Jerry R. Burch

Symbolic model checking: 10 20 states and beyond

A general method that represents the state space symbolically instead of explicitly is described. The generality of the method comes from using a dialect of the mu-calculus as the primary specification language. A model-checking algorithm for mu-calculus formulas which uses R.E. Bryants (1986) binary decision diagrams to represent relations and formulas symbolically is described. It is then shown how the novel mu-calculus model checking algorithm can be used to derive efficient decision procedures for CTL model checking, satisfiability of linear-time temporal logic formulas, strong and weak observational equivalence of finite transition systems, and language containment of finite omega -automata. This eliminates the need to describe complicated graph-traversal or nested fixed-point computations for each decision procedure. The authors illustrate the practicality of their approach to symbolic model checking by discussing how it can be used to verify a simple synchronous pipeline. >

Symbolic model checking for sequential circuit verification

The temporal logic model checking algorithm of Clarke, Emerson, and Sistla (1986) is modified to represent state graphs using binary decision diagrams (BDDs) and partitioned transition relations. Because this representation captures some of the regularity in the state space of circuits with data path logic, we are able to verify circuits with an extremely large number of states. We demonstrate this new technique on a synchronous pipelined design with approximately 5/spl times/10/sup 120/ states. Our model checking algorithm handles full CTL with fairness constraints. Consequently, we are able to express a number of important liveness and fairness properties, which would otherwise not be expressible in CTL. We give empirical results on the performance of the algorithm applied to both synchronous and asynchronous circuits with data path logic. >

Automatic verification of Pipelined Microprocessor Control

We describe a technique for verifying the control logic of pipelined microprocessors. It handles more complicated designs, and requires less human intervention, than existing methods. The technique automatically compares a pipelined implementation to an architectural description. The CPU time needed for verification is independent of the data path width, the register file size, and the number of ALU operations. Debugging information is automatically produced for incorrect processor designs. Much of the power of the method results from an efficient validity checker for a logic of uninterpreted functions with equality. Empirical results include the verification of a pipelined implementation of a subset of the DLX architecture.

Sequential circuit verification using symbolic model checking

The temporal logic model checking algorithm developed by Clarke, Emerson, and Sistla [9] is modified to represent a state graph using binary decision diagrams (BDDs) [4]. Because this representation captures some of the regularity in the state space of sequential circuits with data path logic, we are able to verify circuits with an extremely large number of states. We demonstrate this new technique on a synchronous pipelined design with approximately 5 x 1020 states. Our model checking algorithm handles full CTL with fairness constraints. Consequently, we are able to handle a number of important liveness and fairness properties, which would otherwise not be expressible in CTL. We give empirical results on the performance of the algorithm applied to both synchronous and asynchronous circuits with data path logic.

Representing circuits more efficiently in symbolic model checking

We significantly reduce the complexity of BDD-based symbolic verification by using partitioned transition relations to represent state transition graphs. On an example pipeline circuit, this technique reduced the verification time by an order of magnitude and the storage requirements for the transition relation by two orders of magnitude. We were also able to handle example pipelines with over l O l Z o reachable states.

Techniques for verifying superscalar microprocessors

J.R. Burch and D.L. Dill (1994) described an automatic method for verifying a pipelined processor against its instruction set architecture (ISA). We describe three techniques for improving this method. We show how the combination of these techniques allows for the automatic verification of the control logic of a pipelined, superscalar implementation of a subset of the DLX architecture.

Symbolic model checking: 10/sup 20/ states and beyond

A general method that represents the state space symbolically instead of explicitly is described. The generality of the method comes from using a dialect of the mu-calculus as the primary specification language. A model-checking algorithm for mu-calculus formulas which uses R.E. Bryants (1986) binary decision diagrams to represent relations and formulas symbolically is described. It is then shown how the novel mu-calculus model checking algorithm can be used to derive efficient decision procedures for CTL model checking, satisfiability of linear-time temporal logic formulas, strong and weak observational equivalence of finite transition systems, and language containment of finite omega -automata. This eliminates the need to describe complicated graph-traversal or nested fixed-point computations for each decision procedure. The authors illustrate the practicality of their approach to symbolic model checking by discussing how it can be used to verify a simple synchronous pipeline.<<ETX>>

Tight integration of combinational verification methods

Combinational verification is an important piece of most equivalence checking tools. In the recent past, many combinational verification algorithms have appeared in the literature. Previous results show that these algorithms are able to exploit circuit similarity to successfully verify large designs. However, none of these strategies seems to work when the two input designs are not equivalent. We present our combinational verification algorithm, with evidence, that is designed to be robust for both the positive and the negative problem instances. We also show that a tight integration of different verification techniques, as opposed to a coarse integration of different algorithm, is more effective at solving hard instances.

Efficient validity checking for processor verification

We describe an efficient validity checker for the quantifier-free logic of equality with uninterpreted functions. This logic is well suited for verifying microprocessor control circuitry since it allows the abstraction of datapath values and operations. Our validity checker uses special data structures to speed up case splitting, and powerful heuristics to reduce the number of case splits needed. In addition, we present experimental results and show that this implementation has enabled the automatic verification of an actual high-level microprocessor description.

Efficient Boolean function matching

Efficient algorithms for performing the matching step in technology mapping are proposed. The main result is an algorithm for matching under input negations that takes time polynomial in the size of the BDDs representing the functions to be matched. This algorithm is the basis for efficient methods for matching under permutations, bridging and constant inputs. A simple mapper based on the algorithms was implemented and tested on a suite of combinational circuits. Using the Actel type 1 mother cell, the mapper required an average of 8.5% fewer cells than mispga. When integrated into a more sophisticated technology mapper, the matching algorithms could provide even better performance.<<ETX>>