Strong Formal Verification for RISC-V From Instruction-Set Manual to RTL
|
|
|
- Leo Park
- 5 years ago
- Views:
Transcription
1 Strong Formal Verification for RISC-V From Instruction-Set Manual to RTL Adam Chlipala MIT CSAIL RISC-V Workshop November 2017 Joint work with: Arvind, Thomas Bourgeat, Joonwon Choi, Ian Clester, Samuel Duchovni, Jamey Hicks, Muralidaran Vijayaraghavan, Andrew Wright
2 A Cartoon View of Digital Hardware Design Generator Metaprogramming RTL (e.g., Verilog) CAD tools Physical Layout Quite proprietary magic Silicon 2
3 A Cartoon View of Digital Hardware Design Generator Metaprogramming Formal Formal RTL (e.g., Verilog) Formal Formal Formal CAD tools Formal Formal Physical Layout Formal Formal FormalFormal Silicon Quite proprietary magic Formal Formal 3
4 Simplification #1: Prove a Shallow Property 4
5 Simplification #1: Prove a Shallow Property 5
6 Simplification #1: Prove a Shallow Property Common practice: prove some Invariants If Foo is in this register, then Bar is in that one. Never Baz here and Qux there at same time. 6
7 Simplification #1: Prove a Shallow Property or Boolean equivalence check Common practice: prove some Invariants If Foo is in this register, then Bar is in that one. Never Baz here and Qux there at same time. 7
8 Simplification #1: Prove a Shallow Property The Kami way: Behavioral refinement of functional spec ISA Reference 8
9 Simplification #2: Analyze Isolated Components Proved 9
10 Simplification #2: Analyze Isolated Components The Kami way: Modularly compose proofs of pieces Proved Proved 10
11 Simplification #2: Analyze Isolated Components The Kami way: Modularly compose proofs of pieces Proved Proved Proved 11
12 Simplification #2: Analyze Isolated Components The Kami way: Modularly compose proofs of pieces Proved Proved ISA Reference Proved 12
13 Simplification #3: Start Over For Each Design Memory L1 Cache CPU 13
14 Simplification #3: Start Over For Each Design Memory Memory L1 Cache CPU Proved L1 Cache CPU L1 Cache CPU 14
15 Simplification #3: Start Over For Each Design Memory Memory Memory L2 Cache L2 Cac L1 Cache L1 Cache L1 Cache L1 Cache L1 Cache L1 Cache L CPU CPU CPU CPU CPU CPU Proved Proved 15
16 Simplification #3: Start Over For Each Design Memory Memory Memory L2 Cache L2 Cac L1 Cache L1 Cache L1 Cache L1 Cache L1 Cache L1 Cache L CPU Proved CPU CPU Proved CPU CPU CPU Proved 16
17 Simplification #3: Start Over For Each Design Memory Memory Memory L2 Cache L2 Cac L1 Cache L1 Cache L1 Cache L1 Cache L1 Cache L1 Cache L CPU Proved CPU CPU Proved CPU CPU CPU Proved The Kami way: Prove once for all parameters trees. ISA Reference 17
18 A framework to support implementing, specifying, formally verifying, and compiling hardware designs based on the Bluespec high-level hardware design language and the Coq proof assistant 18
19 The Big Ideas (from Bluespec) M Program modules are objects 19
20 The Big Ideas (from Bluespec) M Program modules are objects with mutable private state, 20
21 The Big Ideas (from Bluespec) M f(x) g(y) Program modules are objects with mutable private state, accessed via methods. 21
22 The Big Ideas (from Bluespec) N M O h(u) k(v) f(x) g(y) Program modules are objects with mutable private state, accessed via methods. 22
23 The Big Ideas M f(x) g(y) Every method call appears to execute atomically. 23
24 The Big Ideas Recv f(1), Send h(2) M Recv g(7), Send k(13) f(x) g(y) Every method call appears to execute atomically. Any step is summarized by a trace of calls. 24
25 The Big Ideas Recv f(1), Send h(2) Recv g(7), Send k(13) M Refines M' f(x) g(y) f g Every method call appears to execute atomically. Any step is summarized by a trace of calls. Object refinement is inclusion of possible traces. 25
26 The Big Ideas Recv f(1), Send h(2) M Recv g(7), Send k(13) f(x) g(y) 26
27 The Big Ideas N Recv f(1) M Recv g(7), Send k(13) h(u) f(x) g(y) Composing objects hides internal method calls. 27
28 The Big Ideas Recv f(1) Recv g(7), Recv g(7) Send k(13) N M O h(u) k(v) f(x) g(y) Composing objects hides internal method calls. 28
29 Some Example Kami Code (simple FIFO) Definition deq {ty} : ActionT ty dtype := Read isempty <- ^empty; Assert!#isEmpty; Read eltt <- ^elt; Read enqpt <- ^enqp; Read deqpt <- ^deqp; Write ^full <- $$false; LET next_deqp <- (#deqpt + $1) :: Bit sz; Write ^empty <- (#enqpt == #next_deqp); Write ^deqp <- #next_deqp; Ret #eltt@[#deqpt]. 29
30 An Example Kami Proof (pipelined processor) Lemma p4st_refines_p3st: p4st <<== p3st. Proof. kmodular. - kdisj_edms_cms_ex O. - kdisj_ecms_dms_ex O. - apply fetchdecode_refines_fetchndecode; auto. - krefl. Qed. Uses standard Coq ASCII syntax for mathematical proofs. These proofs are checked automatically, just like type checking. We inherit streamlined IDE support for Coq. 30
31 We Are Building: Coq tactics to prove refinements Design Refines Spec 31
32 We Are Building: Coq tactics to prove refinements Design Refines Spec Compiler Refines RTL Verify semantics preservation of compiler 32
33 Some Useful Refinement Tactics Monolithic Spec Sequential Consistency 33
34 Some Useful Refinement Tactics Monolithic Spec Sequential Consistency 1 Decompose Decoupled Spec Processor Memory 34
35 Some Useful Refinement Tactics Monolithic Spec Sequential Consistency Getting Real Fancy Processor Memory 1 Decompose 2 Replace Module Decoupled Spec Processor Memory 35
36 .... Some Useful Refinement Tactics Monolithic Spec Sequential Consistency Getting Real Fancy Processor Memory 1 Decompose 2 Replace Module Decoupled Spec Processor Memory Processor 36
37 .... Some Useful Refinement Tactics Monolithic Spec Sequential Consistency Getting Real Fancy Processor Memory 1 Decompose 2 Replace Module Decoupled Spec Processor Memory Processor 3 Induction /Simulation Processor' 37
38 .... Some Useful Refinement Tactics Monolithic Spec Sequential Consistency 1 Decompose Decoupled Spec Processor Memory Getting Real Fancy Processor Memory 2 Replace Module Processor 3 Induction /Simulation Processor'' Ideal Queue Processor' 4 Decompose 38
39 .... Some Useful Refinement Tactics Monolithic Spec Sequential Getting Real Fancy Processor = Processor'' Ring Buffer Consistency Memory Processor'' 5 Replace Decompose Decoupled Spec Processor Memory 2 Replace Module Processor 3 Induction /Simulation Ideal Queue Processor' 4 Decompose 39
40 Key Ingredient Formal Semantics for RISC-V ISA(s) Nikhil just explained the semantics style. We are building a translator for the semantics into the language of Coq/Kami. 40
41 An Open Library of Formally Verified Components Microcontroller-class RV32I (multicore; U) Desktop-class RV64IMA (multicore; U,S,M) Cache-coherent memory system Reuse our proofs when composing our components with your own formally verified accelerators! 41
42 The Promise of this Approach ISA Formal Semantics 42
43 The Promise of this Approach ISA Formal Semantics Processor Proved RTL Formal Semantics 43
44 The Promise of this Approach Application Specification Application Machine Code ISA Formal Semantics Processor Proved RTL Formal Semantics 44
45 The Promise of this Approach Application Specification Application Machine Code ISA Formal Semantics Proved Processor Proved RTL Formal Semantics 45
46 The Trusted Computing Base Where can defects go uncaught? 46
47 The Trusted Computing Base Where can defects go uncaught? Coq proof checker (small & general-purpose) RTL formal semantics Application specification 47
48 The Trusted Computing Base Where can defects go uncaught? Coq proof checker (small & general-purpose) RTL formal semantics Application specification ISA formal semantics Hardware design (Bluespec, RTL, ) Software implementation (C, ) 48
49 Shameless plug! Part of a larger project: The Science of Deep Specification A National Science Foundation Expedition in Computing Join our mailing list for updates on our 2018 summer school: hands-on training with these tools! 49
Kami: A Framework for (RISC-V) HW Verification
Kami: A Framework for (RISC-V) HW Verification Murali Vijayaraghavan Joonwon Choi, Adam Chlipala, (Ben Sherman), Andy Wright, Sizhuo Zhang, Thomas Bourgeat, Arvind 1 The Riscy Expedition by MIT Riscy Library
Formal Specification of RISC-V Systems Instructions
Formal Specification of RISC-V Systems Instructions Arvind Andy Wright, Sizhuo Zhang, Thomas Bourgeat, Murali Vijayaraghavan Computer Science and Artificial Intelligence Lab. MIT RISC-V Workshop, MIT,
The End of History? Using a Proof Assistant to Replace Language Design with Library Design
The End of History? Using a Proof Assistant to Replace Language Design with Library Design Adam Chlipala MIT CSAIL SNAPL April 2017 Joint work with: Benjamin Delaware, Samuel Duchovni, Jason Gross, Clément
Muralidaran Vijayaraghavan
Muralidaran Vijayaraghavan Contact Information 32 Vassar Street 32-G822, Cambridge MA 02139 Mobile: +1 408 839 3356 Homepage: http://people.csail.mit.edu/vmurali Email: vmurali@csail.mit.edu Education
A Memory Model for RISC-V
A Memory Model for RISC-V Arvind (joint work with Sizhuo Zhang and Muralidaran Vijayaraghavan) Computer Science & Artificial Intelligence Lab. Massachusetts Institute of Technology Barcelona Supercomputer
Modular Full-System Verification of Hardware
Modular Full-System Verification of Hardware Muralidaran Vijayaraghavan and Joonwon Choi 1 Introduction Verification of systems can mean different things depending on the properties being verified. On
The Bedrock Structured Programming System
The Bedrock Structured Programming System Combining Generative Metaprogramming and Hoare Logic in an Extensible Program Verifier Adam Chlipala MIT CSAIL ICFP 2013 September 27, 2013 In the beginning, there
Adam Chlipala University of California, Berkeley ICFP 2006
Modular Development of Certified Program Verifiers with a Proof Assistant Adam Chlipala University of California, Berkeley ICFP 2006 1 Who Watches the Watcher? Program Verifier Might want to ensure: Memory
An Extensible Programming Language for Verified Systems Software. Adam Chlipala MIT CSAIL WG 2.16 meeting, 2012
An Extensible Programming Language for Verified Systems Software Adam Chlipala MIT CSAIL WG 2.16 meeting, 2012 The status quo in computer system design DOM JS API Web page Network JS API CPU Timer interrupts
Mechanized Operational Semantics
Mechanized Operational Semantics J Strother Moore Department of Computer Sciences University of Texas at Austin Marktoberdorf Summer School 2008 (Lecture 3: Direct Proofs) 1 Fact 1 Given an operational
A Small Interpreted Language
A Small Interpreted Language What would you need to build a small computing language based on mathematical principles? The language should be simple, Turing equivalent (i.e.: it can compute anything that
An experiment with variable binding, denotational semantics, and logical relations in Coq. Adam Chlipala University of California, Berkeley
A Certified TypePreserving Compiler from Lambda Calculus to Assembly Language An experiment with variable binding, denotational semantics, and logical relations in Coq Adam Chlipala University of California,
RISC-V Updates Krste Asanović krste@berkeley.edu http://www.riscv.org 3 rd RISC-V Workshop Oracle, Redwood Shores, CA January 5, 2016 Agenda UC Berkeley updates RISC-V transition out of Berkeley Outstanding
Automated Refinement Checking of Asynchronous Processes. Rajeev Alur. University of Pennsylvania
Automated Refinement Checking of Asynchronous Processes Rajeev Alur University of Pennsylvania www.cis.upenn.edu/~alur/ Intel Formal Verification Seminar, July 2001 Problem Refinement Checking Given two
Bluespec-4: Rule Scheduling and Synthesis. Synthesis: From State & Rules into Synchronous FSMs
Bluespec-4: Rule Scheduling and Synthesis Arvind Computer Science & Artificial Intelligence Lab Massachusetts Institute of Technology Based on material prepared by Bluespec Inc, January 2005 March 2, 2005
Constructing a Weak Memory Model
Constructing a Weak Memory Model Sizhuo Zhang 1, Muralidaran Vijayaraghavan 1, Andrew Wright 1, Mehdi Alipour 2, Arvind 1 1 MIT CSAIL 2 Uppsala University ISCA 2018, Los Angeles, CA 06/04/2018 1 The Specter
Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?
Part II. Hoare Logic and Program Verification Part II. Hoare Logic and Program Verification Dilian Gurov Props: Models: Specs: Method: Tool: safety of data manipulation source code logic assertions Hoare
Sequential Circuits as Modules with Interfaces. Arvind Computer Science & Artificial Intelligence Lab M.I.T.
Sequential Circuits as Modules with Interfaces Arvind Computer Science & Artificial Intelligence Lab M.I.T. L07-1 Shortcomings of the current hardware design practice Complex hardware is viewed as a bunch
Runtime Checking for Program Verification Systems
Runtime Checking for Program Verification Systems Karen Zee, Viktor Kuncak, and Martin Rinard MIT CSAIL Tuesday, March 13, 2007 Workshop on Runtime Verification 1 Background Jahob program verification
RTLCheck: Verifying the Memory Consistency of RTL Designs
RTLCheck: Verifying the Memory Consistency of RTL Designs Yatin A. Manerkar, Daniel Lustig*, Margaret Martonosi, and Michael Pellauer* Princeton University *NVIDIA MICRO-50 http://check.cs.princeton.edu/
Phantom Monitors: A Simple Foundation for Modular Proofs of Fine-Grained Concurrent Programs
Phantom Monitors: A Simple Foundation for Modular Proofs of Fine-Grained Concurrent Programs Christian J. Bell, Mohsen Lesani, Adam Chlipala, Stephan Boyer, Gregory Malecha, Peng Wang MIT CSAIL Goal: verification
Formal verification of program obfuscations
Formal verification of program obfuscations Sandrine Blazy joint work with Roberto Giacobazzi and Alix Trieu IFIP WG 2.11, 2015-11-10 1 Background: verifying a compiler Compiler + proof that the compiler
Top-Down Transaction-Level Design with TL-Verilog
Top-Down Transaction-Level Design with TL-Verilog Steven Hoover Redwood EDA Shrewsbury, MA, USA steve.hoover@redwoodeda.com Ahmed Salman Alexandria, Egypt e.ahmedsalman@gmail.com Abstract Transaction-Level
Formally Certified Satisfiability Solving
SAT/SMT Proof Checking Verifying SAT Solver Code Future Work Computer Science, The University of Iowa, USA April 23, 2012 Seoul National University SAT/SMT Proof Checking Verifying SAT Solver Code Future
Handout 9: Imperative Programs and State
06-02552 Princ. of Progr. Languages (and Extended ) The University of Birmingham Spring Semester 2016-17 School of Computer Science c Uday Reddy2016-17 Handout 9: Imperative Programs and State Imperative
Compiler Verification meets Cross-Language Linking via Data Abstraction
Compiler Verification meets Cross-Language Linking via Data Abstraction Peng Wang, Santiago Cuellar, Adam Chlipala, MIT CSAIL Princeton University MIT CSAIL Verified Compiler Program Verification Techniques
Verified compilers. Guest lecture for Compiler Construction, Spring Magnus Myréen. Chalmers University of Technology
Guest lecture for Compiler Construction, Spring 2015 Verified compilers Magnus Myréen Chalmers University of Technology Mentions joint work with Ramana Kumar, Michael Norrish, Scott Owens and many more
DEPARTMENT OF COMPUTER SCIENCE
Department of Computer Science 1 DEPARTMENT OF COMPUTER SCIENCE Office in Computer Science Building, Room 279 (970) 491-5792 cs.colostate.edu (http://www.cs.colostate.edu) Professor L. Darrell Whitley,
Ade Miller Senior Development Manager Microsoft patterns & practices
Ade Miller (adem@microsoft.com) Senior Development Manager Microsoft patterns & practices Save time and reduce risk on your software development projects by incorporating patterns & practices, Microsoft's
Industrial-Strength High-Performance RISC-V Processors for Energy-Efficient Computing
Industrial-Strength High-Performance RISC-V Processors for Energy-Efficient Computing Dave Ditzel dave@esperanto.ai President and CEO Esperanto Technologies, Inc. 7 th RISC-V Workshop November 28, 2017
Mechanized Proofs That Hardware Is Safe From Timing Attacks
Mechanized Proofs That Hardware Is Safe From Timing Attacks Faye Duxovni (dukhovni@mit.edu) Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements
Formal for Everyone Challenges in Achievable Multicore Design and Verification. FMCAD 25 Oct 2012 Daryl Stewart
Formal for Everyone Challenges in Achievable Multicore Design and Verification FMCAD 25 Oct 2012 Daryl Stewart 1 ARM is an IP company ARM licenses technology to a network of more than 1000 partner companies
Reflections on Industrial Use of Frama-C
Reflections on Industrial Use of Frama-C Joseph R. Kiniry and Daniel M. Zimmerman Sound Static Analysis for Security Workshop NIST Gaithersburg, Maryland 28 June 2018 About Galois established in 1999 to
Lab 4: N-Element FIFOs 6.175: Constructive Computer Architecture Fall 2014
Lab 4: N-Element FIFOs Due: Wednesday October 8, 2014 1 Introduction This lab focuses on the design of various N-element FIFOs including a conflict-free FIFO. Conflict-free FIFOs are an essential tool
Patterns of Parallel Programming with.net 4. Ade Miller Microsoft patterns & practices
Patterns of Parallel Programming with.net 4 Ade Miller (adem@microsoft.com) Microsoft patterns & practices Introduction Why you should care? Where to start? Patterns walkthrough Conclusions (and a quiz)
From Crypto to Code. Greg Morrisett
From Crypto to Code Greg Morrisett Languages over a career Pascal/Ada/C/SML/Ocaml/Haskell ACL2/Coq/Agda Latex Powerpoint Someone else s Powerpoint 2 Cryptographic techniques Already ubiquitous: e.g., SSL/TLS
Phantom Monitors: A Simple Foundation for Modular Proofs of Fine-Grained Concurrent Programs
Phantom Monitors: A Simple Foundation for Modular Proofs of Fine-Grained Concurrent Programs Christian J Bell, Mohsen Lesani, Adam Chlipala, Stephan Boyer, Gregory Malecha, Peng Wang MIT CSAIL cj@csailmitedu
Programming and Proving with Distributed Protocols Disel: Distributed Separation Logic.
Programming and Proving with Distributed Protocols Disel: Distributed Separation Logic ` {P } c {Q} http://distributedcomponents.net Ilya Sergey James R. Wilcox Zach Tatlock Distributed Systems Distributed
Elastic Pipelines and Basics of Multi-rule Systems. Elastic pipeline Use FIFOs instead of pipeline registers
Elastic Pipelines and Basics of Multi-rule Systems Arvind Computer Science & Artificial Intelligence Lab Massachusetts Institute of Technology L05-1 Elastic pipeline Use FIFOs instead of pipeline registers
Dataflow: The Road Less Complex
Dataflow: The Road Less Complex Steven Swanson Ken Michelson Andrew Schwerin Mark Oskin University of Washington Sponsored by NSF and Intel Things to keep you up at night (~2016) Opportunities 8 billion
EECS578 Computer-Aided Design Verification of Digital Systems
The University of Michigan - Department of EECS EECS578 Computer-Aided Design Verification of Digital Systems Midterm exam April 2, 2014 Name: This exam is CLOSED BOOKS, CLOSED NOTES. You can only have
From Event-B Models to Dafny Code Contracts
From Event-B Models to Dafny Code Contracts Mohammadsadegh Dalvandi, Michael Butler, Abdolbaghi Rezazadeh Electronic and Computer Science School, University of Southampton Southampton, United Kingdom {md5g11,mjb,ra3}@ecs.soton.ac.uk
ICS 252 Introduction to Computer Design
ICS 252 Introduction to Computer Design Lecture 3 Fall 2006 Eli Bozorgzadeh Computer Science Department-UCI System Model According to Abstraction level Architectural, logic and geometrical View Behavioral,
SystemC Synthesis Standard: Which Topics for Next Round? Frederic Doucet Qualcomm Atheros, Inc
SystemC Synthesis Standard: Which Topics for Next Round? Frederic Doucet Qualcomm Atheros, Inc 2/29/2016 Frederic Doucet, Qualcomm Atheros, Inc 2 What to Standardize Next Benefit of current standard: Provides
How much is a mechanized proof worth, certification-wise?
How much is a mechanized proof worth, certification-wise? Xavier Leroy Inria Paris-Rocquencourt PiP 2014: Principles in Practice In this talk... Some feedback from the aircraft industry concerning the
Transactum Business Process Manager with High-Performance Elastic Scaling. November 2011 Ivan Klianev
Transactum Business Process Manager with High-Performance Elastic Scaling November 2011 Ivan Klianev Transactum BPM serves three primary objectives: To make it possible for developers unfamiliar with distributed
High-Level Information Interface
High-Level Information Interface Deliverable Report: SRC task 1875.001 - Jan 31, 2011 Task Title: Exploiting Synergy of Synthesis and Verification Task Leaders: Robert K. Brayton and Alan Mishchenko Univ.
End-to-end formal ISA verification of RISC-V processors with riscv-formal. Clifford Wolf
End-to-end formal ISA verification of RISC-V processors with riscv-formal Clifford Wolf About RISC-V RISC-V is an Open Instruction Set Architecture (ISA) Can be freely used for any purpose Many implementations
Verdi: A Framework for Implementing and Formally Verifying Distributed Systems
Verdi: A Framework for Implementing and Formally Verifying Distributed Systems Key-value store VST James R. Wilcox, Doug Woos, Pavel Panchekha, Zach Tatlock, Xi Wang, Michael D. Ernst, Thomas Anderson
Technical Committee Update
Technical Committee Update Yunsup Lee and Silviu Chiricescu yunsup@sifive.com silviu.chiricescu@baesystems.com RISC-V Foundation 1 Technical Committee Goals Maintain a roadmap of the RISC-V ISA Coordinate
Verification in Coq. Prof. Clarkson Fall Today s music: Check Yo Self by Ice Cube
Verification in Coq Prof. Clarkson Fall 2017 Today s music: Check Yo Self by Ice Cube Review Previously in 3110: Functional programming in Coq Logic in Coq Curry-Howard correspondence (proofs are programs)
Semantics. There is no single widely acceptable notation or formalism for describing semantics Operational Semantics
There is no single widely acceptable notation or formalism for describing semantics Operational Describe the meaning of a program by executing its statements on a machine, either simulated or actual. The
Coq, a formal proof development environment combining logic and programming. Hugo Herbelin
Coq, a formal proof development environment combining logic and programming Hugo Herbelin 1 Coq in a nutshell (http://coq.inria.fr) A logical formalism that embeds an executable typed programming language:
Bluespec SystemVerilog TM Training. Lecture 05: Rules. Copyright Bluespec, Inc., Lecture 05: Rules
Bluespec SystemVerilog Training Copyright Bluespec, Inc., 2005-2008 Rules: conditions, actions Rule Untimed Semantics Non-determinism Functional correctness: atomicity, invariants Examples Performance
L2: Design Representations
CS250 VLSI Systems Design L2: Design Representations John Wawrzynek, Krste Asanovic, with John Lazzaro and Yunsup Lee (TA) Engineering Challenge Application Gap usually too large to bridge in one step,
Practical Formal Verification of Domain-Specific Language Applications
Practical Formal Verification of Domain-Specific Language Applications Greg Eakman 1, Howard Reubenstein 1, Tom Hawkins 1, Mitesh Jain 2, and Panagiotis Manolios 2 1 BAE Systems, Burlington MA 01803, USA
Meta programming on the proof level
Acta Univ. Sapientiae, Informatica, 1, 1 (2009) 15 34 Meta programming on the proof level Gergely Dévai Eötvös Loránd University, Faculty of Informatics, Department of Programming Languages and Compilers
Quiz 2 Study Guide. Inheritance What is inheritance, and what is its role in the object hierarchy?
Quiz 2 Study Guide Below is description of work done since the last quiz, including sample problems you can work on. The quiz will have 3 or 4 questions which will fit into the following three categories:
A Simple Supercompiler Formally Verified in Coq
A Simple Supercompiler Formally Verified in Coq IGE+XAO Balkan 4 July 2010 / META 2010 Outline 1 Introduction 2 3 Test Generation, Extensional Equivalence More Realistic Language Use Information Propagation
The design of a programming language for provably correct programs: success and failure
The design of a programming language for provably correct programs: success and failure Don Sannella Laboratory for Foundations of Computer Science School of Informatics, University of Edinburgh http://homepages.inf.ed.ac.uk/dts
Xtensa. Andrew Mihal 290A Fall 2002
Xtensa Andrew Mihal 290A Fall 2002 1 Outline Introduction Single processor Xtensa system architecture Exporting a programming model for single processor Multiple processor system architecture Exporting
Static and User-Extensible Proof Checking. Antonis Stampoulis Zhong Shao Yale University POPL 2012
Static and User-Extensible Proof Checking Antonis Stampoulis Zhong Shao Yale University POPL 2012 Proof assistants are becoming popular in our community CompCert [Leroy et al.] sel4 [Klein et al.] Four-color
ENHANCED TOOLS FOR RISC-V PROCESSOR DEVELOPMENT
ENHANCED TOOLS FOR RISC-V PROCESSOR DEVELOPMENT THE FREE AND OPEN RISC INSTRUCTION SET ARCHITECTURE Codasip is the leading provider of RISC-V processor IP Codasip Bk: A portfolio of RISC-V processors Uniquely
Theorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214
Theorem proving PVS theorem prover Abhik Roychoudhury National University of Singapore Both specification and implementation can be formalized in a suitable logic. Proof rules for proving statements in
Choosing an Intellectual Property Core
Choosing an Intellectual Property Core MIPS Technologies, Inc. June 2002 One of the most important product development decisions facing SOC designers today is choosing an intellectual property (IP) core.
ECE 587 Hardware/Software Co-Design Lecture 12 Verification II, System Modeling
ECE 587 Hardware/Software Co-Design Spring 2018 1/20 ECE 587 Hardware/Software Co-Design Lecture 12 Verification II, System Modeling Professor Jia Wang Department of Electrical and Computer Engineering
A CRASH COURSE IN SEMANTICS
LAST TIME Recdef More induction NICTA Advanced Course Well founded orders Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 Well founded recursion Calculations: also/finally {P}... {Q}
An introduction to weak memory consistency and the out-of-thin-air problem
An introduction to weak memory consistency and the out-of-thin-air problem Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) CONCUR, 7 September 2017 Sequential consistency 2 Sequential
Diplomatic Design Patterns
Diplomatic Design Patterns Henry Cook Wesley Terpstra Yunsup Lee A TileLink Case Study 10/14/2017 Agenda Rocket-Chip Ecosystem Diplomacy TileLink Design Patterns DRYing out Parameterization Generation
Lamport Clocks: Verifying A Directory Cache-Coherence Protocol. Computer Sciences Department
Lamport Clocks: Verifying A Directory Cache-Coherence Protocol * Manoj Plakal, Daniel J. Sorin, Anne E. Condon, Mark D. Hill Computer Sciences Department University of Wisconsin-Madison {plakal,sorin,condon,markhill}@cs.wisc.edu
Productive Design of Extensible Cache Coherence Protocols!
P A R A L L E L C O M P U T I N G L A B O R A T O R Y Productive Design of Extensible Cache Coherence Protocols!! Henry Cook, Jonathan Bachrach,! Krste Asanovic! Par Lab Summer Retreat, Santa Cruz June
How Can You Trust Formally Verified Software?
How Can You Trust Formally Verified Software? Alastair Reid Arm Research @alastair_d_reid Formal verification Of libraries and apps Of compilers Of operating systems 2 Fonseca et al., An Empirical Study
Verifying concurrent software using movers in Cspec
Verifying concurrent software using movers in Cspec Tej Chajed and Frans Kaashoek, MIT CSAIL; Butler Lampson, Microsoft; Nickolai Zeldovich, MIT CSAIL https://www.usenix.org/conference/osdi18/presentation/chajed
Blockchains: new home for proven-correct software. Paris, Yoichi Hirai formal verification engineer, the Ethereum Foundation
Blockchains: new home for proven-correct software Paris, 2017-2-17 Yoichi Hirai formal verification engineer, the Ethereum Foundation Lyon: 2014 January Have you heard of a web site where you can get Bitcoin
CIS 500: Software Foundations
CIS 500: Software Foundations Midterm I October 3, 2017 Name (printed): Username (PennKey login id): My signature below certifies that I have complied with the University of Pennsylvania s Code of Academic
Bluespec s RISC-V Factory
Bluespec s RISC-V Factory (components and development/verification environment) Rishiyur S. Nikhil with Charlie Hauck, Darius Rad, Julie Schwartz, Niraj Sharma, Joe Stoy 3 rd RISC-V Workshop January 6,
Equations: a tool for dependent pattern-matching
Equations: a tool for dependent pattern-matching Cyprien Mangin cyprien.mangin@m4x.org Matthieu Sozeau matthieu.sozeau@inria.fr Inria Paris & IRIF, Université Paris-Diderot May 15, 2017 1 Outline 1 Setting
Outline. Proof Carrying Code. Hardware Trojan Threat. Why Compromise HDL Code?
Outline Proof Carrying Code Mohammad Tehranipoor ECE6095: Hardware Security & Trust University of Connecticut ECE Department Hardware IP Verification Hardware PCC Background Software PCC Description Software
Provably Correct Software
Provably Correct Software Max Schäfer Institute of Information Science/Academia Sinica September 17, 2007 1 / 48 The Need for Provably Correct Software BUT bugs are annoying, embarrassing, and cost gazillions
Designing with VHDL and FPGA
Designing with VHDL and FPGA Instructor: Dr. Ahmad El-Banna lab# 1 1 Agenda Course Instructor Course Contents Course References Overview of Digital Design Intro. to VHDL language and FPGA technology IDE
Compositionality in system design: interfaces everywhere! UC Berkeley
Compositionality in system design: interfaces everywhere! Stavros Tripakis UC Berkeley DREAMS Seminar, Mar 2013 Computers as parts of cyber physical systems cyber-physical ~98% of the world s processors
Programming Languages
CSE 230: Winter 2008 Principles of Programming Languages Ocaml/HW #3 Q-A Session Push deadline = Mar 10 Session Mon 3pm? Lecture 15: Type Systems Ranjit Jhala UC San Diego Why Typed Languages? Development
Proving Properties on Programs From the Coq Tutorial at ITP 2015
Proving Properties on Programs From the Coq Tutorial at ITP 2015 Reynald Affeldt August 29, 2015 Hoare logic is a proof system to verify imperative programs. It consists of a language of Hoare triples
CS 456 (Fall 2018) Scribe Notes: 2
CS 456 (Fall 2018) Scribe Notes: 2 Albert Yu, Adam Johnston Lists Bags Maps Inductive data type that has an infinite collection of elements Not through enumeration but inductive type definition allowing
K and Matching Logic
K and Matching Logic Grigore Rosu University of Illinois at Urbana-Champaign Joint work with the FSL group at UIUC (USA) and the FMSE group at UAIC (Romania) Question could it be that, after 40 years of
Efficient, Deterministic, and Deadlock-free Concurrency
Efficient, Deterministic Concurrency p. 1/31 Efficient, Deterministic, and Deadlock-free Concurrency Nalini Vasudevan Columbia University Efficient, Deterministic Concurrency p. 2/31 Data Races int x;
Automatic Generation of Program Specifications
Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science http://pag.lcs.mit.edu/ Joint work with Michael Ernst Jeremy Nimmer, page 1 Synopsis Specifications are useful
Coherence and Consistency
Coherence and Consistency 30 The Meaning of Programs An ISA is a programming language To be useful, programs written in it must have meaning or semantics Any sequence of instructions must have a meaning.
LECTURE 6: INTRODUCTION TO FORMAL METHODS. Software Engineering Mike Wooldridge
LECTURE 6: INTRODUCTION TO FORMAL METHODS Mike Wooldridge 1 What are Formal Methods? Formal methods is that area of computer science that is concerned with the application of mathematical techniques to
CS 250 VLSI Design Lecture 11 Design Verification
CS 250 VLSI Design Lecture 11 Design Verification 2012-9-27 John Wawrzynek Jonathan Bachrach Krste Asanović John Lazzaro TA: Rimas Avizienis www-inst.eecs.berkeley.edu/~cs250/ IBM Power 4 174 Million Transistors
Basic Verification Strategy
ormal Verification Basic Verification Strategy compare behavior to intent System Model of system behavior intent Verifier results Intent Usually, originates with requirements, refined through design and
Symmetric Multiprocessors: Synchronization and Sequential Consistency
Constructive Computer Architecture Symmetric Multiprocessors: Synchronization and Sequential Consistency Arvind Computer Science & Artificial Intelligence Lab. Massachusetts Institute of Technology November
Is Power State Table Golden?
Is Power State Table Golden? Harsha Vardhan #1, Ankush Bagotra #2, Neha Bajaj #3 # Synopsys India Pvt. Ltd Bangalore, India 1 dhv@synopsys.com 2 ankushb@synopsys.com 3 nehab@synopsys.com Abstract: Independent
Towards a Practical, Verified Kernel
Towards a Practical, Verified Kernel Kevin Elphinstone and Gerwin Klein, National ICT Australia and the University of New South Wales Philip Derrin, National ICT Australia Timothy Roscoe, ETH Zürich Gernot
Ten Reasons to Optimize a Processor
By Neil Robinson SoC designs today require application-specific logic that meets exacting design requirements, yet is flexible enough to adjust to evolving industry standards. Optimizing your processor
Type Theory meets Effects. Greg Morrisett
Type Theory meets Effects Greg Morrisett A Famous Phrase: Well typed programs won t go wrong. 1. Describe abstract machine: M ::= 2. Give transition relation: M 1 M 2
VERIFICATION OF RISC-V PROCESSOR USING UVM TESTBENCH
VERIFICATION OF RISC-V PROCESSOR USING UVM TESTBENCH Chevella Anilkumar 1, K Venkateswarlu 2 1.2 ECE Department, JNTU HYDERABAD(INDIA) ABSTRACT RISC-V (pronounced "risk-five") is a new, open, and completely
Memory Systems and Compiler Support for MPSoC Architectures. Mahmut Kandemir and Nikil Dutt. Cap. 9
Memory Systems and Compiler Support for MPSoC Architectures Mahmut Kandemir and Nikil Dutt Cap. 9 Fernando Moraes 28/maio/2013 1 MPSoC - Vantagens MPSoC architecture has several advantages over a conventional
Timing Model of Superscalar O o O processor in HAsim Framework
Timing Model of Superscalar O o O processor in HAsim Framework Submitted by Muralidaran Vijayaraghavan I Introduction to Timing Models: Software simulation of micro architecture designs before actually
INF4820: Algorithms for Artificial Intelligence and Natural Language Processing. Common Lisp Fundamentals
INF4820: Algorithms for Artificial Intelligence and Natural Language Processing Common Lisp Fundamentals Stephan Oepen & Murhaf Fares Language Technology Group (LTG) August 30, 2017 Last Week: What is