system-on-chip design verification: challenges and state ... · 9/21/2012 · question: how long...

System-on-Chip Design Verification: Challenges and State-of-the-art

Prof. Sofiène TaharHardware Verification Group

Concordia UniversityMontréal, QC, CANADA

MCSOC’12Aizu-Wakamatsu, Fukushima, Japan

September 21, 2012

Formal Probabilistic Analysis2

Outline

Motivation

Verification Crisis

State-of-the-art Technology

System-on-Chip VerificationSystemCDSPMemory Array

Concluding RemarksS. Tahar System Formal VerificationS. Tahar

Formal Probabilistic Analysis

3

Accident at Carbide plant, India

Cost: $470 million, December 2-3, 1984Loss: 3,787 deaths, over 500,000 people exposedCauses: Corroding non-stainless steel pipes, Improper maintenance

E. Broughton. The Bhopal Disaster and its Aftermath: A Review. Environmental Health, 4(6):1-6, May 2005.

System-on-Chip VerificationS. Tahar


4

Train Derailment in Germany

Loss: 101 dead, 88 injuredMain cause of failure: wheel design, a single fatigue crack in one of the wheels


Cost: $30 Million, June 3,1998

Investigative Documentary on National Geographic Channel. Derailment at Eschede (High Speed Train Wreck), Seconds From Disaster., 2007.


5

Space Shuttles Challenger and Columbia

Challenger (January 28, 1986)

Challenger: Cause: Failure of the pressure seal in the aft field joint of the right Solid Rocket BoosteDesign was unacceptably sensitive to a number of factors

Columbia: During re-entry, damaged tiles in the heat shield allowed the hot gases to penetrateand destroy the internal wing structure, rapidly causing the in-flight breakup of the veh

Columbia (February 1, 2003)


Loss: Entire crew in both accidents

Rogers Commission report, Report of the Presidential Commission on the Space Shuttle Challenger Accident, Volume 1, chapter 4, page 72. http://history.nasa.gov/rogersrep/v1ch4.htm, 1986.


6

… and the list goes on and on …



Design Errors

Patriot Missile

Failure, a classical case of rounding

error

Floating-point division

bug

Floating-point to Integer

conversion

7

S. Tahar System-on-Chip Verification


Design Challenges8



What is Verification?9



Design Verification10



Implementation Verification11



Manufacture Verification (Test)12



Verification Technology13



Functional Verification - Simulation

Most widely used system analysis approachConstruct a computer based model of the systemAnalyze the behavior of the system model under a

number of test cases to deduce properties of interest

Easy to useMay generate inaccurate results

Practically impossible to test for all possible cases



Simulation –A Practical Example

Question: How long does it take to verify a 64-bitFloating Point Division Unit


Answer: There are (264 x 264): 2128 test cases At 1 test/s, it will take 1025 years!!!


Simulation –Another Practical Example

Question: How long does it take to verify a 256-bit RAM Memory Unit

S. Tahar

Answer: There are 2256 = 1080 bits to test At 1 test/ps and using all matters in our

galaxy to build computers of the size of a single electron, it will take 1010 years to verify 0.05%!!!

System-on-Chip Verification


Verification Gap

The situation is worsening as technology evolves

17



Cost of Verification

Verification accounts for 60-70% of project cost (human, computing and time)

Increasing VLSI technology and design complexity (1.7 billion transistors on chip)

Traditional simulation limited to a tiny percentage of test cases

Situation is most serious for safety critical applications

Many research groups and companies are using formal verification as complement simulation

18



Functional Verification –Formal Methods

Construct a computer based mathematical model of the system.

Use mathematical reasoning to check functionalproperties of interest

Accurate results Consideration of all cases is implicit

Sometimes is difficult and time consuming



Simulation –Example Check if y>x for the given system (x is a natural number)

Test vectors (x) System output (y) y>x1 4 True

2 9 True

5 36 True

9 100 True

67 4624 True

1000 1002001 True

1000000 ??? ???

2)1( xx y



Formal Methods –Example Check if y>x for the given system (x is a natural number)

1 y>x Problem statement

2 (x+1)2>x Implementation

3 (x+1).(x+1)>x Definition of Square

4 (x+1).x+(x+1).1>x Distributivity

5 x.x+1.x+x.1+1.1>x Distributivity

6 x.x+x+x+1>x Multiplicative Identity

7 x.x+x+1+x>x Additive Commutivity

8 x.x+x+1>0 Addition Cancellation

9 True Natural numbers > 0

2)1( xx y



Formal Methods Applications

Formal methods are widely used for the functional verification of many applications MicroprocessorsSoftware ConformanceCache Coherence ProtocolsTelecommunication ProtocolsSecurity ProtocolsTransportation

Their utilization for system-on-chip verification has been somewhat limited though



MCSoC consists ofMulticore-processorsMemoriesI/O devicesSensorsInterconnection networkASIC logic


Multicore System-on-a-Chip


How to Design an SoC?

System Specification: Software(UML, C++, SystemC, Java, Corba, etc.)

ArchitecturalGap

PhysicalGap

Silicon Level!!!

System’s Architecture

?



SoC Verification

Facts:Functional testing of SoC software: difficult.SoC: complex interactions.Testing each feature or subsystem separately is not

enough to ensure correct operationFully testing SoC: impossible.

State-of-the-art:No relevant new techniques.Adapted methodologies:

Assertion Based Verification: functional coverage. Model checking: small units. Simulation: guiding test vector generation.

Is your SoC free from errors?!



Conventional SoC Design Flow

System Specs

System Design

HW & SW Partitioning

SoC HW RTLSoC SW

Development

Synthesis and Chip plan

Functional, Timing, and Physical testing

SW Verification

HW IP Library

Functional Verification

Netlist Verification

System Level Verification

SW IP/RTOS Lib


Formal Probabilistic AnalysisS. Tahar System-on-Chip Verification

Model Checker

SystemC to AsmL

Test Bench Generator C/C++

PSL (C#)

SystemC Code

PSL Assertions

Test Environment

Abstract code (in SystemC)

PSL (in AsmL)

Static Code Analyzer

Assertions Verifier

Abstract code (in AsmL)

PSL Properties

SystemC Verification


• Designs in SystemC

• High level modeling in UML

• Properties and Assertions in PSL

• Verification by Model Checking and ABV

• Use AsmL (Microsoft) as intermediate language

• Several applications

29


SystemC Verification


Verification Methodology

Use CaseClass DiagramSequence Diagram

Model Checking

SystemC Design PSL Properties

Extended Sequence Diagrams

SystemC Model (AsmL) PSL Properties modeled in ASM

PSL Properties modeled in C#Design SystemC Model

Compilation

Mapping

Translation

UML

AsmL

C++/C#

Static Code Analysis Assertion Verification



Floating-pointAlgorithm

Fixed-pointAlgorithm

HardwareArchitecture

BehavioralHDL

RTL

Netlist

Place andRoute

TestBench

System Design Using SPW/HDS

IC Design UsingExternal Tools

Ideal RealSpecification Theoretical Design

DSP Design Flow


FP DSP

FXP DSP

RTL

Netlist

FP HOL

FXP HOL

RTL HOL

Netlist HOL

Embedding

Embedding

Embedding

Embedding

CONVERT

CONVERT

Synthesize

FP Real Value

FXP Real Value

Error Analysis

( Logical Implication )

( Logical Implication )

Valuation

Valuation

REAL DSP REAL HOLEmbedding

CONVERT

Error Analysis

Error Analysis

Shallow

Shallow

Shallow

Shallow

Shallow

DSP Verification Methodology


Health careMedical devices

Avionics and space technologyAvionics, artificial satellites, space shuttle

Electrical power systemsPower generation, Power factor correction

Reliability Analysis of Memory

35S. Tahar System-on-Chip Verification


Probabilistic Analysis of Faults

Hardware SoftwareSystem Model

Property Satisfied?

RandomComponents

Probabilistic and Statistical Properties

Computer Based Analysis Framework

Properties



Application: Memory Arrays

SolutionAdd RedundancyMake Memory

Reconfigurable

How much redundancy?Probabilistic Techniques

using Computer Simulation Inaccurate Very long run times

Proposed SolutionTheorem Proving!

Neighborhood Pattern

Sensitive Faults

Transition Faults

Stuck-at Faults

Coupling Faults



Reconfigurable Memory Array

38

sc = b ncp cq cr

ri

rj

rk

sc = a n

Number of Columns = n

Num

ber of Row

s = n

ri

rj

rk

cp

cq

cr

e1

e4

F = { }e1, e2, e3, e4



Repairability Problem

R 1b)n(a|F|Prlimn

⊢ a b w. (0 a) (a 1) (0 b) (b 1) ( n. (0<w(n)) (w(n)<(a+b) ) )

(lim )(lim (λn. P{ s | (fst (num_of_faults n a b w s) ) ≤ (a+b)n}) = 1)

⊢ a b w. (0 a) (a 1) (0 b) (b 1) ( n. (0<w(n)) (w(n)<(a+b) ) )

(lim )(lim (λn. P{ s | (fst (num_of_faults n a b w s) ) ≤ (a+b)n}) = 1)

0

w(n)1λn.

n

Proof Sketch Probability axioms, Bernoulli and Binomial continuous random

variables, Tail Distribution bounds , Real analysis and Limittheory

Theorem : Repairability Problem of Stuck-at Faults



Benefit and Cost of Verification?

Results exactly match the paper-and-pencil based analysis methods100% precise

Analysis was based on the pre-existing HOL theories of Sets, Lists, Integers, Real Numbers, Measure and Probability

~1200 lines of HOL code~80 man-hours

[Formal Reliability Analysis using Theorem Proving, IEEE Transactions on Computers, Vol. 59, No. 5, May 2010]



Is it worth the effort?

Paper-and-pencil proofs can be error prone!Many assumptions in the heads of the mathematician

or engineer conducting the analysis.

Theorem prover will not let you go away until you have proven all subgoalsHOL theorem prover

5 axioms 8 primitive inference rules

Worth the cost for Safety-Critical applications!



Thank You!

http://hvg.ece.concordia.ca


system-on-chip design verification: challenges and state ... · 9/21/2012 · question: how long...

Documents