Results 1  10
of
27
Symbolic Model Checking: 10^20 States and Beyond
, 1992
"... Many different methods have been devised for automatically verifying finite state systems by examining stategraph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of st ..."
Abstract

Cited by 648 (32 self)
 Add to MetaCart
Many different methods have been devised for automatically verifying finite state systems by examining stategraph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of states. We describe a general method that represents the state space symbolical/y instead of explicitly. The generality of our method comes from using a dialect of the MuCalculus as the primary specification language. We describe a model checking algorithm for MuCalculus formulas that uses Bryant’s Binary Decision Diagrams (Bryant, R. E., 1986, IEEE Trans. Comput. C35) to represent relations and formulas. We then show how our new MuCalculus model checking algorithm can be used to derive efficient decision procedures for CTL model checking, satistiability of lineartime temporal logic formulas, strong and weak observational equivalence of finite transition systems, and language containment for finite wautomata. The fixed point computations for each decision procedure are sometimes complex. but can be concisely expressed in the MuCalculus. We illustrate the practicality of our approach to symbolic model checking by discussing how it can be used to verify a simple synchronous pipeline circuit.
Symbolic model checking for sequential circuit verification
 IEEE TRANSACTIONS ON COMPUTERAIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS
, 1994
"... The temporal logic model checking algorithm of Clarke, Emerson, and Sistla [17] is modified to represent state graphs using binary decision diagrams (BDD’s) [7] and partitioned trunsirion relations [lo], 1111. Because this representation captures some of the regularity in the state space of circuit ..."
Abstract

Cited by 239 (11 self)
 Add to MetaCart
(Show Context)
The temporal logic model checking algorithm of Clarke, Emerson, and Sistla [17] is modified to represent state graphs using binary decision diagrams (BDD’s) [7] and partitioned trunsirion relations [lo], 1111. Because this representation captures some of the regularity in the state space of circuits with data path logic, we are able to verify circuits with an extremely large number of states. We demonstrate this new technique on a synchronous pipelined design with approximately 5 x 10^120 states. Our model checking algorithm handles full CTL with fairness constraints. Consequently, we are able to express a number of important liveness and fairness properties, which would otherwise not be expressible in CTL. We give empirical results on the performance of the algorithm applied to both synchronous and asynchronous circuits with data path logic.
Verification Tools for FiniteState Concurrent Systems
"... Temporal logic model checking is an automatic technique for verifying finitestate concurrent systems. Specifications are expressed in a propositional temporal logic, and the concurrent system is modeled as a statetransition graph. An efficient search procedure is used to determine whether or not t ..."
Abstract

Cited by 124 (3 self)
 Add to MetaCart
(Show Context)
Temporal logic model checking is an automatic technique for verifying finitestate concurrent systems. Specifications are expressed in a propositional temporal logic, and the concurrent system is modeled as a statetransition graph. An efficient search procedure is used to determine whether or not the statetransition graph satisfies the specification. When the technique was first developed ten years ago, it was only possible to handle concurrent systems with a few thousand states. In the last few years, however, the size of the concurrent systems that can be handled has increased dramatically. By representing transition relations and sets of states implicitly using binary decision diagrams, it is now possible to check concurrent systems with more than 10 120 states. In this paper we describe in detail how the new implementation works and
Formal Verification by Symbolic Evaluation of PartiallyOrdered Trajectories
 Formal Methods in System Design
, 1993
"... Symbolic trajectory evaluation provides a means to formally verify properties of a sequential system by a modified form of symbolic simulation. The desired system properties are expressed in a notation combining Boolean expressions and the temporal logic "nexttime" operator. In its sim ..."
Abstract

Cited by 104 (27 self)
 Add to MetaCart
Symbolic trajectory evaluation provides a means to formally verify properties of a sequential system by a modified form of symbolic simulation. The desired system properties are expressed in a notation combining Boolean expressions and the temporal logic "nexttime" operator. In its simplest form, each property is expressed as an assertion [A =) C], where the antecedent A expresses some assumed conditions on the system state over a bounded time period, and the consequent C expresses conditions that should result. A generalization allows simple invariants to be established and proven automatically. The verifier operates on system models in which the state space is ordered by "information content". By suitable restrictions to the specification notation, we guarantee that for every trajectory formula, there is a unique weakest state trajectory that satisfies it. Therefore, we can verify an assertion [A =) C] by simulating the system over the weakest trajectory for A and testing...
Multiway Decision Graphs for Automated Hardware Verification
, 1996
"... Traditional ROBDDbased methods of automated verification suffer from the drawback that they require a binary representation of the circuit. To overcome this limitation we propose a broader class of decision graphs, called Multiway Decision Graphs (MDGs), of which ROBDDs are a special case. With MDG ..."
Abstract

Cited by 80 (14 self)
 Add to MetaCart
Traditional ROBDDbased methods of automated verification suffer from the drawback that they require a binary representation of the circuit. To overcome this limitation we propose a broader class of decision graphs, called Multiway Decision Graphs (MDGs), of which ROBDDs are a special case. With MDGs, a data value is represented by a single variable of abstract type, rather than by 32 or 64 boolean variables, and a data operation is represented by an uninterpreted function symbol. MDGs are thus much more compact than ROBDDs, and this greatly increases the range of circuits that can be verified. We give algorithms for MDG manipulation, and for implicit state enumeration using MDGs. We have implemented an MDG package and provide experimental results.
Reducing BDD Size by Exploiting Functional Dependencies
 in Proc. DAC
, 1993
"... Many researchers have reported that the use of Boolean decision diagrams (BDDs) greatly increases the size of hardwaredesigns that can be formally verifiedautomatically. Our own experience with automatic verification of highlevel aspects of hardware design, such as protocols for cache coherence and ..."
Abstract

Cited by 39 (4 self)
 Add to MetaCart
(Show Context)
Many researchers have reported that the use of Boolean decision diagrams (BDDs) greatly increases the size of hardwaredesigns that can be formally verifiedautomatically. Our own experience with automatic verification of highlevel aspects of hardware design, such as protocols for cache coherence and communications, contradicts previous results; in fact, BDDs have been substantially inferior to bruteforce algorithms that store states explicitly in a table. We believe that new techniques will be needed to realize the potential advantages of BDD verification at the protocol level. Here, we identify functionally dependent variables as a common cause of BDDsize blowup, and describe new techniques to avoid the problem. Using the improved algorithm, we reduce an exponentiallysized problem to a provably O(n log n)sized one, achieving several orders of magnitude reduction in BDD size. I INTRODUCTION With the increasing cost and complexity of hardware designs and protocols, formal verificatio...
Symbolic Trajectory Evaluation
 Formal Hardware Verification
, 1996
"... ion The main problem with model checking is the state explosion problem  the state space grows exponentially with system size. Two methods have some popularity in attacking this problem: compositional methods and abstraction. While they cannot solve the problem in general, they do offer significa ..."
Abstract

Cited by 26 (6 self)
 Add to MetaCart
(Show Context)
ion The main problem with model checking is the state explosion problem  the state space grows exponentially with system size. Two methods have some popularity in attacking this problem: compositional methods and abstraction. While they cannot solve the problem in general, they do offer significant improvements in performance. The direct method of verifying that a circuit has a property f is to show the model M satisfies f . The idea behind abstraction is that instead of verifying property f of model M , we verify property f A of model MA and the answer we get helps us answer the original problem. The system MA is an abstraction of the system M . One possibility is to build an abstraction MA that is equivalent (e.g. bisimilar [48]) to M . This sometimes leads to performance advantages if the state space of MA is smaller than M . This type of abstraction would more likely be used in model comparison (e.g. as in [38]). Typically, the behaviour of an abstraction is not equivalent...
New Techniques for Efficient Verification with Implicitly Conjoined BDDs
, 1994
"... In previous work, Hu and Dill identified a common cause of BDDsize blowup in highlevel design verification and proposed the method of implicitly conjoined invariants to address the problem. That work, however, had some limitations: the user had to supply the property being verified as an implicit ..."
Abstract

Cited by 26 (9 self)
 Add to MetaCart
(Show Context)
In previous work, Hu and Dill identified a common cause of BDDsize blowup in highlevel design verification and proposed the method of implicitly conjoined invariants to address the problem. That work, however, had some limitations: the user had to supply the property being verified as an implicit conjunction of BDDs, the heuristic used to decide which conjunctions to evaluate was rather simple, and the termination test, though fast and effective on a set of examples, was not proven to be always correct. In this work, we address those problems by proposing a new, more sophisticated heuristic to simplify and evaluate lists of implicitly conjoined BDDs and an exact termination test. We demonstrate on examples that these more complex heuristics are reasonably efficient as well as allowing verification of examples that were previously intractable.
Formal Verification of Digital Circuits Using Symbolic Ternary System Models
"... Ternary system modeling involves extending the traditional set of binary values f0; 1g with a third value X indicating an unknown or indeterminate condition. By making this extension, we can model a wider range of circuit phenomena. We can also efficiently verify sequential circuits in which the ..."
Abstract

Cited by 25 (6 self)
 Add to MetaCart
(Show Context)
Ternary system modeling involves extending the traditional set of binary values f0; 1g with a third value X indicating an unknown or indeterminate condition. By making this extension, we can model a wider range of circuit phenomena. We can also efficiently verify sequential circuits in which the effect of a given operation depends on only a subset of the total system state.
HigherLevel Specification and Verification with BDDs
 IN COMPUTERAIDED VERIFICATION: FOURTH INTERNATIONAL WORKSHOP
, 1992
"... Currently, many are investigating promising verification methods based on Boolean decision diagrams (BDDs). Using BDDs, however, requires modeling the system under verification in terms of Boolean formulas. This modeling ..."
Abstract

Cited by 22 (4 self)
 Add to MetaCart
Currently, many are investigating promising verification methods based on Boolean decision diagrams (BDDs). Using BDDs, however, requires modeling the system under verification in terms of Boolean formulas. This modeling