Veri cation of regular architectures using Alpha : a case

We present a formal method for the veriication of regular VLSI architectures. In our method, the behavioral speciication of the chip and its implementation are rst expressed in Alpha, a language for the design of regular synchronous architectures. The behavioral spec-iication is reened down to an abstract architecture description, while the implementation is simpliied by induction techniques up to the same abstract architecture level. Veriication is then done by matching both descriptions. This method has been successfully applied to check the correctness of a 300.000 transistor VLSI systolic chip named Api69 for sequence comparison. Traditionally, hardware systems have been validated by means of simulation. This method is limited, as it is diicult to achieve 100% fault coverage. This is the reason why formal veriication is being considered more and more oftenn5]. The main limitation of veriication techniques is their complexity: complex examples are beyond the capabilities of automatic veriication systems. However, as pointed out by several authors, few veriication techniques exploit the inherent regular nature of hardware. For parametrized descriptions, modular proofs ((7]) or inductive proofs (Boyer-Moore) seem to be the most promising solutions. Among attemps to handle the veriication of regular hardware, the correctness of systolic circuits has been considered by several authors (see 8, 14] among others). In the present paper, we present a proof methodology to check the correctness of systolic or more generally regular circuits. The proof process is a combination of top-down synhesis and bottom-up abstraction until a common middle-point is reached, as proposed in 4] The formal representation of both the speciication and the implementation of a circuit is given in Alpha, a functional language used for the synthesis of regular architecturess13]. The veriication proceeds by doing program transformations based on the semantics of Alpha 12, 2, 1]. This provides a semi-automatic proof process, in the sense that the designer has to select transformations whose application is automatic. The proof methodology deals directly with parametrized circuits. The content of this paper is based on a case study. The methodology is applied to an existing 300.000 transistor systolic circuit named Api6911]. The speciication of the chip 1