## Automatic verification of sequential circuits using temporal logic (1986)

### Download From

IEEE### Download Links

- [cs.nyu.edu]
- [www.cs.nyu.edu]
- [cs.nyu.edu]
- DBLP

### Other Repositories/Bibliography

Venue: | IEEE Transactions on Computer C-35 |

Citations: | 75 - 11 self |

### BibTeX

@ARTICLE{Browne86automaticverification,

author = {Michael C. Browne and Edmund M. Clarke and David L. Dill and Bud Mishra},

title = {Automatic verification of sequential circuits using temporal logic},

journal = {IEEE Transactions on Computer C-35},

year = {1986},

pages = {1035--1044}

}

### Years of Citing Articles

### OpenURL

### Abstract

Abstract-Verifying the correctness of sequential circuits has been an important problem for a long time. But lack of any formal and efficient method of verification has prevented the creation of practical design aids for this purpose. Since- all the known techniques of simulation apd prototype testing are time consuming and not very reliable, there is an acute need for such tools. In this paper we describe an automatic verification system for sequential circuits in which specifications are expressed in a propositional temporal logic. In contrast to most other mechanical verification systems, our system does not require any user assistance and is quite;fast-experimental results show that state machines with several hundred states can be checked for correctness in a matter of seconds! The verification system uses a simple and efficient algorithm, called a model checker. The algorithm works in two steps: in the first step, it builds a labeled state-transition graph; and in the second step, it determines the truth of a temporal formula with. respect to the state-transition graph. We discuss two different techniques that we thave implemented for automatically generating the state-transition graphs: The first involves extracting the state graph directly feom the circuit by exhaustive simulation. The second obtains the state graph by compilation from an HDL specification of the original circuit. Index Terms-Asynchronous circuits, hardware verification, sequential circuit verification, temporal logic, temporal logic model checking. I.

### Citations

1329 | A calculus of communicating systems - Milner - 1980 |

1179 | Automatic Verification of Finite-State Concurrent Systems using Temporal Logic Specifications
- Clarke, Emerson, et al.
- 1986
(Show Context)
Citation Context ...D EMC The logic that we use to specify circuits is a propositional temporal logic of branching time, called CTL (computation tree logic).' This logic is essentially the same as that described in [1], =-=[6]-=-, and [9]. The syntax for CTL is as follows: Let (P be the set of all the atomic propositions in the language i, then: 1) Every atomic proposition P in (P is a formula in CTL. 2) Iff1 andf2 are CTL fo... |

410 |
Introduction to VLSI systems
- Mead, Conway
- 1980
(Show Context)
Citation Context ... procedure that we have implemented for extracting a CTL model directly from a circuit and Section IV illustrates its use in verifying an asynchronous circuit from' Seitz's chapter in Mead and Conway =-=[12]-=-. In Section V we outline the alternative approach of extracting a CTL model from a program in a high-level state machine description language with a Pascal-like syntax and illustrate its use with exa... |

164 |
The temporal logic of branching time
- Ben-Ari, Pnueli, et al.
- 1983
(Show Context)
Citation Context ...TL AND EMC The logic that we use to specify circuits is a propositional temporal logic of branching time, called CTL (computation tree logic).' This logic is essentially the same as that described in =-=[1]-=-, [6], and [9]. The syntax for CTL is as follows: Let (P be the set of all the atomic propositions in the language i, then: 1) Every atomic proposition P in (P is a formula in CTL. 2) Iff1 andf2 are C... |

91 |
The Esterel synchronous programming language and its mathematical semantics
- Berry, Cosserat
- 1985
(Show Context)
Citation Context ...ferent from most programming languages, since we are not only interested in what a statement does, but how much time it takes to do it. In this respect, SML was influenced by the semantics of ESTEREL =-=[2]-=-. The complete semantics for SML will not be given here, but they will appear in a forthcoming paper [4]. A program state is an ordered pair (S, s) consisting of a statement S and a function s that gi... |

57 |
A switch-level model and simulator for MOS digital systems
- Bryant
- 1984
(Show Context)
Citation Context ...on algorithm is the same as the one used in MOSSIM II, a widely used switch-level simulator. The algorithm and MOSSIM II are thoroughly explained elsewhere, so we summarize it only briefly here. (See =-=[5]-=-.) The algorithm uses three "logical" values: 0, 1, and X (meaning "unknown").1 Basically, the simulation performs a set of steps, each step simulating one unit delay. There are logical values assigne... |

45 |
Automatic verification of asynchronous circuits using temporal logic
- Dill, Clarke
- 1986
(Show Context)
Citation Context ...it design assumes arbitrary delays in wires and/or gates. We have a technique for verifying circuits under an arbitrary gate delay model, which we have successfully applied to an asynchronous arbiter =-=[8]-=-. There are a variety of timing assumptions that are less conservative than arbitrary delay models, but more realistic than the unit-delay assumption. Obviously, the 3/2 model used in the design of th... |

38 | A hardware semantics based on temporal intervals - Halpern, Manna, et al. - 1983 |

19 |
E.M.Ciarke, Characterizing properties of parallel programs as fixpoints
- Emerson
(Show Context)
Citation Context ... logic that we use to specify circuits is a propositional temporal logic of branching time, called CTL (computation tree logic).' This logic is essentially the same as that described in [1], [6], and =-=[9]-=-. The syntax for CTL is as follows: Let (P be the set of all the atomic propositions in the language i, then: 1) Every atomic proposition P in (P is a formula in CTL. 2) Iff1 andf2 are CTL formulae, t... |

15 |
Hardware Specification with Temporal Logic: An Example
- Bochmann
- 1982
(Show Context)
Citation Context ...ew York, NY 10012. IEEE Log Number 8610931. formalism for describing and reasoning about combinational circuits. We believe that temporal logic may be equally useful for sequential circuits. Bochmann =-=[3]-=- was probably the first to use temporal logic to describe circuits. He verified an implementation of a self-timed arbiter using linear temporal logic and what he called "reachability analysis." Malach... |

5 |
System Timingâ€ť, Introduction to VLSI
- Seitz
- 1980
(Show Context)
Citation Context ... program appears in Fig. 1. IV. EXAMPLE: A SELF-TIMED QUEUE ELEMENT We apply this technique to a self-timed queue element. The circuit originally appeared in an article by Seitz on self-timed systems =-=[14]-=-. This circuit has practical importance because it can be used to connect pipelined computational units with variable processing time, maximizing the utilization of the connected units. The use of asy... |

4 |
S.S.: Temporal specifications of self-timed systems
- Malachi, Owicki
- 1981
(Show Context)
Citation Context ... the first to use temporal logic to describe circuits. He verified an implementation of a self-timed arbiter using linear temporal logic and what he called "reachability analysis." Malachi and Owicki =-=[11]-=- identified additional temporal operators required to express interesting properties of circuits and also gave specifications of a large class of modules used in self-timed systems. Although these res... |

1 |
unpublished manuscript
- Browne, Clarke
- 1984
(Show Context)
Citation Context ...ow much time it takes to do it. In this respect, SML was influenced by the semantics of ESTEREL [2]. The complete semantics for SML will not be given here, but they will appear in a forthcoming paper =-=[4]-=-. A program state is an ordered pair (S, s) consisting of a statement S and a function s that gives values to all of the identifiers. The semantics consist of a set of rewrite rules that describe how ... |

1 |
Automatic verificatipn of asynchronous circuits
- Clarke, Mishra
- 1983
(Show Context)
Citation Context ...some of their internal nodes (more precisely, making it illegal to use them in CTL formulae) and merging groups of states that become indistinguishable into single states (this is called restriction) =-=[7]-=-. We verified the self-timed queue element in the specific case in which there was only one inner cell. In fact, there is a family of queues, each member having a different number of repeated inner ce... |