Formal verification by symbolic evaluation of partially-ordered trajectories
Formal Methods in System Design - Special issue on symbolic model checking
Integrating formal verification methods with a conventional project design flow
DAC '96 Proceedings of the 33rd annual Design Automation Conference
The SGI Origin: a ccNUMA highly scalable server
Proceedings of the 24th annual international symposium on Computer architecture
A Compositional Rule for Hardware Design Refinement
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Verification of an Implementation of Tomasulo's Algorithm by Compositional Model Checking
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
Using Formal Verification/Analysis Methods on the Critical Path in System Design: A Case Study
Proceedings of the 7th International Conference on Computer Aided Verification
System Overview of the SGI Origin 200/2OOO Product Line
COMPCON '97 Proceedings of the 42nd IEEE International Computer Conference
Origin System Design Methodology and Experience: lM-gate ASICs and Beyond
COMPCON '97 Proceedings of the 42nd IEEE International Computer Conference
High-confidence design for security: don't trust—verify
Communications of the ACM
Formal specification and verification of a dataflow processor array
ICCAD '99 Proceedings of the 1999 IEEE/ACM international conference on Computer-aided design
The Formal Design of 1M-gate ASICs
Formal Methods in System Design - Special issue on formal methods for computer-added design
Types as models: model checking message-passing programs
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Decomposing refinement proofs using assume-guarantee reasoning
Proceedings of the 2000 IEEE/ACM international conference on Computer-aided design
Bisimulation Minimization and Symbolic Model Checking
Formal Methods in System Design
A Methodology for Large-Scale Hardware Verification
FMCAD '00 Proceedings of the Third International Conference on Formal Methods in Computer-Aided Design
Verification of Infinite State Systems by Compositional Model Checking
CHARME '99 Proceedings of the 10th IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Verification Methods
Applications of Hierarchical Verification in Model Checking
CHARME '01 Proceedings of the 11th IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Verification Methods
Parameterized Verification of the FLASH Cache Coherence Protocol by Compositional Model Checking
CHARME '01 Proceedings of the 11th IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Verification Methods
A Behavioral Module System for the Pi-Calculus
SAS '01 Proceedings of the 8th International Symposium on Static Analysis
An Algorithmic Approach to Design Exploration
FME '02 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods - Getting IT Right
Automating Formal Modular Verification of Asynchronous Real-Time Embedded Systems
VLSID '03 Proceedings of the 16th International Conference on VLSI Design
Encyclopedia of Computer Science
| Hi-index | 0.02 |
We describe the refinement of a directory based cache coherence protocol specification, to a pipelined hardware implementation. The hardware that is analyzed is the most complex part of a 1M-gate ASIC. The design consists of 30000 lines of synthesizable register transfer-level verilog code. The design contains a pipeline that is 5 levels deep and approximately 150 bits wide. It has a 16 entry, 150 bit wide, context addressable memory (CAM), and has a 256x72 bit RAM. Refinement maps relate the high-level protocol model to the hardware implementation. We used the Cadence Berkeley Labs SMV model checker to create the maps and to prove their correctness. There are approximately 2000 proof obligations. The formal model has been used for three tasks. First, to formally diagnose, and then fix broken features in a legacy version of the design. Second, to integrate the legacy sub-system design with a new system design. Finally, it has been used to formally design additional subsystem features required for the new system design. The same hardware designer enhanced the design, created the refinement maps, and formally proved the correctness of the refinements.