Compositional Verification of a Switch Fabric from Nortel Networks

With the development of ASIC designs, simulation cannot cover all the corner cases in a complicated design. Model checking is a fully automatic approach to verify a finite state machine against its temporal specifications. However, its application is limited by the size of the system to be verified. Compositional verification and model reduction are two possible methods to tackle this problem. In this paper, we propose a verification framework based on assume-guarantee compositional model checking, where we can apply model checking to do exhaustive verification at the module level and conduct global properties via compositional reasoning. In this framework, temporal specifications are synthesized into Verilog modules. In case a module under verification is beyond the capability of model checking, the proposed model reduction algorithm is used. We implemented the framework on top of the VIS tool and applied it on an ATM switch fabric from Nortel Networks.

[1]  Amir Pnueli,et al.  Modularization and Abstraction: The Keys to Practical Formal Verification , 1998, MFCS.

[2]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[3]  Edmund M. Clarke,et al.  Using Branching Time Temporal Logic to Synthesize Synchronization Skeletons , 1982, Sci. Comput. Program..

[4]  Kedar S. Namjoshi,et al.  Syntactic Program Transformations for Automatic Abstraction , 2000, CAV.

[5]  Sofiène Tahar,et al.  Environment synthesis for compositional model checking , 2002, Proceedings. IEEE International Conference on Computer Design: VLSI in Computers and Processors.

[6]  Hong Peng,et al.  Model reduction based on value dependency , 2001, Proceedings 14th Annual IEEE International ASIC/SOC Conference (IEEE Cat. No.01TH8558).

[7]  Edmund M. Clarke,et al.  Model checking, abstraction, and compositional verification , 1993 .

[8]  Martin Peschke,et al.  Design and Validation of Computer Protocols , 2003 .

[9]  Anish Arora,et al.  Synthesis of fault-tolerant concurrent programs , 2004, TOPL.

[10]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[11]  Tiziano Villa,et al.  VIS: A System for Verification and Synthesis , 1996, CAV.

[12]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[13]  Karen Yorav,et al.  Exploiting syntactic structure for automatic verification , 2000 .

[14]  Michael Huth,et al.  Assume-Guarantee Model Checking of Software: A Comparative Case Study , 1999, SPIN.

[15]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[16]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[17]  Mieke Massink,et al.  Theoretical and Practical Aspects of SPIN Model Checking , 1999, Lecture Notes in Computer Science.

[18]  I. H. Öğüş,et al.  NATO ASI Series , 1997 .

[19]  Amir Pnueli,et al.  In Transition From Global to Modular Temporal Reasoning about Programs , 1989, Logics and Models of Concurrent Systems.

[20]  Orna Grumberg,et al.  Model checking and modular verification , 1994, TOPL.

[21]  Krzysztof R. Apt,et al.  Logics and Models of Concurrent Systems , 1989, NATO ASI Series.