formal verification of analog designs using metitarskiformal verification of analog designs using...
TRANSCRIPT
Formal Verification of Analog
Designs using MetiTarski
William Denman, Behzad Akbarpour, Sofiène Tahar1
Mohamed H. Zaki2
Lawrence C. Paulson3
1Concordia University, Montreal, Canada2University of British Columbia, Vancouver, Canada
3University of Cambridge, United Kingdom
FMCAD’09
November 17th, 2009
2 / 36 FMCAD’09 William Denman
Motivation
Should we care about formal verification for analog circuits?
Yes! Not really…
Verifiers / Researchers Designers
Common motivation
3 / 36 FMCAD’09 William Denman
• Some interesting statistics [IBS Corporation]
– Analog Circuitry 2% of the transistor count
– 20% of the IC Area
– 40% of the design Effort
Motivation
Analog verification continues to be a serious bottleneck
50% of the errors that require re-design
are from analog circuitry
4 / 36 FMCAD’09 William Denman
• Challenges– Infinite/Continuous state space
– Infinite time
– PVT : Sensitivity to process variation, voltage, temperature
– Non-linear behaviour
• We propose– A time unbounded verification
– Using MetiTarski : An Automated Theorem Prover
Motivation
Formal Verification for Analog Circuits?
5 / 36 FMCAD’09 William Denman
• Motivation
• Related Work
• Proposed Methodology
• Brief Introduction to MetiTarski
• Illustrative Example
• Conclusion
• Future Plans
Outline
6 / 36 FMCAD’09 William Denman
• Balivada [1995]
– Discretization of a circuit’s transfer function to the
Z-domain
– Apply digital based equivalence checking techniques
• Hartong, Klausen and Hedrich [2004]
– From analog circuit transfer functions
– Verify dynamic behaviour of the specification and
implementation state spaces.
Related Work
Model Checking/
Reachability AnalysisProof Based
Equivalence
Checking
Presence of tolerance margins
7 / 36 FMCAD’09 William Denman
• Kurshan and McMillan [1991]– State space subdivision of transistor behaviour
– Predict possible transitions between states
• Gupta [2004] , Dang [2006], Frehse [2006], Little [2006], Greenstreet [2007]– Reachability relations using projection techniques
– Over-approximation, but verification still sound
Possible Time Bounded Verification
Related Work
Model Checking/
Reachability AnalysisProof Based
Equivalence
Checking
8 / 36 FMCAD’09 William Denman
• Ghosh and Vemuri [1999]
– PVS used to prove functional equivalence between
models
– Specification built in VHDL-AMS
– Approximated DC models
• Hanna [2000]
– Predicates defining voltage and current behaviour
– Theorem Proving used
– Conservative approximation
Related Work
Model Checking/
Reachability AnalysisProof Based
Equivalence
Checking
Manual/Heuristic steps
9 / 36 FMCAD’09 William Denman
• Motivation
• Related Work
• Proposed Methodology
• Brief Introduction to MetiTarski
• Illustrative Example
• Conclusion
• Future Plans
Outline
10 / 36 FMCAD’09 William Denman
Methodology
Analog
Circuit
Closed Form
Solution
Specification
Inequality MetiTarski
Range
Reduction
Property
Verified True
Property of
Interest
Add Axioms
Does not terminate
Does not terminate
Proof generated
11 / 36 FMCAD’09 William Denman
• Analog circuit specification
– Circuit must oscillate
– Gain for certain frequency range
• Isolate the property
– Oscillation : Is it present?
– Gain : 3dB Bandwidth
• Inequality
– Voltage < Upper threshold
– Gain > Minimum Required Value
Methodology
Specification
Inequality
Property of
Interest
12 / 36 FMCAD’09 William Denman
• Analog circuit
– Differential equations
– Kirchoff law Equations
• Closed Form Solution
– Bounded number of analytical functions
– No differential operators
– Not always easy to obtain
Methodology
Analog
Circuit
Closed Form
Solution
13 / 36 FMCAD’09 William Denman
• Automated Theorem Proving
– The axioms are specific mathematical facts
– Bounding properties
– Definition of functions
• Range Reduction
– Functions are not defined over all ranges
– Large bounds cause proof to never end
– Apply basic trigonometric identities
Methodology
Range
Reduction
Add Axioms
)2sin()sin(
)2cos()cos(
π
π
+=
+=
xx
xx
14 / 36 FMCAD’09 William Denman
• Motivation
• Related Work
• Proposed Methodology
• Brief Introduction to MetiTarski
• Illustrative Example
• Conclusion
• Future Plans
Outline
15 / 36 FMCAD’09 William Denman
• Developed by Akbarpour and Paulson [‘07]
– Automated Theorem Prover
– Transcendental functions (sine, cosine, ln, exp, etc.)
– Square Root
• Theory behind the tool
– Resolution prover combined with a decision procedure
– Decidability of real closed fields (RCF) by Tarski
– Function families of upper and lower bounds by Daumas
and others
MetiTarski
16 / 36 FMCAD’09 William Denman
MetiTarski Implementation
Metis QEPCAD-B
Resolution Theorem Prover Decision Procedure
MetiTarski
17 / 36 FMCAD’09 William Denman
• QEPCAD-B
– Advanced implementation of cylindrical algebraic
decomposition
– Best available decision procedure for RCF
– Eliminates quantifiers from a formula
reduces to
MetiTarski
0.2
=++∃ cbxaxx
)0()00()040(2
===∨≠∧=∨≥−∧≠ cbabaacba
18 / 36 FMCAD’09 William Denman
• Assuming
• We are given a function containing exp(x)
– Upper bound axiom is
– Will usually need more than one axiom
Example Axiom
1206012
)1206012(23
23
−+−
+++−
xxx
xxx
40 ≤≤ x
19 / 36 FMCAD’09 William Denman
• Motivation
• Related Work
• Proposed Methodology
• Brief Introduction to MetiTarski
• Illustrative Example
• Conclusion
• Future Plans
Outline
20 / 36 FMCAD’09 William Denman
Example
• PWL: Simplest class of nonlinear circuits
• Behaviour can be reasonably approximated
0.1723.0
723.0276.0
276.00
<≤
≤<
≤≤
C
C
C
V
V
V
21 / 36 FMCAD’09 William Denman
Closed Form Solution
ODEs
Piecewise
ODEs
Transition
Relations
Initial
Conditions
MAPLE
M1
MetiTarski
M2 M3 Modes of operation
22 / 36 FMCAD’09 William Denman
• Using a computer algebra system
• Piecewise ODEs
– Separate behaviour of the component into modes
• Transition relations
– Determined by the piecewise model
• Initial Conditions
– Dependant on the system specification
Closed Form Solution
Piecewise
ODEs
Transition
Relations
Initial
Conditions
23 / 36 FMCAD’09 William Denman
Closed Form Solution
• Closed form solution for each mode
• Procedure followed until each mode visited
ODEs Mode N
Initial
Conditions
Maple Invlaplace
Closed Form
Solution
Maple Fsolve
Switching
Time
Maple Eval
Initial
Conditions Mode N+1
24 / 36 FMCAD’09 William Denman
• Starting with the ODEs of the system
• ID(VC) is the current through the tunnel diode
• Inverse Laplace transform taken to get closed form solutions in each mode
Closed Form Solution
25 / 36 FMCAD’09 William Denman
• Using the produced solution
– Fsolve used to compute time when switches modes
– Mode 1 -> Mode 2 : VD > 0.276
• Initial conditions determined
– Take solution from Fsolve
– Use Eval to evaluate function values
• Continue until each mode visited
Closed Form Solution
26 / 36 FMCAD’09 William Denman
• Choose the property of interest
– Reason about oscillation
– Reason about bounded behaviour
• Turn into an inequality
– Non-oscillation : IL will never pass an upper bound
– Bounded Behaviour : IL and VC will remain bounded
• Input into MetiTarski
Verified Properties
27 / 36 FMCAD’09 William Denman
• Transform inequality into the MetiTarski syntax
• Remember: each mode must be checked
MetiTarski Input
For All
Mode Switch Time
Closed form solution
Property inequality
Time in a specific mode
28 / 36 FMCAD’09 William Denman
• Property 1
– Non-Oscillation
• In each mode upper threshold not passed
– IL : Current through the inductor
Results
29 / 36 FMCAD’09 William Denman
Results
Property 2 – Bounded Behaviour
• In each mode the current and voltage are bounded
• Necessary to add axioms in 2 cases.
30 / 36 FMCAD’09 William Denman
• Recall the property
Verified Results
IL will never pass an upper boundNon Oscillation
31 / 36 FMCAD’09 William Denman
• Applied methodology to a basic OP-AMP
• Required additional method to obtain a closed form solution.
Results
32 / 36 FMCAD’09 William Denman
• Motivation
• Related Work
• Proposed Methodology
• Brief Introduction to MetiTarski
• Illustrative Example
• Conclusion
• Future Plans
Outline
33 / 36 FMCAD’09 William Denman
• Developed a methodology for the automated verification of analog designs
– Algebra system steps are semi-automated, but
mechanical in nature
– MetiTarski completely automated
– Most proofs complete quickly
• Applied to several analog circuits
– Interesting and complex behaviour
– Two different methods for closed form solutions
Conclusion
34 / 36 FMCAD’09 William Denman
• Computing Closed Form Solutions
– Investigate methods for solving nonlinear ODEs
• Scale to Larger Problems
– Efficient methods for calculating piecewise linear
functions
– Apply methodology to more precise models
Future Plans
35 / 36 FMCAD’09 William Denman
Thank You!
More details at: hvg.ece.concordia.ca