Abstract
It has become fairly standard in the programming-languages research world to verify functional programs in proof assistants using induction, algebraic simplification, and rewriting. In this paper, we introduce Kami, a Coq library that enables similar expressive and modular reasoning for hardware designs expressed in the style of the Bluespec language. We can specify, implement, and verify realistic designs entirely within Coq, ending with automatic extraction into a pipeline that bottoms out in FPGAs. Our methodology, using labeled transition systems, has been evaluated in a case study verifying an infinite family of multicore systems, with cache-coherent shared memory and pipelined cores implementing (the base integer subset of) the RISC-V instruction set.
Supplemental Material
Available for Download
A virtual appliance of the Kami framework, accepted to ICFP 2017 Artifact Evaluation.
- Arvind, Rishiyur S. Nikhil, Daniel L. Rosenband, and Nirav Dave. 2004. High-level synthesis: an essential ingredient for designing complex ASICs. In 2004 International Conference on Computer-Aided Design, ICCAD 2004, San Jose, CA, USA, November 7-11, 2004. IEEE Computer Society / ACM, 775–782. Google ScholarDigital Library
- Ritwik Bhattacharya, Steven German, and Ganesh Gopalakrishnan. 2005. Symbolic Partial Order Reduction for Rule Based Transition Systems. In Correct Hardware Design and Verification Methods, Dominique Borrione and Wolfgang Paul (Eds.). Lecture Notes in Computer Science, Vol. 3725. Springer Berlin Heidelberg, 332–335. Google ScholarDigital Library
- Ritwik Bhattacharya, Steven M. German, and Ganesh Gopalakrishnan. 2006. Exploiting symmetry and transactions for partial order reduction of rule based specifications. In Antti Valmari, editor, SPIN, volume 3925 of Lecture Notes in Computer Science. Springer, 252–270.Google Scholar
- Per Bjesse, Koen Claessen, Mary Sheeran, and Satnam Singh. 1998. Lava: Hardware Design in Haskell. In Proceedings of the Third ACM SIGPLAN International Conference on Functional Programming (ICFP ’98). ACM, New York, NY, USA, 174–184. Google ScholarDigital Library
- Thomas Braibant and Adam Chlipala. 2013. Formal Verification of Hardware Synthesis. In CAV 2013, 25th International Conference on Computer Aided Verification (Lecture Notes in Computer Science), Vol. 8044. Springer, 213–228. http: //gallium.inria.fr/~braibant/fe- si/ Google ScholarDigital Library
- Jerry R Burch and David L Dill. 1994. Automatic verification of pipelined microprocessor control. In Computer Aided Verification. Springer, 68–80.Google Scholar
- Xiaofang Chen, Yu Yang, Ganesh Gopalakrishnan, and Ching-Tsun Chou. 2010. Efficient Methods for Formally Verifying Safety Properties of Hierarchical Cache Coherence Protocols. Form. Methods Syst. Des. 36, 1 (Feb. 2010), 37–64. Google ScholarDigital Library
- Adam Chlipala. 2008. Parametric Higher-order Abstract Syntax for Mechanized Semantics. In Proceedings of the 13th ACM SIGPLAN International Conference on Functional Programming (ICFP ’08). ACM, New York, NY, USA, 143–156. Google ScholarDigital Library
- Ching-Tsun Chou, Phanindra K. Mannava, and Seungjoon Park. 2004. A simple method for parameterized verification of cache coherence protocols. In Formal Methods in Computer Aided Design. Springer, 382–398. Google ScholarCross Ref
- Nirav Dave, Arvind, and Michael Pellauer. 2007. Scheduling as Rule Composition. In 5th ACM & IEEE International Conference on Formal Methods and Models for Co-Design (MEMOCODE 2007), May 30 - June 1st, Nice, France. IEEE Computer Society, 51–60. Google ScholarDigital Library
- Nirav Dave, Man Cheuk Ng, and Arvind. 2005. Automatic synthesis of cache-coherence protocol processors using Bluespec. In 3rd ACM & IEEE International Conference on Formal Methods and Models for Co-Design (MEMOCODE 2005), 11-14 July 2005, Verona, Italy, Proceedings. IEEE Computer Society, 25–34. Google ScholarDigital Library
- Giorgio Delzanno. 2000. Automatic Verification of Parameterized Cache Coherence Protocols. In Computer Aided Verification, E. Allen Emerson and Aravinda Prasad Sistla (Eds.). Lecture Notes in Computer Science, Vol. 1855. Springer Berlin Heidelberg, 53–68. Google ScholarCross Ref
- D.L. Dill, A.J. Drexler, A.J. Hu, and C.H. Yang. 1992. Protocol verification as a hardware design aid. In Computer Design: VLSI in Computers and Processors, 1992. ICCD ’92. Proceedings, IEEE 1992 International Conference on. 522–525. Google ScholarCross Ref
- E. Allen Emerson and Vineet Kahlon. 2003. Exact and Efficient Verification of Parameterized Cache Coherence Protocols. In Correct Hardware Design and Verification Methods, 12th IFIP WG 10.5 Advanced Research Working Conference, CHARME 2003, L’Aquila, Italy, October 21-24, 2003, Proceedings. 247–262. Google ScholarCross Ref
- Thomas M Esposito, Mieszko Lis, Ravi A Nanavati, Joseph E Stoy, and Jacob B Schwartz. 2010. System and method for scheduling TRS rules. (Jan. 12 2010). US Patent 7,647,567.Google Scholar
- Joao Paulo Pizani Flor and Wouter Swierstra. 2015. Π-Ware: An Embedded Hardware Description Language using Dependent Types. TYPES 2015 (2015), 67.Google Scholar
- Dan R. Ghica. 2007. Geometry of Synthesis: A Structured Approach to VLSI Design. In Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’07). ACM, New York, NY, USA, 363–375. Google ScholarDigital Library
- Dan R. Ghica and Alex Smith. 2010. Geometry of Synthesis II: From Games to Delay-Insensitive Circuits. Electron. Notes Theor. Comput. Sci. 265 (Sept. 2010), 301–324. Google ScholarDigital Library
- Dan R. Ghica and Alex Smith. 2011. Geometry of Synthesis III: Resource Management Through Type Inference. In Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’11). ACM, New York, NY, USA, 345–356. Google ScholarDigital Library
- Dan R. Ghica, Alex Smith, and Satnam Singh. 2011. Geometry of Synthesis IV: Compiling Affine Recursion into Static Hardware. In Proceedings of the 16th ACM SIGPLAN International Conference on Functional Programming (ICFP ’11). ACM, New York, NY, USA, 221–233. Google ScholarDigital Library
- James C. Hoe and Arvind. 2000. Synthesis of Operation-Centric Hardware Descriptions. In Proceedings of the 2000 IEEE/ACM International Conference on Computer-Aided Design, 2000, San Jose, California, USA, November 5-9, 2000, Ellen Sentovich (Ed.). IEEE Computer Society, 511–518. Google ScholarCross Ref
- Warren A. Hunt. 1989. Microprocessor design verification. Journal of Automated Reasoning 5, 4 (1989), 429–460. Google ScholarDigital Library
- Warren A. Hunt and Bishop C. Brock. 1992. A Formal HDL and its Use in the FM9001 Verification. Philosophical Transactions of the Royal Society of London A: Mathematical, Physical and Engineering Sciences 339, 1652 (1992), 35–47. Google ScholarCross Ref
- W. A. Hunt and B. C. Brock. 1995. The DUAL-EVAL hardware description language and its use in the formal specification and verification of the FM9001 microprocessor. In Design Automation Conference, 1995. Proceedings of the ASP-DAC ’95/CHDL ’95/VLSI ’95., IFIP International Conference on Hardware Description Languages. IFIP International Conference on Very Large Scal. 637–642. Google ScholarCross Ref
- Chung-Wah Norris Ip, David L. Dill, and John C. Mitchell. 1996. State Reduction Methods For Automatic Formal Verification. (1996).Google Scholar
- Ranjit Jhala and Kenneth L. McMillan. 2001. Microarchitecture Verification by Compositional Model Checking. In Computer Aided Verification: 13th International Conference, Paris, France, July 18–22, 2001 Proceedings, Gérard Berry, Hubert Comon, and Alain Finkel (Eds.). Springer, Berlin, Heidelberg, 396–410. Google ScholarCross Ref
- Rajeev Joshi, Leslie Lamport, John Matthews, Serdar Tasiran, Mark R. Tuttle, and Yuan Yu. 2003. Checking Cache-Coherence Protocols with TLA + . Formal Methods in System Design 22, 2 (2003), 125–131. Google ScholarDigital Library
- Chiraag Juvekar, Hyung-Min Lee, Joyce Kwong, and Anantha P. Chandrakasan. 2016. A Keccak-based wireless authentication tag with per-query key update and power-glitch attack countermeasures. In 2016 IEEE International Solid-State Circuits Conference, ISSCC 2016, San Francisco, CA, USA, January 31 - February 4, 2016. IEEE, 290–291. Google ScholarCross Ref
- Roope Kaivola, Rajnish Ghughal, Naren Narasimhan, Amber Telfer, Jesse Whittemore, Sudhindra Pandav, Anna Slobodová, Christopher Taylor, Vladimir Frolov, Erik Reeber, et al. 2009. Replacing Testing with Formal Verification in Intel ® Core TM i7 Processor Execution Engine Validation. In Computer Aided Verification. Springer, 414–429. Google ScholarDigital Library
- Michal Karczmarek, Arvind, and Muralidaran Vijayaraghavan. 2014. A new synthesis procedure for atomic rules containing multi-cycle function blocks. In Twelfth ACM/IEEE International Conference on Formal Methods and Models for Codesign, MEMOCODE 2014, Lausanne, Switzerland, October 19-21, 2014. IEEE, 22–31. Google ScholarDigital Library
- Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2009. seL4: Formal Verification of an OS Kernel. In Proc. SOSP. ACM, 207–220. Google ScholarDigital Library
- Leslie Lamport. 1979. How to make a multiprocessor computer that correctly executes multiprocess programs. Computers, IEEE Transactions on 100, 9 (1979), 690–691. Google ScholarDigital Library
- Leslie Lamport. 2002. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA.Google ScholarDigital Library
- Xavier Leroy. 2006. Formal certification of a compiler back-end or: programming a compiler with a proof assistant. In Proc. POPL. ACM, 42–54. Google ScholarDigital Library
- Mieszko Lis, Keun Sup Shim, Brandon Cho, Ilia Lebedev, and Srinivas Devadas. 2013. Hardware-level thread migration in a 110-core shared-memory multiprocessor. In Hot Chips 25 Symposium (HCS), 2013 IEEE. IEEE, 1–27.Google ScholarCross Ref
- Anita Lungu and Daniel J. Sorin. 2007. Verification-Aware Microprocessor Design. In Proceedings of the 16th International Conference on Parallel Architecture and Compilation Techniques (PACT ’07). IEEE Computer Society, Washington, DC, USA, 83–93. Google ScholarCross Ref
- Opeoluwa Matthews, Jesse D. Bingham, and Daniel J. Sorin. 2016. Verifiable hierarchical protocols with network invariants on parametric systems. In 2016 Formal Methods in Computer-Aided Design, FMCAD 2016, Mountain View, CA, USA, October 3-6, 2016, Ruzica Piskac and Muralidhar Talupur (Eds.). IEEE, 101–108. Google ScholarCross Ref
- K.L. McMillan. 1999. Verification of Infinite State Systems by Compositional Model Checking. In Correct Hardware Design and Verification Methods, Laurence Pierre and Thomas Kropf (Eds.). Lecture Notes in Computer Science, Vol. 1703. Springer Berlin Heidelberg, 219–237. Google ScholarCross Ref
- K.L. McMillan and James Schwalbe. 1992. Formal verification of the Gigamax cache consistency protocol. In Proceedings of the International Symposium on Shared Memory Multiprocessing. 111–134.Google Scholar
- Kenneth L McMillan. 1998. Verification of an implementation of Tomasulo’s algorithm by compositional model checking. In Computer Aided Verification. Springer, 110–121.Google Scholar
- K. L. McMillan. 2001. Parameterized verification of the FLASH cache coherence protocol by compositional model checking. In CHARME 01: IFIP Working Conference on Correct Hardware Design and Verification Methods, Lecture Notes in Computer Science 2144. Springer, 179–195. Google ScholarCross Ref
- J Strother Moore. 1998. An ACL2 Proof of Write Invalidate Cache Coherence. In Proc. CAV’98, volume 1427 of LNCS. Springer, 29–38.Google Scholar
- Rishiyur S Nikhil and Kathy R Czeck. 2010. BSV by Example. CreateSpace, Dec (2010).Google Scholar
- Seungjoon Park and David L. Dill. 1996. Verification of FLASH Cache Coherence Protocol by Aggregation of Distributed Transactions. In Proceedings of the 8th Annual ACM Symposium on Parallel Algorithms and Architectures. ACM Press, 288–296. Google ScholarDigital Library
- Priyanka Raina, Mehul Tikekar, and Anantha P. Chandrakasan. 2016. An energy-scalable accelerator for blind image deblurring. In ESSCIRC Conference 2016: 42nd European Solid-State Circuits Conference, Lausanne, Switzerland, September 12-15, 2016. IEEE, 113–116. Google ScholarCross Ref
- Alastair Reid. 2016. Trustworthy Specifications of ARMR v8-A and v8-M System Level Architecture. In Formal Methods in Computer-Aided Design, FMCAD.Google Scholar
- Alastair Reid, Rick Chen, Anastasios Deligiannis, David Gilday, David Hoyes, Will Keen, Ashan Pathirane, Owen Shepherd, Peter Vrabel, and Ali Zaidi. 2016. End-to-End Verification of Processors with ISA-Formal. In Computer Aided Verification - 28th International Conference, CAV 2016, Toronto, ON, Canada, July 17-23, 2016, Proceedings, Part II (Lecture Notes in Computer Science), Swarat Chaudhuri and Azadeh Farzan (Eds.), Vol. 9780. Springer, 42–58. Google ScholarCross Ref
- Daniel L. Rosenband and Arvind. 2004. Modular scheduling of guarded atomic actions. In Proceedings of the 41th Design Automation Conference, DAC 2004, San Diego, CA, USA, June 7-11, 2004, Sharad Malik, Limor Fix, and Andrew B. Kahng (Eds.). ACM, 55–60. Google ScholarDigital Library
- Klaus Schneider. 2001. A Verified Hardware Synthesis of Esterel Programs. Springer US, Boston, MA, 205–214. Google ScholarCross Ref
- Daniel J. Sorin, Mark D. Hill, and David A. Wood. 2011. A Primer on Memory Consistency and Cache Coherence. Synthesis Lectures on Computer Architecture 6, 3 (2011), 1–212. Google ScholarCross Ref
- M. Talupur and Mark R. Tuttle. 2008. Going with the Flow: Parameterized Verification Using Message Flows. In Formal Methods in Computer-Aided Design, 2008. FMCAD ’08. 1–8. Google ScholarCross Ref
- Muralidaran Vijayaraghavan. 2016. Modular Verification of Hardware Systems. Ph.D. Dissertation. http://hdl.handle.net/ 1721.1/106096Google Scholar
- Muralidaran Vijayaraghavan, Adam Chlipala, Arvind, and Nirav Dave. 2015. Modular Deductive Verification of Multiprocessor Hardware Designs. In Computer Aided Verification - 27th International Conference, CAV 2015, San Francisco, CA, USA, July 18-24, 2015, Proceedings, Part II (Lecture Notes in Computer Science), Daniel Kroening and Corina S. Pasareanu (Eds.), Vol. 9207. Springer, 109–127. Google ScholarCross Ref
- Muralidaran Vijayaraghavan, Nirav Dave, and Arvind. 2013. Modular compilation of guarded atomic actions. In 11th ACM/IEEE International Conference on Formal Methods and Models for Codesign, MEMCODE 2013, Portland, OR, USA, October 18-20, 2013. IEEE, 177–188. http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=6670957Google Scholar
- Andrew Waterman, Yunsup Lee, David A. Patterson, and Krste Asanović. 2016. The RISC-V Instruction Set Manual, Volume I: User-Level ISA, Version 2.1. Technical Report UCB/EECS-2016-118. EECS Department, University of California, Berkeley. http://www2.eecs.berkeley.edu/Pubs/TechRpts/2016/EECS- 2016- 118.htmlGoogle Scholar
- Phillip J. Windley. 1995. Formal modeling and verification of microprocessors. Computers, IEEE Transactions on 44, 1 (1995), 54–72.Google ScholarDigital Library
- Andy Wright, Sizhuo Zhang, Thomas Bourgeat, Muralidaran Vijayaraghavan, Jamey Hicks, and Arvind. 2016. Riscy Processors: A collection of open-sourced RISC-V processors. In 4th RISC-V Workshop. https://riscv.org/wp- content/ uploads/2016/07/Wed830_Riscy_Processors_V1.pdfGoogle Scholar
- Meng Zhang, Jesse D. Bingham, John Erickson, and Daniel J. Sorin. 2014. PVCoherence: Designing flat coherence protocols for scalable verification. In 20th IEEE International Symposium on High Performance Computer Architecture, Orlando, FL, USA, February 15-19, 2014. IEEE Computer Society, 392–403. Google ScholarCross Ref
- Meng Zhang, Alvin R. Lebeck, and Daniel J. Sorin. 2010. Fractal Coherence: Scalably Verifiable Cache Coherence. In Proceedings of the 2010 43rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO ’43). IEEE Computer Society, Washington, DC, USA, 471–482. Google ScholarDigital Library
Index Terms
- Kami: a platform for high-level parametric hardware specification and its modular verification
Recommendations
A monadic approach to automated reasoning for Bluespec SystemVerilog
We embed a non-trivial subset of Bluespec SystemVerilog (BSV) in the higher order logic of the PVS theorem prover. Owing to the clean semantics of BSV, application of monadic techniques leads to a surprisingly elegant embedding, in which hardware ...
A modular Isabelle framework for verifying saturation provers
CPP 2021: Proceedings of the 10th ACM SIGPLAN International Conference on Certified Programs and ProofsWe present a formalization in Isabelle/HOL of a comprehensive framework for proving the completeness of automatic theorem provers based on resolution, superposition, or other saturation calculi. The framework helps calculus designers and prover ...
Soundness and Completeness Proofs by Coinductive Methods
We show how codatatypes can be employed to produce compact, high-level proofs of key results in logic: the soundness and completeness of proof systems for variations of first-order logic. For the classical completeness result, we first establish an ...
Comments