Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Title Page Implicit and Explicit Reachable State Space Exploration Of Esterel Logical Circuits Advisor :

Published byDaryl Malsom Modified over 10 years ago

Similar presentations

Presentation on theme: "1 Title Page Implicit and Explicit Reachable State Space Exploration Of Esterel Logical Circuits Advisor :"— Presentation transcript:

1 1 Title Page Implicit and Explicit Reachable State Space Exploration Of Esterel Logical Circuits Yannis.BRES@sophia.inria.fr Advisor : Gerard.Berry@esterel-technologies.com 10 th International Workshop on Synchronous Reactive Languages Agelonde, France November 26 th, 2002

2 2 Introduction Context of our work : Synchronous logical circuits (RTL) derived from high-level hierarchical designs written in SyncCharts, ECL or Esterel Computing the Reachable State Space (RSS) of a design is used for : Formal verification by observers Equivalence checking (somewhat a special case of formal verification) Exhaustive test sequence generation Explicit automaton generation … Several approaches to RSS computation : Implicit : using BDDs Explicit : state enumeration + recursive branchings on inputs Hybrid : state enumeration + BDDs representing input combinations

3 3 Binary Decision Diagrams (BDDs) A data structure for Boolean functions that usually provide : Very compact representations BDDs allow manipulating sets through their characteristic function Very efficient algorithms However, BDDs may blow up impredictibly on complex computations ! =, - : constant in time and space, : quadratic in time and space, substitutions : exponential in time and space

4 4 RSS Computation using BDDs Exponentially complex wrt. involved variables, in both memory and time : 1 BBD variable per input Input variables have to be existentially quantified 2 BDD variables per state variable (register) State variables have to be existentially quantified and substituted A usual technique to reduce state variables : Replacing state variables by free inputs (inputization) Less variables to substitute As many variables to existentially quantify Our approach : abstracting variables using a ternary-valued logic (0,1, ) Variables to be abstracted are replaced by the constant Less variables to substitute Less variables to existentially quantify Reduce state variables !

5 5 Over-approximation Inputization and variable abstraction relax constraints between variables Over-approximation, conservative wrt. reachable states Snow-ball effect Inputization keeps correlation between variable instances r r i i = 0r r i i = 1 Variable abstraction looses correlation between variable instances r r = Another source of over-approximation within ternary-valued RSS compu- tation algorithm : set widening In practice, if over-approximation gets too important, false negatives quickly appear and computation stops worth trying No false positive for formal verification, only false negative Three disjoint set (f 0,f 1,f ) two set partition (¬f 1,¬f 0 )

6 6 Our formal verifier : evcl Esterel Verification Command Line Built upon the TiGeR BDD package Features : Use of structural information (Selection Tree) to reduce over-approximation White-Box (embed. observers) / Black-Box (external obs.) Model Checking … Variable abstraction up to 23 times faster than inputization on a few experi- ments on industrial designs, although current implementation is rather crude Variable inputization/abstraction not applicable on any design Selection of variables to inputize/abstract not automatized at all (although easy to perform in a IDE providing a hierarchical view of the model to be verified) Variable inputization / abstraction

7 7 Explicit or hybrid implicit/explicit RSS computation A multi-purpose engine for the exploration of the RSS of Esterel circuits : States are analyzed one after another Known states are stored in a hashtable and identified by their state vector Two flavours : Pure explicit approach : Stabilization through recursive branchings on inputs States are analyzed through propagation of data until circuit stabilization, as electric current would do Hybrid implicit/explicit approach : Stabilization through BDD (referencing only inputs) propagation Engine used for several purposes : Automaton generation, formal verification, test sequence generation Support for (constructive) cyclic circuits is transparent Deeply tuned and optimized, many heuristics to avoid time/space explosion high performances

8 8 Automaton generation Application to automaton generation Automata can be exponential both in construction time and storage size All control flow is computed at compile-time Automata often provide the most efficient implementation : Only input/test dependant stuff remain to be evaluated at run-time Esterel v1, v2, v3 used automata as internal model representation Since v4, Esterel use circuits as internal model representation Automaton generation became less important v4 automaton generator became out-of-sync Worked only on acyclic circuits, poor performances, hard to maintain Lot of information on the design are directly available with automata Circuits are almost linear with code size However, automata are still interesting :

9 9 Automaton generation Application to automaton generation Enumerative approach almost required (to respect action causality) Implicit/explicit approach more expensive than pure explicit approach : How to generate automata ? Our automaton generator : By far much more efficient than the v4 one Bundled with the Esterel Compiler since v5_91 Too much BDD cofactoring required

10 10 Application to Formal Verification Application to formal verification For most designs, pure implicit approach is much more efficient However, pure implicit approach : Behaves impredictibly and may blow-up Cannot work on cyclic circuits Is very sensitive to redundant registers Enumerative approaches : Behave very regularly on most designs, although usually much slower Provide transparent support for cyclic circuits Dont care about redundant registers or design depth

11 11 Formal verification case studies Purely linear testbench (depth = 243, 243 states) Pure implicit approach : SAT (Prover) : Pure explicit approach : TI data bus (depth= 181, 652 948 states, lot of redundant registers) Pure implicit approach : SAT (Prover) : Pure explicit approach : Hybrid implicit/explicit approach : 39mn, 8.5Mb still no answer at all after >3h, <40Mb 1.6s, insignificant memory 1.8s, insignificant memory blow-up at depth 9 in 17mn (2Gb) still no answer at all after many hours 2h 33mn, 104Mb 3h 09mn, 110Mb

12 12 Application to exhaustive test sequence generation The Finite State Machine model allows the generation of exhaustive test sequences… on designs of small to average size Several coverage goals : State coverage Output coverage (pathes leading to output emission) Transition coverage … A test generation tool based on a pure implicit approach, providing these coverage goals, has been develop-ped at Esterel Technologies Transition coverage cannot be performed Only connected state pair coverage, at the expense of twice more state variables involved in image computations Enumerative approaches can provide any kind of coverage without signifi- cant overhead Comparison on state coverage : Enumerative approach always more efficient, up to 86 times faster

13 13 Conclusion A formal verification tool based on implicit methods, allowing variable abs- traction and many other features A multi-purpose explicit or hybrid implicit/explicit RSS exploration engine : Explicit automaton generation Exhaustive test sequence generation Formal verification

Download ppt "1 Title Page Implicit and Explicit Reachable State Space Exploration Of Esterel Logical Circuits Advisor :"

Similar presentations

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Software Testing Technique. Introduction Software Testing is the process of executing a program or system with the intent of finding errors. It involves.

Software Testing Technique. Introduction Software Testing is the process of executing a program or system with the intent of finding errors. It involves.
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.

Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Hardware and Petri nets Symbolic methods for analysis and verification.

Hardware and Petri nets Symbolic methods for analysis and verification.
Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.

Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Courtesy RK Brayton (UCB) and A Kuehlmann (Cadence) 1 Logic Synthesis Sequential Synthesis.

Courtesy RK Brayton (UCB) and A Kuehlmann (Cadence) 1 Logic Synthesis Sequential Synthesis.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
CS357 Lecture: BDD basics David Dill 1. 2 BDDs (Boolean/binary decision diagrams) BDDs are a very successful representation for Boolean functions. A BDD.

CS357 Lecture: BDD basics David Dill 1. 2 BDDs (Boolean/binary decision diagrams) BDDs are a very successful representation for Boolean functions. A BDD.
Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.

Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.
Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani

Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.

SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
Timed Automata.

Timed Automata.
1 Implicit and explicit exploration of the reachable state space of Esterel logical circuits December 12 th, 2002 Yannis BRES Advisor: Gérard BERRY PhD.

1 Implicit and explicit exploration of the reachable state space of Esterel logical circuits December 12 th, 2002 Yannis BRES Advisor: Gérard BERRY PhD.
Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.

Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.
ECE 667 - Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.

ECE Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.
Syntax-driven partitioning for model-checking of Esterel programs Eric Vecchié - INRIA Aoste.

Syntax-driven partitioning for model-checking of Esterel programs Eric Vecchié - INRIA Aoste.
SYMBOLIC MODEL CHECKING: 10 20 STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.

SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.

Similar presentations

Ads by Google