Dominique Borrione

Proven correct monitors from PSL specifications

We developed an original method to synthesize monitors from declarative specifications written in the PSL standard. Monitors observe sequences of values on their input signals, and check their conformance to a specified temporal expression. Our method implements both the weak and strong versions of PSL FL operators, and has been proven correct using the PVS theorem proven This paper discusses the salient aspects of the proof of our prototype implementation for on-line design verification

Formal verification of VHDL descriptions in the Prevail environment

Prevail, a formal verification environment for proving the equivalence of two very-high-speed integrated circuit hardware description language (VHDL) design architectures, is described. For simple bit-level combinational descriptions, the environment calls upon a tautology checker. For parameterized repetitive structures and for more abstract sequential designs, the program translates descriptions into recursive functions according to predefined templates and generates a theorem acceptable to the Bover-Moore theorem prover. The specification, implementation, and functional representation of a sequential example are presented.<<ETX>>

Design error diagnosis in sequential circuits

We present a new diagnostic algorithm for localising design errors in sequential circuits. The specification and the implementation may have different number of state variables, and different state encoding. The algorithm is based on the new concept of possible next states describing the possible states of the circuit due to the existence of the error. Results obtained on benchmark circuits show that the error is always found, with an execution time proportional to the product of the circuit size, and the length of the test sequences used.

A formal approach to the verification of networks on chip

The current technology allows the integration on a single die of complex systems-on-chip (SoCs) that are composed of manufactured blocks (IPs), interconnected through specialized networks on chip (NoCs). IPs have usually been validated by diverse techniques (simulation, test, formal verification) and the key problem remains the validation of the communication infrastructure. This paper addresses the formal verification of NoCs by means of a mechanized proof tool, the ACL2 theorem prover. A metamodel for NoCs has been developed and implemented in ACL2. This metamodel satisfies a generic correctness statement. Its verification for a particular NoC instance is reduced to discharging a set of proof obligations for each one of the NoC constituents. The methodology is demonstrated on a realistic and state-of-the-art design, the Spidergon network from STMicroelectronics.

A method for automatic design error location and correction in combinational logic circuits

We present a new diagnostic algorithm, based on backward-propagation, for localising design errors in combinational logic circuits. Three hypotheses are considered, that cover all single gate replacement and insertion errors. Diagnosis-oriented test patterns are generated in order to rapidly reduce the suspected area where the error lies. The originality of our method is the use of patterns which do not detect the error, in addition to detecting patterns. A theorem shows that, in favourable cases, only two patterns suffice to get a correction. We have implemented the test generation and diagnosis algorithms. Results obtained on benchmarks show that the error is always found, after the application of a small number of test patterns, with an execution time proportional to the circuit size.

A Generic Model for Formally Verifying NoC Communication Architectures: A Case Study

Networks on chip are emerging as a promising solution for the design of complex systems on a chip, to interconnect manufactured IP cores, and the need to formally guarantee their correctness is crucial. In a NoC centered design, the individual IPs are considered already validated. This paper addresses the validation of the communication infrastructure. A generic formal model for NoCs has been developed and implemented in the ACL2 theorem prover. As an application, the HERMES network has been formalized in this model, and we show that both formal proofs and simulation experiments can be performed in ACL2

A functional formalization of on chip communications

This paper presents a formal model and a systematic approach to the validation of communication architectures at a high level of abstraction. This model is described mathematically by a function, named GeNoC. The correctness of GeNoC is expressed as a theorem, which states that messages emitted on the architecture reach their expected destination without any modification of their content. The model identifies the key constituents common to all on chip communication architectures, and their essential properties from which the correctness theorem is deduced. Each constituent is represented by a function that has no explicit definition but is constrained to satisfy the essential properties. Thus, the validation of a particular architecture is reduced to the proof that its concrete definition satisfies the essential properties. In practice, the model has been defined in the logic of the ACL2 theorem proving system. We illustrate our approach on several architectures that constitute concrete instances of the generic GeNoC model. Some of these applications come from industrial designs, such as the AMBA AHB bus or the Octagon network from ST Microelectronics.

Semantics of a verification-oriented subset of VHDL

This paper gives operational semantics for a subset of VHDL in terms of abstract machines. Restrictions to the VHDL source code are the finiteness of data types, and the absence of quantitative timing informations. The abstract machine of a design unit is built by composition of the abstract machines for its embedded processes and blocks. The kernel process in our model is distributed among the composed machines. One transition of the final abstract machine models a VHDL delta cycle. This model can be used for symbolic model checking and equivalence verification.

Towards a formal theory of on chip communications in the ACL2 logic

This paper is devoted to the expression for a formal theory of communication networks in the ACL2 logic. More precisely, we have developed a generic model called GeNoC, in a general mathematical notation, with the use of quantification over variables as well as over functions. We present here its expression in the first order quantifier free logic of the ACL2 theorem prover. We describe our systematic approach to cast it into ACL2, especially how we use the encapsulation principle to obtain a systematic methodology to specify and validate on chip communications architectures. We summarize the different instances of GeNoC developed so far in ACL2, some come from industrial designs. We illustrate our approach on an XY routing algorithm.

On-line assertion-based verification with proven correct monitors

In the context of embedded systems design, the authors developed an original method for generating hardware that monitors signals whose behavior is specified by logical and temporal properties written in PSL. The method is based on a library of primitive digital components, and a technique to interconnect them, both formally proven correct with respect to the mathematical semantics of PSL. The resulting digital module can be properly connected to the signals of the design under scrutiny. Monitoring runs concurrently with the observed signals, and notifies its environment whether the property checking is terminated or is still pending. A prototype implementation on a FPGA platform provides enough execution efficiency to allow the verification of a system on a chip running its own software. In this method, on-line monitoring imposes a circuit overhead that increases gracefully with the number of nested PSL operators, and the upper bound of the temporal observation window after property triggering