Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.

Published byMerry Ferguson Modified over 9 years ago

Similar presentations

Presentation on theme: "Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking."— Presentation transcript:

1 Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking

2 Digitaalsüsteemide verifitseerimise kursus2 Property checking If designs to be verified are sequential and the correspondence of states is not known then equivalence checking not an option Property checking traverses the full search space (bounded or unbounded) to check if a property holds in the design. Property checking needed if incomplete or abstract specifications verified

3 Digitaalsüsteemide verifitseerimise kursus3 safety property states that an undesired property should not hold liveness property states that a necessary property should hold fairness property states that some states are traversed repeatedly Types of properties

4 Digitaalsüsteemide verifitseerimise kursus4 Communication between TLC and property automaton with properties: 1.North-South traffic has a different light than East-West traffic. 2.Traffic light follows the sequence R,G,Y,R,G,Y.... Properties as an automaton

5 Digitaalsüsteemide verifitseerimise kursus5 Properties as an automaton

6 Digitaalsüsteemide verifitseerimise kursus6 Temporal structure & computation trees In general, using property automata is inconvenient Therefore other approaches applied: temporal logic, computation trees …

7 Digitaalsüsteemide verifitseerimise kursus7 State graph and state sequence Temporal structure & computation trees

8 Digitaalsüsteemide verifitseerimise kursus8 State transitions tree Temporal structure & computation trees

9 Digitaalsüsteemide verifitseerimise kursus9 Kripke structures: computational tree

10 Digitaalsüsteemide verifitseerimise kursus10 Temporal-logic Consider 3 logics: –LTL (linear temporal logic), –CTL (computation tree logic) and –CTL* LTL assumes linear time model, while CTL assumes branch time model Two types of formulae in temporal logic: state and path formulae

11 Digitaalsüsteemide verifitseerimise kursus11 Temporal-logic: LTL LTL considers a single path 2 temporal operations: X(neXt) and U(Until) LTL formulae: –Every Boolean variable is an LTL formula –If f and g are LTL formulae, then ~f and f+g are LTL formulae –If f and g are LTL formulae, then fUg and Xg are LTL formulae

12 Digitaalsüsteemide verifitseerimise kursus12 More complex functions can be derived: Fg = TRUE U g, i.e. g will eventually become true Gf = ~(F~f), i.e. f is always (globally) true fRg = ~(~f U ~g), i.e. f must be false until g becomes true (Release operation) Temporal-logic: LTL

13 Digitaalsüsteemide verifitseerimise kursus13 Temporal-logic: LTL

14 Digitaalsüsteemide verifitseerimise kursus14 CTL includes 8 operators: AX,EX,AG,EG,AF,EF,AU ja EU In fact can be represented by three: EX,EG and EU AXf = ~EX(~f) AF(f) = ~EG(~f) AG(f) = ~EF(~f) EF(f) = E( TRUE U f) A(fUg) = (~E(~gU(~f)(~g)))(~EG(~g)) Temporal-logic: CTL

15 Digitaalsüsteemide verifitseerimise kursus15 Operation AX(f): Temporal-logic: CTL

16 Digitaalsüsteemide verifitseerimise kursus16 Operation EX(f): Temporal-logic: CTL

17 Digitaalsüsteemide verifitseerimise kursus17 Operation AG(f): Temporal-logic: CTL

18 Digitaalsüsteemide verifitseerimise kursus18 Operation EG(f): Temporal-logic: CTL

19 Digitaalsüsteemide verifitseerimise kursus19 Operation AF(f): Temporal-logic: CTL

20 Digitaalsüsteemide verifitseerimise kursus20 Operation EF(f): Temporal-logic: CTL

21 Digitaalsüsteemide verifitseerimise kursus21 Operation A(fUg): Temporal-logic: CTL

22 Digitaalsüsteemide verifitseerimise kursus22 Operation E(fUg): Temporal-logic: CTL

23 Digitaalsüsteemide verifitseerimise kursus23 Temporal-logic: System Verilog Assertions System Verilog Assertions and PSL also temporal languages!

24 Digitaalsüsteemide verifitseerimise kursus24 Property checking in automata 1.Describe property as automaton, such that some states represent success or failure of property 2.Compose design automaton with property automaton 3.Property succeeds only iff no failure composite state is reachable

25 Digitaalsüsteemide verifitseerimise kursus25 A and B throw dice. When A gets more points, then –A’s score incremented by 1, if the score is not 2. If score is 2, then it becomes 0 again. –B’s score skoor is decremented by 1, if score not 0. If B gets more points, then the same applies but A and B interchanged. If A, B get equal points then score unchanged. Property checking in automata: throwing dice

26 Digitaalsüsteemide verifitseerimise kursus26 Check two properties: 1.Can we have a draw1:1? 2.Can we have a draw 2:2? Property checking in automata: throwing dice

27 Digitaalsüsteemide verifitseerimise kursus27 Property checking in automata: throwing dice

28 Digitaalsüsteemide verifitseerimise kursus28 Property checking in automata: throwing dice

29 Digitaalsüsteemide verifitseerimise kursus29 Language containment Verify: L(D)  L(P)? 1.Construct complementary automaton ¬P for property automaton P 2.Compose: D × ¬P 3.L(D)  L(P), if L(D × ¬P) = Ø

30 Digitaalsüsteemide verifitseerimise kursus30 Language containment in verification

31 Digitaalsüsteemide verifitseerimise kursus31 Symbolic computation and model-checking Graph based algorithms described above operated with automata and Kripke structures Not applicable to large designs. A circuit with 100 flipflops has 2 100 states... In Symbolic computation we don’t enumerate states but convert state traversal to Boolean functions We can verify larger designs

32 Digitaalsüsteemide verifitseerimise kursus32 Forward traversal of states: Symbolic computation and model-checking

33 Digitaalsüsteemide verifitseerimise kursus33 Generating counter-examples Forward traversal until faulty state reached Backward traversal from the faulty state using symbolic computation During backward traversal we limit the state image with the ones obtained during forward traversal This is needed to reach the initial state!

34 Digitaalsüsteemide verifitseerimise kursus34 Generating counter-examples

35 Digitaalsüsteemide verifitseerimise kursus35 Equivalence of Sequential Circuits How to perform sequential equivalence checking without one to one mapping in states? Have to check whether the output state 1 of the combined miter circuit is reachable

Download ppt "Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.

Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.

François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.

Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
CS6133 Software Specification and Verification

CS6133 Software Specification and Verification
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.

Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.

Similar presentations

Ads by Google