Skip to main content

On Formally Verifying High-Level Synthesis

Conference: Verification Futures 2023 (click here to see full programme)
Speaker: Yann Herklotz
Presentation Title: On Formally Verifying High-Level Synthesis

High-level synthesis (HLS), which refers to the automatic compilation of software into hardware, is rapidly gaining popularity. In a world increasingly reliant on application-specific hardware accelerators, HLS promises hardware designs of comparable performance and energy efficiency to those coded by hand in a hardware description language such as Verilog, while maintaining the convenience and the rich ecosystem of software development. However, current HLS tools cannot always guarantee that the hardware designs they produce are equivalent to the software they were given, thus undermining any reasoning conducted at the software level. Furthermore, there is mounting evidence that existing HLS tools are quite unreliable, sometimes generating wrong hardware or crashing when given valid inputs.

To address this problem, we present the first HLS tool that is mechanically verified to preserve the behaviour of its input software. Our tool, called Vericert, extends the CompCert verified C compiler with a new hardware-oriented intermediate language and a Verilog back end, and has been proven correct in Coq. Vericert supports most C constructs, including all integer operations, function calls, local arrays, structs, unions, and general control-flow statements. An evaluation on the PolyBench/C benchmark suite indicates that Vericert generates hardware that is around an order of magnitude slower (only around 2x slower in the absence of division) and about the same size as hardware generated by an existing, optimising (but unverified) HLS tool.

Speaker Bio:

Yann’s research focuses on formalising the process of converting high-level programming language descriptions to correct hardware that is functionally equivalent to the input. This process is called high-level synthesis (HLS), and allows software to be turned into custom accelerators automatically, which can then be placed on field-programmable gate arrays (FPGAs). An implementation in the Coq theorem prover called Vericert.

Yann has also worked on random testing for FPGA synthesis tools. Verismith is a fuzzer that will randomly generate a Verilog design, pass it to the synthesis tool, and use an equivalence check to compare the output to the input. If these differ, the design is automatically reduced until the bug is located.

Key Points:
  • Current high-level synthesis tools are unreliable and can introduce bugs into the generated hardware designs.
  • We can use an interactive theorem prover to prove that our high-level synthesis tool, called Vericert, does not introduce any bugs.
  • We show that by proving algorithms like hyperblock scheduling correct, we can get closer to the performance of existing HLS tools.
  • Close Menu