A Value Propagation Based Equivalence Checking

A Value Propagation Based Equivalence Checking Method for Verification of Code Motion Techniques Kunal Banerjee, Chandan Karfa*, Dipankar Sarkar, Chittaranjan Mandal

Department of Computer Sc & Engg, Indian Institute of Technology Kharagpur Synopsys (India) Pvt Ltd, Bangalore* ISED 2012 BESU, Kolkata, India Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

1 / 16

Outline 1

Motivation

2

Background

3

Code Motions Across Loops

4

The Method of Value Propagation

5

The Overall Verification Method

6

Experimental Results

7

Conclusion and Future Work

Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

2 / 16

Motivation

Motivation Motivation

Objective

A typical synthesis flow of complex systems like VLSI circuits or embedded systems comprises several phases. Each phase transforms/refines the input behavioural specification (of the systems to be designed) with a view to optimizing time and physical resources. Behavioural verification involves demonstrating the equivalence between the input behaviour and the final design which is the output of the last phase.

Validation of transformations of the input behaviours taking place at various phases of synthesis of embedded systems.

Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

3 / 16

Background

FSMD

Finite State Machines with Datapaths (FSMDs) FSMDs effectively capture both the control flow and the associated data processing of a behaviour The FSMD model is a seven tuple F = hQ, q0 , I , V , O, f , hi: Q: Finite set of control states q0 : Reset state, i.e. q0 ∈ Q I : Set of primary input signals V : Set of storage variables O: Set of primary output signals f : State transition function, i.e. Q × 2S → Q h: Update function of the output and the storage variables, i.e. Q × 2S → U U represents a set of storage or output assignments S is a set of arithmetic relations between arithmetic expressions Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

4 / 16

Background

Basic Methodology

Equivalence checking of FSMDs q0,0 −/a ⇐ b + c q0,1

q1,0

−/d ⇐ a − e

−/a ⇐ b + c

q0,2 x < y/ x ⇐x +y

q1,1 !x < y / x ⇐x −d

q0,3 −/t ⇐ x + f q0,4 −/−

−/m ⇐ t − d q0,5 −/h ⇐ r + m

!x < y /d ⇐ a − e

x < y/ x ⇐ x + y, d ⇐a−e

q1,2 −/x ⇐ x − d

q1,3 −/−

−/t ⇐ x + f , n ⇐r −d

q1,4

−/h ⇐ t + n

q0,6

q1,5

(a)M0

(b)M1

Kunal Banerjee (IIT Kharagpur)

ISED 2012

An FSMD M0 is said to be contained in another FSMD M1 , represented by M0 v M1 , if for every computation µ0 of M0 there is an equivalent computation µ1 of M0 Two FSMDs are equivalent, M0 ≡ M1 , if M0 v M1 and M1 v M0 Length and number of computations of an FSMD can both be infinite

Dec 21, 2012

5 / 16

Background

Basic Methodology

Equivalence checking of FSMDs q0,0 −/a ⇐ b + c q0,1

q1,0

−/d ⇐ a − e

−/a ⇐ b + c

q0,2 x < y/ x ⇐x +y

q1,1 !x < y / x ⇐x −d

q0,3 −/t ⇐ x + f q0,4 −/−

−/m ⇐ t − d q0,5 −/h ⇐ r + m

!x < y /d ⇐ a − e

x < y/ x ⇐ x + y, d ⇐a−e

q1,2 −/x ⇐ x − d

q1,3 −/−

−/t ⇐ x + f , n ⇐r −d

q1,4

−/h ⇐ t + n

q0,6

q1,5

(a)M0

(b)M1

Kunal Banerjee (IIT Kharagpur)

ISED 2012

Identification of suitable cutpoints leads to a finite path cover The reset state and all states with multiple incoming/outgoing transitions can be considered as the cutpoints Since any computation corresponds to a concatenation of paths, it is enough to establish path equivalences Code transformations can make this job difficult Dec 21, 2012

5 / 16

Background

Basic Methodology

Equivalence checking of FSMDs q0,0 −/a ⇐ b + c q0,1

q1,0

−/d ⇐ a − e

−/a ⇐ b + c

q0,2 x < y/ x ⇐x +y

q1,1 !x < y / x ⇐x −d

q0,3 −/t ⇐ x + f q0,4 −/−

−/m ⇐ t − d q0,5 −/h ⇐ r + m

!x < y /d ⇐ a − e

x < y/ x ⇐ x + y, d ⇐a−e

q1,2 −/x ⇐ x − d

q1,3 −/−

−/t ⇐ x + f , n ⇐r −d

q1,4

−/h ⇐ t + n

q0,6

q1,5

(a)M0

(b)M1

Kunal Banerjee (IIT Kharagpur)

ISED 2012

Identification of suitable cutpoints leads to a finite path cover The reset state and all states with multiple incoming/outgoing transitions can be considered as the cutpoints Since any computation corresponds to a concatenation of paths, it is enough to establish path equivalences Code transformations can make this job difficult Dec 21, 2012

5 / 16

Code Motions Across Loops

Code motions across loops −/t ⇐ a + b

−/t ⇐ a + b

−/t ⇐ a + b −/t ⇐ a + b

−/y ⇐ a + b Orig

−/y ⇐ t BCM

−/t ⇐ a + b

−/y ⇐ t LCM

−/y ⇐ t SCM

[Tristan et al, PLDI 2009] – assumes that there exists an injective function from the nodes of the original code to the nodes of the transformed code Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

6 / 16

Code Motions Across Loops

Code motions across loops −/t ⇐ a + b

−/t ⇐ a + b

−/t ⇐ a + b −/t ⇐ a + b

−/y ⇐ a + b Orig

−/y ⇐ t BCM

−/t ⇐ a + b

−/y ⇐ t LCM

−/y ⇐ t SCM

[Tristan et al, PLDI 2009] – assumes that there exists an injective function from the nodes of the original code to the nodes of the transformed code Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

6 / 16

The Method of Value Propagation

Example

The method of value propagation

h. . . , v , . . .i

q0,s

q1,s

−/v ⇐ f (x)

h. . . , f (x), . . .i

h. . . , v , . . .i

−/v ⇐ g (y )

q0,t

q1,t

(a)M0

(b)M1

h. . . , g (y ), . . .i

An example of value propagation Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

7 / 16

The Method of Value Propagation

Example: dependency

The method of value propagation q0,a

q1,a

h. . . , vi , . . . , vj , . . .i

−/vi ⇐ f (vn , vj )

β

−/vi ⇐ g (vm )

α q1,b

q0,b

−/vj ⇐ h(vk , vl ) q0,c

h. . . , vi , . . . , vj , . . .i

−/vj ⇐ h(vk , vl )

h. . . , f (vn , vj ), . . . , vj , . . .i

(a)M0

q1,c

h. . . , g (vm ), . . . , vj , . . .i

(b)M1

An example of value propagation with dependency between propagated values

Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

8 / 16

The Method of Value Propagation

Example: dependency

The method of value propagation q0,a

q1,a

h. . . , vi , . . . , vj , . . .i

−/vi ⇐ f (vn , vj )

β

−/vi ⇐ g (vm )

α q1,b

q0,b

−/vj ⇐ h(vk , vl ) q0,c

β0

−/vj ⇐ h(vk , vl ) q1,c

h. . . , f (vn , vj ), . . . , vj , . . .i

α0

c1 /vi ⇐ vi + g (vm ) q0,z

h. . . , vi , . . . , vj , . . .i

h. . . , g (vm ) + f (vn , vj ), . . . , vj , . . .i

(a)M0

h. . . , g (vm ), . . . , vj , . . .i

c1 /vi ⇐ vi + f (vn , vj ) q1,z

h. . . , g (vm ) + f (vn , vj ), . . . , vj , . . .i

(b)M1

An erroneous decision taken Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

8 / 16

The Method of Value Propagation

Example: dependency

The method of value propagation q0,a

q1,a

h. . . , vi , . . . , vj , . . .i

−/vi ⇐ f (vn , vj )

β

−/vi ⇐ g (vm )

α q1,b

q0,b

−/vj ⇐ h(vk , vl ) q0,c

β0

−/vj ⇐ h(vk , vl )

h. . . , f (vn , vj ), . . . , h(vk , vl ), ..i q1,c h. . . , g (vm ), . . . , h(vk , vl ), . . .i

α0

c1 /vi ⇐ vi + g (vm ) q0,z

h. . . , vi , . . . , vj , . . .i

h. . . , g (vm ) + f (vn , vj ), . . . , h(vk , vl ), . . .i

(a)M0

c1 /vi ⇐ vi + f (vn , vj ) q1,z

h. . . , g (vm ) + f (vn , h(vk , vl )), . . . , h(vk , vl ), . . .i

(b)M1

Correct decision taken Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

8 / 16

The Method of Value Propagation

Value Propagation: Algorithm

Value propagation: Algorithm Algorithm: valuePropagation (β, hCβi , v¯βi i, α, hCαi , v¯αi i) 1

f i i Cβ ← Cβ ∧ Rβ (¯ v ){¯ vβ /¯ v };

2

∀ variable vj ∈ |V0 ∪ V1 |

f

Πj (¯ vβ ) ←

f i i Cα ← Cα ∧ Rα (¯ v ){¯ vα /¯ v };

 i  sβ (¯ v ){¯ vβ /¯ v } ,   vj               

3

i 6= sα (¯ v ){¯ vα /¯ v } or vj i i ∃vk , sβ (¯ v ){¯ vβ /¯ v ){¯ vα /¯ v } 6= sα (¯ v } ∧ vk vk _ i vj occurs in sγ (¯ v ){¯ vγ /¯ v } vj

vk

γ∈{β,α}

vj ,

otherwise

∀ variable vj ∈ |V0 ∪ V1 |

f

Πj (¯ vα ) ←

 i  sα (¯ v ){¯ vα /¯ v } ,   vj                vj ,

4

i if sβ (¯ v ){¯ vβ /¯ v }

i if sα (¯ v ){¯ vα /¯ v }

i 6= sβ (¯ v ){¯ vβ /¯ v } or vj i i ∃vk , sα (¯ v ){¯ vα /¯ v } 6= sβ (¯ v ){¯ vβ /¯ v } ∧ vk vk _ i vj occurs in sγ (¯ v ){¯ vγ /¯ v }

γ∈{β,α}

vj

vk

otherwise

f f f f return hhCβ , v¯β i, hCα , v¯α ii;

Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

9 / 16

The Overall Verification Method

Equivalence Checking of FSMDs

Equivalence checking of FSMDs using value propagation q0,a

hT , hx, y , i, N, t1 , t2 , hii

q1,a

−/i ⇐ 1

hT , hx, y , i, N, t1 , t2 , hii

−/i ⇐ 1, h ⇐ t1 + t2 , y ⇐ t1 − t2

q0,b

q1,b

i < N/ ¬i < N/ x ⇐ t1 + t2 + x ∗ i, y ⇐ t1 − t2 i ⇐i +1

i < N/ ¬i < N/− x ⇐ h + x ∗ i, i ⇐i +1

q0,c

q1,c

(a)M0

(b)M1

At the reset states Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

10 / 16

The Overall Verification Method

Equivalence Checking of FSMDs

Equivalence checking of FSMDs using value propagation q0,a

q1,a

−/i ⇐ 1

−/i ⇐ 1, h ⇐ t1 + t2 , y ⇐ t1 − t2

q0,b hT , hx, y , i, N, t1 , t2 , hii

i < N/ ¬i < N/ x ⇐ t1 + t2 + x ∗ i, y ⇐ t1 − t2 i ⇐i +1

q1,b hT , hx, t1 − t2 , i, N, t1 , t2 ,

t1 + t2 ii

i < N/ ¬i < N/− x ⇐ h + x ∗ i, i ⇐i +1

q0,c

q1,c

(a)M0

(b)M1

At the beginning of the loops Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

10 / 16

The Overall Verification Method

Equivalence Checking of FSMDs

Equivalence checking of FSMDs using value propagation q0,a

q1,a

−/i ⇐ 1

−/i ⇐ 1, h ⇐ t1 + t2 , y ⇐ t1 − t2

q0,b hT , hx, y , i, N, t1 , t2 , hii

i < N/ ¬i < N/ x ⇐ t1 + t2 + x ∗ i, y ⇐ t1 − t2 i ⇐i +1

q1,b hT , hx, t1 − t2 , i, N, t1 , t2 ,

t1 + t2 ii

i < N/ ¬i < N/− x ⇐ h + x ∗ i, i ⇐i +1

q0,c

q1,c

(a)M0

(b)M1

At the end of the loops Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

10 / 16

The Overall Verification Method

Equivalence Checking of FSMDs

Equivalence checking of FSMDs using value propagation q0,a

q1,a

−/i ⇐ 1

−/i ⇐ 1, h ⇐ t1 + t2 , y ⇐ t1 − t2

q0,b

q1,b

i < N/ ¬i < N/ x ⇐ t1 + t2 + x ∗ i, y ⇐ t1 − t2 i ⇐i +1 q0,c

i < N/ ¬i < N/− x ⇐ h + x ∗ i, i ⇐i +1

hT , hx, y , i, N, t1 , t2 , hii

(a)M0

q1,c (b)M1

hT , hx, y , i, N, t1 , t2 , t1 + t2 ii

At the end states Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

10 / 16

The Overall Verification Method

Verification Algorithm

Verification algorithm Algorithm: equivalenceChecker (FSMD M0 , FSMD M1 ) 1

Introduce cutpoints in the FSMDs M0 and M1 , and compute the path covers;

2

Let ζ, the set of corresponding state pairs, be hq0,0 , q1,0 i;

3

for (each hq0,i , q1,j i ∈ ζ) { for (each path β : (q0,i =⇒ q0,m ) ∈ P0 originating from q0,i ) {

4

6

if (path α : (q1,j =⇒ q1,n ) ∈ P1 can be found such that β ' α) S ζ ← ζ {hq0,m , q1,n i};

7

elsif (path α : (q1,j =⇒ q1,n ) ∈ P1 can be found such that β 'c α)

5

8

employ value propagation until β ' α can be established without violating loop invariance; else

9

print “failure”;

10 11

}}

12

print “success”;

Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

11 / 16

Experimental Results

Experimental Results Benchmarks BARCODE DCT DIFFEQ EWF GCD IEEE754 LRU MODN PERFECT QRS TLC

Original FSMD Transformed FSMD #Variables #across Maximum Time (ms) #states #paths #states #paths com uncom loops mismatch PE VP 33 54 25 56 17 0 0 3 20.1 16.2 16 1 8 1 41 6 0 6 6.3 6.2 15 3 9 3 19 3 0 4 5.0 2.4 34 1 26 1 40 1 0 1 4.2 3.1 8 11 4 8 7 2 1 4 – 3.2 55 59 44 50 32 3 4 3 – 18.8 33 39 32 38 19 0 2 2 – 3.8 8 9 8 9 10 2 0 3 5.6 2.4 6 7 4 6 8 2 2 2 – 2.1 53 35 24 35 25 15 3 19 – 14.8 13 20 7 16 8 1 0 2 9.1 4.0

R. Camposano. “Path-based Scheduling for Synthesis”, TCAD (1991) S. Gupta, N. Dutt, R. Gupta, and A. Nicolau. “SPARK: A High-Level Synthesis Framework for Applying Parallelizing Compiler Transformations”, VLSI Design (2003) Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

12 / 16

Conclusion and Future Work

Conclusion

Value propagation based equivalence checking transcends path based technique by being able to verify code motions across loops Unlike [Tristan et al, PLDI 2009], the presented method does not require additional inputs Experimentation involving 2-step translation process exhibits effectiveness of the method

Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

13 / 16

Conclusion and Future Work

Future Work

Complexity analysis Formal proof of correctness Handle transformations that change the control flow graph of a program Combine this technique with the existing framework that handles non-uniform code motion techniques [Karfa et al, TODAES 2012] Incorporate array variables, and subsequently address loop transformations

Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

14 / 16

References

Selected References J Knoop, O Ruthing, B Steffen. “Lazy Code Motion”, PLDI (1992) O Ruthing, J Knoop, B Steffen. “Sparse Code Motion”, POPL (2000) S Gupta, N Dutt, R Gupta, A Nicolau. “Using global code motions to improve the quality of results for high-level synthesis”, TCAD (2004) J-B Tristan, X Leroy. “Verified validation of lazy code motion”, PLDI (2009) C Karfa, D Sarkar, C Mandal, P Kumar. “An Equivalence-Checking Method for Scheduling Verification in High-Level Synthesis”, TCAD (2008) C Karfa, C Mandal, D Sarkar. “Formal Verification of Code Motion Techniques using Data-flow Driven Equivalence Checking”, TODAES (2012)

Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

15 / 16

Thank You !!! [email protected]

Kunal Banerjee (IIT Kharagpur)

ISED 2012

Dec 21, 2012

16 / 16