symbiyosys formal hardware verification with opensource
play

SymbiYosys Formal Hardware Verification with OpenSource Tools - PowerPoint PPT Presentation

Aug 17, 2022 •239 likes •600 views

SymbiYosys Formal Hardware Verification with OpenSource Tools Clifford Wolf Symbiotic EDA Yosys, Yosys-SMTBMC, SymbiYosys Yosys FOSS Verilog Synthesis tool and more highly flexible, customizable using scripts Formal

  1. SymbiYosys – Formal Hardware Verification with OpenSource Tools Clifford Wolf Symbiotic EDA

  2. Yosys, Yosys-SMTBMC, SymbiYosys ● Yosys – FOSS Verilog Synthesis tool and more – highly flexible, customizable using scripts ● Formal Verification (Safety Properties, Liveness Properties, Equivalence, Coverage) ● FPGA Synthesis for iCE40 (Project IceStorm), Xilinx 7-series (Vivado for P&R), GreenPAK4 (OpenFPGA), Xilinx Coolrunner-II, Gowin Semi FPGAs, MAX10, … ● ASIC Synthesis (full FOSS flows: Qflow, Coriolis2) ● Yosys-SMTBMC – A flow with focus on verification of safety properties using BMC and k- induction, using SMT2 circuit descriptions generated by Yosys ● SymbiYosys – A unified front-end for many Yosys-based formal verification flows

  3. SymbiYosys Features ● Bounded verification of safety properties ● Unbounded verification of safety properties ● Generation of test benches from cover statements ● Verification of liveness properties ● Formal equivalence checking [TBD] ● Reactive Synthesis [TBD] Solvers: – SMT2 ● Yices, Boolector, Z3, CVC4, Mathsat ● easy to extend to any SMT2 solver with QF_AUFBV, QF_ABV, QF_BV, or QF_UFBV support – AIGER ● super_prove, Avy, everything in ABC (including pdr ) ● easy to extend to any AIGER solver for safety and/or liveness properties – BTOR2 [TBD] ● new word-level HW model checking format (see CAV 2018 paper)

  4. Types of Properties Supported in SymbiYosys ● Safety properties – Verilog assume(…) and assert(…) statements – a CEX trace satisfies all assumptions and violates at least one assertion ● Fairness and Liveness – Fairness: if (…) assume property (s_eventually …); – Liveness: if (…) assert property (s_eventually …); – a CEX trace contains a loop that satisfies all fairness properties (and all assumptions) and violates at least one liveness property ● Cover – Verilog cover( … ) statements – Produces a trace for each cover statement that satisfies that cover statement.

  5. Availability of various EDA tools for students, hobbyists, enthusiasts ● FPGA Synthesis ● Formal Verification – Free to use: – Free to use: ● Xilinx Vivado WebPack, etc. ??? ● – Free and Open Source: – Free and Open Source: ● Yosys + Project IceStorm ● VTR (Odin II + VPR) ??? ● ● HDL Simulation .. and people in the industry are complaining they can't find – Free to use: any verification experts to hire! ● Xilinx XSIM, etc. – Free and Open Source: ● Icarus Verilog, Verilator, etc.

  6. “Formal first” vs. traditional use of formal methods Cost of (fixing) a bug Traditional use-case for formal Most formal tools are priced and advertised for the traditional use case. Number of found Formal new bugs first Time Development Verification / Testing Production

  7. Formal First → designing better digital circuits faster and cheaper ● Formal First is a set of design methodologies focusing on using formal methods during development, as early as possible. – Target user base is design engineers, not verification engineers ● Not necessarily for creating complete correctness proofs. Instead run simple BMC for “low hanging fruits” safety properties, such as – standard bus interfaces like AXI/APB/etc. – simple data flow analysis to catch reset issues and/or pipeline interlocking problems – use cover() statements to replace hard-to-write one-off test benches for trying things with the design under test ● Can be as simple as: always @(posedge i_clk) cover(o_wb_ack); ● Formal methods can help to find a vast range of bugs sooner and produces shorter (and thus easier to analyze) counter example traces. ● Let’s not limit our thinking to “formal is for XYZ ”! Formal is a set of fairly generic technologies that have applications everywhere in the design process! – But we cannot unleash the full potential formal has to offer unless we make sure that every digital design and/or verification engineer has access to formal tools. (Like each of those people has access to HDL simulators.)

  8. Formal First ● Here are a few example use cases for formal tools during the development phase of a new circuit: – Verification of embedded “sanity check” assertions ● E.g. “write and read pointers never point to the same element after reset” – Verification of standardized interface using standardized “off-the-shelf” formal properties ● E.g. standardized bus interfaces such as AXI. – Using cover statements to create test benches quickly. ● E.g. cover “done signal goes high (some time after reset)” – Using cover statements during debugging to make sense of trace data from FPGA based test runs. ● E.g. cover “done signal goes high while NAK is active” ● Or assert “done signal never goes high while NAK is active” – Note that this are the same techniques that are employed in the traditional use case for formal. – This is similar to how simulators are used by design and verification engineers alike. – Nobody would claim that simulators are “only for verification (of few very special designs)”.

  9. HDL features in Yosys (Open Source) and Symbiotic EDA Suite (Commercial) ● Yosys ● Symbiotic EDA Suite – Verilog 2005 – Everything in Yosys – Memories / Arrays + SystemVerilog 2012 – Immediate assert(), + VHDL 2008 assume(), and cover() + Concurrent assert(), – checkers, rand [const] regs assume(), and cover() + SVA Properties – Special attributes: ● anyconst, anyseq, allconst, allseq, gclk

  10. Safety Properties: Are the bad states reachable from the initial states ? assertions (explicit) unreachable non- bad states. many of those usually implies reachable states a difficult proof. (implicit)

  11. Bounded Model Check (BMC) In steps 1 .. k-1: Step 1: 0 UNSAT → next step SAT → FAIL Step 2: 0 1 Step 3: 0 1 2 Step 4: 0 1 2 3 In step k: Step k: UNSAT → PASS 0 1 2 k-1 3 SAT → FAIL BMC proves that no bad state is reachable within k cycles.

  12. k-Induction In steps 1 .. k: Step 1: k SAT → next step UNSAT → PASS Step 2: k-1 k Step 3: k-2 k-1 k Step 4: k-3 k-2 k-1 k In step k+1: SAT → UNKNOWN Step k+1: 0 k-3 k-2 k-1 k UNSAT → PASS k-induction proves that a sequence of k non-bad states is always followed by another non-bad state. The k used for induction must be ≤ the k used in BMC for a valid complete proof.

  13. SymbiYosys flow with Yosys-SMTBMC Verilog Design Yosys PASS / FAIL Verilog Asserts SMT-LIB2 Code Trace / counterexample formats VCD File Verilog Testbench Constraints File Yosys-SMTBMC Constraints File SMT-LIB2 Solver

  14. SymbiYosys flow with AIGER model checker unoptimized word-level representation, good for creating human readable Verilog Design counter examples SMT-LIB Yosys code Verilog Asserts SMT-LIB2 Solver Model Checker AIGER AIGER Yosys-SMTBMC (e.g. pdr, avy) witness optimized bit-level model PASS/FAIL Yosys-SMTBMC is only used here as a post- Counter Example processor, turning the AIGER witness into a useful human readable counter example (e.g. VCD).

  15. Custom SMT-LIB Flows Verilog Design Yosys Verilog Asserts Options for writing custom proofs: SMT-LIB2 Code - Hand-written SMT2 code - Custom python script using smtio.py (the python lib ? ? ? implementing most of yosys- smtbmc) - Any other app using any SMT- LIB2 solver (e.g. using C/C++ API for proofs that involve many SMT-LIB2 Solver (check-sat) calls.

  16. Hello World hello.sv hello.sby module hello ( [options] input clk, rst, mode prove output [3:0] cnt depth 10 ); reg [3:0] cnt = 0; [engines] smtbmc z3 always @(posedge clk) begin if (rst) [script] cnt <= 0; read_verilog -formal hello.sv else prep -top hello cnt <= cnt + 1; end [files] hello.sv `ifdef FORMAL always @* assume (cnt != 10); always @* assert (cnt != 15); `endif endmodule

  17. Hello World $ sby -f hello.sby SBY 14:45:35 [hello] Removing direcory 'hello'. SBY 14:45:35 [hello] Copy 'hello.sv' to 'hello/src/hello.sv'. SBY 14:45:35 [hello] engine_0: smtbmc z3 … … … SBY 14:45:35 [hello] engine_0.induction: finished (returncode=0) SBY 14:45:35 [hello] engine_0: Status returned by engine for induction: PASS SBY 14:45:36 [hello] engine_0.basecase: finished (returncode=0) SBY 14:45:36 [hello] engine_0: Status returned by engine for basecase: PASS SBY 14:45:36 [hello] summary: Elapsed clock time [H:MM:SS (secs)]: 0:00:00 (0) SBY 14:45:36 [hello] summary: Elapsed process time [H:MM:SS (secs)]: 0:00:00 (0) SBY 14:45:36 [hello] summary: engine_0 (smtbmc z3) returned PASS for induction SBY 14:45:36 [hello] summary: engine_0 (smtbmc z3) returned PASS for basecase SBY 14:45:36 [hello] summary: successful proof by k-induction. SBY 14:45:36 [hello] DONE (PASS, rc=0) - The sby option -f causes sby to remove the output directory if it already exists. - The output directory contains all relevant information, including copies of the HDL design files.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Verification with SymbiYosys and Yosys-SMTBMC Clifford Wolf Availability of various EDA

Formal Verification with SymbiYosys and Yosys-SMTBMC Clifford Wolf Availability of various EDA

Formal Verification with SymbiYosys and Yosys-SMTBMC Clifford Wolf Availability of various EDA tools for students, hobbyists, enthusiasts FPGA Synthesis Formal Verification Free to use: Free to use: Xilinx Vivado WebPack,

818 views • 49 slides
SymbiYosys: Investigating and Verifying Hardware Designs with Formal Open Source Tools Clifford

SymbiYosys: Investigating and Verifying Hardware Designs with Formal Open Source Tools Clifford

SymbiYosys: Investigating and Verifying Hardware Designs with Formal Open Source Tools Clifford Wolf Symbiotic EDA Yosys, Yosys-SMTBMC, SymbiYosys Yosys FOSS Verilog Synthesis tool and more highly flexible, customizable using

454 views • 32 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations

Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations

Roberto Guanciale Estonian Winter School Day 02 Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations Apps Crypto Service OS Hypervisor/ Separation Kernel Hardware Host 1 Motivations Separation

850 views • 63 slides
Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
Formal Hardware Verification (some key ideas) Mary Sheeran Idealised Flow High level Not

Formal Hardware Verification (some key ideas) Mary Sheeran Idealised Flow High level Not

4/3/2008 Formal Hardware Verification (some key ideas) Mary Sheeran Idealised Flow High level Not formal 1 4/3/2008 Idealised Flow High level Not formal Equally high level Formal spec. Math, expressive logic Idealised Flow High level

402 views • 22 slides
based Hardware Verification Makai Mann, Clark Barrett Hardware Verification SAT is king

based Hardware Verification Makai Mann, Clark Barrett Hardware Verification SAT is king

Finding Critical Clauses in SMT- based Hardware Verification Makai Mann, Clark Barrett Hardware Verification SAT is king Still faces scaling issues, particularly for data-path properties Satisfiability Modulo Theories (SMT) can

605 views • 5 slides
Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry 1 Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches HOL Light Floating point

366 views • 25 slides
Hardware description and verification http://www.cse.chalmers.se/edu/course/TDA956/ Getting

Hardware description and verification http://www.cse.chalmers.se/edu/course/TDA956/ Getting

3/21/2011 Hardware description and verification http://www.cse.chalmers.se/edu/course/TDA956/ Getting hardware designs right [using ideas from computer science] Mary Sheeran Verification Design verification is the task of establishing that a

598 views • 15 slides
Hardware description and verification http://www.cse.chalmers.se/edu/course/TDA956/ Getting

Hardware description and verification http://www.cse.chalmers.se/edu/course/TDA956/ Getting

Hardware description and verification http://www.cse.chalmers.se/edu/course/TDA956/ Getting hardware designs right [using ideas from computer science] Mary Sheeran Verification Design verification is the task of establishing that a given

756 views • 30 slides
Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal

Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal

Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal verification uses algorithms to rigorously prove properties of hardware or software design. 20 years ago, we had the FDIV bug: 42.0 / 7.0 = 8.0 Formal

576 views • 6 slides
Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic 1 Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal verification Machine-checked proof Automatic and interactive approaches HOL Light

539 views • 19 slides
Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms 1 Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of bugs Formal verification Levels of verification HOL Light Formalizing mathematics

353 views • 19 slides
Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA http://www.clifford.at/papers/2018/riscv-formal/ About assertion based formal verification (formal ABV) Assertion based verification (ABV) Uses

781 views • 39 slides
Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal Verification Yosys-STMBMC iCE40 FPGAs Bounded Model Checking (Project IceStorm) Using any SMT-LIB2 solver (using QF_AUFBV logic) Xilinx

706 views • 56 slides
Po Pore Water Remedial Goals (P (PWRGs) s) fo for the Protection of Benthic Or Organis

Po Pore Water Remedial Goals (P (PWRGs) s) fo for the Protection of Benthic Or Organis

Po Pore Water Remedial Goals (P (PWRGs) s) fo for the Protection of Benthic Or Organis anisms ms Sediment toxicity testing on samples from your site YES or NO Goal today: Show how PWRGs and sediment toxicity testing data

384 views • 19 slides
Parametric Survival Analysis So far, we have focused primarily on nonparametric and

Parametric Survival Analysis So far, we have focused primarily on nonparametric and

Parametric Survival Analysis So far, we have focused primarily on nonparametric and semi-parametric approaches to survival analysis, with heavy emphasis on the Cox proportional hazards model: ( t, Z ) = 0 ( t ) exp( Z ) We used the

1.13k views • 78 slides
Time-dependent covariates Rasmus Waagepetersen November 17, 2020 1 / 11 Martingale approach to

Time-dependent covariates Rasmus Waagepetersen November 17, 2020 1 / 11 Martingale approach to

Time-dependent covariates Rasmus Waagepetersen November 17, 2020 1 / 11 Martingale approach to Cox proportional hazards We can write Cox partial likelihood with time-varying covariate as exp[ T Z i ( t i )] L ( ) = n l =1 Y l ( t

217 views • 11 slides
Introduction to Survival Analysis Kan Ren Apex Data and Knowledge Management Lab Shanghai Jiao

Introduction to Survival Analysis Kan Ren Apex Data and Knowledge Management Lab Shanghai Jiao

Introduction to Survival Analysis Kan Ren Apex Data and Knowledge Management Lab Shanghai Jiao Tong University Seminar Tutorial at Apex Lab Kan Ren (Shanghai Jiao Tong University) Introduction to Survival Analysis Seminar Tutorial at Apex Lab

913 views • 35 slides
Symb io sis: E ffe c tive Pa rtne rship with Hig he r E duc a tio n I nstitutio ns Ashle y

Symb io sis: E ffe c tive Pa rtne rship with Hig he r E duc a tio n I nstitutio ns Ashle y

Symb io sis: E ffe c tive Pa rtne rship with Hig he r E duc a tio n I nstitutio ns Ashle y Bushe ll &amp; L ynn T ho mpso n Ag e nda I ntro duc tio ns Jumpsta rt Ove rvie w E sta b lishing the Pa rtne rship L e ve ra g ing yo ur

786 views • 23 slides
Linguistic Symbiosis between Actors and Threads Tom Van Cutsem Stijn Mostinckx Wolfgang De

Linguistic Symbiosis between Actors and Threads Tom Van Cutsem Stijn Mostinckx Wolfgang De

Linguistic Symbiosis between Actors and Threads Tom Van Cutsem Stijn Mostinckx Wolfgang De Meuter Programming Technology Lab Vrije Universiteit Brussel Brussels, Belgium International Conference on Dynamic Languages, August 27th 2007,

803 views • 49 slides
Industrial Symbiosis: Networking for Improved Environmental Performance Teresa Domenech, PhD

Industrial Symbiosis: Networking for Improved Environmental Performance Teresa Domenech, PhD

Industrial Symbiosis: Networking for Improved Environmental Performance Teresa Domenech, PhD Research Assistant, Teaching Fellow University College of London (UCL) From a linear to a circular industrial system From linear Natural

576 views • 19 slides
Symbiosis Column Stores and R Statistics Hannes Mhleisen &amp; Thomas Lumley Process Collect

Symbiosis Column Stores and R Statistics Hannes Mhleisen &amp; Thomas Lumley Process Collect

Symbiosis Column Stores and R Statistics Hannes Mhleisen &amp; Thomas Lumley Process Collect data Load data Filter, transform Analyze &amp; Plot into R &amp; aggregate data Publish paper Process Collect data Load data Filter,

939 views • 24 slides

More recommend