Results 11  20
of
60
Automata Based Symbolic Reasoning in Hardware Verification
, 1998
"... . We present a new approach to hardware verification based on describing circuits in Monadic Secondorder Logic (M2L). We show how to use this logic to represent generic designs like nbit adders, which are parameterized in space, and sequential circuits, where time is an unbounded parameter. M2L ad ..."
Abstract

Cited by 20 (11 self)
 Add to MetaCart
. We present a new approach to hardware verification based on describing circuits in Monadic Secondorder Logic (M2L). We show how to use this logic to represent generic designs like nbit adders, which are parameterized in space, and sequential circuits, where time is an unbounded parameter. M2L admits a decision procedure, implemented in the Mona tool [17], which reduces formulas to canonical automata. The decision problem for M2L is nonelementary decidable and thus unlikely to be usable in practice. However, we have used Mona to automatically verify, or find errors in, a number of circuits studied in the literature. Previously published machine proofs of the same circuits are based on deduction and may involve substantial interaction with the user. Moreover, our approach is orders of magnitude faster for the examples considered. We show why the underlying computations are feasible and how our use of Mona generalizes standard BDDbased hardware reasoning. 1. Introduction Correctnes...
A Correctness Model for Pipelined Microprocessors
"... What does it mean for an instruction pipeline to be correct? We recently completed the specification and verification of a pipelined microprocessor called Uinta. Our proof makes no simplifying assumptions about data and control hazards. This paper presents the specification, describes the verific ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
What does it mean for an instruction pipeline to be correct? We recently completed the specification and verification of a pipelined microprocessor called Uinta. Our proof makes no simplifying assumptions about data and control hazards. This paper presents the specification, describes the verification, and discusses the effect of pipelining on the correctness model. 1 Introduction Much has been written over the years regarding the formal specification and verification of microprocessors. Most of these efforts have been directed at nonpipelined microprocessors [Gor83, Bow87, Hun87, CCLO88, Coh88, Joy88, Hun89, Win90, Her92, SWL93, Win94b]. The verification of pipelined microprocessors presents unique challenges. The correctness model is somewhat different than the standard correctness models used previously (see Section 7.1). Besides the correctness model, the concurrent operations inherent in a pipeline lead to hazards which must be considered in the proof. There are three typ...
Toward Formalizing a Validation Methodology Using Simulation Coverage
 In Proceedings of the 34 th Design Automation Conference
, 1997
"... The biggest obstacle in the formal verification of large designs is their very large state spaces, which cannot be handled even by techniques such as implicit state space traversal. The only viable solution in most cases is validation by functional simulation. Unfortunately, this has the drawbacksof ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
(Show Context)
The biggest obstacle in the formal verification of large designs is their very large state spaces, which cannot be handled even by techniques such as implicit state space traversal. The only viable solution in most cases is validation by functional simulation. Unfortunately, this has the drawbacksof high computational requirements due to the large number of test vectors needed, and the lack of adequate coverage measures to characterize the quality of a given test set. To overcome these limitations, there has been recent interest in hybrid techniques which combine the strengths of formal verification and simulation. Formal verificationbased techniques are used on a test model (usually muchsmaller than the design) to derive a set of functional test vectors, which are then used for design validation through simulation. The test set generated typically satisfies some coverage measure on the test model. Recent research has proposed the use of state or transition coverage. However, no effor...
Efficient checker processor design
 In MICRO 33: Proceedings of the 33rd annual ACM/IEEE international symposium on Microarchitecture
, 2000
"... The design and implementation of a modern microprocessor creates many reliability challenges. Designers must verify the correctness of large complex systems and construct implementations that work reliably in varied (and occasionally adverse) operating conditions. In our previous work, we proposed a ..."
Abstract

Cited by 17 (3 self)
 Add to MetaCart
(Show Context)
The design and implementation of a modern microprocessor creates many reliability challenges. Designers must verify the correctness of large complex systems and construct implementations that work reliably in varied (and occasionally adverse) operating conditions. In our previous work, we proposed a solution to these problems by adding a simple, easily verifiable checker processor at pipeline retirement. Performance analyses of our initial design were promising, overall slowdowns due to checker processor hazards were less than 3%. However, slowdowns for some outlier programs were larger. In this paper, we examine closely the operation of the checker processor. We identify the specific reasons why the initial design works well for some programs, but slows others. Our analyses suggest a variety of improvements to the checker processor storage system. Through the addition of a 4k checker cache and eight entry store queue, our optimized design eliminates virtually all core processor slowdowns. Moreover, we develop insights into why the optimized checker processor performs well, insights that suggest it should perform well for any program. 1.
Techniques For Efficient Formal Verification Using Binary Decision Diagrams
, 1995
"... The appeal of automatic formal verification is that it's automatic  minimal human labor and expertise should be needed to get useful results and counterexamples. BDD(binary decision diagram)based approaches have promised to allow automatic verification of complex, real systems. For large cl ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
The appeal of automatic formal verification is that it's automatic  minimal human labor and expertise should be needed to get useful results and counterexamples. BDD(binary decision diagram)based approaches have promised to allow automatic verification of complex, real systems. For large classes of problems, however, (including many distributed protocols, multiprocessor systems, and network architectures) this promise has yet to be fulfilled. Indeed, the few successes have required extensive time and effort from sophisticated researchers in the field. Clearly, techniques are needed that are more sophisticated than the obvious direct implementation of theoretical results. This thesis addresses that need, emphasizing an application domain that has been particularly difficult for BDDbased methods  highlevel models of systems or distributed protocols  rather than gatelevel descriptions of circuits. Additionally, the emphasis is on providing useful debugging information for the...
Parametric Circuit Representation Using Inductive Boolean Functions
 In Computer Aided Verification, CAV '93, LNCS 697
, 1993
"... . We have developed a methodology based on symbolic manipulation of inductive Boolean functions (IBFs) for formal verification of inductivelydefined hardware. This methodology combines the techniques of reasoning by induction and symbolic tautologychecking in an automated and potentially efficient ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
(Show Context)
. We have developed a methodology based on symbolic manipulation of inductive Boolean functions (IBFs) for formal verification of inductivelydefined hardware. This methodology combines the techniques of reasoning by induction and symbolic tautologychecking in an automated and potentially efficient way. In this paper, we describe a component of this methodology that regards various mechanisms used to represent inductivelydefined circuits in the form of IBFs. The focus is on general parameterization issues, such as multiple parameter functions, multiple output functions, interaction of different parameters for supporting compositions etc. These mechanisms, which may be useful in other applications involving parametric circuit descriptions, are illustrated through practical circuit examples along with preliminary results. We also describe an application of our formal verification methodology, where a proof by induction is performed by automatic symbolic manipulation of parametric circuit...
On the verification of memory management mechanisms
, 2005
"... We define physical machines as processors with physical memory and swap memory; in user mode physical machines support address translation. We report about the formal verification of a complex processor supporting address translation by means of a memory management unit (MMU). We give a paper and pe ..."
Abstract

Cited by 16 (7 self)
 Add to MetaCart
We define physical machines as processors with physical memory and swap memory; in user mode physical machines support address translation. We report about the formal verification of a complex processor supporting address translation by means of a memory management unit (MMU). We give a paper and pencil proof that physical machines together
A Theory of Generic Interpreters
, 1993
"... We present an abstract theory of interpreters. Interpreters are models of computation that are specifically designed for use as templates in computer system specification and verification. The generic interpreter theory contains an abstract representation which serves as an interface to the theory a ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
We present an abstract theory of interpreters. Interpreters are models of computation that are specifically designed for use as templates in computer system specification and verification. The generic interpreter theory contains an abstract representation which serves as an interface to the theory and as a guide to specification. A set of theory obligations ensure that the theory is being used correctly and provide a guide to system verification. The generic interpreter theory provides a methodology for deriving important definitions and lemmas that were previously obtained in a largely ad hoc fashion. Many of the complex data and temporal abstractions are done in the abstract theory and need not be redone when the theory is used.
Automatic Generation of Invariants in Processor Verification
 In FMCAD '96, volume 1166 of LNCS
, 1996
"... A central task in formal verification is the definition of invariants, which characterize the reachable states of the system. When a system is finitestate, invariants can be discovered automatically. ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
(Show Context)
A central task in formal verification is the definition of invariants, which characterize the reachable states of the system. When a system is finitestate, invariants can be discovered automatically.
A Practical Methodology for the Formal Verification of RISC Processors
, 1995
"... In this paper a practical methodology for formally verifying RISC cores is presented. This methodology is based on a hierarchical model of interpreters which reflects the abstraction levels used by a designer in the implementation of RISC cores, namely the architecture level, the pipeline stage leve ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
In this paper a practical methodology for formally verifying RISC cores is presented. This methodology is based on a hierarchical model of interpreters which reflects the abstraction levels used by a designer in the implementation of RISC cores, namely the architecture level, the pipeline stage level, the clock phase level and the hardware implementation. The use of this model allows us to successively prove the correctness between two neighbouring levels of abstractions, so that the verification process is simplified. The parallelism in the execution of the instructions, resulting from the pipelined architecture of RISCs is handled by splitting the proof into two independent steps. The first step shows that each architectural instruction is implemented correctly by the sequential execution of its pipeline stages. The second step shows that the instructions are correctly processed by the pipeline in that we prove that under certain constraints from the actual architecture, no conflic...