1 Title Page Implicit and Explicit Reachable State Space Exploration Of Esterel Logical Circuits Advisor :

Slides:



Advertisements
Similar presentations
Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Advertisements

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Software Testing Technique. Introduction Software Testing is the process of executing a program or system with the intent of finding errors. It involves.
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Hardware and Petri nets Symbolic methods for analysis and verification.
Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Courtesy RK Brayton (UCB) and A Kuehlmann (Cadence) 1 Logic Synthesis Sequential Synthesis.
ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
CS357 Lecture: BDD basics David Dill 1. 2 BDDs (Boolean/binary decision diagrams) BDDs are a very successful representation for Boolean functions. A BDD.
Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.
Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
Timed Automata.
1 Implicit and explicit exploration of the reachable state space of Esterel logical circuits December 12 th, 2002 Yannis BRES Advisor: Gérard BERRY PhD.
Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.
ECE Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.
Syntax-driven partitioning for model-checking of Esterel programs Eric Vecchié - INRIA Aoste.
SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.
Hybrid Approach to Model-Checking of Timed Automata DAT4 Project Proposal Supervisor: Alexandre David.
Nir Piterman Department of Computer Science TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAA Bypassing Complexity.
Syntax-driven partitioning for model-checking of Esterel programs Eric Vecchié - INRIA Tick.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
DATE-2002TED1 Taylor Expansion Diagrams: A Compact Canonical Representation for Symbolic Verification M. Ciesielski, P. Kalla, Z. Zeng B. Rouzeyre Electrical.
DARPA Scalable Simplification of Reversible Circuits Vivek Shende, Aditya Prasad, Igor Markov, and John Hayes The Univ. of Michigan, EECS.
Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space html://
Computation Engines: BDDs and SAT (part 2) 290N: The Unknown Component Problem Lecture 8.
A Compressed Breadth-First Search for Satisfiability DoRon B. Motter and Igor L. Markov University of Michigan, Ann Arbor.
Solving Boolean Satisfiability (SAT) Problem Using the Unate Recursive Paradigm Priyank Kalla, Maciej Ciesielski Dept. of Elec. & Comp. Engineering University.
Swerve: Semester in Review. Topics  Symbolic pointer analysis  Model checking –C programs –Abstract counterexamples  Symbolic simulation and execution.
ECE Synthesis & Verification - Lecture 10 1 ECE 697B (667) Spring 2006 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Binary.
ECE 667 Synthesis and Verification of Digital Systems
Fast Spectral Transforms and Logic Synthesis DoRon Motter August 2, 2001.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
Compiling ESTEREL circuits into finite states machines BRES Yannis Stage de DEA d’Informatique 1998/1999.
Institute for Applied Information Processing and Communications 1 Karin Greimel Semmering, Open Implication.
Binary Decision Diagrams (BDDs)
Model Checking Lecture 4 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Boolean Satisfiability and SAT Solvers
Section 10: Advanced Topics 1 M. Balakrishnan Dept. of Comp. Sci. & Engg. I.I.T. Delhi.
CS 267: Automated Verification Lecture 6: Binary Decision Diagrams Instructor: Tevfik Bultan.
Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View BDDs.
Efficient Synthesis of Feature Models Article Review By: Sigal Berkovitz & Yohai Vidergor.
Automated Reasoning Early AI explored how to automated several reasoning tasks – these were solved by what we might call weak problem solving methods as.
Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View BDDs.
Boolean Satisfiability Present and Future
- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -
1 Verification of FSM Equivalence Goal: Verify that two sequential circuit implementations always produce the same sequence of outputs given the same sequence.
Verification & Validation By: Amir Masoud Gharehbaghi
BDDs1 Binary Tree Representation The recursive Shannon expansion corresponds to a binary tree Example: Each path from the root to a leaf corresponds to.
To Split or to Conjoin: The Question in Image Computation 1 {mooni, University of Colorado at Boulder 2 Synopsys.
FPGA-Based System Design Copyright  2004 Prentice Hall PTR Topics n Modeling with hardware description languages (HDLs).
CMPSC 16 Problem Solving with Computers I Spring 2014 Instructor: Tevfik Bultan Lecture 4: Introduction to C: Control Flow.
Equivalence checking Prof Shobha Vasudevan ECE 598SV.
SPLST'20098/26/ Good to Know about the Efficiency of State Space Methods Mikko Tiusanen & Antti Valmari Tampere University of Technology Department.
Riyadh Philanthropic Society For Science Prince Sultan College For Woman Dept. of Computer & Information Sciences CS 251 Introduction to Computer Organization.
Binary Decision Diagrams Prof. Shobha Vasudevan ECE, UIUC ECE 462.
On the Relation Between Simulation-based and SAT-based Diagnosis CMPE 58Q Giray Kömürcü Boğaziçi University.
Advanced Computer Systems
Introduction to Formal Verification
Software Testing.
Topics Modeling with hardware description languages (HDLs).
Topics Modeling with hardware description languages (HDLs).
Arithmetic Constraints and Automata
Introduction to Formal Verification
Binary Decision Diagrams
Research Status of Equivalence Checking at Zhejiang University
Discrete Controller Synthesis
State Abstraction Techniques for the Verification of Reactive Circuits
Presentation transcript:

1 Title Page Implicit and Explicit Reachable State Space Exploration Of Esterel Logical Circuits Advisor : 10 th International Workshop on Synchronous Reactive Languages Agelonde, France November 26 th, 2002

2 Introduction Context of our work : Synchronous logical circuits (RTL) derived from high-level hierarchical designs written in SyncCharts, ECL or Esterel Computing the Reachable State Space (RSS) of a design is used for : Formal verification by observers Equivalence checking (somewhat a special case of formal verification) Exhaustive test sequence generation Explicit automaton generation … Several approaches to RSS computation : Implicit : using BDDs Explicit : state enumeration + recursive branchings on inputs Hybrid : state enumeration + BDDs representing input combinations

3 Binary Decision Diagrams (BDDs) A data structure for Boolean functions that usually provide : Very compact representations BDDs allow manipulating sets through their characteristic function Very efficient algorithms However, BDDs may blow up impredictibly on complex computations ! =, - : constant in time and space, : quadratic in time and space, substitutions : exponential in time and space

4 RSS Computation using BDDs Exponentially complex wrt. involved variables, in both memory and time : 1 BBD variable per input Input variables have to be existentially quantified 2 BDD variables per state variable (register) State variables have to be existentially quantified and substituted A usual technique to reduce state variables : Replacing state variables by free inputs (inputization) Less variables to substitute As many variables to existentially quantify Our approach : abstracting variables using a ternary-valued logic (0,1, ) Variables to be abstracted are replaced by the constant Less variables to substitute Less variables to existentially quantify Reduce state variables !

5 Over-approximation Inputization and variable abstraction relax constraints between variables Over-approximation, conservative wrt. reachable states Snow-ball effect Inputization keeps correlation between variable instances r r i i = 0r r i i = 1 Variable abstraction looses correlation between variable instances r r = Another source of over-approximation within ternary-valued RSS compu- tation algorithm : set widening In practice, if over-approximation gets too important, false negatives quickly appear and computation stops worth trying No false positive for formal verification, only false negative Three disjoint set (f 0,f 1,f ) two set partition (¬f 1,¬f 0 )

6 Our formal verifier : evcl Esterel Verification Command Line Built upon the TiGeR BDD package Features : Use of structural information (Selection Tree) to reduce over-approximation White-Box (embed. observers) / Black-Box (external obs.) Model Checking … Variable abstraction up to 23 times faster than inputization on a few experi- ments on industrial designs, although current implementation is rather crude Variable inputization/abstraction not applicable on any design Selection of variables to inputize/abstract not automatized at all (although easy to perform in a IDE providing a hierarchical view of the model to be verified) Variable inputization / abstraction

7 Explicit or hybrid implicit/explicit RSS computation A multi-purpose engine for the exploration of the RSS of Esterel circuits : States are analyzed one after another Known states are stored in a hashtable and identified by their state vector Two flavours : Pure explicit approach : Stabilization through recursive branchings on inputs States are analyzed through propagation of data until circuit stabilization, as electric current would do Hybrid implicit/explicit approach : Stabilization through BDD (referencing only inputs) propagation Engine used for several purposes : Automaton generation, formal verification, test sequence generation Support for (constructive) cyclic circuits is transparent Deeply tuned and optimized, many heuristics to avoid time/space explosion high performances

8 Automaton generation Application to automaton generation Automata can be exponential both in construction time and storage size All control flow is computed at compile-time Automata often provide the most efficient implementation : Only input/test dependant stuff remain to be evaluated at run-time Esterel v1, v2, v3 used automata as internal model representation Since v4, Esterel use circuits as internal model representation Automaton generation became less important v4 automaton generator became out-of-sync Worked only on acyclic circuits, poor performances, hard to maintain Lot of information on the design are directly available with automata Circuits are almost linear with code size However, automata are still interesting :

9 Automaton generation Application to automaton generation Enumerative approach almost required (to respect action causality) Implicit/explicit approach more expensive than pure explicit approach : How to generate automata ? Our automaton generator : By far much more efficient than the v4 one Bundled with the Esterel Compiler since v5_91 Too much BDD cofactoring required

10 Application to Formal Verification Application to formal verification For most designs, pure implicit approach is much more efficient However, pure implicit approach : Behaves impredictibly and may blow-up Cannot work on cyclic circuits Is very sensitive to redundant registers Enumerative approaches : Behave very regularly on most designs, although usually much slower Provide transparent support for cyclic circuits Dont care about redundant registers or design depth

11 Formal verification case studies Purely linear testbench (depth = 243, 243 states) Pure implicit approach : SAT (Prover) : Pure explicit approach : TI data bus (depth= 181, states, lot of redundant registers) Pure implicit approach : SAT (Prover) : Pure explicit approach : Hybrid implicit/explicit approach : 39mn, 8.5Mb still no answer at all after >3h, <40Mb 1.6s, insignificant memory 1.8s, insignificant memory blow-up at depth 9 in 17mn (2Gb) still no answer at all after many hours 2h 33mn, 104Mb 3h 09mn, 110Mb

12 Application to exhaustive test sequence generation The Finite State Machine model allows the generation of exhaustive test sequences… on designs of small to average size Several coverage goals : State coverage Output coverage (pathes leading to output emission) Transition coverage … A test generation tool based on a pure implicit approach, providing these coverage goals, has been develop-ped at Esterel Technologies Transition coverage cannot be performed Only connected state pair coverage, at the expense of twice more state variables involved in image computations Enumerative approaches can provide any kind of coverage without signifi- cant overhead Comparison on state coverage : Enumerative approach always more efficient, up to 86 times faster

13 Conclusion A formal verification tool based on implicit methods, allowing variable abs- traction and many other features A multi-purpose explicit or hybrid implicit/explicit RSS exploration engine : Explicit automaton generation Exhaustive test sequence generation Formal verification

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.