Verifikation reaktiver Systeme - Universität Kaiserslautern
Verifikation reaktiver Systeme - Universität Kaiserslautern
Verifikation reaktiver Systeme - Universität Kaiserslautern
Erfolgreiche ePaper selbst erstellen
Machen Sie aus Ihren PDF Publikationen ein blätterbares Flipbook mit unserer einzigartigen Google optimierten e-Paper Software.
218<br />
Using Theorem Proving<br />
to Verify Arithmetic Hardware<br />
Jens Brandt<br />
Fachbereich Informatik<br />
Technische Universität <strong>Kaiserslautern</strong><br />
brandt@informatik.uni-kl.de<br />
Abstract. Computer systems are becoming more and more complex,<br />
and the task of making sure that they work correctly is getting increasingly<br />
difficult. In the past, solely simulation was used to expose bugs.<br />
Today’s hardware development processes usually include formal verification<br />
to complement testing. But some problems are too complex for<br />
traditional formal techniques in hardware verification – equivalence and<br />
model checking – especially those with large regular structures found in<br />
arithmetic circuits. Theorem provers are an alternative to reason about<br />
arithmetic components by exploiting structure and hierarchy. After an<br />
introduction to the HOL therom proving environment, some examples<br />
are presented that illustrate the advantages of this method.<br />
1 Introduction<br />
As computer systems are becoming more and more complex, the task of making<br />
sure that they work correctly is getting increasingly difficult. Besides that, the<br />
consequences of failure are becoming more serious, too. Meanwhile, computer<br />
systems are used in many safety-critical areas where errors cannot be tolerated.<br />
Even in non safety-critical areas, e.g. the home user PC, hardware errors can<br />
cause an expensive recall process: Intel lost approximately 450 million dollars<br />
ten years ago in 1994 due to the well-known Pentium bug (causing potentially<br />
wrong results of floating-point division).<br />
In the past, solely simulation and testing were used to expose bugs. Today’s<br />
hardware development processes usually includes formal verification to complement<br />
testing. Various methods have been researched and applied in industry,<br />
including equivalence checking, model checking and theorem proving. Equivalence<br />
and model checking have already proven to be adequate for automatically<br />
verifying a variety of large-style industrial designs. But, for equivalence or model<br />
checking, some problems are too complex, especially those related to arithmetic<br />
circuits. The methods can hardly exploit the regular structures of most arithmetic<br />
components. Even worse, BDD representations of some components like<br />
multipliers have got an exponential size, making it (almost) impossible to verify<br />
real-world problems. Theorem provers can be used in these cases, because they<br />
(or their users) are aware of the structure and hierarchy, making it possible to<br />
decompose the proof obligations. Moreover, correctness proofs may depend on