Achtung:

Sie haben Javascript deaktiviert!
Sie haben versucht eine Funktion zu nutzen, die nur mit Javascript möglich ist. Um sämtliche Funktionalitäten unserer Internetseite zu nutzen, aktivieren Sie bitte Javascript in Ihrem Browser.

Team Show image information

Team

Dr. Tobias Wiersema

Contact
Publications
Dr. Tobias Wiersema

Computer Engineering

Research Associate

Sonderforschungsbereich 901

Former

Phone:
+49 5251 60-4343
Fax:
+49 5251 60-4250
Office:
O3.125
Office hours:

by appointment

Web:
Visitor:
Pohlweg 51
33098 Paderborn

Open list in Research Information System

2022

Search Space Characterization for Approximate Logic Synthesis

L.M. Witschen, T. Wiersema, L.D. Reuter, M. Platzner, in: 2022 59th ACM/IEEE Design Automation Conference (DAC), 2022


MUSCAT: MUS-based Circuit Approximation Technique

L.M. Witschen, T. Wiersema, M. Artmann, M. Platzner, in: Design, Automation and Test in Europe (DATE), 2022


2021

Guaranteeing Properties of Reconfigurable Hardware Circuits with Proof-Carrying Hardware

T. Wiersema, Paderborn University, 2021

Previous research in proof-carrying hardware has established the feasibility and utility of the approach, and provided a concrete solution for employing it for the certification of functional equivalence checking against a specification, but fell short in connecting it to state-of-the-art formal verification insights, methods and tools. Due to the immense complexity of modern circuits, and verification challenges such as the state explosion problem for sequential circuits, this restriction of readily-available verification solutions severely limited the applicability of the approach in wider contexts. This thesis closes the gap between the PCH approach and current advances in formal hardware verification, provides methods and tools to express and certify a wide range of circuit properties, both functional and non-functional, and presents for the first time prototypes in which circuits that are implemented on actual reconfigurable hardware are verified with PCH methods. Using these results, designers can now apply PCH to establish trust in more complex circuits, by using more diverse properties which they can express using modern, efficient property specification techniques.


Software/Hardware Co-Verification for Custom Instruction Set Processors

M. Jakobs, F. Pauck, M. Platzner, H. Wehrheim, T. Wiersema, IEEE Access (2021)

Verification of software and processor hardware usually proceeds separately, software analysis relying on the correctness of processors executing machine instructions. This assumption is valid as long as the software runs on standard CPUs that have been extensively validated and are in wide use. However, for processors exploiting custom instruction set extensions to meet performance and energy constraints the validation might be less extensive, challenging the correctness assumption. In this paper we present a novel formal approach for hardware/software co-verification targeting processors with custom instruction set extensions. We detail two different approaches for checking whether the hardware fulfills the requirements expected by the software analysis. The approaches are designed to explore a trade-off between generality of the verification and computational effort. Then, we describe the integration of software and hardware analyses for both techniques and describe a fully automated tool chain implementing the approaches. Finally, we demonstrate and compare the two approaches on example source code with custom instructions, using state-of-the-art software analysis and hardware verification techniques.


Malicious Routing: Circumventing Bitstream-level Verification for FPGAs

Q.A. Ahmed, T. Wiersema, M. Platzner, in: 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE), 2021 Design, Automation and Test in Europe Conference (DATE), 2021

The battle of developing hardware Trojans and corresponding countermeasures has taken adversaries towards ingenious ways of compromising hardware designs by circumventing even advanced testing and verification methods. Besides conventional methods of inserting Trojans into a design by a malicious entity, the design flow for field-programmable gate arrays (FPGAs) can also be surreptitiously compromised to assist the attacker to perform a successful malfunctioning or information leakage attack. The advanced stealthy malicious look-up-table (LUT) attack activates a Trojan only when generating the FPGA bitstream and can thus not be detected by register transfer and gate level testing and verification. However, also this attack was recently revealed by a bitstream-level proof-carrying hardware (PCH) approach. In this paper, we present a novel attack that leverages malicious routing of the inserted Trojan circuit to acquire a dormant state even in the generated and transmitted bitstream. The Trojan's payload is connected to primary inputs/outputs of the FPGA via a programmable interconnect point (PIP). The Trojan is detached from inputs/outputs during place-and-route and re-connected only when the FPGA is being programmed, thus activating the Trojan circuit without any need for a trigger logic. Since the Trojan is injected in a post-synthesis step and remains unconnected in the bitstream, the presented attack can currently neither be prevented by conventional testing and verification methods nor by recent bitstream-level verification techniques.


Timing Optimization for Virtual FPGA Configurations

L.M. Witschen, T. Wiersema, M. Raeisi Nafchi, A. Bockhorn, M. Platzner, in: Proceedings of International Symposium on Applied Reconfigurable Computing (ARC'21), Springer Lecture Notes in Computer Science, 2021

DOI


2020

Proof-carrying Approximate Circuits

L.M. Witschen, T. Wiersema, M. Platzner, IEEE Transactions On Very Large Scale Integration Systems (2020), 28(9), pp. 2084 - 2088

Approximate circuits trade-off computational accuracy against improvements in hardware area, delay, or energy consumption. IP core vendors who wish to create such circuits need to convince consumers of the resulting approximation quality. As a solution we propose proof-carrying approximate circuits: The vendor creates an approximate IP core together with a certificate that proves the approximation quality. The proof certificate is bundled with the approximate IP core and sent off to the consumer. The consumer can formally verify the approximation quality of the IP core at a fraction of the typical computational cost for formal verification. In this paper, we first make the case for proof-carrying approximate circuits and then demonstrate the feasibility of the approach by a set of synthesis experiments using an exemplary approximation framework.


Search Space Characterization for AxC Synthesis

L.M. Witschen, T. Wiersema, M. Platzner, in: Fifth Workshop on Approximate Computing (AxC 2020), 2020

On the circuit level, the design paradigm Approximate Computing seeks to trade off computational accuracy against a target metric, e.g., energy consumption. This trade-off is possible for many applications due to their inherent resiliency against inaccuracies. In the past, several automated approximation frameworks have been presented, which either utilize designated approximation techniques or libraries to replace approximable circuit parts with inaccurate versions. The frameworks invoke a search algorithm to iteratively explore the search space of performance degraded circuits, and validate their quality individually. In this paper, we propose to reverse this procedure. Rather than exploring the search space, we delineate the approximate parts of the search space which are guaranteed to lead to valid approximate circuits. Our methodology is supported by formal verification and independent of approximation techniques. Eventually, the user is provided with quality bounds of the individual approximable circuit parts. Consequently, our approach guarantees that any approximate circuit which implements these parts within the determined quality constraints satisfies the global quality constraints, superseding a subsequent quality verification. In our experimental results, we present the runtimes of our approach.


2019

CIRCA: Towards a Modular and Extensible Framework for Approximate Circuit Generation

L.M. Witschen, T. Wiersema, H. Ghasemzadeh Mohammadi, M. Awais, M. Platzner, Microelectronics Reliability (2019), 99, pp. 277-290

Existing approaches and tools for the generation of approximate circuits often lack generality and are restricted to certain circuit types, approximation techniques, and quality assurance methods. Moreover, only few tools are publicly available. This hinders the development and evaluation of new techniques for approximating circuits and their comparison to previous approaches. In this paper, we first analyze and classify related approaches and then present CIRCA, our flexible framework for search-based approximate circuit generation. CIRCA is developed with a focus on modularity and extensibility. We present the architecture of CIRCA with its clear separation into stages and functional blocks, report on the current prototype, and show initial experiments.


Proof-Carrying Hardware Versus the Stealthy Malicious LUT Hardware Trojan

Q.A. Ahmed, T. Wiersema, M. Platzner, in: Applied Reconfigurable Computing, Springer International Publishing, 2019, pp. 127-136

Reconfigurable hardware has received considerable attention as a platform that enables dynamic hardware updates and thus is able to adapt new configurations at runtime. However, due to their dynamic nature, e.g., field-programmable gate arrays (FPGA) are subject to a constant possibility of attacks, since each new configuration might be compromised. Trojans for reconfigurable hardware that evade state-of-the-art detection techniques and even formal verification, are thus a large threat to these devices. One such stealthy hardware Trojan, that is inserted and activated in two stages by compromised electronic design automation (EDA) tools, has recently been presented and shown to evade all forms of classical pre-configuration detection techniques. This paper presents a successful pre-configuration countermeasure against this ``Malicious Look-up-table (LUT)''-hardware Trojan, by employing bitstream-level Proof-Carrying Hardware (PCH). We show that the method is able to alert innocent module creators to infected EDA tools, and to prohibit malicious ones to sell infected modules to unsuspecting customers.


2018

CIRCA: Towards a Modular and Extensible Framework for Approximate Circuit Generation

L.M. Witschen, T. Wiersema, H. Ghasemzadeh Mohammadi, M. Awais, M. Platzner, in: Third Workshop on Approximate Computing (AxC 2018), 2018

Existing approaches and tools for the generation of approximate circuits often lack generality and are restricted to certain circuit types, approximation techniques, and quality assurance methods. Moreover, only few tools are publicly available. This hinders the development and evaluation of new techniques for approximating circuits and their comparison to previous approaches. In this paper, we first analyze and classify related approaches and then present CIRCA, our flexible framework for search-based approximate circuit generation. CIRCA is developed with a focus on modularity and extensibility. We present the architecture of CIRCA with its clear separation into stages and functional blocks, report on the current prototype, and show initial experiments.


Making the Case for Proof-carrying Approximate Circuits

L.M. Witschen, T. Wiersema, M. Platzner, in: 4th Workshop On Approximate Computing (WAPCO 2018), 2018


2017

Proof-Carrying Hardware via Inductive Invariants

T. Isenberg, M. Platzner, H. Wehrheim, T. Wiersema, ACM Transactions on Design Automation of Electronic Systems (2017)(4), pp. 61:1--61:23

Proof-carrying hardware (PCH) is a principle for achieving safety for dynamically reconfigurable hardware systems. The producer of a hardware module spends huge effort when creating a proof for a safety policy. The proof is then transferred as a certificate together with the configuration bitstream to the consumer of the hardware module, who can quickly verify the given proof. Previous work utilized SAT solvers and resolution traces to set up a PCH technology and corresponding tool flows. In this article, we present a novel technology for PCH based on inductive invariants. For sequential circuits, our approach is fundamentally stronger than the previous SAT-based one since we avoid the limitations of bounded unrolling. We contrast our technology to existing ones and show that it fits into previously proposed tool flows. We conduct experiments with four categories of benchmark circuits and report consumer and producer runtime and peak memory consumption, as well as the size of the certificates and the distribution of the workload between producer and consumer. Experiments clearly show that our new induction-based technology is superior for sequential circuits, whereas the previous SAT-based technology is the better choice for combinational circuits.


2016

An Architecture and Design Tool Flow for Embedding a Virtual FPGA into a Reconfigurable System-on-Chip

T. Wiersema, A. Bockhorn, M. Platzner, Computers & Electrical Engineering (2016), pp. 112--122

Virtual field programmable gate arrays (FPGA) are overlay architectures realized on top of physical FPGAs. They are proposed to enhance or abstract away from the physical FPGA for experimenting with novel architectures and design tool flows. In this paper, we present an embedding of a ZUMA-based virtual FPGA fabric into a complete configurable system-on-chip. Such an embedding is required to fully harness the potential of virtual FPGAs, in particular to give the virtual circuits access to main memory and operating system services, and to enable a concurrent operation of virtualized and non-virtualized circuitry. We discuss our extension to ZUMA and its embedding into the ReconOS operating system for hardware/software systems. Furthermore, we present an open source tool flow to synthesize configurations for the virtual FPGA, along with an analysis of the area and delay overheads involved.


Verifying Worst-Case Completion Times for Reconfigurable Hardware Modules using Proof-Carrying Hardware

T. Wiersema, M. Platzner, in: Proceedings of the 11th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC 2016), 2016, pp. 1--8

Runtime reconfiguration can be used to replace hardware modules in the field and even to continuously improve them during operation. Runtime reconfiguration poses new challenges for validation, since the required properties of newly arriving modules may be difficult to check fast enough to sustain the intended system dynamics. In this paper we present a method for just-in-time verification of the worst-case completion time of a reconfigurable hardware module. We assume so-called run-to-completion modules that exhibit start and done signals indicating the start and end of execution, respectively. We present a formal verification approach that exploits the concept of proof-carrying hardware. The approach tasks the creator of a hardware module with constructing a proof of the worst-case completion time, which can then easily be checked by the user of the module, just prior to reconfiguration. After explaining the verification approach and a corresponding tool flow, we present results from two case studies, a short term synthesis filter and a multihead weigher. The resultsclearly show that cost of verifying the completion time of the module is paid by the creator instead of the user of the module.


2015

On-The-Fly Verification of Reconfigurable Image Processing Modules based on a Proof-Carrying Hardware Approach

T. Wiersema, S. Wu, M. Platzner, in: Proceedings of the International Symposium in Reconfigurable Computing (ARC), 2015, pp. 365--372

Proof-carrying hardware is an approach that has recently been proposed for the efficient verification of reconfigurable modules. We present an application of proof-carrying hardware to guarantee the correct functionality of dynamically reconfigured image processing modules. Our prototype comprises a reconfigurable-system-on-chip with an embedded virtual FPGA fabric. This setup allows us to leverage open source FPGA synthesis and backend tools to produce FPGA configuration bitstreams with an open format and, thus, to demonstrate and experimentally evaluate proof-carrying hardware at the bitstream level.


2014

Memory Security in Reconfigurable Computers: Combining Formal Verification with Monitoring

T. Wiersema, S. Drzevitzky, M. Platzner, in: Proceedings of the International Conference on Field-Programmable Technology (FPT), 2014, pp. 167-174

Ensuring memory access security is a challenge for reconfigurable systems with multiple cores. Previous work introduced access monitors attached to the memory subsystem to ensure that the cores adhere to pre-defined protocols when accessing memory. In this paper, we combine access monitors with a formal runtime verification technique known as proof-carrying hardware to guarantee memory security. We extend previous work on proof-carrying hardware by covering sequential circuits and demonstrate our approach with a prototype leveraging ReconOS/Zynq with an embedded ZUMA virtual FPGA overlay. Experiments show the feasibility of the approach and the capabilities of the prototype, which constitutes the first realization of proof-carrying hardware on real FPGAs. The area overheads for the virtual FPGA are measured as 2x-10x, depending on the resource type. The delay overhead is substantial with almost 100x, but this is an extremely pessimistic estimate that will be lowered once accurate timing analysis for FPGA overlays become available. Finally, reconfiguration time for the virtual FPGA is about one order of magnitude lower than for the native Zynq fabric.


Integrating Software and Hardware Verification

M. Jakobs, M. Platzner, T. Wiersema, H. Wehrheim, in: Proceedings of the 11th International Conference on Integrated Formal Methods (iFM), 2014, pp. 307-322

Verification of hardware and software usually proceeds separately, software analysis relying on the correctness of processors executing instructions. This assumption is valid as long as the software runs on standard CPUs that have been extensively validated and are in wide use. However, for processors exploiting custom instruction set extensions to meet performance and energy constraints the validation might be less extensive, challenging the correctness assumption.In this paper we present an approach for integrating software analyses with hardware verification, specifically targeting custom instruction set extensions. We propose three different techniques for deriving the properties to be proven for the hardware implementation of a custom instruction in order to support software analyses. The techniques are designed to explore the trade-off between generality and efficiency and span from proving functional equivalence over checking the rules of a particular analysis domain to verifying actual pre and post conditions resulting from program analysis. We demonstrate and compare the three techniques on example programs with custom instructions, using stateof-the-art software and hardware verification techniques.


Embedding FPGA Overlays into Configurable Systems-on-Chip: ReconOS meets ZUMA

T. Wiersema, A. Bockhorn, M. Platzner, in: Proceedings of the International Conference on ReConFigurable Computing and FPGAs (ReConFig), 2014, pp. 1-6

Virtual FPGAs are overlay architectures realized on top of physical FPGAs. They are proposed to enhance or abstract away from the physical FPGA for experimenting with novel architectures and design tool flows. In this paper, we present an embedding of a ZUMA-based virtual FPGA fabric into a complete configurable system-on-chip. Such an embedding is required to fully harness the potential of virtual FPGAs, in particular to give the virtual circuits access to main memory and operating system services, and to enable a concurrent operation of virtualized and non-virtualized circuitry. We discuss our extension to ZUMA and its embedding into the ReconOS operating system for hardware/software systems. Furthermore, we present an open source tool flow to synthesize configurations for the virtual FPGA.


2012

Programming and Scheduling Model for Supporting Heterogeneous Accelerators in Linux

T. Beisel, T. Wiersema, C. Plessl, A. Brinkmann, in: Proc. Workshop on Computer Architecture and Operating System Co-design (CAOS), 2012


2011

Cooperative multitasking for heterogeneous accelerators in the Linux Completely Fair Scheduler

T. Beisel, T. Wiersema, C. Plessl, A. Brinkmann, in: Proc. Int. Conf. on Application-Specific Systems, Architectures, and Processors (ASAP), IEEE Computer Society, 2011, pp. 223-226

DOI


2010

Scheduling Support for Heterogeneous Hardware Accelerators under Linux

T. Wiersema, Master's thesis, Paderborn University, 2010


Open list in Research Information System

Research interests

I am currently working mainly on Proof-Carrying Hardware Services and virtual FPGAs.

Publications


Open list in Research Information System

Conferences

Search Space Characterization for Approximate Logic Synthesis

L.M. Witschen, T. Wiersema, L.D. Reuter, M. Platzner, in: 2022 59th ACM/IEEE Design Automation Conference (DAC), 2022

@inproceedings{Witschen_Wiersema_Reuter_Platzner, title={Search Space Characterization for Approximate Logic Synthesis }, booktitle={2022 59th ACM/IEEE Design Automation Conference (DAC)}, author={Witschen, Linus Matthias and Wiersema, Tobias and Reuter, Lucas David and Platzner, Marco} }


MUSCAT: MUS-based Circuit Approximation Technique

L.M. Witschen, T. Wiersema, M. Artmann, M. Platzner, in: Design, Automation and Test in Europe (DATE), 2022

@inproceedings{Witschen_Wiersema_Artmann_Platzner, title={MUSCAT: MUS-based Circuit Approximation Technique}, booktitle={Design, Automation and Test in Europe (DATE)}, author={Witschen, Linus Matthias and Wiersema, Tobias and Artmann, Matthias and Platzner, Marco} }


Malicious Routing: Circumventing Bitstream-level Verification for FPGAs

Q.A. Ahmed, T. Wiersema, M. Platzner, in: 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE), 2021 Design, Automation and Test in Europe Conference (DATE), 2021

The battle of developing hardware Trojans and corresponding countermeasures has taken adversaries towards ingenious ways of compromising hardware designs by circumventing even advanced testing and verification methods. Besides conventional methods of inserting Trojans into a design by a malicious entity, the design flow for field-programmable gate arrays (FPGAs) can also be surreptitiously compromised to assist the attacker to perform a successful malfunctioning or information leakage attack. The advanced stealthy malicious look-up-table (LUT) attack activates a Trojan only when generating the FPGA bitstream and can thus not be detected by register transfer and gate level testing and verification. However, also this attack was recently revealed by a bitstream-level proof-carrying hardware (PCH) approach. In this paper, we present a novel attack that leverages malicious routing of the inserted Trojan circuit to acquire a dormant state even in the generated and transmitted bitstream. The Trojan's payload is connected to primary inputs/outputs of the FPGA via a programmable interconnect point (PIP). The Trojan is detached from inputs/outputs during place-and-route and re-connected only when the FPGA is being programmed, thus activating the Trojan circuit without any need for a trigger logic. Since the Trojan is injected in a post-synthesis step and remains unconnected in the bitstream, the presented attack can currently neither be prevented by conventional testing and verification methods nor by recent bitstream-level verification techniques.

@inproceedings{Ahmed_Wiersema_Platzner_2021, place={Alpexpo | Grenoble, France}, title={Malicious Routing: Circumventing Bitstream-level Verification for FPGAs}, DOI={10.23919/DATE51398.2021.9474026}, booktitle={2021 Design, Automation & Test in Europe Conference & Exhibition (DATE)}, publisher={2021 Design, Automation and Test in Europe Conference (DATE)}, author={Ahmed, Qazi Arbab and Wiersema, Tobias and Platzner, Marco}, year={2021} }


Timing Optimization for Virtual FPGA Configurations

L.M. Witschen, T. Wiersema, M. Raeisi Nafchi, A. Bockhorn, M. Platzner, in: Proceedings of International Symposium on Applied Reconfigurable Computing (ARC'21), Springer Lecture Notes in Computer Science, 2021

@inproceedings{Witschen_Wiersema_Raeisi Nafchi_Bockhorn_Platzner, series={Reconfigurable Computing: Architectures, Tools, and Applications}, title={Timing Optimization for Virtual FPGA Configurations}, DOI={10.1007/978-3-030-79025-7_4}, booktitle={Proceedings of International Symposium on Applied Reconfigurable Computing (ARC’21)}, publisher={Springer Lecture Notes in Computer Science}, author={Witschen, Linus Matthias and Wiersema, Tobias and Raeisi Nafchi, Masood and Bockhorn, Arne and Platzner, Marco}, editor={Hannig, Frank and Derrien, Steven and Diniz, Pedro and Chillet, Daniel}, collection={Reconfigurable Computing: Architectures, Tools, and Applications} }


Proof-Carrying Hardware Versus the Stealthy Malicious LUT Hardware Trojan

Q.A. Ahmed, T. Wiersema, M. Platzner, in: Applied Reconfigurable Computing, Springer International Publishing, 2019, pp. 127-136

Reconfigurable hardware has received considerable attention as a platform that enables dynamic hardware updates and thus is able to adapt new configurations at runtime. However, due to their dynamic nature, e.g., field-programmable gate arrays (FPGA) are subject to a constant possibility of attacks, since each new configuration might be compromised. Trojans for reconfigurable hardware that evade state-of-the-art detection techniques and even formal verification, are thus a large threat to these devices. One such stealthy hardware Trojan, that is inserted and activated in two stages by compromised electronic design automation (EDA) tools, has recently been presented and shown to evade all forms of classical pre-configuration detection techniques. This paper presents a successful pre-configuration countermeasure against this ``Malicious Look-up-table (LUT)''-hardware Trojan, by employing bitstream-level Proof-Carrying Hardware (PCH). We show that the method is able to alert innocent module creators to infected EDA tools, and to prohibit malicious ones to sell infected modules to unsuspecting customers.

@inproceedings{Ahmed_Wiersema_Platzner_2019, place={Cham}, series={Lecture Notes in Computer Science}, title={Proof-Carrying Hardware Versus the Stealthy Malicious LUT Hardware Trojan}, volume={11444}, DOI={10.1007/978-3-030-17227-5_10}, booktitle={Applied Reconfigurable Computing}, publisher={Springer International Publishing}, author={Ahmed, Qazi Arbab and Wiersema, Tobias and Platzner, Marco}, editor={Hochberger, Christian and Nelson, Brent and Koch, Andreas and Woods, Roger and Diniz, PedroEditors}, year={2019}, pages={127–136}, collection={Lecture Notes in Computer Science} }


Verifying Worst-Case Completion Times for Reconfigurable Hardware Modules using Proof-Carrying Hardware

T. Wiersema, M. Platzner, in: Proceedings of the 11th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC 2016), 2016, pp. 1--8

Runtime reconfiguration can be used to replace hardware modules in the field and even to continuously improve them during operation. Runtime reconfiguration poses new challenges for validation, since the required properties of newly arriving modules may be difficult to check fast enough to sustain the intended system dynamics. In this paper we present a method for just-in-time verification of the worst-case completion time of a reconfigurable hardware module. We assume so-called run-to-completion modules that exhibit start and done signals indicating the start and end of execution, respectively. We present a formal verification approach that exploits the concept of proof-carrying hardware. The approach tasks the creator of a hardware module with constructing a proof of the worst-case completion time, which can then easily be checked by the user of the module, just prior to reconfiguration. After explaining the verification approach and a corresponding tool flow, we present results from two case studies, a short term synthesis filter and a multihead weigher. The resultsclearly show that cost of verifying the completion time of the module is paid by the creator instead of the user of the module.

@inproceedings{Wiersema_Platzner_2016, title={Verifying Worst-Case Completion Times for Reconfigurable Hardware Modules using Proof-Carrying Hardware}, DOI={10.1109/ReCoSoC.2016.7533910}, booktitle={Proceedings of the 11th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC 2016)}, author={Wiersema, Tobias and Platzner, Marco}, year={2016}, pages={1--8} }


On-The-Fly Verification of Reconfigurable Image Processing Modules based on a Proof-Carrying Hardware Approach

T. Wiersema, S. Wu, M. Platzner, in: Proceedings of the International Symposium in Reconfigurable Computing (ARC), 2015, pp. 365--372

Proof-carrying hardware is an approach that has recently been proposed for the efficient verification of reconfigurable modules. We present an application of proof-carrying hardware to guarantee the correct functionality of dynamically reconfigured image processing modules. Our prototype comprises a reconfigurable-system-on-chip with an embedded virtual FPGA fabric. This setup allows us to leverage open source FPGA synthesis and backend tools to produce FPGA configuration bitstreams with an open format and, thus, to demonstrate and experimentally evaluate proof-carrying hardware at the bitstream level.

@inproceedings{Wiersema_Wu_Platzner_2015, series={LNCS}, title={On-The-Fly Verification of Reconfigurable Image Processing Modules based on a Proof-Carrying Hardware Approach}, DOI={10.1007/978-3-319-16214-0_32}, booktitle={Proceedings of the International Symposium in Reconfigurable Computing (ARC)}, author={Wiersema, Tobias and Wu, Sen and Platzner, Marco}, year={2015}, pages={365--372}, collection={LNCS} }


Memory Security in Reconfigurable Computers: Combining Formal Verification with Monitoring

T. Wiersema, S. Drzevitzky, M. Platzner, in: Proceedings of the International Conference on Field-Programmable Technology (FPT), 2014, pp. 167-174

Ensuring memory access security is a challenge for reconfigurable systems with multiple cores. Previous work introduced access monitors attached to the memory subsystem to ensure that the cores adhere to pre-defined protocols when accessing memory. In this paper, we combine access monitors with a formal runtime verification technique known as proof-carrying hardware to guarantee memory security. We extend previous work on proof-carrying hardware by covering sequential circuits and demonstrate our approach with a prototype leveraging ReconOS/Zynq with an embedded ZUMA virtual FPGA overlay. Experiments show the feasibility of the approach and the capabilities of the prototype, which constitutes the first realization of proof-carrying hardware on real FPGAs. The area overheads for the virtual FPGA are measured as 2x-10x, depending on the resource type. The delay overhead is substantial with almost 100x, but this is an extremely pessimistic estimate that will be lowered once accurate timing analysis for FPGA overlays become available. Finally, reconfiguration time for the virtual FPGA is about one order of magnitude lower than for the native Zynq fabric.

@inproceedings{Wiersema_Drzevitzky_Platzner_2014, title={Memory Security in Reconfigurable Computers: Combining Formal Verification with Monitoring}, DOI={10.1109/FPT.2014.7082771}, booktitle={Proceedings of the International Conference on Field-Programmable Technology (FPT)}, author={Wiersema, Tobias and Drzevitzky, Stephanie and Platzner, Marco}, year={2014}, pages={167–174} }


Integrating Software and Hardware Verification

M. Jakobs, M. Platzner, T. Wiersema, H. Wehrheim, in: Proceedings of the 11th International Conference on Integrated Formal Methods (iFM), 2014, pp. 307-322

Verification of hardware and software usually proceeds separately, software analysis relying on the correctness of processors executing instructions. This assumption is valid as long as the software runs on standard CPUs that have been extensively validated and are in wide use. However, for processors exploiting custom instruction set extensions to meet performance and energy constraints the validation might be less extensive, challenging the correctness assumption.In this paper we present an approach for integrating software analyses with hardware verification, specifically targeting custom instruction set extensions. We propose three different techniques for deriving the properties to be proven for the hardware implementation of a custom instruction in order to support software analyses. The techniques are designed to explore the trade-off between generality and efficiency and span from proving functional equivalence over checking the rules of a particular analysis domain to verifying actual pre and post conditions resulting from program analysis. We demonstrate and compare the three techniques on example programs with custom instructions, using stateof-the-art software and hardware verification techniques.

@inproceedings{Jakobs_Platzner_Wiersema_Wehrheim_2014, series={LNCS}, title={Integrating Software and Hardware Verification}, DOI={10.1007/978-3-319-10181-1_19}, booktitle={Proceedings of the 11th International Conference on Integrated Formal Methods (iFM)}, author={Jakobs, Marie-Christine and Platzner, Marco and Wiersema, Tobias and Wehrheim, Heike}, editor={Albert, Elvira and Sekerinski, EmilEditors}, year={2014}, pages={307–322}, collection={LNCS} }


Embedding FPGA Overlays into Configurable Systems-on-Chip: ReconOS meets ZUMA

T. Wiersema, A. Bockhorn, M. Platzner, in: Proceedings of the International Conference on ReConFigurable Computing and FPGAs (ReConFig), 2014, pp. 1-6

Virtual FPGAs are overlay architectures realized on top of physical FPGAs. They are proposed to enhance or abstract away from the physical FPGA for experimenting with novel architectures and design tool flows. In this paper, we present an embedding of a ZUMA-based virtual FPGA fabric into a complete configurable system-on-chip. Such an embedding is required to fully harness the potential of virtual FPGAs, in particular to give the virtual circuits access to main memory and operating system services, and to enable a concurrent operation of virtualized and non-virtualized circuitry. We discuss our extension to ZUMA and its embedding into the ReconOS operating system for hardware/software systems. Furthermore, we present an open source tool flow to synthesize configurations for the virtual FPGA.

@inproceedings{Wiersema_Bockhorn_Platzner_2014, title={Embedding FPGA Overlays into Configurable Systems-on-Chip: ReconOS meets ZUMA}, DOI={10.1109/ReConFig.2014.7032514}, booktitle={Proceedings of the International Conference on ReConFigurable Computing and FPGAs (ReConFig)}, author={Wiersema, Tobias and Bockhorn, Arne and Platzner, Marco}, year={2014}, pages={1–6} }


Programming and Scheduling Model for Supporting Heterogeneous Accelerators in Linux

T. Beisel, T. Wiersema, C. Plessl, A. Brinkmann, in: Proc. Workshop on Computer Architecture and Operating System Co-design (CAOS), 2012

@inproceedings{Beisel_Wiersema_Plessl_Brinkmann_2012, title={Programming and Scheduling Model for Supporting Heterogeneous Accelerators in Linux}, booktitle={Proc. Workshop on Computer Architecture and Operating System Co-design (CAOS)}, author={Beisel, Tobias and Wiersema, Tobias and Plessl, Christian and Brinkmann, André}, year={2012} }


Cooperative multitasking for heterogeneous accelerators in the Linux Completely Fair Scheduler

T. Beisel, T. Wiersema, C. Plessl, A. Brinkmann, in: Proc. Int. Conf. on Application-Specific Systems, Architectures, and Processors (ASAP), IEEE Computer Society, 2011, pp. 223-226

@inproceedings{Beisel_Wiersema_Plessl_Brinkmann_2011, title={Cooperative multitasking for heterogeneous accelerators in the Linux Completely Fair Scheduler}, DOI={10.1109/ASAP.2011.6043273}, booktitle={Proc. Int. Conf. on Application-Specific Systems, Architectures, and Processors (ASAP)}, publisher={IEEE Computer Society}, author={Beisel, Tobias and Wiersema, Tobias and Plessl, Christian and Brinkmann, André}, year={2011}, pages={223–226} }


Dissertations

Guaranteeing Properties of Reconfigurable Hardware Circuits with Proof-Carrying Hardware

T. Wiersema, Paderborn University, 2021

Previous research in proof-carrying hardware has established the feasibility and utility of the approach, and provided a concrete solution for employing it for the certification of functional equivalence checking against a specification, but fell short in connecting it to state-of-the-art formal verification insights, methods and tools. Due to the immense complexity of modern circuits, and verification challenges such as the state explosion problem for sequential circuits, this restriction of readily-available verification solutions severely limited the applicability of the approach in wider contexts. This thesis closes the gap between the PCH approach and current advances in formal hardware verification, provides methods and tools to express and certify a wide range of circuit properties, both functional and non-functional, and presents for the first time prototypes in which circuits that are implemented on actual reconfigurable hardware are verified with PCH methods. Using these results, designers can now apply PCH to establish trust in more complex circuits, by using more diverse properties which they can express using modern, efficient property specification techniques.

@book{Wiersema_2021, place={Paderborn}, title={Guaranteeing Properties of Reconfigurable Hardware Circuits with Proof-Carrying Hardware}, publisher={Paderborn University}, author={Wiersema, Tobias}, year={2021} }


Journal Articles

Software/Hardware Co-Verification for Custom Instruction Set Processors

M. Jakobs, F. Pauck, M. Platzner, H. Wehrheim, T. Wiersema, IEEE Access (2021)

Verification of software and processor hardware usually proceeds separately, software analysis relying on the correctness of processors executing machine instructions. This assumption is valid as long as the software runs on standard CPUs that have been extensively validated and are in wide use. However, for processors exploiting custom instruction set extensions to meet performance and energy constraints the validation might be less extensive, challenging the correctness assumption. In this paper we present a novel formal approach for hardware/software co-verification targeting processors with custom instruction set extensions. We detail two different approaches for checking whether the hardware fulfills the requirements expected by the software analysis. The approaches are designed to explore a trade-off between generality of the verification and computational effort. Then, we describe the integration of software and hardware analyses for both techniques and describe a fully automated tool chain implementing the approaches. Finally, we demonstrate and compare the two approaches on example source code with custom instructions, using state-of-the-art software analysis and hardware verification techniques.

@article{Jakobs_Pauck_Platzner_Wehrheim_Wiersema, title={Software/Hardware Co-Verification for Custom Instruction Set Processors}, DOI={10.1109/ACCESS.2021.3131213}, journal={IEEE Access}, publisher={IEEE}, author={Jakobs, Marie-Christine and Pauck, Felix and Platzner, Marco and Wehrheim, Heike and Wiersema, Tobias} }


Proof-carrying Approximate Circuits

L.M. Witschen, T. Wiersema, M. Platzner, IEEE Transactions On Very Large Scale Integration Systems (2020), 28(9), pp. 2084 - 2088

Approximate circuits trade-off computational accuracy against improvements in hardware area, delay, or energy consumption. IP core vendors who wish to create such circuits need to convince consumers of the resulting approximation quality. As a solution we propose proof-carrying approximate circuits: The vendor creates an approximate IP core together with a certificate that proves the approximation quality. The proof certificate is bundled with the approximate IP core and sent off to the consumer. The consumer can formally verify the approximation quality of the IP core at a fraction of the typical computational cost for formal verification. In this paper, we first make the case for proof-carrying approximate circuits and then demonstrate the feasibility of the approach by a set of synthesis experiments using an exemplary approximation framework.

@article{Witschen_Wiersema_Platzner_2020, title={Proof-carrying Approximate Circuits}, volume={28}, DOI={10.1109/TVLSI.2020.3008061}, number={9}, journal={IEEE Transactions On Very Large Scale Integration Systems}, publisher={IEEE}, author={Witschen, Linus Matthias and Wiersema, Tobias and Platzner, Marco}, year={2020}, pages={2084–2088} }


CIRCA: Towards a Modular and Extensible Framework for Approximate Circuit Generation

L.M. Witschen, T. Wiersema, H. Ghasemzadeh Mohammadi, M. Awais, M. Platzner, Microelectronics Reliability (2019), 99, pp. 277-290

Existing approaches and tools for the generation of approximate circuits often lack generality and are restricted to certain circuit types, approximation techniques, and quality assurance methods. Moreover, only few tools are publicly available. This hinders the development and evaluation of new techniques for approximating circuits and their comparison to previous approaches. In this paper, we first analyze and classify related approaches and then present CIRCA, our flexible framework for search-based approximate circuit generation. CIRCA is developed with a focus on modularity and extensibility. We present the architecture of CIRCA with its clear separation into stages and functional blocks, report on the current prototype, and show initial experiments.

@article{Witschen_Wiersema_Ghasemzadeh Mohammadi_Awais_Platzner_2019, title={CIRCA: Towards a Modular and Extensible Framework for Approximate Circuit Generation}, volume={99}, DOI={10.1016/j.microrel.2019.04.003}, journal={Microelectronics Reliability}, publisher={Elsevier}, author={Witschen, Linus Matthias and Wiersema, Tobias and Ghasemzadeh Mohammadi, Hassan and Awais, Muhammad and Platzner, Marco}, year={2019}, pages={277–290} }


Proof-Carrying Hardware via Inductive Invariants

T. Isenberg, M. Platzner, H. Wehrheim, T. Wiersema, ACM Transactions on Design Automation of Electronic Systems (2017)(4), pp. 61:1--61:23

Proof-carrying hardware (PCH) is a principle for achieving safety for dynamically reconfigurable hardware systems. The producer of a hardware module spends huge effort when creating a proof for a safety policy. The proof is then transferred as a certificate together with the configuration bitstream to the consumer of the hardware module, who can quickly verify the given proof. Previous work utilized SAT solvers and resolution traces to set up a PCH technology and corresponding tool flows. In this article, we present a novel technology for PCH based on inductive invariants. For sequential circuits, our approach is fundamentally stronger than the previous SAT-based one since we avoid the limitations of bounded unrolling. We contrast our technology to existing ones and show that it fits into previously proposed tool flows. We conduct experiments with four categories of benchmark circuits and report consumer and producer runtime and peak memory consumption, as well as the size of the certificates and the distribution of the workload between producer and consumer. Experiments clearly show that our new induction-based technology is superior for sequential circuits, whereas the previous SAT-based technology is the better choice for combinational circuits.

@article{Isenberg_Platzner_Wehrheim_Wiersema_2017, title={Proof-Carrying Hardware via Inductive Invariants}, DOI={10.1145/3054743}, number={4}, journal={ACM Transactions on Design Automation of Electronic Systems}, publisher={ACM}, author={Isenberg, Tobias and Platzner, Marco and Wehrheim, Heike and Wiersema, Tobias}, year={2017}, pages={61:1--61:23} }


An Architecture and Design Tool Flow for Embedding a Virtual FPGA into a Reconfigurable System-on-Chip

T. Wiersema, A. Bockhorn, M. Platzner, Computers & Electrical Engineering (2016), pp. 112--122

Virtual field programmable gate arrays (FPGA) are overlay architectures realized on top of physical FPGAs. They are proposed to enhance or abstract away from the physical FPGA for experimenting with novel architectures and design tool flows. In this paper, we present an embedding of a ZUMA-based virtual FPGA fabric into a complete configurable system-on-chip. Such an embedding is required to fully harness the potential of virtual FPGAs, in particular to give the virtual circuits access to main memory and operating system services, and to enable a concurrent operation of virtualized and non-virtualized circuitry. We discuss our extension to ZUMA and its embedding into the ReconOS operating system for hardware/software systems. Furthermore, we present an open source tool flow to synthesize configurations for the virtual FPGA, along with an analysis of the area and delay overheads involved.

@article{Wiersema_Bockhorn_Platzner_2016, title={An Architecture and Design Tool Flow for Embedding a Virtual FPGA into a Reconfigurable System-on-Chip}, DOI={10.1016/j.compeleceng.2016.04.005}, journal={Computers & Electrical Engineering}, publisher={Elsevier}, author={Wiersema, Tobias and Bockhorn, Arne and Platzner, Marco}, year={2016}, pages={112--122} }


Master's Theses

Scheduling Support for Heterogeneous Hardware Accelerators under Linux

T. Wiersema, Master's thesis, Paderborn University, 2010

@book{Wiersema_2010, title={Scheduling Support for Heterogeneous Hardware Accelerators under Linux}, publisher={Paderborn University}, author={Wiersema, Tobias}, year={2010} }


Preprint

Search Space Characterization for AxC Synthesis

L.M. Witschen, T. Wiersema, M. Platzner, in: Fifth Workshop on Approximate Computing (AxC 2020), 2020

On the circuit level, the design paradigm Approximate Computing seeks to trade off computational accuracy against a target metric, e.g., energy consumption. This trade-off is possible for many applications due to their inherent resiliency against inaccuracies. In the past, several automated approximation frameworks have been presented, which either utilize designated approximation techniques or libraries to replace approximable circuit parts with inaccurate versions. The frameworks invoke a search algorithm to iteratively explore the search space of performance degraded circuits, and validate their quality individually. In this paper, we propose to reverse this procedure. Rather than exploring the search space, we delineate the approximate parts of the search space which are guaranteed to lead to valid approximate circuits. Our methodology is supported by formal verification and independent of approximation techniques. Eventually, the user is provided with quality bounds of the individual approximable circuit parts. Consequently, our approach guarantees that any approximate circuit which implements these parts within the determined quality constraints satisfies the global quality constraints, superseding a subsequent quality verification. In our experimental results, we present the runtimes of our approach.

@article{Witschen_Wiersema_Platzner, title={Search Space Characterization for AxC Synthesis}, journal={Fifth Workshop on Approximate Computing (AxC 2020)}, author={Witschen, Linus Matthias and Wiersema, Tobias and Platzner, Marco} }


Making the Case for Proof-carrying Approximate Circuits

L.M. Witschen, T. Wiersema, M. Platzner, in: 4th Workshop On Approximate Computing (WAPCO 2018), 2018

@article{Witschen_Wiersema_Platzner_2018, title={Making the Case for Proof-carrying Approximate Circuits}, journal={4th Workshop On Approximate Computing (WAPCO 2018)}, author={Witschen, Linus Matthias and Wiersema, Tobias and Platzner, Marco}, year={2018} }


CIRCA: Towards a Modular and Extensible Framework for Approximate Circuit Generation

L.M. Witschen, T. Wiersema, H. Ghasemzadeh Mohammadi, M. Awais, M. Platzner, in: Third Workshop on Approximate Computing (AxC 2018), 2018

Existing approaches and tools for the generation of approximate circuits often lack generality and are restricted to certain circuit types, approximation techniques, and quality assurance methods. Moreover, only few tools are publicly available. This hinders the development and evaluation of new techniques for approximating circuits and their comparison to previous approaches. In this paper, we first analyze and classify related approaches and then present CIRCA, our flexible framework for search-based approximate circuit generation. CIRCA is developed with a focus on modularity and extensibility. We present the architecture of CIRCA with its clear separation into stages and functional blocks, report on the current prototype, and show initial experiments.

@article{Witschen_Wiersema_Ghasemzadeh Mohammadi_Awais_Platzner, title={CIRCA: Towards a Modular and Extensible Framework for Approximate Circuit Generation}, journal={Third Workshop on Approximate Computing (AxC 2018)}, author={Witschen, Linus Matthias and Wiersema, Tobias and Ghasemzadeh Mohammadi, Hassan and Awais, Muhammad and Platzner, Marco} }


Open list in Research Information System

The University for the Information Society