using mathematica for modeling, simulation and property checking of hardware systems ghiath al...
Post on 27-Dec-2015
215 Views
Preview:
TRANSCRIPT
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Using Mathematica for modeling, Using Mathematica for modeling, simulation and property checking of simulation and property checking of
hardware systemshardware systems
Ghiath AL SAMMANE
VDS group : Verification & Modeling of Digital systems
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.TIMA LaboratoryTIMA Laboratory
TTechniques of echniques of IInformatics and nformatics and MMicroelectronics for computer icroelectronics for computer AArchitecture rchitecture
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE2
Outline
What is TIMA? Digital hardware design process Modeling Hardware in Mathematica VHDL simulation in Mathematica Verification & symbolic simulation Property checking Successful applications Conclusion
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE3
Outline
What is TIMA? Digital hardware design process Modeling Hardware in Mathematica VHDL simulation in Mathematica Verification & symbolic simulation Property checking Successful applications Conclusion
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE4
What is TIMA ? (1) Public research lab of the university of Grenoble and CNRS,
located in the European equivalent to Silicon Valley
Carrying out research in the field of– Hardware design, architecture, test.
– Verification & CAD tools.
– Quality of integrated circuits and by means of data processing and microelectronics technology.
Transferring research results to industry
Contributing to knowledge dissemination by organizing conferences and editing journals
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE5
What is TIMA ? (2) 120 members including interns and staff
67 PhD candidates
17 patents since 1993 and 3 start ups since 1999
7 conferences organized in 2004 and 6 conferences to be organized in 2005
100 publications/year since 1993 and 57 PhD theses since 1999
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE6
Outline
What is TIMA? Digital hardware design process Modeling Hardware in Mathematica VHDL simulation in Mathematica Verification & symbolic simulation Property checking Successful applications Conclusion
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE7
Digital Hardware Design Process
Design Specifications
FunctionalDesign
RTLDesign
• In English
• Given by managers, customers…
• In Matlab, C, Java ….
• Property checking
• Done by R&D department
• In standard description Language, VHDL, Verilog.
• Done by HW designers
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE8
Digital Hardware Design Process
FunctionalDesign
RTLDesign
• In Matlab, C, Java ….
• Property checking
• Done by R&D department
• In standard description Language, VHDL, Verilog.
• Done by HW designers
RTLVerification
• By simulation, logical modeling & automatic reasoning
•Property checking
• Done by HW designers & verification experts
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE9
• By simulation, logical modeling & automatic reasoning
• Property checking
• Equivalence checking
• Done by HW designers & verification experts up to 75 % of design time !
Digital Hardware Design Process
RTLVerification
Synthesis &Optimization
Post-SynthesisVerification
Tech. mappingPlace & route
Fabrication
Test & Packaging
Post design process
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE10
Outline
What is TIMA? Digital hardware design process Modeling Hardware in Mathematica VHDL simulation in Mathematica Verification & symbolic simulation Property checking Successful applications Conclusion
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE11
Designing Hardware in Mathematica
FunctionalDesign
RTLDesign
• In Mathematica, Matlab, C, Java ….
• Property checking
• Done by R&D department
• In standard description Language, VHDL, Verilog.
• Done by HW designers
RTLVerification
• By simulation, logical modeling & automatic reasoning in Mathematica
•Property checking
• Done by HW designers & verification experts
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE12
Designing HW in Mathematica Functional Design
– Writing the early algorithms, formulas & equations directly in Mathematica
– Checking property by numerical & symbolic computation
RTL (register transfer level) design– Writing in standard VHDL– Simulating VHDL in Mathematica numerically &
symbolically– Checking properties
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE13
Designing HW in Mathematica Functional Design
– Writing the early algorithms, formulas & equations directly in Mathematica
– Checking property by numerical & symbolic computation
RTL (register transfer level) design– Writing in standard VHDL– Simulating VHDL in Mathematica numerically &
symbolically– Checking properties
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE14
Designing HW in Mathematica Functional Design
– Writing the early algorithms, formulas & equations directly in Mathematica
– Checking property by numerical & symbolic computation
RTL (register transfer level) design– Writing in standard VHDL– Simulating VHDL in Mathematica numerically &
symbolically– Checking properties
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE15
Designing HW in Mathematica Functional Design
– Writing the early algorithms, formulas & equations directly in Mathematica
– Checking property by numerical & symbolic computation
RTL (register transfer level) design– Writing in standard VHDL– Simulating VHDL in Mathematica numerically & symbolically– Checking properties
Finding bugs earlier Finding bugs earlier Less verification effort Less verification effort
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE16
Outline
What is TIMA? Digital hardware design process Modeling Hardware in Mathematica VHDL simulation in Mathematica Verification & symbolic simulation Property checking Successful applications Conclusion
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE17
First step :VHDL in Mathematica Modeling the semantic of a VHDL subset
– The model must meet the VHDL synthesizable standard– Accept numeric & symbolic inputs– A hierarchical functional model
Simulating the VHDL descriptions– The same results in numeric cases as within standard
simulators– Optimized for symbolic simulation
Checking properties about the symbolic results– Pattern matching, sat solving, BDD, theorem proving…
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE18
Mathematica symbolic simulatior
ResultsM-Code
Simulation Constraints
+Assertions
Event-based Symbolic Simulator
Constraints Resolution+
symbolic Verification of assertions Simulation
Rules
VHDLFile
nsimulation cycles Symbolic test cases
TranslatorIn Mathematica
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE19
Mathematica symbolic simulatior
ResultsM-Code
Simulation Constraints
+Assertions
Event-based Symbolic Simulator
Constraints Resolution+
symbolic Verification of assertions Simulation
Rules
VHDLFile
nsimulation cycles Symbolic test cases
TranslatorIn Mathematica
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE20
A VHDL example
A VHDL example :
entity two_arbiter is port ( Clock : in bit; Reset : in bit; Req1 : in bit; Req2 : in bit; Ack1 : out bit; Ack2 : out
bit);
end two_arbiter ;
Two requests arbiter
Clock
Reset
Req1
Req2
Ack1
Ack2
Priority is given to the request Req2
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE21
A VHDL exampleA VHDL example :
architecture behavior of two_arbiter is
begin -- behavior
synchronous: process (clock, reset)
begin -- process synchronous
if reset = '0' then
ack1<='0';
ack2<='0';
elsif clock'event and clock = '1' then -- rising clock edge
if req1='1' and req2='0' then
ack1<='1';
ack2<='0';
elsif req2='1' then
ack2<='1';
ack1<='0';
else
ack1<='0';
ack2<='0';
end if;
end if;
end process synchronous;
end behavior;
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE22
The M-code The Mathematica function that models the
execution of the VHDL entity-architecture for one clock cycle
M-code (Mathematica COnditional DEscription)
Extracted automatically from the VHDL description
Hierarchy is supported
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE23
The M-code of the example
The Mathematica equivalent :
Clear[two$arbiter$behavior];
SetAttributes[two$arbiter$behavior, HoldAll];
two$arbiter$behavior[ack1_, ack1$1_, ack2_, ack2$1_, clock_, clock$0_, req1_,
req2_, reset_, reset$0_]:=
A VHDL example :
entity two_arbiter is port ( Clock : in bit; Reset : in bit; Req1 : in bit; Req2 : in bit; Ack1 : out bit; Ack2 : out
bit);
end two_arbiter ;
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE24
The M-code of the example
The Mathematica equivalent :
Clear[two$arbiter$behavior];
SetAttributes[two$arbiter$behavior, HoldAll];
two$arbiter$behavior[ack1_, ack1$1_, ack2_, ack2$1_, clock_, clock$0_, req1_,
req2_, reset_, reset$0_]:=
A VHDL example :
entity two_arbiter is port ( Clock : in bit; Reset : in bit; Req1 : in bit; Req2 : in bit; Ack1 : out bit; Ack2 : out
bit);
end two_arbiter ;
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE25
The M-code of the example
The Mathematica equivalent :
Clear[two$arbiter$behavior];
SetAttributes[two$arbiter$behavior, HoldAll];
two$arbiter$behavior[ack1_, ack1$1_, ack2_, ack2$1_, clock_, clock$0_, req1_,
req2_, reset_, reset$0_]:=
A VHDL example :
entity two_arbiter is port ( Clock : in bit; Reset : in bit; Req1 : in bit; Req2 : in bit; Ack1 : out bit; Ack2 : out
bit);
end two_arbiter ;
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE26
The M-code of the example
The Mathematica equivalent :
Clear[two$arbiter$behavior];
SetAttributes[two$arbiter$behavior, HoldAll];
two$arbiter$behavior[ack1_, ack1$1_, ack2_, ack2$1_, clock_, clock$0_, req1_,
req2_, reset_, reset$0_]:=
A VHDL example :
entity two_arbiter is port ( Clock : in bit; Reset : in bit; Req1 : in bit; Req2 : in bit; Ack1 : out bit; Ack2 : out
bit);
end two_arbiter ;
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE27
Signal modeling Three values are needed
The current value at time t, (S)
The old value at time (t-1), (S$0)
The next value at time (t+1), (S$1)
Old values are used only for detecting events (Sig(t) Sig (t-1))
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE28
The M-code body Each concurrent statement in the architecture is
rewritten as a sequential process
From these processes we extract automatically a list of assignments
One assignment for each object in the design :the transfer function of the object (signal or variable)
Simulates the behavior of the circuit for an abstract time unit called cycle
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE29
Modeling assignments The signal assignment function :
NextSig[ S, F(S1,S2,…,Sn)]]
It gives the next value of S knowing the current and the old values of design objects (S1,S2,…,Sn)
F is an if-then-else expression (Ife)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE30
A VHDL exampleA VHDL example :
architecture behavior of two_arbiter is
begin -- behavior
synchronous: process (clock, reset)
begin -- process synchronous
if reset = '0' then
ack1<='0';
ack2<='0';
elsif clock'event and clock = '1' then -- rising clock edge
if req1='1' and req2='0' then
ack1<='1';
ack2<='0';
elsif req2='1' then
ack2<='1';
ack1<='0';
else
ack1<='0';
ack2<='0';
end if;
end if;
end process synchronous;
end behavior;
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE31
The M-code of the architecture The process is a set of signal assignments :{NextSig[ack1$1, Ife[equal[reset, 0], 0, Ife[and[event[clock], equal[clock, 1]], Ife[and[equal[req1, 1], equal[req2, 0]], 1, 0], ack1] ]]
, NextSig[ack2$1, Ife[equal[reset, 0], 0 , Ife[and[event[clock], equal[clock, 1]], Ife[and[equal[req1, 1], equal[req2, 0]], 0, Ife[equal[req2, 1], 1, 0] ], ack2]]] }
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE32
Outline
What is TIMA? Digital hardware design process Modeling Hardware in Mathematica VHDL simulation in Mathematica Verification & symbolic simulation Property checking Successful applications Conclusion
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE33
Second step : simulation VHDL
ResultsM-Code
Simulation Constraints
+Assertions
Event-based Symbolic Simulator
Constraints Resolution+
symbolic Verification of assertions Simulation
Rules
VHDLFile
nsimulation cycles Symbolic test cases
TranslatorIn Mathematica
Executing the M-code function for n cycle (clock cycle for synchronous circuits)Executing the M-code function for n cycle (clock cycle for synchronous circuits)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE34
ResultsM-Code
Simulation Constraints
+Assertions
Event-based Symbolic Simulator
Constraints Resolution+
symbolic Verification of assertions Simulation
Rules
VHDLFile
nsimulation cycles Symbolic test cases
TranslatorIn Mathematica
Mathematica symbolic simulator
During simulation : applying test cases and simulation rules During simulation : applying test cases and simulation rules
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE35
Simulation algorithm
Initialize(DesignObject)
For cycle := 1 to n do
Apply-test-vectors(inputs)
Mcode(DesignObject)Mcode(DesignObject)
Verify(Assertion)
Update(DesignObject)
Print(SelectedResults)
End for
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE36
Simulation Rules Used during the execution of M-code Simplification rules
– Ife[True,x_,_] x;– Ife[False,_,y_] y;– Ife[_,y_,y_] y;
Normalization rules– Ife[Ife[a_,b_,c_],x_,y_] Ife[a,Ife[b,x,y],Ife[c,x,y]];
Evaluation rules– Ife[cond_,x_,y_] IFE[cond,Assuming[cond,simplify[x]],Assuming[Not[cond],
simplify[y]]];
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE37
The M-code of the architecture The process is a set of signal assignments :{NextSig[ack1$1, Ife[equal[reset, 0], 0, Ife[and[event[clock], equal[clock, 1]], Ife[and[equal[req1, 1], equal[req2, 0]], 1, 0], ack1] ]]
, NextSig[ack2$1, Ife[equal[reset, 0], 0 , Ife[and[event[clock], equal[clock, 1]], Ife[and[equal[req1, 1], equal[req2, 0]], 0, Ife[equal[req2, 1], 1, 0] ], ack2]]] }
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE38
Simulation of the example Most inputs are symbols, one simulation test case
is equivalent to a lot of numeric ones
The symbolic expression of Ack1– IFE[RESET == 0, 0, IFE[REQ1 == 1 && REQ2 == 0,
1, 0]]
The symbolic expression of Ack2– IFE[RESET == 0, 0, IFE[REQ1 == 1 && REQ2 == 0,
0, IFE[REQ2 == 1, 1, 0]]]
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE39
Outline
What is TIMA? Digital hardware design process Modeling Hardware in Mathematica VHDL simulation in Mathematica Verification & symbolic simulation Property checking Successful applications Conclusion
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE40
Checking properties What can we do with huge If-then-else
expressions?– The designer writes a property that the circuit should
satisfy – After the simulation, the symbolic expression of the
assertion should be evaluated to true or false
Property are checked by– Using comparison to direct specifications written in
Mathematica– Using a Boolean prover in Mathematica– Using an external theorem prover
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE41
Boolean prover in Mathematica A prototype is under test
Take a normalized if-then-else and gives a counter example if the theorem is wrong and prove it otherwise
Built by the association of :– an implementation of the shared-BDD rewriting in
Mathematica
– Make use of the FindInstance function in Mathematica
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE42
Checking properties of the example mutex : assert not (Ack1 and Ack2)
serve : assert Req1 or Req2 Ack1 or Ack2
waste : assert Ack1 req1
waste : assert Ack2 req2
All these properties are proved by by our Boolean prover in Mathematica and by ACL2
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE43
SatBit : checking the arbiter
SatBit : Gives an example that the expression is satisfaisable, False other wise.
In[24]:= SatBit[ack2]
Sat, example:
Out[24]= {{REQ1 -> 1, REQ2 -> 1, RESET -> 1}}
In[25]:= SatBit[ack1&&ack2]
Out[25]= False
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE44
Proving properties by ACL2 An inductive theorem prover An automatic link with Mathematica The main function is ImpliesAcl2[p,q]
– Prove by Acl2 that p qExample:– ImpliesAcl2[And[ bitp[REQ1, REQ2, RESET], RESET == 1 ,ack1 == 1 ],REQ1 == 1]True
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE45
Outline
What is TIMA? Digital hardware design process Modeling Hardware in Mathematica VHDL simulation in Mathematica Verification & symbolic simulation Property checking Successful applications Conclusion
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE46
Successful applications Validation on research and academic cases
Symbolic simulation and a verification of a network on chip (a university circuit)
Symbolic simulation of an industrial cryptographic component implementation
Symbolic simulation and property verification of a DRAM specification that comes from STMicroelectronics
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE47
Outline
What is TIMA? Digital hardware design process Modeling Hardware in Mathematica VHDL simulation in Mathematica Verification & symbolic simulation Property checking Successful applications Conclusion
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE48
Conclusion : achievements A VHDL to Mathematica compiler is built
A hardware simulator in Mathematica is implemented
We prove properties about results– A Boolean prover is implemented in Mathematica (automatic)
– A link to an external theorem prover is achieved (expert in proof may be needed when proof fails)
Application on various industrial circuits
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE49
Conclusion : What is next ? Writing a user manual
Building an interface
Supporting Property Specification Language (PSL)
A Demo at DATE 2005 (Design Automation & Test in Europe)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE50
Thank you
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture. © Ghiath AL SAMMANE51
If-then-else expression (Ife)
Ife_expr ::=
Symbol
| Number
| True | False
| Boolean_Expression
| Arithmetic_Expression
| Ife[Ife_expr, Ife_expr, Ife_expr]
top related