## New Techniques for Efficient Verification with Implicitly Conjoined BDDs (1994)

### Cached

### Download Links

- [sprout.stanford.edu]
- [sprout.stanford.edu]
- DBLP

### Other Repositories/Bibliography

Citations: | 26 - 9 self |

### BibTeX

@MISC{Hu94newtechniques,

author = {Alan J. Hu and Gary York and David L. Dill},

title = {New Techniques for Efficient Verification with Implicitly Conjoined BDDs},

year = {1994}

}

### OpenURL

### Abstract

In previous work, Hu and Dill identified a common cause of BDD-size blowup in high-level design verification and proposed the method of implicitly conjoined invariants to address the problem. That work, however, had some limitations: the user had to supply the property being verified as an implicit conjunction of BDDs, the heuristic used to decide which conjunctions to evaluate was rather simple, and the termination test, though fast and effective on a set of examples, was not proven to be always correct. In this work, we address those problems by proposing a new, more sophisticated heuristic to simplify and evaluate lists of implicitly conjoined BDDs and an exact termination test. We demonstrate on examples that these more complex heuristics are reasonably efficient as well as allowing verification of examples that were previously intractable.

### Citations

2925 | Graph-based algorithms for boolean function manipulation
- Bryant
- 1986
(Show Context)
Citation Context ...ODUCTION Formal design verification is attracting increasing interest as a tool to deal with the ever increasing cost and complexity of hardware designs and protocols. Binary decision diagrams (BDDs) =-=[3]-=- have enabled much of the recent progress in this area, starting from the early work applying BDDs to verification [1, 6, 5, 11, 24] and continuing through the current work of many researchers. Curren... |

447 | Efficient implementation of a BDD package - Brace, Rudell, et al. - 1990 |

323 | Symbolic model checking: 10 states and beyond - Burch, Clarke, et al. - 1990 |

234 | Protocol Verification as a Hardware Design Aid
- Dill, Drexler, et al.
- 1992
(Show Context)
Citation Context ...p. Indeed, in our own research on large, real examples (e.g., industrial directory-based cache-coherence and link-level protocols), a bruteforce approach that stores states explicitly in a hash table =-=[13]-=- has generally out-performed BDD-based approaches. Clearly, new techniques are needed to realize the potential advantages of BDDs at this high level of verification. Implicitly conjoined invariants [1... |

177 | Sequential circuit verification using symbolic model checking - Burch, Clarke, et al. - 1990 |

157 | Verification of Synchronous Sequential machines based on symbolic execution - Coudert, Berthet, et al. - 1989 |

152 | Symbolic model checking with partitioned transition relations
- Burch, Clarke, et al.
- 1991
(Show Context)
Citation Context ...an be done directly using BDD operations [6, 5, 24]. If the BDD for is too large to build (a common problem), a number of techniques are available to compute these images without building the BDD for =-=[4, 18]-=-. Also, note that BackImage(;Z)=:PreImage(;:Z), so ifZis represented by a small BDD, computing either of these two images is equally fast for an efficient BDD implementation (where negation is constan... |

123 | A unified framework for the formal verification of sequential circuits - Coudert, Madre - 1990 |

103 | Verification of sequential machines using boolean functional vectors - Coudert, Berthet, et al. - 1989 |

94 | Verification of the Futurebus+ cache coherence protocol - CLARKE, GRUMBERG, et al. - 1993 |

36 | Reducing BDD size by exploiting functional dependencies - Hu, Dill - 1993 |

27 |
Automatic Verification of Synchronous Circuits Using Symbolic Logic Simulation
- Bose, Fisher
- 1989
(Show Context)
Citation Context ...and complexity of hardware designs and protocols. Binary decision diagrams (BDDs) [3] have enabled much of the recent progress in this area, starting from the early work applying BDDs to verification =-=[1, 6, 5, 11, 24]-=- and continuing through the current work of many researchers. Current research on automatic formal hardware verification has focussed mainly on gate and transistor-level design. We believe that automa... |

22 | Higher-level specification and verification with BDDs - Hu, Dill, et al. - 1993 |

19 | Efficient Verification with BDDs using Implicitly Conjoined Invariants,” Computer Aided Verification
- Hu, Dill
- 1993
(Show Context)
Citation Context ...3] has generally out-performed BDD-based approaches. Clearly, new techniques are needed to realize the potential advantages of BDDs at this high level of verification. Implicitly conjoined invariants =-=[17]-=- is a recently-introduced technique, designed specifically to address some commonly-occurring causes of BDD-size blowup in high-level verification. The basic idea is that in high-level verification, w... |

15 |
Functional Extension of Symbolic Model Checking,” Computer-Aided Verification
- Filkorn
- 1991
(Show Context)
Citation Context ...itransitions from a start state to a violating state. Otherwise, the sequencewill converge, meaning the verification succeeds. Details for this approach are also available from several sources (e.g., =-=[6, 23, 14]-=-). 2 BackImage(;Gi[1]^^Gi[n])= C. Implicitly Conjoined Invariants The method of implicitly conjoined invariants [17] is built on the backward traversal. As mentioned already, this method is predicated... |

14 |
A Unified Framework for the Formal Verification
- Coudert, Madre
- 1990
(Show Context)
Citation Context ... implicit conjunction with smaller overall sizeY=Y1^^Ym, such thatX=Y. ins:c(s)= We are using the BDD simplification operator proposed by Coudert, Berthet, and Madre [11], generally known as Restrict =-=[10]-=- or Reduce [20]. While this operator doesn’t always reduce the size of the BDD it is applied to, it seems generally effective, so we first simplify each BDDXiby every other BDDXjthat’s smaller than it... |

12 |
Efficient Implementation of a
- Brace, Rudell, et al.
(Show Context)
Citation Context ...note that BackImage(;Z)=:PreImage(;:Z), so ifZis represented by a small BDD, computing either of these two images is equally fast for an efficient BDD implementation (where negation is constant-time) =-=[2]-=-. What happens if the BDD forZis also too large to build (also a common problem for high-level design verification)? The following theorem enables computing the BackImage of an implicit conjunction of... |

2 |
Eric Schwarz, and Fabio Somenzi,“ATPG
- Cho, Hachtel, et al.
- 1990
(Show Context)
Citation Context ... counterexample trace. Otherwise, the sequence will eventually converge to the set of reachable states, meaning that the verification succeeds. Details of this approach are available elsewhere (e.g., =-=[11, 5, 8, 24, 4]-=-). The other standard algorithm we call “backward traversal.” The intuition here is that we iteratively compute the setGiof states such that all paths of lengthior less starting inGimust remain within... |

2 |
Reducing BDD Size by Exploiting
- Hu, Dill
- 1993
(Show Context)
Citation Context ...” indicates the verification method used: “Fwd” is conventional forward traversal, “Bkwd” is conventionalbackward traversal, “FD” is forward traversal exploiting user-specified functional dependencies=-=[16]-=-, “ICI” is backward traversal using the original implicitly conjoined invariants method [17], and “XICI” is the implicitly conjoined invariants method extended with the techniques in this paper. Time ... |

2 | Automatic Compositional Minimization - Chiodo, Shiple, et al. - 1992 |

2 | Eric Schwarz, and Fabio Somenzi, "ATPG Aspects of FSMVerification - Cho, Hachtel, et al. - 1990 |