Mark D. Aagaard

Formal verification using parametric representations of Boolean constraints

We describe the use of parametric representations of Boolean predicates to encode data-space constraints and significantly extend the capacity of formal verification. The constraints are used to decompose verifications by sets of case splits and to restrict verifications by validity conditions. Our technique is applicable to any symbolic simulator. We illustrate our technique on state-of-the-art Intel(R) designs, without removing latches or modifying the circuits in any way.

The formal verification of a pipelined double-precision IEEE floating-point multiplier

Floating-point circuits are notoriously difficult to design and verify. For verification, simulation barely offers adequate coverage, conventional model-checking techniques are infeasible, and theorem-proving based verification is not sufficiently mature. In this paper we present the formal verification of a radix-eight, pipelined, IEEE double-precision floating-point multiplier. The verification was carried out using a mixture of model-checking and theorem-proving techniques in the Voss hardware verification system. By combining model-checking and theorem-proving we were able to build on the strengths of both areas and achieve significant results with a reasonable amount of effort.

Combining theorem proving and trajectory evaluation in an industrial environment

We describe the verification of the IM: a large, complex (12000 gates and 1100 latches) circuit that detects and marks the boundaries between Intel architecture (IA-32) instructions. We verified a gate-level model of the IM against an implementation-independent specification of IA-32 instruction lengths. We used theorem proving to to derive 56 model-checking runs and to verify that the model-checking runs imply that the IM meets the specification for all possible sequences of IA-32 instructions. Our verification discovered eight previously unknown bugs.

The Simeck Family of Lightweight Block Ciphers

Two lightweight block cipher families, Simon and Speck, have been proposed by researchers from the NSA recently. In this paper, we introduce Simeck, a new family of lightweight block ciphers that combines the good design components from both Simon and Speck, in order to devise even more compact and efficient block ciphers. For Simeck32/64, we can achieve 505 GEs (before the Place and Route phase) and 549 GEs (after the Place and Route phase), with the power consumption of 0.417 \(\mu W\) in CMOS 130 nm ASIC, and 454 GEs (before the Place and Route phase) and 488 GEs (after the Place and Route phase), with the power consumption of 1.292 \(\mu W\) in CMOS 65 nm ASIC. Furthermore, all of the instances of Simeck are smaller than the ones of hardware-optimized cipher Simon in terms of area and power consumption in both CMOS 130 nm and CMOS 65 nm techniques. In addition, we also give the security evaluation of Simeck with respect to many traditional cryptanalysis methods, including differential attacks, linear attacks, impossible differential attacks, meet-in-the-middle attacks, and slide attacks. Overall, all of the instances of Simeck can satisfy the area, power, and throughput requirements in passive RFID tags.

Practical formal verification in microprocessor design

Practical application of formal methods requires more than advanced technology and tools; it requires an appropriate methodology. A verification methodology for data-path-dominated hardware combines model checking and theorem proving in a customizable framework. This methodology has been effective in large-scale industrial trials, including verification of an IEEE-compliant floating-point adder.

Non-Restoring Integer Square Root: A Case Study in Design by Principled Optimization

Theorem proving techniques are particularly well suited for reasoning about arithmetic above the bit level and for relating different levels of abstraction. In this paper we show how a non-restoring integer square root algorithm can be transformed to a very efficient hardware implementation. The top level is a Standard ML function that operates on unbounded integers. The bottom level is a structural description of the hardware consisting of an adder/subtracter, simple combinational logic and some registers. Looking at the hardware, it is not at all obvious what function the circuit implements. At the top level, we prove that the algorithm correctly implements the square root function. We then show a series of optimizing transformations that refine the top level algorithm into the hardware implementation. Each transformation can be verified, and in places the transformations are motivated by knowledge about the operands that we can guarantee through verification. By decomposing the verification effort into these transformations, we can show that the hardware design implements a square root. We have implemented the algorithm in hardware both as an Altera programmable device and in full-custom CMOS.

Divider Circuit Verification with Model Checking and Theorem Proving

Most industrial-size hardware verification problems are amenable to neither fully automated nor fully manual hardware verification methods. However, combinations of these two extremes, human-constructed proofs with automatically verified lower-level steps, seem to offer great promise. In this paper we discuss a formal verification case study based on such a combination of theorem-proving and model-checking techniques. The case study addresses the correctness of a floating-point divider unit of an Intel IA-32 microprocessor. The verification was carried out in the Forte framework, which consists of a general-purpose theorem-prover, ThmTac, on top of a symbolic trajectory evaluation based model-checking engine. The correctness of the circuit was formulated and decomposed to smaller, automatically model-checkable, statements in a pre/postcondition framework. The other key steps of the proof involved relating bit vectors to integer arithmetic and general arithmetic reasoning.

A Methodology for Large-Scale Hardware Verification

We present a formal verification methodology for datapath-dominated hardware. This provides a systematic but flexible framework within which to organize the activities undertaken in large-scale verification efforts and to structure the associated code and proof-script artifacts. The methodology deploys a combination of model checking and lightweight theorem proving in higher-order logic, tightly integrated within a general-purpose functional programming language that allows the framework to be easily customized and also serves as a specification language. We illustrate the methodology--which has has proved highly effective in large-scale industrial trials--with the verification of an IEEE-compliant, extended precision floating-point adder.

A framework for superscalar microprocessor correctness statements.

Abstract.Most verifications of superscalar, out-of-order microprocessors compare state-machine-based implementations and specifications, where the specification is based on the instruction-set architecture. The different efforts use a variety of correctness statements, implementations, and verification approaches. We present a framework for classifying correctness statements about safety properties of superscalar microprocessors. Our framework is independent of the implementation representation and verification approach, and is parameterized by the width of the processor. We characterize the relationships between the correctness statements of many different efforts and also illustrate how classical approaches to microprocessor verification fit within our framework.

High level synthesis and generating FPGAs with the BEDROC system

Bedroc is a digital hardware synthesis system that automatically translates a behavioral description written in a hardware description language to field programmable gate arrays.Bedroc allows designers to specify their designs at a very high level of abstraction, and compile them into designs that can be realized in one of many different technologies. It can synthesize a wide variety of synchronous designs including signal processing applications, arithmetic applications, and general purpose processors. An additional aim of theBedroc project is to incorporate formal methods into the hardware synthesis process. By verifying the algorithms used for synthesis instead of the synthesized designs, we give the designer many of the benefits of formal methods without their having to learn new techniques. We have usedBedroc to synthesize several circuits from the High Level Synthesis Workshop benchmarks, including a wave digital elliptic filter.