## Sat-based assistance in abstraction refinement for symbolic trajectory evaluation (2006)

### Cached

### Download Links

- [www.cs.chalmers.se]
- [www.cs.chalmers.se]
- DBLP

### Other Repositories/Bibliography

Venue: | In Computer Aided Verification (CAV |

Citations: | 9 - 1 self |

### BibTeX

@INPROCEEDINGS{Roorda06sat-basedassistance,

author = {Jan-willem Roorda and Koen Claessen},

title = {Sat-based assistance in abstraction refinement for symbolic trajectory evaluation},

booktitle = {In Computer Aided Verification (CAV},

year = {2006},

pages = {175--189},

publisher = {Springer-Verlag}

}

### OpenURL

### Abstract

Abstract. We present a SAT-based algorithm for assisting users of Symbolic Trajectory Evaluation (STE) in manual abstraction refinement. As a case study, we demonstrate the usefulness of the algorithm by showing how to refine and verify an STE specification of a CAM. 1

### Citations

499 |
N.: An Extensible SAT-solver
- Eén, Sörensson
- 2011
(Show Context)
Citation Context ...[63]& data[31]&data[28]&data[39]&data[36]&data[43]&data[44]&data[40]&data[12]&data[41]& data[27]&data[49]&data[17]&data[57]&data[14]&data[25]&data[54]&data[22]&data[62]& data[30]&data[9]&data[35]&data=-=[3]-=-&data[4]&data[0]&data[11]&data[1]&data[8]&data[48] Fig. 2. Forte Output for Assertion 2 This assertion, however, cannot be handled by a BDD-based STE-model checker. The large number of symbolic variab... |

102 | Formal verification by symbolic evaluation of partially-ordered trajectories
- Seger, Bryant
- 1995
(Show Context)
Citation Context ...tion refinement. As a case study, we demonstrate the usefulness of the algorithm by showing how to refine and verify an STE specification of a CAM. 1 Introduction Symbolic Trajectory Evaluation (STE) =-=[12]-=- is a well-known simulation-based model checking technique. It combines three-valued simulation (using the standard values 0 and 1 together with the extra value X, “unknown”) with symbolic simulation ... |

62 | Finding bugs in an alpha microprocessor using satisfiability solvers
- BJESSE, LEONARD, et al.
(Show Context)
Citation Context ... 0000 tagin = 00000010 data = 0100000000000000000000000000000000000000000000000000000000000000 Inputs at time 0 aread = 1 tagin = 00000010 Initial Values tagmem[0] = 00000010 tagmem[1] = 1------tagmem=-=[2]-=- = 1------tagmem[3] = --1----tagmem[4] = ------0tagmem[5] = -------tagmem[6] = -1-----tagmem[7] = --1----tagmem[8] = -1-----tagmem[9] = 1------tagmem[10] = 1------tagmem[11] = -------tagmem[12] = ---1... |

23 |
Level Formal Verification of Next-Generation Microprocessors
- Schubert, “High
- 2003
(Show Context)
Citation Context ...n extremely successful in verifying properties of circuits containing large data paths (such as memories, fifos, floating point units) that are beyond the reach of traditional symbolic model checking =-=[1, 10, 7]-=-. In STE, specifications are assertions of the form���, where�is called the antecedent and�the consequent. Both�and�are formulas in a restrictive temporal logic, in which only statements about a finit... |

20 | Formal verification of content addressable memories using symbolic trajectory evaluation
- Pandey, Raimi, et al.
- 1997
(Show Context)
Citation Context ...ers from the input tag tagin at the position encoded by pi is: mismatch(i)= ((pi = 000) → (tagmem[i][0] is ¬tagin[0])) and ((pi = 001) → (tagmem[i][1] is ¬tagin[1])) . . . and ((pi = 111) → (tagmem[i]=-=[7]-=- is ¬tagin[7])) The formula expressing that each of the non-indexed tag-entries differs at at-least one place from tagin is: A ′ = ((index �= 0000) → mismatch(0)) and ((index �= 0001) → mismatch(1)) .... |

14 | A Methodology for Large-Scale Hardware Verification
- Aagaard, Melham, et al.
- 2000
(Show Context)
Citation Context ...n extremely successful in verifying properties of circuits containing large data paths (such as memories, fifos, floating point units) that are beyond the reach of traditional symbolic model checking =-=[1,11,7]-=-. In STE, specifications are assertions of the form A =⇒ C, whereA is called the antecedent and C the consequent. BothA and C are formulas in a restrictive temporal logic, in which only statements abo... |

10 |
Abstraction refinement in symbolic model checking using satisfiability as the only decision procedure
- Li, Somenzi
- 2003
(Show Context)
Citation Context ...ore detail. Related Work. There exists a large body of work in the field of automatic abstraction refinement for model-checking techniques for hardware other than STE, for an overview see for example =-=[5]-=-. Most of these abstractions are state-based, focusing on how to represent the state space of a circuit, which is not applicable to STE. In [6] an algorithm providing an easy interface to abstraction ... |

9 | Abstraction by Symbolic Indexing Transformations
- Melham, Jones
- 2002
(Show Context)
Citation Context ...hardware other than STE, for an overview see for example [5]. Most of these abstractions are state-based, focusing on how to represent the state space of a circuit, which is not applicable to STE. In =-=[6]-=- an algorithm providing an easy interface to abstraction in STE is described. The algorithm does, however, not help in finding a right abstraction. In another paper [13] presented at this conference, ... |

8 | A new SAT-based algorithm for symbolic trajectory evaluation
- Roorda, Claessen
- 2005
(Show Context)
Citation Context ...ng number of entries2 in Fig. 6: (a) finding a weakest satisfying strengthening of CAM assertion 2 using STAR, (b) proving the corrected assertion using a SAT-based STE model-checker (as described in =-=[9]-=-), and (c) proving the corrected assertion with BDDs using Forte. As the figure shows, when the right abstraction has been found, BDD-based STE is superior over SAT-based STE for proving properties. A... |

8 | Automatic refinement and vacuity detection for symbolic trajectory evaluation
- Tzoref, Grumberg
- 2006
(Show Context)
Citation Context ...mem[3] = ---0---tagmem[4] = ------0tagmem[5] = -------1 tagmem[6] = -------1 tagmem[7] = 0------tagmem[8] = ------0tagmem[9] = --0----tagmem[10] = ------0tagmem[11] = --0----tagmem[12] = -----0-tagmem=-=[13]-=- = ---0---tagmem[14] = 0------tagmem[15] = 11111110 datmem[15] = 0100000000000000000000000000000000000000000000000000000000000000 Fig. 5. A Weakest Satisfying Strengthening of Ass. (2) without extra a... |

8 | satGSTE: Combining the abstraction of GSTE with the capacity of a SAT solver
- Yang, Gil, et al.
- 2004
(Show Context)
Citation Context ...introducing more symbolic variables in the antecedent) until the property is proved, or until a real counter-model is found. Often, a great deal of time is spent on such manual abstraction refinement =-=[14,2]-=-. Contribution. We have invented the concept of a strengthening, which is a particular piece of useful information that can help STE-users with manual abstraction refinement; given an STE assertion an... |

5 |
Symbolic trajectory evaluation using a satisfiability solver
- Roorda
- 2005
(Show Context)
Citation Context ...&data[43]&data[44]&data[40]&data[12]&data[41]& data[27]&data[49]&data[17]&data[57]&data[14]&data[25]&data[54]&data[22]&data[62]& data[30]&data[9]&data[35]&data[3]&data[4]&data[0]&data[11]&data[1]&data=-=[8]-=-&data[48] Fig. 2. Forte Output for Assertion 2 This assertion, however, cannot be handled by a BDD-based STE-model checker. The large number of symbolic variables leads to an immediate BDD-blow up. Su... |

3 | Explaining symbolic trajectory evaluation by giving it a faithful semantics
- Roorda, Claessen
- 2006
(Show Context)
Citation Context ...ta[7]&data[47]&data[52]&data[20]& data[60]&data[33]&data[38]&data[6]&data[46]&data[51]&data[19]&data[59]&data[56]& data[24]&data[32]&data[29]&data[37]&data[5]&data[45]&data[13]&data[42]&data[53]& data=-=[10]-=-&data[50]&data[18]&data[58]&data[15]&data[26]&data[55]&data[23]&data[63]& data[31]&data[28]&data[39]&data[36]&data[43]&data[44]&data[40]&data[12]&data[41]& data[27]&data[49]&data[17]&data[57]&data[14]... |

2 |
level formal verification of next-generation microprocessors
- High
- 2003
(Show Context)
Citation Context ...n extremely successful in verifying properties of circuits containing large data paths (such as memories, fifos, floating point units) that are beyond the reach of traditional symbolic model checking =-=[1,11,7]-=-. In STE, specifications are assertions of the form A =⇒ C, whereA is called the antecedent and C the consequent. BothA and C are formulas in a restrictive temporal logic, in which only statements abo... |