Results 1  10
of
18
An Industrially Effective Environment for Formal Hardware Verification
 IEEE Transactions on ComputerAided Design of Integrated Circuits and Systems
, 2005
"... ..."
(Show Context)
The Mathematical Foundation of Symbolic Trajectory Evaluation
 In ComputerAided Verification
, 1999
"... . In this paper we elucidate the mathematical foundation underlying both the basic and the extended forms of symbolic trajectory evaluation (STE), with emphasis on the latter. In addition, we make three contributions to the theory of STE which, we believe, are new. First, we provide a satisfactor ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
. In this paper we elucidate the mathematical foundation underlying both the basic and the extended forms of symbolic trajectory evaluation (STE), with emphasis on the latter. In addition, we make three contributions to the theory of STE which, we believe, are new. First, we provide a satisfactory answer to the question: what does it mean for a circuit to satisfy a trajectory assertion? Second, we make the observation that STE is a form of data flow analysis and, as a corollary, propose a conceptually simple algorithm for (extended) STE. Third, we show that the ternary model of circuits used by STE is an abstract interpretation of the ordinary boolean model via a Galois connection. We hope that our exposition will make STE, especially its extended form, less mysterious. 1 Introduction In BDDbased formal verification, symbolic trajectory evaluation (STE) [10, 6] is the main alternative to symbolic model checking (SMC) [3]. Compared with SMC, STE has the advantage that it ca...
BitLevel Abstraction in the Verification of Pipelined Microprocessors by Correspondence Checking
, 1998
"... We present a way to abstract functional units in symbolic simulation of actual circuits, thus achieving the effect of uninterpreted functions at the bitlevel. Additionally, we propose an efficient encoding technique that can be used to represent uninterpreted symbols with BDDs, while allowing these ..."
Abstract

Cited by 18 (11 self)
 Add to MetaCart
We present a way to abstract functional units in symbolic simulation of actual circuits, thus achieving the effect of uninterpreted functions at the bitlevel. Additionally, we propose an efficient encoding technique that can be used to represent uninterpreted symbols with BDDs, while allowing these symbols to be propagated by simulation with a conventional bitlevel symbolic simulator. Our abstraction and encoding techniques result in an automatic symmetry reduction and allow the control and forwarding logic of the actual circuit to be used unmodified. The abstraction method builds on the behavioral Efficient Memory Model [18] [19] and its capability to dynamically introduce consistent initial state, which is identical for two simulation sequences. We apply the abstraction and encoding ideas on the verification of pipelined microprocessors by correspondence checking, where a pipelined microproc...
Collection of HighLevel Microprocessor Bugs from Formal Verification of Pipelined and Superscalar Designs
, 2003
"... The paper presents a collection of 93 different bugs, detected in formal verification of 65 student designs that include: 1) singleissue pipelined DLX processors; 2) extensions with exceptions and branch prediction; and 3) dualissue superscalar implementations. The processors were described in a hi ..."
Abstract

Cited by 17 (4 self)
 Add to MetaCart
The paper presents a collection of 93 different bugs, detected in formal verification of 65 student designs that include: 1) singleissue pipelined DLX processors; 2) extensions with exceptions and branch prediction; and 3) dualissue superscalar implementations. The processors were described in a highlevel HDL, and were formally verified with an automatic tool flow. The bugs are analyzed and classified, and can be used in research on microprocessor testing.
Formal verification of an arm processor
 In Twelfth International Conference On VLSI Design
, 1999
"... ..."
(Show Context)
Efficient Modeling of Memory Arrays in Symbolic Ternary Simulation
, 1998
"... . This paper enables symbolic ternary simulation of systems with large embedded memories. Each memory array is replaced with a behavioral model, where the number of symbolic variables used to characterize the initial state of the memory is proportional to the number of distinct symbolic memory locat ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
. This paper enables symbolic ternary simulation of systems with large embedded memories. Each memory array is replaced with a behavioral model, where the number of symbolic variables used to characterize the initial state of the memory is proportional to the number of distinct symbolic memory locations accessed. The behavioral model provides a conservative approximation of the replaced memory array, while allowing the address and control inputs of the memory to accept symbolic ternary values. Memory state is represented by a list of entries encoding the sequence of updates of symbolic addresses with symbolic data. The list interacts with the rest of the circuit by means of a software interface developed as part of the symbolic simulation engine. This memory model was incorporated into our verification tool based on Symbolic Trajectory Evaluation. Experimental results show that the new model significantly outperforms the transistor level memory model when verifying a simple pipelined d...
Symbolic Functional and Timing Verification of TransistorLevel Circuits
 ACM/IEEE INTERNATIONAL CONFERENCE ON COMPUTER AIDED DESIGN
, 1999
"... We introduce a new method of verifying the timing of custom CMOS circuits. Due to the exponential number of patterns required, traditional simulation methods are unable to exhaustively verify a mediumsized modern logic block. Static analysis can handle much larger circuits but is not robust with re ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
We introduce a new method of verifying the timing of custom CMOS circuits. Due to the exponential number of patterns required, traditional simulation methods are unable to exhaustively verify a mediumsized modern logic block. Static analysis can handle much larger circuits but is not robust with respect to variations from standard circuit structures. Our approach applies symbolic simulation to analyze a circuit over all input combinations without these limitations. We present a prototype simulator (SirSim) and experimental results. We also discuss using SirSim to verify an industrial design which previously required a specialpurpose verification methodology.
Incorporating Timing Constraints in the Efficient Memory Model for Symbolic Ternary Simulation
 3 INTERNATIONAL CONFERENCE ON COMPUTER DESIGN (ICCD ’98
, 1998
"... This paper introduces the four timing constraints of setup time, hold time, minimum delay, and maximum delay in the Efficient Memory Model (EMM). The EMM is a behavioral model, where the number of symbolic variables used to characterize the initial state of the memory is proportional to the number o ..."
Abstract

Cited by 6 (6 self)
 Add to MetaCart
(Show Context)
This paper introduces the four timing constraints of setup time, hold time, minimum delay, and maximum delay in the Efficient Memory Model (EMM). The EMM is a behavioral model, where the number of symbolic variables used to characterize the initial state of the memory is proportional to the number of distinct symbolic memory locations accessed. The behavioral model provides a conservative approximation of the replaced memory array, while allowing the address and control inputs of the memory to accept symbolic ternary values. If a circuit has been formally verified with the behavioral model, the system is guaranteed to function correctly with any memory implementation whose timing parameters are bounded by the ones used in the verification.
Integrating formal verification into an advanced computer architecture course
 IEEE Transactions on Education
, 2003
"... The paper presents a sequence of three projects on design and formal verification of pipelined and superscalar processors. The projects were integrated—by means of lectures and preparatory homework exercises—into an existing advanced computer architecture course taught to both undergraduate and gr ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
The paper presents a sequence of three projects on design and formal verification of pipelined and superscalar processors. The projects were integrated—by means of lectures and preparatory homework exercises—into an existing advanced computer architecture course taught to both undergraduate and graduate students in a way that required them to have no prior knowledge of formal methods. The first project was on design and formal verification of a 5stage pipelined DLX processor, implementing the six basic instruction types—registerregisterALU, registerimmediateALU, store, load, jump, and branch. The second project was on extending the processor from project one with ALU exceptions, a returnfromexception instruction, and branch prediction; each of the resulting models was formally verified. The third project was on design and formal verification of a dualissue superscalar version of the DLX from project one. The preparatory homework problems included an exercise on design and formal verification of a staggered ALU, pipelined in the style of the integer ALUs in the Intel Pentium 4. The processors were described in the highlevel hardware description language AbsHDL that allows the students to ignore the bit widths of wordlevel values and the internal implementations of functional units and memories, while focusing entirely on the logic that controls the pipelined or superscalar execution. The formal verification tool flow included the termlevel symbolic simulator TLSim, the decision procedure EVC, and an efficient SATchecker; this tool flow—combined with the same abstraction techniques for defining processors with exceptions and branch prediction, as used in the projects—was applied at Motorola to formally verify a model of the MCORE processor, and detected bugs. The course went through two iterations—offered at the Georgia Institute of Technology in the summer and fall of 2002—and was taught to 67 students, 25 of whom were undergraduates.
Verification of Pipelined Microprocessors by Comparing Memory Execution Sequences in Symbolic Simulation
, 1997
"... . This paper extends Burch and Dill's pipeline verification method [4] to the bit level. We introduce the idea of memory shadowing, a new technique for providing onthefly identical initial memory state to two different memory execution sequences. We also present an algorithm which compares th ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
(Show Context)
. This paper extends Burch and Dill's pipeline verification method [4] to the bit level. We introduce the idea of memory shadowing, a new technique for providing onthefly identical initial memory state to two different memory execution sequences. We also present an algorithm which compares the final states of two memories for equality. Memory shadowing and the comparison algorithm build on the Efficient Memory Model (EMM) [13], a behavioral memory model where the number of symbolic variables used to characterize the initial state of a memory is proportional to the number of distinct symbolic locations accessed. These techniques allow us to verify that a pipelined circuit has equivalent behavior to its unpipelined specification by simulating two memory execution sequences and comparing their final states. Experimental results show the potential of the new ideas. Keywords: pipelined microprocessor verification, memory shadowing, Efficient Memory Model (EMM), circuit correspondence che...