ML for the working programmer (2nd ed.)
ML for the working programmer (2nd ed.)
Symbolic Trajectory Evaluation
Formal Hardware Verification - Methods and Systems in Comparison
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
| Hi-index | 0.00 |
Formal verification of microprocessor components has been pursued in Intel processor development projects in various forms for over a decade. Usually formal verification has been used to supplement more traditional coverage oriented testing activities. For the Intel® Core™ i7 design we took a step further and used formal verification as the primary validation vehicle for the core execution cluster, the component responsible for the functional behaviour of all microinstructions.We applied symbolic simulation based formal verification techniques for full datapath, control and state validation for the cluster, and dropped coverage driven testing entirely. The project, involving some twenty person years of verification work, is one of the most ambitious formal verification efforts in the hardware industry to date, and shows that under the right circumstances, full formal verification of a major design component is a feasible, industrially viable and competitive validation approach. Technically the verification work was carried out in the Forte verification framework, originally built on top of the Voss system. It is based on a strongly typed ML-like lazy functional programming language reFLect. Most of the verification code is written in reFLect: specifications, whether they are functional specifications or relational constraints, verification facilities, analysis routines etc. The execution of an individual verification task in the framework amounts to the evaluation of a reFLect program, and the entire verification initiative involves significant software engineering aspects. In the reFLect language binary decision diagrams are first-class objects: the type Bool includes not just the constants T and F, but arbitrary BDD's. For verification purposes, a very important feature of the language is that it allows symbolic evaluation of objects containing BDD's and symbolic circuit simulation using BDD's. Similar facilities exist for non-canonical graph representations of Booleans, used for interfacing with satisfiability solvers.