In this paper we present several practical methods for formally verifying an Asynchronous Transfer Mode (ATM) network switching fabric using the Verification Interacting with Synthesis (VIS) tool. We produced Verilog RTL behavioral and netlist structural descriptions of the switch fabric at different levels of hierarchy and established several abstracted models of the fabric. Using various techniques presented in the paper, we provided a number of relevant liveness and safety properties expressible in CTL, and accomplished their verification in reasonable CPU time. Moreover, we performed equivalence checking between the structural and behavioral descriptions of each submodule of the implementation hierarchy.

Multiway Decision Graphs (MDGs) have recently been proposed as an efficient representation tool for RTL designs. In this paper we demonstrate the MDG-based formal verification technique on the example of the Island Tunnel Controller. We also provide comparative experimental results for the verification of a number of properties using two well-known ROBDD-based verification tools SMV (Symbolic Model verifier) and VIS (Verification Interacting with Synthesis). Finally, we study in detail the non-termination problem of the abstract state enumeration and present an solution.

The MDG system is a decision diagram based verification tool, primarily designed for hardware verification. It is based on Multiway decision diagrams---an extension of the traditional ROBDD approach. In this paper we describe the formal verification of the component library of the MDG system, using HOL. The hardware component library, whilst relatively simple, has been a source of errors in an earlier developmental version of the MDG system. Thus verifying these aspects is of real utility towards the verification of a decision digram based verification system. This work demonstrates how machine assisted proof can be of practical utility when applied to a small focused problem.

We investigate the equivalence checking of the RTL hardware implementation of the Cambridge Fairisle Asynchronous Transfer Mode (ATM) 4 by 4 switch fabric against a high-level behavioral specification which has no restrictions with respect to the frame size, cell length or word width. The verification is based on the reachability analysis of the product machine of the implementation and the specification, both modeled as Abstract State Machines (ASM). Multiway Decision Graphs (MDG) are used to encode both the output and transition relations of ASMs and the set of reachable abstract states, allowing implicit abstract state enumeration. Since MDGs avoid model explosion induce...

State Machines. The MDG tools are intended for Abstract State Machines (ASM) verification [4, 3] rather than Finite State Machine (FSM) verification. They can be used for FSMs as well, but they are less efficient than ROBDDs for this purpose, due in part to the space requirements of our current Prolog implementation. An abstract description of a state machine, called abstract state machine (ASM) [4], is obtained by letting some data input, state or output variables be of an abstract sort, and the datapath operations be uninterpreted function symbols. Just as ROBDDs for encoding FSMs, MDGs are used to compactly represent sets of (abstract) states and transition/output relations for ASMs. The MDG tools accept as hardware description a Prolog-style HDL, MDG--HDL, which allows the use of abstract variables for representing data signals. The MDG--HDL description is then compiled into the ASM model in internal MDG data structures. MDG--HDL supports structural descriptions, behavioral ASM...

Interactive formal proof and automated verification based on decision graphs are two contrasting formal hardware verification techniques. In this paper, we compare these two approaches. In particular we consider HOL and MDG. The former is an interactive theorem proving system based on higher-order logic, while the latter is an automatic system based on Multiway Decision Graphs. As the basis for our comparison we have used both systems to independently verify a fabricated ATM communications chip: the Fairisle 4 by 4 switch fabric.

Interactive formal proof and automated verification based on decision graphs are two contrasting formal hardware verification techniques. In this paper, we compare these two approaches. In particular, we consider HOL and MDG. The former is an interactive theorem-proving system based on higher-order logic, while the latter is an automatic system based on Multiway Decision Graphs. As the basis for our comparison we have used both systems to independently verify a fabricated ATM communications chip, the Fairisle 4 by 4 switch fabric.

. This paper presents a toolbox implemented in Coq and dedicated to the specification and verification of synchronous sequential devices. The use of Coq co-inductive types underpins our methodology and leads to elegant and uniform descriptions of the circuits and their behaviours as well as clear and short proofs. An application to a non trivial circuit is given as an illustration. 1 Introduction Co-induction is a powerful tool for dealing with infinite structures. It is especially well suited to prove properties about circuits where one has to cope with infinitely long temporal sequences. This work presents a general methodology to specifying and proving synchronous sequential circuits in the Calculus of Inductive Constructions (enriched with Co-inductive types) implemented in the Coq proof assistant [1]. It is a continuation of [5], where we made heavy use of dependent types. We go deeply into this direction, introducing dependent types systematically whenever this leads to m...

Multiway Decision Graphs (MDGs) [3] have been proposed as a new kind of decision graphs to represent Register-Transfer (RT) level hardware designs. MDG-based verification techniques have been developed for combinational and sequential designs. In our presentation, we shall describe the structure of the MDG tools we implemented and demonstrate their applications on a number of benchmarks including the Fairisle 4X4 ATM switch fabric. The MDG Tools comprise an MDG package that contains basic MDG operators and an application layer that implements the verification algorithms. 1 Introduction Although ROBDDs [1, 2, 4] have proven to be a powerful tool for automated hardware verification, they require a Boolean representation of the circuit. Since the size of an ROBDD grows, sometimes exponentially, with the number of Boolean variables, ROBDD-based verification cannot be directly applied to circuits with complex datapaths. We have recently proposed a new class of decision graphs called Multiw...

There exist a wide range of hardware verification tools, some based on interactive theorem proving and other more automated tools based on decision diagrams. In this paper, we compare three different verification systems covering the spectrum of today's verification technology. In particular, we consider HOL, MDG and VIS. HOL is an interactive theorem proving system based on higher-order logic. VIS is an automatic system based on ROBDDs and integrating verification with simulation and synthesis. The MDG system is an intermediate approach based on Multiway Decision Graphs providing automation while accommodating abstract data sorts, uninterpreted functions and rewriting. As the basis for our comparison we used all three systems to independently verify a fabricated ATM communications chip: the Fairisle 4 x 4 switch fabric.