Results 1 
9 of
9
Symbolic model checking for sequential circuit verification
 IEEE TRANSACTIONS ON COMPUTERAIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS
, 1994
"... The temporal logic model checking algorithm of Clarke, Emerson, and Sistla [17] is modified to represent state graphs using binary decision diagrams (BDD’s) [7] and partitioned trunsirion relations [lo], 1111. Because this representation captures some of the regularity in the state space of circuit ..."
Abstract

Cited by 222 (10 self)
 Add to MetaCart
The temporal logic model checking algorithm of Clarke, Emerson, and Sistla [17] is modified to represent state graphs using binary decision diagrams (BDD’s) [7] and partitioned trunsirion relations [lo], 1111. Because this representation captures some of the regularity in the state space of circuits with data path logic, we are able to verify circuits with an extremely large number of states. We demonstrate this new technique on a synchronous pipelined design with approximately 5 x 10^120 states. Our model checking algorithm handles full CTL with fairness constraints. Consequently, we are able to express a number of important liveness and fairness properties, which would otherwise not be expressible in CTL. We give empirical results on the performance of the algorithm applied to both synchronous and asynchronous circuits with data path logic.
A Technique of State Space Search Based on Unfolding
 Formal Methods in System Design
, 1992
"... Unfoldings of Petri nets provide a method of searching the state space of concurrent systems without considering all possible interleavings of concurrent events. A procedure is given for constructing the unfolding of a Petri net, terminating the construction when it is sufficient to represent all re ..."
Abstract

Cited by 62 (0 self)
 Add to MetaCart
Unfoldings of Petri nets provide a method of searching the state space of concurrent systems without considering all possible interleavings of concurrent events. A procedure is given for constructing the unfolding of a Petri net, terminating the construction when it is sufficient to represent all reachable markings. This procedure is applied to hazard and deadlock detection in asynchronous circuits. Examples are given of scalable systems with exponential size state spaces, but polynomial size unfoldings, including a distributed mutual exclusion ring circuit.
Verifying temporal properties of reactive systems: A STeP tutorial
 FORMAL METHODS IN SYSTEM DESIGN
, 2000
"... We review a number of formal verification techniques supported by STeP, the Stanford Temporal Prover, describing how the tool can be used to verify properties of several versions of the Bakery algorithm for mutual exclusion. We verify the classic twoprocess algorithm and simple variants, as well a ..."
Abstract

Cited by 24 (5 self)
 Add to MetaCart
We review a number of formal verification techniques supported by STeP, the Stanford Temporal Prover, describing how the tool can be used to verify properties of several versions of the Bakery algorithm for mutual exclusion. We verify the classic twoprocess algorithm and simple variants, as well as an atomic parameterized version. The methods used include deductive verification rules, verification diagrams, automatic invariant generation, and finitestate model checking and abstraction.
Verification of Asynchronous Circuits by BDDbased Model Checking of Petri Nets
 In 16th Int. Conf. on Application and Theory of Petri Nets, volume 935 of LNCS
, 1996
"... . This paper presents a methodology for the verification of speedindependent asynchronous circuits against a Petri net specification. The technique is based on symbolic reachability analysis, modeling both the specification and the gatelevel network behavior by means of boolean functions. These fu ..."
Abstract

Cited by 21 (3 self)
 Add to MetaCart
. This paper presents a methodology for the verification of speedindependent asynchronous circuits against a Petri net specification. The technique is based on symbolic reachability analysis, modeling both the specification and the gatelevel network behavior by means of boolean functions. These functions are efficiently handled by using Binary Decision Diagrams. Algorithms for verifying the correctness of designs, as well as several circuit properties are proposed. Finally, the applicability of our verification method has been proven by checking the correctness of different benchmarks. 1 Introduction During these last few years, asynchronous circuits have gained interest due to their promising advantages, such as local synchronization, elimination of the clock skew problem, faster and less powerconsuming circuits, and high degree of modularity. However, the concurrent nature of asynchronous circuits makes them difficult to design because all transitions must be taken into account ...
Abstract model checking of infinite specifications
 In Proceedings of Formal Methods Europe
, 1994
"... Abstract. A new method for analyzing specifications in languages like Z and VDM is proposed. Theorems are checked automatically by exhaustive search of the state space. An abstraction over the actual states can be defined that reduces an infinite state space to a finite number of equivalence classes ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
Abstract. A new method for analyzing specifications in languages like Z and VDM is proposed. Theorems are checked automatically by exhaustive search of the state space. An abstraction over the actual states can be defined that reduces an infinite state space to a finite number of equivalence classes, allowing it to be searched exhaustively by treating each class as a single abstract state. A prototype has been built that has verified some small theorems from the literature. 1
Symmetry and induction in model checking
 In Computer Science Today: Recent Trends and Developments
, 1995
"... ..."
Model Checking and Deduction for InfiniteState Systems
"... Two wellknown approaches to the verification of reactive systems are deductive verification and model checking. After briefly reviewing them, we present deductive model checking, which combines these two approaches. The new procedure uses deduction to extend the classical tableaubased model checki ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Two wellknown approaches to the verification of reactive systems are deductive verification and model checking. After briefly reviewing them, we present deductive model checking, which combines these two approaches. The new procedure uses deduction to extend the classical tableaubased model checking algorithms to the case of infinitestate systems. 1 Introduction Reactive systems are those with an ongoing interaction with their environment. While the relationship between any two given system states can be expressed in firstorder logic or a suitable assertion language, properties of nonterminating computations, which are infinite sequences of states, are best expressed using some form of temporal logic. The two main approaches to verifying temporal properties of reactive systems are deductive verification, on the one hand, and model checking on the other. In the deductive approach, the validity of a given temporal property over a given program is reduced to the general validity o...
Symbolic model checking of Petri nets for the verification of speedindependent circuits
, 1994
"... This paper presents a symbolic model checking methodology for speedindependent circuit verification. The behavior of the environment is described by using Petri nets. Commonly, this Petri net will be an STG (Signal Transition Graph [RY85, Chu87]), where events usually represent signal transition ..."
Abstract
 Add to MetaCart
This paper presents a symbolic model checking methodology for speedindependent circuit verification. The behavior of the environment is described by using Petri nets. Commonly, this Petri net will be an STG (Signal Transition Graph [RY85, Chu87]), where events usually represent signal transitions. As some approaches use STGs for synthesis, we can directly verify circuits synthesized with these methodologies. The verification technique is based on symbolic BDDbased reachability analysis, modeling both the specification and the gatelevel network behavior by means of boolean functions. We present the isomorphism between sets of markings of a safe Petri net with n places and the boolean algebra of nvariable logic functions. Each marking is represented by a minterm of B n , and each set of markings M is represented by a characteristic function, i.e. a function that evaluates one for all those markings that belong to M . We describe the transition functions to calculate the ...