A hierarchical approach to formal modeling and verification of asynchronous circuits

The self-timed (or asynchronous) approach to circuit design has demonstrated benefits in a number of different areas for its low energy consumption, high operating speed, composability, and modularity. Nonetheless, the asynchronous paradigm exposes challenges that are not found in the synchronous (or clock-driven) paradigm. For the verification task, a challenge emerges from the large number of potential operational interleavings exhibited in the asynchronous paradigm. Simply exploring all interleavings is, in general, intractable because the number of interleavings can grow exponentially. This dissertation focuses on developing scalable methods that are capable of reasoning effectively about the interleaving problem exhibited in self-timed systems. We specify and verify finite-state-machine representations of self-timed circuit designs using the DE system, a formal hardware description language defined using the ACL2 theorem-proving system. We apply a link-joint paradigm to model self-timed circuits as networks of channels that communicate with each other locally via handshake protocols. This link-joint model has been shown to be a universal model for various self-timed circuit families. In addition, this model has a clean formalization in the ACL2 logic and provides a protocol level that abstracts away timing constraints at the circuit level. Unlike many efforts for validating timing and communication properties of self-timed systems, we are interested in verifying functional properties. Specifically, we verify the functional correctness of self-timed systems in terms of relationships between their input and output sequences. To mitigate the consideration of all interleavings simultaneously, we address the verification problem hierarchically and avoid exploring the internal structures of verified submodules as well as their operational interleavings. The input-output relationship of a verified submodule is determined based on the communication signals at the submodule's input and output ports, while abstracting away all execution paths internal to that submodule.Computer Science

Timed Chi: Modeling, Simulation and Verification of Hardware Systems

Timed Chi (chi) is a timed process algebra, designed for Modeling, simulation, verification and real-time control. Its application domain consists of large and complex manufacturing systems. The straightforward syntax and semantics are also highly suited to architects, engineers and researchers from the hardware design community. There are many different tools for timed Chi that support the analysis and manipulation of timed Chi specifications; and such tools are the results of software engineering research with a very strong foundation in formal theories/methods. Since timed Chi is a well-developed algebraic theory from the field of process algebras with timing, we have the idea that timed Chi is also well-suited for addressing various aspects of hardware systems (discrete-time systems by nature). To show that timed Chi is useful for the formal specification and analysis of hardware systems, we illustrate the use of timed Chi with several benchmark examples of hardware systems

Modular Timing Constraints for Delay-Insensitive Systems

This paper introduces ARCtimer, a framework for modeling, generating, verifying, and enforcing timing constraints for individual self-timed handshake components. The constraints guarantee that the component’s gate-level circuit implementation obeys the component’s handshake protocol specification. Because the handshake protocols are delayinsensitive, self-timed systems built using ARCtimer-verified components are also delay-insensitive. By carefully considering time locally, we can ignore time globally. ARCtimer comes early in the design process as part of building a library of verified components for later system use. The library also stores static timing analysis (STA) code to validate and enforce the component’s constraints in any self-timed system built using the library. The library descriptions of a handshake component’s circuit, protocol, timing constraints, and STA code are robust to circuit modifications applied later in the design process by technology mapping or layout tools. In addition to presenting new work and discussing related work, this paper identifies critical choices and explains what modular timing verification entails and how it works

Applying Formal Methods to Networking: Theory, Techniques and Applications

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet which began as a research experiment was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, especially for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification, and an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design---especially, the software defined networking (SDN) paradigm---offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial

Model-checking Synthesizable SystemVerilog Descriptions of Asynchronous Circuits

International audienceAsynchronous circuits have key advantages in terms of low energy consumption, robustness, and security. However , the absence of a global clock makes the design prone to deadlock, livelock, synchronization, and resource-sharing errors. Formal verification is thus essential for designing such circuits, but it is not widespread enough, as many hardware designers are not familiar with it and few verification tools can cope with asyn-chrony on complex designs. This paper suggests how an industrial design flow for asynchronous circuits, based upon the standard HDL SystemVerilog, can be supplemented with formal verification capabilities rooted in concurrency theory and model-checking technology. We demonstrate the practicality of our approach on an industrial asynchronous circuit (4000 lines of SystemVerilog) implementing a memory protection unit

Hybrid Multiresolution Simulation & Model Checking: Network-On-Chip Systems

abstract: Designers employ a variety of modeling theories and methodologies to create functional models of discrete network systems. These dynamical models are evaluated using verification and validation techniques throughout incremental design stages. Models created for these systems should directly represent their growing complexity with respect to composition and heterogeneity. Similar to software engineering practices, incremental model design is required for complex system design. As a result, models at early increments are significantly simpler relative to real systems. While experimenting (verification or validation) on models at early increments are computationally less demanding, the results of these experiments are less trustworthy and less rewarding. At any increment of design, a set of tools and technique are required for controlling the complexity of models and experimentation. A complex system such as Network-on-Chip (NoC) may benefit from incremental design stages. Current design methods for NoC rely on multiple models developed using various modeling frameworks. It is useful to develop frameworks that can formalize the relationships among these models. Fine-grain models are derived using their coarse-grain counterparts. Moreover, validation and verification capability at various design stages enabled through disciplined model conversion is very beneficial. In this research, Multiresolution Modeling (MRM) is used for system level design of NoC. MRM aids in creating a family of models at different levels of scale and complexity with well-formed relationships. In addition, a variant of the Discrete Event System Specification (DEVS) formalism is proposed which supports model checking. Hierarchical models of Network-on-Chip components may be created at different resolutions while each model can be validated using discrete-event simulation and verified via state exploration. System property expressions are defined in the DEVS language and developed as Transducers which can be applied seamlessly for model checking and simulation purposes. Multiresolution Modeling with verification and validation capabilities of this framework complement one another. MRM manages the scale and complexity of models which in turn can reduces V&V time and effort and conversely the V&V helps ensure correctness of models at multiple resolutions. This framework is realized through extending the DEVS-Suite simulator and its applicability demonstrated for exemplar NoC models.Dissertation/ThesisDoctoral Dissertation Computer Science 201

Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design – FMCAD 2021

The Conference on Formal Methods in Computer-Aided Design (FMCAD) is an annual conference on the theory and applications of formal methods in hardware and system verification. FMCAD provides a leading forum to researchers in academia and industry for presenting and discussing groundbreaking methods, technologies, theoretical results, and tools for reasoning formally about computing systems. FMCAD covers formal aspects of computer-aided system design including verification, specification, synthesis, and testing