Automatic generation of assertions for formal verification of PowerPC microprocessor arrays using symbolic trajectory evaluation (original) (raw)
Related papers
Formal verification of PowerPC arrays using symbolic trajectory evaluation
1996
Verifying memory arrays such as on-chip caches and register files is a difficult part of designing a microprocessor. Current tools cannot verify the equivalence of the arrays to their behavioral or RTL models, nor their correct functioning at the transistor level. It is infeasible to run the number of simulation cycles required, and most formal verification tools break down due to the enormous number of state-holding elements in the arrays. The formal method of symbolic trajectory evaluation (STE) appears to offer a solution, however, STE verifies that a circuit satisfies a formula in a carefully restricted temporal logic. For arrays, it requires only a number of variables approximately logarithmic in the number of memory locations. The circuit is modeled at the switch level, so the verification is done on the actual design. We have used STE to verify two arrays from PowerPC microprocessors: a register file, and a data cache tag unit. The tag unit contains over 12,000 latches. We believe it is the largest circuit to have been formally verified, without abstracting away significant detail, in the industry. We also describe an automated technique for identifying state-holding elements in the arrays, a technique which should greatly assist the widespread application of STE
Enhanced symbolic simulation for efficient verification of embedded array systems
2003
In the past, Symbolic Trajectory Evaluation (STE) was shown to be effective for verifying individual array blocks. However, when applying STE to verify multiple array blocks together as a single system, the run-time OBDD sizes would often blow up. In this paper, we propose using a "dual-rail" symbolic simulation scheme to facilitate the application of STE proof methodology for verifying array systems. The proposed scheme implicitly partitions a given design into control domain and datapath domain, and symbolic simulation is carried out on both domains. With this scheme, the run-time OBDD sizes during the symbolic simulation for each domain can be limited. We demonstrate the effectiveness of our approach by verifying the Memory Management Unit (MMU) in Motorola high-performance microprocessors. The verification of MMU as a whole was not possible before because of the OBDD size blow-up problem when an ordinary symbolic simulator was used in the STE proof process.
Journal of Electronic Testing Theory and Applications, 1998
Test and validation of embedded array blocks remains a major challenge in today's microprocessor design environment. The difficulty comes from twofold, the sizes of the arrays and the complexity of their timing and control. This paper describes a novel test generation methodology for test and validation of microprocessor embedded arrays. Unlike traditional ATPG methods, our test generation method is based upon the high-level assertion specification which is originally used for the purpose of formal verification. The superiority of these assertion tests over the traditional ATPG tests will be discussed and shown through various experiments on recent PowerPC microprocessor designs.
Using Abstract Specifications to Verify PowerPC™ Custom Memories by Symbolic Trajectory Evaluation
Lecture Notes in Computer Science, 2001
We present a methodology in which the behavior of a switch level device is specified using abstract parameterized regular expressions. These specifications are used to generate a finite automaton representing an abstraction of the behavior of a block of memory comprised of a set of such switch level devices. The automaton, in conjunction with an Efficient Memory Model [1], [2] for the devices, forms a symbolic simulation model representing an abstraction of the array core embedded in a larger design under analysis. Using Symbolic Trajectory Evaluation, we check the equivalence between a register transfer level description and a schematic description augmented with abstract specifications for one of the custom memories embedded in the MPC7450 PowerPC processor.
Enhanced Symbolic Simulation for Functional Verification of Embedded Array Systems
Design Automation for Embedded Systems, 2003
Symbolic simulation is an effective approach for verifying individual array blocks. This paper presents two methods to enhance the capacity of symbolic simulation for handling large and complex embedded array systems. The first method combines an ATPG decision procedure with symbolic simulation. By developing a scheme that enables the ATPG to work effectively with a symbolic simulator, the run-time OBDD sizes can be limited. In the second method, we propose a “dual-rail” symbolic simulator where a given design is partitioned implicitly into control and datapath domains. Symbolic simulation is carried out simultaneously on both domains. We demonstrate and compare the effectiveness of both methods based on verification of the Memory Management Unit (MMU) in Motorola high-performance microprocessors.
Formal verification of memory arrays
1997
This research was sponsored in part by the Wright Laboratory, Aeronautical Systems Center, Air Force Materiel Command, USAF, and the Advanced Research Projects Agency (ARPA) under grant F33615-93-1-1330, by the Defense Advanced Research Projects Agency (DARPA) ...
Formal Verification Of Content Addressable Memories Using Symbolic Trajectory Evaluation
Proceedings of the 34th Design Automation Conference
In this paper we report on new techniques for verifying content addressable memories (CAMs), and demonstrate that these techniques work well for large industrial designs. It was shown in [6], that the formal verification technique of symbolic trajectory evaluation (STE) could be used successfully on memory arrays. We have extended that work to verify what are perhaps the most combinatorially difficult class of memory arrays, CAMs. We use new Boolean encodings to verify CAMs, and show that these techniques scale well, in that space requirements increase linearly, or sub-linearly, with the various CAM size parameters. In this paper, we describe the verification of two CAMs from a recent PowerPC TM microprocessor design, a Block Address Translation unit (BAT), and a Branch Target Address Cache unit (BTAC). The BAT is a complex CAM, with variable length bit masks. The BTAC is a 64-entry, 64-bits per entry, fully associative CAM and is part of the speculative instruction fetch mechanism of the microprocessor. We believe that ours is the first work on formally verifying CAMs, and we believe our techniques make it feasible to efficiently verify the variety of CAMs found on modern processors.
Experience in Validation of PowerPCTM Microprocessor Embedded Arrays
Journal of Electronic Testing, 1999
Design validation for embedded arrays remains as a challenging problem in today's microprocessor design environment. Although several methods for validating embedded arrays have been proposed, not much has been done to characterize the strengths and weaknesses of these methods. This paper provides a comprehensive study of various design validation approaches adopted at the Somerset PowerPC Design Center in the past,
An industrially effective environment for formal hardware verification
… -Aided Design of …, 2005
We describe the Forte formal verification environment for datapath-dominated hardware, which has proved effective in large-scale industrial trials. Forte combines an efficient linear-time logic model checking algorithm, symbolic trajectory evaluation, with lightweight theorem proving in higher-order logic. These are tightly integrated in a general-purpose functional programming language, which both allows the system to be easily customized and also serves as a specification language. We also describe the design philosophy behind Forte and elements of the verification methodology that make it effective in practice.