## Scalable automated verification via expert-system guided transformations (2004)

### Cached

### Download Links

- [users.ece.utexas.edu]
- [www.ece.utexas.edu]
- [domino.research.ibm.com]
- [www.cadence.com]
- DBLP

### Other Repositories/Bibliography

Venue: | in FMCAD |

Citations: | 28 - 13 self |

### BibTeX

@INPROCEEDINGS{Mony04scalableautomated,

author = {Hari Mony and Jason Baumgartner and Viresh Paruthi and Robert Kanzelman and Andreas Kuehlmann},

title = {Scalable automated verification via expert-system guided transformations},

booktitle = {in FMCAD},

year = {2004},

pages = {159--173},

publisher = {Springer}

}

### Years of Citing Articles

### OpenURL

### Abstract

Abstract. Transformation-based verification has been proposed to synergistically leverage various transformations to successively simplify and decompose large problems to ones which may be formally discharged. While powerful, such systems require a fair amount of user sophistication and experimentation to yield greatest benefits – every verification problem is different, hence the most efficient transformation flow differs widely from problem to problem. Finding an efficient proof strategy not only enables exponential reductions in computational resources, it often makes the difference between obtaining a conclusive result or not. In this paper, we propose the use of an expert system to automate this proof strategy development process. We discuss the types of rules used by the expert system, and the type of feedback necessary between the algorithms and expert system, all oriented towards yielding a conclusive result with minimal resources. Experimental results are provided to demonstrate that such a system is able to automatically discover efficient proof strategies, even on large and complex problems with more than 100,000 state elements in their respective cones of influence. These results also demonstrate numerous types of algorithmic synergies that are critical to the automation of such complex proofs. 1

### Citations

1107 | Temporal and Modal Logic
- Emerson
- 1989
(Show Context)
Citation Context ...transformations either require only polynomial resources or are applied in a resource-constrained manner. They may ultimately reduce 1 Due to the ability to synthesize safety properties into automata =-=[11]-=-, this invariant-checking model is rarely a practical limitation.s162 Hari Mony et al. User Localization Engine Design Import Results p Netlist N ′ Results p ′′ 1 Netlist N Redundancy Removal Engine R... |

264 |
Computer-Aided Reasoning: An Approach
- Kaufmann, Monolios, et al.
- 2000
(Show Context)
Citation Context ...oblem under consideration. Mechanizing the application of proof strategies is not a new concept; it is an essential component of most general-purpose theorem provers, e.g., HOL [8], PVS [9], and ACL2 =-=[10]-=-. However, the presented TBV approach is well-tuned for the verification of safety properties of hardware designs, incorporating numerous specialized transformations that are applicable to large syste... |

157 |
Verification of synchronous sequential machines based on symbolic execution
- Coudert, Berthet, et al.
- 1990
(Show Context)
Citation Context ... there remains a large gap between the size of many industrial design components and the capacity of fully-automated formal tools. General exhaustive algorithms such as symbolic reachability analysis =-=[1]-=- solve a PSPACE-complete problem and are limited to design slices with significantly fewer than one thousand state elements. Overapproximate proof techniques such as induction [2] solve an NP-complete... |

155 |
Checking Safety Properties Using Induction and a SAT-Solver
- Sheeran, Singh, et al.
(Show Context)
Citation Context ...eachability analysis [1] solve a PSPACE-complete problem and are limited to design slices with significantly fewer than one thousand state elements. Overapproximate proof techniques such as induction =-=[2]-=- solve an NP-complete problem and may be applied to significantly larger designs, though are often prone to inconclusive results in such cases. Consequently, even a piece of an industrial processor ex... |

77 | Robust Boolean Reasoning for Equivalence Checking and Functional Property Verification
- Kuehlmann, Paruthi, et al.
- 2002
(Show Context)
Citation Context ...puts, two-input AND gates, inverters, and registers, using straightforward logic synthesis techniques. Because inverters may be represented implicitly as edge attributes in the netlist representation =-=[12]-=-, we assess the result of various transformation flows in terms of only register, primary input, and AND gate counts. 3 Transformation-Based Verification Transformation-based verification was proposed... |

67 | SAT–Based Verification without State Space Traversal
- Bjesse, Claessen
- 1954
(Show Context)
Citation Context ...ded Transformations 163 identify functionally redundant gates [12]. This engine is guaranteed not to increase any of the three size metrics. –EQV:another redundancy removal engine, similar to that of =-=[13]-=-. This engine uses a variety of heuristics (such as symbolic simulation) to guess redundancy candidates, then uses induction to prove and subsequently exploit that redundancy. Its reductions may far e... |

66 | D.: Automated Abstraction Refinement for Model Checking Large State Spaces Using SAT based Conflict Analysis
- Chauhan, Clarke, et al.
(Show Context)
Citation Context ... for the unlocalized design, but counterexamples may be spurious (hence may need to be suppressed). To help guide the cut-selection process, the engine uses a light-weight SAT-based refinement scheme =-=[17]-=- to include only that logic which is deemed necessary. LOC is guaranteed not to increase register count nor AND gate count. – RCH: an MLP-based symbolic reachability engine [18]. It is a general-purpo... |

58 | Mechanising Programming Logics in Higher Order Logic
- Gordon
- 1988
(Show Context)
Citation Context ...e system against the problem under consideration. Mechanizing the application of proof strategies is not a new concept; it is an essential component of most general-purpose theorem provers, e.g., HOL =-=[8]-=-, PVS [9], and ACL2 [10]. However, the presented TBV approach is well-tuned for the verification of safety properties of hardware designs, incorporating numerous specialized transformations that are a... |

57 |
Smart Simulation Using Collaborative Formal and Simulation Engines
- Ho, Harer, et al.
- 1993
(Show Context)
Citation Context ... unit (much less an entire chip) is likely to be too large for a reliable application of automatic proof techniques. Technologies such as bounded model checking (BMC) [3] and semi-formal verification =-=[4, 5]-=- address the simpler NP-complete problem of exhaustive bounded search, leveraging the bug-finding power of formal algorithms against much larger designs. Though incomplete, hence generally unable to p... |

56 |
Symbolic model checking without BDDs,” in Tools and Algorithms for the Construction and Analysis of Systems
- Biere, Cimatti, et al.
- 1999
(Show Context)
Citation Context ...an industrial processor execution unit (much less an entire chip) is likely to be too large for a reliable application of automatic proof techniques. Technologies such as bounded model checking (BMC) =-=[3]-=- and semi-formal verification [4, 5] address the simpler NP-complete problem of exhaustive bounded search, leveraging the bug-finding power of formal algorithms against much larger designs. Though inc... |

41 | Property checking via structural analysis. In: Brinksma E, Larsen KG (eds
- Baumgartner, Kuehlmann, et al.
- 2002
(Show Context)
Citation Context ...eed not to increase register count, but in calculation of retimed initial values via structural symbolic simulation, it may increase the other two metrics. –BIG:a structural target-enlargement engine =-=[15]-=-, which replaces a target by the characteristic function of the set of states which may hit that target within k timesteps, simplified with respect to the set of states which may hit that target in fe... |

35 | Transformation-based verification using generalized retiming
- Kuehlmann, Baumgartner
- 2001
(Show Context)
Citation Context ...er is often left debating how many resources to expend before giving up and hoping that the lack of falsification ability is as good as a proof. The concept of transformation-based verification (TBV) =-=[6]-=- has been proposed to synergistically apply various transformation algorithms to simplify and decompose large problems into sufficiently small problems that may be formally discharged. While the compl... |

33 | Border-block triangular form and conjunction schedule in image computation
- Moon, Hachtel, et al.
- 2000
(Show Context)
Citation Context ...ased refinement scheme [17] to include only that logic which is deemed necessary. LOC is guaranteed not to increase register count nor AND gate count. – RCH: an MLP-based symbolic reachability engine =-=[18]-=-. It is a general-purpose proof-capable engine, solving a PSPACE-complete problem. –SCH:a semi-formal search engine [4, 5], which interleaves random simulation (to identify deep, interesting states), ... |

27 |
Iterative abstraction using SAT-based BMC with proof analysis
- Gupta, Ganai, et al.
- 2003
(Show Context)
Citation Context ... was critical; without the simplification enabled by retiming, the localized cones became hopelessly large. ERAT and IOC com7 A similar observation on the utility of nested localizations was noted in =-=[21]-=-, applied in an approach which extracts an unsatisfiable core from a BMC SAT instance. Our application in a TBV domain yields greater flexibility in its ability to leverage various transformations bet... |

24 | Min-area retiming on flexible circuit structures
- Baumgartner, Kuehlmann
- 2001
(Show Context)
Citation Context ...ce often lossy short-cuts must be accepted which trade reduction potential for run-time gains. This engine is guaranteed not to increase any of the three size metrics. –RET:a min-area retiming engine =-=[6, 14]-=-, which attempts to reduce the number of registers in the netlist by shifting them across combinational gates. This approach is guaranteed not to increase register count, but in calculation of retimed... |

19 |
Hardware verification using PVS
- Srivas, Rueß, et al.
- 1997
(Show Context)
Citation Context ...against the problem under consideration. Mechanizing the application of proof strategies is not a new concept; it is an essential component of most general-purpose theorem provers, e.g., HOL [8], PVS =-=[9]-=-, and ACL2 [10]. However, the presented TBV approach is well-tuned for the verification of safety properties of hardware designs, incorporating numerous specialized transformations that are applicable... |

11 |
Themes and case studies of knowledge engineering
- Feigenbaum
- 1979
(Show Context)
Citation Context ...t to yield conclusive results on difficult problems, we propose to eliminate the need for user interaction by attaching an expert system to the Proof Strategy Interface. 5.1 Expert Systems Feigenbaum =-=[19]-=- defined an expert system as “an intelligent computer program that uses knowledge and inference procedures to solve problems that are difficult enough to require significant human expertise for their ... |

10 | Simplifying circuits for formal verification using parametric representation
- Moon, Kwak, et al.
- 2002
(Show Context)
Citation Context ...at target in fewer than k time-steps. BIG is guaranteed not to increase register count nor primary input count, but may increase AND gate count. – CUT: a range-preserving parametric-reencoding engine =-=[7, 16]-=-, which replaces the fanin-side of a cut of the netlist graph with a trace-equivalent, yet simpler, piece of logic. CUT is guaranteed not to increase primary input count nor register count, but may in... |

8 | An Abstraction Algorithm for the Verification of Level-Sensitive Latch-Based Netlists. FMSD’03
- Baumgartner, Heyman, et al.
(Show Context)
Citation Context ... main memory on an IBM RS/6000 Model 43P-S85 (850MHz), using the IBM internal verification tool SixthSense. In addition to the engines discussed in Section 3.1, we utilized a phase abstraction engine =-=[20]-=- on all IBM designs prior to importing them into the tool. We had intended to provide a large set of results showing the run-time difference of various proof strategies; however, the majority were eas... |

5 |
based Abstraction Refinement for Hardware Verification
- Wang, SAT
- 2003
(Show Context)
Citation Context ... for the unlocalized design, but counterexamples may be spurious (hence may need to be suppressed). To help guide the cut-selection process, the engine uses a light-weight SAT-based refinement scheme =-=[17]-=- to include only that logic which is deemed necessary. LOC is guaranteed not to increase register count nor AND gate count. – RCH: an MLP-based symbolic reachability engine [18]. It is a general-purpo... |

4 | Automatic Structural Abstraction Techniques for Enhanced Verification - Baumgartner - 2002 |

3 |
Enhancing simulation with BDDs and
- Ganai, Aziz, et al.
- 1999
(Show Context)
Citation Context ... unit (much less an entire chip) is likely to be too large for a reliable application of automatic proof techniques. Technologies such as bounded model checking (BMC) [3] and semi-formal verification =-=[4, 5]-=- address the simpler NP-complete problem of exhaustive bounded search, leveraging the bug-finding power of formal algorithms against much larger designs. Though incomplete, hence generally unable to p... |