using mathematica for modeling, simulation and property checking of hardware systems ghiath al...

QuickTime™ and aTIFF (Uncompressed) decompressor

are needed to see this picture.

Using Mathematica for modeling, Using Mathematica for modeling, simulation and property checking of simulation and property checking of

hardware systemshardware systems

Ghiath AL SAMMANE

VDS group : Verification & Modeling of Digital systems


are needed to see this picture.


are needed to see this picture.TIMA LaboratoryTIMA Laboratory

TTechniques of echniques of IInformatics and nformatics and MMicroelectronics for computer icroelectronics for computer AArchitecture rchitecture


are needed to see this picture. © Ghiath AL SAMMANE2

Outline

What is TIMA? Digital hardware design process Modeling Hardware in Mathematica VHDL simulation in Mathematica Verification & symbolic simulation Property checking Successful applications Conclusion



Outline




What is TIMA ? (1) Public research lab of the university of Grenoble and CNRS,

located in the European equivalent to Silicon Valley

Carrying out research in the field of– Hardware design, architecture, test.

– Verification & CAD tools.

– Quality of integrated circuits and by means of data processing and microelectronics technology.

Transferring research results to industry

Contributing to knowledge dissemination by organizing conferences and editing journals



What is TIMA ? (2) 120 members including interns and staff

67 PhD candidates

17 patents since 1993 and 3 start ups since 1999

7 conferences organized in 2004 and 6 conferences to be organized in 2005

100 publications/year since 1993 and 57 PhD theses since 1999



Outline




Digital Hardware Design Process

Design Specifications

FunctionalDesign

RTLDesign

• In English

• Given by managers, customers…

• In Matlab, C, Java ….

• Property checking

• Done by R&D department

• In standard description Language, VHDL, Verilog.

• Done by HW designers




FunctionalDesign

RTLDesign

• In Matlab, C, Java ….





RTLVerification

• By simulation, logical modeling & automatic reasoning

•Property checking

• Done by HW designers & verification experts



• By simulation, logical modeling & automatic reasoning


• Equivalence checking

• Done by HW designers & verification experts up to 75 % of design time !


RTLVerification

Synthesis &Optimization

Post-SynthesisVerification

Tech. mappingPlace & route

Fabrication

Test & Packaging

Post design process



Outline




Designing Hardware in Mathematica

FunctionalDesign

RTLDesign

• In Mathematica, Matlab, C, Java ….





RTLVerification

• By simulation, logical modeling & automatic reasoning in Mathematica

•Property checking

• Done by HW designers & verification experts



Designing HW in Mathematica Functional Design

– Writing the early algorithms, formulas & equations directly in Mathematica

– Checking property by numerical & symbolic computation

RTL (register transfer level) design– Writing in standard VHDL– Simulating VHDL in Mathematica numerically &

symbolically– Checking properties






RTL (register transfer level) design– Writing in standard VHDL– Simulating VHDL in Mathematica numerically & symbolically– Checking properties

Finding bugs earlier Finding bugs earlier Less verification effort Less verification effort



Outline




First step :VHDL in Mathematica Modeling the semantic of a VHDL subset

– The model must meet the VHDL synthesizable standard– Accept numeric & symbolic inputs– A hierarchical functional model

Simulating the VHDL descriptions– The same results in numeric cases as within standard

simulators– Optimized for symbolic simulation

Checking properties about the symbolic results– Pattern matching, sat solving, BDD, theorem proving…



Mathematica symbolic simulatior

ResultsM-Code

Simulation Constraints

+Assertions

Event-based Symbolic Simulator

Constraints Resolution+

symbolic Verification of assertions Simulation

Rules

VHDLFile

nsimulation cycles Symbolic test cases

TranslatorIn Mathematica



Mathematica symbolic simulatior

ResultsM-Code


+Assertions




Rules

VHDLFile





A VHDL example

A VHDL example :

entity two_arbiter is port ( Clock : in bit; Reset : in bit; Req1 : in bit; Req2 : in bit; Ack1 : out bit; Ack2 : out

bit);

end two_arbiter ;

Two requests arbiter

Clock

Reset

Req1

Req2

Ack1

Ack2

Priority is given to the request Req2



A VHDL exampleA VHDL example :

architecture behavior of two_arbiter is

begin -- behavior

synchronous: process (clock, reset)

begin -- process synchronous

if reset = '0' then

ack1<='0';

ack2<='0';

elsif clock'event and clock = '1' then -- rising clock edge

if req1='1' and req2='0' then

ack1<='1';

ack2<='0';

elsif req2='1' then

ack2<='1';

ack1<='0';

else

ack1<='0';

ack2<='0';

end if;

end if;

end process synchronous;

end behavior;



The M-code The Mathematica function that models the

execution of the VHDL entity-architecture for one clock cycle

M-code (Mathematica COnditional DEscription)

Extracted automatically from the VHDL description

Hierarchy is supported



The M-code of the example

The Mathematica equivalent :

Clear[two$arbiter$behavior];

SetAttributes[two$arbiter$behavior, HoldAll];

two$arbiter$behavior[ack1_, ack1$1_, ack2_, ack2$1_, clock_, clock$0_, req1_,

req2_, reset_, reset$0_]:=

A VHDL example :


bit);

end two_arbiter ;









A VHDL example :


bit);

end two_arbiter ;



Signal modeling Three values are needed

The current value at time t, (S)

The old value at time (t-1), (S$0)

The next value at time (t+1), (S$1)

Old values are used only for detecting events (Sig(t) Sig (t-1))



The M-code body Each concurrent statement in the architecture is

rewritten as a sequential process

From these processes we extract automatically a list of assignments

One assignment for each object in the design :the transfer function of the object (signal or variable)

Simulates the behavior of the circuit for an abstract time unit called cycle



Modeling assignments The signal assignment function :

NextSig[ S, F(S1,S2,…,Sn)]]

It gives the next value of S knowing the current and the old values of design objects (S1,S2,…,Sn)

F is an if-then-else expression (Ife)



A VHDL exampleA VHDL example :

architecture behavior of two_arbiter is

begin -- behavior

synchronous: process (clock, reset)

begin -- process synchronous

if reset = '0' then

ack1<='0';

ack2<='0';

elsif clock'event and clock = '1' then -- rising clock edge

if req1='1' and req2='0' then

ack1<='1';

ack2<='0';

elsif req2='1' then

ack2<='1';

ack1<='0';

else

ack1<='0';

ack2<='0';

end if;

end if;

end process synchronous;

end behavior;



The M-code of the architecture The process is a set of signal assignments :{NextSig[ack1$1, Ife[equal[reset, 0], 0, Ife[and[event[clock], equal[clock, 1]], Ife[and[equal[req1, 1], equal[req2, 0]], 1, 0], ack1] ]]

, NextSig[ack2$1, Ife[equal[reset, 0], 0 , Ife[and[event[clock], equal[clock, 1]], Ife[and[equal[req1, 1], equal[req2, 0]], 0, Ife[equal[req2, 1], 1, 0] ], ack2]]] }



Outline




Second step : simulation VHDL

ResultsM-Code


+Assertions




Rules

VHDLFile



Executing the M-code function for n cycle (clock cycle for synchronous circuits)Executing the M-code function for n cycle (clock cycle for synchronous circuits)



ResultsM-Code


+Assertions




Rules

VHDLFile



Mathematica symbolic simulator

During simulation : applying test cases and simulation rules During simulation : applying test cases and simulation rules



Simulation algorithm

Initialize(DesignObject)

For cycle := 1 to n do

Apply-test-vectors(inputs)

Mcode(DesignObject)Mcode(DesignObject)

Verify(Assertion)

Update(DesignObject)

Print(SelectedResults)

End for



Simulation Rules Used during the execution of M-code Simplification rules

– Ife[True,x_,_] x;– Ife[False,_,y_] y;– Ife[_,y_,y_] y;

Normalization rules– Ife[Ife[a_,b_,c_],x_,y_] Ife[a,Ife[b,x,y],Ife[c,x,y]];

Evaluation rules– Ife[cond_,x_,y_] IFE[cond,Assuming[cond,simplify[x]],Assuming[Not[cond],

simplify[y]]];



The M-code of the architecture The process is a set of signal assignments :{NextSig[ack1$1, Ife[equal[reset, 0], 0, Ife[and[event[clock], equal[clock, 1]], Ife[and[equal[req1, 1], equal[req2, 0]], 1, 0], ack1] ]]

, NextSig[ack2$1, Ife[equal[reset, 0], 0 , Ife[and[event[clock], equal[clock, 1]], Ife[and[equal[req1, 1], equal[req2, 0]], 0, Ife[equal[req2, 1], 1, 0] ], ack2]]] }



Simulation of the example Most inputs are symbols, one simulation test case

is equivalent to a lot of numeric ones

The symbolic expression of Ack1– IFE[RESET == 0, 0, IFE[REQ1 == 1 && REQ2 == 0,

1, 0]]

The symbolic expression of Ack2– IFE[RESET == 0, 0, IFE[REQ1 == 1 && REQ2 == 0,

0, IFE[REQ2 == 1, 1, 0]]]



Outline




Checking properties What can we do with huge If-then-else

expressions?– The designer writes a property that the circuit should

satisfy – After the simulation, the symbolic expression of the

assertion should be evaluated to true or false

Property are checked by– Using comparison to direct specifications written in

Mathematica– Using a Boolean prover in Mathematica– Using an external theorem prover



Boolean prover in Mathematica A prototype is under test

Take a normalized if-then-else and gives a counter example if the theorem is wrong and prove it otherwise

Built by the association of :– an implementation of the shared-BDD rewriting in

Mathematica

– Make use of the FindInstance function in Mathematica



Checking properties of the example mutex : assert not (Ack1 and Ack2)

serve : assert Req1 or Req2 Ack1 or Ack2

waste : assert Ack1 req1

waste : assert Ack2 req2

All these properties are proved by by our Boolean prover in Mathematica and by ACL2



SatBit : checking the arbiter

SatBit : Gives an example that the expression is satisfaisable, False other wise.

In[24]:= SatBit[ack2]

Sat, example:

Out[24]= {{REQ1 -> 1, REQ2 -> 1, RESET -> 1}}

In[25]:= SatBit[ack1&&ack2]

Out[25]= False



Proving properties by ACL2 An inductive theorem prover An automatic link with Mathematica The main function is ImpliesAcl2[p,q]

– Prove by Acl2 that p qExample:– ImpliesAcl2[And[ bitp[REQ1, REQ2, RESET], RESET == 1 ,ack1 == 1 ],REQ1 == 1]True



Outline




Successful applications Validation on research and academic cases

Symbolic simulation and a verification of a network on chip (a university circuit)

Symbolic simulation of an industrial cryptographic component implementation

Symbolic simulation and property verification of a DRAM specification that comes from STMicroelectronics



Outline




Conclusion : achievements A VHDL to Mathematica compiler is built

A hardware simulator in Mathematica is implemented

We prove properties about results– A Boolean prover is implemented in Mathematica (automatic)

– A link to an external theorem prover is achieved (expert in proof may be needed when proof fails)

Application on various industrial circuits



Conclusion : What is next ? Writing a user manual

Building an interface

Supporting Property Specification Language (PSL)

A Demo at DATE 2005 (Design Automation & Test in Europe)



Thank you

using mathematica for modeling, simulation and property checking of hardware systems ghiath al...

Documents

mathematicavhdl simulation

design time

hw designersrtlverification

field ofhardware design

mathematicachecking

standard description

standard vhdlsimulating

rd department