Results 1  10
of
106
Formal verification in hardware design: A survey
, 1997
"... In recent years, formal methods have emerged as an alternative approach to ensuring the quality and correctness of hardware designs, overcoming some of the limitations of traditional validation techniques such as simulation and testing. There are two main aspects to the application of formal methods ..."
Abstract

Cited by 113 (0 self)
 Add to MetaCart
In recent years, formal methods have emerged as an alternative approach to ensuring the quality and correctness of hardware designs, overcoming some of the limitations of traditional validation techniques such as simulation and testing. There are two main aspects to the application of formal methods in a design process: The formal framework used to specify desired properties of a design, and the verification techniques and tools used to reason about the relationship between a specification and a corresponding implementation. We survey a variety of frameworks and techniques which have been proposed in the literature and applied to actual designs. The specification frameworks we describe include temporal logics, predicate logic, abstraction and refinement, as well as containment between!regular languages. The verification techniques presented include model checking, automatatheoretic techniques, automated theorem proving, and approaches that integrate the above methods.
Liveness Checking as Safety Checking
 In FMICS’02: Formal Methods for Industrial Critical Systems, volume 66(2) of ENTCS
, 2002
"... Temporal logic is widely used for specifying hardware and software systems. Typically two types of properties are distinguished, safety and liveness properties. While safety can easily be checked by reachability analysis, and many e#cient checkers for safety properties exist, more sophisticated algo ..."
Abstract

Cited by 60 (5 self)
 Add to MetaCart
(Show Context)
Temporal logic is widely used for specifying hardware and software systems. Typically two types of properties are distinguished, safety and liveness properties. While safety can easily be checked by reachability analysis, and many e#cient checkers for safety properties exist, more sophisticated algorithms have always been considered to be necessary for checking liveness. In this paper we describe an e#cient translation of liveness checking problems into safety checking problems. A counter example is detected by saving a previously visited state in an additional state recording component and checking a loop closing condition. The approach handles fairness and thus extends to full LTL.
An Industrially Effective Environment for Formal Hardware Verification
 IEEE Transactions on ComputerAided Design of Integrated Circuits and Systems
, 2005
"... ..."
(Show Context)
Combining Theorem Proving and Trajectory Evaluation in an Industrial Environment
 in Proc. DAC
, 1998
"... We describe the verification of the IM: a large, complex (12,000 gates and 1100 latches) circuit that detects and marks the boundaries between Intel architecture (IA32) instructions. We verified a gatelevel model of the IM against an implementationindependent specification of IA32 instruction le ..."
Abstract

Cited by 35 (6 self)
 Add to MetaCart
(Show Context)
We describe the verification of the IM: a large, complex (12,000 gates and 1100 latches) circuit that detects and marks the boundaries between Intel architecture (IA32) instructions. We verified a gatelevel model of the IM against an implementationindependent specification of IA32 instruction lengths. We used theorem proving to to derive 56 modelchecking runs and to verify that the modelchecking runs imply that the IM meets the specification for all possible sequences of IA32 instructions. Our verification discovered eight previously unknown bugs. 1 Introduction The Intel architecture (IA32) instruction set has several hundred opcodes. The opcode length is variable, as are the lengths of operand and address displacement data. The architecture also includes the notion of prefix bytes, which change the semantics of the subsequent instruction. Two of the prefixes (h66, h67) can affect the length of the instruction. A single instruction may have multiple prefix bytes, but overall ...
Formally Verifying a Microprocessor Using a Simulation Methodology
, 1994
"... Formal verification is becoming a useful means of validating designs. We have developed a methodology for formally verifying dataintensive circuits (e.g., processors) with sophisticated timing (e.g., pipelining) against highlevel declarative specifications. Previously, formally verifying a micropro ..."
Abstract

Cited by 32 (4 self)
 Add to MetaCart
Formal verification is becoming a useful means of validating designs. We have developed a methodology for formally verifying dataintensive circuits (e.g., processors) with sophisticated timing (e.g., pipelining) against highlevel declarative specifications. Previously, formally verifying a microprocessor required the use of an automatic theorem prover, but our technique requires little more than a symbolic simulator. We have formally verified a preexisting 16bit CISC microprocessor circuit extracted from the fabricated layout. Introduction Previously, symbolic switchlevel simulation has been used to verify some small or simple dataintensive circuits (RAMs, stacks, register files, ALUs, and simple pipelines) [2, 3]. In doing so, the necessary simulation patterns were developed by hand or by using adhoc techniques, and it was then argued that the patterns were sufficient, and that their generation could be automated. We have developed sufficient theory to fully support such claims...
Formal Hardware Verification with BDDs: An Introduction
"... This paper is a brief introduction to the main paradigms for using BDDs in formal hardware verification. The paper addresses two audiences: for people doing theoretical BDD research, the paper gives a glimpse of the problems in the main application area, and ..."
Abstract

Cited by 27 (0 self)
 Add to MetaCart
(Show Context)
This paper is a brief introduction to the main paradigms for using BDDs in formal hardware verification. The paper addresses two audiences: for people doing theoretical BDD research, the paper gives a glimpse of the problems in the main application area, and
Symbolic Trajectory Evaluation
 Formal Hardware Verification
, 1996
"... ion The main problem with model checking is the state explosion problem  the state space grows exponentially with system size. Two methods have some popularity in attacking this problem: compositional methods and abstraction. While they cannot solve the problem in general, they do offer significa ..."
Abstract

Cited by 27 (6 self)
 Add to MetaCart
(Show Context)
ion The main problem with model checking is the state explosion problem  the state space grows exponentially with system size. Two methods have some popularity in attacking this problem: compositional methods and abstraction. While they cannot solve the problem in general, they do offer significant improvements in performance. The direct method of verifying that a circuit has a property f is to show the model M satisfies f . The idea behind abstraction is that instead of verifying property f of model M , we verify property f A of model MA and the answer we get helps us answer the original problem. The system MA is an abstraction of the system M . One possibility is to build an abstraction MA that is equivalent (e.g. bisimilar [48]) to M . This sometimes leads to performance advantages if the state space of MA is smaller than M . This type of abstraction would more likely be used in model comparison (e.g. as in [38]). Typically, the behaviour of an abstraction is not equivalent...
Exploiting Symmetry When Verifying TransistorLevel Circuits by Symbolic Trajectory Evaluation
, 1997
"... In this paper we describe the use of symmetry for verification of transistorlevel circuits by symbolic trajectory evaluation. We show that exploiting symmetry can allow one to verify systems several orders of magnitude larger than otherwise possible. We classify symmetries in circuits as struct ..."
Abstract

Cited by 25 (5 self)
 Add to MetaCart
In this paper we describe the use of symmetry for verification of transistorlevel circuits by symbolic trajectory evaluation. We show that exploiting symmetry can allow one to verify systems several orders of magnitude larger than otherwise possible. We classify symmetries in circuits as structural symmetries, arising from similarities in circuit structure, data symmetries, arising from similarities in the handling of data values, and mixed structuraldata symmetries. We use graph isomorphism testing and symbolic simulation to verify the symmetries in the original circuit. Using conservative approximations, we partition a circuit to expose the symmetries in its components, and construct reduced system models which can be verified efficiently. We have verified Static Random Access Memory circuits with up to 1.5 Million transistors.
Formal Verification of Content Addressable Memories using Symbolic Trajectory Evaluation
 In DAC’97
, 1997
"... In this paper we report on new techniques for verifying content addressable memories (CAMs), and demonstrate that these techniques work well for large industrial designs. It was shown in [6], that the formal verification technique of symbolic trajectory evaluation (STE) could be used successfully on ..."
Abstract

Cited by 22 (3 self)
 Add to MetaCart
(Show Context)
In this paper we report on new techniques for verifying content addressable memories (CAMs), and demonstrate that these techniques work well for large industrial designs. It was shown in [6], that the formal verification technique of symbolic trajectory evaluation (STE) could be used successfully on memory arrays. We have extended that work to verify what are perhaps the most combinatorially difficult class of memory arrays, CAMs. We use new Boolean encodings to verify CAMs, and show that these techniques scale well, in that space requirements increase linearly, or sublinearly, with the various CAM size parameters. In this paper, we describe the verification of two CAMs from a recent PowerPC TM microprocessor design, a Block Address Translation unit (BAT), and a Branch Target Address Cache unit (BTAC). The BAT is a complex CAM, with variable length bit masks. The BTAC is a 64entry, 64bits per entry, fully associative CAM and is part of the speculative instruction fetch mechanism ...
FORMAL HARDWARE VERIFICATION BY SYMBOLIC TRAJECTORY EVALUATION
, 1997
"... Formal verification uses a set of languages, tools, and techniques to mathematically reason about the correctness of a hardware system. The form of mathematical reasoning is dependent upon the hardware system. This thesis concentrates on hardware systems that have a simple deterministic highlevel s ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
Formal verification uses a set of languages, tools, and techniques to mathematically reason about the correctness of a hardware system. The form of mathematical reasoning is dependent upon the hardware system. This thesis concentrates on hardware systems that have a simple deterministic highlevel specification but have implementations that exhibit highly nondeterministic behaviors. A typical example of such hardware systems are processors. At the high level, the sequencing model inherent in processors is the sequential execution model. The underlying implementation, however, uses features such as nondeterministic interface protocols, instruction pipelines, and multiple instruction issue which leads to nondeterministic behaviors. The goal is to develop a methodology with which a designer can show that a circuit fulfills the abstract specification of the desired system behavior. The abstract specification describes the highlevel behavior of the system independent of any timing or implementation details. The natural specification of a processor is the instruction set architecture. The specification is defined as a set of abstract assertions defining the effect of each operation on the uservisible state. An implementation mapping is used to relate abstract states to detailed circuit states. The mapping captures the microarchitecture of an implementation of the processor. Symbolic Trajectory Evaluation is used to verify that the circuit fulfills each individual abstract assertion under the implementation mapping. Symbolic Trajectory Evaluation can be considered to be a hybrid approach based on symbolic simulation and model checking algorithms. The methodology has been applied to the fixed point unit of a superscalar processor that implements the PowerPC architecture. The processor represents a significant leap of complexity compared to previous attempts at formal verification of processors. Our approach seems to be the first one that can truly deal with the complexity of pipeline interlocks.