ion The main problem with model checking is the state explosion problem -- the state space grows exponentially with system size. Two methods have some popularity in attacking this problem: compositional methods and abstraction. While they cannot solve the problem in general, they do offer significant improvements in performance. The direct method of verifying that a circuit has a property f is to show the model M satisfies f . The idea behind abstraction is that instead of verifying property f of model M , we verify property f A of model MA and the answer we get helps us answer the original problem. The system MA is an abstraction of the system M . One possibility is to build an abstraction MA that is equivalent (e.g. bisimilar [48]) to M . This sometimes leads to performance advantages if the state space of MA is smaller than M . This type of abstraction would more likely be used in model comparison (e.g. as in [38]). Typically, the behaviour of an abstraction is not equivalent...

This paper presents the formal verification of all sub-circuits in a floating-point arithmetic unit (FPU) from an Intel microprocessor using a wordlevel model checker. This work represents the first large-scale application of word-level model checking techniques. The FPU can perform addition, subtraction, multiplication, square root, division, remainder, and rounding operations; verifying such a broad range of functionality required coupling the model checker with a number of other techniques, such as property decomposition, propertyspecific model extraction, and latch removal. We will illustrate our verification techniques using the Weitek WTL3170/3171 Sparc floating point coprocessor as an example. The principal contribution of this paper is a practical verification methodology explaining what techniques to apply (and where to apply them) when verifying floating-point arithmetic circuits. We have applied our methods to the floating-point unit of a state-of-the-art Intel microprocesso...

In recent years, there has been a surge of progress in automated verification methods based on state exploration. In areas like hardware design, these technologies are rapidly augmenting key phases of testing and validation. To date, one of the most successful of these methods has been symbolic model checking, in which large finite-state machines are encoded into compact data structures such as binary decision diagrams (BDDs) -- and are then checked for safety and liveness properties. However, these techniques have not realized the same success on software systems. One limitation is their inability to deal with infinite-state programs -- even those with a single unbounded integer. A second problem is that of finding efficient representations for various variable types. We recently proposed a model checker for integer-based systems that uses arithmetic constraints as the underlying state representation. While this approach easily verified some subtle, infinite-state concurrency problems...

It is impractical to verify multiplier or divider circuits entirely at the bit-level using ordered Binary Decision Diagrams (BDDs), because the BDD representations for these functions grow exponentially with the word size. It is possible, however, to analyze individual stages of these circuits using BDDs. Such analysis can be helpful when implementing complex arithmetic algorithms. As a demonstration, we show that Intel could haveused BDDs to detect erroneous lookup table entries in the Pentium(TM) floating point divider. Going beyond verification, we show that bit-level analysis can be used to generate a correct version of the table.

We present a new method for the symbolic construction of shortest paths in reachability graphs. Our algorithm relies on a variant of edge-valued decision diagrams that supports efficient fixed-point iterations for the joint computation of both the reachable states and their distance from the initial states. Once the distance function is known, a shortest path from an initial state to a state satisfying a given condition can be easily obtained. Using a few representative examples, we show how our algorithm is vastly superior, in terms of both memory and space, to alternative approaches that compute the same information, such as ordinary or algebraic decision diagrams.

Formal verification has become one of the most important steps in circuit design. In this context the verification of high-level Hardware Description Languages (HDLs), like VHDL, gets increasingly important. In this paper we present a complete set of datapath operations that can be formally verified based on Word-Level Decision Diagrams (WLDDs). Our techniques allow a direct translation of HDL constructs to WLDDs. We present new algorithms for WLDDs for modulo operation and division. These operations turn out to be the core of our efficient verification procedure. Furthermore, we prove upper bounds on the representation size of WLDDs guaranteeing effectiveness of the algorithms. Our verification tool is totally automatic and experimental results are given to demonstrate the efficiency of our approach. 1 Introduction Nowadays modern circuit design can contain several million transistors. For this, also verification of such large designs becomes more and more difficult, since pure simu...

Abstract not found

BDD-based symbolic model checking has been successful in verification of a wide range of systems. Recently, constraint-based approaches, which use arithmetic constraints as a symbolic representation, have been used in symbolic model checking of infinite-state systems. We argue that use of constraint-based model checking is not limited to infinite-state systems. It can also be used as an alternative to BDDbased model checking for systems with integer variables which have finite but large domains. In this paper we investigate the trade-offs between these two approaches experimentally. We compare the performance of BDD-based model checker SMV to the performance of our constraintbased model checker on verification of several asynchronous concurrent systems. The results indicate that constraint-based model checking is a viable option for verification of asynchronous concurrent systems with large integer domains.

We present the formal verification of the floating-point multiplier in the Intel IA-32 Pentium 4 microprocessor. The verification is based on a combination of theoremproving and BDD based model-checking tasks performed in a unified hardware verification environment. The tasks are tightly integrated to accomplish complete verification of the multiplier hardware coupled with the rounder logic. The approach does not rely on specialized representations like Binary Moment Diagrams or its variants.

Word-Level Decision Diagrams (WLDDs), like EVBDDs, *BMDs, HDDs, K*BMDs, are powerful tools in circuit verification. Especially for some arithmetic circuits, like multipliers, for the first time formal verification was possible using WLDDs. Beside a good variable ordering and the decomposition types the size of a WLDD essentially depends on the grouping of the outputs. In this paper we study output grouping in more detail. We give examples showing that an exponential reduction or an exponential blow-up can be obtained dependent on grouping. We describe efficient heuristics for output grouping given a circuit description in the form of a netlist. Experimental results are given to demonstrate the efficiency of our approach. 1