Formal verification by symbolic evaluation of partially-ordered trajectories
Formal Methods in System Design - Special issue on symbolic model checking
Integrating formal verification methods with a conventional project design flow
DAC '96 Proceedings of the 33rd annual Design Automation Conference
The SGI Origin: a ccNUMA highly scalable server
Proceedings of the 24th annual international symposium on Computer architecture
The Formal Design of 1M-gate ASICs
FMCAD '98 Proceedings of the Second International Conference on Formal Methods in Computer-Aided Design
A Compositional Rule for Hardware Design Refinement
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Verification of an Implementation of Tomasulo's Algorithm by Compositional Model Checking
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
Using Formal Verification/Analysis Methods on the Critical Path in System Design: A Case Study
Proceedings of the 7th International Conference on Computer Aided Verification
System Overview of the SGI Origin 200/2OOO Product Line
COMPCON '97 Proceedings of the 42nd IEEE International Computer Conference
Origin System Design Methodology and Experience: lM-gate ASICs and Beyond
COMPCON '97 Proceedings of the 42nd IEEE International Computer Conference
Formal Design of Cache Memory Protocols in IBM
Formal Methods in System Design
Formal verification of an ASIC ethernet switch block
Proceedings of the 2010 Conference on Formal Methods in Computer-Aided Design
| Hi-index | 0.00 |
Refinement of a directory based cache coherence protocolspecification, to a pipelined hardware implementation is described.The hardware that is analyzed is the most complex part of a 1M-gateASIC. The design consists of 30,000 lines of synthesizable registertransfer-level verilog code, amounting to approximately 200,000 gates.The design contains a pipeline that is 5 levels deep and approximately150 bits wide. It has a 16 entry, 150 bit wide, context addressablememory (CAM), and includes a 256 × 72 bit RAM. Refinement mapsrelate the behavior of the high-level protocol model to the hardwareimplementation. The Cadence Berkeley Labs SMV model checker was usedto create the maps and to prove their correctness. There areapproximately 1500 proof obligations. The formal model has been usedfor three tasks. First, to formally diagnose, and then fix brokenfeatures in a legacy version of the design. Second, to integrate thelegacy sub-system design with a new system design. Finally, it hasbeen used to formally design additional sub-system features requiredfor the new system design. The same hardware designer enhanced thedesign, created the refinement maps, and formally proved thecorrectness of the refinements.