## Efficient Verification with BDDs using Implicitly Conjoined Invariants (1993)

Venue: | In Computer Aided Verification |

Citations: | 19 - 4 self |

### BibTeX

@INPROCEEDINGS{Hu93efficientverification,

author = {Alan J. Hu and David L. Dill},

title = {Efficient Verification with BDDs using Implicitly Conjoined Invariants},

booktitle = {In Computer Aided Verification},

year = {1993},

pages = {3--14},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

Many researchers have reported that using Boolean decision diagrams (BDDs) greatly increases the size of hardware designs that can be formally verified automatically. Our own experience with automatic verification of high-level aspects of hardware design, such as protocols for cache coherence and communications, contradicts previous results; in fact, BDDs have been substantially inferior to brute-force algorithms that store states explicitly in a table.

### Citations

2925 | Graph-based algorithms for boolean function manipulation
- Bryant
- 1986
(Show Context)
Citation Context ...its application. 1 Introduction With the increasing cost and complexity of hardware designs and protocols, formal verification techniques become ever more attractive. Boolean decision diagrams (BDDs) =-=[3]-=- have enabled much progress in this area, from the early work applying BDDs to verification [1, 6, 5, 8, 19] through the current work of numerous researchers. Most of the current research on automatic... |

447 | Efficient implementation of a BDD package - Brace, Rudell, et al. - 1990 |

323 |
Symbolic model checking: 10 states and beyond
- Burch, Clarke, et al.
- 1990
(Show Context)
Citation Context ... protocols, formal verification techniques become ever more attractive. Boolean decision diagrams (BDDs) [3] have enabled much progress in this area, from the early work applying BDDs to verification =-=[1, 6, 5, 8, 19]-=- through the current work of numerous researchers. Most of the current research on automatic formal hardware verification has focused on gate and transistor-level design. We believe that automatic for... |

234 | Protocol Verification as a Hardware Design Aid
- Dill, Drexler, et al.
- 1992
(Show Context)
Citation Context ...rifying large, real examples (e.g. industrial multiprocessor cache coherence and link-level protocols) in addition to the usual academic examples (dining philosophers, alternating bit protocol, etc.) =-=[10]-=-. Mur' encompasses both a C++-based verifier and a high-level BDD-based verifier, called Ever, which supports integer and enumeration types, arrays, and records, a wide range of arithmetic, logical, a... |

177 |
Sequential circuit verification using symbolic model checking
- Burch, Clarke, et al.
- 1990
(Show Context)
Citation Context ... protocols, formal verification techniques become ever more attractive. Boolean decision diagrams (BDDs) [3] have enabled much progress in this area, from the early work applying BDDs to verification =-=[1, 6, 5, 8, 19]-=- through the current work of numerous researchers. Most of the current research on automatic formal hardware verification has focused on gate and transistor-level design. We believe that automatic for... |

157 |
Verification of Synchronous Sequential machines based on symbolic execution
- Coudert, Berthet, et al.
- 1989
(Show Context)
Citation Context ... protocols, formal verification techniques become ever more attractive. Boolean decision diagrams (BDDs) [3] have enabled much progress in this area, from the early work applying BDDs to verification =-=[1, 6, 5, 8, 19]-=- through the current work of numerous researchers. Most of the current research on automatic formal hardware verification has focused on gate and transistor-level design. We believe that automatic for... |

152 | Symbolic model checking with partitioned transition relations
- Burch, Clarke, et al.
- 1991
(Show Context)
Citation Context ...le to the property being verified. The usual approach to such a verification task is to compute the set of states reachable from S and to check that the set of reachable states is a subset of I (e.g. =-=[8, 5, 7, 19, 4]-=-). This approach entails computing the set of reachable states as the fixed-point Z:u:S(u)s9v[Z(v)sffi (v; u)], which is the smallest set Z such that S ` Z and any state that is a successor under ffi ... |

146 |
Implicit state enumeration of finite state machines using bdd’s
- Touati, Savoj, et al.
- 1990
(Show Context)
Citation Context |

103 |
Verification of sequential machines using boolean functional vectors
- Coudert, Berthet, et al.
- 1989
(Show Context)
Citation Context ...sor under ffi of a state in Z is also in Z [6]. We will call this approach "forward traversal." The expression 9v[Z(v)sffi (v; u)] is generally called the image of set Z under transition rel=-=ation ffi [9, 19]-=-, which we will denote by Image(ffi; Z). Also commonly used is the image on the domain of ffi of a subset of the codomain given by 9v[Z(v) ffi (u; v)], which we denote by PreImage(ffi; Z). We will als... |

77 |
Algorithms for Discrete Function Manipulation
- Srinivasan, Kam, et al.
- 1990
(Show Context)
Citation Context ...ronics. The first author was supported by an ONR Graduate Fellowship. Most of this work was done using equipment generously donated by Sun Microsystems. higher-level BDD-based verification, like MDDs =-=[18, 15]-=- or EVBDDs [16], which are extensions to the basic BDD data structure.) To our initial surprise, the BDD-based verification method has been disappointing --- a method which stores all of the reachable... |

36 | Reducing BDD size by exploiting functional dependencies
- Hu, Dill
- 1993
(Show Context)
Citation Context ...results for this example. Clearly, the implicitly conjoined invariant greatly reduces both the memory and the time required for the verification. 3.2 Functionally Dependent Variables In earlier work, =-=[12]-=- we isolated functionally dependent variables --- variables that are always a function of other variables of the system, provided the system is operating correctly --- as a common source of BDD-size b... |

27 |
Automatic Verification of Synchronous Circuits Using Symbolic Logic Simulation
- Bose, Fisher
- 1989
(Show Context)
Citation Context |

22 | Higher-level specification and verification with BDDs - Hu, Dill, et al. - 1993 |

15 |
Functional Extension of Symbolic Model Checking,” Computer-Aided Verification
- Filkorn
- 1991
(Show Context)
Citation Context ... S ) AGI. Computing AGI is easily seen to entail computing the fixed-point Z:u:I(u)s8v[ffi(u; v) ) Z(v)], which is the largest set Z such that Z ` I and all successors of any state in Z are also in Z =-=[6, 11]. The fixp-=-oint exists by monotonicity of the predicate transformer. We will call this approach "backward traversal." Figure 1 gives pseudo-code for this computation, as well as for producing the count... |

14 |
Multi-valued decision diagrams
- Kam, Brayton
- 1990
(Show Context)
Citation Context ...ronics. The first author was supported by an ONR Graduate Fellowship. Most of this work was done using equipment generously donated by Sun Microsystems. higher-level BDD-based verification, like MDDs =-=[18, 15]-=- or EVBDDs [16], which are extensions to the basic BDD data structure.) To our initial surprise, the BDD-based verification method has been disappointing --- a method which stores all of the reachable... |

13 |
Variable ordering for FSM Traversal
- Jeong, Plessier, et al.
- 1991
(Show Context)
Citation Context ...er bit of all words first, followed by the next most significant bit of all words, etc. This variable ordering is generally necessary in datapaths to minimize BDD size for comparisons and arithmetic. =-=[18, 15, 14]-=- In this case, the BDD for the conjunction of all the type invariants is of size O(kw d ), since in the BDD, after each bitslice, we must encode all w d possible intermediate states of each type invar... |

2 |
Eric Schwarz, and Fabio Somenzi, "ATPG Aspects of FSMVerification
- Cho, Hachtel, et al.
- 1990
(Show Context)
Citation Context ...le to the property being verified. The usual approach to such a verification task is to compute the set of states reachable from S and to check that the set of reachable states is a subset of I (e.g. =-=[8, 5, 7, 19, 4]-=-). This approach entails computing the set of reachable states as the fixed-point Z:u:S(u)s9v[Z(v)sffi (v; u)], which is the smallest set Z such that S ` Z and any state that is a successor under ffi ... |

1 |
and Sarma Sastry, "Edge-Valued Binary Decision Diagrams for Multi-Level Hierarchical Verification
- Lai
- 1992
(Show Context)
Citation Context ...uthor was supported by an ONR Graduate Fellowship. Most of this work was done using equipment generously donated by Sun Microsystems. higher-level BDD-based verification, like MDDs [18, 15] or EVBDDs =-=[16]-=-, which are extensions to the basic BDD data structure.) To our initial surprise, the BDD-based verification method has been disappointing --- a method which stores all of the reachable states explici... |