Using formal verification/analysis methods on the critical path in system design: A case study

  • Ásgeir Th. Eiríksson
  • Ken L. McMillan
Session 11: Invited Talk
Part of the Lecture Notes in Computer Science book series (LNCS, volume 939)


We present a case study of the use of formal verification methods in a computer system design project. The SMV model checker was integrated into the project design flow, and used to verify a specification of a cache coherency protocol for a directory based, distributed shared memory, machine. Both the processor and I/O portions of the protocol specification were verified, within the strict time schedule of the overall project.

We consider the following to be the main benefits to using the SMV model checker: it allows the verification of the interaction of the processors and I/O, early in the design phase; and most importantly it uncovered several protocol specification problems. One problem it uncovered, would never have been found in simulation, and because of its subtle symptoms, loss of coherency, might not have been found on the test floor.


Model Check Safety Property Formal Verification Cache Line Read Request 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [Adv93]
    S. V. Adve, “Designing Memory Consistency Models For Shared-Memory Multiprocessors”, Ph.D. Thesis, U of Wisconsin-Madison, 1993.Google Scholar
  2. [Bry86]
    R. E. Bryant, “Graph Based Algorithms for Boolean Function Manipulation”, IEEE Trans. on Comp., C-35, pp. 677–681, 1986.Google Scholar
  3. [Bry91]
    R. E. Bryant, D. L. Beatty, and C. J. Seger, “Formal Hardware Verification by Symbolic Ternary Trajectory Evaluation”, Proc. 28th ACM/IEEE Design Automation Conf., 1991Google Scholar
  4. [Cla93]
    E. M. Clarke, O. Grumberg, H. Hirashi, S. Jha, D.E. Long, K.L. McMillan, and L. A. Ness, “Verification of the Futurebus+ cache coherence protocol”, Proc. 11th Intl. Symp. on Computer. Hardware Description. Lang. and their Application, 1993Google Scholar
  5. [Col92]
    W. W. Collier, “Reasoning about Parallel Architectures”, Prentice-Hall, Englewood Cliffs, New Jersey, 1992Google Scholar
  6. [Gal92]
    M. Galles, E. Williams, “Performance Optimization, Implementation, and Verification of the SGI Challenge Multiprocessor”, Hot Chips Symposium, Stanford, 1993.Google Scholar
  7. [Gha90]
    K. Gharachorloo, D. Lenoski, J.Laudon, P. Gibbons, A. Gupta, and J. Hennessy, “Memory Consistency and Event Ordering in Scalable Shared-Memory Multiprocessors”, Proc. 17th Ann Int'l Symp. on Computer Architecture, ACM, pp. 15–26, 1990.Google Scholar
  8. [Gha93]
    K. Gharachorloo, S. V. Adve, A. Gupta, J. L. Hennessey, and M. D. Hill, “Specifying System Requirements for Memory Consistency Models”, University of Wisconsin-Madison Comp. Sci. Tech: Report #1199.Google Scholar
  9. [Gor88]
    M. J. C. Gordon (ed), “HOL: A Proof-Generating System for Higher-Order Logic”, Kluwer SECS 35, pp. 73–128, 1988.Google Scholar
  10. [Gup92]
    A. Gupta, “Formal Hardware Verification Methods: A Survey”, Formal Methods in System Design”, Vol. 1, 2/3, pp. 5–92, Oct. 1992.Google Scholar
  11. [Hei94]
    Joe Heinrich, “MIPS R10000 Microprocessor User's Manual”, MIPS Technologies, Inc., 2011 N. Shoreline, Mountain View, CA, 1994Google Scholar
  12. [Kur94]
    R. P. Kurshan, “Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach”, Princeton University Press, 1994Google Scholar
  13. [Len92]
    D. Lenoski, J. Laudon, K. Gharachorloo, W.-D Weber, A. Gupta, J. Hennessy, M. Horowitz, M. Lam, “The Stanford Dash Multiprocessor”, IEEE Computer, vol. 25, pp. 63–79, March 1992.Google Scholar
  14. [Lon93]
    D. E. Long, “Model Checking, Abstraction and Compositional Verification”, Ph.D. Thesis, CMU 1993Google Scholar
  15. [McM91]
    K. L. McMillan, J. Schwalbe, “Formal Verification of the Encore Gigamax cache consistency protocol.”, Int. Symposium on Shared Memory Multiprocessors, 1991.Google Scholar
  16. [McM93]
    K. L. McMillan, “Symbolic Model Checking”, Kluwer Academic Publishers, 1993Google Scholar
  17. [Seg93]
    C. J. Seger, R. E. Bryant, “Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories”, Tech. Report 93-8, Dept. of Computer Science, University of British Columbia, Aug. 1993.Google Scholar
  18. [Tan95]
    A. S. Tanenbaum, “Distributed Operating Systems”, Prentice-Hall, 1995Google Scholar
  19. [Yoe90]
    M. Yoeli, “Formal Verification of Hardware Design”, IEEE Computer Society Press, Los Alamitos, CA 1990.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Ásgeir Th. Eiríksson
    • 1
  • Ken L. McMillan
    • 2
  1. 1.Silicon Graphics Inc.Mountain View
  2. 2.Cadence Berkeley LabsBerkeley

Personalised recommendations