Verification of Parameterised FPGA Circuit Descriptions with Layout ...

More documents

Recommendations

Info

CHAPTER 4. VERIFYING CIRCUIT LAYOUTS 66 still vital to ensure that the layout is correct. While close examination by a human designer is an good method of finding many bugs in layout descriptions, it is no substitute for a formal assurance of correctness. In the develop- ment of the example designs illustrated in Chapter 6 there have been several occasions where Quartz descriptions which appeared on first inspection to be correctly laid out have turned out to contain errors. The hierarchical decomposition that is typical of Quartz circuit designs can be exploited so that sections of the a circuit can be proved correct independently of each other and then these proofs integrated into a proof of correctness for the entire design. However, the type of proofs involved in formally verifying a layout description are not particularly well suited to hand-proof by the designer, or indeed a different proof expert. Layouts of large numbers of components leads to long theorems requiring proof - but the constituents of these theorems are often either trivial or quite simple. These two factors combine to make it likely that “pen and paper” proof of these theorems is likely to be particularly unreliable unless extreme care is taken. Furthermore, there is a high level of proof re-use between different circuit descriptions, by exploiting similar properties of arithmetic operators, binary relations and Quartz size expres- sion functions. This suggests that layout verification may be a good candidate for the use of mechanised proof tools. In this chapter we describe a proof infrastructure based on Higher-Order Logic which elimi- nates the possibility of human error in proofs and demonstrates a high level of automation. 4.2 Choice of Formalism There are two main possible approaches to verifying Quartz layouts. The first is to verify the output circuit description for each compiled circuit, either in the form of parameterised/hierarchical VHDL or in netlist format. Verification of placed netlists is effectively carried out by the synthesis tools that generate the FPGA bitstream since they will raise an error if an incorrect layout is specified, however this is not of much use if the desire is to provide an
CHAPTER 4. VERIFYING CIRCUIT LAYOUTS 67 assurance that the generated parameterised VHDL library (Chapter 3) is correct. Verification of the parameterised VHDL would be possible but would have to be substantially repeated for each new circuit. The alternative approach is to attempt to verify the original Quartz description. Quartz combinators could be verified once and then this proof could be used in the proofs of all circuit descriptions that use this combinator. This approach offers a higher degree of reuse of proofs, which is extremely beneficial. Since Quartz is a high-order language, we have selected Higher-Order Logic (HOL) as the appropriate formalism for our proof system. This enables us to model most of the features of Quartz descriptions and thus to conduct verification at the level closest to the original circuit description. The use of HOL for functional verification of hardware is well understood [8, 52], although the level of automation that can be achieved is often not that great. Other formalisms, such as the Boyer-Moore logic [9] used by the ACL2 theorem prover [34], are simpler and can be more highly automated however they are less general. Using a first-order logic makes it impossible to prove properties of Quartz higher-order combinators, only about their instantiated instances i.e. while we might wish to prove the correctness of the map n R combinator we would be restricted to separately proving the correctness of the map n add and map n inv blocks. In this chapter we develop a system based around the embedding of HOL in the Isabelle [61] generic theorem prover. Isabelle/HOL [55] is a well developed Isabelle object logic and comes with many useful definitions and theorems. Our infrastructure is not specific to Isabelle, or to the Isabelle version of HOL, nor are we limited to using HOL for proofs. The layout verification stage of the Quartz compiler is designed to be invoked on polymorphic, high-order circuit descriptions however it could be invoked later during compilation to produce output for a different formalism. We separate the generation of proof obligations from the interface to the Isabelle theorem prover and it would be easy to provide an interface to a different proof tool.
Page 1 and 2:
Imperial College of Science, Techno
Page 3 and 4:
Acknowledgements Firstly, I’d lik
Page 5 and 6:
TABLE OF CONTENTS iv 2.5 Isabelle:
Page 7 and 8:
TABLE OF CONTENTS vi 5.3.1 Speciali
Page 9 and 10:
TABLE OF CONTENTS viii C.1.1 fst .
Page 11 and 12:
Chapter 1 Introduction This thesis
Page 13 and 14:
CHAPTER 1. INTRODUCTION 3 B A C Fig
Page 15 and 16:
CHAPTER 1. INTRODUCTION 5 pler, all
Page 17 and 18:
CHAPTER 2. BACKGROUND AND RELATED W
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26: CHAPTER 2. BACKGROUND AND RELATED W
Page 45 and 46: CHAPTER 3. GENERATING PARAMETERISED
Page 75: Chapter 4 Verifying Circuit Layouts
Page 79 and 80: CHAPTER 4. VERIFYING CIRCUIT LAYOUT
Page 117 and 118: Chapter 5 Specialisation In this ch
Page 119 and 120: CHAPTER 5. SPECIALISATION 109 opera
Page 121 and 122: CHAPTER 5. SPECIALISATION 111 // Ha
Page 123 and 124: CHAPTER 5. SPECIALISATION 113 circu
Page 125 and 126: CHAPTER 5. SPECIALISATION 115 const
Page 127 and 128:
CHAPTER 5. SPECIALISATION 117 block
Page 129 and 130:
CHAPTER 5. SPECIALISATION 119 Modif
Page 131 and 132:
CHAPTER 5. SPECIALISATION 121 Buffe
Page 133 and 134:
CHAPTER 5. SPECIALISATION 123 a fas
Page 135 and 136:
CHAPTER 5. SPECIALISATION 125 block
Page 137 and 138:
CHAPTER 5. SPECIALISATION 127 y y y
Page 139 and 140:
CHAPTER 5. SPECIALISATION 129 with
Page 141 and 142:
CHAPTER 6. LAYOUT CASE STUDIES 131
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
CHAPTER 7. CONCLUSION AND FUTURE WO
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Bibliography [1] A. Aggoun and N. B
Page 187 and 188:
BIBLIOGRAPHY 177 [19] H. Gelernter.
Page 189 and 190:
BIBLIOGRAPHY 179 [41] Y. Li and M.
Page 191 and 192:
BIBLIOGRAPHY 181 [60] L. C. Paulson
Page 193 and 194:
BIBLIOGRAPHY 183 [83] J. Voeten. On
Page 195 and 196:
APPENDIX A. QUARTZ LANGUAGE GRAMMAR
Page 197 and 198:
Appendix B Theoretical Basis for La
Page 199 and 200:
APPENDIX B. THEORETICAL BASIS FOR L
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Appendix C Placed Combinator Librar
Page 219 and 220:
APPENDIX C. PLACED COMBINATOR LIBRA
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Page 259 and 260:
Page 261 and 262:
Page 263 and 264:
Page 265 and 266:
Page 267 and 268:
Page 269 and 270:
Page 271 and 272:
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
APPENDIX D. CIRCUIT LAYOUT CASE STU
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305 and 306:
Page 307 and 308:
Page 309 and 310:
Page 311 and 312:
Page 313 and 314:
Page 315 and 316:
Page 317 and 318:
Page 319 and 320:
Page 321 and 322:
Page 323 and 324:
Page 325 and 326:
Page 327:
show all

Verification of Parameterised FPGA Circuit Descriptions with Layout ...

Create successful ePaper yourself

Delete template?

Save as template?