Ganesh Gopalakrishnan
Abstract
The use of formal methods in hardware design improves the quality of designs in many ways: it promotes better understanding of the design; it permits systematic design refinement through the discovery of invariants; and it allows design verification (informal or formal). In this paper we illustrate the use of formal methods in the design of a custom hardware system called the “Rollback Chip” (RBC), conducted using a simple hardware design description language called “HOP”. An informal specification of the requirements of the RBC is first given, followed by a behavioral description of the RBC stating its desired behavior. The behavioral description is refined into progressively more efficient designs, terminating in a structural description. Key refinement steps are based on system invariants that are discovered during the design, and proved correct during design verification. The first step in design verification is to apply a program called PARCOMP to derive a behavioral description from the structural description of the RBC. The derived behavior is then compared against the desired behavior using equational verification techniques. This work demonstrates that formal methods can be fruitfully applied to a nontrivial hardware design. It also illustrates the particular advantages of our approach based on HOP and PARCOMP. Last, but not the least, it formally verifies the RBC mechanism itself.
- 1 ADRION, W. R., BRANSTAD, M. A. AND CHERNIAVSK~f, J. C Validation, verification, and testing of computer software. ACM Comput. Surv. 14, 2 (Jun 1982), 159-192. Google Scholar
- 2 AKELLA, V. An integrated framework for high-level synthesis of self-timed circuits. PhD thesis, Dept. of Computer Science, Univ. of Utah, Salt Lake City, 1992. Google Scholar
- 3 AKELLA, V. AND GOPALAKRISHNAN, G. SHILPA. A high-level synthesis system for self-timed circuits. In International Conference on Computer-aided Destgn, ICCAD 92, (Nov. 1992). Google Scholar
- 4 APT, K. R. AND OLDEROG, E. R. Verifwatmn of Sequential and Concurrent Programs. Springer-Verlag, New York, 1991. Google Scholar
- 5 BIRTWISTLE, G. AND SUBRAHMANYAM, P A. EDS. Current Trends m Hardware Vemf~cat~on and Automated Theorem Prowng. Springer-Verlag, New York, 1989. Google Scholar
- 6 BOYER, R. AND MOORE, J.S. A Computational Logic. Academic Press, London, 1979.Google Scholar
- 7 BRYANT, R. E. Formal verification of memory circuits by switch-level simulation. IEEE Trans. Comput.-A~ded Des. 10, 1 (Jan. 1991), 94-102.Google Scholar
- 8 BRYANT, R. E., BEATTY, n. L., AND SEGER, C. J.H. Formal hardware verification by symbolic ternary trajectory evaluation. In Proceedings of the ACM/IEEE 28th Design Automatmn Conference, (June 1991). Google Scholar
- 9 BUZZELL, C. A, ROBB, M. J., AND FUJIMOTO, R.M. Modular VME rollback hardware for time warp. In Proceedings of the SCS Multiconference on Dtstr~buted Stmulatwn 22, i (Jan. 1990), 153-156.Google Scholar
- 10 CAMURAI, P. AND PRINETTO, P. Formal verification of hardware correctness: introduction and survey of current research. IEEE Computer 21, 7 (July 1988), 8-20. Google Scholar
- 11 CLAESEN, L. ED. Proceedings of the IMEC-IFIP Workshop on Applied Formal Methods for Correct VLSI Design, (Leuven, Belgium, Nov. 1989).Google Scholar
- 12 COHN, A. Correctness properties of the Viper block model: The second level. In Current Trends in Hardware Vemfzcatmn and Automated Theorem Prowng, G. Birtwistle and P. A. Subrahmanyam, Eds, Springer-Verlag, New York, 1989, 1-91. Google Scholar
- 13 FUJIMOTO, R M. Time warp on a shared memory multiprocessor Trans. Soc Comput Szmul. 6, 3 (July 1989), 211-239 Google Scholar
- 14 FUJIMOTO, 1~. M. Parallel discrete event simulation. Commun. ACM 33, 10 (Oct. 1990). Google Scholar
- 15 FUJIMOTO, R. M., TSAI, J. J., AND GOPALAKRISHNAN, G. Design and evaluation of the rollback chip: Special purpose hardware for time warp. IEEE Trans. Comput. 41, i (Jan. 1992), 68-82. Google Scholar
- 16 GOPALA~mISHNAN, G. C. Specification and verification of pipelined hardware in HOP. In Proceedings of the Ninth International Symposzum on Computer Hardware Description Languages (Aug. 1989), 117 131.Google Scholar
- 17 GOPALAKRISHNAN, G. HOP: A formal model for synchronous circuits using communicating fundamental mode symbolic automata Tech. Rep. UU/CS/92/009, Dept of Computer Science, Univ. of Utah, Salt Lake City, 1992.Google Scholar
- 18 GOPALAKRISHNAN, G. C. AND FUJIMOTO, R. Design and verification of the rollback chip using HOP: A case study of formal methods applied to hardware design. Tech. Rep. UUCS-91-015. Dept. of Computer Science, Univ of Utah, Salt Lake City, Oct. 1991.Google Scholar
- 19 GORDON, M. HOL: A proof generating system for Higher Order Logic. In VLSI Specz}dcat~on, Vertficatmn and Synthesis, G Birtwistle and P. A. Subrahmanyam, Eds., Kluwer Academic, Boston, 1988, 73-128.Google Scholar
- 20 GUTTAG, J. V., HOROWITZ, E., AND MUSSER, D.R. Abstract data types and software valida~ tion. Commun. ACM 21, 12 (Dec. 1978), 1048-1064. Google Scholar
- 21 HALL, A. Seven myths of fbrmal methods. IEEE Software 7, 9 (Sept. 1990). Google Scholar
- 22 ItUDAK, P. Conception, evolution, and application of functional programming languages ACM Comput. Surv. 3, 3 (Sept. 1989), 359-411. Google Scholar
- 23 HUNT JR., W.A. The mechanical verification of a microprocessor design. In HDL Descrzptmns to Guaranted Correct C~rcuit Designs. D. Borrione, Ed., Elsevier (North Holland), 1987.Google Scholar
- 24 JA~N, P. AND GOPALAKRISHNAN, G. Some techniques for efficmnt symbolic simulation based verification. In International Conference on Computer Design (ICCD), (Oct. 1992). Google Scholar
- 25 JEFFERSON, D. R. Virtual time. ACM Trans. Program. Lang. Syst. 7, 3 (July 1985), 404 425. Google Scholar
- 26 SRIV^S, M. AND BICKFORD, M. Formal verification of a pipelined microprocessor. IEEE Software 7, 9 (Sept. 1990). Google Scholar
- 27 WrtsE, D. Automatic formal verification of synchronous MOS VLSI designs. PhD thesis, Dept. of EE and CS, MIT, 1986.Google Scholar
- 28 WOOD, D. A., GtBSON, G. A., AND KATZ, R. H. Verifying a multiprocessor cache controller using random test generation. IEEE Destgn& Test of Computers, Aug. 1990. Google Scholar
Index Terms
- Design and verification of the Rollback Chip using HOP: a case study of formal methods applied to hardware design
Recommendations
Formal verification in hardware design: a survey
In recent years, formal methods have emerged as an alternative approach to ensuring the quality and correctness of hardware designs, overcoming some of the limitations of traditional validation techniques such as simulation and testing.
There are two ...
Formal verification of SystemCFLspecifications using SPIN
MINO'06: Proceedings of the 5th WSEAS international conference on Microelectronics, nanoelectronics, optoelectronicsThe formal language SystemCFL is the formalization of SystemC. The language semantics of SystemCFL was formally defined in a standard structured operational semantics (SOS) style. For verification purposes, in this paper, we present an approach to use ...
Scalable Software Model Checking Using Design for Verification
Verified Software: Theories, Tools, ExperimentsThere has been significant progress in automated verification techniques based on model checking. However, scalable software model checking remains a challenging problem. We believe that this problem can be addressed using a design for verification ...
Reviews
Erik F. Dirkx
The advantages and disadvantages of top-down hardware design methodologies based on the formal verification of transitions to subsequent design steps are illustrated in detail. The methodology is illustrated on a nontrivial example: a Rollback accelerator chip to improve the performance of distributed (discrete) simulations. The fundamental novel idea of the approach discussed in this paper is the combination of designer experience with respect to optimal performance of digital circuits with formal techniques by not trying to build a compiler to automate the conversion from a higher level to a lower level, but doing the design manually and then verifying this implementation at a lower level against the higher-level specification semiautomatically. It is also clear that this is how the design was done: one author, Fujimoto, has a lot of design and application experience, and the other is knowledgeable in the field of formal techniques. A good informal and formal description of the Rollback Chip is given, although some knowledge of its application field (distributed discrete event simulation) will help the reader understand its function. Although an introductory description of Miranda is given, the use of the dedicated language HOP sometimes makes it difficult for readers unfamiliar with this specific language to understand the details. The use of such a language also illustrates that no standard (de facto or other wise) exists in this field and that a lot more research is needed in order to identify key features to be supported by a general-purpose hardware description language. The core of the paper is also a good illustration of the strategy of top-down stepwise refinement in hardware design. The authors give a timing estimate of the parts of their work so that the increases in productivity from their method (once it is learned), both in design time and in the quality of the end result, are quantified. The paper is definitely oriented toward researchers and fulfills its purpose for this audience. Its length is good, although readers unfamiliar with Miranda might appreciate a more elaborate introduction to this language and HOP. T he best feature of this paper is its completeness in giving a detailed overview of the authors' design process and methodology. A disadvantage could be that advanced knowledge of distributed discrete simulation and functional (hardware) description languages is almost required, but this requirement should be seen in the context of the intended audience of specialists and researchers in this field. The references and the physical presentation are good.
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments