verifying centaur s floating point adder
play

Verifying Centaurs Floating Point Adder Sol Swords - PowerPoint PPT Presentation

Feb 28, 2023 •676 likes •898 views

Verifying Centaurs Floating Point Adder Sol Swords sswords@cs.utexas.edu April 23, 2008 Sol Swords () Verifying Centaurs Floating Point Adder April 23, 2008 1 / 21 Problem Given: Verilog RTL for the Centaur CN processors FADD

  1. Verifying Centaur’s Floating Point Adder Sol Swords sswords@cs.utexas.edu April 23, 2008 Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 1 / 21

  2. Problem Given: ◮ Verilog RTL for the Centaur CN processor’s FADD unit, ◮ Opcode and instructions for running a floating-point addition, ◮ An ACL2 specification function for floating point addition, Prove, to the extent possible, that the design implements the spec. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 2 / 21

  3. Overview Dependency Checking And-Inverter Functional EMOD Sim ulation Graphs Delay Modeling Model Verilog E Output BDDify Modules Files BDDs Case-splitting Input =? predicate BDDs ACL2 Spec Spec GIFY G-spec Output Function BDDs Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 3 / 21

  4. Spec side Spec to BDDs Dependency Checking And-Inverter Functional EMOD Sim ulation Graphs Delay Modeling Model Verilog E Output BDDify Modules Files BDDs Case-splitting Input =? predicate BDDs ACL2 Spec Spec GIFY G-spec Output Function BDDs Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 4 / 21

  5. Spec side Gify quick summary ◮ Want the spec represented as BDDs - Boolean functions, one for each output bit, over the bits of the input ◮ (GIFY ’SPEC) defines the (Common Lisp) function G-SPEC which now operates on symbolic objects. ◮ Approximate, hypothetical contract of a G-function: (equal (eval-g (g-foo a b c) vals) (foo (eval-g a vals) (eval-g b vals) (eval-g c vals))) where EVAL-G maps a symbolic object to a concrete object. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 5 / 21

  6. Input BDD Generation Input BDD Generation Dependency Checking And-Inverter Functional EMOD Sim ulation Graphs Delay Modeling Model Verilog E Output BDDify Modules Files BDDs Case-splitting Input =? predicate BDDs ACL2 Spec Spec GIFY G-spec Output Function BDDs Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 6 / 21

  7. Input BDD Generation Case Splitting ◮ BDDs for fully general FP addition are too big. ◮ We have built them for the single-precision case: 2-4 hours computation, 20 million hash-conses. Not happening for double-precision. ◮ Case-splitting lets the BDD order be chosen for each case ◮ Also makes it easier to eliminate irrelevant intermediate computations (more later.) Where do we split? Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 7 / 21

  8. Input BDD Generation Split by Exponent Difference Mantissa 1 Expt Diff Mantissa 2 Why? ◮ Adding the same mantissas at the same exponent difference is the same addition operation ◮ Best BDD order for addition has bits in order of significance ◮ Separates Near Path from Far Path cases ◮ Can consolidate cases where mantissas don’t overlap Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 8 / 21

  9. Input BDD Generation Max NaNs, Infinities Outer Triangle Exponent 2 s l a n o g a i D r e n n I Outer Triangle Denorms, Zeros 0 Exponent 1 Max 0 Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 9 / 21

  10. Input BDD Generation Input generation detail Case-Splitting Predicate GIFY Predicate BDD Case Symbolic Q-PARAM Specifier Predicate Restricted BDD Symbolic Symbolic Ordering Operands Operands Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 10 / 21

  11. Input BDD Generation Case-splitting Predicate Define as an ACL2 function: (ops-ok op1 op2 case) ◮ case specifies which of the cases to accept ◮ Equals t if the operands fit that case, nil otherwise. ◮ Gify this function to get g-ops-ok ◮ Use the Gified function to get a BDD that shows when the symbolic operands satisfy the predicate. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 11 / 21

  12. Input BDD Generation Parameterized Inputs For the inputs to symbolic simulations we want symbolic values that ◮ Always satisfy the predicate ◮ Cover all possible inputs that satisfy the predicate. Implemented by function (Q-PARAM P N) ◮ P - predicate BDD ◮ N - Number of variables to create parameterized values for ◮ (Q-PARAM P N) makes a list of N BDDs which ◮ evaluate to values satisfying P for all variable settings ◮ are general enough so that every set of values satisfying P can be generated. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 12 / 21

  13. Input BDD Generation Q-PARAM theorems: 1 (defthm forall-y-p-of-param-of-y-is-true (implies (and (normp p) ;; P is a BDD p ;; P is satisfiable ;; N is an integer ;; and is >= the number of variables used in P (integerp n) (<= (max-depth p) n)) ;; Every case covered by (Q-PARAM P N) satisfies P. (equal (eval-bdd p (eval-bdd-list (q-param p n) y)) t))) Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 13 / 21

  14. Input BDD Generation Q-PARAM theorems: 2 (defthm exists-y-such-that-x-is-param-of-y (implies (and ;; X is a list of Booleans that satisfies P (boolean-listp x) (equal (eval-bdd p x) t) ;; X is long enough to cover all variables of P (<= (max-depth p) (len x))) ;; There exists Y for which (Q-PARAM P (LEN X)) ;; evaluates to X. (let ((y (eval-bdd-list (q-param-inv p (len x)) x))) (equal (eval-bdd-list (q-param p (len x)) y) x)))) Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 14 / 21

  15. Model Side Model to BDDs Dependency Checking And-Inverter Functional EMOD Sim ulation Graphs Delay Modeling Model Verilog E Output BDDify Modules Files BDDs Case-splitting Input =? predicate BDDs ACL2 Spec Spec GIFY G-spec Output Function BDDs Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 15 / 21

  16. Model Side Model-side summary ◮ We read the model from Centaur’s Verilog RTL (about 20,000 LOC.) ◮ Synthesize the Verilog to gates and translate the gates to E ◮ Results in an ACL2 defconst called |*fadd*| ◮ Run several cycles of (emod ’faig |*fadd*| < inputs > < state > ) to get a pair of And-Inverter Graphs (AIGs) for each output bit. ◮ Using the BDD inputs generated by case-splitting, build the BDD for each AIG using an iterative process. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 16 / 21

  17. Model Side AIG introduction An AIG is a recursive data structure: ◮ Booleans: T and NIL ◮ Variables: non-Boolean atoms ◮ Negation of an AIG x : (CONS X NIL) ◮ Conjunction of AIGs x and y : (CONS X Y) Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 17 / 21

  18. Model Side AIG to BDD, simple algorithm Given an assignment of BDDs to the variables present in an AIG, make an equivalent BDD: (defn aig-to-bdd (x al) (cond ((booleanp x) ;; Boolean x) ((atom x) ;; Variable (cdr (hons-get x al))) ((eq (cdr x) nil) ;; Negation (q-not (aig-to-bdd (car x) al))) (t ;; Conjunction (q-and (aig-to-bdd (car x) al) (aig-to-bdd (cdr x) al))))) ◮ Too inefficient, can’t use. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 18 / 21

  19. Model Side AIG to BDD, practical approach At a conjunction node A ∧ B , suppose A can be cheaply translated into a BDD but B cannot. Observation: We may not need to BDDify B in order to BDDify A ∧ B . ◮ If BDDify( A ) = NIL , then BDDify( A ∧ B ) = NIL . ◮ More generally, if A is never true when B is false, then BDDify( A ∧ B ) = BDDify( A ). ◮ Strategy: Set an upper bound on the size of BDDs to work on. If we can detect the above situation before fully BDDifying B , we win. Otherwise, may need to increase the upper bound and try again. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 19 / 21

  20. Model Side AIG to BDD, practical approach ◮ Use one of two strategies for dealing with too-big BDDs: ◮ More conservative, faster: Use pairs of BDDs to represent upper and lower bounds of the true BDD values. Set the upper bound to T or the lower bound to NIL when too big. ◮ Less conservative, slower: Associate each too-large BDD created with a fresh BDD variable. ◮ In either case, we may sometimes prune the AIG even when we have no exact BDD results. ◮ Have ACL2 proofs that both approaches are sound. ◮ Our approach: Alternate between the two strategies while iteratively increasing the size limit until an exact result is reached. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 20 / 21

  21. Results Results ◮ Works pretty well: ◮ Single-precision: 8 minutes to verify ◮ Double/extended precision: 1 hour each ◮ Future directions: ◮ Fight our way toward an ACL2 theorem. ◮ Prove that we really have a proof. ◮ Need a logical story for Gification. ◮ Adapt the approach to other kinds of hardware. ◮ Need to decompose the problem in other ways than by case-splitting on the inputs. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 21 / 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CENG 342 Digital Systems Simplified Floating-point Adder Larry Pyeatt SDSM&amp;T Binary

CENG 342 Digital Systems Simplified Floating-point Adder Larry Pyeatt SDSM&amp;T Binary

CENG 342 Digital Systems Simplified Floating-point Adder Larry Pyeatt SDSM&amp;T Binary Floating Point Representation Floating point number consists of three components: sign bit, exponent, and mantissa. Example: 12.75: sign is + , exponent

253 views • 12 slides
Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur

Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur

ECE 0142 Computer Organization Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur floating-point programming. Floating point greatly simplifies working with large (e.g., 2 70 ) and small (e.g., 2 -17 )

638 views • 30 slides
LifeJacket: Verifying Precise Floating-Point Optimizations in LLVM Andres Ntzli , Fraser Brown

LifeJacket: Verifying Precise Floating-Point Optimizations in LLVM Andres Ntzli , Fraser Brown

LifeJacket: Verifying Precise Floating-Point Optimizations in LLVM Andres Ntzli , Fraser Brown Stanford University How about: float y = x; Nope: if x = -0.0 then y = +0.0 Motivating Example Suppose we want to optimize: float y = +0.0 -

463 views • 35 slides
Floating-point numbers Fractional binary numbers IEEE floating-point standard Floating-point

Floating-point numbers Fractional binary numbers IEEE floating-point standard Floating-point

Floating-point numbers Fractional binary numbers IEEE floating-point standard Floating-point operations and rounding Lessons for programmers Many more details we will skip (its a 58-page standard) See CSAPP 2.4 for more detail. 1

381 views • 15 slides
15-213 The course that gives CMU its Zip! Floating Point Sept 6, 2006 Topics Topics

15-213 The course that gives CMU its Zip! Floating Point Sept 6, 2006 Topics Topics

15-213 The course that gives CMU its Zip! Floating Point Sept 6, 2006 Topics Topics IEEE Floating Point Standard Rounding Floating Point Operations Mathematical properties class03.ppt 15-213, F06 Floating Point

1.03k views • 34 slides
Floating point Today ! IEEE Floating Point Standard ! Rounding ! Floating Point Operations !

Floating point Today ! IEEE Floating Point Standard ! Rounding ! Floating Point Operations !

Floating point Today ! IEEE Floating Point Standard ! Rounding ! Floating Point Operations ! Mathematical properties Next time ! The machine model Chris Riesbeck, Fall 2011 Monday, October 3, 2011 Checkpoint Monday, October 3, 2011 IEEE

1.07k views • 28 slides
2/10/2020 Today: Floating Point Background: Fractional binary numbers IEEE floating point

2/10/2020 Today: Floating Point Background: Fractional binary numbers IEEE floating point

2/10/2020 Today: Floating Point Background: Fractional binary numbers IEEE floating point standard: Definition Floating Point Example and properties Rounding, addition, multiplication CSci 2021: Machine Architecture and

411 views • 7 slides
9/20/2018 Today: Floating Point Background: Fractional binary numbers IEEE floating point

9/20/2018 Today: Floating Point Background: Fractional binary numbers IEEE floating point

9/20/2018 Today: Floating Point Background: Fractional binary numbers IEEE floating point standard: Definition Floating Point Example and properties Rounding, addition, multiplication CSci 2021: Machine Architecture and

339 views • 7 slides
CS 356 Unit 3 IEEE 754 Floating Point Representation 3.2 Floating Point Used to represent

CS 356 Unit 3 IEEE 754 Floating Point Representation 3.2 Floating Point Used to represent

3.1 CS 356 Unit 3 IEEE 754 Floating Point Representation 3.2 Floating Point Used to represent very small numbers (fractions) and very large numbers Avogadros Number: +6.0247 * 10 23 Plancks Constant: +6.6254 * 10 -27

789 views • 33 slides
Machine numbers: how floating point numbers are stored? Floating-point number representation

Machine numbers: how floating point numbers are stored? Floating-point number representation

Machine numbers: how floating point numbers are stored? Floating-point number representation What do we need to store when representing floating point numbers in a computer? ! = 1. &amp; 2 ! Initially, different floating-point

379 views • 18 slides
Floating point How arithmetic operations mathematics involving floating point numbers

Floating point How arithmetic operations mathematics involving floating point numbers

Numerical and Scientific Computing with Applications David F . Gleich CS 314, Purdue September 7, 2016 In this class: Floating point How arithmetic operations mathematics involving floating point numbers work. Next class IEEE

812 views • 11 slides
Floating Point Data CSCI 125 &amp; 161 / ENGR 144 Floating point numbers are not exact

Floating Point Data CSCI 125 &amp; 161 / ENGR 144 Floating point numbers are not exact

Floating Point Data CSCI 125 &amp; 161 / ENGR 144 Floating point numbers are not exact Value 0.1 is very close to 1/10, but not Lecture 13 precisely equal to it 0.1 10 = 0.000110011001100110011... 2 Cannot rely on accuracy of

313 views • 3 slides
Unit 3 IEEE 754 Floating Point Representation 3.2 Floating Point Used to represent very

Unit 3 IEEE 754 Floating Point Representation 3.2 Floating Point Used to represent very

3.1 Unit 3 IEEE 754 Floating Point Representation 3.2 Floating Point Used to represent very small numbers (fractions) and very large numbers Avogadros Number: +6.022 10 23 Boltzmanns Constant: +1.38 10 -23 32 or

1.13k views • 38 slides
Formal verification of floating-point algorithms John Harrison Intel Corporation Floating

Formal verification of floating-point algorithms John Harrison Intel Corporation Floating

Formal verification of floating-point algorithms 1 Formal verification of floating-point algorithms John Harrison Intel Corporation Floating point algorithm verification HOL Light Floating point numbers and formats HOL floating

636 views • 28 slides
Debugging Floating-Point Debugging Floating-Point Debugging Floating-Point Math in Racket Math

Debugging Floating-Point Debugging Floating-Point Debugging Floating-Point Math in Racket Math

Debugging Floating-Point Debugging Floating-Point Debugging Floating-Point Math in Racket Math in Racket Math in Racket Neil Toronto RacketCon 2013 Racket Floating-Point Support Racket Floating-Point Support Racket Floating-Point Support

914 views • 88 slides
DLX Floating Point Extend MIPS Pipeline to Floating Point Operations Functional units

DLX Floating Point Extend MIPS Pipeline to Floating Point Operations Functional units

DLX Floating Point Extend MIPS Pipeline to Floating Point Operations Functional units more complex than simple integer ALU Require several clock cycles for a FP arithmetic operation Add: 4 cycles, Multiply: 7 cycles, Divide: 25

377 views • 22 slides
Checked C Michael Hicks The University of Maryland joint work with David Tarditi (MSR), Andrew

Checked C Michael Hicks The University of Maryland joint work with David Tarditi (MSR), Andrew

Checked C Michael Hicks The University of Maryland joint work with David Tarditi (MSR), Andrew Ruef (UMD), Sam Elliott (UW) UM Motivation - Lots of C/C++ code out there. - One open source code indexer (openhub.net) found 8.5 billion lines of C

585 views • 32 slides
Delimited Continuations The Bees Knees Quasiconf 2012 Andy Wingo A poll How many of you

Delimited Continuations The Bees Knees Quasiconf 2012 Andy Wingo A poll How many of you

Delimited Continuations The Bees Knees Quasiconf 2012 Andy Wingo A poll How many of you use call/cc and continuation objects in large programs? Do we really use it to implement coroutines and backtracking and threads and whatever?

659 views • 28 slides
Data Blocking Jon K. Nilsen Department of Physics and Scientific Computing Group University of

Data Blocking Jon K. Nilsen Department of Physics and Scientific Computing Group University of

Data Blocking Jon K. Nilsen Department of Physics and Scientific Computing Group University of Oslo, N-0316 Oslo, Norway Spring 2008 Computational Physics II FYS4410 Outline Data Blocking Implementing blocking Using vmc blocking

210 views • 8 slides
Algorithms: Linear and Binary Search CS 110 Bryn Mawr

Algorithms: Linear and Binary Search CS 110 Bryn Mawr

Algorithms: Linear and Binary Search CS 110 Bryn Mawr College Algorithm A well-defined set of instruc;ons for solving a par;cular kind of

169 views • 14 slides
Automated Test Case Generation for CTRL using Pex: Lessons Learned David PY Lawrence 1 Stefan

Automated Test Case Generation for CTRL using Pex: Lessons Learned David PY Lawrence 1 Stefan

1 University of Geneva, Switzerland 2 CERN, Geneva, Switzerland Automated Test Case Generation for CTRL using Pex: Lessons Learned David PY Lawrence 1 Stefan Klikovits 1 , 2 Manuel Gonzalez-Berges 2 Didier Buchs 1 Stefan Klikovits 1

709 views • 48 slides
LECTURE 14 LISTS AS STACKS AND QUEUES MCS 260 Fall 2020 David Dumas / REMINDERS Work on:

LECTURE 14 LISTS AS STACKS AND QUEUES MCS 260 Fall 2020 David Dumas / REMINDERS Work on:

LECTURE 14 LISTS AS STACKS AND QUEUES MCS 260 Fall 2020 David Dumas / REMINDERS Work on: Worksheet 5 Quiz 5 Now posted Project 2 description (read it!) / More on this example: lettervalues.py vals.txt , &quot;&quot;&quot;Compute the

496 views • 12 slides
Parallel DBs &amp; MapReduce CSE 344 SECTION 10 Big Bi g Data The Three

Parallel DBs &amp; MapReduce CSE 344 SECTION 10 Big Bi g Data The Three

Parallel DBs &amp; MapReduce CSE 344 SECTION 10 Big Bi g Data The Three Vs of Big Data A Brief Story PredicIng the future MapReduce MapReduce Phases WordCount Example Map(int id,

500 views • 21 slides
Deductive Program Verification with Why3 Jean-Christophe Filli atre CNRS EJCP June 25, 2015

Deductive Program Verification with Why3 Jean-Christophe Filli atre CNRS EJCP June 25, 2015

Deductive Program Verification with Why3 Jean-Christophe Filli atre CNRS EJCP June 25, 2015 http://why3.lri.fr/ejcp-2015/ 1 / 130 team VALS http://vals.lri.fr/ Universit e Paris Sud 2 / 130 team VALS http://vals.lri.fr/

1.31k views • 130 slides

More recommend