hybrid verification of a hardware modular reduction enginehunt/fmcad/fmcad11/slides/... ·...
TRANSCRIPT
![Page 1: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/1.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Hybrid Verification of a Hardware ModularReduction Engine
Jun Sawada, Peter Sandon, Viresh Paruthi,Jason Baumgartner,Michael Case, Hari Mony
IBM Austin Research LaboratoryIBM System and Technology Group
November 2, 2011
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 2: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/2.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Outline
Motivation
Verification Tool
Verification of Modular Reduction
Results and Observation
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 3: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/3.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
A Brief Introduction to Cryptography
Cryptography is a central feature of modern networkcomputing.
There are two types of cryptographic algorithmsSymmetric key encryption/decryption
Same key/algorithm for encryption and decryptione.g. AES, SHA
Public key encryption/decryption
Different keys for encryption and decryptione.g. RSA, PNG
Public key encryption is based on modular arithmetic such as
Modular reduction A mod NModular inverse A−1 mod NModular exponentiation AB mod NMontgomery multiplier accelerates AB mod N computation.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 4: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/4.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
A Brief Introduction to Cryptography
Cryptography is a central feature of modern networkcomputing.
There are two types of cryptographic algorithmsSymmetric key encryption/decryption
Same key/algorithm for encryption and decryptione.g. AES, SHA
Public key encryption/decryption
Different keys for encryption and decryptione.g. RSA, PNG
Public key encryption is based on modular arithmetic such as
Modular reduction A mod NModular inverse A−1 mod NModular exponentiation AB mod NMontgomery multiplier accelerates AB mod N computation.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 5: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/5.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
A Brief Introduction to Cryptography
Cryptography is a central feature of modern networkcomputing.
There are two types of cryptographic algorithmsSymmetric key encryption/decryption
Same key/algorithm for encryption and decryptione.g. AES, SHA
Public key encryption/decryption
Different keys for encryption and decryptione.g. RSA, PNG
Public key encryption is based on modular arithmetic such as
Modular reduction A mod NModular inverse A−1 mod NModular exponentiation AB mod NMontgomery multiplier accelerates AB mod N computation.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 6: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/6.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
A Brief Introduction to Cryptography
Cryptography is a central feature of modern networkcomputing.
There are two types of cryptographic algorithmsSymmetric key encryption/decryption
Same key/algorithm for encryption and decryptione.g. AES, SHA
Public key encryption/decryption
Different keys for encryption and decryptione.g. RSA, PNG
Public key encryption is based on modular arithmetic such as
Modular reduction A mod NModular inverse A−1 mod NModular exponentiation AB mod NMontgomery multiplier accelerates AB mod N computation.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 7: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/7.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
A Brief Introduction to Cryptography
Cryptography is a central feature of modern networkcomputing.
There are two types of cryptographic algorithmsSymmetric key encryption/decryption
Same key/algorithm for encryption and decryptione.g. AES, SHA
Public key encryption/decryption
Different keys for encryption and decryptione.g. RSA, PNG
Public key encryption is based on modular arithmetic such as
Modular reduction A mod N
Modular inverse A−1 mod NModular exponentiation AB mod NMontgomery multiplier accelerates AB mod N computation.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 8: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/8.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
A Brief Introduction to Cryptography
Cryptography is a central feature of modern networkcomputing.
There are two types of cryptographic algorithmsSymmetric key encryption/decryption
Same key/algorithm for encryption and decryptione.g. AES, SHA
Public key encryption/decryption
Different keys for encryption and decryptione.g. RSA, PNG
Public key encryption is based on modular arithmetic such as
Modular reduction A mod NModular inverse A−1 mod N
Modular exponentiation AB mod NMontgomery multiplier accelerates AB mod N computation.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 9: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/9.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
A Brief Introduction to Cryptography
Cryptography is a central feature of modern networkcomputing.
There are two types of cryptographic algorithmsSymmetric key encryption/decryption
Same key/algorithm for encryption and decryptione.g. AES, SHA
Public key encryption/decryption
Different keys for encryption and decryptione.g. RSA, PNG
Public key encryption is based on modular arithmetic such as
Modular reduction A mod NModular inverse A−1 mod NModular exponentiation AB mod N
Montgomery multiplier accelerates AB mod N computation.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 10: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/10.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
A Brief Introduction to Cryptography
Cryptography is a central feature of modern networkcomputing.
There are two types of cryptographic algorithmsSymmetric key encryption/decryption
Same key/algorithm for encryption and decryptione.g. AES, SHA
Public key encryption/decryption
Different keys for encryption and decryptione.g. RSA, PNG
Public key encryption is based on modular arithmetic such as
Modular reduction A mod NModular inverse A−1 mod NModular exponentiation AB mod NMontgomery multiplier accelerates AB mod N computation.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 11: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/11.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
On-chip Hardware Accelerator for Modular Reduction
Hardware Accelerator
On-chip co-processor that frees up CPU cyclesTuned for certain tasks, often computationally expensive ones.e.g. Graphic accelerator. Encryption accelerator
We worked on an asymmetric math function accelerator
Performs modular math for public key encryption.Used for encryption acceleration.Takes up to 4096-bit operandsLong delays: Thousands of clock cycles for a single operationImplemented as a finite-state machine.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 12: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/12.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
On-chip Hardware Accelerator for Modular Reduction
Hardware Accelerator
On-chip co-processor that frees up CPU cyclesTuned for certain tasks, often computationally expensive ones.e.g. Graphic accelerator. Encryption accelerator
We worked on an asymmetric math function accelerator
Performs modular math for public key encryption.Used for encryption acceleration.Takes up to 4096-bit operandsLong delays: Thousands of clock cycles for a single operationImplemented as a finite-state machine.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 13: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/13.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
On-chip Hardware Accelerator for Modular Reduction
Hardware Accelerator
On-chip co-processor that frees up CPU cyclesTuned for certain tasks, often computationally expensive ones.e.g. Graphic accelerator. Encryption accelerator
We worked on an asymmetric math function accelerator
Performs modular math for public key encryption.
Used for encryption acceleration.Takes up to 4096-bit operandsLong delays: Thousands of clock cycles for a single operationImplemented as a finite-state machine.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 14: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/14.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
On-chip Hardware Accelerator for Modular Reduction
Hardware Accelerator
On-chip co-processor that frees up CPU cyclesTuned for certain tasks, often computationally expensive ones.e.g. Graphic accelerator. Encryption accelerator
We worked on an asymmetric math function accelerator
Performs modular math for public key encryption.Used for encryption acceleration.
Takes up to 4096-bit operandsLong delays: Thousands of clock cycles for a single operationImplemented as a finite-state machine.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 15: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/15.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
On-chip Hardware Accelerator for Modular Reduction
Hardware Accelerator
On-chip co-processor that frees up CPU cyclesTuned for certain tasks, often computationally expensive ones.e.g. Graphic accelerator. Encryption accelerator
We worked on an asymmetric math function accelerator
Performs modular math for public key encryption.Used for encryption acceleration.Takes up to 4096-bit operands
Long delays: Thousands of clock cycles for a single operationImplemented as a finite-state machine.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 16: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/16.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
On-chip Hardware Accelerator for Modular Reduction
Hardware Accelerator
On-chip co-processor that frees up CPU cyclesTuned for certain tasks, often computationally expensive ones.e.g. Graphic accelerator. Encryption accelerator
We worked on an asymmetric math function accelerator
Performs modular math for public key encryption.Used for encryption acceleration.Takes up to 4096-bit operandsLong delays: Thousands of clock cycles for a single operation
Implemented as a finite-state machine.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 17: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/17.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
On-chip Hardware Accelerator for Modular Reduction
Hardware Accelerator
On-chip co-processor that frees up CPU cyclesTuned for certain tasks, often computationally expensive ones.e.g. Graphic accelerator. Encryption accelerator
We worked on an asymmetric math function accelerator
Performs modular math for public key encryption.Used for encryption acceleration.Takes up to 4096-bit operandsLong delays: Thousands of clock cycles for a single operationImplemented as a finite-state machine.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 18: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/18.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Why Is the Accelerator Difficult To Verify?
Verification is a challenge because of the vast state-space due towide operands and long latency.
Traditional verification techniques have problems
Simulation is too slow to provide a decent coverage.
Even post-silicon testing is slow because of slow referencemodel computation by software.
Bit-level model-checking does not scale to thousands of cycles.
Very time-consuming to analyze implementation details with atheorem prover.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 19: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/19.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Why Is the Accelerator Difficult To Verify?
Verification is a challenge because of the vast state-space due towide operands and long latency.
Traditional verification techniques have problems
Simulation is too slow to provide a decent coverage.
Even post-silicon testing is slow because of slow referencemodel computation by software.
Bit-level model-checking does not scale to thousands of cycles.
Very time-consuming to analyze implementation details with atheorem prover.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 20: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/20.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Why Is the Accelerator Difficult To Verify?
Verification is a challenge because of the vast state-space due towide operands and long latency.
Traditional verification techniques have problems
Simulation is too slow to provide a decent coverage.
Even post-silicon testing is slow because of slow referencemodel computation by software.
Bit-level model-checking does not scale to thousands of cycles.
Very time-consuming to analyze implementation details with atheorem prover.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 21: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/21.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Why Is the Accelerator Difficult To Verify?
Verification is a challenge because of the vast state-space due towide operands and long latency.
Traditional verification techniques have problems
Simulation is too slow to provide a decent coverage.
Even post-silicon testing is slow because of slow referencemodel computation by software.
Bit-level model-checking does not scale to thousands of cycles.
Very time-consuming to analyze implementation details with atheorem prover.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 22: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/22.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Why Is the Accelerator Difficult To Verify?
Verification is a challenge because of the vast state-space due towide operands and long latency.
Traditional verification techniques have problems
Simulation is too slow to provide a decent coverage.
Even post-silicon testing is slow because of slow referencemodel computation by software.
Bit-level model-checking does not scale to thousands of cycles.
Very time-consuming to analyze implementation details with atheorem prover.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 23: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/23.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Hybrid Verification Tool
A hybrid verification tool is a combination of a model checkerand a theorem prover.
e.g. Intel Forte based on symbolic trajectory evaluation.
We believe the full potential of hybrid verification tools havenot been utilized because:
Model checker is not tuned for this kind of proofs.Theorem prover is hard-to-use and time-consuming for manyengineers.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 24: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/24.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Hybrid Verification Tool
A hybrid verification tool is a combination of a model checkerand a theorem prover.
e.g. Intel Forte based on symbolic trajectory evaluation.
We believe the full potential of hybrid verification tools havenot been utilized because:
Model checker is not tuned for this kind of proofs.Theorem prover is hard-to-use and time-consuming for manyengineers.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 25: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/25.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
ACL2SIX
Our tool ACL2SIX is a combination of
IBM SixthSense Formal Verification Tool (Model Checker)ACL2 Theorem Prover
ACL2SIX directly works on hardware given in HDL.
A quick translation of properties, not of hardware HDL.The theorem prover does not deal with low-level details ofhardware. The model checker abstracts them away.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 26: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/26.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
ACL2SIX
Our tool ACL2SIX is a combination of
IBM SixthSense Formal Verification Tool (Model Checker)ACL2 Theorem Prover
ACL2SIX directly works on hardware given in HDL.
A quick translation of properties, not of hardware HDL.The theorem prover does not deal with low-level details ofhardware. The model checker abstracts them away.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 27: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/27.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
ACL2SIX Platform Data Flow
CompilationProperty
Verified Property
Counter−Example Waveform
User Inputs
Complete Proof
Success
Fail
TranslatedProperty
HardwareVHDL
VerificationDriverACL2
SixthSense
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 28: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/28.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
ACL2SIX Theorem Example
Theorem to test the output of a 2-stage 32-bit adder.
(defthm adder-output(implies (natp n)
(equal (vhdl-sigvec (adder) ”SUM” (0 31) (+ n 2))(bv+ (vhdl-sigvec (adder) ”A” (0 31) n)
(vhdl-sigvec (adder) ”B” (0 31) n)))):hints ((”goal” :clause-processor
(:function acl2six :hint ’((:cycle-var n))))))
Bit vectors are accessed by vhdl-sigvec with the syntax:(vhdl-sigvec 〈DUT〉 〈vector name〉 〈field〉 〈clock cycle〉)
Clock cycle is given by (variable + constant delay)
Pre-defined and user-defined bit-vector functions can be used.
Directive to call SixthSense from ACL2
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 29: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/29.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
ACL2SIX Theorem Example
Theorem to test the output of a 2-stage 32-bit adder.
(defthm adder-output(implies (natp n)
(equal (vhdl-sigvec (adder) ”SUM” (0 31) (+ n 2))(bv+ (vhdl-sigvec (adder) ”A” (0 31) n)
(vhdl-sigvec (adder) ”B” (0 31) n)))):hints ((”goal” :clause-processor
(:function acl2six :hint ’((:cycle-var n))))))
Bit vectors are accessed by vhdl-sigvec with the syntax:(vhdl-sigvec 〈DUT〉 〈vector name〉 〈field〉 〈clock cycle〉)
Clock cycle is given by (variable + constant delay)
Pre-defined and user-defined bit-vector functions can be used.
Directive to call SixthSense from ACL2
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 30: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/30.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
ACL2SIX Theorem Example
Theorem to test the output of a 2-stage 32-bit adder.
(defthm adder-output(implies (natp n)
(equal (vhdl-sigvec (adder) ”SUM” (0 31) (+ n 2))(bv+ (vhdl-sigvec (adder) ”A” (0 31) n)
(vhdl-sigvec (adder) ”B” (0 31) n)))):hints ((”goal” :clause-processor
(:function acl2six :hint ’((:cycle-var n))))))
Bit vectors are accessed by vhdl-sigvec with the syntax:(vhdl-sigvec 〈DUT〉 〈vector name〉 〈field〉 〈clock cycle〉)
Clock cycle is given by (variable + constant delay)
Pre-defined and user-defined bit-vector functions can be used.
Directive to call SixthSense from ACL2
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 31: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/31.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
ACL2SIX Theorem Example
Theorem to test the output of a 2-stage 32-bit adder.
(defthm adder-output(implies (natp n)
(equal (vhdl-sigvec (adder) ”SUM” (0 31) (+ n 2))(bv+ (vhdl-sigvec (adder) ”A” (0 31) n)
(vhdl-sigvec (adder) ”B” (0 31) n)))):hints ((”goal” :clause-processor
(:function acl2six :hint ’((:cycle-var n))))))
Bit vectors are accessed by vhdl-sigvec with the syntax:(vhdl-sigvec 〈DUT〉 〈vector name〉 〈field〉 〈clock cycle〉)
Clock cycle is given by (variable + constant delay)
Pre-defined and user-defined bit-vector functions can be used.
Directive to call SixthSense from ACL2
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 32: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/32.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
ACL2SIX Theorem Example
Theorem to test the output of a 2-stage 32-bit adder.
(defthm adder-output(implies (natp n)
(equal (vhdl-sigvec (adder) ”SUM” (0 31) (+ n 2))(bv+ (vhdl-sigvec (adder) ”A” (0 31) n)
(vhdl-sigvec (adder) ”B” (0 31) n)))):hints ((”goal” :clause-processor
(:function acl2six :hint ’((:cycle-var n))))))
Bit vectors are accessed by vhdl-sigvec with the syntax:(vhdl-sigvec 〈DUT〉 〈vector name〉 〈field〉 〈clock cycle〉)
Clock cycle is given by (variable + constant delay)
Pre-defined and user-defined bit-vector functions can be used.
Directive to call SixthSense from ACL2
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 33: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/33.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
ACL2SIX Theorem Example
Theorem to test the output of a 2-stage 32-bit adder.
(defthm adder-output(implies (natp n)
(equal (vhdl-sigvec (adder) ”SUM” (0 31) (+ n 2))(bv+ (vhdl-sigvec (adder) ”A” (0 31) n)
(vhdl-sigvec (adder) ”B” (0 31) n)))):hints ((”goal” :clause-processor
(:function acl2six :hint ’((:cycle-var n))))))
Bit vectors are accessed by vhdl-sigvec with the syntax:(vhdl-sigvec 〈DUT〉 〈vector name〉 〈field〉 〈clock cycle〉)
Clock cycle is given by (variable + constant delay)
Pre-defined and user-defined bit-vector functions can be used.
Directive to call SixthSense from ACL2
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 34: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/34.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
ACL2SIX Theorem Example
Theorem to test the output of a 2-stage 32-bit adder.
(defthm adder-output(implies (natp n)
(equal (vhdl-sigvec (adder) ”SUM” (0 31) (+ n 2))(bv+ (vhdl-sigvec (adder) ”A” (0 31) n)
(vhdl-sigvec (adder) ”B” (0 31) n)))):hints ((”goal” :clause-processor
(:function acl2six :hint ’((:cycle-var n))))))
Bit vectors are accessed by vhdl-sigvec with the syntax:(vhdl-sigvec 〈DUT〉 〈vector name〉 〈field〉 〈clock cycle〉)Clock cycle is given by (variable + constant delay)
Pre-defined and user-defined bit-vector functions can be used.
Directive to call SixthSense from ACL2
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 35: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/35.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
ACL2SIX Theorem Example
Theorem to test the output of a 2-stage 32-bit adder.
(defthm adder-output(implies (natp n)
(equal (vhdl-sigvec (adder) ”SUM” (0 31) (+ n 2))(bv+ (vhdl-sigvec (adder) ”A” (0 31) n)
(vhdl-sigvec (adder) ”B” (0 31) n)))):hints ((”goal” :clause-processor
(:function acl2six :hint ’((:cycle-var n))))))
Bit vectors are accessed by vhdl-sigvec with the syntax:(vhdl-sigvec 〈DUT〉 〈vector name〉 〈field〉 〈clock cycle〉)Clock cycle is given by (variable + constant delay)
Pre-defined and user-defined bit-vector functions can be used.
Directive to call SixthSense from ACL2
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 36: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/36.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
ACL2SIX Theorem Example
Theorem to test the output of a 2-stage 32-bit adder.
(defthm adder-output(implies (natp n)
(equal (vhdl-sigvec (adder) ”SUM” (0 31) (+ n 2))(bv+ (vhdl-sigvec (adder) ”A” (0 31) n)
(vhdl-sigvec (adder) ”B” (0 31) n)))):hints ((”goal” :clause-processor
(:function acl2six :hint ’((:cycle-var n))))))
Bit vectors are accessed by vhdl-sigvec with the syntax:(vhdl-sigvec 〈DUT〉 〈vector name〉 〈field〉 〈clock cycle〉)Clock cycle is given by (variable + constant delay)
Pre-defined and user-defined bit-vector functions can be used.
Directive to call SixthSense from ACL2Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 37: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/37.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Simplified Modular Reduction Engine
Modular reduction engine FSM tocompute A0 mod N0.
Example: compute 28 mod 5
A = 000111002
N = 000001012
Actual Operands are very long.
Many arithmetic operations arerepeated in each transition.
State transition takes fixed butlong clock cycles.
Align Data
Subtract or addwhile shifting
S0
Input A0 and N0
S1
S2
S3
S4
A = A0 mod N0
If N > A
Shift amt calculation
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 38: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/38.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Simplified Modular Reduction Engine
Modular reduction engine FSM tocompute A0 mod N0.
Example: compute 28 mod 5
A = 000111002
N = 000001012
Actual Operands are very long.
Many arithmetic operations arerepeated in each transition.
State transition takes fixed butlong clock cycles.
Align Data
Subtract or addwhile shifting
S0
Input A0 and N0
S1
S2
S3
S4
A = A0 mod N0
If N > A
Shift amt calculation
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 39: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/39.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Simplified Modular Reduction Engine
Modular reduction engine FSM tocompute A0 mod N0.
Example: compute 28 mod 5
A = 000111002
N = 000001012
Actual Operands are very long.
Many arithmetic operations arerepeated in each transition.
State transition takes fixed butlong clock cycles.
Align Data
Subtract or addwhile shifting
S0
Input A0 and N0
S1
S2
S3
S4
A = A0 mod N0
If N > A
Shift amt calculation
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 40: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/40.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Simplified Modular Reduction Engine
Modular reduction engine FSM tocompute A0 mod N0.
Example: compute 28 mod 5
A = 000111002
N = 000010102
Actual Operands are very long.
Many arithmetic operations arerepeated in each transition.
State transition takes fixed butlong clock cycles.
Align Data
Subtract or addwhile shifting
S0
Input A0 and N0
S1
S2
S3
S4
A = A0 mod N0
If N > A
Shift amt calculation
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 41: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/41.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Simplified Modular Reduction Engine
Modular reduction engine FSM tocompute A0 mod N0.
Example: compute 28 mod 5
A = 000111002
N = 000101002
Actual Operands are very long.
Many arithmetic operations arerepeated in each transition.
State transition takes fixed butlong clock cycles.
Align Data
Subtract or addwhile shifting
S0
Input A0 and N0
S1
S2
S3
S4
A = A0 mod N0
If N > A
Shift amt calculation
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 42: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/42.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Simplified Modular Reduction Engine
Modular reduction engine FSM tocompute A0 mod N0.
Example: compute 28 mod 5
A = 000111002
N = 000101002
Actual Operands are very long.
Many arithmetic operations arerepeated in each transition.
State transition takes fixed butlong clock cycles.
Align Data
Subtract or addwhile shifting
S0
Input A0 and N0
S1
S2
S3
S4
A = A0 mod N0
If N > A
Shift amt calculation
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 43: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/43.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Simplified Modular Reduction Engine
Modular reduction engine FSM tocompute A0 mod N0.
Example: compute 28 mod 5
A = 000010002
N = 000101002
Actual Operands are very long.
Many arithmetic operations arerepeated in each transition.
State transition takes fixed butlong clock cycles.
Align Data
Subtract or addwhile shifting
S0
Input A0 and N0
S1
S2
S3
S4
A = A0 mod N0
If N > A
Shift amt calculation
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 44: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/44.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Simplified Modular Reduction Engine
Modular reduction engine FSM tocompute A0 mod N0.
Example: compute 28 mod 5
A = 000010002
N = 000010102
Actual Operands are very long.
Many arithmetic operations arerepeated in each transition.
State transition takes fixed butlong clock cycles.
Align Data
Subtract or addwhile shifting
S0
Input A0 and N0
S1
S2
S3
S4
A = A0 mod N0
If N > A
Shift amt calculation
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 45: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/45.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Simplified Modular Reduction Engine
Modular reduction engine FSM tocompute A0 mod N0.
Example: compute 28 mod 5
A = 111111102
N = 000010102
Actual Operands are very long.
Many arithmetic operations arerepeated in each transition.
State transition takes fixed butlong clock cycles.
Align Data
Subtract or addwhile shifting
S0
Input A0 and N0
S1
S2
S3
S4
A = A0 mod N0
If N > A
Shift amt calculation
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 46: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/46.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Simplified Modular Reduction Engine
Modular reduction engine FSM tocompute A0 mod N0.
Example: compute 28 mod 5
A = 111111102
N = 000001012
Actual Operands are very long.
Many arithmetic operations arerepeated in each transition.
State transition takes fixed butlong clock cycles.
Align Data
Subtract or addwhile shifting
S0
Input A0 and N0
S1
S2
S3
S4
A = A0 mod N0
If N > A
Shift amt calculation
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 47: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/47.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Simplified Modular Reduction Engine
Modular reduction engine FSM tocompute A0 mod N0.
Example: compute 28 mod 5
A = 000000112
N = 000001012
Actual Operands are very long.
Many arithmetic operations arerepeated in each transition.
State transition takes fixed butlong clock cycles.
Align Data
Subtract or addwhile shifting
S0
Input A0 and N0
S1
S2
S3
S4
A = A0 mod N0
If N > A
Shift amt calculation
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 48: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/48.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Simplified Modular Reduction Engine
Modular reduction engine FSM tocompute A0 mod N0.
Example: compute 28 mod 5
A = 000000112
N = 000001012
Actual Operands are very long.
Many arithmetic operations arerepeated in each transition.
State transition takes fixed butlong clock cycles.
Align Data
Subtract or addwhile shifting
S0
Input A0 and N0
S1
S2
S3
S4
A = A0 mod N0
If N > A
Shift amt calculation
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 49: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/49.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Simplified Modular Reduction Engine
Modular reduction engine FSM tocompute A0 mod N0.
Example: compute 28 mod 5
A = 000000112
N = 000001012
Actual Operands are very long.
Many arithmetic operations arerepeated in each transition.
State transition takes fixed butlong clock cycles.
Align Data
Subtract or addwhile shifting
S0
Input A0 and N0
S1
S2
S3
S4
A = A0 mod N0
If N > A
Shift amt calculation
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 50: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/50.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Simplified Modular Reduction Engine
Modular reduction engine FSM tocompute A0 mod N0.
Example: compute 28 mod 5
A = 000000112
N = 000001012
Actual Operands are very long.
Many arithmetic operations arerepeated in each transition.
State transition takes fixed butlong clock cycles.
Align Data
Subtract or addwhile shifting
S0
Input A0 and N0
S1
S2
S3
S4
A = A0 mod N0
If N > A
Shift amt calculation
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 51: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/51.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Simplified Modular Reduction Engine
Modular reduction engine FSM tocompute A0 mod N0.
Example: compute 28 mod 5
A = 000000112
N = 000001012
Actual Operands are very long.
Many arithmetic operations arerepeated in each transition.
State transition takes fixed butlong clock cycles.
Align Data
Subtract or addwhile shifting
S0
Input A0 and N0
S1
S2
S3
S4
A = A0 mod N0
If N > A
Shift amt calculation
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 52: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/52.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Overall Approach to Verifying a State Transition Machine
Use a divide-and-conquer approach.
Model checker is used to verify properties over each statetransition.Theorem prover is used to combine verified properties to forma complete proof, and also reason about high-level math.
Make the model checker to work on bigger, more abstractsub-problems.
Hide the hardware details from the theorem prover.Theorem prover requires smaller steps to create a proof.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 53: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/53.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Overall Approach to Verifying a State Transition Machine
Use a divide-and-conquer approach.
Model checker is used to verify properties over each statetransition.Theorem prover is used to combine verified properties to forma complete proof, and also reason about high-level math.
Make the model checker to work on bigger, more abstractsub-problems.
Hide the hardware details from the theorem prover.Theorem prover requires smaller steps to create a proof.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 54: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/54.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
How Should We Write Properties over State Transition?
Typical state transition with pre-condition Pi andpost-condition Pi+1:
Pi (n) =⇒ Pi+1(n + ∆i )
∆i is typically constant over 10 but less than 100.
Actual conditions are written at high-level.e.g. Multi-word subtraction is simply written as A− N in Pi .The hardware may repeat multiple subtractions overdiscontinuous data.
Frequently, we need to add global and state invariants to prove
(inv(n) ∧ condi (n) ∧ Pi (n)) =⇒ Pi+1(n + ∆i )
Invariant definitions are in VHDL and hidden from theoremprover.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 55: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/55.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
How Should We Write Properties over State Transition?
Typical state transition with pre-condition Pi andpost-condition Pi+1:
Pi (n) =⇒ Pi+1(n + ∆i )
∆i is typically constant over 10 but less than 100.
Actual conditions are written at high-level.e.g. Multi-word subtraction is simply written as A− N in Pi .The hardware may repeat multiple subtractions overdiscontinuous data.
Frequently, we need to add global and state invariants to prove
(inv(n) ∧ condi (n) ∧ Pi (n)) =⇒ Pi+1(n + ∆i )
Invariant definitions are in VHDL and hidden from theoremprover.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 56: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/56.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
How Should We Write Properties over State Transition?
Typical state transition with pre-condition Pi andpost-condition Pi+1:
Pi (n) =⇒ Pi+1(n + ∆i )
∆i is typically constant over 10 but less than 100.
Actual conditions are written at high-level.e.g. Multi-word subtraction is simply written as A− N in Pi .The hardware may repeat multiple subtractions overdiscontinuous data.
Frequently, we need to add global and state invariants to prove
(inv(n) ∧ condi (n) ∧ Pi (n)) =⇒ Pi+1(n + ∆i )
Invariant definitions are in VHDL and hidden from theoremprover.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 57: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/57.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Algorithm to verify Pi(n) =⇒ Pi+1(n + ∆i)
Algorithm
1 Convert Pi (n) =⇒ Pi+1(n + ∆i ) to a circuit and combine itwith DUT and the driver. Result is Qi (n).
2 Simplify Qi (n) by a number of combinational and sequentiallogic reduction algorithms. Result is Q ′
i (n). If Q ′i (n) = T ,
return.
3 Prove Q ′i (n) by k-induction. Base cases are proved by BMC.
Inductive step is proved:Qi (n) ∧ Qi (n + 1) ∧ · · · ∧ Qi (n + k − 1) =⇒ Qi (n + k).
4 Increase k and repeat Step 3.
Step 1 is performed by the theorem prover. Step 2-4 by the modelchecker.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 58: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/58.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Algorithm to verify Pi(n) =⇒ Pi+1(n + ∆i)
Algorithm
1 Convert Pi (n) =⇒ Pi+1(n + ∆i ) to a circuit and combine itwith DUT and the driver. Result is Qi (n).
2 Simplify Qi (n) by a number of combinational and sequentiallogic reduction algorithms. Result is Q ′
i (n). If Q ′i (n) = T ,
return.
3 Prove Q ′i (n) by k-induction. Base cases are proved by BMC.
Inductive step is proved:Qi (n) ∧ Qi (n + 1) ∧ · · · ∧ Qi (n + k − 1) =⇒ Qi (n + k).
4 Increase k and repeat Step 3.
Step 1 is performed by the theorem prover. Step 2-4 by the modelchecker.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 59: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/59.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Algorithm to verify Pi(n) =⇒ Pi+1(n + ∆i)
Algorithm
1 Convert Pi (n) =⇒ Pi+1(n + ∆i ) to a circuit and combine itwith DUT and the driver. Result is Qi (n).
2 Simplify Qi (n) by a number of combinational and sequentiallogic reduction algorithms. Result is Q ′
i (n). If Q ′i (n) = T ,
return.
3 Prove Q ′i (n) by k-induction. Base cases are proved by BMC.
Inductive step is proved:Qi (n) ∧ Qi (n + 1) ∧ · · · ∧ Qi (n + k − 1) =⇒ Qi (n + k).
4 Increase k and repeat Step 3.
Step 1 is performed by the theorem prover. Step 2-4 by the modelchecker.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 60: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/60.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Algorithm to verify Pi(n) =⇒ Pi+1(n + ∆i)
Algorithm
1 Convert Pi (n) =⇒ Pi+1(n + ∆i ) to a circuit and combine itwith DUT and the driver. Result is Qi (n).
2 Simplify Qi (n) by a number of combinational and sequentiallogic reduction algorithms. Result is Q ′
i (n). If Q ′i (n) = T ,
return.
3 Prove Q ′i (n) by k-induction. Base cases are proved by BMC.
Inductive step is proved:Qi (n) ∧ Qi (n + 1) ∧ · · · ∧ Qi (n + k − 1) =⇒ Qi (n + k).
4 Increase k and repeat Step 3.
Step 1 is performed by the theorem prover. Step 2-4 by the modelchecker.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 61: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/61.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Algorithm to verify Pi(n) =⇒ Pi+1(n + ∆i)
Algorithm
1 Convert Pi (n) =⇒ Pi+1(n + ∆i ) to a circuit and combine itwith DUT and the driver. Result is Qi (n).
2 Simplify Qi (n) by a number of combinational and sequentiallogic reduction algorithms. Result is Q ′
i (n). If Q ′i (n) = T ,
return.
3 Prove Q ′i (n) by k-induction. Base cases are proved by BMC.
Inductive step is proved:Qi (n) ∧ Qi (n + 1) ∧ · · · ∧ Qi (n + k − 1) =⇒ Qi (n + k).
4 Increase k and repeat Step 3.
Step 1 is performed by the theorem prover. Step 2-4 by the modelchecker.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 62: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/62.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Generation of Counter-Examples for Induction Proof
Often an induction proof fails and acounter-example helps debugging.
Counter-example generation is difficult fortransformation-based verification tool likeSixthSense.
An inductive counter-example does notstart with an initial state.Some information is lost duringtransformation.
Implemented a trace lifting to reflect trueroot cause of induction failure.
ReductionEngine 1
ReductionEngine 2
ReductionEngine 3
Original
Problem CounterExample
Lifted
Find a counter−example
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 63: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/63.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Generation of Counter-Examples for Induction Proof
Often an induction proof fails and acounter-example helps debugging.
Counter-example generation is difficult fortransformation-based verification tool likeSixthSense.
An inductive counter-example does notstart with an initial state.Some information is lost duringtransformation.
Implemented a trace lifting to reflect trueroot cause of induction failure.
ReductionEngine 1
ReductionEngine 2
ReductionEngine 3
Original
Problem CounterExample
Lifted
Find a counter−example
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 64: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/64.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Generation of Counter-Examples for Induction Proof
Often an induction proof fails and acounter-example helps debugging.
Counter-example generation is difficult fortransformation-based verification tool likeSixthSense.
An inductive counter-example does notstart with an initial state.Some information is lost duringtransformation.
Implemented a trace lifting to reflect trueroot cause of induction failure.
ReductionEngine 1
ReductionEngine 2
ReductionEngine 3
Original
Problem CounterExample
Lifted
Find a counter−example
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 65: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/65.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Verification Results of Modular Reduction
Data Width 56-bit 256-bit 384-bit 512-bit
Total Time 10442s 20646s 37607s 98199s
Theorem Prover Time 257s 289s 474s 1690s
Property Check Time 10188s 20261s 37139s 97012s
Avg. Time per Prop. 118s 151s 223s 489s
Max Time per Prop. 138s 368s 1232s 3456s
We finished modular reduction proof up to 512-bit.
1024-bit operation has properties that time-out in 24 hours.
Individual property time increases rapidly as both statetransition delay and input data increase.
Most time spent in the model checker.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 66: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/66.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Verification Results of Modular Reduction
Data Width 56-bit 256-bit 384-bit 512-bit
Total Time 10442s 20646s 37607s 98199s
Theorem Prover Time 257s 289s 474s 1690s
Property Check Time 10188s 20261s 37139s 97012s
Avg. Time per Prop. 118s 151s 223s 489s
Max Time per Prop. 138s 368s 1232s 3456s
We finished modular reduction proof up to 512-bit.
1024-bit operation has properties that time-out in 24 hours.
Individual property time increases rapidly as both statetransition delay and input data increase.
Most time spent in the model checker.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 67: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/67.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Verification Results of Modular Reduction
Data Width 56-bit 256-bit 384-bit 512-bit
Total Time 10442s 20646s 37607s 98199s
Theorem Prover Time 257s 289s 474s 1690s
Property Check Time 10188s 20261s 37139s 97012s
Avg. Time per Prop. 118s 151s 223s 489s
Max Time per Prop. 138s 368s 1232s 3456s
We finished modular reduction proof up to 512-bit.
1024-bit operation has properties that time-out in 24 hours.
Individual property time increases rapidly as both statetransition delay and input data increase.
Most time spent in the model checker.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 68: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/68.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Verification Results of Modular Reduction
Data Width 56-bit 256-bit 384-bit 512-bit
Total Time 10442s 20646s 37607s 98199s
Theorem Prover Time 257s 289s 474s 1690s
Property Check Time 10188s 20261s 37139s 97012s
Avg. Time per Prop. 118s 151s 223s 489s
Max Time per Prop. 138s 368s 1232s 3456s
We finished modular reduction proof up to 512-bit.
1024-bit operation has properties that time-out in 24 hours.
Individual property time increases rapidly as both statetransition delay and input data increase.
Most time spent in the model checker.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 69: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/69.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Conclusion
We verified a number of modular operations.
Modular reduction, modular addition and subtraction.Montgomery multiplier
Analysis of modular inverse uncovered an overflow problem.
The key is to use a powerful model checker to verify a largersub-problems. Reduced theorem proving effort.
Still full 4096-bits operation is hard to verify. Need to improvemodel checker for this type of proof.
Theorem proving is still a bottleneck to apply in an industrialsetting. Need more automation or more productivity.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 70: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/70.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Conclusion
We verified a number of modular operations.
Modular reduction, modular addition and subtraction.Montgomery multiplier
Analysis of modular inverse uncovered an overflow problem.
The key is to use a powerful model checker to verify a largersub-problems. Reduced theorem proving effort.
Still full 4096-bits operation is hard to verify. Need to improvemodel checker for this type of proof.
Theorem proving is still a bottleneck to apply in an industrialsetting. Need more automation or more productivity.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 71: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/71.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Conclusion
We verified a number of modular operations.
Modular reduction, modular addition and subtraction.Montgomery multiplier
Analysis of modular inverse uncovered an overflow problem.
The key is to use a powerful model checker to verify a largersub-problems. Reduced theorem proving effort.
Still full 4096-bits operation is hard to verify. Need to improvemodel checker for this type of proof.
Theorem proving is still a bottleneck to apply in an industrialsetting. Need more automation or more productivity.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 72: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/72.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Conclusion
We verified a number of modular operations.
Modular reduction, modular addition and subtraction.Montgomery multiplier
Analysis of modular inverse uncovered an overflow problem.
The key is to use a powerful model checker to verify a largersub-problems. Reduced theorem proving effort.
Still full 4096-bits operation is hard to verify. Need to improvemodel checker for this type of proof.
Theorem proving is still a bottleneck to apply in an industrialsetting. Need more automation or more productivity.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine
![Page 73: Hybrid Verification of a Hardware Modular Reduction Enginehunt/FMCAD/FMCAD11/slides/... · 2011-11-02 · Hybrid Verification of a Hardware Modular Reduction Engine Jun Sawada,](https://reader034.vdocuments.us/reader034/viewer/2022050422/5f90fbf5a5734048374db674/html5/thumbnails/73.jpg)
Motivation Verification Tool Verification of Modular Reduction Results and Observation
Conclusion
We verified a number of modular operations.
Modular reduction, modular addition and subtraction.Montgomery multiplier
Analysis of modular inverse uncovered an overflow problem.
The key is to use a powerful model checker to verify a largersub-problems. Reduced theorem proving effort.
Still full 4096-bits operation is hard to verify. Need to improvemodel checker for this type of proof.
Theorem proving is still a bottleneck to apply in an industrialsetting. Need more automation or more productivity.
Sawada, Sandon, Paruthi, Baumgartner, Case, Mony IBM Corporation
Hybrid Verification of a Hardware Modular Reduction Engine