What are Formal Verification Methods Mathematically based languages, techniques and tools for specifying and verifying systems Language – Clear unambiguous specification Techniques – Complete rigorous analysis Tools – Automation/Interaction, User friendly, power to reason effectively using the techniques Prove – –derived properties of the spec. –Correspondence of spec. and the design.

The central dogma of Formal Verification Formal Methods (+ missing properties)

Motivation For Formal Verification Pentium Processor Division bug – Cost of Replacement $ 475 million!! Classical Debugging of systems too slow Classical debugging of proofs too slow –May take decades Formal Verification techniques are guaranteed to finish in reasonable time.

Various Approaches to Formal Verification BehaviorRTLLogicCircuit Functional Design Verification Implementation Verification Boolean Algebra ODEs (Ordinary Diff. Eqns) Simulation (test vector) Based Verification RTL Simulation Gate Simulation Circuit Simulation Physical Issues Simulation Behavoral Simulation Formal Verification -Model Checking “State Space Explosion” -Capabilities constrained by the size of the system. “State Space Explosion” -Equivalence Checking -Compare gate level implementation with RTL representation -Theorem Proving -general purpose mathematical language and support for stating and proving theorems

Various Formal Verification Tools Theorem Provers –PVS (SRI) –Used for Space Shuttle Control, DoD and now at SMU! –Isabelle/HOL (Cambridge, Munich) –used for Floating Point Verification at Intel –ACL2 (Texas) –Used for Floating Point Verification at AMD Model Checkers –SPIN (Bell Labs), Murphi (Stanford), SMV (Cadence / Carnegie-Mellon)

The Big Picture Why Formal Verification? Catch bugs early in design. Avoid detecting bugs too late Exhaustively explore all scenarios Cost Efficient Guaranteed to keep spec and model in sync.

Formal Verification of Hardware Motivation –Hardware becoming more complex –Currently formal verification of hardware is an exotic art. –Urgent need to develop effective and easily extensible formal techniques for high performance hardware –Formal Verification of high performance hardware is therefore the main focus of the team

Theorem Provers general purpose mathematical language and support for stating and proving theorems Hardware designs described by mathematical definitions correctness is established by phrasing and proving appropriate theorems. provide a wider range of reasoning techniques. obvious advantage over model checking as they can handle larger and more complex problems.

Versatile Higher Order Logic Why opt for PVS? Mathematical and Logical Reasoning Propositional Simplification Strategies Induction Proof Rewriting

The PVS sphere of influence PVS PVS Bitvector Library (NASA/SRI) Facilitate easy representation and demonstrate the properties of bit vectors. Fundamental step in hardware verfication Pipelined out of order processor. Formally verified processor using Tomasulo scheduling VAMP Project (Our colleagues at Saarbrucken) Formally verified pipelined microprocessor using formally verified basic components Pvs2hdl !! (Saarbrucken) Obtain verilog code from specifications formally verified in PVS

But there are problems… Getting over the learning curve “PVS is a large and complex system and it takes a while to learn and use it effectively. You should be prepared to invest 6 months to become a moderately skilled user” -- a quote on the SRI website Room for improvement because “high school” math not formalized and automatic.

The effort so far… Aug 03 – Sep 03 Sep 03 – Oct 03 Oct 03 – Dec 03Dec 03 - Current Verification with PVS Extract Proof Strategies from VAMP Commence Verification of Hi-Performance Adder Develop Redundant Arithmetic Library + Adder/Multiplier Investigate Various Formal Verification Tools Dec 02 – July 03

Formal Verification of High Performance Hardware Designs High performance designs – very complex Use of redundancy, concurrent paths. Very few people working in high performance design verification Fast design or Correct design? Do you want to choose?

High Performance FP Adder with fast rounding algorithm

Present Status Work began on R path second cycle – –Verification of the state-of-the-art IEEE rounding algorithm for HO FP addition Done with writing the specification of the components of R-2C Done proving correctness of individual components. Yet to verify top level schematic for R-2C (focus for March/April 2004 – FMCAD’04)

Need for formal verification of redundant representations In the design and verification of redundant representations, value of the representation is not everything. Redundant Represention Binary Compression (CPA Adder) Binary representation Operation On Binary Representation Operation on Redundant representation Partial Compression Same result Same Result Different Representations Of the same value Conversion overhead

Towards a Redundant Representation Library in PVS Fundamental step in the verification process of high speed designs –High-Speed Multiplier Recoding, –Leading zero prediction, –Comparison of redundant numbers, –Online arithmetic, –etc… A pioneering effort Library for Designs based on Carry-Save & Borrow-Save Numbers