ABSTRACT
We describe a technique for verifying that a hardware design correctly implements a protocol-level formal specification. Simulation steps are translated to protocol state transitions using a refinement map and then verified against the specification using a model checker. On the specification state space, the model checker collects coverage information and identifies states violating certain properties. It then generates protocol-level traces to these coverage gaps and error states. This technique was applied to the multiprocessing hardware of the Alpha 21364 microprocessor and the cache coherence protocol. We were able to generate an error trace which exercised a bug in the implementation that had not been discovered before a prototype was built.
- H. Akhiani, D. Doligez, P. Harter, L. Lamport, M. Tuttle, and Y. Yu. TLA Verification of Cache-Coherence Protocols http://research.microsoft.com/users/lamport/tla/fm99.pz.Z.]]Google Scholar
- P.-H. Ho, T. R. Shiple, K. Harer, J. H. Kukula, R. Damiano, V. Bertacco, J. Taylor, and J. Long. Smart simulation using collaborative formal and simulation engines. In Proc. Intl. Conf. on Computer-Aided Design, pages 120--126, Nov. 2000.]] Google ScholarDigital Library
- O. Lachish, E. Marcus, S. Ur, and A. Ziv. Hole analysis for functional coverage data. In Proc. 2002 Design Automation Conference, 39th DAC, pp. 807--812, 2002.]] Google ScholarDigital Library
- L. Lamport. Specifying Systems: The TLA Language and Tools for Hardware and Software Engineers. Addison/Wesley, 2002.]] Google ScholarDigital Library
- S. Park and D. L. Dill. Verification of Cache Coherence Protocols by Aggregation of Distributed Transactions. In Theory Comput. Systems, Vol. 31, pp. 355--376, 1998]]Google ScholarCross Ref
- K. Shimizu and D. L. Dill. Deriving a Simulation Input Generator and a Coverage Metric from a Formal Specification In Proc. 2002. Design Automation Conference, 39th DAC, pp. 801--806, 2002.]] Google ScholarDigital Library
- Y. Yu, P. Manolios, and L. Lamport. Model checking TLA specifications. In Proc. IFIP Working Conference on Correct Hardware Design and Verification Methods, CHARME, Lecture Notes in Computer Science 1703, pp. 54--66, 1999.]] Google ScholarDigital Library
Index Terms
- Using a formal specification and a model checker to monitor and direct simulation
Recommendations
The software model checker Blast: Applications to software engineering
Blast is an automatic verification tool for checking temporal safety properties of C programs. Given a C program and a temporal safety property, Blast either statically proves that the program satisfies the safety property, or provides an execution path ...
Formal verification of ASMs using MDGs
We present a framework for the formal verification of abstract state machine (ASM) designs using the multiway decision graphs (MDG) tool. ASM is a state based language for describing transition systems. MDG provides symbolic representation of transition ...
Model Checking Complete Requirements Specifications Using Abstraction
Although model checking has proven remarkably effective in detecting errors in hardware designs, its success in the analysis of software specifications has been limited. Model checking algorithms for hardware verification commonly use Binary Decision ...
Comments