Manish Pandey

Verification of memory arrays is an important part of processor verification. Memory arrays include circuits such as on-chip caches, cache tags, register files, and branch prediction buffers having memory cores embedded within complex logic. These circuits are typically custom designed at the transistor-level to optimize area and performance. This makes it necessary to verify them at the transistor-level. Conventional array verification approaches are based on switch-level simulation. Such approaches do not work for arrays as it is infeasible to simulate the astronomical number of simulation patterns that are required to verify these designs. Therefore, formal methods are required to ensure the correctness of memory arrays. This paper describes the formal verification technique of Symbolic Trajectory Evaluation (STE), and its application to verify memory arrays. The paper describes techniques to overcome the limitations of STE in verifying large complex memory arrays. It shows how exploiting symmetry allows one to verify systems several orders of magnitude larger than otherwise possible. The results of verifying SRAM arrays, including a 256 Kbit circuit having over 1.5 million transistors, are presented. The paper also shows how judicious Boolean encodings can be used with STE to efficiently verify CAMs

Symbolic simulation is an effective approach for verifying individual array blocks. This paper presents two methods to enhance the capacity of symbolic simulation for handling large and complex embedded array systems. The first method combines an ATPG decision procedure with symbolic simulation. By developing a scheme that enables the ATPG to work effectively with a symbolic simulator, the run-time OBDD sizes can be limited. In the second method, we propose a “dual-rail” symbolic simulator where a given design is partitioned implicitly into control and datapath domains. Symbolic simulation is carried out simultaneously on both domains. We demonstrate and compare the effectiveness of both methods based on verification of the Memory Management Unit (MMU) in Motorola high-performance microprocessors.

In the past, symbolic trajectory evaluation (STE) was shown to be effective for verifying individual array blocks. However, when applying STE to verify multiple array blocks together as a single system, the run-time OBDD sizes would often blow up. In this paper, we propose using a "dual-rail" symbolic simulation scheme to facilitate the application of STE proof methodology for verifying array systems. The proposed scheme implicitly partitions a given design into control domain and datapath domain, and symbolic simulation is carried out on both domains. With this scheme, the run-time OBDD sizes during the symbolic simulation for each domain can be limited. We demonstrate the effectiveness of our approach by verifying the memory management unit (MMU) in Motorola high-performance microprocessors. The verification of MMU as a whole was not possible before because of the OBDD size blow-up problem when an ordinary symbolic simulator was used in the STE proof process.

In this paper we describe the use of symmetry for verification of transistor-level circuits by symbolic trajectory evaluation. We show that exploiting symmetry can allow one to verify systems several orders of magnitude larger than otherwise possible. We classify symmetries in circuits as structural symmetries, arising from similarities in circuit structure, data symmetries, arising from similarities in the handling of data values, and mixed structural-data symmetries. We use graph isomorphism testing and symbolic simulation to verify the symmetries in the original circuit. Using conservative approximations, we partition a circuit to expose the symmetries in its components, and construct reduced system models which can be verified efficiently. We have verified Static Random Access Memory circuits with up to 1.5 Million transistors.

Verifying memory arrays such as on-chip caches and register files is a difficult part of designing a microprocessor. Current tools cannot verify the equivalence of the arrays to their behavioral or RTL models, nor their correct functioning at the transistor level. It is infeasible to run the number of simulation cycles required, and most formal verification tools break down due to the enormous number of state-holding elements in the arrays. The formal method of symbolic trajectory evaluation (STE) appears to offer a solution, however, STE verifies that a circuit satisfies a formula in a carefully restricted temporal logic. For arrays, it requires only a number of variables approximately logarithmic in the number of memory locations. The circuit is modeled at the switch level, so the verification is done on the actual design. We have used STE to verify two arrays from PowerPC microprocessors: a register file, and a data cache tag unit. The tag unit contains over 12,000 latches. We believe it is the largest circuit to have been formally verified, without abstracting away significant detail, in the industry. We also describe an automated technique for identifying state-holding elements in the arrays, a technique which should greatly assist the widespread application of STE

... 1. Introduction In this paper we will discuss the functional verification methodology used for verifying the arrays in PowerPC1 microprocessors. ... The current methodology for functionalverification of arrays on the PowerPC family of microprocessors is three-fold. ...

In this paper we describe the use of symmetry for verification of transistor-level circuits by symbolic trajectory evaluation. We show that exploiting symmetry can allow one to verify systems several orders of magnitude larger than otherwise possible. We classify symmetries in circuits as structural symmetries, arising from similarities in circuit structure, data symmetries, arising from similarities in the handling of data values, and mixed structural-data symmetries. We use graph isomorphism testing and symbolic simulation to verify the symmetries in the original circuit. Using conservative approximations, we partition a circuit to expose the symmetries in its components, and construct reduced system models which can be verified efficiently. We have verified Static Random Access Memory circuits with up to 1.5 Million transistors.