Skip to main content

Correct Hardware Design Methodology: Towards Formal Design and Verification for Provably Correct VLSI Hardware

Objective

Functional verification is the bottleneck of VLSI design systems. For economic and industrial reasons, VLSI circuit designs must be completely validated before manufacturing begins. Current VLSI validation is done mainly through simulation with a limitedset of test stimuli. This does not guarantee correctness.
Formal verification methods, on the other hand, are analytic, and have the potential to guarantee the correctness of implemented circuits. Most formal verification approaches, however, suffer from complexity.
The aim of the CHARME Action was to investigate which verification approaches are appropriate for particular classes of hardware designs and specific levels of abstraction in the hardware design trajectory.
A suite of promising methods for formal very large scale integration (VLSI) hardware verification has been investigated, resulting in a methodology of 'design for verifiability' with the appropriate verification algorithms and methods for all levels of abstraction, ranging from the transistor switch up to the instruction level. This technology will enable VLSI designers to prove their designs correct before production begins.

Based on a suite of benchmark circuits, with representations at several levels of abstraction, different verification methods were investigated. The benchmark circuits consist of combinatorial logic, controllers, finite state machines, multipliers, arithmetic logic units (ALU), parameterized module generators, and microprocessors. The levels of abstraction considered were metal oxide semiconductor (MOS) transistor, structural register transfer, behavioural register transfer, and microprogram, microinstruction and instruction.
To verify the correctness of the specification versus the implementations at these levels, a number of basic verification techniques were used: Boolean provers, proof of automata, and general purpose theorem provers. These support verification at the following levels: microprogramme architecture, structural register transfer (RT) versus behavioural RT, and RT versus switch level.

Different aspects in the area of the formal verification of very large scale integration (VLSI) hardware have been studied. Formal verification, given the appropriate methodologies, algorithms and formalisms, will find its place in actual computer aided design (CAD) systems for industrial hardware designs. Research results include a link-up of formal verification tools to the computer hardware description language VHDL as well as the demonstrated formal verification of actual VLSI chips of over 32 000 transistors from the layout up to high level algorithmic specifications. This is the largest full verification of a complete integrated circuit done thus far.
APPROACH AND METHODS
Based on a suite of benchmark circuits, with representations at several levels of abstraction, different verification methods were investigated. The benchmark circuits consist of combinatorial logic, controllers, finite state machines, multipliers, arithmetic logic units (ALUs), parameterised module generators, and microprocessors. The levels of abstraction considered were MOS transistor, structural register transfer, behavioural register transfer, and microprogram, micro-instruction and instruction.To verify the correctness of the specifications versus the implementations at these levels, a number of basic verification techniques were used: Boolean provers, proof of automata, and general-purpose theorem-provers. These support verification at the following levels: microprogramme architecture, structural register transfer (RT) versus behavioural RT, and RT versus switch level.
PROGRESS AND RESULTS
The Action has concentrated on the behavioural correctness verification, as follows:
-Transistor switch-level circuits extracted from the layout are used as the starting point. Symbolic analysis techniques that model different transistor strengths and node sizes have been developed and implemented, including appropriate modelling of thebi-directional characteristics of MOS transistors.
-An efficient OBDD package, TAUTO, has been implemented and successfully compared with other top-level packages. TAUTO is used as a basic abstract data type in other verification tools of the Action.
-An RT-versus-RT verification tool, LOVERT, has been developed.
-Efficient algorithms for FSM specification versus implementation checking using implicit as well as symbolic enumeration methods have been developed and benchmarked.
-The Boyer-Moore theorem-prover has been integrated in a CAD system for the formal verification of high-level synthesis libraries and parameterised hardware modules from layout up to specification (for the complete range of allowable parameters).
-A translation has been realised from VHDL to the verification tools LOVERT, TACHE and Boyer-Moore.
-A comparison has been made between Boyer-Moore and HOL for the verification of generic datapath-dominated hardware.
-The OTTER resolution-based theorem provers have been investigated for hardware verification.
-A micro instruction specification editor, micro-SPEED, has been implemented.
-A first prototype of the CIRCAL system, based on the concept of process algebras, has been implemented. XCIRCAL, a user-friendly language, has been defined and implemented.
-Aspects of design for verificability rules, as well as design for verificability methodologies, have been worked out.
-The SFG-Tracing methodology for the specification versus implementation verification has been defined and applied to the correctness verification from high-level algorithm specifications down to layout-extracted transistor circuits. This has been succes sfully used in the full formal proof of a 32000 transistor modem chip.
POTENTIAL
By using similar design applications on different levels and employing different approaches, this Action will result in the determination of methodologies for enabling provably correct VLSI hardware. Proving hardware correct during the design stage, and the resulting avoidance of errors, will result in the quick introduction of competitive products onto the market.

Coordinator

INTERUNIVERSITAIR MIKROELEKTRONICA CENTRUM
Address
Kapeldreef, 75
3030 Heverlee
Belgium

Participants (4)

POLITECNICO DI TORINO
Italy
Address
Corso Duca Degli Abruzzi 24
10129 Torino
Technische Hochschule Darmstadt
Germany
Address
Merkstraße 25
64283 Darmstadt
UNIVERSITY OF STRATHCLYDE
United Kingdom
Address
16 Richmond Street
G1 IXQ Glasgow
Université d'Aix-Marseille I (Université de Provence)
France
Address
3 Place Victor Hugo
13331 Marseille