71 research outputs found
Mothers of Pipelines
AbstractWe present a method for pipeline verification using SMT solvers. It is based on a non-deterministic âmother pipelineâ machine (MOP) that abstracts the instruction set architecture (ISA). The MOP vs. ISA correctness theorem splits naturally into a large number of simple subgoals. This theorem reduces proving the correctness of a given pipelined implementation of the ISA to verifying that each of its transitions can be modeled as a sequence of MOP state transitions
Guarded atomic actions and refinement in a system-on-chip development flow: bridging the specification gap with Event-B
Modern System-on-chip (SoC) hardware design puts considerable pressure on existing design and verification flows, languages and tools. The Register Transfer Level (RTL)description, which forms the input for synchronous, logic synthesis-driven design is at too low a level of abstraction for efficient architectural exploration and re-use. The existing methods for taking a high-level paper specification and refining this specification to an implementation that meets its performance criteria is largely manual and error-prone and as RTL descriptions get larger, a systematic design method is necessary to address explicitly the timing issues that arise when applying logic synthesis to such large blocks.Guarded Atomic Actions have been shown to offer a convenient notation for describing microarchitectures that is amenable to formal reasoning and high-level synthesis. Event-B is a language and method that supports the development of specifications with automatic proof and refinement, based on guarded atomic actions. Latency-insensitive design ensures that a design composed of functionally correct components will be independent of communication latency. A method has been developed which uses Event-B for latency-insensitive SoC component and sub-system design which can be combined with high-level, component synthesis to enable architectural exploration and re-use at the specification level and to close the specification gap in the SoC hardware flow
A Scalable Formal Verification Methodology for Data-Oblivious Hardware
The importance of preventing microarchitectural timing side channels in
security-critical applications has surged in recent years. Constant-time
programming has emerged as a best-practice technique for preventing the leakage
of secret information through timing. It is based on the assumption that the
timing of certain basic machine instructions is independent of their respective
input data. However, whether or not an instruction satisfies this
data-independent timing criterion varies between individual processor
microarchitectures. In this paper, we propose a novel methodology to formally
verify data-oblivious behavior in hardware using standard property checking
techniques. The proposed methodology is based on an inductive property that
enables scalability even to complex out-of-order cores. We show that proving
this inductive property is sufficient to exhaustively verify data-obliviousness
at the microarchitectural level. In addition, the paper discusses several
techniques that can be used to make the verification process easier and faster.
We demonstrate the feasibility of the proposed methodology through case studies
on several open-source designs. One case study uncovered a data-dependent
timing violation in the extensively verified and highly secure IBEX RISC-V
core. In addition to several hardware accelerators and in-order processors, our
experiments also include RISC-V BOOM, a complex out-of-order processor,
highlighting the scalability of the approach
Synchronous Digital Circuits as Functional Programs
Functional programming techniques have been used to describe synchronous digital circuits since the early 1980s and have proven successful at describing certain types of designs. Here we survey the systems and formal underpinnings that constitute this tradition. We situate these techniques with respect to other formal methods for hardware design and discuss the work yet to be done
Cyber-security for embedded systems: methodologies, techniques and tools
L'abstract Ăš presente nell'allegato / the abstract is in the attachmen
Formal Verification of the AAMP-FV Microcode
This report describes the experiences of Collins Avionics & Communications and SRI International in formally specifying and verifying the microcode in a Rockwell proprietary microprocessor, the AAMP-FV, using the PVS verification system. This project built extensively on earlier experiences using PVS to verify the microcode in the AAMP5, a complex, pipelined microprocessor designed for use in avionics displays and global positioning systems. While the AAMP5 experiment demonstrated the technical feasibility of formal verification of microcode, the steep learning curve encountered left unanswered the question of whether it could be performed at reasonable cost. The AAMP-FV project was conducted to determine whether the experience gained on the AAMP5 project could be used to make formal verification of microcode cost effective for safety-critical and high volume devices
Clustered VLIW architecture based on queue register files
Institute for Computing Systems ArchitectureInstruction-level parallelism (ILP) is a set of hardware and software techniques that allow parallel execution of machine operations. Superscalar architectures rely most heavily upon hardware schemes to identify parallelism among operations. Although successful in terms of performance, the hardware complexity involved might limit the scalability of this model. VLIW architectures use a different approach to exploit ILP. In this case all data dependence analyses and scheduling of operations are performed at compile time, resulting in a simpler hardware organization. This allows the inclusion of a larger number of functional units (FUs) into a single chip. IN spite of this relative simplification, the scalability of VLIW architectures can be constrained by the size and number of ports of the register file. VLIW machines often use software pipelining techniques to improve the execution of loop structures, which can increase the register pressure. Furthermore, the access time of a register file can be compromised by the number of ports, causing a negative impact on the machine cycle time. For these reasons we understand that the benefits of having parallel FUs, which have motivated the investigation of alternative machine designs.
This thesis presents a scalar VLIW architecture comprising clusters of FUs and private register files. Register files organised as queue structures are used as a mechanism for inter-cluster communication, allowing the enforcement of fixed latency in the process. This scheme presents better possibilities in terms of scalability as the size of the individual register files is not determined by the total number of FUs, suggesting that the silicon area may grow only linearly with respect to the total number of FUs. However, the effectiveness of such an organization depends on the efficiency of the code partitioning strategy. We have developed an algorithm for a clustered VLIW architecture integrating both software pipelining and code partitioning in a a single procedure. Experimental results show it may allow performance levels close to an unclustered machine without communication restraints. Finally, we have developed silicon area and cycle time models to quantify the scalability of performance and cost for this class of architecture
Architectural Exploration of KeyRing Self-Timed Processors
RĂSUMĂ
Les derniĂšres dĂ©cennies ont vu lâaugmentation des performances des processeurs contraintes
par les limites imposĂ©es par la consommation dâĂ©nergie des systĂšmes Ă©lectroniques : des trĂšs
basses consommations requises pour les objets connectés, aux budgets de dépenses électriques
des serveurs, en passant par les limitations thermiques et la durée de vie des batteries des
appareils mobiles. Cette forte demande en processeurs efficients en énergie, couplée avec
les limitations de la rĂ©duction dâĂ©chelle des transistorsâqui ne permet plus dâamĂ©liorer les
performances Ă densitĂ© de puissance constanteâ, conduit les concepteurs de circuits intĂ©grĂ©s
Ă explorer de nouvelles microarchitectures permettant dâobtenir de meilleures performances
pour un budget Ă©nergĂ©tique donnĂ©. Cette thĂšse sâinscrit dans cette tendance en proposant
une nouvelle microarchitecture de processeur, appelĂ©e KeyRing, conçue avec lâintention de
rĂ©duire la consommation dâĂ©nergie des processeurs.
La frĂ©quence dâopĂ©ration des transistors dans les circuits intĂ©grĂ©s est proportionnelle Ă leur
consommation dynamique dâĂ©nergie. Par consĂ©quent, les techniques de conception permettant
de réduire dynamiquement le nombre de transistors en opération sont trÚs largement
adoptĂ©es pour amĂ©liorer lâefficience Ă©nergĂ©tique des processeurs. La technique de clock-gating
est particuliĂšrement usitĂ©e dans les circuits synchrones, car elle rĂ©duit lâimpact de lâhorloge
globale, qui est la principale source dâactivitĂ©. La microarchitecture KeyRing prĂ©sentĂ©e dans
cette thÚse utilise une méthode de synchronisation décentralisée et asynchrone pour réduire
lâactivitĂ© des circuits. Elle est dĂ©rivĂ©e du processeur AnARM, un processeur dĂ©veloppĂ© par
Octasic sur la base dâune microarchitecture asynchrone ad hoc. Bien quâil soit plus efficient
en Ă©nergie que des alternatives synchrones, le AnARM est essentiellement incompatible avec
les mĂ©thodes de synthĂšse et dâanalyse temporelle statique standards. De plus, sa technique
de conception ad hoc ne sâinscrit que partiellement dans les paradigmes de conceptions asynchrones.
Cette thÚse propose une approche rigoureuse pour définir les principes généraux
de cette technique de conception ad hoc, en faisant levier sur la littérature asynchrone. La
microarchitecture KeyRing qui en résulte est développée en association avec une méthode
de conception automatisĂ©e, qui permet de sâaffranchir des incompatibilitĂ©s natives existant
entre les outils de conception et les systÚmes asynchrones. La méthode proposée permet de
pleinement mettre Ă profit les flots de conception standards de lâindustrie microĂ©lectronique
pour réaliser la synthÚse et la vérification des circuits KeyRing. Cette thÚse propose également
des protocoles expérimentaux, dont le but est de renforcer la relation de causalité
entre la microarchitecture KeyRing et une réduction de la consommation énergétique des
processeurs, comparativement Ă des alternatives synchrones Ă©quivalentes.----------ABSTRACT
Over the last years, microprocessors have had to increase their performances while keeping
their power envelope within tight bounds, as dictated by the needs of various markets: from
the ultra-low power requirements of the IoT, to the electrical power consumption budget
in enterprise servers, by way of passive cooling and day-long battery life in mobile devices.
This high demand for power-efficient processors, coupled with the limitations of technology
scalingâwhich no longer provides improved performances at constant power densitiesâ, is
leading designers to explore new microarchitectures with the goal of pulling more performances
out of a fixed power budget. This work enters into this trend by proposing a new
processor microarchitecture, called KeyRing, having a low-power design intent.
The switching activity of integrated circuitsâi.e. transistors switching on and offâdirectly
affects their dynamic power consumption. Circuit-level design techniques such as clock-gating
are widely adopted as they dramatically reduce the impact of the global clock in synchronous
circuits, which constitutes the main source of switching activity. The KeyRing microarchitecture
presented in this work uses an asynchronous clocking scheme that relies on decentralized
synchronization mechanisms to reduce the switching activity of circuits. It is derived from
the AnARM, a power-efficient ARM processor developed by Octasic using an ad hoc asynchronous
microarchitecture. Although it delivers better power-efficiency than synchronous
alternatives, it is for the most part incompatible with standard timing-driven synthesis and
Static Timing Analysis (STA). In addition, its design style does not fit well within the existing
asynchronous design paradigms. This work lays the foundations for a more rigorous
definition of this rather unorthodox design style, using circuits and methods coming from the
asynchronous literature. The resulting KeyRing microarchitecture is developed in combination
with Electronic Design Automation (EDA) methods that alleviate incompatibility issues
related to ad hoc clocking, enabling timing-driven optimizations and verifications of KeyRing
circuits using industry-standard design flows. In addition to bridging the gap with standard
design practices, this work also proposes comprehensive experimental protocols that aims to
strengthen the causal relation between the reported asynchronous microarchitecture and a
reduced power consumption compared with synchronous alternatives.
The main achievement of this work is a framework that enables the architectural exploration
of circuits using the KeyRing microarchitecture
- âŠ