formal verification (formal ABV) Assertion based verification (ABV) Uses

781 views • 39 slides
Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal Verification Yosys-STMBMC iCE40 FPGAs Bounded Model Checking (Project IceStorm) Using any SMT-LIB2 solver (using QF_AUFBV logic) Xilinx

706 views • 56 slides
Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim Kobeissi PROSECCO: Pro gramming Sec urely with C rypt o graphy. Team at INRIA Paris specializing in applied cryptography and formal verification.

357 views • 14 slides
Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica

Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica

Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Until now Logic Formal specification (generalities) Algebraic specification 2 Formal

627 views • 19 slides
Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Until now Logic Formal specification (generalities) Algebraic specification Transition systems 2

798 views • 62 slides
Formal Verification and Testing for Formal Verification and Testing for Reactive Systems

Formal Verification and Testing for Formal Verification and Testing for Reactive Systems

ARTIST2 - ARTIST2 - MOTIVES MOTIVES Trento - - Italy, February 19 Italy, February 19- -23, 2007 23, 2007 Trento Session: Testing and Runtime Verification Formal Verification and Testing for Formal Verification and Testing for Reactive

881 views • 31 slides
Assume-Guarantee Validation for STE Properties within an SVA Environment Tom Melham Oxford

Assume-Guarantee Validation for STE Properties within an SVA Environment Tom Melham Oxford

Assume-Guarantee Validation for STE Properties within an SVA Environment Tom Melham Oxford University Zurab Khasidashvili &amp; Gavirel Gavrielov Intel Israel Ltd. Validation of STE Verification Environment Assume (STE) Guarantee (SVA)

387 views • 19 slides
11M 6M 0.3M 8M No. of tweets 291,527 No. of reweets 8,636,743 Data Sources IMDB

11M 6M 0.3M 8M No. of tweets 291,527 No. of reweets 8,636,743 Data Sources IMDB

Number of Official Movie Twitter Accounts Over Time No. of followers 11,591,814 No. of favorites 6,384,445 11M 6M 0.3M 8M No. of tweets 291,527 No. of reweets 8,636,743 Data Sources IMDB the-numbers.com Movie Ratings 2015

425 views • 20 slides
Ada Sentences in Standard Indonesian David Moeljadi Division of Linguistics and Multilingual

Ada Sentences in Standard Indonesian David Moeljadi Division of Linguistics and Multilingual

Ada Sentences in Standard Indonesian David Moeljadi Division of Linguistics and Multilingual Studies, Nanyang Technological University, Singapore The 20th International Symposium on Malay/Indonesian Linguistics (ISMIL 20), University of

439 views • 17 slides
Natural Language Processing Lecture 18a: Meaning Representatjon Languages Semantjcs Road Map

Natural Language Processing Lecture 18a: Meaning Representatjon Languages Semantjcs Road Map

Natural Language Processing Lecture 18a: Meaning Representatjon Languages Semantjcs Road Map 1. Lexical semantjcs 2. Vector semantjcs 3. Meaning representatjon languages and semantjc roles 4. Compositjonal semantjcs, semantjc parsing 5.

650 views • 51 slides
8. Assertion Based Design and Assertion Languages Verification Technology Content 8.1

8. Assertion Based Design and Assertion Languages Verification Technology Content 8.1

8. Assertion-Based Design and Assertion Languages 1 Fachgebiet Rechnersysteme 8. Assertion Based Design and Assertion Languages Verification Technology Content 8.1 Assertion-Based Design 8.2 Introduction to ITL 8.3 Introduction to SVA

856 views • 51 slides
SVA Bright Spots Schools Connection A young persons postcode should not predict their

SVA Bright Spots Schools Connection A young persons postcode should not predict their

Introducing the SVA Bright Spots Schools Connection A young persons postcode should not predict their educational achievement. SVA Education Strategy 2013 We listened, we consulted, and in collaboration we now launch.

681 views • 35 slides
Component model concepts Components A runtime entities That can be manipulate

Component model concepts Components A runtime entities That can be manipulate

Nomadik Multiprocessing Framework, a component-based programming model 6/11/2007 - ST Company Confidential for MP-SoC Jean-Philippe FASSINO ST Microelectronics 1 Component model concepts Components A runtime entities That can

381 views • 8 slides
Open Source Hardware Verification A survey and suggestions for future work Ben Marshall

Open Source Hardware Verification A survey and suggestions for future work Ben Marshall

29th March 2019 Open Source Hardware Verification A survey and suggestions for future work Ben Marshall University of Bristol Computer Science Department Open Source Hardware Verification Outline Open Source Hardware Verification 2019-03-07

189 views • 6 slides

More recommend