Results 1  10
of
15
Property Checking via Structural Analysis
 in ComputerAided Verification
, 2002
"... Abstract. This paper describes a structurallyguided framework for the decomposition of a verification task into subtasks, each solved by a specialized algorithm for overall efficiency. Our contributions include the following: (1) a structural algorithm for computing a bound of a statetransition di ..."
Abstract

Cited by 45 (8 self)
 Add to MetaCart
(Show Context)
Abstract. This paper describes a structurallyguided framework for the decomposition of a verification task into subtasks, each solved by a specialized algorithm for overall efficiency. Our contributions include the following: (1) a structural algorithm for computing a bound of a statetransition diagram’s diameter which, for several classes of netlists, is sufficiently small to guarantee completeness of a bounded property check; (2) a robust backward unfolding technique for structural target enlargement: from the target states, we perform a series of composebased preimage computations, truncating the search if resource limitations are exceeded; (3) similar to frontier simplification in symbolic reachability analysis, we use induction via don’t cares for enhancing the presented target enlargement. In many practical cases, the verification problem can be discharged by the enlargement process; otherwise, it is passed in simplified form to an arbitrary subsequent solution approach. The presented techniques are embedded in a flexible verification framework, allowing arbitrary combinations with other techniques. Extensive experimental results demonstrate the effectiveness of the described methods at solving and simplifying practical verification problems. 1
New Techniques for Efficient Verification with Implicitly Conjoined BDDs
, 1994
"... In previous work, Hu and Dill identified a common cause of BDDsize blowup in highlevel design verification and proposed the method of implicitly conjoined invariants to address the problem. That work, however, had some limitations: the user had to supply the property being verified as an implicit ..."
Abstract

Cited by 35 (9 self)
 Add to MetaCart
(Show Context)
In previous work, Hu and Dill identified a common cause of BDDsize blowup in highlevel design verification and proposed the method of implicitly conjoined invariants to address the problem. That work, however, had some limitations: the user had to supply the property being verified as an implicit conjunction of BDDs, the heuristic used to decide which conjunctions to evaluate was rather simple, and the termination test, though fast and effective on a set of examples, was not proven to be always correct. In this work, we address those problems by proposing a new, more sophisticated heuristic to simplify and evaluate lists of implicitly conjoined BDDs and an exact termination test. We demonstrate on examples that these more complex heuristics are reasonably efficient as well as allowing verification of examples that were previously intractable.
HigherLevel Specification and Verification with BDDs
 IN COMPUTERAIDED VERIFICATION: FOURTH INTERNATIONAL WORKSHOP
, 1992
"... Currently, many are investigating promising verification methods based on Boolean decision diagrams (BDDs). Using BDDs, however, requires modeling the system under verification in terms of Boolean formulas. This modeling ..."
Abstract

Cited by 22 (4 self)
 Add to MetaCart
Currently, many are investigating promising verification methods based on Boolean decision diagrams (BDDs). Using BDDs, however, requires modeling the system under verification in terms of Boolean formulas. This modeling
Efficient Verification with BDDs using Implicitly Conjoined Invariants
 In Computer Aided Verification
, 1993
"... Many researchers have reported that using Boolean decision diagrams (BDDs) greatly increases the size of hardware designs that can be formally verified automatically. Our own experience with automatic verification of highlevel aspects of hardware design, such as protocols for cache coherence and ..."
Abstract

Cited by 19 (4 self)
 Add to MetaCart
(Show Context)
Many researchers have reported that using Boolean decision diagrams (BDDs) greatly increases the size of hardware designs that can be formally verified automatically. Our own experience with automatic verification of highlevel aspects of hardware design, such as protocols for cache coherence and communications, contradicts previous results; in fact, BDDs have been substantially inferior to bruteforce algorithms that store states explicitly in a table.
Techniques For Efficient Formal Verification Using Binary Decision Diagrams
, 1995
"... The appeal of automatic formal verification is that it's automatic  minimal human labor and expertise should be needed to get useful results and counterexamples. BDD(binary decision diagram)based approaches have promised to allow automatic verification of complex, real systems. For large cl ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
The appeal of automatic formal verification is that it's automatic  minimal human labor and expertise should be needed to get useful results and counterexamples. BDD(binary decision diagram)based approaches have promised to allow automatic verification of complex, real systems. For large classes of problems, however, (including many distributed protocols, multiprocessor systems, and network architectures) this promise has yet to be fulfilled. Indeed, the few successes have required extensive time and effort from sophisticated researchers in the field. Clearly, techniques are needed that are more sophisticated than the obvious direct implementation of theoretical results. This thesis addresses that need, emphasizing an application domain that has been particularly difficult for BDDbased methods  highlevel models of systems or distributed protocols  rather than gatelevel descriptions of circuits. Additionally, the emphasis is on providing useful debugging information for the...
Verification by approximate forward and backward reachability
 Proceedings of International Conference on ComputerAided Design
, 1998
"... Approximate reachability techniques trade off accuracy for the capacity to deal with bigger designs. In this paper, we extend the idea of approximations using overlapping projections to symbolic backward reachability. This is combined with a previous method of computing overapproximate forward reach ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
(Show Context)
Approximate reachability techniques trade off accuracy for the capacity to deal with bigger designs. In this paper, we extend the idea of approximations using overlapping projections to symbolic backward reachability. This is combined with a previous method of computing overapproximate forward reachable state sets using overlapping projections. The algorithm computes a superset of the set of states that lie on a path from the initial state to a state that violates a specified invariant property. If this set is empty, there isnopossibility of violating the invariant. If this set is nonempty, it may be possible to prove the existence of such a path by searching for a counterexample. A simple heuristic is given, which seems to work well in practice, for generating a counterexample path from this approximation. We evaluate these new algorithms by applying them to several control modules from the I/O unit in the Stanford FLASH Multiprocessor.
Computation of Minimal Counterexamples by Using Black Box Techniques and Symbolic Methods
"... Abstract — Computing counterexamples is a crucial task for error diagnosis and debugging of sequential systems. If an implementation does not fulfill its specification, counterexamples are used to explain the error effect to the designer. In order to be understood by the designer, counterexamples sh ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
(Show Context)
Abstract — Computing counterexamples is a crucial task for error diagnosis and debugging of sequential systems. If an implementation does not fulfill its specification, counterexamples are used to explain the error effect to the designer. In order to be understood by the designer, counterexamples should be simple, i.e. they should be as general as possible and assign values to a minimal number of input signals. Here we use the concept of Black Boxes — parts of the design with unknown behavior — to mask out components for counterexample computation. By doing so, the resulting counterexample will argue about a reduced number of components in the system to facilitate the task of understanding and correcting the error. We introduce the notion of ‘uniform counterexamples’ to provide an exact formalization of simplified counterexamples arguing only about components which were not masked out. Our computation of counterexamples is based on symbolic methods using AIGs (AndInverterGraphs). Experimental results using a VLIW processor as a case study clearly demonstrate our capability of providing simplified counterexamples. I.
Approximate Symbolic Model Checking using Overlapping Projections
, 1999
"... Symbolic Model Checking extends the scope of verification algorithms that can be handled automatically, by using symbolic representations rather than explicitly searching the entire state space of the model. However even the most sophisticated symbolic methods cannot be directly applied to many of t ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Symbolic Model Checking extends the scope of verification algorithms that can be handled automatically, by using symbolic representations rather than explicitly searching the entire state space of the model. However even the most sophisticated symbolic methods cannot be directly applied to many of today's large designs because of the state explosion problem. Approximate symbolic model checking is an attempt to trade off accuracy with the capacity to deal with bigger designs. This paper explores the idea of using overlapping projections as the underlying approximation scheme. The idea is evaluated by applying it to several modules from the I/O unit in the Stanford FLASH Multiprocessor, and some larger circuits in ISCAS89 benchmark suite. 1 Introduction The ability to enumerate the set of states reachable from a certain state, and the ability to enumerate the set of states that can reach a certain state are essential to many model checking algorithms. Binary Decision Diagrams (BDDs) [2...
Techniques in Symbolic Model Checking
 IIT BOMBAY
, 2003
"... ï»¿Model checking is a highly automatic verification technique for finite state concurrent systems. In this approach for verification, temporal specifications are exhaustively verified over the statespace of the concurrent system. The number of states grows exponentially with the concurrency of th ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
ï»¿Model checking is a highly automatic verification technique for finite state concurrent systems. In this approach for verification, temporal specifications are exhaustively verified over the statespace of the concurrent system. The number of states grows exponentially with the concurrency of the system and that makes explicit statespace enumeration based techniques inefficient.This phenomenon is called state space explosion. One of the possible ways to overcome this limitation is to avoid explicit enumeration of the state space. These approaches, commonly known as Symbolic Model Checking, uses Boolean formulas to represent set of states and transition relations. Traditionally, symbolic model checking has become identified with Binary Decision Diagrams (BDD), a canonical form of representing Boolean formulas. But recently, some other representations like Conjunctive Normal Form (CNF) using satisfiability solving (SAT) and polynomial algebra have been demonstrated to be quite powerful in practice.
In this thesis, we propose an approach to symbolic model checking where model checking is performed by decomposing a finite state system into components. We first review the decomposition process by Chakraborty and Soni, and enhance it by guiding the process of decomposition. We observed that computing the components of the system is an expensive operation. Therefore our approach computes a new component only if the information in existing component is not sufficient to prove (falsify) the safety property. We call this approach Lazy decomposition.
The ideas are evaluated on publicly available benchmarks from ISCAS89 benchmark using BDD and SAT based implementations. We report the experimental results and compare it with earlier schemes.