research-article

Open Access

Kami: a platform for high-level parametric hardware specification and its modular verification

Authors:
Joonwon Choi

Massachusetts Institute of Technology, USA

Massachusetts Institute of Technology, USA
View Profile

,
Muralidaran Vijayaraghavan

Massachusetts Institute of Technology, USA

Massachusetts Institute of Technology, USA
View Profile

,
Benjamin Sherman

Massachusetts Institute of Technology, USA

Massachusetts Institute of Technology, USA
View Profile

,
Adam Chlipala

Massachusetts Institute of Technology, USA

Massachusetts Institute of Technology, USA
View Profile

,
Arvind

Massachusetts Institute of Technology, USA

Massachusetts Institute of Technology, USA
View Profile

Proceedings of the ACM on Programming Languages Volume 1 Issue ICFPArticle No.: 24pp 1–30https://doi.org/10.1145/3110268

Published:29 August 2017Publication History

Proceedings of the ACM on Programming Languages

Abstract

It has become fairly standard in the programming-languages research world to verify functional programs in proof assistants using induction, algebraic simplification, and rewriting. In this paper, we introduce Kami, a Coq library that enables similar expressive and modular reasoning for hardware designs expressed in the style of the Bluespec language. We can specify, implement, and verify realistic designs entirely within Coq, ending with automatic extraction into a pipeline that bottoms out in FPGAs. Our methodology, using labeled transition systems, has been evaluated in a case study verifying an infinite family of multicore systems, with cache-coherent shared memory and pipelined cores implementing (the base integer subset of) the RISC-V instruction set.

Supplemental Material

Available for Download

zip

icfp17-main16-s.zip (3.4 GB)

A virtual appliance of the Kami framework, accepted to ICFP 2017 Artifact Evaluation.

References

Arvind, Rishiyur S. Nikhil, Daniel L. Rosenband, and Nirav Dave. 2004. High-level synthesis: an essential ingredient for designing complex ASICs. In 2004 International Conference on Computer-Aided Design, ICCAD 2004, San Jose, CA, USA, November 7-11, 2004. IEEE Computer Society / ACM, 775–782. Google ScholarDigital Library
Ritwik Bhattacharya, Steven German, and Ganesh Gopalakrishnan. 2005. Symbolic Partial Order Reduction for Rule Based Transition Systems. In Correct Hardware Design and Verification Methods, Dominique Borrione and Wolfgang Paul (Eds.). Lecture Notes in Computer Science, Vol. 3725. Springer Berlin Heidelberg, 332–335. Google ScholarDigital Library
Ritwik Bhattacharya, Steven M. German, and Ganesh Gopalakrishnan. 2006. Exploiting symmetry and transactions for partial order reduction of rule based specifications. In Antti Valmari, editor, SPIN, volume 3925 of Lecture Notes in Computer Science. Springer, 252–270.Google Scholar
Per Bjesse, Koen Claessen, Mary Sheeran, and Satnam Singh. 1998. Lava: Hardware Design in Haskell. In Proceedings of the Third ACM SIGPLAN International Conference on Functional Programming (ICFP ’98). ACM, New York, NY, USA, 174–184. Google ScholarDigital Library
Thomas Braibant and Adam Chlipala. 2013. Formal Verification of Hardware Synthesis. In CAV 2013, 25th International Conference on Computer Aided Verification (Lecture Notes in Computer Science), Vol. 8044. Springer, 213–228. http: //gallium.inria.fr/~braibant/fe- si/ Google ScholarDigital Library
Jerry R Burch and David L Dill. 1994. Automatic verification of pipelined microprocessor control. In Computer Aided Verification. Springer, 68–80.Google Scholar
Xiaofang Chen, Yu Yang, Ganesh Gopalakrishnan, and Ching-Tsun Chou. 2010. Efficient Methods for Formally Verifying Safety Properties of Hierarchical Cache Coherence Protocols. Form. Methods Syst. Des. 36, 1 (Feb. 2010), 37–64. Google ScholarDigital Library
Adam Chlipala. 2008. Parametric Higher-order Abstract Syntax for Mechanized Semantics. In Proceedings of the 13th ACM SIGPLAN International Conference on Functional Programming (ICFP ’08). ACM, New York, NY, USA, 143–156. Google ScholarDigital Library
Ching-Tsun Chou, Phanindra K. Mannava, and Seungjoon Park. 2004. A simple method for parameterized verification of cache coherence protocols. In Formal Methods in Computer Aided Design. Springer, 382–398. Google ScholarCross Ref
Nirav Dave, Arvind, and Michael Pellauer. 2007. Scheduling as Rule Composition. In 5th ACM & IEEE International Conference on Formal Methods and Models for Co-Design (MEMOCODE 2007), May 30 - June 1st, Nice, France. IEEE Computer Society, 51–60. Google ScholarDigital Library
Nirav Dave, Man Cheuk Ng, and Arvind. 2005. Automatic synthesis of cache-coherence protocol processors using Bluespec. In 3rd ACM & IEEE International Conference on Formal Methods and Models for Co-Design (MEMOCODE 2005), 11-14 July 2005, Verona, Italy, Proceedings. IEEE Computer Society, 25–34. Google ScholarDigital Library
Giorgio Delzanno. 2000. Automatic Verification of Parameterized Cache Coherence Protocols. In Computer Aided Verification, E. Allen Emerson and Aravinda Prasad Sistla (Eds.). Lecture Notes in Computer Science, Vol. 1855. Springer Berlin Heidelberg, 53–68. Google ScholarCross Ref
D.L. Dill, A.J. Drexler, A.J. Hu, and C.H. Yang. 1992. Protocol verification as a hardware design aid. In Computer Design: VLSI in Computers and Processors, 1992. ICCD ’92. Proceedings, IEEE 1992 International Conference on. 522–525. Google ScholarCross Ref
E. Allen Emerson and Vineet Kahlon. 2003. Exact and Efficient Verification of Parameterized Cache Coherence Protocols. In Correct Hardware Design and Verification Methods, 12th IFIP WG 10.5 Advanced Research Working Conference, CHARME 2003, L’Aquila, Italy, October 21-24, 2003, Proceedings. 247–262. Google ScholarCross Ref
Thomas M Esposito, Mieszko Lis, Ravi A Nanavati, Joseph E Stoy, and Jacob B Schwartz. 2010. System and method for scheduling TRS rules. (Jan. 12 2010). US Patent 7,647,567.Google Scholar
Joao Paulo Pizani Flor and Wouter Swierstra. 2015. Π-Ware: An Embedded Hardware Description Language using Dependent Types. TYPES 2015 (2015), 67.Google Scholar
Dan R. Ghica. 2007. Geometry of Synthesis: A Structured Approach to VLSI Design. In Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’07). ACM, New York, NY, USA, 363–375. Google ScholarDigital Library
Dan R. Ghica and Alex Smith. 2010. Geometry of Synthesis II: From Games to Delay-Insensitive Circuits. Electron. Notes Theor. Comput. Sci. 265 (Sept. 2010), 301–324. Google ScholarDigital Library
Dan R. Ghica and Alex Smith. 2011. Geometry of Synthesis III: Resource Management Through Type Inference. In Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’11). ACM, New York, NY, USA, 345–356. Google ScholarDigital Library
Dan R. Ghica, Alex Smith, and Satnam Singh. 2011. Geometry of Synthesis IV: Compiling Affine Recursion into Static Hardware. In Proceedings of the 16th ACM SIGPLAN International Conference on Functional Programming (ICFP ’11). ACM, New York, NY, USA, 221–233. Google ScholarDigital Library
James C. Hoe and Arvind. 2000. Synthesis of Operation-Centric Hardware Descriptions. In Proceedings of the 2000 IEEE/ACM International Conference on Computer-Aided Design, 2000, San Jose, California, USA, November 5-9, 2000, Ellen Sentovich (Ed.). IEEE Computer Society, 511–518. Google ScholarCross Ref
Warren A. Hunt. 1989. Microprocessor design verification. Journal of Automated Reasoning 5, 4 (1989), 429–460. Google ScholarDigital Library
Warren A. Hunt and Bishop C. Brock. 1992. A Formal HDL and its Use in the FM9001 Verification. Philosophical Transactions of the Royal Society of London A: Mathematical, Physical and Engineering Sciences 339, 1652 (1992), 35–47. Google ScholarCross Ref
W. A. Hunt and B. C. Brock. 1995. The DUAL-EVAL hardware description language and its use in the formal specification and verification of the FM9001 microprocessor. In Design Automation Conference, 1995. Proceedings of the ASP-DAC ’95/CHDL ’95/VLSI ’95., IFIP International Conference on Hardware Description Languages. IFIP International Conference on Very Large Scal. 637–642. Google ScholarCross Ref
Chung-Wah Norris Ip, David L. Dill, and John C. Mitchell. 1996. State Reduction Methods For Automatic Formal Verification. (1996).Google Scholar
Ranjit Jhala and Kenneth L. McMillan. 2001. Microarchitecture Verification by Compositional Model Checking. In Computer Aided Verification: 13th International Conference, Paris, France, July 18–22, 2001 Proceedings, Gérard Berry, Hubert Comon, and Alain Finkel (Eds.). Springer, Berlin, Heidelberg, 396–410. Google ScholarCross Ref
Rajeev Joshi, Leslie Lamport, John Matthews, Serdar Tasiran, Mark R. Tuttle, and Yuan Yu. 2003. Checking Cache-Coherence Protocols with TLA + . Formal Methods in System Design 22, 2 (2003), 125–131. Google ScholarDigital Library
Chiraag Juvekar, Hyung-Min Lee, Joyce Kwong, and Anantha P. Chandrakasan. 2016. A Keccak-based wireless authentication tag with per-query key update and power-glitch attack countermeasures. In 2016 IEEE International Solid-State Circuits Conference, ISSCC 2016, San Francisco, CA, USA, January 31 - February 4, 2016. IEEE, 290–291. Google ScholarCross Ref
Roope Kaivola, Rajnish Ghughal, Naren Narasimhan, Amber Telfer, Jesse Whittemore, Sudhindra Pandav, Anna Slobodová, Christopher Taylor, Vladimir Frolov, Erik Reeber, et al. 2009. Replacing Testing with Formal Verification in Intel ® Core TM i7 Processor Execution Engine Validation. In Computer Aided Verification. Springer, 414–429. Google ScholarDigital Library
Michal Karczmarek, Arvind, and Muralidaran Vijayaraghavan. 2014. A new synthesis procedure for atomic rules containing multi-cycle function blocks. In Twelfth ACM/IEEE International Conference on Formal Methods and Models for Codesign, MEMOCODE 2014, Lausanne, Switzerland, October 19-21, 2014. IEEE, 22–31. Google ScholarDigital Library
Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2009. seL4: Formal Verification of an OS Kernel. In Proc. SOSP. ACM, 207–220. Google ScholarDigital Library
Leslie Lamport. 1979. How to make a multiprocessor computer that correctly executes multiprocess programs. Computers, IEEE Transactions on 100, 9 (1979), 690–691. Google ScholarDigital Library
Leslie Lamport. 2002. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA.Google ScholarDigital Library
Xavier Leroy. 2006. Formal certification of a compiler back-end or: programming a compiler with a proof assistant. In Proc. POPL. ACM, 42–54. Google ScholarDigital Library
Mieszko Lis, Keun Sup Shim, Brandon Cho, Ilia Lebedev, and Srinivas Devadas. 2013. Hardware-level thread migration in a 110-core shared-memory multiprocessor. In Hot Chips 25 Symposium (HCS), 2013 IEEE. IEEE, 1–27.Google ScholarCross Ref
Anita Lungu and Daniel J. Sorin. 2007. Verification-Aware Microprocessor Design. In Proceedings of the 16th International Conference on Parallel Architecture and Compilation Techniques (PACT ’07). IEEE Computer Society, Washington, DC, USA, 83–93. Google ScholarCross Ref
Opeoluwa Matthews, Jesse D. Bingham, and Daniel J. Sorin. 2016. Verifiable hierarchical protocols with network invariants on parametric systems. In 2016 Formal Methods in Computer-Aided Design, FMCAD 2016, Mountain View, CA, USA, October 3-6, 2016, Ruzica Piskac and Muralidhar Talupur (Eds.). IEEE, 101–108. Google ScholarCross Ref
K.L. McMillan. 1999. Verification of Infinite State Systems by Compositional Model Checking. In Correct Hardware Design and Verification Methods, Laurence Pierre and Thomas Kropf (Eds.). Lecture Notes in Computer Science, Vol. 1703. Springer Berlin Heidelberg, 219–237. Google ScholarCross Ref
K.L. McMillan and James Schwalbe. 1992. Formal verification of the Gigamax cache consistency protocol. In Proceedings of the International Symposium on Shared Memory Multiprocessing. 111–134.Google Scholar
Kenneth L McMillan. 1998. Verification of an implementation of Tomasulo’s algorithm by compositional model checking. In Computer Aided Verification. Springer, 110–121.Google Scholar
K. L. McMillan. 2001. Parameterized verification of the FLASH cache coherence protocol by compositional model checking. In CHARME 01: IFIP Working Conference on Correct Hardware Design and Verification Methods, Lecture Notes in Computer Science 2144. Springer, 179–195. Google ScholarCross Ref
J Strother Moore. 1998. An ACL2 Proof of Write Invalidate Cache Coherence. In Proc. CAV’98, volume 1427 of LNCS. Springer, 29–38.Google Scholar
Rishiyur S Nikhil and Kathy R Czeck. 2010. BSV by Example. CreateSpace, Dec (2010).Google Scholar
Seungjoon Park and David L. Dill. 1996. Verification of FLASH Cache Coherence Protocol by Aggregation of Distributed Transactions. In Proceedings of the 8th Annual ACM Symposium on Parallel Algorithms and Architectures. ACM Press, 288–296. Google ScholarDigital Library
Priyanka Raina, Mehul Tikekar, and Anantha P. Chandrakasan. 2016. An energy-scalable accelerator for blind image deblurring. In ESSCIRC Conference 2016: 42nd European Solid-State Circuits Conference, Lausanne, Switzerland, September 12-15, 2016. IEEE, 113–116. Google ScholarCross Ref
Alastair Reid. 2016. Trustworthy Specifications of ARMR v8-A and v8-M System Level Architecture. In Formal Methods in Computer-Aided Design, FMCAD.Google Scholar
Alastair Reid, Rick Chen, Anastasios Deligiannis, David Gilday, David Hoyes, Will Keen, Ashan Pathirane, Owen Shepherd, Peter Vrabel, and Ali Zaidi. 2016. End-to-End Verification of Processors with ISA-Formal. In Computer Aided Verification - 28th International Conference, CAV 2016, Toronto, ON, Canada, July 17-23, 2016, Proceedings, Part II (Lecture Notes in Computer Science), Swarat Chaudhuri and Azadeh Farzan (Eds.), Vol. 9780. Springer, 42–58. Google ScholarCross Ref
Daniel L. Rosenband and Arvind. 2004. Modular scheduling of guarded atomic actions. In Proceedings of the 41th Design Automation Conference, DAC 2004, San Diego, CA, USA, June 7-11, 2004, Sharad Malik, Limor Fix, and Andrew B. Kahng (Eds.). ACM, 55–60. Google ScholarDigital Library
Klaus Schneider. 2001. A Verified Hardware Synthesis of Esterel Programs. Springer US, Boston, MA, 205–214. Google ScholarCross Ref
Daniel J. Sorin, Mark D. Hill, and David A. Wood. 2011. A Primer on Memory Consistency and Cache Coherence. Synthesis Lectures on Computer Architecture 6, 3 (2011), 1–212. Google ScholarCross Ref
M. Talupur and Mark R. Tuttle. 2008. Going with the Flow: Parameterized Verification Using Message Flows. In Formal Methods in Computer-Aided Design, 2008. FMCAD ’08. 1–8. Google ScholarCross Ref
Muralidaran Vijayaraghavan. 2016. Modular Verification of Hardware Systems. Ph.D. Dissertation. http://hdl.handle.net/ 1721.1/106096Google Scholar
Muralidaran Vijayaraghavan, Adam Chlipala, Arvind, and Nirav Dave. 2015. Modular Deductive Verification of Multiprocessor Hardware Designs. In Computer Aided Verification - 27th International Conference, CAV 2015, San Francisco, CA, USA, July 18-24, 2015, Proceedings, Part II (Lecture Notes in Computer Science), Daniel Kroening and Corina S. Pasareanu (Eds.), Vol. 9207. Springer, 109–127. Google ScholarCross Ref
Muralidaran Vijayaraghavan, Nirav Dave, and Arvind. 2013. Modular compilation of guarded atomic actions. In 11th ACM/IEEE International Conference on Formal Methods and Models for Codesign, MEMCODE 2013, Portland, OR, USA, October 18-20, 2013. IEEE, 177–188. http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=6670957Google Scholar
Andrew Waterman, Yunsup Lee, David A. Patterson, and Krste Asanović. 2016. The RISC-V Instruction Set Manual, Volume I: User-Level ISA, Version 2.1. Technical Report UCB/EECS-2016-118. EECS Department, University of California, Berkeley. http://www2.eecs.berkeley.edu/Pubs/TechRpts/2016/EECS- 2016- 118.htmlGoogle Scholar
Phillip J. Windley. 1995. Formal modeling and verification of microprocessors. Computers, IEEE Transactions on 44, 1 (1995), 54–72.Google ScholarDigital Library
Andy Wright, Sizhuo Zhang, Thomas Bourgeat, Muralidaran Vijayaraghavan, Jamey Hicks, and Arvind. 2016. Riscy Processors: A collection of open-sourced RISC-V processors. In 4th RISC-V Workshop. https://riscv.org/wp- content/ uploads/2016/07/Wed830_Riscy_Processors_V1.pdfGoogle Scholar
Meng Zhang, Jesse D. Bingham, John Erickson, and Daniel J. Sorin. 2014. PVCoherence: Designing flat coherence protocols for scalable verification. In 20th IEEE International Symposium on High Performance Computer Architecture, Orlando, FL, USA, February 15-19, 2014. IEEE Computer Society, 392–403. Google ScholarCross Ref
Meng Zhang, Alvin R. Lebeck, and Daniel J. Sorin. 2010. Fractal Coherence: Scalably Verifiable Cache Coherence. In Proceedings of the 2010 43rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO ’43). IEEE Computer Society, Washington, DC, USA, 471–482. Google ScholarDigital Library

Index Terms

Kami: a platform for high-level parametric hardware specification and its modular verification
1. Hardware
  1. Electronic design automation
    1. Hardware description languages and compilation
    2. High-level and register-transfer level synthesis
  2. Hardware validation
    1. Functional verification
      1. Theorem proving and SAT solving

Recommendations

A monadic approach to automated reasoning for Bluespec SystemVerilog

We embed a non-trivial subset of Bluespec SystemVerilog (BSV) in the higher order logic of the PVS theorem prover. Owing to the clean semantics of BSV, application of monadic techniques leads to a surprisingly elegant embedding, in which hardware ...
Read More
A modular Isabelle framework for verifying saturation provers
CPP 2021: Proceedings of the 10th ACM SIGPLAN International Conference on Certified Programs and Proofs

We present a formalization in Isabelle/HOL of a comprehensive framework for proving the completeness of automatic theorem provers based on resolution, superposition, or other saturation calculi. The framework helps calculus designers and prover ...
Read More
Soundness and Completeness Proofs by Coinductive Methods

We show how codatatypes can be employed to produce compact, high-level proofs of key results in logic: the soundness and completeness of proof systems for variations of first-order logic. For the classical completeness result, we first establish an ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in

Proceedings of the ACM on Programming Languages Volume 1, Issue ICFP
September 2017
1173 pages
EISSN:2475-1421
DOI:10.1145/3136534
Issue’s Table of Contents

Copyright © 2017 Owner/Author
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 29 August 2017
Published in pacmpl Volume 1, Issue ICFP

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Badges
- Artifacts Available
- Artifacts Evaluated & Functional
Author Tags
formal verification
hardware
proof assistants
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 60
  Total Citations
  View Citations
- 1,329
  Total Downloads
- Downloads (Last 12 months)241
- Downloads (Last 6 weeks)40
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Kami: a platform for high-level parametric hardware specification and its modular verification

Proceedings of the ACM on Programming Languages

Abstract

Supplemental Material

Available for Download

References

Cited By

Index Terms

Recommendations

A monadic approach to automated reasoning for Bluespec SystemVerilog

A modular Isabelle framework for verifying saturation provers

Soundness and Completeness Proofs by Coinductive Methods