1 / 32

Verification of Behavioral Consistency in C by Using Symbolic Simulation and Program Slicer

This research paper proposes a verification method for checking the behavioral consistency of two given C-descriptions for hardware. The method utilizes symbolic simulation and program slicing techniques to reduce the verification task and ensure efficient verification. The paper provides case studies and future work directions.

crivas
Télécharger la présentation

Verification of Behavioral Consistency in C by Using Symbolic Simulation and Program Slicer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Verification of Behavioral Consistencyin C by Using Symbolic Simulation and Program Slicer Takeshi Matsumoto Thanyapat Sakunkonchak Hiroshi Saito Masahiro Fujita The University of Tokyo

  2. Outline • Introduction • Basic Notations • Verification Strategy • Case Studies • Conclusion and Future Work

  3. Outline • Introduction • Basic Notations • Verification Strategy • Case Studies • Conclusion and Future Work

  4. Formal verification in VLSI design • As VLSI designs become more complicated, verification tasks become more difficult • Formal verification has many advantages, however, it is very sensitive to the size of descriptions • Recently, C-based design languages are commonly used • SpecC, SystemC, … • Easy to learn • Able to describe HW and SW

  5. C-base design & verification flow Checking behavioral consistency • Our verification method works in this design flow • There are many refinement steps in this flow • At each refinement step, descriptions are very close to each other Specification in C Refined descri- ption for HW part Refined description with concurrency Introduction of concurrency (SpecC or SystemC may be used here) Removal of pointer, recursive calling To RTL : Refinement step

  6. Target of verification • In this work, target of verification is C hardware descriptions • No pointer reference • No recursive function calling • No dynamic memory allocation • In future, our verification method will cover all the design flow by extension Specification in C Refined descri- ption for HW part Refined description with concurrency

  7. Our proposed method • We propose the verification method to check the behavioral consistency of two given C-descriptions • These C-descriptions are restricted for HW • Verification itself is operated in terms of symbolic simulation (formal method) • Main interest is to make verification task reduced and realize the efficient verification • Based on textual differences • Code reduction by program slicing

  8. Next • Introduction • Basic Notations • Verification Strategy • Case Studies • Conclusion and Future Work

  9. Symbolic simulation • In our method, verification itself is carried out in terms of symbolic simulation • Variables are treated as symbols rather than bit vectors • Symbolic simulation can verify designs more efficiently than traditional simulation

  10. Example • Example of checking the behavioral consistency based on symbolic simulation • Equivalent variables are collected into EqvClass a = v1; b = v2; add1 = a + b; Symbolic simulation Description 1 EqvClass add2 = v1 + v2; We are going to check the equivalence between add1 and add2 Description 2

  11. Example • This is an example of equivalence checking based on symbolic simulation • Equivalent variables are collected into EqvClass a = v1; b = v2; add1 = a + b; E1 (a, v1) E2 (b, v2) E3 (add1, a+b) Symbolic simulation Description 1 EqvClass add2 = v1 + v2; Description1 is simulated Description 2

  12. Example • This is an example of equivalence checking based on symbolic simulation • Equivalent variables are collected into EqvClass a = v1; b = v2; add1 = a + b; E1 (a, v1) E2 (b, v2) E3 (add1, a+b) E4 (add2, v1+v2) Symbolic simulation Description 1 EqvClass add2 = v1 + v2; Description2 is simulated Description 2

  13. Example • This is an example of equivalence checking based on symbolic simulation • Equivalent variables are collected into EqvClass a = v1; b = v2; add1 = a + b; E1 (a, v1) E2 (b, v2) E3 (add1, a+b) E4 (add2, v1+v2) Symbolic simulation Description 1 EqvClass add2 = v1 + v2; Due to the equivalences in E1, E2 Description 2

  14. Example • This is an example of equivalence checking based on symbolic simulation • Equivalent variables are collected into EqvClass a = v1; b = v2; add1 = a + b; E1 (a, v1) E2 (b, v2) E3’ (add1, a+b, add2, v1+v2) Symbolic simulation Description 1 EqvClass add2 = v1 + v2; E3 & E4 are merged into E3’ Description 2

  15. Program slicing • In our methods, the codes to be symbolically simulated are extracted by program slicing • This means only extracted codes will be simulated for verification • Program slicing can extract the codes that can affect (be affected by) a variable • Two kinds of slicing: backward slicing and forward slicing

  16. Backward slicing • Backward slicing for a variable vextracts all codes that affect the variable v Backward slicing a = 2; b = 3; c = 5; a = a + 10; b = a * c; /start/ c = c + a; a = a * b; a = 2; b = 3; c = 5; a = a + 10; b = a * c; /start/ c = c + a; a = a * b;

  17. Forward slicing • Forward slicing for a variable v extracts all codes that are affected by the variable v Forward slicing a = 2; b = 3; c = 5; a = a + 10; b = a * c; /start/ c = c + a; a = a * b; a = 2; b = 3; c = 5; a = a + 10; b = a * c; /start/ c = c + a; a = a * b;

  18. Next • Introduction • Basic Notations • Verification Strategy • Case Studies • Conclusion and Future Work

  19. Verification flow (1) Description 1 Description 2 Pre-processes Identification of textual differences & ordering them Output the set of textual differences (d1, d2, d3, …)

  20. Identification of textual differences • First, textual differences are identified by “diff” • Then, they are sorted in the order of execution int v1, v2, out, opcode; v1 = 3; v2 = 5; if(opcode == 1) { out = v1 + v2; } int v1, v2, out, opcode; int reg1, reg2, alu; v1 = 3; v2 = 5; reg1 = v1; reg2 = v2; if(opcode == 1) { alu = reg1 + reg2; out = alu; } d1 d2 d3 Description 1 Description 2

  21. Verification flow (2) Verification terminates successfully (d1, d2, d3, …) Is there any differences left? No Yes Decision of target variables Backward slicing Symbolic simulation Consistency is proved Consistency is not proved Forward slicing An erroneous trace is reported Symbolic simulation Consistency is proved Consistency is not proved

  22. Verification flow (2) Verification terminates successfully (d1, d2, d3, …) Is there any differences left? No Yes Decision of target variables Backward slicing Symbolic simulation Consistency is proved Consistency is not proved Forward slicing An erroneous trace is reported Symbolic simulation Consistency is proved Consistency is not proved

  23. Decision of target variables • A variable v in a difference d is a target variable, • When the variable v is defined in both descriptions, and assigned in the difference d int v1, v2, out, opcode; v1 = 3; v2 = 5; if(opcode == 1) { out = v1 + v2; } int v1, v2, out, opcode; int reg1, reg2, alu; v1 = 3; v2 = 5; reg1 = v1; reg2 = v2; if(opcode == 1) { alu = reg1 + reg2; out = alu; } d1 d2 d3 Description 1 Description 2

  24. Case split Verification terminates successfully (d1, d2, d3, …) Is there any differences left? No Yes Decision of target variables Backward slicing Symbolic simulation Consistency is proved Consistency is not proved Forward slicing An erroneous trace is reported Symbolic simulation Consistency is proved Consistency is not proved

  25. Next • Introduction • Basic Notations • Verification Strategy • Case Studies • Conclusion and Future Work

  26. Case studies • Our tool implementation has not been completed • A part of symbolic simulation is implemented • Program slicing is done by CodeSurfer that is a product of GrammaTech Inc. • We evaluated efficiency of our proposed method by the amount of codes to be verified

  27. Case study 1 • C-model of Huffman decoder • Two functions were in-lined after refinement • 2 differences, 2 target variables • An example of textual differences v = show_bits(); flush_bits(); Original v = inbuf[buf_index]; buf_index++; Refined The declarations of show_bits, flush_bits in the original description are also identified

  28. Case study 1 • C-model of Huffman decoder • Two functions were in-lined after refinement • 2 differences, 2 target variables • Result … behaviors were consistent Simulated codes Total codes Reduction ratio Original 49 lines 21 lines 58% Refined 41 lines 11 lines 73%

  29. Case study 2 • C-model of MAXSAT solver • We inserted differences in the original descri-ption so that both were consistent • 6 differences, 6 target variables • Result … behaviors were consistent Simulated codes Total codes Reduction ratio Original 632 lines 131 lines 79% Refined 630 lines 129 lines 80%

  30. Next • Introduction • Basic Notations • Verification Strategy • Case Studies • Conclusion and Future Work

  31. Conclusion and future work • We proposed a method to verify behavioral consistency of two given C-descriptions efficiently • C-descriptions are restricted for HW • Identification textual differences and program slicing are applied for efficiency • Future work • Fully implementation tool set to realize this proposed method • Extension of proposed method by introduction of concurrency

  32. Thank you very much!!

More Related