State Abstraction Techniques for the Verification of Reactive Circuits

Slides:



Advertisements
Similar presentations
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Advertisements

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
1 Title Page Implicit and Explicit Reachable State Space Exploration Of Esterel Logical Circuits Advisor :
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.
Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Budapest University of Technology and EconomicsDagstuhl 2004 Department of Measurement and Information Systems 1 Towards Automated Formal Verification.
ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Timed Automata.
1 Implicit and explicit exploration of the reachable state space of Esterel logical circuits December 12 th, 2002 Yannis BRES Advisor: Gérard BERRY PhD.
SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.
Syntax-driven partitioning for model-checking of Esterel programs Eric Vecchié - INRIA Tick.
Department of Electrical and Computer Engineering M.A. Basith, T. Ahmad, A. Rossi *, M. Ciesielski ECE Dept. Univ. Massachusetts, Amherst * Univ. Bretagne.
Timing-Based Communication Refinement for CFSMs Presenters:Heloise Hse, Irene Po Mentors:Jonathan Martin, Marco Sgroi Professor:Alberto Sangiovanni-Vincentelli.
Discrete-Event Simulation: A First Course Steve Park and Larry Leemis College of William and Mary.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.
ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
ECE Synthesis & Verification - L211 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Verification Equivalence checking.
1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.
5/6/2004J.-H. R. Jiang1 Functional Dependency for Verification Reduction & Logic Minimization EE290N, Spring 2004.
01/27/2005 Combinationality of cyclic definitions EECS 290A – Spring 2005 UC Berkeley.
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification
ECE 301 – Digital Electronics Introduction to Sequential Logic Circuits (aka. Finite State Machines) and FSM Analysis (Lecture #17)
ECE 331 – Digital Systems Design Introduction to Sequential Logic Circuits (aka. Finite State Machines) and FSM Analysis (Lecture #19)
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Introduction to Software Testing Chapter 9.4 Model-Based Grammars Paul Ammann & Jeff Offutt
Using Mathematica for modeling, simulation and property checking of hardware systems Ghiath AL SAMMANE VDS group : Verification & Modeling of Digital systems.
Automatic Abstraction Refinement for GSTE Yan Chen, Yujing He, and Fei Xie Portland State University Jin Yang Intel Nov 13, 2007.
Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.
Section 10: Advanced Topics 1 M. Balakrishnan Dept. of Comp. Sci. & Engg. I.I.T. Delhi.
1 Hybrid-Formal Coverage Convergence Dan Benua Synopsys Verification Group January 18, 2010.
Major objective of this course is: Design and analysis of modern algorithms Different variants Accuracy Efficiency Comparing efficiencies Motivation thinking.
Submodule construction in logics 1 Gregor v. Bochmann, University of Ottawa Using First-Order Logic to Reason about Submodule Construction Gregor v. Bochmann.
Computer Organization & Programming Chapter 5 Synchronous Components.
- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -
Verification & Validation By: Amir Masoud Gharehbaghi
UniTesK Test Suite Architecture Igor Bourdonov Alexander Kossatchev Victor Kuliamin Alexander Petrenko.
Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL
R-Verify: Deep Checking of Embedded Code James Ezick † Donald Nguyen † Richard Lethin † Rick Pancoast* (†) Reservoir Labs (*) Lockheed Martin The Eleventh.
Equivalence checking Prof Shobha Vasudevan ECE 598SV.
Advanced Algorithms Analysis and Design
Basic concepts of Model Checking
Advanced Computer Systems
Digital Logic.
Introduction to Formal Verification
Sequential Networks and Finite State Machines
Hybrid BDD and All-SAT Method for Model Checking
IIT Kharagpur & Kingston Uni
Hardware Verification
The Analysis of Cyclic Circuits with Boolean Satisfiability
Introduction Introduction to VHDL Entities Signals Data & Scalar Types
B (The language of B-Method )
IP – Based Design Methodology
Arithmetic Constraints and Automata
Introduction to Formal Verification
Objective of This Course
ECE 553: TESTING AND TESTABLE DESIGN OF DIGITAL SYSTES
Lecture 17 Logistics Last lecture Today HW5 due on Wednesday
Discrete Controller Synthesis
Alan Mishchenko UC Berkeley
Lecture 17 Logistics Last lecture Today HW5 due on Wednesday
Alan Mishchenko UC Berkeley
Dichotomies in CSP Karl Lieberherr inspired by the paper:
Announcements Assignment 7 due now or tommorrow Assignment 8 posted
From Use Cases to Implementation
Presentation transcript:

State Abstraction Techniques for the Verification of Reactive Circuits Title Page State Abstraction Techniques for the Verification of Reactive Circuits Designing Correct Circuits, European Joint Conference on Theory and Practice of Software, Grenoble, France  april 6-7 2002 Yannis Bres, CMA-EMP / INRIA Gérard Berry, Esterel Technologies Amar Bouali, Esterel Technologies Ellen M. Sentovich, Cadence Berkeley Labs

Outline Introduction Context of our work Finite State Machines (FSMs) Reachable State Space (RSS) computation principle and algorithm Computing Over-approximated Reachable State Space (ORSS) State variable inputization Variable abstraction using ternary-valued logic Refinement using the Esterel Selection Tree Experiment results Conclusions

Reachable State Space Uses Computing the Reachable State Space of a design is used for: Formal verification by observers Equivalence checking Automated test pattern generation State minimization State re-encoding …

Exact RSS computation is expensive Exponentially complex wrt. intermediate variables, in both memory and time: 1 variable per input 2 variables per state variable Several (orthogonal) techniques to reduce complexity: Application-specific partial RSS computation (transitive network sweeping) BDD pruning Decomposed FSM RSS computation Turning state variables into inputs … Our approach : abstracting variables through ternary-valued logic

Context of our work Context of our work Synchronous logical circuits (RTL level) derived from high-level hierarchical programs written in SyncCharts, ECL or Esterel Well-suited for control-dominated programs, both for hardware and software targets Implicit state set representation using BDDs (TiGeR package) Application to safety property verification (synchronous observers) Implemented as a command-line tool

FSMs A Finite State Machine (FSM) is described by the tuple , where is the number of inputs is the number of state variables (registers) is the number of outputs is the transition function is the output function describes the set of initial states describes the valid input space

RSS computation principle Find the limit of the converging sequence: Where becomes: Eventually, the equality becomes:

Basic RSS computation algorithm

Complexity analysis With BDDs: : constant , : polynomial , substitutions: exponential … with respect to the number of intermediate variables  Goal: reducing the number of intermediate variables ! Constraint: be “conservative”, i.e. compute an over-approximation of the RSS Thus, if property holds on the “cheap” ORSS, it holds on the exact RSS

State variable inputization Reduces the number of register variables 2 variables per register  1 variable per inputized register Reduces the number of functions Increases the swept area Maintains correlation between instances of a variable i  i = 0 i  i = 1 Same number of a posteriori existential quantifications Over-approximated result because constraints between variables are relaxed “Snow-ball” effect

Ternary-valued logic Ternary-valued logic Usual Boolean logic with a third value: d or (i.e. , X, …) Parallel extension of Boolean operators:  1 d  1 d  1 d Dual-rail encoding of constants: v v0 v1 1 d

Ternary-valued logic Ternary-valued logic Ternary Valued Functions (TVFs) are encoded using a pair of Boolean functions ( f 0 , f 1 ) f 0 f 1 f d Standard Boolean operators are extended to TVFs: ( f 0 , f 1 ) = ( f 1 , f 0 ) ( f 0 , f 1 )  ( g0 , g1 ) = ( f 0  g0, f 1  g1 ) ( f 0 , f 1 )  ( g0 , g1 ) = ( f 0  g0, f 1  g1 )

Application to RSS computation The Boolean transition function is enlarged as: f 0  f 1  f  f f d

Variable abstraction Variable abstraction Abstracted variables are replaced by the constant d Reduces the number of state variables 2 variables per register  0 variable per abstracted register Reduces the number of input variables 1 variable per input  0 variable per abstracted input Even fewer a posteriori existential quantifications Reduces the number of functions Increases the swept area Loses correlation between instances of a variable d  d = d d  d = d Even more over-approximated result “Snow-ball” effect Variables to be abstracted must be chosen with great care!

Refinement Using the Esterel Selection Tree [ await I1 ; do something ; await I2 ; do something || await I3 ; do something ] ; await I4 ; do something 1 # 2  3 # 4 Gives an overapproximation ceiling Allows to reinforce input care set for inputized registers

Experiment results #1 Experiment results #1 Industrial design: fuel management system of a jet aircraft from Dassault Aviation  ensures that the engines are properly fed  manages system components failures  manages the fuel load balancing between the two sides of the aircraft  manages in-flight refueling  …

Experiment results #1 property method result depth time memory 4 exact correct 5 >10mn 79Mb inputization 3 3.8s / 150 6Mb / 13 abstraction 1.5s / 400 6 7 >2mn 21Mb 0.6s / 200 5Mb / 4 0.3s Inputization gives excellent results on all properties Abstraction gives even better ones !

Experiment results #2 Undisclosed industrial design property method depth time memory all exact correct 14 1h 11 475Mb 1 13 28mn 203Mb inputization 9 20s / 85 9Mb / 22 abstraction 7 7s / 250 10Mb / 20 2 30mn 238Mb 10 1mn 30s 21Mb / 11 + sel tree 4 4s / 460 7Mb / 34 8 17mn / 2 378Mb * 1.5 47s / 40 51Mb / 5

Experiment results #2 property method result depth time memory 3_1 exact correct 13 30mn 203Mb inputization 10 7s / 262 7Mb / 29 + sel tree 4s / 460 abstraction 8 39s / 47 34Mb / 6 23s / 80 23Mb / 9 3_2 33mn 206Mb 25s 11Mb / 19 11s / 180 8Mb / 26 false 2 0.5s 16Mb / 13 Abstraction gives very good on most properties, but inputization often gives better ones !

Conclusions Conclusions A method to ease Reachable State Space computation, by computing an over-approximation of it, through variable abstraction, using a ternary-valued logic. Requires some abstraction hints from the designer, easy in a graphical IDE for hierarchical designs. Refinements and over-approximation ceiling from design structural informations Quite good results on a few experiments on industrial designs, although current implementation is rather crude  Abstraction figures vs. inputization ones can be improved

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.