System-on-Chip Design Verification: Challenges and State-of-the-art

System-on-Chip Design Verification: Challenges and State-of-the-art Prof. Sofiène Tahar Hardware Verification Group Concordia University Montréal, QC, CANADA MCSOC 12 Aizu-Wakamatsu, Fukushima, Japan September 21, 2012

Outline Motivation Verification Crisis State-of-the-art Technology System-on-Chip Verification SystemC DSP Memory Array Concluding Remarks S. Tahar S. Tahar System Formal Formal Probabilistic Verification Analysis 2

Accident at Carbide plant, India Causes: Corroding non-stainless steel pipes, Improper maintenance Loss: 3,787 deaths, over 500,000 people exposed Cost: $470 million, December 2-3, 1984 E. Broughton. The Bhopal Disaster and its Aftermath: A Review. Environmental Health, 4(6):1-6, May 2005. S. Tahar System-on-Chip Formal Probabilistic Verification Analysis 3

Train Derailment in Germany Main cause of failure: wheel design, a single fatigue crack in one of the wheels Loss: 101 dead, 88 injured Cost: $30 Million, June 3,1998 Investigative Documentary on National Geographic Channel. Derailment at Eschede (High Speed Train Wreck), Seconds From Disaster., 2007. S. Tahar System-on-Chip Formal Probabilistic Verification Analysis 4

Space Shuttles Challenger and Columbia Challenger (January 28, 1986) Columbia (February 1, 2003) Challenger: Cause: Failure of the pressure seal in the aft field joint of the right Solid Rocket Booste Design was unacceptably sensitive to a number of factors Columbia: During re-entry, damaged tiles in the heat shield allowed the hot gases to penetrate and destroy the internal wing structure, rapidly causing the in-flight breakup of the veh Loss: Entire crew in both accidents Rogers Commission report, Report of the Presidential Commission on the Space Shuttle Challenger Accident, Volume 1, chapter 4, page 72. http://history.nasa.gov/rogersrep/v1ch4.htm, 1986. S. Tahar System-on-Chip Formal Probabilistic Verification Analysis 5

and the list goes on and on S. Tahar System-on-Chip Formal Probabilistic Verification Analysis 6

Design Errors 7 Floatingpoint division bug Patriot Missile Failure, a classical case of rounding error Floatingpoint to Integer conversion

Design Challenges 8 S. Tahar System-on-Chip Formal Probabilistic Verification Analysis

What is Verification? 9 S. Tahar System-on-Chip Formal Probabilistic Verification Analysis

Design Verification 10 S. Tahar System-on-Chip Formal Probabilistic Verification Analysis

Implementation Verification 11 S. Tahar System-on-Chip Formal Probabilistic Verification Analysis

Manufacture Verification (Test) 12 S. Tahar System-on-Chip Formal Probabilistic Verification Analysis

Verification Technology 13 S. Tahar System-on-Chip Formal Probabilistic Verification Analysis

Functional Verification - Simulation Most widely used system analysis approach Construct a computer based model of the system Analyze the behavior of the system model under a number of test cases to deduce properties of interest Easy to use May generate inaccurate results Practically impossible to test for all possible cases S. Tahar System-on-Chip Formal Probabilistic Verification Analysis 14

Simulation A Practical Example Question: How long does it take to verify a 64-bit Floating Point Division Unit Answer: There are (2 64 x 2 64 ): 2 128 test cases At 1 test/ s, it will take 10 25 years!!! S. Tahar System-on-Chip Formal Probabilistic Verification Analysis 15

Simulation Another Practical Example Question: How long does it take to verify a 256-bit RAM Memory Unit Answer: There are 2 256 = 10 80 bits to test At 1 test/ps and using all matters in our galaxy to build computers of the size of a single electron, it will take 10 10 years to verify 0.05%!!! S. Tahar System-on-Chip Formal Probabilistic Verification Analysis 16

Verification Gap 17 The situation is worsening as technology evolves S. Tahar System-on-Chip Formal Probabilistic Verification Analysis

Cost of Verification 18 Verification accounts for 60-70% of project cost (human, computing and time) Increasing VLSI technology and design complexity (1.7 billion transistors on chip) Traditional simulation limited to a tiny percentage of test cases Situation is most serious for safety critical applications Many research groups and companies are using formal verification as complement simulation

Functional Verification Formal Methods Construct a computer based mathematical model of the system. Use mathematical reasoning to check functional properties of interest Accurate results Consideration of all cases is implicit Sometimes is difficult and time consuming 19

Simulation Example Check if y>x for the given system (x is a natural number) x ( x 1 ) 2 y Test vectors (x) System output (y) y>x 1 4 True 2 9 True 5 36 True 9 100 True 67 4624 True 1000 1002001 True 1000000?????? 20

Formal Methods Example Check if y>x for the given system (x is a natural number) x ( x 1 ) 2 y 1 y>x Problem statement 2 (x+1) 2 >x Implementation 3 (x+1).(x+1)>x Definition of Square 4 (x+1).x+(x+1).1>x Distributivity 5 x.x+1.x+x.1+1.1>x Distributivity 6 x.x+x+x+1>x Multiplicative Identity 7 x.x+x+1+x>x Additive Commutivity 8 x.x+x+1>0 Addition Cancellation 9 True Natural numbers > 0 21

Formal Methods Applications Formal methods are widely used for the functional verification of many applications Microprocessors Software Conformance Cache Coherence Protocols Telecommunication Protocols Security Protocols Transportation Their utilization for system-on-chip verification has been somewhat limited though 22

System-on-Chip Verification

Multicore System-on-a-Chip MCSoC consists of Multicore-processors Memories I/O devices Sensors Interconnection network ASIC logic

How to Design an SoC? Architectural Gap System Specification: Software (UML, C++, SystemC, Java, Corba, etc.)? System s Architecture Physical Gap Silicon Level!!!

SoC Verification Facts: Functional testing of SoC software: difficult. SoC: complex interactions. Testing each feature or subsystem separately is not enough to ensure correct operation Fully testing SoC: impossible. State-of-the-art: No relevant new techniques. Adapted methodologies: Assertion Based Verification: functional coverage. Model checking: small units. Simulation: guiding test vector generation. Is your SoC free from errors?!

Conventional SoC Design Flow System Specs System Level Verification System Design HW IP Library HW & SW Partitioning SW IP/RTOS Lib Functional Verification SoC HW RTL SoC SW Development SW Verification Netlist Verification Synthesis and Chip plan Functional, Timing, and Physical testing

SystemC Verification Static Code Analyzer SystemC Code SystemC to AsmL Model Checker PSL (in AsmL) Abstract code (in AsmL) Abstract code (in SystemC) Assertions Verifier PSL (C#) PSL Properties PSL Assertions Test Bench Generator C/C++ Test Environment

SystemC Verification 29 Designs in SystemC High level modeling in UML Properties and Assertions in PSL Verification by Model Checking and ABV UseAsmL (Microsoft) as intermediate language Several applications

Verification Methodology UML AsmL SystemC Design Use Case Class Diagram Sequence Diagram SystemC Model (AsmL) PSL Properties Extended Sequence Diagrams Mapping PSL Properties modeled in ASM C++/C# Translation Design SystemC Model Model Checking Compilation PSL Properties modeled in C# Static Code Analysis Assertion Verification

System-on-Chip Verification

DSP Design Flow Ideal Real Specification Theoretical Design Floating-point Algorithm Test Bench Fixed-point Algorithm Behavioral HDL Hardware Architecture System Design Using SPW/HDS IC Design Using External Tools RTL Netlist Place and S. Tahar Route System-on-Chip Formal Probabilistic Verification Analysis

DSP Verification Methodology Shallow REAL DSP Embedding REAL HOL Error Analysis CONVERT CONVERT FP DSP Shallow Embedding FP HOL Valuation Error Analysis FP Real Value Error Analysis FXP DSP Shallow Embedding FXP HOL Valuation FXP Real Value CONVERT ( Logical Implication ) RTL Shallow RTL HOL Embedding Synthesize ( Logical Implication ) Netlist Shallow Embedding Netlist HOL

System-on-Chip Verification

Reliability Analysis of Memory Health care Medical devices Avionics and space technology Avionics, artificial satellites, space shuttle Electrical power systems Power generation, Power factor correction 35

Probabilistic Analysis of Faults Random Components Properties Hardware Software System Model Probabilistic and Statistical Properties Computer Based Analysis Framework Property Satisfied? 36

Application: Memory Arrays Stuck-at Faults Neighborhood Pattern Sensitive Faults Transition Faults Coupling Faults Solution Add Redundancy Make Memory Reconfigurable How much redundancy? Probabilistic Techniques using Computer Simulation Inaccurate Very long run times Proposed Solution Theorem Proving! 37

Reconfigurable Memory Array Number of Columns = n c p c q c r sc = b n Number of Rows = n r i r j r i r j r k e 4 e 1 c p c q c r r k sc = a n F = { e1, e2, e3, e4} 38 38

Repairability Problem RlimPr F (a b)n 1 n Theorem : Repairability Problem of Stuck-at Faults a b w. (0 a) (a 1) (0 b) (b 1) ( n. (0<w(n)) (w(n)<(a+b) ) ) λn. 1 0 (lim ) w(n) (lim (λn. P{ s (fst (num_of_faults n a b w s) ) (a+b)n}) = 1) n Proof Sketch Probability axioms, Bernoulli and Binomial continuous random variables, Tail Distribution bounds, Real analysis and Limit theory 39

Benefit and Cost of Verification? Results exactly match the paper-and-pencil based analysis methods 100% precise Analysis was based on the pre-existing HOL theories of Sets, Lists, Integers, Real Numbers, Measure and Probability ~1200 lines of HOL code ~80 man-hours [Formal Reliability Analysis using Theorem Proving, IEEE Transactions on Computers, Vol. 59, No. 5, May 2010] 40

Is it worth the effort? Paper-and-pencil proofs can be error prone! Many assumptions in the heads of the mathematician or engineer conducting the analysis. Theorem prover will not let you go away until you have proven all subgoals HOL theorem prover 5 axioms 8 primitive inference rules Worth the cost for Safety-Critical applications! 41

Thank You! http://hvg.ece.concordia.ca 43