This paper presents the formal verification of all sub-circuits in a floating-point arithmetic unit (FPU) from an Intel microprocessor using a wordlevel model checker. This work represents the first large-scale application of word-level model checking techniques. The FPU can perform addition, subtraction, multiplication, square root, division, remainder, and rounding operations; verifying such a broad range of functionality required coupling the model checker with a number of other techniques, such as property decomposition, propertyspecific model extraction, and latch removal. We will illustrate our verification techniques using the Weitek WTL3170/3171 Sparc floating point coprocessor as an example. The principal contribution of this paper is a practical verification methodology explaining what techniques to apply (and where to apply them) when verifying floating-point arithmetic circuits. We have applied our methods to the floating-point unit of a state-of-the-art Intel microprocesso...

It is impractical to verify multiplier or divider circuits entirely at the bit-level using ordered Binary Decision Diagrams (BDDs), because the BDD representations for these functions grow exponentially with the word size. It is possible, however, to analyze individual stages of these circuits using BDDs. Such analysis can be helpful when implementing complex arithmetic algorithms. As a demonstration, we show that Intel could haveused BDDs to detect erroneous lookup table entries in the Pentium(TM) floating point divider. Going beyond verification, we show that bit-level analysis can be used to generate a correct version of the table.

Formal verification uses a set of languages, tools, and techniques to mathematically reason about the correctness of a hardware system. The form of mathematical reasoning is dependent upon the hardware system. This thesis concentrates on hardware systems that have a simple deterministic high-level specification but have implementations that exhibit highly nondeterministic behaviors. A typical example of such hardware systems are processors. At the high level, the sequencing model inherent in processors is the sequential execution model. The underlying implementation, however, uses features such as nondeterministic interface protocols, instruction pipelines, and multiple instruction issue which leads to nondeterministic behaviors. The goal is to develop a methodology with which a designer can show that a circuit fulfills the abstract specification of the desired system behavior. The abstract specification describes the highlevel behavior of the system independent of any timing or implem...

In this paper, we propose a new data structure, called Multiplicative Power Hybrid Decision Diagrams (*PHDDs), to provide a compact representation for functions that map Boolean vectors into integer or floating-point values. The size of the graph to represent the IEEE floating-point encoding is linear with the word size. The complexity of floating-point multiplication grows linearly with the word size. The complexity of floating-point addition grows exponentially with the size of the exponent part, but linearly with the size of the mantissa part. We applied *PHDDs to verify integer multipliers and floating-point multipliers before the rounding stage, based on a hierarchical verification approach. For integer multipliers, our results are at least 6 times faster than *BMDs. Previous attempts at verifying floating-point multipliers required manual intervention, but we verified oating-point multipliers before the rounding stage automatically.

In this paper, we address on equivalence checking of integer multipliers, especially for the multipliers without structure similarity. Our approach is based on Hamaguchi's backward substitution method with the following improvements: (1) automatic identification of components to form proper cut points and thus dramatically improve the backward substitution process, (2) a layered-backward substitution algorithm to reduce the number of substitutions, and (3) Multiplicative Power Hybrid Decision Diagrams (*PHDDs) as our word-level representation rather than *BMD in Hamaguchi's approach. Experimental results show that our approach can efficiently check the equivalence of two integer multipliers. To verify the equivalence of a array multiplier versus a Wallace tree multiplier, our approach takes about 57 CPU seconds using 11 Mbytes, while Stanion's approach took 21027 seconds using 130 MBytes. We also show that the complexity of our approach is upper bounded by 31 , where is the word size, but our experimental results show that the complexity of our approach grows cubically lly .

We provide sufficient conditions that formally guarantee that the floating-point computation of a polynomial evaluation is faithful. To this end, we develop a formalization of floatingpoint numbers and rounding modes in the Program Verification System (PVS). Our work is based on a well-known formalization of floating-point arithmetic in the proof assistant Coq, where polynomial evaluation has been already studied. However, thanks to the powerful proof automation provided by PVS, the sufficient conditions proposed in our work are more general than the original ones.

FACULTY OF ENGINEERING ELECTRONICS AND COMPUTER SCIENCE DEPARTMENT MPhil/PhD Transfer Report Mixed Control/Data-Flow Representation for Modelling and Verification of Embedded Systems by Mauricio Varea Embedded system design issues become critical as implementation technologies evolve. The interaction between the control and data flow of an embedded system specification is an important consideration and, in order to cope with this aspect, a new internal design representation called Dual Flow Net (DFN) is introduced and further analysed in this thesis. One of the key features of this internal representation is its tight control and data flow interaction, which is achieved by means of two new concepts. Firstly, the structure of the new DFN model is formulated employing a tripartite graph as basis, which turns out to be advantageous for modelling heterogeneous systems. Secondly, a complex domain marking scheme is used to describe the behaviour of the system, leading to better results in terms of modelling the dynamics of the embedded system specification. Structural definitions, behavioural rules and graphical representation of the new DFN model is presented in this work.

Many problems in computer-aided design of highly integrated circuits (CAD for VLSI) can be transformed to the task of manipulating objects over finite domains. The efficiency of these operations depends substantially on the chosen data structures. In the last years, ordered binary decision diagrams (OBDDs) have proven to be a very efficient data structure in this context. Here, we give a survey on these developments and stress the deep interactions between basic research and practically relevant applied research with its immediate impact on the performance improvement of modern CAD design and verification tools.

Introduction The most significant mathematical development in 1994 occurred near the end of the year, when Andrew Wiles (Princeton University) presented a revised proof of Fermat's last theorem, a year and a half after his first announcement of a proof and almost a year after he admitted that the first proof contained a gap. Other mathematical developments and discoveries included further progress on another conjecture in number theory, the Goldbach conjecture; the revelation that the Intel Pentium computer chip makes numerical errors; the factoring of a 129-digit integer that had been set as a challenge problem; the first example of "molecular computing" to solve a mathematical problem; and an argument over whether a sphere-packing conjecture has been proved. In an unprecedented achievement, each of the six members of the U.S. team of high-school students participating in the International Mathematical Olympiad earned a perfect score in the competition. In June 1993, after seven ye

Abstract. The chess endgame is increasingly being seen through the lens of, and therefore effectively defined by, a data ‘model ’ of itself. It is vital that such models are clearly faithful to the reality they purport to represent. This paper examines that issue and systems engineering responses to it, using the chess endgame as the exemplar scenario. A structured survey has been carried out of the intrinsic challenges and complexity of creating endgame data by reviewing the past pattern of errors during work in progress, surfacing in publications and occurring after the data was generated. Specific measures are proposed to counter observed classes of error-risk, including a preliminary survey of techniques for using state-of-the-art verification tools to generate EGTs that are correct by construction. The approach may be applied generically beyond the game domain.