Abstract

Modern Systems-on-Chip (SoC) designs require a new verification standard due to their heterogeneity and reliance on specialized accelerators, which traditional Instruction Set Architectures (ISA) fail to cover. This paper formalizes the Instruction-Level Abstraction (ILA), which uniformly models the software-visible functional behavior of both general-purpose processors (like RISC-V) and specialized accelerators. ILA facilitates crucial formal verification tasks, including modular equivalence checking between abstract models or against hardware Finite-State Machine (FSM) implementations, supporting compatibility during hardware upgrades.

Report

Instruction-Level Abstraction (ILA): A Uniform Specification for System-on-Chip (SoC) Verification

Key Highlights

• Addressing Heterogeneity: The paper responds to the verification challenges posed by modern, 'accelerator-rich' SoC designs where the traditional ISA boundary is insufficient.
• Formal Abstraction: It formalizes the Instruction-Level Abstraction (ILA), extending the familiar concept of instructions to cover the functional behavior of specialized accelerators.
• Uniform and Modular: ILA provides a single, uniform, modular, and hierarchical framework for specifying the software-visible behavior of both programmable processors and accelerators.
• Verification Utility: The ILA model is used to facilitate complex formal verification tasks, notably equivalence checking.
• Case Studies: Applicability is demonstrated across various domains, including accelerators for image processing, machine learning, cryptography, and general-purpose processor verification (RISC-V).
• Upgrade Compatibility: ILA introduces the notion of 'ILA compatibility' to manage safe accelerator upgrades, analogous to how ISA compatibility manages processor upgrades.

Technical Details

• Core Concept: Instruction-Level Abstraction (ILA), defined as a formal specification and high-level abstraction for accelerator functional behavior.
• Modeling Scope: ILA captures the high-level, software-visible state and transitions, hiding implementation details while ensuring functional correctness from a software perspective.
• Verification Technique: Formal equivalence checking is the primary mechanism leveraged by ILA.
  • Equivalence Check 1 (Abstraction-to-Abstraction): Checking equivalence between two different ILA specifications (e.g., verifying a revised accelerator ILA against the previous compatible ILA).
  • Equivalence Check 2 (Abstraction-to-Implementation): Checking equivalence between the ILA model and its actual hardware Finite-State Machine (FSM) implementation.
• Demonstrated Targets: RISC-V (general-purpose processor) and specialized accelerators.

Implications

• Standardization of SoC Verification: ILA provides a much-needed common language for formally specifying complex heterogeneous hardware, bridging the gap between hardware design and software development that existed in the 'pre-accelerator era'.
• Enhanced RISC-V Ecosystem Verification: Explicit use of RISC-V as a case study suggests that ILA is a critical tool for verifying the rapidly expanding RISC-V ecosystem, especially given its focus on custom extensions and domain-specific accelerators (DSAs).
• Improved Design Cycles: By enabling high-level formal equivalence checking, designers can verify functional correctness earlier and more modularly, potentially reducing costly hardware bugs and accelerating the development cycle for complex SoCs.
• Future-Proofing Hardware: The support for ILA compatibility ensures that specialized hardware components can be updated or optimized over time without breaking the contract established with the overlying software stack, crucial for long-term system maintenance and evolution.