Formal Verification in Hardware/SoC: Formalism, Floyd's Method, Hoare Logic - Prof. Shobha, Study notes of Electrical and Electronics Engineering

The importance of formal verification in hardware/soc design, introducing floyd's method and hoare logic. It also covers the limitations of these methods and the use of owicki-gries logic and temporal logic for concurrent and reactive systems.

Typology: Study notes

Pre 2010

Uploaded on 03/10/2009

koofers-user-wkt
koofers-user-wkt 🇺🇸

10 documents

1 / 2

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ECE 598 SV
Formal Hardware/SoC Verification
Lecture 2
Why ‘formal’ verification?
Introducing formalism into the design is very useful. It can be used to checks rare case
not necessarily encountered in simulation. It also provides a methodological approach for
design (documenting assumptions,etc)
Floyd’s method
1) Label control points with invariant assertions.
Proof: All assertions preserved by program transitions
2) Formal semantics through assertions.
Hoare Logic
This enhances Floyd’s method by introducing a termination condition.
Hoare Triple:
{P} S {Q}
If P (precondition) holds and S terminates, then Q (post condition) holds.
Axiom for assignment:
x
f
{P } x=f {P}
Example: {y0} x=y {x0}
Compositional Rules
Sequential composition of S1 and S2 (both have to be terminating) is,
{P1} S1 {P2} S2 {P3}
For concurrent programs, sequential composition is not sufficient. Also Hoare Logic is
insufficient to apply for non-terminating systems (eg: reactive systems like hardware).
Concurrent Programs
Uses shared resources (eg. cache protocol)
pf2

Partial preview of the text

Download Formal Verification in Hardware/SoC: Formalism, Floyd's Method, Hoare Logic - Prof. Shobha and more Study notes Electrical and Electronics Engineering in PDF only on Docsity!

ECE 598 SV

Formal Hardware/SoC Verification

Lecture 2

Why ‘formal’ verification?

Introducing formalism into the design is very useful. It can be used to checks rare case not necessarily encountered in simulation. It also provides a methodological approach for design (documenting assumptions,etc)

Floyd’s method

  1. Label control points with invariant assertions. Proof: All assertions preserved by program transitions

  2. Formal semantics through assertions.

Hoare Logic

This enhances Floyd’s method by introducing a termination condition.

Hoare Triple:

{P} S {Q} If P (precondition) holds and S terminates, then Q (post condition) holds.

Axiom for assignment:

x

{Pf } x=f {P}

Example: {y0} x=y {x0}

Compositional Rules

Sequential composition of S1 and S2 (both have to be terminating) is,

{P1} S1 {P2} S2 {P3}

For concurrent programs, sequential composition is not sufficient. Also Hoare Logic is insufficient to apply for non-terminating systems (eg: reactive systems like hardware).

Concurrent Programs

Uses shared resources (eg. cache protocol)

Owicki-Gries Logic:

  • Data shared only through resources with resource r(x): cobegin S1|| S2 || …. ||Sn coend
  • Critical section with r when Sj do Si
  • Resource Invariant I(r) {P} S {Q} If P is true initially then
    • finally (if S terminates) Q
    • I(r) preserved while S in critical section

No notion of time has been used so far. Eg: Q will eventually hold (not necessarily in critical sections)

We do not resort to FOL for this expressive power, because of the undecidability of FOL.

Eg: ∀ t0:input(x,t) ⇒ ∃ t't : output(y,t')

t can be 25 digits. To verify the above property, we need to count all these cases.

We can use Temporal Logic, which is an intermediate between propositional logic and FOL.

Temporal Logic works very well with hardware, since the latter is reactive, concurrent and finite (states).