Results 1 
9 of
9
Formal Verification by Symbolic Evaluation of PartiallyOrdered Trajectories
 Formal Methods in System Design
, 1993
"... Symbolic trajectory evaluation provides a means to formally verify properties of a sequential system by a modified form of symbolic simulation. The desired system properties are expressed in a notation combining Boolean expressions and the temporal logic "nexttime" operator. In its simplest form ..."
Abstract

Cited by 99 (25 self)
 Add to MetaCart
Symbolic trajectory evaluation provides a means to formally verify properties of a sequential system by a modified form of symbolic simulation. The desired system properties are expressed in a notation combining Boolean expressions and the temporal logic "nexttime" operator. In its simplest form, each property is expressed as an assertion [A =) C], where the antecedent A expresses some assumed conditions on the system state over a bounded time period, and the consequent C expresses conditions that should result. A generalization allows simple invariants to be established and proven automatically. The verifier operates on system models in which the state space is ordered by "information content". By suitable restrictions to the specification notation, we guarantee that for every trajectory formula, there is a unique weakest state trajectory that satisfies it. Therefore, we can verify an assertion [A =) C] by simulating the system over the weakest trajectory for A and testing...
A Methodology for Hardware Verification Based on Logic Simulation
 Journal of the ACM
, 1991
"... A logic simulator can prove the correctness of a digital circuit if it can be shown that only circuits fulfilling the system specification will produce a particular response to a sequence of simulation commands. This style of verification has advantages over other proof methods in being readily a ..."
Abstract

Cited by 37 (5 self)
 Add to MetaCart
A logic simulator can prove the correctness of a digital circuit if it can be shown that only circuits fulfilling the system specification will produce a particular response to a sequence of simulation commands. This style of verification has advantages over other proof methods in being readily automated and requiring less attention on the part of the user to the lowlevel details of the design. It has advantages over other approaches to simulation in providing more reliable results, often at a comparable cost.
Formal Verification of Digital Circuits Using Symbolic Ternary System Models
"... Ternary system modeling involves extending the traditional set of binary values f0; 1g with a third value X indicating an unknown or indeterminate condition. By making this extension, we can model a wider range of circuit phenomena. We can also efficiently verify sequential circuits in which the ..."
Abstract

Cited by 23 (6 self)
 Add to MetaCart
Ternary system modeling involves extending the traditional set of binary values f0; 1g with a third value X indicating an unknown or indeterminate condition. By making this extension, we can model a wider range of circuit phenomena. We can also efficiently verify sequential circuits in which the effect of a given operation depends on only a subset of the total system state.
Detecting Races in Relay Ladder Logic Programs
, 1998
"... . Relay Ladder Logic (RLL) [5] is a programming language widely used for complex embedded control applications such as manufacturing and amusement park rides. The cost of bugs in RLL programs is extremely high, often measured in millions of dollars (for shutting down a factory) or human safety (for ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
. Relay Ladder Logic (RLL) [5] is a programming language widely used for complex embedded control applications such as manufacturing and amusement park rides. The cost of bugs in RLL programs is extremely high, often measured in millions of dollars (for shutting down a factory) or human safety (for rides). In this paper, we describe our experience in applying constraintbased program analysis techniques to analyze production RLL programs. Our approach is an interesting combination of probabilistic testing and program analysis, and we show that our system is able to detect bugs with high probability, up to the approximations made by the conservative program analysis. We demonstrate that our analysis is useful in detecting some flaws in production RLL programs that are difficult to find by other techniques. Key words: Constraints  Software  Static Analysis  Testing  Verification 1 Introduction Programmable logic controllers (PLC's) are used extensively for complex embedded con...
Symbolic Verification of MOS Circuits
, 1985
"... The program MOSSYM simulates the behavior of a MOS circuit represented as a switchlevel network symbolically. That is, during simulator operation the user can set an input to either 0, 1, or a Boolean variable. The simulator then computes the behavior of the circuit as a function of the past and pr ..."
Abstract

Cited by 13 (6 self)
 Add to MetaCart
The program MOSSYM simulates the behavior of a MOS circuit represented as a switchlevel network symbolically. That is, during simulator operation the user can set an input to either 0, 1, or a Boolean variable. The simulator then computes the behavior of the circuit as a function of the past and present input variables. By using heuristically efficient Boolean function manipulation algorithms, the verification of a circuit by symbolic simulation can proceed much more quickly than by exhaustive logic simulation. In this paper we present our concept of symbolic simulation, derive an algorithm for switchlevel symbolic simulation, and present experimental measurements from MOSSYM.
Ternary Simulation: A Refinement of Binary Functions or an Abstraction of RealTime Behaviour?
 PROCEEDINGS OF THE 3RD WORKSHOP ON DESIGNING CORRECT CIRCUITS (DCC96
, 1996
"... We prove the equivalence between the ternary circuit model and a notion of intuitionistic stabilization bounds. The results are obtained as an application of the timing interpretation of intuitionistic propositional logic presented in [12]. We show that if one takes an intensional view of the ternar ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
We prove the equivalence between the ternary circuit model and a notion of intuitionistic stabilization bounds. The results are obtained as an application of the timing interpretation of intuitionistic propositional logic presented in [12]. We show that if one takes an intensional view of the ternary model then the delays that have been abstracted away can be completely recovered. Our intensional soundness and completeness theorems imply that the extracted delays are both correct and exact; thus we have developed a framework which unifies ternary simulation and functional timing analysis. Our focus is on the combinational behaviour of gatelevel circuits with feedback.
Timing Analysis of Combinational Circuits in Intuitionistic Propositional Logic
 Formal Methods in System Design
, 1999
"... Classical logic has so far been the logic of choice in formal hardware verification. This paper proposes the application of intuitionistic logic to the timing analysis of digital circuits. The intuitionistic setting serves two purposes. The modeltheoretic properties are exploited to handle the s ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Classical logic has so far been the logic of choice in formal hardware verification. This paper proposes the application of intuitionistic logic to the timing analysis of digital circuits. The intuitionistic setting serves two purposes. The modeltheoretic properties are exploited to handle the secondorder nature of bounded delays in a purely propositional setting without need to introduce explicit time and temporal operators. The proof theoretic properties are exploited to extract quantitative timing information and to reintroduce explicit time in a convenient and systematic way. We present a natural Kripkestyle semantics for intuitionistic propositional logic, as a special case of a Kripke constraint model for Propositional Lax Logic [15], in which validity is validity up to stabilisation, and implication oe comes out as "boundedly gives rise to." We show that this semantics is equivalently characterised by a notion of realisability with stabilisation bounds as realisers...
Digital Circuit Verification using PartiallyOrdered State Models
 In International Symposium on MultiValued Logic
, 1994
"... Many aspects of digital circuit operation can be efficiently verified by simulating circuit operation over "weakened" state values. This technique has long been practiced with logic simulators, using the value X to indicate a signal that could be either 0 or 1. This concept can be formally extended ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Many aspects of digital circuit operation can be efficiently verified by simulating circuit operation over "weakened" state values. This technique has long been practiced with logic simulators, using the value X to indicate a signal that could be either 0 or 1. This concept can be formally extended to a wider class of circuit models and signal values, yielding latticestructured state domains. For more precise modeling of circuit operation, these values can be encoded in binary and hence represented symbolically as Ordered Binary Decision Diagrams. The net result is a tool for formal verification that can apply a hybrid of symbolic and partiallyordered evaluation.
Transforming Cyclic Circuits Into Acyclic Equivalents
, 2008
"... Designers and highlevel synthesis tools can introduce unwanted cycles in digital circuits, and for certain combinational functions, cyclic circuits that are stable and do not hold state are the smallest or most natural representations. Cyclic combinational circuits have welldefined functional beha ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Designers and highlevel synthesis tools can introduce unwanted cycles in digital circuits, and for certain combinational functions, cyclic circuits that are stable and do not hold state are the smallest or most natural representations. Cyclic combinational circuits have welldefined functional behavior yet wreak havoc with most logic synthesis and timing tools, which require combinational logic to be acyclic. As such, some sort of cycleremoval step is necessary to handle these circuits with existing tools. We present a twostage algorithm for transforming a combinational cyclic circuit into an equivalent acyclic circuit. The first part quickly and exactly characterizes all combinational behavior of a cyclic circuit. It starts by applying input patterns to each input and examining the boundary between gates whose outputs are and are not defined to find additional input patterns that make the circuit behave combinationally. It produces sets of assignments to inputs that together cover all combinational behavior. This can be used to report errors, as an optimization aid, or to restructure the circuit into an acyclic equivalent. The second stage of our algorithm does this restructuring by creating an acyclic circuit fragment from each of these assignments and assembles these fragments into an acyclic circuit that reproduces all the combinational behavior of the original cyclic circuit. Experiments show that our algorithm runs in seconds on reallife cyclic circuits, making it useful in practice.