Model Checking the IBM Gigahertz Processor: An Abstraction Algorithm for High-Performance Netlists

A common technique in high-performance hardware design is to intersperse combinatorial logic freely between level-sensitive latch layers (wherein one layer is transparent during the "high" clock phase, and the next during the "low"). Such logic poses a challenge to verification - unless the two-phase netlist N may be abstracted to a full-cycle model N′ (wherein each memory element may sample every cycle), model checking of N requires at least twice as many state variables as would be necessary to obtain equivalent coverage for N′. We present an algorithm to automatically obtain such an abstraction by selectively eliminating latches from both layers. The abstraction is valid for model checking CTL* formulae which reason solely about latches of a single phase. This algorithm has been implemented in IBM's model checker, RuleBase, and has been used to enable model checking of IBM's Gigahertz Processor, which may not have been feasible otherwise. This abstraction has furthermore allowed verification engineers to write properties and environments more efficiently.

[1]  Kevin J. Nowka,et al.  Circuit design techniques for a gigahertz integer microprocessor , 1998, Proceedings International Conference on Computer Design. VLSI in Computers and Processors (Cat. No.98CB36273).

[2]  Edmund M. Clarke Automatic verification of finite-state concurrent systems , 1994, Proceedings Ninth Annual IEEE Symposium on Logic in Computer Science.

[3]  Orna Grumberg,et al.  Model checking and modular verification , 1994, TOPL.

[4]  Alan J. Hu,et al.  New Techniques for Efficient Verification with Implicitly Conjoined BDDs , 1994, 31st Design Automation Conference.

[5]  J. Taylor,et al.  Switching and finite automata theory, 2nd ed. , 1980, Proceedings of the IEEE.

[6]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[7]  Edward A. Feigenbaum,et al.  Switching and Finite Automata Theory: Computer Science Series , 1990 .

[8]  Sela Mador-Haim,et al.  Input Elimination and Abstraction in Model Checking , 1998, FMCAD.

[9]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[10]  Charles E. Leiserson,et al.  Optimizing synchronous systems , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[11]  C. Eisner,et al.  RuleBase: an industry-oriented formal verification tool , 1996, 33rd Design Automation Conference Proceedings, 1996.