Presentation is loading. Please wait.

Presentation is loading. Please wait.

Formal Verification of Safety Properties in Timed Circuits Marco A. Peña (Univ. Politècnica de Catalunya) Jordi Cortadella (Univ. Politècnica de Catalunya)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Formal Verification of Safety Properties in Timed Circuits Marco A. Peña (Univ. Politècnica de Catalunya) Jordi Cortadella (Univ. Politècnica de Catalunya)"— Presentation transcript:

1 Formal Verification of Safety Properties in Timed Circuits Marco A. Peña (Univ. Politècnica de Catalunya) Jordi Cortadella (Univ. Politècnica de Catalunya) Alex Kondratyev (Theseus Logic Inc.) Enric Pastor (Univ. Politècnica de Catalunya)

2 y- a+b+ x+y+ c+ c- a- b- x- x+y- y+x- a b x y c Are there any hazards or glitches?

3 Outline Preliminaries Transitions systems and timing constraints From absolute to relative timing State space refinement by timing constraints Verification algorithm Results and conclusions

4 Gate Delay Model d  [3,5] d  [2,4] X Y Z X Y Z 3 5 2 4

5 A circuit is a concurrent system Gates  Processes Delays  Computation times Signal transitions  Events

6 Previous work Time separation of events –McMillan & Dill (1992): min/max constraints in acyclic graphs –Hulgaard & Burns (1994): max constraints for cyclic graphs with choice Zone automata –Dill (1989): Clock zones represented as conjunctions of timing constraints (difference-bound matrices) –Rockiki, Myers, Belluomini (1994, 1998): Partial orders to reduce the number of geometric regions (ATACS) –Maler (1995): Timed polyhedra (Open KRONOS) Incremental refinement –Alur et al. (1995): timing constraints added as needed (COSPAN, timed automata). –Balarin & Sangiovanni-Vincentelli (1995): trace-based refinement –Negulescu (1997): process spaces (FIREMAPS)

7 Time separation of events –McMillan & Dill (1992): min/max constraints in acyclic graphs Incremental refinement Our approach for absolute timing analysis by acyclic graphs with relative timing

8 Applicable to timed transition systems, with any type of causality relations Verification of temporal safety properties BDD-based symbolic representation (large untimed state spaces can be handled) Backannotation: sufficient (relative) timing constraints for correctness are reported Our approach: features

9 Transition systems and timing constraints

10 x a a a b b b c c c c c g g g g b b d d y Transition System States Transitions Events g

11 x a a a b b b c c c c c g g g g b b d d y Firing Region (a) g

12 x a a a b b b c c c c c g g g g b b d d y Firing Region (b) g

13 x a a a b b b c c c c c g g g g b b d d y g Concurrency a || b

14 x a a a b b b c c c c c g g g g b b d d y AND causality g a b c d FR (d)

15 x a a a b b b c c c c c g g g g b b d d y OR causality g a b c FR (c)

16 Property g must fire before d after having fired x x a a a b b b c c c c c g g g g b b d d y g

17 x a a b b b c c c c c g g d y Timed Transition System (Manna, Pnueli) Transition System Min/Max Delays  (a)  [1,2]  (b)  [1,2]  (c)  [2.5,3]  (g)  [0.5,0.5]  d,x,y 

18 From absolute to relative timing

19 {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g x a a a b b b c c c c c g g g g b b d d y g

20 An event e can only become enabled at the time another event e’ fires (e’ triggers e) {e’,...} {e,...} e’ {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g

21 a a x x g b b c c d d g Timing-consistent trace Time assignment to event firings such that...  min (g)  t 6 - t 2   max (g) t1t1 t2t2 t3t3 t4t4 t5t5 t6t6 {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g

22 Event structure from a trace x a b c d g a a x x g b b c c d d g {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g

23 {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g x a b c d g

24 x a b c d g {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g

25 x a b c d g {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g

26 x a b c d g {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g

27 x a b c d g {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g

28 x a b c d g {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g

29 x a b c d g {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g Trace and event structure are enabling compatible

30 {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g x a b c d g {x} {a,b} {a} {c,g} {d,g} {g} Ø x b a c d g {x} {a,b} {b,c,g} {b,g} {b} {d} Ø x a c g b d {x} {a,b} {b,c,g} {b,c} {c} {d} Ø x a g b c d

31 x a b c d g [1,2] [2.5,3] [0.5,0.5] [0,  ) Maximum Time Separation (McMillan & Dill, 1992) max  (g) -  (d) = -2

32 x a b c d g [1,2] [2.5,3] [0.5,0.5] [0,  ) Maximum Time Separation (McMillan & Dill, 1992) max  (g) -  (d) 0 0 0 0 2.5 3.5 longest min path for d -2 0 0 0 0 -1.5 slack for max path of g = -2

33 x a b c d g Maximum Time Separation (McMillan & Dill, 1992) max  (g) -  (d) = -2 From absolute to relative timing

34 {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g x a b c d g {x} {a,b} {a} {c,g} {d,g} {g} Ø x b a c d g {x} {a,b} {b,c,g} {b,g} {b} {d} Ø x a c g b d {x} {a,b} {b,c,g} {b,c} {c} {d} Ø x a g b c d

35 {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g x a b c d g  min and  max for each event Theorem: timed The trace is timing consistent iff it is an enabling-compatible trace of the timed event structure {x} {a,b} {b,c,g} {b,g} {b} {d} Ø x a c g b d

36 State space refinement by timing constraints

37 x a a a b b b c c c c c g g g g b b d d y g x a b c g d

38 x a a a b b b c c c c c g g g g b b d d y g x a b c g d

39 x a a a b b b c c c c c g g g g b b d d y g x a b c g d

40 x a a a b b b c c c c c g g g g b b d d y g x a b c g d

41 x a a a b b b c c c c c g g g g b b d d y g x a b c g d

42 x a a a b b b c c c c c g g g g b b d d y g x a b c g d

43 x a a a b b b c c c c c g g g g b b d d y g x a b c g d Enabling compatible

44 x a a a b b b c c c c c g g g g b b d d y g x a b c g d

45 x a a a b b b c c c c c g g g g b b d d y g x a b c g d Not enabling compatible

46 x a a a b b b c c c c c g g g g b b d d y g x a b c g d

47 x a a a b b b c c c c c g g g g b b d d y g x a b c g d

48 x a a a b b b c c c c c g g g g b b d d y g x a b c g d

49 x a b b b c c c c g g g g b b d d y g a a c c c g g g d d y

50 x a b b c c c c g g g g b b d d g x a b c g d Timing analysis

51 x a b b c c c c g g g g b b d d g x a b c g d

52 x a b b c c c c g g d x a b c g d

53 x a b b c g g d b y a a c c c g g g d d y

54 x b a a c c c g g g d d x a b c g d

55 x b a a c c c g g g d d x a b c g d

56 x b a c c c g d x a b c g d

57 x b a c g d a b c g g d y y b

58 x a b b b c g g d y a c g d y

59 Verification algorithm

60

61

62

63

64

65

66

67 Symbolic state space exploration and failure detection

68 Border of failure states Failure trace Event structure x a b c g d Timing analysis Composition

69 Failure trace Event structure Timing analysis x a b c g d Composition

70 r s t u w

71 r s t u w

72 i j k

73 i j k

74 i j k r s t u w x a b c g d Backannotation (sufficient timing constraints)

75 Convergence of the algorithm Nodal points All cycles cut by nodal points Finite number of traces between nodal points Convergence and exact results guaranteed

76 Implementation issues Event structure: calculated from the shortest suffix that invalidates the failure trace Composition: slight modification of the Transition Relation (one extra boolean variable to indicate enabling compatibility) State encoding: n bits for untimed states n+k bits for timed states (k event structures used for timing analysis)

77 Experimental results

78

79 Conclusions Timing analysis with absolute delays typically produces unmanageable state spaces Temporal properties (no glitches, mutual exclusion, no conflicts) can be posed as relative timing constraints Strategy: combine absolute timing (for analysis) with relative timing (for state space calculation) Backannotation: important in the design flow and for sensitivity analysis

80 Experimental results: the STARI FIFO

Download ppt "Formal Verification of Safety Properties in Timed Circuits Marco A. Peña (Univ. Politècnica de Catalunya) Jordi Cortadella (Univ. Politècnica de Catalunya)"

Similar presentations

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.
Clocked Mazurkiewicz Traces and Partial Order Reductions for Timed Automata D. Lugiez, P. Niebert, S. Zennou Laboratoire d Informatique Fondamentale de.

Clocked Mazurkiewicz Traces and Partial Order Reductions for Timed Automata D. Lugiez, P. Niebert, S. Zennou Laboratoire d Informatique Fondamentale de.
Modeling and Analyzing Periodic Distributed Computations Anurag Agarwal Vijay Garg Vinit Ogale The University.

Modeling and Analyzing Periodic Distributed Computations Anurag Agarwal Vijay Garg Vinit Ogale The University.
Concurrent Operational Semantics of Safe Time Petri Nets Claude Jard European University of Brittany, ENS Cachan Bretagne, IRISA Campus de Ker-Lann, 35170.

Concurrent Operational Semantics of Safe Time Petri Nets Claude Jard European University of Brittany, ENS Cachan Bretagne, IRISA Campus de Ker-Lann,
Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.

Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Timed Automata.

Timed Automata.
26 September 2003U. Buy -- SEES 2003 Sidestepping verification complexity with supervisory control Ugo Buy Department of Computer Science Houshang Darabi.

26 September 2003U. Buy -- SEES 2003 Sidestepping verification complexity with supervisory control Ugo Buy Department of Computer Science Houshang Darabi.
1 Advanced Digital Design Synthesis of Control Circuits by A. Steininger and J. Lechner Vienna University of Technology.

1 Advanced Digital Design Synthesis of Control Circuits by A. Steininger and J. Lechner Vienna University of Technology.
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
Model Checking for Probabilistic Timed Systems Jeremy Sproston Università di Torino VOSS Dagstuhl seminar 9th December 2002.

Model Checking for Probabilistic Timed Systems Jeremy Sproston Università di Torino VOSS Dagstuhl seminar 9th December 2002.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Hazard-free logic synthesis and technology mapping I Jordi Cortadella Michael Kishinevsky Alex Kondratyev Luciano Lavagno Alex Yakovlev Univ. Politècnica.

Hazard-free logic synthesis and technology mapping I Jordi Cortadella Michael Kishinevsky Alex Kondratyev Luciano Lavagno Alex Yakovlev Univ. Politècnica.
Hardware and Petri nets Synthesis of asynchronous circuits from Signal Transition Graphs.

Hardware and Petri nets Synthesis of asynchronous circuits from Signal Transition Graphs.
Yongjian Li The State Key Laboratory of Computer Science Chinese Academy of Sciences William N. N. HungSynopsys Inc. Xiaoyu SongPortland State University.

Yongjian Li The State Key Laboratory of Computer Science Chinese Academy of Sciences William N. N. HungSynopsys Inc. Xiaoyu SongPortland State University.
STARI: A Case Study in Compositional and Hierarchical Timing Verification Serdar Tasiran, Prof. Robert K. Brayton Department of Electrical Engineering.

STARI: A Case Study in Compositional and Hierarchical Timing Verification Serdar Tasiran, Prof. Robert K. Brayton Department of Electrical Engineering.
Ordering and Consistent Cuts Presented By Biswanath Panda.

Ordering and Consistent Cuts Presented By Biswanath Panda.
Hardware and Petri nets: application to asynchronous circuit design Jordi CortadellaUniversitat Politècnica de Catalunya, Spain Michael KishinevskyIntel.

Hardware and Petri nets: application to asynchronous circuit design Jordi CortadellaUniversitat Politècnica de Catalunya, Spain Michael KishinevskyIntel.
Using Interfaces to Analyze Compositionality Haiyang Zheng and Rachel Zhou EE290N Class Project Presentation Dec. 10, 2004.

Using Interfaces to Analyze Compositionality Haiyang Zheng and Rachel Zhou EE290N Class Project Presentation Dec. 10, 2004.
Introduction to asynchronous circuit design: specification and synthesis Part III: Advanced topics on synthesis of control circuits from STGs.

Introduction to asynchronous circuit design: specification and synthesis Part III: Advanced topics on synthesis of control circuits from STGs.

Similar presentations

Ads by Google