Presentation is loading. Please wait.

Presentation is loading. Please wait.

- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -

Published byNathan Hodges Modified over 8 years ago

Similar presentations

Presentation on theme: "- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -"— Presentation transcript:

1

2 - 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -

3 - 2 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation

4 - 3 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Formal verification  Formal verification = formally proving a system correct, using the language of mathematics.  Formal model required. Obtaining this cannot be automated.  If the model is available, we can try to prove properties.  Even a formally verified system can fail (e.g. if assumptions are not met).  Classification by the type of logics.  Formal verification = formally proving a system correct, using the language of mathematics.  Formal model required. Obtaining this cannot be automated.  If the model is available, we can try to prove properties.  Even a formally verified system can fail (e.g. if assumptions are not met).  Classification by the type of logics.

5 - 4 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Propositional logic (1)  Consisting of Boolean formulas comprising Boolean variables and connectives such as  and .  Gate-level logic networks can be described.  Typical aim: checking if two models are equivalent (called tautology checkers or equivalence checkers).  Since propositional logic is decidable, it is also decidable whether or not the two representations are equivalent.  Tautology checkers can frequently cope with designs which are too large to allow simulation-based exhaustive validation.  Consisting of Boolean formulas comprising Boolean variables and connectives such as  and .  Gate-level logic networks can be described.  Typical aim: checking if two models are equivalent (called tautology checkers or equivalence checkers).  Since propositional logic is decidable, it is also decidable whether or not the two representations are equivalent.  Tautology checkers can frequently cope with designs which are too large to allow simulation-based exhaustive validation.

6 - 5 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Propositional logic (2)  Reason for power of tautology checkers: Binary Decision Diagrams (BDDs)  Complexity of equivalence checks of Boolean functions represented with BDDs: O(number of BDD-nodes) (equivalence check for sums of products is NP-hard). #(BDD-nodes) not to be ignored!  Many functions can be efficiently represented with BDDs. In general, however, the #(nodes) of BDDs grows exponentially with the number of variables.  Simulators frequently replaced by equivalence checkers if functions can be efficiently represented with BDDs.  Very much limited ability to verify FSMs.  Reason for power of tautology checkers: Binary Decision Diagrams (BDDs)  Complexity of equivalence checks of Boolean functions represented with BDDs: O(number of BDD-nodes) (equivalence check for sums of products is NP-hard). #(BDD-nodes) not to be ignored!  Many functions can be efficiently represented with BDDs. In general, however, the #(nodes) of BDDs grows exponentially with the number of variables.  Simulators frequently replaced by equivalence checkers if functions can be efficiently represented with BDDs.  Very much limited ability to verify FSMs.

7 - 6 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund First order logic (FOL) FOL includes quantification, using  and . Some automation for verifying FOL models is feasible. However, since FOL is undecidable in general, there may be cases of doubt. FOL includes quantification, using  and . Some automation for verifying FOL models is feasible. However, since FOL is undecidable in general, there may be cases of doubt.

8 - 7 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Higher order logic (HOL) Higher order allows functions to be manipulated like other objects. For higher order logic, proofs can hardly ever be automated and typically must be done manually with some proof- support. Higher order allows functions to be manipulated like other objects. For higher order logic, proofs can hardly ever be automated and typically must be done manually with some proof- support.

9 - 8 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Temporal logic (1) Logic extended with a notion of "time" Branching vs. linear time:  Linear time Models physical time At each time instant, only one of the future behaviors is considered.  Branching time (at each time instant, all possible future behaviors are considered). Models different computational sequences of a system. Nondeterministic selection of the path taken. Logic extended with a notion of "time" Branching vs. linear time:  Linear time Models physical time At each time instant, only one of the future behaviors is considered.  Branching time (at each time instant, all possible future behaviors are considered). Models different computational sequences of a system. Nondeterministic selection of the path taken. T. Kropf: Introduction to Formal Hardware Verification, Springer, 1999

10 - 9 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Temporal logic (2) Discrete vs. continuous time  Discrete time Used by most temporal logics, mostly using natural numbers to model time.  Continuous time Using real numbers Discrete vs. continuous time  Discrete time Used by most temporal logics, mostly using natural numbers to model time.  Continuous time Using real numbers ℕ ℝ T. Kropf: Introduction to Formal Hardware Verification, Springer, 1999

11 - 10 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Temporal structures Definition: A temporal structure M:= (S,R,L) consists of 1.A finite set of states S 2.A transition relation R  S  S with  s  S  s'  S:(s,s')  R 3.A labeling function L: S  (V), with being the set of propositional variables (atomic formulas) This structure is often called Kripke structure. Definition: A temporal structure M:= (S,R,L) consists of 1.A finite set of states S 2.A transition relation R  S  S with  s  S  s'  S:(s,s')  R 3.A labeling function L: S  (V), with being the set of propositional variables (atomic formulas) This structure is often called Kripke structure. T. Kropf: Introduction to Formal Hardware Verification, Springer, 1999

12 - 11 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Link between temporal structures and computation trees Starting state s°  S defined ab cbc s°s° s²s²s1s1 ab bc c c cab Temporal structure Computation trees T. Kropf: Introduction to Formal Hardware Verification, Springer, 1999

13 - 12 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Computation tree logic (CTL) Let V be a set of atomic propositions CTL formulas are defined recursively: 1.Every atomic proposition is a formula 2.If f 1 and f 2 are CTL formulas, then so are  f 1, f 1  f 2, AX f 1, EX f 1, A[f 1 U f 2 ] and E[f 1 U f 2 ] AX f 1 means: holds in state s° iff f 1 holds in all successor states of s° EX f 1 means: There exists a successor such that f 1 holds A[f 1 U f 2 ] means: always until. E[f 1 U f 2 ] means: There exists a path such that f 1 holds until is f 2 satisfied. Let V be a set of atomic propositions CTL formulas are defined recursively: 1.Every atomic proposition is a formula 2.If f 1 and f 2 are CTL formulas, then so are  f 1, f 1  f 2, AX f 1, EX f 1, A[f 1 U f 2 ] and E[f 1 U f 2 ] AX f 1 means: holds in state s° iff f 1 holds in all successor states of s° EX f 1 means: There exists a successor such that f 1 holds A[f 1 U f 2 ] means: always until. E[f 1 U f 2 ] means: There exists a path such that f 1 holds until is f 2 satisfied. Christoph Kern and Mark R. Greenstreet: Formal Verification In Hardware Design: A Survey, ACM Transactions on Design Automation of Electronic Systems, Vol. 4, No. 2, April 1999, Pages 123–193.

14 - 13 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Model checking Aims at the verification of finite state systems. Analyzes the state space of the system. Verification using this approach requires three stages:  generation of a model of the system to be verified,  definition of the properties expected, and  model checking (the actual verification step). Aims at the verification of finite state systems. Analyzes the state space of the system. Verification using this approach requires three stages:  generation of a model of the system to be verified,  definition of the properties expected, and  model checking (the actual verification step).

15 - 14 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund 2 types of input Verification tools can prove or disprove the properties. In the latter case, they can provide a counter-example. Example: Clarke’s EMC-system Verification tools can prove or disprove the properties. In the latter case, they can provide a counter-example. Example: Clarke’s EMC-system

16 - 15 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Computational properties  Model checking is easier to automate than FOL.  In 1987, model checking was implemented using BDDs.  It was possible to locate several errors in the specification of the future bus protocol.  Extensions are needed in order to also cover real-time behavior and numbers.  Model checking is easier to automate than FOL.  In 1987, model checking was implemented using BDDs.  It was possible to locate several errors in the specification of the future bus protocol.  Extensions are needed in order to also cover real-time behavior and numbers.

17 - 16 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Examples of successful verification (1) Microprocessors 1.Generic interpreter theory 2.Pipelined processors 3.FM 9001 4.AAMP5 5.PowerPC transistor level verification [Kühlmann, 1995] Floating point units 1.Intel extended precision FPU 2.ADK IEEE floating point multiplier Microprocessors 1.Generic interpreter theory 2.Pipelined processors 3.FM 9001 4.AAMP5 5.PowerPC transistor level verification [Kühlmann, 1995] Floating point units 1.Intel extended precision FPU 2.ADK IEEE floating point multiplier Christoph Kern and Mark R. Greenstreet: Formal Verification In Hardware Design: A Survey, ACM Transactions on Design Automation of Electronic Systems, Vol. 4, No. 2, April 1999, Pages 123–193.

18 - 17 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Examples of successful verification (2) Asynchronous and distributed systems 1.Summit bus converter 2.Cache coherence protocols Memory subsystems ATM switch fabrics Asynchronous and distributed systems 1.Summit bus converter 2.Cache coherence protocols Memory subsystems ATM switch fabrics Christoph Kern and Mark R. Greenstreet: Formal Verification In Hardware Design: A Survey, ACM Transactions on Design Automation of Electronic Systems, Vol. 4, No. 2, April 1999, Pages 123–193.

19 - 18 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund The end Lectures: Peter MarwedelSlides: Peter MarwedelLabs: Birgit Sirocic, Robert PykaTextbook: Peter MarwedelCopyright: University of Dortmund, MMV

Download ppt "- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -"

Similar presentations

Evaluation and Validation

Evaluation and Validation
1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.

Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.

Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.

François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
SYMBOLIC MODEL CHECKING: 10 20 STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.

SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.

Similar presentations

Ads by Google