consistency of rtl designs
play

Consistency of RTL Designs Yatin A. Manerkar , Daniel Lustig*, - PowerPoint PPT Presentation

RTLCheck: Verifying the Memory Consistency of RTL Designs Yatin A. Manerkar , Daniel Lustig*, Margaret Martonosi, and Michael Pellauer* Princeton University *NVIDIA MICRO-50 http:/ ://check.cs.p .princeton.edu/ Memory Consistency Models


  1. RTLCheck: Verifying the Memory Consistency of RTL Designs Yatin A. Manerkar , Daniel Lustig*, Margaret Martonosi, and Michael Pellauer* Princeton University *NVIDIA MICRO-50 http:/ ://check.cs.p .princeton.edu/

  2. Memory Consistency Models (MCMs) are Complex Core 0 Core 1 Data = 100; While (Flag != 1) {} Flag = 1; int r1 = Data; (All locations initially have a value of 0) ▪ MCMs specify ordering requirements of memory operations in parallel programs • Essential to correct parallel systems ▪ Difficult to specify and verify!

  3. Memory Consistency Models (MCMs) are Complex Core 0 Core 1 Data = 100; While (Flag != 1) {} Flag = 1; int r1 = Data; (All locations initially have a value of 0) ▪ MCMs specify ordering requirements of memory operations in parallel programs • Essential to correct parallel systems ▪ Difficult to specify and verify!

  4. Memory Consistency Models (MCMs) are Complex Core 0 Core 1 Flag = 1; While (Flag != 1) {} Data = 100; int r1 = Data; (All locations initially have a value of 0) ▪ MCMs specify ordering requirements of memory operations in parallel programs • Essential to correct parallel systems ▪ Difficult to specify and verify!

  5. How to Verify Hardware MCM Behaviour? ▪ Hardware enforces consistency model using smaller localized orderings • In-order fetch/WB • Coherence protocol orderings • …and many more Fetch Fetch Lds. Dec. Dec. SB SB Exec. Exec. L1 L1 Mem. Mem. WB WB L2 Coh oherence Protocol l (S (SWMR, DVI, etc.)

  6. How to Verify Hardware MCM Behaviour? ▪ Hardware enforces consistency model using smaller localized orderings • In-order fetch/WB • Coherence protocol orderings • …and many more Fetch Fetch Lds. Dec. Dec. SB SB Exec. Exec. L1 L1 Mem. Mem. WB WB L2 Coh oherence Protocol l (S (SWMR, DVI, etc.)

  7. How to Verify Hardware MCM Behaviour? ▪ Hardware enforces consistency model using smaller localized orderings • In-order fetch/WB • Coherence protocol orderings • …and many more Fetch Fetch Lds. Dec. Dec. SB SB Exec. Exec. FIFO store buffers L1 L1 Mem. Mem. help ensure Total WB WB Store Order (TSO) L2 Coh oherence Protocol l (S (SWMR, DVI, etc.)

  8. How to Verify Hardware MCM Behaviour? ▪ Hardware enforces consistency model using smaller localized orderings • In-order fetch/WB • Coherence protocol orderings • …and many more Do individual orderings correctly work together Fetch Fetch Lds. Dec. Dec. to satisfy consistency model? SB SB Exec. Exec. FIFO store buffers L1 L1 Mem. Mem. help ensure Total WB WB Store Order (TSO) L2 Coh oherence Protocol l (S (SWMR, DVI, etc.)

  9. Our Prior Work: Microarchitectural Consistency Verification Mic icroarchit itecture in in µspec ec DS DSL Axiom “ StoreBuffer_is_in_order": ... EdgeExists ((i1, SB_Enter), (i2, SB_Enter)) => AddEdge ((i1, SB_Exit), (i2, SB_Exit)). Axiom "PO_Fetch": ... SameCore i1 i2 /\ ProgramOrder i1 i2 => AddEdge ((i1, Fetch), (i2, Fetch)). Litm Litmus Tes est

  10. Our Prior Work: Microarchitectural Consistency Verification Mic icroarchit itecture in µspec in ec DS DSL Axiom “ StoreBuffer_is_in_order": ... EdgeExists ((i1, SB_Enter), (i2, SB_Enter)) => AddEdge ((i1, SB_Exit), (i2, SB_Exit)). Axiom "PO_Fetch": ... SameCore i1 i2 /\ ProgramOrder i1 i2 => AddEdge ((i1, Fetch), (i2, Fetch)). Each axiom specifies an ordering that µarch should respect Litm Litmus Tes est

  11. Our Prior Work: Microarchitectural Consistency Verification Mic icroarchit itecture in in µspec ec DS DSL Axiom “ StoreBuffer_is_in_order": ... EdgeExists ((i1, SB_Enter), (i2, SB_Enter)) => AddEdge ((i1, SB_Exit), (i2, SB_Exit)). Axiom "PO_Fetch": ... SameCore i1 i2 /\ ProgramOrder i1 i2 => AddEdge ((i1, Fetch), (i2, Fetch)). Litm Litmus Tes est

  12. Our Prior Work: Microarchitectural Consistency Verification Mic icroarchit itecture in µspec in ec DS DSL Axiom “ StoreBuffer_is_in_order": ... EdgeExists ((i1, SB_Enter), (i2, SB_Enter)) => AddEdge ((i1, SB_Exit), (i2, SB_Exit)). Axiom "PO_Fetch": ... SameCore i1 i2 /\ ProgramOrder i1 i2 => AddEdge ((i1, Fetch), (i2, Fetch)). Litm Litmus Tes est Mic icroarchit itectural happen ens-before (µ (µhb hb) gr graphs

  13. Our Prior Work: Microarchitectural Consistency Verification [h [http tp://check.cs.prin inceton.ed edu] Mic icroarchit itecture in in µspec ec DS DSL Axiom “ StoreBuffer_is_in_order": ... EdgeExists ((i1, SB_Enter), (i2, SB_Enter)) => AddEdge ((i1, SB_Exit), (i2, SB_Exit)). Axiom "PO_Fetch": ... SameCore i1 i2 /\ ProgramOrder i1 i2 => AddEdge ((i1, Fetch), (i2, Fetch)). Litmus Tes Litm est Microarch. verification checks that combination of axioms satisfies MCM Mic icroarchit itectural happen ens-before (µ (µhb hb) gr graphs

  14. Our Prior Work: Microarchitectural Consistency Verification [http [h tp://check.cs.prin inceton.ed edu] Mic icroarchit itecture in µspec in ec DS DSL Axiom “ StoreBuffer_is_in_order": ... EdgeExists ((i1, SB_Enter), (i2, SB_Enter)) => AddEdge ((i1, SB_Exit), (i2, SB_Exit)). Axiom "PO_Fetch": Higher-level verif. requires maintaining ordering axioms ... SameCore i1 i2 /\ ProgramOrder i1 i2 => AddEdge ((i1, Fetch), (i2, Fetch)). Does RTL maintain microarchitectural orderings? Litm Litmus Tes est Microarch. verification checks that combination of axioms satisfies MCM Mic icroarchit itectural happen ens-before (µ (µhb hb) gr graphs

  15. RTL Verification is Maturing… ▪ …but usually ignores memory consistency! ▪ Often use SystemVerilog Assertions (SVA)

  16. RTL Verification is Maturing… ▪ …but usually ignores memory consistency! ▪ Often use SystemVerilog Assertions (SVA) ISA-Formal [Reid et al. CAV 2016] -Instr. Operational Semantics No MCM verification!

  17. RTL Verification is Maturing… ▪ …but usually ignores memory consistency! ▪ Often use SystemVerilog Assertions (SVA) ISA-Formal [Reid et al. CAV 2016] DOGReL [Stewart et al. DIFTS 2014] -Instr. Operational Semantics -Memory subsystem transactions No MCM verification! No multicore MCM verification!

  18. RTL Verification is Maturing… ▪ …but usually ignores memory consistency! ▪ Often use SystemVerilog Assertions (SVA) ISA-Formal [Reid et al. CAV 2016] DOGReL [Stewart et al. DIFTS 2014] -Instr. Operational Semantics -Memory subsystem transactions No MCM verification! No multicore MCM verification! Kami [Vijayaraghavan et al. CAV 2015] [Choi et al. ICFP 2017] - MCM correctness for all programs, but… Needs Bluespec design and manual proofs!

  19. RTL Verification is Maturing… ▪ …but usually ignores memory consistency! ▪ Often use SystemVerilog Assertions (SVA) ISA-Formal [Reid et al. CAV 2016] DOGReL [Stewart et al. DIFTS 2014] Lack of automated memory -Instr. Operational Semantics -Memory subsystem transactions No MCM verification! No multicore MCM verification! consistency verification at RTL! Kami [Vijayaraghavan et al. CAV 2015] [Choi et al. ICFP 2017] - MCM correctness for all programs, but… Needs Bluespec design and manual proofs!

  20. RTLCheck: Verifying Consistency Orderings at RTL µspec RTL Litmus Mapping Microarch. Design Test Functions Axioms RTLCheck Temporal SystemVerilog Assertions (SVA) JasperGold Proven? (RTL Verifier)

  21. RTLCheck: Verifying Consistency Orderings at RTL µspec User-provided RTL Litmus Mapping Microarch. mapping functions Design Test Functions Axioms translate microarch. primitives to RTL RTLCheck equivalents Temporal SystemVerilog Assertions (SVA) JasperGold Proven? (RTL Verifier)

  22. RTLCheck: Verifying Consistency Orderings at RTL µspec RTL Litmus Mapping Microarch. Design Test Functions Axioms RTLCheck automatically RTLCheck translates µarch. ordering axioms to temporal properties Temporal SystemVerilog Assertions (SVA) JasperGold Proven? (RTL Verifier)

  23. RTLCheck: Verifying Consistency Orderings at RTL µspec RTL Litmus Mapping Microarch. Design Test Functions Axioms RTLCheck Temporal SystemVerilog Assertions (SVA) Properties may be proven or counterexample found JasperGold Proven? (RTL Verifier)

  24. Meaning can be Lost in Translation! 小心地滑

  25. Meaning can be Lost in Translation! 小心地滑 (Caution: Slippery Floor)

  26. Meaning can be Lost in Translation! 小心地滑 (Caution: Slippery Floor) [Image: Barbara Younger] [Inspiration: Tae Jun Ham]

  27. RTLCheck: Verifying Consistency at RTL Axiomatic Microarch. Verification

  28. RTLCheck: Verifying Consistency at RTL Axiomatic Microarch. Verification 6 7 2 3 4 5 clk St x St y Core[0].DX Temporal St y St x Core[0].WB RTL Verification 0x1 0x1 Core[0].SData (SVA, etc) Ld y Ld x Core[1].DX Ld y Ld x Core[1].WB 0x1 0x1 Core[1].LData

  29. RTLCheck: Verifying Consistency at RTL Axiomatic Abstract nodes Microarch. and happens- Verification before edges 6 7 2 3 4 5 clk St x St y Core[0].DX Temporal St y St x Core[0].WB RTL Verification 0x1 0x1 Core[0].SData (SVA, etc) Ld y Ld x Core[1].DX Ld y Ld x Core[1].WB 0x1 0x1 Core[1].LData

Recommend


More recommend