Modeling and Automatic Formal Verification of the Fairisle ATM Switch Fabric using MDGs

In this paper we present several techniques for modeling and formal verification of the Fairisle Asynchronous Transfer Mode (ATM) switch fabric using Multiway Decision Graphs (MDGs). MDGs represent a new class of decision graphs which subsumes ROBDDs while accommodating abstract sorts and uninterpreted function symbols. The ATM device we investigated is in use for real applications in the Cambridge University Fairisle network. We modeled and verified the switch fabric at three levels of abstraction: behavior, RT and gate levels. In a first stage, we validated the high-level specification by checking specific safety properties that reflect the behavior of the fabric in its real operating environment. Using the intermediate abstract RTL model, we hierarchically completed the verification of the original gate-level implementation of the switch fabric against the behavioral specification given as an abstract state machine (ASM). Since MDGs avoid model explosion induced by data values, this work demonstrates the effectiveness of MDG-based verification as an extension of ROBDD-based approaches. All the verifications were carried out fully automatically in a reasonable amount of CPU time.