Design and verification of the rollback chip using HOP: a case study of formal methods applied to hardware design

The use of formal methods in hardware design improves the quality of designs in many ways: it promotes better understanding of the design; it permits systematic design refinement through the discovery of invariants; and it allows design verification (informal or formal). In this paper we illustrate the use of formal methods in the design of a custom hardware system called the 'Rollback Chip' (RBC), conducted using a simple hardware design specification language called 'HOP'. An informal description of the requirements of the RBC is first given, followed by a behavioral description of RBC stating its desired behavior. The behavioral description is refined into progressively more efficient designs, terminating in a structural description. Key refinement steps are based on system invariants that are discovered during the design, and proved correct during design verification. The first step in design verification is to apply a program called PARCOMP to derive a behavioral description from the structural description of the RBC. The derived behavior is then compared against the desired behavior using equational verification techniques. This work demonstrates that formal methods can be fruitfully applied to a non-trivial hardware design. It also illustrates the particular advantages of our approach based on HOP and PARCOMP. Last, but not the least, it formally verifies the RBC mechanism itself.