

# CLARK BARRETT

## **STANFORD UNIVERSITY**

# **UPSCALE: SCALING UP** VERIFICATION FOR OPEN SOURCE HARDWARE

TRACT

## TEAM







CS Department, Stanford University

Expertise in constraint solving and formal verification

Co-founder of Satisfiability Modulo Theories (SMT) research area

ACM distinguished scientist; Haifa Verification Conference Award; IBM Software Innovation award



### Aarti Gupta

CS Department, Princeton University

Expertise in formal verification, program analysis, decision procedures

Led industry research dept for 10 years (NEC Labs)

Fellow of ACM; three NEC technology commercialization awards





CS/EE Departments Stanford University

Expertise in analog and digital design

High-speed I/O in industry (founder of Rambus Inc)

Fellow of IEEE and ACM; Natl Academy of Engineering; American Academy of Arts and Science; Don Pederson IEEE Technical Field Award





### **Sharad Malik**

EE Department Princeton University

Expertise in digital design, propositional satisfiability (SAT)

Award-winning SAT solver (Chaff) widely used in research and industry

Fellow of IEEE and ACM; DAC most-cited paper; CAV award; ACM/IEEE Technical Impact Award in EDA





### **Subhasish Mitra**

CS/EE Departments Stanford University

Expertise in robust computing, design, validation, and test

X-Compact test compression widely used in industry

Fellow of IEEE and ACM; SRC Technical Excellence Award; Intel Achievement Award; ACM/IEEE Technical Impact Award in EDA



# **RESEARCH PROGRAM**



# **SOC VERIFICATION**





# SYMBOLIC QUICK ERROR DETECTION

# SOC VERIFICATION: SYMBOLIC QED



# **SYMBOLIC QED**



# SYMBOLIC QED: DRASTIC BENEFITS

## **INFINEON** case study: 16 automotive IP versions verified over 5 years



# **SYMBOLIC QED**



https://github.com/upscale-project/generic-sqed-der

DEMO



# **INSTRUCTION-LEVEL ABSTRACTION**

## SOC VERIFICATION: INSTRUCTION LEVEL ABSTRACTION





# **Open Source Hardware: Need for Formal Specification**

### AES Specification Document from OpenCores.org



Figure 2: Architecture of AES-256 core

AES-128, AES-192, AES-256 cores have the similar architecture. Each of them consists of two pipelines. The first pipeline transforms the 16 bytes state. The second one computes the 16 bytes key used in each round.

#### State transformation pipeline

The first pipeline uses two clock cycle for each round of transformation.

In the first clock cycle, the pipeline does three steps, including *sub\_bytes* – a substitution step where each byte is replaced with another according to a lookup table. https://opencores.org/projects/tiny\_aes

- Informal, ambiguous, possibly incomplete
- Limits implementation verification, limits adoptability
- Instruction-Set Architecture (ISA) works for processors – beyond processors?
- Instruction-Level Abstraction (ILA)
  - Generalizing ISAs to beyond processors

### Distribution: Fundamental Research



# **Open Source Tool Flow**



**Distribution: Fundamental Research** 



# **MIXED SIGNAL MODELS**

# SOC VERIFICATION: MIXED SIGNAL MODELS









?

**MSDSL** 



https://github.com/sgherbst/anasymod

## ANASYMOD





https://github.com/sgherbst/hslink-emu

# ERI ELECTRONICS RESURGENCE INITIATIVE SUMMIT

2019 | Detroit, MI | July 15 - 17

