Hardware Model Checking: Status, Challenges, and Opportunities

Muralidhar Talupur
Strategic CAD Labs, Intel
murali.talupur@intel.com

It’s been nearly 30 years since Model Checking was first proposed as a method to validate hardware designs. Since then there has been considerable progress in this area and an active research community has grown around it. While areas like Software Model Checking and Hybrid Systems Model Checking are thriving, it seems there hasn’t been much progress or activity in the area of Hardware Model Checking (HMC) itself lately. If we examine the proceedings of conferences like CAV, TACAS, or even FMCAD the number of submissions dealing with hardware model checking has gone down drastically compared to 10-15 yrs ago. But verification of hardware designs continues to be a pressing problem – if anything it is only getting exacerbated with the continuing push towards larger designs and shorter turn-around times. This panel will examine the current status of HMC, what further challenges and opportunities exist going forward and what can be done to give a fresh impetus to the area. The panel will broadly have three sections 1) Taking stock of the area, 2) Challenges to wider industrial adoption, and 3) How to renew interest in HMC? Each section will have multiple talking points (as described below) which will serve as guides for the panelists in taking their positions.

A. Taking stock of the area

Recent advances in HMC seem to have come from “engineering” mostly (ignoring the newly proposed IC3 algorithm which is an exception to the general trend). In this section the panelists’s will give their view of the current status of research in HMC.

1) Talking points:
   - The problem is fundamentally hard and the pace of recent activity indicates we have reached a plateau.
   - There has been significant advance in the last five years that has impacted practitioners.
   - The current status of HMC is satisfactory.

B. Challenges to industrial adoption

The ultimate success of an applied field like HMC should be measured by its impact on the ground, which means adoption by the hardware industry. While there has been some adoption and Model Checking gets mentioned as a respectable validation option, simulation continues to be the main work horse for validation. This section will examine the various factors that might be preventing wider adoption of Model Checking and what can be done to alleviate them.

1) Talking points:
   - The capacity of model checkers is still far short of what is required. Or perhaps capacity is not the bottleneck.
   - Writing specifications and input constraints are the major barriers for adoption of model checking.
   - Model Checking will always be a specialist activity.
   - All or nothing nature of Model Checking preventing adoption.
   - Model checking will replace simulation in the near future, say, for 50 percent of the units in the next 5 years.
   - What problem should a starting researcher consider?

C. How to renew interest in HMC?

This section will consider what the causes are for the reduced research in this area of late. Given that hardware validation continues to be a pressing problem and will continue to be so in this era of SoCs and multi-cores, how do we renew the interest in this area? Are there other problems we should be looking at?

1) Talking points:
   - Industry is not interested in funding research in this area anymore because of poor ROI.
   - Lack of open source RTL infra-structure making entry barrier too high.
   - There are low hanging fruits in the form of related problems like Clock Domain Crossing.

D. Panelists

The panelists are academic and industrial experts on Model Checking with several decades of combined experience. Pranav Ashar led NEC Lab’s Formal Methods team for fourteen years before embarking on a startup career. He is currently the CTO of RealIntent. Jason Baumgartner has fourteen years of experience in the research, development and application of Model Checkers and Equivalence Checkers for large-scale industrial designs, culminating in the SixthSense project at IBM. Robert Brayton and his group at UC Berkeley have built the ABC verification and synthesis engine that has consistently placed among the top Hardware Model Checkers. Erik Seligman is an FV expert at Intel with a wide experience applying Model Checking and other Formal Methods to industrial designs.