Formal verification of high-level synthesis

High-level synthesis (HLS), which refers to the automatic compilation of software into hardware, is rapidly gaining popularity. In a world increasingly reliant on application-specific hardware accelerators, HLS promises hardware designs of comparable performance and energy efficiency to those coded by hand in a hardware description language such as Verilog, while maintaining the convenience and the rich ecosystem of software development. However, current HLS tools cannot always guarantee that the hardware designs they produce are equivalent to the software they were given, thus undermining any reasoning conducted at the software level. Furthermore, there is mounting evidence that existing HLS tools are quite unreliable, sometimes generating wrong hardware or crashing when given valid inputs. To address this problem, we present the first HLS tool that is mechanically verified to preserve the behaviour of its input software. Our tool, called Vericert, extends the CompCert verified C compiler with a new hardware-oriented intermediate language and a Verilog back end, and has been proven correct in Coq. Vericert supports most C constructs, including all integer operations, function calls, local arrays, structs, unions, and general control-flow statements. An evaluation on the PolyBench/C benchmark suite indicates that Vericert generates hardware that is around an order of magnitude slower (only around 2× slower in the absence of division) and about the same size as hardware generated by an existing, optimising (but unverified) HLS tool.

[1]  Xavier Leroy,et al.  Formal Verification of a Memory Model for C-Like Imperative Languages , 2005, ICFEM.

[2]  David Monniaux,et al.  Certified and efficient instruction scheduling: application to interlocked VLIW processors , 2020, Proc. ACM Program. Lang..

[3]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[4]  Yun Liang,et al.  COMBA: A comprehensive model-based analysis framework for high level synthesis of real applications , 2017, 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[5]  John Wickerson,et al.  An Empirical Study of the Reliability of High-Level Synthesis Tools , 2021, 2021 IEEE 29th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM).

[6]  Nazanin Mansouri,et al.  Automated formal verification of scheduling process using finite state machines with datapath (FSMD) , 2004, International Symposium on Signals, Circuits and Systems. Proceedings, SCS 2003. (Cat. No.03EX720).

[7]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[8]  Zhiru Zhang,et al.  Replication Package for Article: Predictable Accelerator Design with Time-Sensitive Affine types , 2020, Artifact Digital Object Group.

[9]  Jason Cong,et al.  Improving polyhedral code generation for high-level synthesis , 2013, 2013 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[10]  Jason Cong,et al.  Polyhedral-based data reuse optimization for configurable computing , 2013, FPGA '13.

[11]  Frank Vahid,et al.  FSMD functional partitioning for low power , 1999, Design, Automation and Test in Europe Conference and Exhibition, 1999. Proceedings (Cat. No. PR00078).

[12]  Daniel Kroening,et al.  Behavioral consistency of C and Verilog programs using bounded model checking , 2003, Proceedings 2003. Design Automation Conference (IEEE Cat. No.03CH37451).

[13]  John Wawrzynek,et al.  Chisel: Constructing hardware in a Scala embedded language , 2012, DAC Design Automation Conference 2012.

[14]  Magnus O. Myreen,et al.  A Proof-Producing Translator for Verilog Development in HOL , 2019, 2019 IEEE/ACM 7th International Conference on Formal Methods in Software Engineering (FormaliSE).

[15]  Luca Benini,et al.  LLHD: a multi-level intermediate representation for hardware description languages , 2020, PLDI.

[16]  José Meseguer,et al.  A formal executable semantics of Verilog , 2010, Eighth ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE 2010).

[17]  Milo M. K. Martin,et al.  Formalizing the LLVM intermediate representation for verified program transformations , 2012, POPL '12.

[18]  Alastair F. Donaldson,et al.  Many-core compiler fuzzing , 2015, PLDI.

[19]  Yuting Wang,et al.  CompCertELF: verified separate compilation of C programs into ELF object files , 2020, Proc. ACM Program. Lang..

[20]  Purandar Bhaduri,et al.  Translation Validation of Code Motion Transformations Involving Loops , 2019, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[21]  Satnam Singh,et al.  Kiwi: Synthesis of FPGA Circuits from Parallel Programs , 2008, 2008 16th International Symposium on Field-Programmable Custom Computing Machines.

[22]  Adam Chlipala,et al.  The essence of Bluespec: a core language for rule-based hardware design , 2020, PLDI.

[23]  Martin Andrew Ellis,et al.  Correct synthesis and integration of compiler-generated function units , 2008 .

[24]  Rishiyur S. Nikhil,et al.  Bluespec System Verilog: efficient, correct RTL from high level specifications , 2004, Proceedings. Second ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2004. MEMOCODE '04..

[25]  Geoffrey Brown,et al.  Verified high-level synthesis in BEDROC , 1992, [1992] Proceedings The European Conference on Design Automation.

[26]  Steven J. E. Wilton,et al.  Rapid circuit-specific inlining tuning for FPGA high-level synthesis , 2017, 2017 International Conference on ReConFigurable Computing and FPGAs (ReConFig).

[27]  Maxime Pelcat,et al.  Design productivity of a high level synthesis compiler versus HDL , 2016, 2016 International Conference on Embedded Computer Systems: Architectures, Modeling and Simulation (SAMOS).

[28]  Jason Cong,et al.  High-Level Synthesis for FPGAs: From Prototyping to Deployment , 2011, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[29]  Andreas Lööw,et al.  Lutsig: a verified Verilog compiler for verified circuit development , 2021, CPP.

[30]  David B. Thomas Synthesisable recursion for C++ HLS tools , 2016, 2016 IEEE 27th International Conference on Application-specific Systems, Architectures and Processors (ASAP).

[31]  Jason Helge Anderson,et al.  LegUp: high-level synthesis for FPGA-based processor/accelerator systems , 2011, FPGA '11.

[32]  David J. Greaves Research Note: An Open Source Bluespec Compiler , 2019, ArXiv.

[33]  Pierre G. Paulin,et al.  Scheduling and Binding Algorithms for High-Level Synthesis , 1989, 26th ACM/IEEE Design Automation Conference.

[34]  Kris Gaj,et al.  Can high-level synthesis compete against a hand-written code in the cryptographic domain? A case study , 2014, 2014 International Conference on ReConFigurable Computing and FPGAs (ReConFig14).

[35]  Todd M. Austin,et al.  What input-language is the best choice for high level synthesis (HLS)? , 2010, Design Automation Conference.

[36]  Chittaranjan A. Mandal,et al.  Verification of Code Motion Techniques Using Value Propagation , 2014, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[37]  Jason Cong,et al.  HLS-Based Optimization and Design Space Exploration for Applications with Variable Loop Bounds , 2018, 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[38]  Ian Page,et al.  Compiling occam into Field-Programmable Gate Arrays , 2001 .

[39]  Ramana Kumar,et al.  Verified compilation on a verified processor , 2019, PLDI.

[40]  Xavier Leroy,et al.  Validating LR(1) Parsers , 2012, ESOP.

[41]  Sorin Lerner,et al.  Validating High-Level Synthesis , 2008, CAV.

[42]  Xavier Leroy,et al.  Formal verification of translation validators: a case study on instruction scheduling optimizations , 2008, POPL '08.

[43]  Augusto Sampaio,et al.  Correct hardware synthesis , 2011, Acta Informatica.

[44]  Xuejun Yang,et al.  Finding and understanding bugs in C compilers , 2011, PLDI '11.

[45]  Jim Woodcock,et al.  Mechanised wire-wise verification of Handel-C synthesis , 2009, Sci. Comput. Program..

[46]  Fabrizio Ferrandi,et al.  Bambu: A modular framework for the high level synthesis of memory-intensive applications , 2013, 2013 23rd International Conference on Field programmable Logic and Applications.

[47]  Operation chaining asynchronous pipelined circuits , 2007, 2007 IEEE/ACM International Conference on Computer-Aided Design.

[48]  Sandrine Blazy,et al.  CompCertS: A Memory-Aware Verified C Compiler Using a Pointer as Integer Semantics , 2018, Journal of Automated Reasoning.

[49]  Chandan Karfa,et al.  Verification of Scheduling of Conditional Behaviors in High-Level Synthesis , 2020, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[50]  Kunle Olukotun,et al.  Spatial: a language and compiler for application accelerators , 2018, PLDI.

[51]  Tom Feist,et al.  Vivado Design Suite , 2012 .

[52]  Chittaranjan A. Mandal,et al.  A formal verification method of scheduling in high-level synthesis , 2006, 7th International Symposium on Quality Electronic Design (ISQED'06).

[53]  Suresh Jagannathan,et al.  CompCertTSO: A Verified Compiler for Relaxed-Memory Concurrency , 2013, JACM.