verifying centaur s floating point adder
play

Verifying Centaurs Floating Point Adder Sol Swords - PowerPoint PPT Presentation

Feb 28, 2023 •676 likes •898 views

Verifying Centaurs Floating Point Adder Sol Swords sswords@cs.utexas.edu April 23, 2008 Sol Swords () Verifying Centaurs Floating Point Adder April 23, 2008 1 / 21 Problem Given: Verilog RTL for the Centaur CN processors FADD

  1. Verifying Centaur’s Floating Point Adder Sol Swords sswords@cs.utexas.edu April 23, 2008 Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 1 / 21

  2. Problem Given: ◮ Verilog RTL for the Centaur CN processor’s FADD unit, ◮ Opcode and instructions for running a floating-point addition, ◮ An ACL2 specification function for floating point addition, Prove, to the extent possible, that the design implements the spec. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 2 / 21

  3. Overview Dependency Checking And-Inverter Functional EMOD Sim ulation Graphs Delay Modeling Model Verilog E Output BDDify Modules Files BDDs Case-splitting Input =? predicate BDDs ACL2 Spec Spec GIFY G-spec Output Function BDDs Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 3 / 21

  4. Spec side Spec to BDDs Dependency Checking And-Inverter Functional EMOD Sim ulation Graphs Delay Modeling Model Verilog E Output BDDify Modules Files BDDs Case-splitting Input =? predicate BDDs ACL2 Spec Spec GIFY G-spec Output Function BDDs Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 4 / 21

  5. Spec side Gify quick summary ◮ Want the spec represented as BDDs - Boolean functions, one for each output bit, over the bits of the input ◮ (GIFY ’SPEC) defines the (Common Lisp) function G-SPEC which now operates on symbolic objects. ◮ Approximate, hypothetical contract of a G-function: (equal (eval-g (g-foo a b c) vals) (foo (eval-g a vals) (eval-g b vals) (eval-g c vals))) where EVAL-G maps a symbolic object to a concrete object. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 5 / 21

  6. Input BDD Generation Input BDD Generation Dependency Checking And-Inverter Functional EMOD Sim ulation Graphs Delay Modeling Model Verilog E Output BDDify Modules Files BDDs Case-splitting Input =? predicate BDDs ACL2 Spec Spec GIFY G-spec Output Function BDDs Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 6 / 21

  7. Input BDD Generation Case Splitting ◮ BDDs for fully general FP addition are too big. ◮ We have built them for the single-precision case: 2-4 hours computation, 20 million hash-conses. Not happening for double-precision. ◮ Case-splitting lets the BDD order be chosen for each case ◮ Also makes it easier to eliminate irrelevant intermediate computations (more later.) Where do we split? Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 7 / 21

  8. Input BDD Generation Split by Exponent Difference Mantissa 1 Expt Diff Mantissa 2 Why? ◮ Adding the same mantissas at the same exponent difference is the same addition operation ◮ Best BDD order for addition has bits in order of significance ◮ Separates Near Path from Far Path cases ◮ Can consolidate cases where mantissas don’t overlap Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 8 / 21

  9. Input BDD Generation Max NaNs, Infinities Outer Triangle Exponent 2 s l a n o g a i D r e n n I Outer Triangle Denorms, Zeros 0 Exponent 1 Max 0 Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 9 / 21

  10. Input BDD Generation Input generation detail Case-Splitting Predicate GIFY Predicate BDD Case Symbolic Q-PARAM Specifier Predicate Restricted BDD Symbolic Symbolic Ordering Operands Operands Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 10 / 21

  11. Input BDD Generation Case-splitting Predicate Define as an ACL2 function: (ops-ok op1 op2 case) ◮ case specifies which of the cases to accept ◮ Equals t if the operands fit that case, nil otherwise. ◮ Gify this function to get g-ops-ok ◮ Use the Gified function to get a BDD that shows when the symbolic operands satisfy the predicate. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 11 / 21

  12. Input BDD Generation Parameterized Inputs For the inputs to symbolic simulations we want symbolic values that ◮ Always satisfy the predicate ◮ Cover all possible inputs that satisfy the predicate. Implemented by function (Q-PARAM P N) ◮ P - predicate BDD ◮ N - Number of variables to create parameterized values for ◮ (Q-PARAM P N) makes a list of N BDDs which ◮ evaluate to values satisfying P for all variable settings ◮ are general enough so that every set of values satisfying P can be generated. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 12 / 21

  13. Input BDD Generation Q-PARAM theorems: 1 (defthm forall-y-p-of-param-of-y-is-true (implies (and (normp p) ;; P is a BDD p ;; P is satisfiable ;; N is an integer ;; and is >= the number of variables used in P (integerp n) (<= (max-depth p) n)) ;; Every case covered by (Q-PARAM P N) satisfies P. (equal (eval-bdd p (eval-bdd-list (q-param p n) y)) t))) Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 13 / 21

  14. Input BDD Generation Q-PARAM theorems: 2 (defthm exists-y-such-that-x-is-param-of-y (implies (and ;; X is a list of Booleans that satisfies P (boolean-listp x) (equal (eval-bdd p x) t) ;; X is long enough to cover all variables of P (<= (max-depth p) (len x))) ;; There exists Y for which (Q-PARAM P (LEN X)) ;; evaluates to X. (let ((y (eval-bdd-list (q-param-inv p (len x)) x))) (equal (eval-bdd-list (q-param p (len x)) y) x)))) Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 14 / 21

  15. Model Side Model to BDDs Dependency Checking And-Inverter Functional EMOD Sim ulation Graphs Delay Modeling Model Verilog E Output BDDify Modules Files BDDs Case-splitting Input =? predicate BDDs ACL2 Spec Spec GIFY G-spec Output Function BDDs Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 15 / 21

  16. Model Side Model-side summary ◮ We read the model from Centaur’s Verilog RTL (about 20,000 LOC.) ◮ Synthesize the Verilog to gates and translate the gates to E ◮ Results in an ACL2 defconst called |*fadd*| ◮ Run several cycles of (emod ’faig |*fadd*| < inputs > < state > ) to get a pair of And-Inverter Graphs (AIGs) for each output bit. ◮ Using the BDD inputs generated by case-splitting, build the BDD for each AIG using an iterative process. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 16 / 21

  17. Model Side AIG introduction An AIG is a recursive data structure: ◮ Booleans: T and NIL ◮ Variables: non-Boolean atoms ◮ Negation of an AIG x : (CONS X NIL) ◮ Conjunction of AIGs x and y : (CONS X Y) Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 17 / 21

  18. Model Side AIG to BDD, simple algorithm Given an assignment of BDDs to the variables present in an AIG, make an equivalent BDD: (defn aig-to-bdd (x al) (cond ((booleanp x) ;; Boolean x) ((atom x) ;; Variable (cdr (hons-get x al))) ((eq (cdr x) nil) ;; Negation (q-not (aig-to-bdd (car x) al))) (t ;; Conjunction (q-and (aig-to-bdd (car x) al) (aig-to-bdd (cdr x) al))))) ◮ Too inefficient, can’t use. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 18 / 21

  19. Model Side AIG to BDD, practical approach At a conjunction node A ∧ B , suppose A can be cheaply translated into a BDD but B cannot. Observation: We may not need to BDDify B in order to BDDify A ∧ B . ◮ If BDDify( A ) = NIL , then BDDify( A ∧ B ) = NIL . ◮ More generally, if A is never true when B is false, then BDDify( A ∧ B ) = BDDify( A ). ◮ Strategy: Set an upper bound on the size of BDDs to work on. If we can detect the above situation before fully BDDifying B , we win. Otherwise, may need to increase the upper bound and try again. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 19 / 21

  20. Model Side AIG to BDD, practical approach ◮ Use one of two strategies for dealing with too-big BDDs: ◮ More conservative, faster: Use pairs of BDDs to represent upper and lower bounds of the true BDD values. Set the upper bound to T or the lower bound to NIL when too big. ◮ Less conservative, slower: Associate each too-large BDD created with a fresh BDD variable. ◮ In either case, we may sometimes prune the AIG even when we have no exact BDD results. ◮ Have ACL2 proofs that both approaches are sound. ◮ Our approach: Alternate between the two strategies while iteratively increasing the size limit until an exact result is reached. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 20 / 21

  21. Results Results ◮ Works pretty well: ◮ Single-precision: 8 minutes to verify ◮ Double/extended precision: 1 hour each ◮ Future directions: ◮ Fight our way toward an ACL2 theorem. ◮ Prove that we really have a proof. ◮ Need a logical story for Gification. ◮ Adapt the approach to other kinds of hardware. ◮ Need to decompose the problem in other ways than by case-splitting on the inputs. Sol Swords () Verifying Centaur’s Floating Point Adder April 23, 2008 21 / 21

Recommend

CENG 342 Digital Systems Simplified Floating-point Adder Larry Pyeatt SDSM&amp;T Binary

CENG 342 Digital Systems Simplified Floating-point Adder Larry Pyeatt SDSM&amp;T Binary

CENG 342 Digital Systems Simplified Floating-point Adder Larry Pyeatt SDSM&amp;T Binary Floating Point Representation Floating point number consists of three components: sign bit, exponent, and mantissa. Example: 12.75: sign is + , exponent

253 views • 12 slides
Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur

Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur

ECE 0142 Computer Organization Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur floating-point programming. Floating point greatly simplifies working with large (e.g., 2 70 ) and small (e.g., 2 -17 )

638 views • 30 slides
LifeJacket: Verifying Precise Floating-Point Optimizations in LLVM Andres Ntzli , Fraser Brown

LifeJacket: Verifying Precise Floating-Point Optimizations in LLVM Andres Ntzli , Fraser Brown

LifeJacket: Verifying Precise Floating-Point Optimizations in LLVM Andres Ntzli , Fraser Brown Stanford University How about: float y = x; Nope: if x = -0.0 then y = +0.0 Motivating Example Suppose we want to optimize: float y = +0.0 -

463 views • 35 slides
Floating-point numbers Fractional binary numbers IEEE floating-point standard Floating-point

Floating-point numbers Fractional binary numbers IEEE floating-point standard Floating-point

Floating-point numbers Fractional binary numbers IEEE floating-point standard Floating-point operations and rounding Lessons for programmers Many more details we will skip (its a 58-page standard) See CSAPP 2.4 for more detail. 1

381 views • 15 slides
15-213 The course that gives CMU its Zip! Floating Point Sept 6, 2006 Topics Topics

15-213 The course that gives CMU its Zip! Floating Point Sept 6, 2006 Topics Topics

15-213 The course that gives CMU its Zip! Floating Point Sept 6, 2006 Topics Topics IEEE Floating Point Standard Rounding Floating Point Operations Mathematical properties class03.ppt 15-213, F06 Floating Point

1.03k views • 34 slides
Floating point Today ! IEEE Floating Point Standard ! Rounding ! Floating Point Operations !

Floating point Today ! IEEE Floating Point Standard ! Rounding ! Floating Point Operations !

Floating point Today ! IEEE Floating Point Standard ! Rounding ! Floating Point Operations ! Mathematical properties Next time ! The machine model Chris Riesbeck, Fall 2011 Monday, October 3, 2011 Checkpoint Monday, October 3, 2011 IEEE

1.07k views • 28 slides
2/10/2020 Today: Floating Point Background: Fractional binary numbers IEEE floating point

2/10/2020 Today: Floating Point Background: Fractional binary numbers IEEE floating point

2/10/2020 Today: Floating Point Background: Fractional binary numbers IEEE floating point standard: Definition Floating Point Example and properties Rounding, addition, multiplication CSci 2021: Machine Architecture and

411 views • 7 slides
9/20/2018 Today: Floating Point Background: Fractional binary numbers IEEE floating point

9/20/2018 Today: Floating Point Background: Fractional binary numbers IEEE floating point

9/20/2018 Today: Floating Point Background: Fractional binary numbers IEEE floating point standard: Definition Floating Point Example and properties Rounding, addition, multiplication CSci 2021: Machine Architecture and

339 views • 7 slides
CS 356 Unit 3 IEEE 754 Floating Point Representation 3.2 Floating Point Used to represent

CS 356 Unit 3 IEEE 754 Floating Point Representation 3.2 Floating Point Used to represent

3.1 CS 356 Unit 3 IEEE 754 Floating Point Representation 3.2 Floating Point Used to represent very small numbers (fractions) and very large numbers Avogadros Number: +6.0247 * 10 23 Plancks Constant: +6.6254 * 10 -27

789 views • 33 slides
Machine numbers: how floating point numbers are stored? Floating-point number representation

Machine numbers: how floating point numbers are stored? Floating-point number representation

Machine numbers: how floating point numbers are stored? Floating-point number representation What do we need to store when representing floating point numbers in a computer? ! = 1. &amp; 2 ! Initially, different floating-point

379 views • 18 slides
Floating point How arithmetic operations mathematics involving floating point numbers

Floating point How arithmetic operations mathematics involving floating point numbers

Numerical and Scientific Computing with Applications David F . Gleich CS 314, Purdue September 7, 2016 In this class: Floating point How arithmetic operations mathematics involving floating point numbers work. Next class IEEE

812 views • 11 slides
Floating Point Data CSCI 125 &amp; 161 / ENGR 144 Floating point numbers are not exact

Floating Point Data CSCI 125 &amp; 161 / ENGR 144 Floating point numbers are not exact

Floating Point Data CSCI 125 &amp; 161 / ENGR 144 Floating point numbers are not exact Value 0.1 is very close to 1/10, but not Lecture 13 precisely equal to it 0.1 10 = 0.000110011001100110011... 2 Cannot rely on accuracy of

313 views • 3 slides
Unit 3 IEEE 754 Floating Point Representation 3.2 Floating Point Used to represent very

Unit 3 IEEE 754 Floating Point Representation 3.2 Floating Point Used to represent very

3.1 Unit 3 IEEE 754 Floating Point Representation 3.2 Floating Point Used to represent very small numbers (fractions) and very large numbers Avogadros Number: +6.022 10 23 Boltzmanns Constant: +1.38 10 -23 32 or

1.13k views • 38 slides
Formal verification of floating-point algorithms John Harrison Intel Corporation Floating

Formal verification of floating-point algorithms John Harrison Intel Corporation Floating

Formal verification of floating-point algorithms 1 Formal verification of floating-point algorithms John Harrison Intel Corporation Floating point algorithm verification HOL Light Floating point numbers and formats HOL floating

636 views • 28 slides
Debugging Floating-Point Debugging Floating-Point Debugging Floating-Point Math in Racket Math

Debugging Floating-Point Debugging Floating-Point Debugging Floating-Point Math in Racket Math

Debugging Floating-Point Debugging Floating-Point Debugging Floating-Point Math in Racket Math in Racket Math in Racket Neil Toronto RacketCon 2013 Racket Floating-Point Support Racket Floating-Point Support Racket Floating-Point Support

914 views • 88 slides
DLX Floating Point Extend MIPS Pipeline to Floating Point Operations Functional units

DLX Floating Point Extend MIPS Pipeline to Floating Point Operations Functional units

DLX Floating Point Extend MIPS Pipeline to Floating Point Operations Functional units more complex than simple integer ALU Require several clock cycles for a FP arithmetic operation Add: 4 cycles, Multiply: 7 cycles, Divide: 25

377 views • 22 slides
Computing with Floating Point Its not Dark Magic, its Science Florent de Dinechin, Ar

Computing with Floating Point Its not Dark Magic, its Science Florent de Dinechin, Ar

Computing with Floating Point Its not Dark Magic, its Science Florent de Dinechin, Ar enaire Project, ENS-Lyon Florent.de.Dinechin@ens-lyon.fr CERN seminar, January 11, 2004.99999 1 Introduction: Floating point ? 2 Floating-point as

651 views • 63 slides
Floating Point CSE 238/2038/2138: Systems Programming Instructor: Fatma CORUT ERGN Slides

Floating Point CSE 238/2038/2138: Systems Programming Instructor: Fatma CORUT ERGN Slides

Floating Point CSE 238/2038/2138: Systems Programming Instructor: Fatma CORUT ERGN Slides adapted from Bryant &amp; OHallarons slides Today: Floating Point Background: Fractional binary numbers IEEE floating point standard:

803 views • 52 slides
7. Floating-point Numbers II p 1 , the precision (number of places), e min , the smallest

7. Floating-point Numbers II p 1 , the precision (number of places), e min , the smallest

Floating-point Number Systems A Floating-point number system is defined by the four natural numbers: 2 , the base, 7. Floating-point Numbers II p 1 , the precision (number of places), e min , the smallest possible exponent, e max , the

296 views • 14 slides
Sinking Point Dynamic precision tracking for floating-point Bill Zorn Dan Grossman Zach

Sinking Point Dynamic precision tracking for floating-point Bill Zorn Dan Grossman Zach

Sinking Point Dynamic precision tracking for floating-point Bill Zorn Dan Grossman Zach Tatlock billzorn@cs.washington.edu IEEE 754 floating-point Fast, portable, implemented in hardware Every operation is completely specified

481 views • 19 slides
Catastrophic cancellation: the pitfalls of floating point arithmetic (and how to avoid them!)

Catastrophic cancellation: the pitfalls of floating point arithmetic (and how to avoid them!)

Catastrophic cancellation: the pitfalls of floating point arithmetic (and how to avoid them!) Graham Markall Quantitative Developer, OpenGamma Intro/Disclaimers Aims: Get a rough feel of how floating point works Know when to

570 views • 40 slides
for Optimization and Analysis of Floating-Point Computations Heiko Becker, Pavel Panchekha, Eva

for Optimization and Analysis of Floating-Point Computations Heiko Becker, Pavel Panchekha, Eva

Combining Tools for Optimization and Analysis of Floating-Point Computations Heiko Becker, Pavel Panchekha, Eva Darulova, Zachary Tatlock FM 2018, 17.07.2018 Floating-Point Computations Are Ubiquitous 2 Floating-Point Computations are Tricky

341 views • 18 slides
Floating Point Basics Normally write: mantissa * 2 exponent Alternately, sign * mantissa *

Floating Point Basics Normally write: mantissa * 2 exponent Alternately, sign * mantissa *

III. Floating Point Representation Floating Point numbers contain the following components 1) Mantissa 2) Mantissa sign (optional): Some method to allow a signed mantissa such as: a) an explicit sign bit, or b) another bit to allow a signed

314 views • 3 slides
Verifying Bit-Manipulations of Floating-P oint Wonyeol Lee Rahul Sharma Alex Aiken

Verifying Bit-Manipulations of Floating-P oint Wonyeol Lee Rahul Sharma Alex Aiken

Verifying Bit-Manipulations of Floating-P oint Wonyeol Lee Rahul Sharma Alex Aiken Stanford University PLDI 2016 This Talk Example: mathematical specification Goal: Bound the difference between spec and implementation

1.22k views • 111 slides

More recommend