-Ware: Hardware Description with Dependent Types Author: Joo Paulo - - PowerPoint PPT Presentation

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 1

Π-Ware: Hardware Description with Dependent Types

Author: João Paulo Pizani Flor

<j.p.pizani@uu.nl>

Supervisor: Wouter Swierstra

<w.s.swierstra@uu.nl>

Department of Information and Computing Sciences Utrecht University

Monday 18th May, 2015

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 2

Context

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 3

One-sentence defjnition

A unifjed DSL (Π-Ware) embedded in Agda for modeling hardware circuits, synthesizing them and proving properties about their behaviour and structure.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 4

Hardware is growing

More specifjcally, hardware acceleration. Three reasons why:

▶ Miniaturization still has some generations to go [3] ▶ Microarch. optimization gives diminishing returns [1] ▶ Battery energy density vs. demand for computation

More applications benefjt from hardware acceleration

▶ DSP, crypto, codecs, graphics, comm. protocols, etc.

Hardware design benefjts more from rigour

▶ Early optimization, more error-prone ▶ Mass production, less updateable

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 5

Hardware design “status quo”

Myriad of languages for specifjc design tasks…

▶ Simulation: SystemC, VHDL/Verilog ▶ Synthesis: VHDL/Verilog (subsets), C/C++ (subsets) ▶ Verifjcation: SAT solvers / Theorem provers

Problems:

▶ Manual translation ▶ Loss of invariants, manual checking

An analogous situation in software seems bizarre:

▶ To “simulate” (interpret) your program, you use Haskell ▶ For compilation to x86, use C (non-standardized)

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 6

Functional hardware DSLs

▶ Solve most of the problems with multiple descriptions ▶ “Popular” example: Lava (Chalmers)

• Description, simulation, testing in Haskell
• Verifjcation through external SAT solver

▶ Drawbacks:

• Non modular verifjcation (fully-automated)
• Only for specifjc circuits (not families)
• Haskell types not expressive enough
• addN :: Int -> ([Bit], [Bit]) -> [Bit]
• Could use lots of extensions, but why compromise?

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 7

Dependent types for hardware

▶ Well-formedness ▶ Rule out design mistakes early

• Floating wires (matching interfaces)
• Short-circuits (𝖰𝗆𝗏𝗁 constructor)

c₁ ⟫' p ⟫' c₂ c₁ c₂

iₛ

• ₛ

fₚ : oₛ → iₛ

p

▶ More precise specifjcation of circuit generators

• Haskell: addN :: Int -> ([Bit], [Bit]) -> [Bit]
• Agda: 𝖻𝖾𝖾𝖮 ∶ (𝑜 ∶ ℕ) → 𝖣 (𝟥 ∗ 𝑜) (𝗍𝗏𝖽 𝑜)

▶ Mainly: proofs in the same language as the models

• (Functional) correctness proofs
• Provably-correct circuit transformations

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 8

Π-Ware

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 9

Circuit syntax

▶ Π-Ware is deep-embedded

• Multiple semantics, algebraic manipulation

▶ Low-level, architectural representation

• Analogous to a block diagram
• Untyped, but sized

𝖾𝖻𝗎𝖻 ℂ 𝗑𝗂𝖿𝗌𝖿 𝖧𝖻𝗎𝖿 ∶ ℂ (|𝗃𝗈| 𝑕) (|𝗉𝗏𝗎| 𝑕) 𝖰𝗆𝗏𝗁 ∶ 𝑗 ⤪ 𝑝 → ℂ 𝑗 𝑝 _⟫_ ∶ ℂ 𝑗 𝑛 → ℂ 𝑛 𝑝 → ℂ 𝑗 𝑝 _∥_ ∶ ℂ 𝑗1 𝑝1 → ℂ 𝑗2 𝑝2 → ℂ (𝑗1 + 𝑗2) (𝑝1 + 𝑝2)

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 10

Circuit syntax

▶ Combinational / sequential

• Single way of constructing a sequential circuit: 𝖤𝖿𝗆𝖻𝗓𝖬𝗉𝗉𝗊

𝖤𝖿𝗆𝖻𝗓𝖬𝗉𝗉𝗊 ∶ ℂ {𝜏} (𝑗 + 𝑚) (𝑝 + 𝑚) → ℂ {𝜕} 𝑗 𝑝

▶ The ℂ type is “tagged” to keep the two cases distinct

• The distinction is mainly important for simulation
• Easier defjnitions of generators
• 𝖾𝖻𝗎𝖻 ℂ ∶ {𝑞 ∶ 𝖩𝗍𝖣𝗉𝗇𝖼} → 𝖩𝗒 → 𝖩𝗒 → 𝖳𝖿𝗎

𝖾𝖻𝗎𝖻 𝖩𝗍𝖣𝗉𝗇𝖼 ∶ 𝖳𝖿𝗎 𝗑𝗂𝖿𝗌𝖿 𝜏 𝜕 ∶ 𝖩𝗍𝖣𝗉𝗇𝖼

• Obs: 𝜕 has to do with Σ𝜕

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 11

Fundamental gates

▶ Circuits are built by combining smaller circuits

• Ultimately, from a library of fundamental 𝖧𝖻𝗎𝖿𝗍
• Each gate specifjed by a function over (binary) words

𝖻𝗈𝖾𝖳𝗊𝖿𝖽 ∶ 𝖶𝖿𝖽 𝖢𝗉𝗉𝗆 𝟥 → 𝖶𝖿𝖽 𝖢𝗉𝗉𝗆 𝟤 𝖻𝗈𝖾𝖳𝗊𝖿𝖽 (𝑦 ∷ 𝑧 ∷ 𝜁) = [ 𝑦 ∧ 𝑧 ]

▶ A “traditional” instance of 𝖧𝖻𝗎𝖿𝗍 is 𝖢𝗉𝗉𝗆𝖴𝗌𝗃𝗉

• Set of gates: {⊥, ⊤, ¬, ∧, ∨}
• With the usual specifjcation (stdlib)

▶ Other “interesting” instances:

• Modular arithmetic
• Cryptographic primitives
• Primitives for scans (case study)

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 12

Fundamental gates

▶ To defjne a gate library, we need to defjne:

• How many gates are there
• Each gate’s interface
• Each gate’s specifjcation

|𝗃𝗈| |𝗉𝗏𝗎| ∶ 𝖧𝖻𝗎𝖿# → ℕ 𝗍𝗊𝖿𝖽 ∶ (𝑕 ∶ 𝖧𝖻𝗎𝖿#) → (𝖷 (|𝑗𝑜| 𝑕) → 𝖷 (|𝑝𝑣𝑢| 𝑕))

▶ Dependent types help us again

• The 𝖧𝖻𝗎𝖿# type ranges in [0..𝑜 − 1]
• 𝗍𝗊𝖿𝖽 works over words of the right size

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 13

Atomic types

▶ The whole 𝖣𝗃𝗌𝖽𝗏𝗃𝗎 module is parameterized by a record

• Defjning what is carried over the “wires”
• 𝖷 = 𝖶𝖿𝖽 𝖡𝗎𝗉𝗇

▶ This 𝖡𝗎𝗉𝗇𝗃𝖽 class is similar to Haskell’s 𝖥𝗈𝗏𝗇

• An atomic type needs to be fjnite
• There’s a bijection between the type and [0..𝑜 − 1]
• 𝖿𝗈𝗏𝗇 ∶ 𝖦𝗃𝗈 |𝐵𝑢𝑝𝑛| ↔ 𝐵𝑢𝑝𝑛
• In Agda, the bijection is proven

▶ Dependent types move runtime errors to type checking:

• Haskell: succ maxBound → runtime error
• Agda: “succ maxBound” → doesn’t typecheck!

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 14

Atomic types (𝖢𝗉𝗉𝗆)

▶ Some possible instances…

• 𝖢𝗉𝗉𝗆
• Multi-valued logics (VHDL’s std_logic)
• States of a state machine

▶ Simplest “useful”: 𝖢𝗉𝗉𝗆

• We use the mapping 0 ↔ 𝐺𝑏𝑚𝑡𝑓; 1 ↔ 𝑈 𝑠𝑣𝑓
• Order and choice of indices don’t matter

▶ Later how this parameterization infmuences synthesis

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 15

Putting all pieces together

▶ Small circuit using 𝖢𝗉𝗉𝗆 atoms and 𝖢𝗉𝗉𝗆𝖴𝗌𝗃𝗉 gates

⊻ℂ ∨ℂ ¬ℂ ∧ℂ ¬ℂ ∧ℂ ×ℂ

id⤨ id⤨

⊻ℂ ∶ ℂ 𝟥 𝟤 ⊻ℂ = 𝗀𝗉𝗌𝗅⤨ ⟫ (¬ℂ ∥ 𝗃𝖾⤨ ⟫ ∧ℂ) ∥ (𝗃𝖾⤨ ∥ ¬ℂ ⟫ ∧ℂ) ⟫ ∨ℂ

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 16

Data abstraction

▶ Sometimes it’s more convenient to have typed circuit I/O

• Used for conveniently-typed testing/simulation
• ℂ (𝖢𝗉𝗉𝗆 × 𝖢𝗉𝗉𝗆) 𝖢𝗉𝗉𝗆 instead of ℂ 𝟥 𝟤

▶ To be used as circuit I/O, a type needs to be 𝖳𝗓𝗈𝗎𝗂𝖿𝗍𝗃𝗔𝖻𝖼𝗆𝖿

• Have a mapping to vectors of 𝖡𝗎𝗉𝗇s (a.k.a words)

𝗌𝖿𝖽𝗉𝗌𝖾 ⇓𝖷⇑ (𝛽 ∶ 𝖳𝖿𝗎) {𝑗 ∶ 𝖩𝗒} ∶ 𝖳𝖿𝗎 𝗑𝗂𝖿𝗌𝖿 𝖽𝗉𝗈𝗍𝗎𝗌𝗏𝖽𝗎𝗉𝗌 ⇓𝖷⇑[_, _] 𝗀𝗃𝖿𝗆𝖾 ⇓ ∶ 𝛽 → 𝖷 𝑗 ⇑ ∶ 𝖷 𝑗 → 𝛽

▶ Instances

• Currently: _×_, _⊎_, 𝖶𝖿𝖽, primitives.
• Future: datatype-generic approach

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 17

Circuit semantics

▶ Our goal is to have two semantics:

• Behavioural (done)
• Structural/Synthesis (TODO)

▶ Our behavioural semantics is functional

• From a circuit, a function is derived
• Circuits can be “run” or simulated over inputs

▶ Two kinds of simulation: combinational and sequential

• Combinational: no internal state
• ⟦_⟧ ∶ ℂ {𝜏} 𝑗 𝑝 → (𝖷 𝑗 → 𝖷 𝑝)

⟦_⟧ = 𝖽𝖻𝗎𝖻ℂ𝜏 {𝐵𝑚 = 𝗍𝗃𝗇𝗏𝗆𝖻𝗎𝗃𝗉𝗈−𝖽𝗉𝗇𝖼𝗃𝗈𝖻𝗎𝗃𝗉𝗈𝖻𝗆}

• Tagged with 𝜏 (has no 𝖤𝖿𝗆𝖻𝗓𝖬𝗉𝗉𝗊)
• Example: ⟦ 𝖻𝗈𝖾 ⟧ (𝗎𝗌𝗏𝖿 ∷ 𝗀𝖻𝗆𝗍𝖿 ∷ 𝜁) ≡ [ 𝗀𝖻𝗆𝗍𝖿 ]

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 17

Circuit semantics

▶ Our goal is to have two semantics:

• Behavioural (done)
• Structural/Synthesis (TODO)

▶ Our behavioural semantics is functional

• From a circuit, a function is derived
• Circuits can be “run” or simulated over inputs

▶ Two kinds of simulation: combinational and sequential

• Combinational: no internal state
• ⟦_⟧ ∶ ℂ {𝜏} 𝑗 𝑝 → (𝖷 𝑗 → 𝖷 𝑝)

⟦_⟧ = 𝖽𝖻𝗎𝖻ℂ𝜏 {𝐵𝑚 = 𝗍𝗃𝗇𝗏𝗆𝖻𝗎𝗃𝗉𝗈−𝖽𝗉𝗇𝖼𝗃𝗈𝖻𝗎𝗃𝗉𝗈𝖻𝗆}

• Tagged with 𝜏 (has no 𝖤𝖿𝗆𝖻𝗓𝖬𝗉𝗉𝗊)
• Example: ⟦ 𝖻𝗈𝖾 ⟧ (𝗎𝗌𝗏𝖿 ∷ 𝗀𝖻𝗆𝗍𝖿 ∷ 𝜁) ≡ [ 𝗀𝖻𝗆𝗍𝖿 ]

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 18

Sequential simulation

▶ More general, for circuit with (possibly) internal state

• Simulation works over infjnite sequences
• Modeled using Agda’s 𝖳𝗎𝗌𝖿𝖻𝗇 (coinductive)

▶ User interface ▶

⟦_⟧𝜕 ∶ ℂ 𝑗 𝑝 → (𝖳𝗎𝗌𝖿𝖻𝗇 (𝖷 𝑗) → 𝖳𝗎𝗌𝖿𝖻𝗇 (𝖷 𝑝)) ⟦_⟧𝜕 = 𝗌𝗏𝗈 ∘ ⟦_⟧∗

• Works on both sequential and combinational circuits
• Ex: ⟦ 𝗈𝗉𝗎 ⟧𝜕 (𝗌𝖿𝗊𝖿𝖻𝗎 [ 𝗀𝖻𝗆𝗍𝖿 ]) ≈ 𝗌𝖿𝗊𝖿𝖻𝗎 [ 𝗎𝗌𝗏𝖿 ]

▶ 𝖳𝗎𝗌𝖿𝖻𝗇 functions can “look into the future”

• We use a causal stream function
• 𝑔 = 𝗌𝗏𝗈 ∘ 𝑔´ with 𝑔´ a step (past × present → next)
• Idea from Tarmo Uustalu’s paper [4]

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 19

Proving circuit properties

▶ What can be proven: depends on which semantics is used

• Structural: “the circuit size grows linearly with input size”
• Behavioural: “the circuit will never produce value X”

▶ Example behavioural property: functional correctness

• Agreement with a specifjcation on all inputs
• Specifjcation is a function
• Ex: ∀ (𝑦 𝑧 ∶ 𝖩𝗈𝗎𝟫) → ⟦ 𝖻𝖾𝖾𝟥𝟨𝟩 ⟧ (𝑦 , 𝑧) ≡ 𝑦 +𝟥𝟨𝟩 𝑧

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 20

Properties of circuit combinators

▶ Circuit combinators have algebraic properties

• { _⟫_, 𝗃𝖾⤨ } forms an (indexed) monoid
• { _∥_, 𝗈𝗃𝗆⤨ } forms an (indexed) monoid
• 𝑔 ∘ 𝑕 ≅ 𝗃𝖾 → 𝖰𝗆𝗏𝗁 𝑕 ⟫ 𝖰𝗆𝗏𝗁 𝑔 ≋ 𝗃𝖾⤨

▶ Developed a notion of equivalence between circuits (_≋_)

• Equality up to a certain semantics (simulation)
• Proven equivalence relation
• Equational reasoning
• Combinators are congruences (_⟫_, _∥_, 𝖰𝗆𝗏𝗁, custom)
• Equal behaviour → opportunity for optimization

▶ Π-Ware can be used to defjne whole classes of circuits

• With their own associated laws…

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 21

Present / Future

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 22

Current work

Finishing up…

▶ Case study: parallel-prefjx circuits

• Computes [𝑏1, (𝑏1 + 𝑏2), (𝑏1 + 𝑏2 + 𝑏3), ...] in parallel
• Behaviour similar to Haskell’s scanl
• Applications: sorting, addition, fjlters, etc., etc.

▶ General class + examples implemented in Π-Ware

• Inspired by Ralf Hinze’s “An algebra of scans” [2]
• As M.Sc experimentation project (Yorick Sijsling)
• Ex. law: 𝗍𝖽𝖻𝗈 (𝗍𝗏𝖽 𝑛) ▱ 𝗍𝖽𝖻𝗈 (𝗍𝗏𝖽 𝑜) ≋ 𝗍𝖽𝖻𝗈 (𝑛 + 𝗍𝗏𝖽 𝑜)

▶ “Side-efgects” of the project

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 23

Current work

Partly there / beginning…

▶ Correctness of sequential circuits

• Temporal logic
• Diffjculties with bisimilarity (_≈_)
• Better carrier than (𝖳𝗎𝗌𝖿𝖻𝗇 𝛽 → 𝖳𝗎𝗌𝖿𝖻𝗇 𝛾)?

▶ Little testing framework ▶ “Automated” checking for any specifjc circuit

• Given a (trivial) proofs, one for each possible input
• Produce proof of generalized statement
• Already working for 𝖦𝗃𝗈 𝑜
• 𝖿𝗆𝗃𝗇𝖦𝗃𝗈 ∶ 𝖶𝖿𝖽↑𝖩 𝑄 𝑜 (𝖻𝗆𝗆𝖦𝗃𝗈 𝑜) → (∀ 𝑗 → 𝑄 𝑗)

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 24

Future

▶ Translation to VHDL

• Simplifjed, intermediary language
• Two key additions to the framework
• In 𝖡𝗎𝗉𝗇𝗃𝖽: VHDL type, one VHDL expression per value
• In 𝖧𝖻𝗎𝖿𝗍: one VHDL component per gate

▶ Optimizations in generated VHDL

• Try to use circuit laws to justify “rewrite” steps
• Example: ((𝑏1 ∧ 𝑏2) ∧ 𝑏3) ∧ 𝑏4 ≅ (𝑏1 ∧ 𝑏2) ∧ (𝑏3 ∧ 𝑏4)

▶ Automation possibilities

• Testing input generation
• Congruence “generation”
• Monoid solver for circuit equality

Thank you! Questions?

https://github.com/joaopizani/piware-agda https://github.com/yoricksijsling/PiWare-prefixes . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . .. . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 26

References I

• H. Esmaeilzadeh, E. Blem, R. St.Amant, K. Sankaralingam,

and D. Burger. Dark silicon and the end of multicore scaling. In 2011 38th Annual International Symposium on Computer Architecture (ISCA), pages 365–376, June 2011. Ralf Hinze. An algebra of scans. In Dexter Kozen, editor, Mathematics of Program Construction, number 3125 in Lecture Notes in Computer Science, pages 186–210. Springer Berlin Heidelberg, January 2004.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Context

Defjnition Motivation Why Agda?

Π-Ware

Syntax Semantics Proofs

Present / Future

Current work Future 27

References II

Bernd Hoeffminger. ITRS: The international technology roadmap for semiconductors. In Bernd Hoeffminger, editor, Chips 2020, The Frontiers Collection, pages 161–174. Springer Berlin Heidelberg, January 2012. Tarmo Uustalu and Varmo Vene. The essence of datafmow programming. In Proceedings of the Third Asian Conference on Programming Languages and Systems, APLAS’05, pages 2–18, Berlin, Heidelberg, 2005. Springer-Verlag.