157 research outputs found
Word-level Symbolic Trajectory Evaluation
Symbolic trajectory evaluation (STE) is a model checking technique that has
been successfully used to verify industrial designs. Existing implementations
of STE, however, reason at the level of bits, allowing signals to take values
in {0, 1, X}. This limits the amount of abstraction that can be achieved, and
presents inherent limitations to scaling. The main contribution of this paper
is to show how much more abstract lattices can be derived automatically from
RTL descriptions, and how a model checker for the general theory of STE
instantiated with such abstract lattices can be implemented in practice. This
gives us the first practical word-level STE engine, called STEWord. Experiments
on a set of designs similar to those used in industry show that STEWord scales
better than word-level BMC and also bit-level STE.Comment: 19 pages, 3 figures, 2 tables, full version of paper in International
Conference on Computer-Aided Verification (CAV) 201
A Faithful Semantics for Generalised Symbolic Trajectory Evaluation
Generalised Symbolic Trajectory Evaluation (GSTE) is a high-capacity formal
verification technique for hardware. GSTE uses abstraction, meaning that
details of the circuit behaviour are removed from the circuit model. A
semantics for GSTE can be used to predict and understand why certain circuit
properties can or cannot be proven by GSTE. Several semantics have been
described for GSTE. These semantics, however, are not faithful to the proving
power of GSTE-algorithms, that is, the GSTE-algorithms are incomplete with
respect to the semantics.
The abstraction used in GSTE makes it hard to understand why a specific
property can, or cannot, be proven by GSTE. The semantics mentioned above
cannot help the user in doing so. The contribution of this paper is a faithful
semantics for GSTE. That is, we give a simple formal theory that deems a
property to be true if-and-only-if the property can be proven by a GSTE-model
checker. We prove that the GSTE algorithm is sound and complete with respect to
this semantics
GSTE is partitioned model checking
Verifying whether an ω-regular property is satisfied by a finite-state system is a core problem in model checking. Standard techniques build an automaton with the complementary language, compute its product with the system, and then check for emptiness. Generalized symbolic trajectory evaluation (GSTE) has been recently proposed as an alternative approach, extending the computationally efficient symbolic trajectory evaluation (STE) to general ω-regular properties. In this paper, we show that the GSTE algorithms are essentially a partitioned version of standard symbolic model-checking (SMC) algorithms, where the partitioning is driven by the property under verification. We export this technique of property-driven partitioning to SMC and show that it typically does speed up SMC algorithm
Coverage measurement for software application level verification using symbolic trajectory evaluation techniques
Copyright © 2004 IEEEDesign verification of a systems-on-a-chip is a bottleneck for hardware design projects. A new solution is a design verification methodology that applies coverage driven verification at the embedded software application level. This methodology currently lacks an appropriate coverage measurement technique. This paper proposes a new coverage model for the software application level. Using this coverage model, a novel technique to represent and measure coverage is described. This technique uses ideas such as control graph structures and checking algorithms to estimate the completeness of software application verification.Adriel Cheng, Atanas Parashkevov, Cheng-Chew Li
Formal Methods at Intel - An Overview
Since the 1990s, Intel has invested heavily in formal methods, which are now deployed in several domains: hardware, software, firmware, protocols etc. Many different formal methods tools and techniques are in active use, including symbolic trajectory evaluation, temporal logic model checking, SMT-style combined decision procedures, and interactive higher-order logic theorem proving. I will try to give a broad overview of some of the formal methods activities taking place at Intel, and describe the challenges of extending formal verification to new areas and of effectively using multiple formal techniques in combinatio
Theorem Proving in Intel Hardware Design
For the past decade, a framework combining model checking (symbolic trajectory evaluation) and higher-order logic theorem proving has been in production use at Intel. Our tools and methodology have been used to formally verify execution cluster functionality (including floating-point operations) for a number of Intel products, including the Pentium(Registered TradeMark)4 and Core(TradeMark)i7 processors. Hardware verification in 2009 is much more challenging than it was in 1999 - today s CPU chip designs contain many processor cores and significant firmware content. This talk will attempt to distill the lessons learned over the past ten years, discuss how they apply to today s problems, outline some future directions
RTL2RTL Formal Equivalence: Boosting the Design Confidence
Increasing design complexity driven by feature and performance requirements
and the Time to Market (TTM) constraints force a faster design and validation
closure. This in turn enforces novel ways of identifying and debugging
behavioral inconsistencies early in the design cycle. Addition of incremental
features and timing fixes may alter the legacy design behavior and would
inadvertently result in undesirable bugs. The most common method of verifying
the correctness of the changed design is to run a dynamic regression test suite
before and after the intended changes and compare the results, a method which
is not exhaustive. Modern Formal Verification (FV) techniques involving new
methods of proving Sequential Hardware Equivalence enabled a new set of
solutions for the given problem, with complete coverage guarantee. Formal
Equivalence can be applied for proving functional integrity after design
changes resulting from a wide variety of reasons, ranging from simple pipeline
optimizations to complex logic redistributions. We present here our experience
of successfully applying the RTL to RTL (RTL2RTL) Formal Verification across a
wide spectrum of problems on a Graphics design. The RTL2RTL FV enabled checking
the design sanity in a very short time, thus enabling faster and safer design
churn. The techniques presented in this paper are applicable to any complex
hardware design.Comment: In Proceedings FSFMA 2014, arXiv:1407.195
- …