formal verification of stack manipulation in the scip
play

Formal Verification of Stack Manipulation in the SCIP Processor J. - PowerPoint PPT Presentation

Mar 22, 2024 •193 likes •424 views

Formal Verification of Stack Manipulation in the SCIP Processor J. Aaron Pendergrass High Level Challenges to developing capability in formal methods: Perceived high barrier to entry, Specialized tools and jargon, Need for a

  1. Formal Verification of Stack Manipulation in the SCIP Processor J. Aaron Pendergrass

  2. High Level ◮ Challenges to developing capability in formal methods: ◮ Perceived high barrier to entry, ◮ Specialized tools and jargon, ◮ Need for a compelling but attainable demonstration. ◮ Why we chose the SCIP processor: ◮ Developed in house, ◮ General purpose processor, ◮ Simple design ( ∼ 5k lines VHDL), ◮ No advanced processor features (pipelining, out-of-order execution, etc.), ◮ For use in satellites ⇒ high reliability requirements. September 24, 2010

  3. Scope True Goal: To prove that the physical processor does what we want, English Design VHDL Design Hardware Document Formal ACL2 Specification Model but . . . ◮ proof tools work on an abstract model, ◮ “what we want” is not formally defined. September 24, 2010

  4. Scope True Goal: To prove that the physical processor does what we want, English Design VHDL Design Hardware Document Formal ACL2 Specification Model but . . . ◮ proof tools work on an abstract model, ◮ “what we want” is not formally defined. Instead we prove that a model of the VHDL design meets certain correctness properties. September 24, 2010

  5. Approach Embedding of VHDL in ACL2 ◮ Focus on building a syntactic layer on ACL2 for easy translation. ◮ Key Goals: ◮ Incremental semantic refinements, ◮ Direct manual translation of existing code, ◮ Target for automated translation. ACL2 Model of SCIP Design ◮ Test case for modeling framework. ◮ Translate VHDL code, then prove axiomatic summaries of components. September 24, 2010

  6. VHDL Modeling Framework Challenges ◮ Large semantic gap between VHDL and ACL2. ◮ VHDL processes all execute at the same time. ◮ Human checkable translation. ◮ Must match structure of original VHDL code. Solution ◮ Use ACL2 (LISP) macros to wrap ACL2 implementation behind VHDL like syntax. ◮ Based primarily on Georgelin, et al., “A framework for VHDL combining theorem proving and symbolic simulation.” September 24, 2010

  7. Supported VHDL Entities ◮ Uses defstructure book to generate data type predicates, accessors, updaters, etc. ◮ Nested components supported via copy-in/copy-out semantics. Processes ◮ Mapped to ACL2 functions. ◮ Generate theorems to guarantee some safety properties (e.g., no writing to inputs). September 24, 2010

  8. Supported VHDL Architectures ◮ Generate a single function that is the composition of all processes and subcomponent updates. ◮ Generate theorems to show processes are order independent. September 24, 2010

  9. Supported VHDL Architectures ◮ Generate a single function that is the composition of all processes and subcomponent updates. ◮ Generate theorems to show processes are order independent. But Wait . . . ◮ Order independence isn’t sufficient to guarantee the processes can be safely interleaved! September 24, 2010

  10. Supported VHDL Architectures ◮ Generate a single function that is the composition of all processes and subcomponent updates. ◮ Generate theorems to show processes are order independent. But Wait . . . ◮ Order independence isn’t sufficient to guarantee the processes can be safely interleaved! ◮ Fine for combinatorial processes (all of SCIP). ◮ Problem for sequential processes with shared state. ◮ But it is easy to change the macros to generate stronger theorems for guaranteeing determinism. September 24, 2010

  11. Supported VHDL Data Types ◮ Originally based on ACL2’s native integer type. ◮ Easy for arithmetic, challenging for bit slicing operations (concatenation, truncation, etc.). ◮ Simplification of VHDL’s 9 valued logic: U (uninitialized), X (undefined), 0 (strong drive, logic 0), 1, (strong drive, logic 1), Z (high impedance), W (weak drive, unknown value), L (weak drive, logic 0), H (weak drive, logic 1), - (don’t care). ◮ Used a symbolic instruction representation to avoid complex bit operations. ◮ Became problematic as we added type checking because data and instructions must traverse the same buses. September 24, 2010

  12. Supported VHDL Data Types ◮ Migrated to lists of logical symbols ◮ Operations such as truncation and concatenation become structurally recursive. ◮ Required very little modification to existing SCIP model (mostly search and replace). September 24, 2010

  13. SCIP Design A Simple Forth Microprocessor ◮ Designed for managing scientific instruments on satellites. ◮ Low power, light weight, low gate count. ◮ 16 and 32 bit versions (16 is standard). ◮ No pipelining, No superscalar, No out-of-order. ◮ Stack based design inspired by the Forth language. ◮ Two stacks: parameter stack (P-stack) and return stack (R-stack). ◮ Instructions may specify multiple behaviors such as an ALU operation, a P-stack modification, and a return. September 24, 2010

  14. SCIP Instructions Instructions Are Packed Structures ◮ Only 18 different kinds of instructions. ◮ ∼ 9356 different opcodes. Basic ALU Instruction 1011 1 01 010 00 0010 Pop Return Stack Ignored Addition After Execution Push Result On Top Of Operand Stack September 24, 2010

  15. SCIP Correctness Proofs Parameter Stack Design ◮ Many instructions can include a stack operation (Push, Pop, Swap, or Nop). ◮ Processor stacks are represented by a set of data registers and two index registers. ◮ On 16 bit SCIP: 16 2 15 0 byte data registers, 4 14 1 13 2 bit index registers. 12 3 OVERFLOW TOP ◮ If enabled, 11 4 overflow/underflow 10 5 may trigger 9 6 reading/writing main 8 7 memory. September 24, 2010

  16. SCIP Correctness Proofs Abstract Properties ◮ We’d like to show that the register ring actually implements a stack. ◮ In particular we need to show that the instructions correspond to abstract stack manipulation operations. ◮ e.g., s − push ( a ) ( a . s ) − − − → ◮ Model stacks using ACL2 lists ( push ≡ cons ). ◮ Focus on normal operation & detecting exception cases (overflow/underflow) September 24, 2010

  17. Graphically 4 3 15 0 14 1 2 13 2 1 OVERFLOW 12 3 0 11 4 15 10 5 14 TOP 9 6 8 7 13 12 September 24, 2010

  18. Actual Theorem ≡ (defthm scip push pstack cons (implies (and (scip pstack inputs ready p st) (not (equal (scip reset st) 1)) (not (rising edge (scip clk st))) (equal (scip stretch st) 0) (instr class stack (scip ir+ st)) (equal (stack op (scip ir+ st)) *st push*) (std logic defined list p (scip ptopi+ st)) (std logic defined list p (scip poveri+ st)) (integerp n) ( > = n 3)) (equal (scip get pstack regfile as list (scip step (scip raise clock (scip step n n st)))) (let ((p (scip ptopi+ st)) (o (scip poveri+ st))) (cond ((equal (std logic list to int p) (std logic list to int o)) (list (scip pnext+ st))) (t (cons (scip pnext+ st) (scip get pstack regfile as list st)))))))) September 24, 2010

  19. Actual Theorem ≡ If the SCIP is valid and in (defthm scip push pstack cons stable state, (implies (and (scip pstack inputs ready p st) (not (equal (scip reset st) 1)) (not (rising edge (scip clk st))) (equal (scip stretch st) 0) (instr class stack (scip ir+ st)) (equal (stack op (scip ir+ st)) *st push*) (std logic defined list p (scip ptopi+ st)) (std logic defined list p (scip poveri+ st)) (integerp n) ( > = n 3)) (equal (scip get pstack regfile as list (scip step (scip raise clock (scip step n n st)))) (let ((p (scip ptopi+ st)) (o (scip poveri+ st))) (cond ((equal (std logic list to int p) (std logic list to int o)) (list (scip pnext+ st))) (t (cons (scip pnext+ st) (scip get pstack regfile as list st)))))))) September 24, 2010

  20. Actual Theorem ≡ If the SCIP is valid and in (defthm scip push pstack cons stable state, (implies (and (scip pstack inputs ready p st) (not (equal (scip reset st) 1)) (not (rising edge (scip clk st))) (equal (scip stretch st) 0) (instr class stack (scip ir+ st)) then the P-stack at the next clock (equal (stack op (scip ir+ st)) *st push*) cycle, represented as a list... (std logic defined list p (scip ptopi+ st)) (std logic defined list p (scip poveri+ st)) (integerp n) ( > = n 3)) (equal (scip get pstack regfile as list (scip step (scip raise clock (scip step n n st)))) (let ((p (scip ptopi+ st)) (o (scip poveri+ st))) (cond ((equal (std logic list to int p) (std logic list to int o)) (list (scip pnext+ st))) (t (cons (scip pnext+ st) (scip get pstack regfile as list st)))))))) September 24, 2010

  21. Actual Theorem ≡ If the SCIP is valid and in (defthm scip push pstack cons stable state, (implies (and (scip pstack inputs ready p st) (not (equal (scip reset st) 1)) (not (rising edge (scip clk st))) (equal (scip stretch st) 0) (instr class stack (scip ir+ st)) then the P-stack at the next clock (equal (stack op (scip ir+ st)) *st push*) cycle, represented as a list... (std logic defined list p (scip ptopi+ st)) (std logic defined list p (scip poveri+ st)) (integerp n) ( > = n 3)) ... is equal to the original pnext register cons ' ed onto the original (equal (scip get pstack regfile as list P-stack represented as a list (scip step (scip raise clock (scip step n n st)))) (let ((p (scip ptopi+ st)) (o (scip poveri+ st))) (cond ((equal (std logic list to int p) (std logic list to int o)) (list (scip pnext+ st))) (t (cons (scip pnext+ st) (scip get pstack regfile as list st)))))))) September 24, 2010

Recommend

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry 1 Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches HOL Light Floating point

366 views • 25 slides
Chapter Thirteen: Stack Machines Formal Language, chapter 13, slide 1 1 Stacks are

Chapter Thirteen: Stack Machines Formal Language, chapter 13, slide 1 1 Stacks are

Chapter Thirteen: Stack Machines Formal Language, chapter 13, slide 1 1 Stacks are ubiquitous in computer programming, and they have an important role in formal language as well. A stack machine is a kind of automaton that uses a stack for

854 views • 59 slides
Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic 1 Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal verification Machine-checked proof Automatic and interactive approaches HOL Light

539 views • 19 slides
Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms 1 Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of bugs Formal verification Levels of verification HOL Light Formalizing mathematics

353 views • 19 slides
Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA http://www.clifford.at/papers/2018/riscv-formal/ About assertion based formal verification (formal ABV) Assertion based verification (ABV) Uses

781 views • 39 slides
Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal Verification Yosys-STMBMC iCE40 FPGAs Bounded Model Checking (Project IceStorm) Using any SMT-LIB2 solver (using QF_AUFBV logic) Xilinx

707 views • 56 slides
Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim Kobeissi PROSECCO: Pro gramming Sec urely with C rypt o graphy. Team at INRIA Paris specializing in applied cryptography and formal verification.

357 views • 14 slides
Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica

Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica

Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Until now Logic Formal specification (generalities) Algebraic specification 2 Formal

627 views • 19 slides
Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Until now Logic Formal specification (generalities) Algebraic specification Transition systems 2

798 views • 62 slides
Collaboration between the SCiP Alliance and the SCISS network KATHERINE LAWRENCE SCIP ALLIANCE

Collaboration between the SCiP Alliance and the SCISS network KATHERINE LAWRENCE SCIP ALLIANCE

@scipalliance Collaboration between the SCiP Alliance and the SCISS network KATHERINE LAWRENCE SCIP ALLIANCE MANAGER 1 What makes service children great potential HE students? 2 The challenge Around 4 in 10 children from military families who

349 views • 9 slides
Formal Verification and Testing for Formal Verification and Testing for Reactive Systems

Formal Verification and Testing for Formal Verification and Testing for Reactive Systems

ARTIST2 - ARTIST2 - MOTIVES MOTIVES Trento - - Italy, February 19 Italy, February 19- -23, 2007 23, 2007 Trento Session: Testing and Runtime Verification Formal Verification and Testing for Formal Verification and Testing for Reactive

881 views • 31 slides
Machine Learning in Formal Verification Manish Pandey, PhD Chief Architect, New Technologies

Machine Learning in Formal Verification Manish Pandey, PhD Chief Architect, New Technologies

Machine Learning in Formal Verification Manish Pandey, PhD Chief Architect, New Technologies Synopsys, Inc. June 18, 2017 1 Build Better Formal Verification Tools? CAR BICYCLE DOG S oftware that learns from experience and enables

767 views • 40 slides
Formal Verification with SymbiYosys and Yosys-SMTBMC Clifford Wolf Availability of various EDA

Formal Verification with SymbiYosys and Yosys-SMTBMC Clifford Wolf Availability of various EDA

Formal Verification with SymbiYosys and Yosys-SMTBMC Clifford Wolf Availability of various EDA tools for students, hobbyists, enthusiasts FPGA Synthesis Formal Verification Free to use: Free to use: Xilinx Vivado WebPack,

820 views • 49 slides
Formal Verification via MCMAS & PRISM Hongyang Qu University of Sheffield 1 December 2015

Formal Verification via MCMAS & PRISM Hongyang Qu University of Sheffield 1 December 2015

Formal Verification via MCMAS & PRISM Hongyang Qu University of Sheffield 1 December 2015 Outline Motivation for Formal Verification Overview of MCMAS Overview of PRISM Formal verification It is a systematic way to check

461 views • 34 slides
Formal Specification and Verification 8.11.2016 Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification 8.11.2016 Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification 8.11.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Mathematical foundations Formal logic: Syntax: a formal language (formula expressing facts) Semantics: to define the meaning

740 views • 54 slides
Formal Verification of Masked Implementations Sonia Bela d Benjamin Gr egoire CHES 2018

Formal Verification of Masked Implementations Sonia Bela d Benjamin Gr egoire CHES 2018

Formal Verification of Masked Implementations Sonia Bela d Benjamin Gr egoire CHES 2018 - Tutorial September 9th 2018 1 / 47 1 Side-Channel Attacks and Masking 2 Formal Tools for Verification at Fixed Order 3 Formal Tools

1.24k views • 97 slides
Formal Specification and Verification 23.04.2013 Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification 23.04.2013 Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification 23.04.2013 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Mathematical foundations Formal logic: Syntax: a formal language (formula expressing facts) Semantics: to define the

811 views • 68 slides
Theorem Proving for Verification John Harrison Intel Corporation CAV 2008 Princeton 9th July

Theorem Proving for Verification John Harrison Intel Corporation CAV 2008 Princeton 9th July

Theorem Proving for Verification John Harrison Intel Corporation CAV 2008 Princeton 9th July 2008 0 Formal verification Formal verification: mathematically prove the correctness of a design with respect to a mathematical formal specification

570 views • 53 slides
Formal Formal Specif Specification ication and Verific and Verification ation of Solid of

Formal Formal Specif Specification ication and Verific and Verification ation of Solid of

Presented at FMBC 2020 Formal Formal Specif Specification ication and Verific and Verification ation of Solid of Solidity ity Contracts Contracts with E with Events vents kos Hajdu 1 , Dejan Jovanovi 2 , Gabriela Ciocarlie 2 1

298 views • 14 slides
Primal heuristic for MINLPs in SCIP Ambros Gleixner, and Felipe Serrano Zuse Institute Berlin

Primal heuristic for MINLPs in SCIP Ambros Gleixner, and Felipe Serrano Zuse Institute Berlin

Primal heuristic for MINLPs in SCIP Ambros Gleixner, and Felipe Serrano Zuse Institute Berlin serrano@zib.de SCIP Optimization Suite http://scip.zib.de Workshop on Discrepancy Theory and Integer Programming Amsterdam June 12, 2018

754 views • 53 slides
Formal verification of IA-64 division algorithms John Harrison Intel Corporation IA-64

Formal verification of IA-64 division algorithms John Harrison Intel Corporation IA-64

Formal verification of IA-64 division algorithms 1 Formal verification of IA-64 division algorithms John Harrison Intel Corporation IA-64 overview Quick introduction to HOL Light Floating point numbers and IA-64 formats HOL

451 views • 19 slides

More recommend