Formal Verification of Analog Designs using MetiTarski William - PowerPoint PPT Presentation

Formal Verification of Analog Designs using MetiTarski William Denman , Behzad Akbarpour, Sofiène Tahar 1 Mohamed H. Zaki 2 Lawrence C. Paulson 3 1 Concordia University, Montreal, Canada 2 University of British Columbia, Vancouver, Canada 3 University of Cambridge, United Kingdom FMCAD’09 November 17 th , 2009

���������� Should we care about formal verification for analog circuits? Verifiers / Researchers Designers Yes ! Not really … Common motivation FMCAD’09 William Denman 2 / 36

���������� • Some interesting statistics [IBS Corporation] – Analog Circuitry 2% of the transistor count – 20% of the IC Area – 40% of the design Effort Analog verification continues to be a serious bottleneck 50% of the errors that require re-design are from analog circuitry FMCAD’09 William Denman 3 / 36

���������� Formal Verification for Analog Circuits? • Challenges – Infinite/Continuous state space – Infinite time – PVT : Sensitivity to process variation, voltage, temperature – Non-linear behaviour • We propose – A time unbounded verification – Using MetiTarski : An Automated Theorem Prover FMCAD’09 William Denman 4 / 36

������� • Motivation • Related Work • Proposed Methodology • Brief Introduction to MetiTarski • Illustrative Example • Conclusion • Future Plans FMCAD’09 William Denman 5 / 36

������������ Equivalence Model Checking/ Proof Based Checking Reachability Analysis • Balivada [1995] – Discretization of a circuit’s transfer function to the Z-domain – Apply digital based equivalence checking techniques • Hartong, Klausen and Hedrich [2004] – From analog circuit transfer functions – Verify dynamic behaviour of the specification and implementation state spaces. Presence of tolerance margins FMCAD’09 William Denman 6 / 36

������������ Equivalence Model Checking/ Proof Based Checking Reachability Analysis • Kurshan and McMillan [1991] – State space subdivision of transistor behaviour – Predict possible transitions between states • Gupta [2004] , Dang [2006], Frehse [2006], Little [2006], Greenstreet [2007] – Reachability relations using projection techniques – Over-approximation, but verification still sound Possible Time Bounded Verification FMCAD’09 William Denman 7 / 36

������������ Equivalence Model Checking/ Proof Based Checking Reachability Analysis • Ghosh and Vemuri [1999] – PVS used to prove functional equivalence between models – Specification built in VHDL-AMS – Approximated DC models • Hanna [2000] – Predicates defining voltage and current behaviour – Theorem Proving used – Conservative approximation Manual/Heuristic steps FMCAD’09 William Denman 8 / 36

������� • Motivation • Related Work • Proposed Methodology • Brief Introduction to MetiTarski • Illustrative Example • Conclusion • Future Plans FMCAD’09 William Denman 9 / 36

����������� Analog Specification Circuit Property of Closed Form Interest Solution Proof generated Property Inequality MetiTarski Verified True Does not terminate Add Axioms Does not terminate Range Reduction FMCAD’09 William Denman 10 / 36

����������� • Analog circuit specification – Circuit must oscillate Specification – Gain for certain frequency range Property of • Isolate the property Interest – Oscillation : Is it present? Inequality – Gain : 3dB Bandwidth • Inequality – Voltage < Upper threshold – Gain > Minimum Required Value FMCAD’09 William Denman 11 / 36

����������� • Analog circuit – Differential equations Analog Circuit – Kirchoff law Equations Closed Form • Closed Form Solution Solution – Bounded number of analytical functions – No differential operators – Not always easy to obtain FMCAD’09 William Denman 12 / 36

����������� • Automated Theorem Proving – The axioms are specific mathematical facts Add Axioms – Bounding properties – Definition of functions • Range Reduction Range Reduction – Functions are not defined over all ranges – Large bounds cause proof to never end – Apply basic trigonometric identities cos( x ) = cos( x + 2 π ) sin( x ) = sin( x + 2 π ) FMCAD’09 William Denman 13 / 36

������� • Motivation • Related Work • Proposed Methodology • Brief Introduction to MetiTarski • Illustrative Example • Conclusion • Future Plans FMCAD’09 William Denman 14 / 36

���������� • Developed by Akbarpour and Paulson [‘07] – Automated Theorem Prover – Transcendental functions (sine, cosine, ln, exp, etc.) – Square Root • Theory behind the tool – Resolution prover combined with a decision procedure – Decidability of real closed fields (RCF) by Tarski – Function families of upper and lower bounds by Daumas and others FMCAD’09 William Denman 15 / 36

���������� �������������� Resolution Theorem Prover Decision Procedure Metis QEPCAD-B MetiTarski FMCAD’09 William Denman 16 / 36

���������� • QEPCAD-B – Advanced implementation of cylindrical algebraic decomposition – Best available decision procedure for RCF – Eliminates quantifiers from a formula 2 ∃ x . ax + bx + c = 0 reduces to 2 ( a ≠ 0 ∧ b − 4 ac ≥ 0 ) ∨ ( a = 0 ∧ b ≠ 0 ) ∨ ( a = b = c = 0 ) FMCAD’09 William Denman 17 / 36

������������� 0 ≤ x ≤ 4 • Assuming • We are given a function containing exp(x) 3 2 – Upper bound axiom is − ( x + 12 x + 60 x + 120 ) 3 2 x − 12 x + 60 x − 120 – Will usually need more than one axiom FMCAD’09 William Denman 18 / 36

������� • Motivation • Related Work • Proposed Methodology • Brief Introduction to MetiTarski • Illustrative Example • Conclusion • Future Plans FMCAD’09 William Denman 19 / 36

������� • PWL: Simplest class of nonlinear circuits • Behaviour can be reasonably approximated 0 ≤ V ≤ 0 . 276 C 0 . 276 < V ≤ 0 . 723 C 0 . 723 ≤ V < 1 . 0 C FMCAD’09 William Denman 20 / 36

�������������������� ODEs Piecewise Transition Initial ODEs Relations Conditions MAPLE Modes of operation M1 M2 M3 MetiTarski FMCAD’09 William Denman 21 / 36

�������������������� Piecewise Transition Initial ODEs Relations Conditions • Using a computer algebra system • Piecewise ODEs – Separate behaviour of the component into modes • Transition relations – Determined by the piecewise model • Initial Conditions – Dependant on the system specification FMCAD’09 William Denman 22 / 36

�������������������� Initial • Closed form solution Conditions for each mode ODEs Mode N Maple Invlaplace Closed Form • Procedure followed Solution until each mode visited Maple Fsolve Switching Time Maple Eval Initial Conditions Mode N+1 FMCAD’09 William Denman 23 / 36

�������������������� • Starting with the ODEs of the system • I D (V C ) is the current through the tunnel diode • Inverse Laplace transform taken to get closed form solutions in each mode FMCAD’09 William Denman 24 / 36

�������������������� • Using the produced solution – Fsolve used to compute time when switches modes – Mode 1 -> Mode 2 : V D > 0.276 • Initial conditions determined – Take solution from Fsolve – Use Eval to evaluate function values • Continue until each mode visited FMCAD’09 William Denman 25 / 36

���!����"��������� • Choose the property of interest – Reason about oscillation – Reason about bounded behaviour • Turn into an inequality – Non-oscillation : I L will never pass an upper bound – Bounded Behaviour : I L and V C will remain bounded • Input into MetiTarski FMCAD’09 William Denman 26 / 36

���������������� • Transform inequality into the MetiTarski syntax • Remember: each mode must be checked Time in a specific mode For All Mode Switch Time Closed form solution Property inequality FMCAD’09 William Denman 27 / 36

������� • Property 1 – Non-Oscillation • In each mode upper threshold not passed – I L : Current through the inductor FMCAD’09 William Denman 28 / 36

������� Property 2 – Bounded Behaviour • In each mode the current and voltage are bounded • Necessary to add axioms in 2 cases. FMCAD’09 William Denman 29 / 36

���!����������� • Recall the property Non Oscillation I L will never pass an upper bound FMCAD’09 William Denman 30 / 36