Verifying Safety Properties of a PowerPC TM 1 Microprocessor Using Symbolic Model Checking without BDDs

In [2] Bounded Model Checking with the aid of satis ability solving (SAT) was introduced as an alternative to traditional symbolic model checking based on solving xpoint equations with BDDs. In this paper we show how bounded model checking can take advantage of specialized optimizations. We present a bounded version of the cone of in uence reduction that works very well for verifying safety properties. We have successfully applied this idea to checking safety properties of a PowerPC microprocessor under design at Motorola's Somerset PowerPC design center. Based on that experience, we propose a veri cation methodology that we feel can bring model checking into the mainstream of industrial chip design.

[1]  Hilary Putnam,et al.  A Computing Procedure for Quantification Theory , 1960, JACM.

[2]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[3]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[4]  David A. Plaisted,et al.  A Structure-Preserving Clause Form Translation , 1986, J. Symb. Comput..

[5]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[6]  Olivier Coudert,et al.  Verifying Temporal Properties of Sequential Machines without Building Their State Diagrams , 1990, CAV.

[7]  G. Stålmarck,et al.  Modeling and Verifying Systems and Software in Propositional Logic , 1990 .

[8]  Randal E. Bryant,et al.  On the Complexity of VLSI Implementations and Graph Representations of Boolean Functions with Application to Integer Multiplication , 1991, IEEE Trans. Computers.

[9]  D. E. Long,et al.  Model checking and abstraction , 1992, POPL '92.

[10]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[11]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[12]  Somesh Jha,et al.  Verification of the Futurebus+ cache coherence protocol , 1993, Formal Methods Syst. Des..

[13]  Orna Grumberg,et al.  Model checking and modular verification , 1994, TOPL.

[14]  R. P. Kurshan,et al.  Automata-theoretic verification of coordinating processes , 1994 .

[15]  Joao Marques-Silva,et al.  Search Algorithms for Satisfiability Problems in Combinational Switching Circuits , 1995 .

[16]  Carl Pixley,et al.  Design Constraints in Symbolic Model Checking , 1998, CAV.

[17]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[18]  E. Clarke,et al.  Symbolic model checking using SAT procedures instead of BDDs , 1999, Proceedings 1999 Design Automation Conference (Cat. No. 99CH36361).