Results 1  10
of
75
Liveness Checking as Safety Checking
 In FMICS’02: Formal Methods for Industrial Critical Systems, volume 66(2) of ENTCS
, 2002
"... Temporal logic is widely used for specifying hardware and software systems. Typically two types of properties are distinguished, safety and liveness properties. While safety can easily be checked by reachability analysis, and many e#cient checkers for safety properties exist, more sophisticated algo ..."
Abstract

Cited by 42 (4 self)
 Add to MetaCart
Temporal logic is widely used for specifying hardware and software systems. Typically two types of properties are distinguished, safety and liveness properties. While safety can easily be checked by reachability analysis, and many e#cient checkers for safety properties exist, more sophisticated algorithms have always been considered to be necessary for checking liveness. In this paper we describe an e#cient translation of liveness checking problems into safety checking problems. A counter example is detected by saving a previously visited state in an additional state recording component and checking a loop closing condition. The approach handles fairness and thus extends to full LTL.
An industrially effective environment for formal hardware verification
 IEEE Transactions on ComputerAided Design of Integrated Circuits and Systems
, 2005
"... This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author’s copyrig ..."
Abstract

Cited by 32 (5 self)
 Add to MetaCart
This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author’s copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
Combining Theorem Proving and Trajectory Evaluation in an Industrial Environment
 in Proc. DAC
, 1998
"... We describe the verification of the IM: a large, complex (12,000 gates and 1100 latches) circuit that detects and marks the boundaries between Intel architecture (IA32) instructions. We verified a gatelevel model of the IM against an implementationindependent specification of IA32 instruction le ..."
Abstract

Cited by 31 (6 self)
 Add to MetaCart
We describe the verification of the IM: a large, complex (12,000 gates and 1100 latches) circuit that detects and marks the boundaries between Intel architecture (IA32) instructions. We verified a gatelevel model of the IM against an implementationindependent specification of IA32 instruction lengths. We used theorem proving to to derive 56 modelchecking runs and to verify that the modelchecking runs imply that the IM meets the specification for all possible sequences of IA32 instructions. Our verification discovered eight previously unknown bugs. 1 Introduction The Intel architecture (IA32) instruction set has several hundred opcodes. The opcode length is variable, as are the lengths of operand and address displacement data. The architecture also includes the notion of prefix bytes, which change the semantics of the subsequent instruction. Two of the prefixes (h66, h67) can affect the length of the instruction. A single instruction may have multiple prefix bytes, but overall ...
Symbolic Trajectory Evaluation
 Formal Hardware Verification
, 1996
"... ion The main problem with model checking is the state explosion problem  the state space grows exponentially with system size. Two methods have some popularity in attacking this problem: compositional methods and abstraction. While they cannot solve the problem in general, they do offer significa ..."
Abstract

Cited by 26 (6 self)
 Add to MetaCart
ion The main problem with model checking is the state explosion problem  the state space grows exponentially with system size. Two methods have some popularity in attacking this problem: compositional methods and abstraction. While they cannot solve the problem in general, they do offer significant improvements in performance. The direct method of verifying that a circuit has a property f is to show the model M satisfies f . The idea behind abstraction is that instead of verifying property f of model M , we verify property f A of model MA and the answer we get helps us answer the original problem. The system MA is an abstraction of the system M . One possibility is to build an abstraction MA that is equivalent (e.g. bisimilar [48]) to M . This sometimes leads to performance advantages if the state space of MA is smaller than M . This type of abstraction would more likely be used in model comparison (e.g. as in [38]). Typically, the behaviour of an abstraction is not equivalent...
Formally Verifying a Microprocessor Using a Simulation Methodology
, 1994
"... Formal verification is becoming a useful means of validating designs. We have developed a methodology for formally verifying dataintensive circuits (e.g., processors) with sophisticated timing (e.g., pipelining) against highlevel declarative specifications. Previously, formally verifying a micropro ..."
Abstract

Cited by 25 (4 self)
 Add to MetaCart
Formal verification is becoming a useful means of validating designs. We have developed a methodology for formally verifying dataintensive circuits (e.g., processors) with sophisticated timing (e.g., pipelining) against highlevel declarative specifications. Previously, formally verifying a microprocessor required the use of an automatic theorem prover, but our technique requires little more than a symbolic simulator. We have formally verified a preexisting 16bit CISC microprocessor circuit extracted from the fabricated layout. Introduction Previously, symbolic switchlevel simulation has been used to verify some small or simple dataintensive circuits (RAMs, stacks, register files, ALUs, and simple pipelines) [2, 3]. In doing so, the necessary simulation patterns were developed by hand or by using adhoc techniques, and it was then argued that the patterns were sufficient, and that their generation could be automated. We have developed sufficient theory to fully support such claims...
Formal Hardware Verification with BDDs: An Introduction
"... This paper is a brief introduction to the main paradigms for using BDDs in formal hardware verification. The paper addresses two audiences: for people doing theoretical BDD research, the paper gives a glimpse of the problems in the main application area, and ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
This paper is a brief introduction to the main paradigms for using BDDs in formal hardware verification. The paper addresses two audiences: for people doing theoretical BDD research, the paper gives a glimpse of the problems in the main application area, and
Exploiting Symmetry When Verifying TransistorLevel Circuits by Symbolic Trajectory Evaluation
, 1997
"... In this paper we describe the use of symmetry for verification of transistorlevel circuits by symbolic trajectory evaluation. We show that exploiting symmetry can allow one to verify systems several orders of magnitude larger than otherwise possible. We classify symmetries in circuits as struct ..."
Abstract

Cited by 23 (5 self)
 Add to MetaCart
In this paper we describe the use of symmetry for verification of transistorlevel circuits by symbolic trajectory evaluation. We show that exploiting symmetry can allow one to verify systems several orders of magnitude larger than otherwise possible. We classify symmetries in circuits as structural symmetries, arising from similarities in circuit structure, data symmetries, arising from similarities in the handling of data values, and mixed structuraldata symmetries. We use graph isomorphism testing and symbolic simulation to verify the symmetries in the original circuit. Using conservative approximations, we partition a circuit to expose the symmetries in its components, and construct reduced system models which can be verified efficiently. We have verified Static Random Access Memory circuits with up to 1.5 Million transistors.
Formal Verification of Content Addressable Memories using Symbolic Trajectory Evaluation
 In DAC’97
, 1997
"... In this paper we report on new techniques for verifying content addressable memories (CAMs), and demonstrate that these techniques work well for large industrial designs. It was shown in [6], that the formal verification technique of symbolic trajectory evaluation (STE) could be used successfully on ..."
Abstract

Cited by 20 (3 self)
 Add to MetaCart
In this paper we report on new techniques for verifying content addressable memories (CAMs), and demonstrate that these techniques work well for large industrial designs. It was shown in [6], that the formal verification technique of symbolic trajectory evaluation (STE) could be used successfully on memory arrays. We have extended that work to verify what are perhaps the most combinatorially difficult class of memory arrays, CAMs. We use new Boolean encodings to verify CAMs, and show that these techniques scale well, in that space requirements increase linearly, or sublinearly, with the various CAM size parameters. In this paper, we describe the verification of two CAMs from a recent PowerPC TM microprocessor design, a Block Address Translation unit (BAT), and a Branch Target Address Cache unit (BTAC). The BAT is a complex CAM, with variable length bit masks. The BTAC is a 64entry, 64bits per entry, fully associative CAM and is part of the speculative instruction fetch mechanism ...
Formal Hardware Verification By Symbolic Trajectory Evaluation
, 1997
"... Formal verification uses a set of languages, tools, and techniques to mathematically reason about the correctness of a hardware system. The form of mathematical reasoning is dependent upon the hardware system. This thesis concentrates on hardware systems that have a simple deterministic highlevel s ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
Formal verification uses a set of languages, tools, and techniques to mathematically reason about the correctness of a hardware system. The form of mathematical reasoning is dependent upon the hardware system. This thesis concentrates on hardware systems that have a simple deterministic highlevel specification but have implementations that exhibit highly nondeterministic behaviors. A typical example of such hardware systems are processors. At the high level, the sequencing model inherent in processors is the sequential execution model. The underlying implementation, however, uses features such as nondeterministic interface protocols, instruction pipelines, and multiple instruction issue which leads to nondeterministic behaviors. The goal is to develop a methodology with which a designer can show that a circuit fulfills the abstract specification of the desired system behavior. The abstract specification describes the highlevel behavior of the system independent of any timing or implem...
Collection of HighLevel Microprocessor Bugs from Formal Verification of Pipelined and Superscalar Designs
, 2003
"... The paper presents a collection of 93 different bugs, detected in formal verification of 65 student designs that include: 1) singleissue pipelined DLX processors; 2) extensions with exceptions and branch prediction; and 3) dualissue superscalar implementations. The processors were described in a hi ..."
Abstract

Cited by 17 (4 self)
 Add to MetaCart
The paper presents a collection of 93 different bugs, detected in formal verification of 65 student designs that include: 1) singleissue pipelined DLX processors; 2) extensions with exceptions and branch prediction; and 3) dualissue superscalar implementations. The processors were described in a highlevel HDL, and were formally verified with an automatic tool flow. The bugs are analyzed and classified, and can be used in research on microprocessor testing.