What are Formal Verification Methods

1
What are Formal Verification Methods

• Mathematically based languages, techniques and
  tools for specifying and verifying systems
• Language Clear unambiguous specification
• Techniques Complete rigorous analysis
• Tools Automation/Interaction, User friendly,
  power to reason effectively using the techniques
• Prove
• derived properties of the spec.
• Correspondence of spec. and the design.

2
The central dogma of Formal Verification
( missing properties)
Formal Methods
3
Motivation For Formal Verification

• Pentium Processor Division bug
• Cost of Replacement 475 million!!
• Classical Debugging of systems too slow
• Classical debugging of proofs too slow
• May take decades
• Formal Verification techniques are guaranteed to
  finish in reasonable time.

4
Various Approaches to Formal Verification
5
Various Formal Verification Tools

• Theorem Provers
• PVS (SRI)
• Used for Space Shuttle Control, DoD and now at
  SMU!
• Isabelle/HOL (Cambridge, Munich)
• used for Floating Point Verification at Intel
• ACL2 (Texas)
• Used for Floating Point Verification at AMD
• Model Checkers
• SPIN (Bell Labs), Murphi (Stanford),
• SMV (Cadence / Carnegie-Mellon)

6
The Big Picture

• Why Formal Verification?
• Catch bugs early in design.
• Avoid detecting bugs too late
• Exhaustively explore all scenarios
• Cost Efficient
• Guaranteed to keep spec and model in sync.

7
Formal Verification of Hardware

• Motivation
• Hardware becoming more complex
• Currently formal verification of hardware is an
  exotic art.
• Urgent need to develop effective and easily
  extensible formal techniques for high performance
  hardware
• Formal Verification of high performance hardware
  is therefore the main focus of the team

8
Theorem Provers

• general purpose mathematical language and support
  for stating and proving theorems
• Hardware designs described by mathematical
  definitions
• correctness is established by phrasing and
  proving appropriate theorems.
• provide a wider range of reasoning techniques.
• obvious advantage over model checking as they can
  handle larger and more complex problems.

9
Why opt for PVS?
Proof Rewriting
Propositional Simplification
Versatile Higher Order Logic
Induction
Strategies
Mathematical and Logical Reasoning
10
The PVS sphere of influence
PVS Bitvector Library (NASA/SRI) Facilitate easy
representation and demonstrate the properties of
bit vectors. Fundamental step in hardware
verfication
Pipelined out of order processor. Formally
verified processor using Tomasulo scheduling
VAMP Project (Our colleagues at
Saarbrucken) Formally verified pipelined
microprocessor using formally verified basic
components
PVS
Pvs2hdl !! (Saarbrucken) Obtain verilog code from
specifications formally verified in PVS
11
But there are problems

• Getting over the learning curve
• PVS is a large and complex system and it takes
  a while to learn and use it effectively. You
  should be prepared to invest 6 months to become a
  moderately skilled user
• -- a quote on the SRI
  website
• Room for improvement because high school math
  not formalized and automatic.

12
The effort so far
Dec 02 July 03
Aug 03 Sep 03
Sep 03 Oct 03
Oct 03 Dec 03
Dec 03 - Current
Verification with PVS
Investigate Various Formal Verification Tools
Extract Proof Strategies from VAMP
Develop Redundant Arithmetic Library Adder/Mult
iplier
Commence Verification of Hi-Performance Adder
13
Formal Verification of High Performance Hardware
Designs

• High performance designs very complex
• Use of redundancy, concurrent paths.
• Very few people working in high performance
  design verification
• Fast design or Correct design? Do you want to
  choose?

14
High Performance FP Adder with fast rounding
algorithm
15
Present Status

• Work began on R path second cycle
• Verification of the state-of-the-art IEEE
  rounding algorithm for HO FP addition
• Done with writing the specification of the
  components of R-2C
• Done proving correctness of individual
  components.
• Yet to verify top level schematic for R-2C (focus
  for March/April 2004 FMCAD04)

16
Need for formal verification of redundant
representations

• In the design and verification of redundant
  representations, value of the representation is
  not everything.

Different Representations Of the same value
Same result
Operation On Binary Representation
Redundant Represention
Binary Compression (CPA Adder)
Binary representation
Conversion overhead
Operation on Redundant representation
Partial Compression
Same Result
17
Towards a Redundant Representation Library in PVS

• Fundamental step in the verification process of
  high speed designs
• High-Speed Multiplier Recoding,
• Leading zero prediction,
• Comparison of redundant numbers,
• Online arithmetic,
• etc
• A pioneering effort
• Library for Designs based on Carry-Save
  Borrow-Save Numbers