## Efficient Automatic STE Refinement Using Responsibility

### Cached

### Download Links

- [www.cs.technion.ac.il]
- [www.cs.technion.ac.il]
- DBLP

### Other Repositories/Bibliography

Citations: | 1 - 1 self |

### BibTeX

@MISC{Chockler_efficientautomatic,

author = {Hana Chockler and Orna Grumberg and Avi Yadgar},

title = {Efficient Automatic STE Refinement Using Responsibility},

year = {}

}

### OpenURL

### Abstract

Abstract. Symbolic Trajectory Evaluation (STE) is a powerful technique for hardware model checking. It is based on 3-valued symbolic simulation, using 0,1, and X (“unknown”). X is used to abstract away values of circuit nodes, thus reducing memory and runtime of STE runs. The abstraction is derived from a given user specification. An STE run results in “pass ” (1), if the circuit satisfies the specification, “fail ” (0) if the circuit falsifies it, and “unknown ” (X), if the abstraction is too coarse to determine either of the two. In the latter case, refinement is needed: The X values of some of the abstracted inputs should be replaced. The main difficulty is to choose an appropriate subset of these inputs that will help to eliminate the “unknown” STE result, while avoiding an unnecessary increase in memory and runtime. The common approach to this problem is to manually choose these inputs. This work suggests a novel approach to automatic refinement for STE, which is based on the notion of responsibility. For each input with X value we compute its Degree of Responsibility (DoR) to the “unknown ” STE result. We then refine those inputs whose DoR is maximal. We implemented an efficient algorithm, which is linear in the size of the circuit, for computing the approximate DoR of inputs. We used it for refinements for STE on several circuits and specifications. Our experimental results show that DoR is a very useful device for choosing inputs for refinement. In comparison with previous works on automatic refinement, our computation of the refinement set is faster, STE needs fewer refinement iterations and uses less overall memory and time. 1

### Citations

597 | Counterexample-Guided Abstraction Refinement
- Clarke, Grumberg, et al.
(Show Context)
Citation Context ...automatic (manual) refinement is applied, our DoRs can serve as recommended priorities on the candidate inputs for refinement. Related Work Abstraction-Refinement takes a major role in model checking =-=[6, 10]-=- for reducing the state explosion problem. In [5], it is shown that the abstraction in STE is an abstract interpretation via a Galois connection. In [17], an automatic abstractionrefinement for symbol... |

448 |
A Treatise of Human Nature
- Hume
(Show Context)
Citation Context ...TE result. We then refine those inputs whose DoR is maximal. To understand the notion of responsibility, consider first the following concepts. We say that event B counterfactually depends on event A =-=[9]-=- if A and B both hold, and had A not happened then B would not have happened. Halpern and Pearl broadened the notion of causality saying that A is a cause of B if there exists some change of the curre... |

414 |
Computer-Aided Verification of Coordinating Processes
- Kurshan
- 1994
(Show Context)
Citation Context ...automatic (manual) refinement is applied, our DoRs can serve as recommended priorities on the candidate inputs for refinement. Related Work Abstraction-Refinement takes a major role in model checking =-=[6, 10]-=- for reducing the state explosion problem. In [5], it is shown that the abstraction in STE is an abstract interpretation via a Galois connection. In [17], an automatic abstractionrefinement for symbol... |

121 | Causes and Explanations: A Structural-Model Approach. Part I: Causes
- Halpern, Pearl
- 2001
(Show Context)
Citation Context ...ened. Halpern and Pearl broadened the notion of causality saying that A is a cause of B if there exists some change of the current situation that creates the counterfactual dependence between A and B =-=[8]-=-. As an example, consider the circuit in Figure 1(a). The event “n = 1” counterfactually depends on the event “n1 = 1”. Next consider the circuit in Figure 1(b). “n1 = 0” is a cause of “n = 0”. This i... |

99 | Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories
- Seger, Bryant
- 1995
(Show Context)
Citation Context ...automatic refinement, our computation of the refinement set is faster, STE needs fewer refinement iterations and uses less overall memory and time. 1 Introduction Symbolic Trajectory Evaluation (STE) =-=[13]-=- is a powerful technique for hardware model checking. STE is based on combining 3-valued abstraction with symbolic simulation. It is applied to a circuit M, described as a graph over nodes (gates and ... |

32 | An industrially effective environment for formal hardware verification
- Seger, Jones, et al.
- 2005
(Show Context)
Citation Context ... complexity is therefore only quadratic in the size of the circuit. In order to evaluate our algorithm RespST E, we implemented it and used it in conjunction with Forte, a BDD based STE tool by Intel =-=[14]-=-. We applied it to several circuits and specifications. We compared our results with the automatic refinement for STE, suggested in [15]. In all cases, the comparison shows a significant speedup. A si... |

29 | Responsibility and blame: a structural-model approach
- Chockler, Halpern
- 2004
(Show Context)
Citation Context ...ounterfactually depends on “n1 = 0”. Similarly, “n2 = 0 is a cause of “n = 0”. n1=1 n2=1 n=1 n1=0 n2=0 (a) (b) Fig. 1. Cause The notion of responsibility and of weighted responsibility, introduced in =-=[4]-=-, quantifies the change that is needed in order to create the counterfactual dependence. The DoR of A for B is taken to be 1/(k + 1), where k is the size of the minimal change that creates the counter... |

21 | The Mathematical Foundation of Symbolic Trajectory Evaluation - Chou - 1999 |

20 | Formal verification of content addressable memories using symbolic trajectory evaluation
- Pandey, Raimi, et al.
- 1997
(Show Context)
Citation Context ...gives the “hit” output signal the value 1, and outputs the corresponding data entry to “dout”. Otherwise, “hit” is given the value 0. The verificationof the aread operation using STE is described in =-=[11]-=-. The CAM that we used is shown in Figure 8. It contains 16 entries. Each entry has a data size of 64 bits and a tag size of 8 bits. It contains 1152 latches, 83 inputs and 5064 combinational gates. W... |

15 |
Comprehensive Functional Verification: The Complete Industry Cycle (Systems on Silicon
- Wile, Goss, et al.
- 2005
(Show Context)
Citation Context ...sed it in conjunction with Forte, a BDD based STE tool by Intel [14]. For our experiments we used the Content Addressable Memory (CAM) module from Intel’s GSTE tutorial, and IBM’s Calculator 2 design =-=[16]-=-. These models and their specifications are interesting and challenging for model checking. All experiments use dedicated computers with 3.2Ghz Intel Pentium CPU, and 3GB RAM, running Linux operating ... |

9 | SAT-based Assistance in Abstraction Refinement for Symbolic Trajectory Evaluation
- Roorda, Claessen
- 2006
(Show Context)
Citation Context ...ally different from ours, as it is aimed at solving GSTE problems, where an assertion graph describes the specification, and is used in the refinement process. SAT based refinements were suggested in =-=[12]-=- and [7]. The method presented in [12] is used for assisting manual refinement. The method presented in [7] takes an automatic CEGAR approach which is applicable only in the suggested SAT based framew... |

5 | O.: What causes a system to satisfy a specification
- Chockler, Halpern, et al.
- 2008
(Show Context)
Citation Context ...in a finer-grain quantification for changes, in the context of STE. Computing responsibility in circuits is known to be intractable in general [4]. Inspired by the algorithm for read-once formulas in =-=[3]-=-, we developed the algorithm RespST E for efficiently computing an approximate DoR. Computing the responsibility of the inputs for some output of a circuit involves one traversal of the circuit for ea... |

5 | Symbolic Simulation Using Automatic Abstraction of Internal Node Values
- Wilson
- 2001
(Show Context)
Citation Context ...nement takes a major role in model checking [6, 10] for reducing the state explosion problem. In [5], it is shown that the abstraction in STE is an abstract interpretation via a Galois connection. In =-=[17]-=-, an automatic abstractionrefinement for symbolic simulation is suggested. However, the first automatic refinement for STE has been suggested in [15]. In this refinement scheme, the values of the circ... |

4 | Automatic abstraction refinement for generalized symbolic trajectory evaluation
- Chen, He, et al.
- 2007
(Show Context)
Citation Context ...tion by adding symbolic variables to A. While this work is the closest to ours, it is essentially different from using the responsibility concept. We compare our results to this work in Section 5. In =-=[2]-=-, an automatic refinement for GSTE is suggested. This method, like [15], traverses the circuit nodes after running STE, and performs a model and an assertion refinement. This method is also essentiall... |

4 |
Tzoref and Orna Grumberg. Automatic refinement and vacuity detection for Symbolic Trajectory Evaluation
- Rachel
- 2006
(Show Context)
Citation Context ...sed it in conjunction with Forte, a BDD based STE tool by Intel [14]. We applied it to several circuits and specifications. We compared our results with the automatic refinement for STE, suggested in =-=[15]-=-. In all cases, the comparison shows a significant speedup. A significant reduction in BDD nodes is also gained in most of the assertions. In some of the cases, our algorithm needed fewer refinement i... |

2 |
Avi Yadgar. 3-Valued Circuit SAT for STE with Automatic Refinement
- Grumberg, Schuster
- 2007
(Show Context)
Citation Context ...erent from ours, as it is aimed at solving GSTE problems, where an assertion graph describes the specification, and is used in the refinement process. SAT based refinements were suggested in [12] and =-=[7]-=-. The method presented in [12] is used for assisting manual refinement. The method presented in [7] takes an automatic CEGAR approach which is applicable only in the suggested SAT based framework. In ... |