Add to collection(s) Add to saved
  1. No category

Introduction

advertisement 
Introduction
An overview of formal
methods for hardware verification
Copyright 2000 Cadence Design Systems.
What is formal verification?
• Formal means two things:
– A mathematical (not English) specification
– An exhaustive verification method (not simulation)
• Sometimes “semiformal” is used to mean…
– Formal specification, but not verification, or
– Nothing formal, but using similar algorithms.
We won’t cover semiformal methods here.
Copyright 2000 Cadence Design Systems.
Formal methods
Informal simulation methodology...
system
vectors
01011...
simulator
01011...
(observe output)
“Semiformal” simulation methodology...
system
vectors
01011...
simulator
01011...
?
properties
Formal verification methodology...
system
properties
verifier
Copyright 2000 Cadence Design Systems.
yes/no/?
Systems and properties
• Example system
– (model of) bus arbiter circuit
• Example properties
– No two requesters ack’d at same time
– If request, then eventually grant
An FV system must have a way to formalize
the properties, and to prove
system  specification
Copyright 2000 Cadence Design Systems.
Axes for formal methods
• Increased expressiveness
– handle a broader class of properties
– handle a broader class of systems
• Automation
– handle larger, more complex systems automatically
• Scalability
– break large objects into small objects
– prove properties of smaller objects
Consider some verification approaches...
Copyright 2000 Cadence Design Systems.
Symbolic simulation
• Simulate with boolean formulas, not 0/1/X
• Example system:
a
b
c
x=(a  b)  c
• Example property: x = a  b  c
Verification engine: boolean equivalence (hard!)
Why is this formal verification?
Copyright 2000 Cadence Design Systems.
Simulating sequential circuits
Property:
if r0=a, z0=b, z1=c
then r2 = a  b  c
z
r
Symbolic evaluation:
r0= a
r1= a b
r2= (a  b)  c
Limitation: can only specify a fixed finite sequence
Copyright 2000 Cadence Design Systems.
Model checking
properties:
G(req -> F ack)
yes
G(ack1ack2)
MC
system:
req
no/counterexample:
req
ack
ack
Verification engine: state space search (even harder!)
Advantage: greater expressiveness
(but model must still be finite-state)
Copyright 2000 Cadence Design Systems.
First order decision procedures
valid
formula:
f(x)=x 
f(f(x))=x
decision
procedure
not valid
• Handles even non-finite-state systems
• Used to verify pipeline equivalence
• Cannot handle temporal properties
Copyright 2000 Cadence Design Systems.
Increasing automation
• Handle larger, more complex systems
• Boolean case
– Binary decision diagrams
• Boolean equivalence in symbolic simulation
• Symbolic model checking
– SAT solvers
• State space reduction techniques
– partial order, symmetry, etc.
• Fast decision procedures
Very hot research topics in last decade, but
still do not scale to large systems.
Copyright 2000 Cadence Design Systems.
Scaling up
• The compositional approach:
– Break large verification problems into smaller,
localized problems.
– Verify the smaller problems using automated
methods.
– Verify that smaller problems together imply larger
problem.
Copyright 2000 Cadence Design Systems.
Example -- equivalence checkers
circuit A
circuit B
• Identify corresponding registers
• Show corresponding logic “cones” equivalent
– Note: logic equivalence  symbolic simulation
• Infer sequential circuits equivalent
That is, local properties  global property
Copyright 2000 Cadence Design Systems.
Compositional systems
Equivalence
Checkers
Proof
Assistants
STE
Symbolic
Simulation
Model
Checking
Decision
procedures
• Automation handles small sub-problems
• Proof decomposition usually manual
This approach is necessary to scale up!
Copyright 2000 Cadence Design Systems.
Abstraction
• Hide details not necessary to prove property
• Two basic approaches
– Build abstract models manually
abstract model property
abstraction
relation
system
property
– Use abstract interpretation of original model
Copyright 2000 Cadence Design Systems.
Examples of abstraction
•
•
•
•
Hiding some components of system
Using X value in symbolic simulation
One-address/data abstractions
Instruction-set architecture models
All are meant to reduce the complexity of
the system so that we can simplify the verification
problem for automatic tools.
Copyright 2000 Cadence Design Systems.
Decomposition and abstraction
property
decomposition
abstraction
verification
• Abstractions are relative
to property
• Decomposition means we
can hide more information.
• Decomposed properties are
often relative to abstract
reference models.
Copyright 2000 Cadence Design Systems.
Tutorial outline
• Model checking
– temporal logics, automata and algorithms
• Abstraction techniques
– state space reductions
• Binary decision diagrams
– heuristically efficient model checking
• Compositional methodology
– techniques for scaling up
• Conclusion
– where to go next
Copyright 2000 Cadence Design Systems.
Related documents
CDNLive! Shanghai 2010 Presentation Template
CDNLive! Shanghai 2010 Presentation Template
Foundry Design Kit
Foundry Design Kit
No Huddle Offensive Procedures and
No Huddle Offensive Procedures and
Dover Beach Fu 23-07-10 - English Language and Literature
Dover Beach Fu 23-07-10 - English Language and Literature
Unit 9 - CADENCES
Unit 9 - CADENCES
Cadence_tips
Cadence_tips
S - DVCon
S - DVCon
polychoral - WordPress.com
polychoral - WordPress.com
CAV03 tutorial on SAT-based model checking
CAV03 tutorial on SAT-based model checking
Download
advertisement