Using a Formal Specification and a Model Checker to Monitor and Guide Simulation Verifying the Multiprocessing Hardware of the Alpha 21364 Microprocessor Serdar Tasiran Koç University, Istanbul, Turkey (formerly Compaq/HP Systems Research Center) Yuan Yu (Microsoft Research, formerly Compaq) Brannon Batson (Intel, formerly Compaq)
Using a Formal Specification and a Model Checker to Monitor and Guide Simulation Verifying the Multiprocessing Hardware of the Alpha 21364 Microprocessor. Serdar Tasiran - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Using a Formal Specification and a Model Checker
to Monitor and Guide Simulation
Verifying the Multiprocessing Hardware of the Alpha 21364 Microprocessor
Description of sDescription of systemystemto be verifiedto be verified::- Finite state machineFinite state machine- Code written in a hardware Code written in a hardware description languagedescription language
SpecificationSpecification::-Temporal logic formulaTemporal logic formula- Algorithm- or protocol-level Algorithm- or protocol-level description for designdescription for design
YesYes
NoNo
Error traceError trace
G(p F q)p
q
Simulation vs. Formal VerificationSimulation vs. Formal Verification SimulationSimulation
• Not completeNot complete• Need to generate Need to generate
expected behaviorexpected behavior• Difficult to cover corner Difficult to cover corner
casescases• CPU intensiveCPU intensive
– have to run billions of have to run billions of cyclescycles
• Can handle large Can handle large systemssystems
Formal VerificationFormal Verification• Complete wrt specificationComplete wrt specification• No need to generate expected No need to generate expected
behaviorbehavior• Corner cases are Corner cases are
automatically taken care ofautomatically taken care of• Most of the state-of-the-art Most of the state-of-the-art
methods are memory methods are memory intensiveintensive
• Memory usage is strongly Memory usage is strongly related with the size of related with the size of systems to be verifiedsystems to be verified
Exploring the State Space of an Exploring the State Space of an FSMFSM
• Implicit methods: Representsets of states with decision diagrams
• Representation size not proportional to number of states• But still memory limited
10 stars11
10 transistors
10 states
7
100,000
The Moral …
Verification is a serious problem Formal verification methods are great, but not practical
yet on complex systems Simulation is practical, but can’t provide strong enough