# A Review of the Self-Timed Circuit Verification Framework #### **Cuong Chau** ckcuong@cs.utexas.edu Department of Computer Science The University of Texas at Austin ACL2 Seminar Talk November 30, 2018 - Verification Flow - 2 Self-Timed Circuits with Deterministic Outputs - Self-Timed Circuits with Non-Deterministic Outputs - 4 Conclusion - Verification Flow - 2 Self-Timed Circuits with Deterministic Outputs - Self-Timed Circuits with Non-Deterministic Outputs - 4 Conclusion #### Verification Flow #### Value and State Lemmas ``` Value lemma: characterize the module's outputs se(module-name, inputs, st, netlist) = outputs(inputs, st) ``` **State lemma:** characterize the module's next state de(module-name, inputs, st, netlist) = step(inputs, st) Functions *outputs* and *step* are **hierarchically** defined as **symbolic**, **four-valued expressions** that specify the module's outputs and next state, respectively. ## Multi-Step State Lemma ``` Characterize the module's final state after an n-step execution. de-n(module-name, inputs-seq, st, netlist, n) = run(inputs-seq, st, n) ``` ## Multi-Step State Lemma ``` Characterize the module's final state after an n-step execution. de-n(module-name, inputs-seq, st, netlist, n) = run(inputs-seq, st, n) run(inputs-seq, st, n) := if (n \le 0) st else run(rest(inputs-seq), st), step(first(inputs-seq), st), n-1) ``` ## Single-Step-Update Property Specify the input-output relationship after **one execution step**. Introduce an extraction function for each self-timed module, extract(st), that returns a sequence of values computed from **valid data residing in state** st. Applying *extract* to *step* will compute the **one-step update** on the output sequence given the current inputs and current state. Note that *extract* and *step* are defined **hierarchically**. ## Single-Step-Update Property Specify the input-output relationship after **one execution step**. Introduce an extraction function for each self-timed module, extract(st), that returns a sequence of values computed from **valid data residing in state** st. Applying *extract* to *step* will compute the **one-step update** on the output sequence given the current inputs and current state. Note that *extract* and *step* are defined **hierarchically**. #### Single-step-update property: ``` extract(step(inputs, st)) = extracted-step(inputs, st) ``` where *extracted-step* is the specification for the one-step update on the output sequence. ## Single-Step-Update Property **Example:** Let *in-act* and *out-act* denote the **communication signals** at the input and output ports respectively (Assume that the corresponding module has one input and one output ports). ``` \begin{array}{l} \textit{extracted-step}(\textit{inputs}, \textit{st}) := \\ \begin{cases} \textit{extract}(\textit{st}), & \textit{if in-act} = \textit{nil} \land \textit{out-act} = \textit{nil} \\ [\textit{op}(\textit{inputs.data})] ++ & \textit{extract}(\textit{st}), & \textit{if in-act} = \textit{t} \land \textit{out-act} = \textit{nil} \\ \textit{remove-last}(\textit{extract}(\textit{st})), & \textit{if in-act} = \textit{nil} \land \textit{out-act} = \textit{t} \\ [\textit{op}(\textit{inputs.data})] ++ & \textit{remove-last}(\textit{extract}(\textit{st})), & \textit{otherwise} \end{cases} \end{array} ``` #### where - ++ is the concatenation operator; - remove-last(I) returns list I except for its last element; and - op is the **functional specification** for the module. ## Multi-Step Input-Output Relationship We verify the functional correctness of self-timed circuits in terms of the relationship between their input and output sequences. Our formalization considers a general case where: - the initial state may contain some valid data; and - there can be some valid data remaining in the final state. #### Example: $$extract(run(inputs-seq, st, n)) ++ out-seq = op-map(in-seq) ++ extract(st)$$ ## Multi-Step Input-Output Relationship We verify the functional correctness of self-timed circuits in terms of the relationship between their input and output sequences. Our formalization considers a general case where: - the initial state may contain some valid data; and - there can be some valid data remaining in the final state. #### Example: $$extract(run(inputs-seq, st, n)) ++ out-seq = op-map(in-seq) ++ extract(st)$$ The functional correctness theorem is a direct corollary of the multi-step input-output relationship that is stated in terms of the *de-n* function, while that relationship is formalized in terms of the *run* function. - 1 Verification Flow - Self-Timed Circuits with Deterministic Outputs - Self-Timed Circuits with Non-Deterministic Outputs - 4 Conclusion ## A FIFO Queue of Two Links - Verification Flow - 2 Self-Timed Circuits with Deterministic Outputs - 3 Self-Timed Circuits with Non-Deterministic Outputs - 4 Conclusion ## Arbitrated Merge Arbitrated merge is a well-known self-timed circuit model that provides **mutually exclusive access** to a shared resource. Produce non-deterministic output sequences due to arbitrary arrival times of requests. We formalize an arbitrated merge joint that provides mutually exclusive access to its output link from its two input links on a **first-come-first-served** basis<sup>1</sup>. <sup>&</sup>lt;sup>1</sup>M. Roncken et al. "How to Think about Self-Timed Systems". In: *Proc of the Fifty First IEEE Asilomar Conference on Signals, Systems, and Computers* (Asilomar-2017). 2017, pp. 1597–1604. ## Circuits Performing Arbitrated Merges #### Verification Flow #### Verification Flow ## Arbitrated Merge Verification Define **two extraction functions** for each arbitrated merge, one for each input stream. #### Single-step-update properties: ``` extract_0(step(inputs, st)) = extracted_0-step(inputs, st) extract_1(step(inputs, st)) = extracted_1-step(inputs, st) ``` ## Arbitrated Merge Verification The multi-step input-output relationship is established using the **membership relation** ( $\in$ ) and the **interleaving operation** ( $\otimes$ ). $interl\$extract_0$ and $interl\$extract_1$ extract valid data from two complex links $Q'_{20a}$ and $Q'_{20b}$ , respectively. let $$st_f := interl\$run(inputs-seq, st, n),$$ $\forall x \in (interl\$extract_0(st_f) \otimes interl\$extract_1(st_f)).$ $(x ++ out-seq) \in ((in_0-seq ++ interl\$extract_0(st)) \otimes (in_1-seq ++ interl\$extract_1(st)))$ - Verification Flow - 2 Self-Timed Circuits with Deterministic Outputs - Self-Timed Circuits with Non-Deterministic Outputs - 4 Conclusion #### Conclusion Reviewed our ACL2 verification framework for self-timed circuit designs. Illustrated the framework through two examples. - a self-timed circuit with deterministic outputs: a FIFO queue of two links; and - a self-timed circuit with non-deterministic outputs: a circuit performing arbitrated merges. ## Questions?