A methodology for hardware verification using compositional model checking

Abstract A methodology for system-level hardware verification based on compositional model checking is described. This methodology relies on a simple set of proof techniques, and a domain specific strategy for applying them. The goal of this strategy is to reduce the verification of a large system to finite state subgoals that are tractable in both size and number. These subgoals are then discharged by model checking. The proof strategy uses proof techniques for design refinement, temporal case splitting, data-type reduction and the exploitation of symmetry. Uninterpreted functions can be used to abstract operations on data. A proof system supporting this approach generates verification subgoals to be discharged by the SMV symbolic model checker. Application of the methodology is illustrated using an implementation of Tomasulo's algorithm, a packet buffering device and a cache coherence protocol as examples.

[1]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[2]  Robert W. Brodersen,et al.  A methodology for the design and implementation of communication protocols for embedded wireless systems , 1998 .

[3]  David L. Dill,et al.  Better verification through symmetry , 1996, Formal Methods Syst. Des..

[4]  David L. Dill,et al.  Formal Verification of Out-of-Order Execution Using Incremental Flushing , 1998, CAV.

[5]  GriesDavid,et al.  Verifying properties of parallel programs , 1976 .

[6]  Thomas A. Henzinger,et al.  Reactive Modules , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[7]  David Cyrluk,et al.  Inverting the Abstraction Mapping: A Methodology for Hardware Verification , 1996, FMCAD.

[8]  Robert W. Brodersen,et al.  The InfoPad Multimedia Terminal: A Portable Device for Wireless Information Access , 1998, IEEE Trans. Computers.

[9]  David L. Dill,et al.  Efficient validity checking for processor verification , 1995, Proceedings of IEEE International Conference on Computer Aided Design (ICCAD).

[10]  李幼升,et al.  Ph , 1989 .

[11]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[12]  David L. Dill,et al.  Automatic verification of Pipelined Microprocessor Control , 1994, CAV.

[13]  Thomas A. Henzinger,et al.  MOCHA: Modularity in Model Checking , 1998, CAV.

[14]  Jun Sawada,et al.  Processor Verification with Precise Exeptions and Speculative Execution , 1998, CAV.

[15]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[16]  R. M. Tomasulo,et al.  An efficient algorithm for exploiting multiple arithmetic units , 1995 .

[17]  Kenneth L. McMillan,et al.  Verification of Infinite State Systems by Compositional Model Checking , 1999, CHARME.

[18]  Kenneth L. McMillan,et al.  Circular Compositional Reasoning about Liveness , 1999, CHARME.

[19]  Martín Abadi,et al.  Composing specifications , 1989, TOPL.

[20]  Pierre Wolper,et al.  An Automata-Theoretic Approach to Automatic Program Verification (Preliminary Report) , 1986, LICS.

[21]  Natarajan Shankar PVS: Combining Specification, Proof Checking, and Model Checking , 1996, FMCAD.

[22]  Amir Pnueli,et al.  In Transition From Global to Modular Temporal Reasoning about Programs , 1989, Logics and Models of Concurrent Systems.

[23]  Randal E. Bryant,et al.  Bit-Level Abstraction in the Verfication of Pipelined Microprocessors by Correspondence Checking , 1998, FMCAD.

[24]  N. Shankar,et al.  Pvs: Combining Speciication, Proof Checking, and Model Checking ? 1 Combining Theorem Proving and Typechecking , 1996 .

[25]  L. McMillanmcmillan Circular Compositional Reasoning about Liveness , 1999 .

[26]  Robert K. Brayton,et al.  Automatic Datapath Abstraction In Hardware Systems , 1995, CAV.

[27]  R. W. Brodersen,et al.  A design methodology for highly-integrated wireless communications systems , 1998, Proceedings IEEE Computer Society Workshop on VLSI'98 System Level Design (Cat. No.98EX158).

[28]  Bill Roscoe Verifying Determinism of Concurrent Systems Which Use Unbounded Arrays , 1998 .

[29]  Armin Biere,et al.  Combining Symbolic Model Checking with Uninterpreted Functions for Out-of-Order Processor Verification , 1998, FMCAD.

[30]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[31]  Edmund M. Clarke,et al.  Model checking, abstraction, and compositional verification , 1993 .

[32]  Robert K. Brayton,et al.  Verification Using Uninterpreted Functions and Finite Instantiations , 1996, FMCAD.

[33]  Arvind Srinivasan,et al.  Verity - A formal verification program for custom CMOS circuits , 1995, IBM J. Res. Dev..

[34]  Pierre Wolper,et al.  Expressing interesting properties of programs in propositional temporal logic , 1986, POPL '86.