Results 11  20
of
43
Relational STE and theorem proving for formal verification of industrial circuit designs
 Formal Methods in ComputerAided Design (FMCAD 2013
, 2013
"... Abstract—Model checking by symbolic trajectory evaluation, orchestrated in a flexible functionalprogramming framework, is a wellestablished technology for correctness verification of industrialscale circuit designs. Most verifications in this domain require decomposition into subproblems that sym ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract—Model checking by symbolic trajectory evaluation, orchestrated in a flexible functionalprogramming framework, is a wellestablished technology for correctness verification of industrialscale circuit designs. Most verifications in this domain require decomposition into subproblems that symbolic trajectory evaluation can handle, and deductive theorem proving has long been proposed as a complement to symbolic trajectory evaluation to enable such compositional reasoning. This paper describes an approach to verification by symbolic simulation, called Relational STE, that raises verification properties to the purely logical level suitable for compositional reasoning in a theorem prover. We also introduce a new deductive theorem prover, called Goaled, that has been integrated into Intel’s Forte verification framework for this purpose. We illustrate the effectiveness of this combination of technologies by describing a general framework, accessible to nonexperts, that is widely used for verification and regression validation of integer multipliers at Intel. I.
Efficient Automatic STE Refinement Using Responsibility
"... Abstract. Symbolic Trajectory Evaluation (STE) is a powerful technique for hardware model checking. It is based on 3valued symbolic simulation, using 0,1, and X (“unknown”). X is used to abstract away values of circuit nodes, thus reducing memory and runtime of STE runs. The abstraction is derived ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Symbolic Trajectory Evaluation (STE) is a powerful technique for hardware model checking. It is based on 3valued symbolic simulation, using 0,1, and X (“unknown”). X is used to abstract away values of circuit nodes, thus reducing memory and runtime of STE runs. The abstraction is derived from a given user specification. An STE run results in “pass ” (1), if the circuit satisfies the specification, “fail ” (0) if the circuit falsifies it, and “unknown ” (X), if the abstraction is too coarse to determine either of the two. In the latter case, refinement is needed: The X values of some of the abstracted inputs should be replaced. The main difficulty is to choose an appropriate subset of these inputs that will help to eliminate the “unknown” STE result, while avoiding an unnecessary increase in memory and runtime. The common approach to this problem is to manually choose these inputs. This work suggests a novel approach to automatic refinement for STE, which is based on the notion of responsibility. For each input with X value we compute its Degree of Responsibility (DoR) to the “unknown ” STE result. We then refine those inputs whose DoR is maximal. We implemented an efficient algorithm, which is linear in the size of the circuit, for computing the approximate DoR of inputs. We used it for refinements for STE on several circuits and specifications. Our experimental results show that DoR is a very useful device for choosing inputs for refinement. In comparison with previous works on automatic refinement, our computation of the refinement set is faster, STE needs fewer refinement iterations and uses less overall memory and time. 1
Integrating model checking and theorem proving in a reflective functional language
 In IFM
, 2004
"... Abstract. Forte is a formal verification system developed by Intel’s Strategic CAD Labs for applications in hardware design and verification. Forte integrates model checking and theorem proving within a functional programming language, which both serves as an extensible specification language and al ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Forte is a formal verification system developed by Intel’s Strategic CAD Labs for applications in hardware design and verification. Forte integrates model checking and theorem proving within a functional programming language, which both serves as an extensible specification language and allows the system to be scripted and customized. The latest version of this language, called reFLect, has quotation and antiquotation constructs that build and decompose expressions in the language itself. This provides combination of patternmatching and reflection features tailored especially for the Forte approach to verification. This short paper is an abstract of an invited presentation given at the International Conference on Integrated Formal Methods in 2004, in which the philosophy and architecture of the Forte system are described and an account is given of the role of reFLect in the system. 1 The Forte Verification Environment Forte [17] is a formal verification environment that has been very effective on
Optimizing Automatic Abstraction Refinement for Generalized Symbolic Trajectory Evaluation
 DAC 2008
, 2008
"... In this paper, we present a suite of optimizations targeting automatic abstraction refinement for Generalized Symbolic Trajectory Evaluation (GSTE). We optimize both model refinement and spec refinement supported by AutoGSTE: a counterexampleguided refinement loop for GSTE. Experiments on a family ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
In this paper, we present a suite of optimizations targeting automatic abstraction refinement for Generalized Symbolic Trajectory Evaluation (GSTE). We optimize both model refinement and spec refinement supported by AutoGSTE: a counterexampleguided refinement loop for GSTE. Experiments on a family of benchmark circuits have shown that our optimizations lead to major efficiency improvements in verification involving abstraction refinement.
Verifying Relative Error Bounds using Symbolic Simulation
"... Abstract. In this paper we consider the problem of formally verifying hardware that is specified to compute reciprocal, reciprocal square root, and poweroftwo functions on floating point numbers to within a given relative error. Such specifications differ from the common case in which any given in ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we consider the problem of formally verifying hardware that is specified to compute reciprocal, reciprocal square root, and poweroftwo functions on floating point numbers to within a given relative error. Such specifications differ from the common case in which any given input is specified to have exactly one correct output. Our approach is based on symbolic simulation with binary decision diagrams, and involves two distinct steps. First, we prove a lemma that reduces the relative error specification to several inequalities that involve reasoning about natural numbers only. The most complex of these inequalities asserts that the product of several naturals is lessthan/greaterthan another natural. Second, we invoke one of several customized algorithms that decides the inequality, without performing the expensive symbolic multiplications directly. We demonstrate the effectiveness of our approach on a nextgeneration IntelR © processor design and report encouraging time and space metrics for these proofs. 1
Arithmetic BitLevel Verification Using Network Flow Model
"... Abstract. The paper presents a new approach to functional, bitlevel verification of arithmetic circuits. The circuit is modeled as a network of adders and basic Boolean gates, and the computation performed by the circuit is viewed as a flow of binary data through such a network. The verification pr ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. The paper presents a new approach to functional, bitlevel verification of arithmetic circuits. The circuit is modeled as a network of adders and basic Boolean gates, and the computation performed by the circuit is viewed as a flow of binary data through such a network. The verification problem is cast as a Network Flow problem and solved using symbolic term rewriting and simple algebraic techniques. Functional correctness is proved by showing that the symbolic flow computed at the primary inputs is equal to the flow computed at the primary outputs. Experimental results show a potential application of the method to certain classes of arithmetic circuits.
Combining Theorem Proving and Model Checking for Certification of Behavioral Synthesis Flows
"... Abstract—We develop a framework for certifying behavioral synthesis flows. Certification is decomposed into verified and verifying components, which are discharged by theorem proving and model checking respectively. The bridge between these components is provided by a new formal structure, clocked c ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract—We develop a framework for certifying behavioral synthesis flows. Certification is decomposed into verified and verifying components, which are discharged by theorem proving and model checking respectively. The bridge between these components is provided by a new formal structure, clocked control data flow graph (CCDFG), that serves as the golden circuit model used in this framework. We discuss how CCDFGs facilitate both theorem proving and model checking. The semantics of CCDFGs have been formalized with the ACL2 theorem prover, and the formalization used to certify generic synthesis transformations. Finally, we extend GSTE to model check synthesized netlists with respect to CCDFG specifications. I.
Selective State Retention Design using Symbolic Simulation
"... Abstract—Addressing both standby and active power is a major challenge in developing SystemonChip designs for batterypowered products. Powering off sections of logic or memories loses internal register and RAM states so designers have to weigh up the benefits and costs of implementing state rete ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract—Addressing both standby and active power is a major challenge in developing SystemonChip designs for batterypowered products. Powering off sections of logic or memories loses internal register and RAM states so designers have to weigh up the benefits and costs of implementing state retention on some or all of the power gated subsystems where state recovery has significant realtime or energy cost, compared to resetting the subsystem and reacquiring state from scratch. Library IP and EDA tools can support state retention in hardware synthesized from standard RTL, but due to the silicon area costs there is strong interest in only retaining certain selective state for example the “architectural state ” of a CPU to implement sleep modes. Currently there is no known rigourous technique for checking the integrity of selective state retention, and this is due to the complexity of checking that the correctness of the design is not compromised in any way. The complexity is exacerbated due to the interaction between the retained and the nonretained state, and exhaustive simulation rapidly becomes infeasible. This paper presents a case study based on symbolic simulation for assisting the designers to design and implement selective retention correctly. The main finding of our study is that the programmer visible state or the architectural state of the CPU needs to be implemented using retention registers whilst other microarchitectural enhancements such as pipeline registers, TLBs and caches can be implemented using normal registers without retention. This has a profound impact on power and area savings for chip design. By selectively retaining the state of the programmer’s “architectural ” model and not the increasing proportion of extra state, one can incorporate energyefficient sleep modes. To the best of our knowledge this is the first study in the area of rigourous design and implementation of selective state retention. I.
Access to Circuit Generators in Embedded HDLs
"... General purpose functional languages have been widely used as host languages for the embedding of domain specific languages, especially hardware description languages. The embedding approach provides various abstraction techniques, enabling the description of generators for whole families of circuit ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
General purpose functional languages have been widely used as host languages for the embedding of domain specific languages, especially hardware description languages. The embedding approach provides various abstraction techniques, enabling the description of generators for whole families of circuits, in particular parameterised regular circuits. The twostage language setting that is achieved by means of embedding, provides a means to reason about the generated circuits as data objects within the host language. Nonetheless, these circuit objects lack information about their generators, or about the manner in which these where generated, which can be used for placement and analysis. In this paper, we use reFLect as a functional language with reflection features, to enable us not only to access the circuits, but also the circuit generators. Through the use of code quotation and pattern matching, we propose a framework through which we can access the structure of the circuit in terms of nested blocks that map the generation flow that was followed by the generator. 1