Results 1  10
of
17
BitLevel Analysis of an SRT Divider Circuit
 IN PROCEEDINGS OF THE 33RD DESIGN AUTOMATION CONFERENCE, PAGES 661665, LAS VEGAS, NV
, 1995
"... It is impractical to verify multiplier or divider circuits entirely at the bitlevel using ordered Binary Decision Diagrams (BDDs), because the BDD representations for these functions grow exponentially with the word size. It is possible, however, to analyze individual stages of these circuits using ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
It is impractical to verify multiplier or divider circuits entirely at the bitlevel using ordered Binary Decision Diagrams (BDDs), because the BDD representations for these functions grow exponentially with the word size. It is possible, however, to analyze individual stages of these circuits using BDDs. Such analysis can be helpful when implementing complex arithmetic algorithms. As a demonstration, we show that Intel could haveused BDDs to detect erroneous lookup table entries in the Pentium(TM) floating point divider. Going beyond verification, we show that bitlevel analysis can be used to generate a correct version of the table.
Verification of All Circuits in a FloatingPoint Unit Using WordLevel Model Checking
 In Proceedings of the Formal Methods on ComputerAided Design
, 1996
"... This paper presents the formal verification of all subcircuits in a floatingpoint arithmetic unit (FPU) from an Intel microprocessor using a wordlevel model checker. This work represents the first largescale application of wordlevel model checking techniques. The FPU can perform addition, subtra ..."
Abstract

Cited by 23 (7 self)
 Add to MetaCart
This paper presents the formal verification of all subcircuits in a floatingpoint arithmetic unit (FPU) from an Intel microprocessor using a wordlevel model checker. This work represents the first largescale application of wordlevel model checking techniques. The FPU can perform addition, subtraction, multiplication, square root, division, remainder, and rounding operations; verifying such a broad range of functionality required coupling the model checker with a number of other techniques, such as property decomposition, propertyspecific model extraction, and latch removal. We will illustrate our verification techniques using the Weitek WTL3170/3171 Sparc floating point coprocessor as an example. The principal contribution of this paper is a practical verification methodology explaining what techniques to apply (and where to apply them) when verifying floatingpoint arithmetic circuits. We have applied our methods to the floatingpoint unit of a stateoftheart Intel microprocesso...
FORMAL HARDWARE VERIFICATION BY SYMBOLIC TRAJECTORY EVALUATION
, 1997
"... Formal verification uses a set of languages, tools, and techniques to mathematically reason about the correctness of a hardware system. The form of mathematical reasoning is dependent upon the hardware system. This thesis concentrates on hardware systems that have a simple deterministic highlevel s ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
Formal verification uses a set of languages, tools, and techniques to mathematically reason about the correctness of a hardware system. The form of mathematical reasoning is dependent upon the hardware system. This thesis concentrates on hardware systems that have a simple deterministic highlevel specification but have implementations that exhibit highly nondeterministic behaviors. A typical example of such hardware systems are processors. At the high level, the sequencing model inherent in processors is the sequential execution model. The underlying implementation, however, uses features such as nondeterministic interface protocols, instruction pipelines, and multiple instruction issue which leads to nondeterministic behaviors. The goal is to develop a methodology with which a designer can show that a circuit fulfills the abstract specification of the desired system behavior. The abstract specification describes the highlevel behavior of the system independent of any timing or implementation details. The natural specification of a processor is the instruction set architecture. The specification is defined as a set of abstract assertions defining the effect of each operation on the uservisible state. An implementation mapping is used to relate abstract states to detailed circuit states. The mapping captures the microarchitecture of an implementation of the processor. Symbolic Trajectory Evaluation is used to verify that the circuit fulfills each individual abstract assertion under the implementation mapping. Symbolic Trajectory Evaluation can be considered to be a hybrid approach based on symbolic simulation and model checking algorithms. The methodology has been applied to the fixed point unit of a superscalar processor that implements the PowerPC architecture. The processor represents a significant leap of complexity compared to previous attempts at formal verification of processors. Our approach seems to be the first one that can truly deal with the complexity of pipeline interlocks.
Verification of FloatingPoint Adders
 LECTURE NOTES IN COMPUTER SCIENCE
, 1998
"... The floatingpoint(FP) division bug in Intel's Pentium processor and the overflow flag erratum of the FIST instruction in Intel's Pentium Pro and Pentium II processor have demonstrated the importance and the difficulty of verifying FP arithmetic circuits. In this paper, we present the v ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
(Show Context)
The floatingpoint(FP) division bug in Intel's Pentium processor and the overflow flag erratum of the FIST instruction in Intel's Pentium Pro and Pentium II processor have demonstrated the importance and the difficulty of verifying FP arithmetic circuits. In this paper, we present the verification of FP adders with reusable specifications, using extended wordlevel SMV, which is improved by using the Multiplicative Power HDDs (*PHDDs), and by incorporating conditional symbolic simulation as well as a shortcircuiting technique. Based on the case analysis, the specifications of FP adders are divided into several hundreds of implementationindependent subspecifications. We applied our system and these specifications to verify the IEEE double precision FP adder in the Aurora III Chip at the University of Michigan. Our system found several design errors in this FP adder and generated one counterexample for each error within several minutes. A variant of the corrected FP adder is created to illustrate the capability of our system to handle different FP adder designs. For each of FP adders, the verification task finished in 2 CPU hours on a Sun UltraSPARCII server.
Equivalence checking of integer multipliers
 Proceedings of the 2001 Conference on Asia South Pacific Design Automation, 2001, Page(s
"... Abstract — In this paper, we address on equivalence checking of integer multipliers, especially for the multipliers without structure similarity. Our approach is based on Hamaguchi’s backward substitution method with the following improvements: (1) automatic identification of components to form prop ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
(Show Context)
Abstract — In this paper, we address on equivalence checking of integer multipliers, especially for the multipliers without structure similarity. Our approach is based on Hamaguchi’s backward substitution method with the following improvements: (1) automatic identification of components to form proper cut points and thus dramatically improve the backward substitution process, (2) a layeredbackward substitution algorithm to reduce the number of substitutions, and (3) Multiplicative Power Hybrid Decision Diagrams(*PHDDs) as our wordlevel representation rather than *BMD in Hamaguchi’s approach. Experimental results show that our approach can efficiently check the equivalence of two integer multipliers. To verify the equivalence of a array multiplier versus a Wallace tree multiplier, our approach takes about 57 CPU seconds using 11 Mbytes, while Stanion’s approach took 21027 seconds using 130 MBytes. We also show that the complexity of our approach is upper bounded by, where is the word size, but our experimental results show that the complexity of our approach grows cubically. I.
An Efficient Graph Representation for Arithmetic Circuit Verification
, 2001
"... In this paper, we propose a new data structure, called Multiplicative Power Hybrid Decision Diagrams (*PHDDs), to provide a compact representation for functions that map Boolean vectors into integer or floatingpoint values. The size of the graph to represent the IEEE floatingpoint encoding is line ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
In this paper, we propose a new data structure, called Multiplicative Power Hybrid Decision Diagrams (*PHDDs), to provide a compact representation for functions that map Boolean vectors into integer or floatingpoint values. The size of the graph to represent the IEEE floatingpoint encoding is linear with the word size. The complexity of floatingpoint multiplication grows linearly with the word size. The complexity of floatingpoint addition grows exponentially with the size of the exponent part, but linearly with the size of the mantissa part. We applied *PHDDs to verify integer multipliers and floatingpoint multipliers before the rounding stage, based on a hierarchical verification approach. For integer multipliers, our results are at least 6 times faster than *BMDs. Previous attempts at verifying floatingpoint multipliers required manual intervention, but we verified oatingpoint multipliers before the rounding stage automatically.
Ordered Binary Decision Diagrams and Their Significance in ComputerAided Design of VLSI Circuits  a Survey
, 1998
"... Many problems in computeraided design of highly integrated circuits (CAD for VLSI) can be transformed to the task of manipulating objects over finite domains. The efficiency of these operations depends substantially on the chosen data structures. In the last years, ordered binary decision diagra ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Many problems in computeraided design of highly integrated circuits (CAD for VLSI) can be transformed to the task of manipulating objects over finite domains. The efficiency of these operations depends substantially on the chosen data structures. In the last years, ordered binary decision diagrams (OBDDs) have proven to be a very efficient data structure in this context. Here, we give a survey on these developments and stress the deep interactions between basic research and practically relevant applied research with its immediate impact on the performance improvement of modern CAD design and verification tools.
Provably faithful evaluation of polynomials
 In Proceedings of the 21st Annual ACM Symposium on Applied Computing
, 2006
"... We provide sufficient conditions that formally guarantee that the floatingpoint computation of a polynomial evaluation is faithful. To this end, we develop a formalization of floatingpoint numbers and rounding modes in the Program Verification System (PVS). Our work is based on a wellknown formali ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
We provide sufficient conditions that formally guarantee that the floatingpoint computation of a polynomial evaluation is faithful. To this end, we develop a formalization of floatingpoint numbers and rounding modes in the Program Verification System (PVS). Our work is based on a wellknown formalization of floatingpoint arithmetic in the proof assistant Coq, where polynomial evaluation has been already studied. However, thanks to the powerful proof automation provided by PVS, the sufficient conditions proposed in our work are more general than the original ones.
Mixed Control/DataFlow Representation For Modelling And Verification Of Embedded Systems
, 2002
"... Embedded system design issues become critical as implementation technologies evolve. The interaction between the control and data flow of an embedded system specification is an important consideration and, in order to cope with this aspect, a new internal design representation called Dual Flow Ne ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Embedded system design issues become critical as implementation technologies evolve. The interaction between the control and data flow of an embedded system specification is an important consideration and, in order to cope with this aspect, a new internal design representation called Dual Flow Net (DFN) is introduced and further analysed in this thesis. One of the key features of this internal representation is its tight control and data flow interaction, which is achieved by means of two new concepts. Firstly, the structure of the new DFN model is formulated employing a tripartite graph as basis, which turns out to be advantageous for modelling heterogeneous systems. Secondly, a complex domain marking scheme is used to describe the behaviour of the system, leading to better results in terms of modelling the dynamics of the embedded system specification. Structural definitions, behavioural rules and graphical representation of the new DFN model is presented in this work. Besides the
Data Assurance in Opaque Computations
"... Abstract. The chess endgame is increasingly being seen through the lens of, and therefore effectively defined by, a data ‘model ’ of itself. It is vital that such models are clearly faithful to the reality they purport to represent. This paper examines that issue and systems engineering responses to ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. The chess endgame is increasingly being seen through the lens of, and therefore effectively defined by, a data ‘model ’ of itself. It is vital that such models are clearly faithful to the reality they purport to represent. This paper examines that issue and systems engineering responses to it, using the chess endgame as the exemplar scenario. A structured survey has been carried out of the intrinsic challenges and complexity of creating endgame data by reviewing the past pattern of errors during work in progress, surfacing in publications and occurring after the data was generated. Specific measures are proposed to counter observed classes of errorrisk, including a preliminary survey of techniques for using stateoftheart verification tools to generate EGTs that are correct by construction. The approach may be applied generically beyond the game domain.