Smriti Gupta smritigece'cmu'edu - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

Smriti Gupta smritigece'cmu'edu

Description:

Research supported by the Semiconductor Research Corporation. 2 ... From: Walter Hartong, Lars Hedrich, and Erich Barke, 'Model Checking Algorithms ... – PowerPoint PPT presentation

Number of Views:53
Avg rating:3.0/5.0
Slides: 31
Provided by: ece196
Category:
Tags: cmu | edu | gupta | lars | smriti | smritigece

less

Transcript and Presenter's Notes

Title: Smriti Gupta smritigece'cmu'edu


1
Towards Formal Verification of Analog Designs
Smriti Gupta smritig_at_ece.cmu.edu Bruce
Krogh krogh_at_ece.cmu.edu Rob A. Rutenbar
rutenbar_at_ece.cmu.edu Carnegie Mellon
University Pittsburgh, PA
  • Research supported by the Semiconductor Research
    Corporation

2
Big Question Can We Formally Verify Analog?
DIGITAL
  • Digital Methodology
  • Simulation
  • Abstraction
  • Formal verification

ANALOG
  • Analog Methodology
  • Simulation
  • Abstraction
  • Formal verification

3
Outline
  • Background
  • Where does verification fit into analog design
    flow?
  • Hybrid System Verification
  • What is it? Why useful for analog?
  • Our hybrid checker CheckMate
  • A small analog circuit example to illustrate
    ideas
  • A real circuit verification task Delta Sigma
    Modulator
  • Overview of the delta sigma modulator
  • Bad behavior explained
  • Formal verification and analysis

4
Verification in the Analog Design Flow
  • Initial verification problem
  • Can we check early if there are problems with the
    spec or with the idealized initial design?
  • System integration verif. problem
  • Can we check late for problems caused when ideal
    blocks become real circuits with unwanted but
    unavoidable behaviors?

5
Verifying Analog Designs as Hybrid Systems
  • Hybrid systems Interacting discrete-continuous
    dynamics
  • Model checking for hybrid systems
  • construct a finite-state abstraction of the
    continuous dynamics
  • verify the abstraction reachability or ACTL
    specifications
  • if the verification is inconclusive, refine the
    abstraction
  • Application to Analog Circuits
  • continuous dynamics differential or difference
    equations
  • discrete dynamics
  • different operating modes
  • specification thresholds (e.g., voltage limits)

6
CheckMate Hybrid System Verification Tool
MATLAB/Simulink model
1. Constructs finite-state abstraction with
transition relation based on polyhedral
representations of continuous flows
3. Refines abstraction if necessary.
Polyhedral sets of initial continuous states
parameters
  • Specifications over discrete states
  • Reachability
  • ACTL

2. Applies model checking to resulting transition
system.
www.ece.cmu.edu/webk/checkmate/
7
Computing Flowpipes for Continuous Dynamics
  • Given a set of initial states, the procedure is
    to generate a sequence of polyhedra that contains
    all state trajectories (flows) from that set.
  • Features of the approach
  • each polyhedra contains flows for ?tk tk1 ? tk
  • applies to nonlinear dynamics
  • includes piecewise constant inputs
  • approximation error can be made arbitrarily small
  • error does not grow with time

E.g.
Xo set of initial states
8
Illustration Circuit Tunnel Diode Oscillator
Verification question For specified device
parameters and ranges of initial states, will the
circuit oscillate correctly?
From Walter Hartong, Lars Hedrich, and Erich
Barke, Model Checking Algorithms for Analog
Verification. Design Automation Conference,
2002, pp. 542-547.
9
Specification as a Finite-State Machine
I
I
I
L
L
L
Threshold 2
Threshold 2
Threshold 2
Threshold 1
Threshold 1
Threshold 1
V
V
V
C
C
C
I
I
I
I
I
I
L
L
L
L
L
L
Threshold 2
Threshold 2
Threshold 2
Threshold 2
Threshold 2
Threshold 2
Threshold 1
Threshold 1
Threshold 1
Threshold 1
Threshold 1
Threshold 1
V
V
V
V
V
V
C
C
C
C
C
C
I
I
I
L
L
L
Threshold 2
Threshold 2
Threshold 2
Threshold 1
Threshold 1
Threshold 1
Start
Start
Start
V
V
V
I
I
I
C
L
C
C
L
L
Threshold 2
Threshold 2
Threshold 2
Threshold 1
Threshold 1
Threshold 1
V
V
V
C
C
C
10
CheckMate Model
circuitdynamics
thresholds
Checkmate Model
Finite State Machine
11
Flowpipes and Finite-State Abstractions
Non Oscillating Case
Oscillating Case
10-4
12
Flowpipe Detail
Oscillating Case
  • Important points
  • CheckMate computes flowpipe approximations
    dynamically
  • Flowpipes are conservative, ie,guaranteed to
    bound real dynamics

10-4
13
A Real Circuit Delta Sigma A/D Converter
Digital Encoding
fs
  • Delta Sigma Modulator
  • Samples input signal at a rate much higher than
    the Nyquist rate, and converts it into a
    high-rate, low-resolution digital signal.
  • Shapes the noise introduced by the quantizer such
    that the noise is attenuated in the signal band
    and amplified outside the signal band (at high
    frequencies).
  • Decimator
  • Low pass filter removes the noise from the high
    frequencies.
  • Decimator reduces the sampling rate, thus
    generating a high-resolution digital signal.

One-Bit Quantizer
Noise-Shaping Filter
Digital Encoding
Sampled Signal
H(z)
D/A
Digital to Analog Converter
14
DS-Modulation Closer Look
Quantizer
1-bit quantizer compares analogsignal to a 0V
ref,outputs 1 or -1
Integrator
Error (en)
Z-1
D/A
This is a chain of amplifiers amplifiers
order of system
15
Analysis of Quantization Noise is Shaped
noise
INPUT Input signal spectrum
OUTPUT Input signal and noise spectrum
16
DS-Modulator Undesired Behavior Means What?
  • Instability
  • Quantizer overload can cause the discrete-time
    integrators to hit saturation (max voltage
    limits).
  • Quantizer Overload
  • If signal at the quantizer exceeds a specific
    maximum levelcircuit no longer exhibits linear
    behavior

Quantizer
Integrator
Error (en)
Z-1
D/A
17
Real Example 3rd-Order DS Modulator
Integrator
Quantizer
  • Essential problem
  • A higher-order DS uses more amplifiers to better
    suppress noise
  • But it also more unstable, more prone to overload
    problems

18
How Do We Test For Undesired Behavior?
3rd order DS Modulator
  • Criterion 1 Monitor the noise level
  • Low noise level in the signal band
  • Criterion 2 Monitor the quantizer input
  • No overload quantizer input should be between
    /-2V

19
Criterion 1 Noise in Signal Band (LPF output)
input
Third-Order Delta Sigma Modulator
-
LPF
Input Signal

noise
DC Input
Desired Low SNR
Noise Signal
Undesired High SNR
Time Samples
20
Criterion 2 Quantizer Overload
Undesired Behavior
Quantizer Input
Desired Behavior
Time Samples
21
To Verify the DS Modulator
  • Select a reasonable set of initial (continuous)
    states
  • Remember this isnt a digital circuit!
  • Need to start verification from some sensible
    known region of state space
  • Build a complete CheckMate model
  • Switched continuous dynamics for continuous
    circuits
  • FSM abstraction of high level behavior
  • Run CheckMate model
  • Check if undesired behaviors manifest as bad
    parts of state space reached

22
DS Modulator Selecting the Range of Initial
States
Random Input
selected set of initial states for verification
Reached states (no overload)
state bounds
23
DS Modulator Building CheckMate Model
Noise-Shaping LPF Filters
Quantizer FSM
Hyperplanes defining various regions for the
quantizer input zero_threshold x gt
0 overload -2 lt x lt 2
Hyperplane defining the desired region of the
LPF LPF_okay -0.1 lt x lt 0.1
Low Pass Filter FSM
24
DS Modulator Modeling Quantizer as FSM
Hyperplane defining the desired region of the
LPF LPF_okay -0.1 lt x lt 0.1
25
DS Modulator Modeling Quantizer as FSM
Quantizer states current previous quantizer
output(inputs to noise-shaping low-pass
filters)
Hyperplane defining the desired region of the
LPF LPF_okay -0.1 lt x lt 0.1
26
DS Modulator Modeling Quantizer as FSM
"Avoid" state defines quantizer
overload (reachability specification)
Hyperplane defining the desired region of the
LPF LPF_okay -0.1 lt x lt 0.1
27
Result CheckMate Reachability Computations
Quantizer overload (first violations)
(two views)
quantizer threshold
  • Breadth-first reachability (wrt discrete
    transitions)
  • 3 minutes to find first violation at depth 5 on
    1GHz PC

28
Results Effect of Quantizer Switching
projection onto X1-X3 plane
  • Reachable sets "split" when crossing quantizer
    threshold
  • Leads to multiple branches in (brute-force)
    depth-first reachability

29
Summary
  • Can we formulate a useful analog verification
    taskas a hybrid systems model checking problem?
  • Yes
  • DS Modulator is, to best of our knowledge,
    largest nontrivial circuit to have any useful
    continuous property checked formally
  • but still many practical limitations
  • We check at idealized block level, ie,
    system-level analog, not transistors
  • Model setup is still rather arduous
  • Still limited to low-orders systems with
    relatively few state variables
  • DS blocks have very restricted thus attractive
    to us input signals
  • all good topics for further research

30
Next Steps
  • Formal specifications for analog designs
  • Identify mixed-signal specifications amenable to
    time-domain characterization
  • Create parameterized specification primitives for
    CheckMate implementation
  • CheckMate model checker for analog designs
  • Develop modeling guidelines
  • Implement abstraction methods (leverage CT
    CheckMate)
  • Heuristics for polyhedral over approximations to
    reduce computation time
  • Refinement strategies
  • Apply recent developments to increase efficiency
  • Model reduction
  • Counterexample-guide refinement
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Smriti Gupta smritigece'cmu'edu" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!