Results 1  10
of
14
Automatic Verification of Pipelined Microprocessor Control
, 1994
"... We describe a technique for verifying the control logic of pipelined microprocessors. It handles more complicated designs, and requires less human intervention, than existing methods. The technique automaticMly compares a pipelined implementation to an architectural description. The CPU time nee ..."
Abstract

Cited by 260 (6 self)
 Add to MetaCart
We describe a technique for verifying the control logic of pipelined microprocessors. It handles more complicated designs, and requires less human intervention, than existing methods. The technique automaticMly compares a pipelined implementation to an architectural description. The CPU time needed for verification is independent of the data path width, the register file size, and the number of ALU operations.
Multiway Decision Graphs for Automated Hardware Verification
, 1996
"... Traditional ROBDDbased methods of automated verification suffer from the drawback that they require a binary representation of the circuit. To overcome this limitation we propose a broader class of decision graphs, called Multiway Decision Graphs (MDGs), of which ROBDDs are a special case. With MDG ..."
Abstract

Cited by 77 (14 self)
 Add to MetaCart
Traditional ROBDDbased methods of automated verification suffer from the drawback that they require a binary representation of the circuit. To overcome this limitation we propose a broader class of decision graphs, called Multiway Decision Graphs (MDGs), of which ROBDDs are a special case. With MDGs, a data value is represented by a single variable of abstract type, rather than by 32 or 64 boolean variables, and a data operation is represented by an uninterpreted function symbol. MDGs are thus much more compact than ROBDDs, and this greatly increases the range of circuits that can be verified. We give algorithms for MDG manipulation, and for implicit state enumeration using MDGs. We have implemented an MDG package and provide experimental results.
Effective Theorem Proving for Hardware Verification
, 1994
"... . The attractiveness of using theorem provers for system design verification lies in their generality. The major practical challenge confronting theorem proving technology is in combining this generality with an acceptable degree of automation. We describe an approach for enhancing the effectiveness ..."
Abstract

Cited by 37 (6 self)
 Add to MetaCart
. The attractiveness of using theorem provers for system design verification lies in their generality. The major practical challenge confronting theorem proving technology is in combining this generality with an acceptable degree of automation. We describe an approach for enhancing the effectiveness of theorem provers for hardware verification through the use of efficient automatic procedures for rewriting, arithmetic and equality reasoning, and an offtheshelf BDDbased propositional simplifier. These automatic procedures can be combined into generalpurpose proof strategies that can efficiently automate a number of proofs including those of hardware correctness. The inference procedures and proof strategies have been implemented in the PVS verification system. They are applied to several examples including an Nbit adder, the Saxe pipelined processor, and the benchmark Tamarack microprocessor design. These examples illustrate the basic design philosophy underlying PVS where powerful...
A Practical Method for Rigorously Controllable Hardware Design
 ZUM’97: The Z Formal Specification Notation, volume 1212 of LNCS
, 1996
"... We describe a method for rigorously specifying and verifying the control of pipelined microprocessors which can be used by the hardware designer for a precise documentation and justification of the correctness of his design techniques. We proceed by successively refining a oneinstructionatatime ..."
Abstract

Cited by 21 (3 self)
 Add to MetaCart
We describe a method for rigorously specifying and verifying the control of pipelined microprocessors which can be used by the hardware designer for a precise documentation and justification of the correctness of his design techniques. We proceed by successively refining a oneinstructionatatimeview of a RISC processor to a description of its pipelined implementation; the structure of the refinement hierarchy is determined by standard instruction pipelining principles (grouped following the kind of conflict they are designed to avoid: structural hazards, data hazards and control hazards). We illustrate our approach through a formal specification with correctness proof of Hennessy and Patterson's RISC processor DLX but the method can be extended to complex commercial microprocessor design where traditional or purely automatic methods do not scale up. The specification method supports incremental design techniques; the modular proof method offers reusing proofs and supports the designer's intuitive reasoning.
Experiments in Automating Hardware Verification using Inductive Proof Planning
, 1996
"... We present a new approach to automating the verification of hardware designs based on planning techniques. A database of methods is developed that combines tactics, which construct proofs, using specifications of their behaviour. Given a verification problem, a planner uses the method database to ..."
Abstract

Cited by 13 (6 self)
 Add to MetaCart
We present a new approach to automating the verification of hardware designs based on planning techniques. A database of methods is developed that combines tactics, which construct proofs, using specifications of their behaviour. Given a verification problem, a planner uses the method database to build automatically a specialised tactic to solve the given problem. User interaction is limited to specifying circuits and their properties and, in some cases, suggesting lemmas. We have implemented our work in an extension of the Clam proof planning system. We report on this and its application to verifying a variety of combinational and synchronous sequential circuits including a parameterised multiplier design and a simple computer microprocessor.
Embedded software verification using symbolic execution and uninterpreted functions
 INT. J. PARALLEL PROGRAM
, 2004
"... Symbolic simulation and uninterpreted functions have long been staple techniques for formal hardware verification. In recent years, we have adapted these techniques for the automatic, formal verification of lowlevel embedded software — specifically, checking the equivalence of different versions of ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
Symbolic simulation and uninterpreted functions have long been staple techniques for formal hardware verification. In recent years, we have adapted these techniques for the automatic, formal verification of lowlevel embedded software — specifically, checking the equivalence of different versions of assemblylanguage programs. Our approach, though limited in scalability, has proven particularly promising for the intricate code optimizations and complex architectures typical of highperformance embedded software, such as for DSPs and VLIW processors. Indeed, one of our key findings was how easy it was to create or retarget our verification tools to different, even very complex, machines. The resulting tools automatically verified or found previously unknown bugs in several small sequences of industrial and published example code. This paper provides an introduction to these techniques and a review of our results.
A Correctness Proof for Pipelining in RISC Architectures
, 1996
"... We describe a technique for specifying and verifying the control of pipelined microprocessors which can be used where traditional or purely automatic methods do not scale up to complex commercial microprocessor design. We illustrate our approach through a formal specification of Hennessy's and Patte ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
We describe a technique for specifying and verifying the control of pipelined microprocessors which can be used where traditional or purely automatic methods do not scale up to complex commercial microprocessor design. We illustrate our approach through a formal specification of Hennessy's and Patterson's RISC processor DLX [HP90] for which we prove the correctness of its pipelined model with respect to the sequential model. First we concentrate our attention on the provably correct refinement of the sequential ground model DLX to the pipelined parallel version DLX p in which structural hazards (resource conflicts) are eliminated. Then we extend the result to the model DLX data in which also data hazards for not jump instructions are treated. The next step consists of building the model DLX ctrl in which control hazards are eliminated. In the last step we define DLX pipe and prove that it refines DLX ctrl correctly and takes care also of data hazards relative to jump instruct...
Automatic Generation of Invariants in Processor Verification
 In FMCAD '96, volume 1166 of LNCS
, 1996
"... A central task in formal verification is the definition of invariants, which characterize the reachable states of the system. When a system is finitestate, invariants can be discovered automatically. ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
A central task in formal verification is the definition of invariants, which characterize the reachable states of the system. When a system is finitestate, invariants can be discovered automatically.
Ground Temporal Logic: A Logic for Hardware Verification
 ComputerAided Verification (CAV '94), LNCS 818
, 1994
"... We present a new temporal logic, GTL, appropriate for specifying properties of hardware at the register transfer level. We argue that this logic represents an improvement over model checking for some natural hardware verification problems. We show that the validity problem for this logic is \Pi 1 1 ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
We present a new temporal logic, GTL, appropriate for specifying properties of hardware at the register transfer level. We argue that this logic represents an improvement over model checking for some natural hardware verification problems. We show that the validity problem for this logic is \Pi 1 1 complete. We then identify a fragment of the logic that is decidable. We show that in this fragment we are still able to encode many interesting problems, including the correctness of pipelined microprocessors. 1 Introduction Temporal logic is a natural logic for hardware verification. Specifically model checking for various propositional temporal logics has proven to be a very practical tool for the fully automatic verification of many hardware circuits and finite state protocols. However these approaches suffer from various drawbacks. One such drawback is the requirement that hardware implementations be carried out to the bitlevel. This can lead to the state explosion problem as the numb...