## 3-Valued Circuit SAT for STE with Automatic Refinement

Citations: | 1 - 1 self |

### BibTeX

@MISC{Grumberg_3-valuedcircuit,

author = {Orna Grumberg and Assaf Schuster and Avi Yadgar},

title = {3-Valued Circuit SAT for STE with Automatic Refinement},

year = {}

}

### OpenURL

### Abstract

Abstract. Symbolic Trajectory Evaluation (STE) is a powerful technique for hardware model checking. It is based on a 3-valued symbolic simulation, using 0,1 and X (”unknown”), where the X is used to abstract away values of the circuit nodes. Most STE tools are BDD-based and use a dual rail representation for the three possible values of circuit nodes. SAT-based STE tools typically use two variables for each circuit node, to comply with the dual rail representation. In this work we present a novel 3-valued Circuit SAT-based algorithm for STE. The STE problem is translated into a Circuit SAT instance. A solution for this instance implies a contradiction between the circuit and the STE assertion. An unSAT instance implies either that the assertion holds, or that the model is too abstract to be verified. In case of a too abstract model, we propose a refinement automatically. We implemented our 3-Valued Circuit SAT-based STE algorithm and applied it successfully to several STE examples. 1

### Citations

1253 | Chaff: Engineering an Efficient SAT Solver
- Moskewicz, Madigan, et al.
- 2001
(Show Context)
Citation Context ...n of the problem: as a set of constraints in CNF, and as the DAG of the circuit. The CNF representation is used for efficient Boolean Constraint Propagation and for learning, as in common SAT solvers =-=[13, 24]-=-. The DAG representation is a higher level description of the circuit than the CNF representation. It is used for branching as in [8, 10, 11], for propagating X values, and for deciding termination. W... |

1152 |
A Computing Procedure for Quantification Theory
- Davis, Putnam
- 1960
(Show Context)
Citation Context ... unit clause, and the assignment to l is called an implication. bcp computes all possible implications at a given moment. This procedure is efficiently implemented in [13, 23, 12]. The DPLL algorithm =-=[6, 5]-=- iteratively chooses an assignment to some variable, and computes its implications. If no conflict occurs, a new assignment is chosen, and so on. If a conflict occurs, the algorithm invalidates the la... |

790 |
D.: A machine program for theorem proving
- Davis, Logemann, et al.
- 1962
(Show Context)
Citation Context ... unit clause, and the assignment to l is called an implication. bcp computes all possible implications at a given moment. This procedure is efficiently implemented in [13, 23, 12]. The DPLL algorithm =-=[6, 5]-=- iteratively chooses an assignment to some variable, and computes its implications. If no conflict occurs, a new assignment is chosen, and so on. If a conflict occurs, the algorithm invalidates the la... |

703 | Counterexample-guided abstraction refinement for symbolic Model Checking
- Clarke, Grumberg, et al.
(Show Context)
Citation Context ...ith the value X by A, the antecedent of the STE assertion. However, if the abstraction is too coarse, there is not enough information for proving or falsifying the STE assertion. We present a “CEGAR” =-=[3]-=- approach for refining such assertions. For an unjustifiable instance given to 3VJA, the resolution tree, derived for it, is the proof that the instance is unjustifiable. We define a spurious proof to... |

316 | Efficient conflict driven learning in Boolean satisfiability solver
- Zhang, Madigan, et al.
- 2001
(Show Context)
Citation Context ...n of the problem: as a set of constraints in CNF, and as the DAG of the circuit. The CNF representation is used for efficient Boolean Constraint Propagation and for learning, as in common SAT solvers =-=[13, 24]-=-. The DAG representation is a higher level description of the circuit than the CNF representation. It is used for branching as in [8, 10, 11], for propagating X values, and for deciding termination. W... |

303 | Symbolic model checking using sat procedures instead of bdds
- Biere, Cimatti, et al.
- 1999
(Show Context)
Citation Context ...ing. Different learning strategies yield different conflict clauses. 1UIP is a common and very efficient strategy[24]. 2.3 Bounded Model Checking We shall briefly describe Bounded Model Checking (BMC)=-=[1]-=- for a model M and a property P , which is a commonly used model checking technique. In BMC, the transition relation of M is described as a Boolean formula R(x, x ′ ), where x and x ′ are the current ... |

209 | Sato: An efficient propositional prover
- Zhang
- 1997
(Show Context)
Citation Context ...uch that φ(l) = 1. cl is called a unit clause, and the assignment to l is called an implication. bcp computes all possible implications at a given moment. This procedure is efficiently implemented in =-=[13, 23, 12]-=-. The DPLL algorithm [6, 5] iteratively chooses an assignment to some variable, and computes its implications. If no conflict occurs, a new assignment is chosen, and so on. If a conflict occurs, the a... |

159 | On the acceleration of test generation algorithms
- Fujiwara, Shimono
- 1983
(Show Context)
Citation Context ...e verification is the Circuit-SAT method [8, 11, 10], which gets its input in the form of a circuit rather than a CNF formula. A circuit SAT solver is based on justification of nodes, as described in =-=[7]-=-. For a node n in a circuit, and a Boolean value d, it searches for a justification for [n, d]. That is, it looks for a (partial) assignment to some of the circuit inputs, under which n evaluates to d... |

106 | Formal verification by symbolic evaluation of partially-ordered trajectories
- Seger, Bryant
(Show Context)
Citation Context ...ropose a refinement automatically. We implemented our 3-Valued Circuit SAT-based STE algorithm and applied it successfully to several STE examples. 1 Introduction Symbolic Trajectory Evaluation (STE) =-=[18]-=- is a powerful model checking technique for hardware verification, which combines symbolic simulation with 3-valued abstraction. Consider a circuit M, described as a Directed Acyclic Graph (DAG) of no... |

64 | Combining strengths of circuit-based and CNF-based algorithms for a high-performance
- Ganai, Zhang, et al.
- 2002
(Show Context)
Citation Context ... STE. None of the methods discussed above performs automatic refinement. We further elaborate on these works in Section 7. Particularly interesting for hardware verification is the Circuit-SAT method =-=[8, 11, 10]-=-, which gets its input in the form of a circuit rather than a CNF formula. A circuit SAT solver is based on justification of nodes, as described in [7]. For a node n in a circuit, and a Boolean value ... |

62 | Finding bugs in an alpha microprocessor using satisfiability solvers
- Bjesse, Leonard, et al.
- 2001
(Show Context)
Citation Context ...ulting expressions meet the requirements of the STE assertion. The Boolean expressions used in this method might be too large to handle, and might require a theorem prover for reducing their size. In =-=[2]-=- and [4], the dual rail encoding is used to create a CNF formula for STE. This representation uses two Boolean variables for each node in the circuit, which we avoid in our algorithm. In [15], a 3-val... |

55 | Conflict analysis in search algorithms for propositional satisfiability
- Marques-Silva, Sakallah
- 1996
(Show Context)
Citation Context ...uch that φ(l) = 1. cl is called a unit clause, and the assignment to l is called an implication. bcp computes all possible implications at a given moment. This procedure is efficiently implemented in =-=[13, 23, 12]-=-. The DPLL algorithm [6, 5] iteratively chooses an assignment to some variable, and computes its implications. If no conflict occurs, a new assignment is chosen, and so on. If a conflict occurs, the a... |

41 | A circuit sat solver with signal correlation guided learning
- Lu, Wang, et al.
- 2003
(Show Context)
Citation Context ... STE. None of the methods discussed above performs automatic refinement. We further elaborate on these works in Section 7. Particularly interesting for hardware verification is the Circuit-SAT method =-=[8, 11, 10]-=-, which gets its input in the form of a circuit rather than a CNF formula. A circuit SAT solver is based on justification of nodes, as described in [7]. For a node n in a circuit, and a Boolean value ... |

39 | An Industrially Effective Environment for Formal Hardware Verification
- Seger, Jones, et al.
- 2005
(Show Context)
Citation Context ...latter case means that the abstraction induced by A is too coarse, and requires some refinement. STE is successfully used in the hardware industry for verifying very large models with wide data paths =-=[19, 17, 22]-=-. The common method for performing STE is by representing the values of each node in the circuit by Binary Decision Diagrams (BDDs) that depend on the symbolic variables [19]. In this method, the dual... |

25 |
High Level Formal Verification of NextGeneration Microprocessors
- Schubert
(Show Context)
Citation Context ...latter case means that the abstraction induced by A is too coarse, and requires some refinement. STE is successfully used in the hardware industry for verifying very large models with wide data paths =-=[19, 17, 22]-=-. The common method for performing STE is by representing the values of each node in the circuit by Binary Decision Diagrams (BDDs) that depend on the symbolic variables [19]. In this method, the dual... |

21 | Abadir, “Formal Verification of Content Addressable Memories Using Symbolic Trajectory Evaluation
- Pandey, Raimi, et al.
- 1997
(Show Context)
Citation Context ...s data width. The results of our experiments are presented in Table 6. We verified the associative read property of the CAM by using “full”, “plain” and “cam” symbolic indexing schemes, as defined in =-=[14]-=-. Additionally, we checked the CAM and the memory against series of multiple write and read operations. Each assertion has a different set of symbolic variables and a different depth. Assertions 1 − 1... |

13 | SOMENZI F.: ‘CirCUs: a satisfiability solver geared towards bounded model checking
- JIN, AWEDH
(Show Context)
Citation Context ... STE. None of the methods discussed above performs automatic refinement. We further elaborate on these works in Section 7. Particularly interesting for hardware verification is the Circuit-SAT method =-=[8, 11, 10]-=-, which gets its input in the form of a circuit rather than a CNF formula. A circuit SAT solver is based on justification of nodes, as described in [7]. For a node n in a circuit, and a Boolean value ... |

9 | SAT-based Assistance in Abstraction Refinement for Symbolic Trajectory Evaluation
- Roorda, Claessen
- 2006
(Show Context)
Citation Context ...atic refinement scheme was suggested in [20]. This refinement scheme chooses a nodes that is assigned with X, and tries to choose a small set of inputs such that this node will evaluate to 0 or 1. In =-=[16]-=-, a method for assisting manual refinement is presented. Our refinement scheme eliminates a spurious proof of unjustifiability of the circuit in each iteration, and is inherently different than these ... |

8 | A new SAT-based algorithm for symbolic trajectory evaluation
- Roorda, Claessen
- 2005
(Show Context)
Citation Context ...xpressions meet the requirements of the STE assertion. The Boolean expressions used in this method might be too large to handle, and might require a theorem prover for reducing their size. In [2] and =-=[4]-=-, the dual rail encoding is used to create a CNF formula for STE. This representation uses two Boolean variables for each node in the circuit, which we avoid in our algorithm. In [15], a 3-valued SAT ... |

8 | satGSTE: Combining the abstraction of GSTE with the capacity of a SAT solver
- Yang, Gil, et al.
- 2004
(Show Context)
Citation Context ...ms can often handle much larger models than BDD-based ones. It is therefore very appealing to try and implement SAT-based algorithms for STE as well. However, only a few works took this direction. In =-=[21]-=-, non-canonical Boolean expressions are used instead of BDDs during the simulation, and a SAT solver is used to check if the resulting expressions meet the requirements of the STE assertion. The Boole... |

8 |
GSTE through a case study
- Yang, Goel
- 2002
(Show Context)
Citation Context ...latter case means that the abstraction induced by A is too coarse, and requires some refinement. STE is successfully used in the hardware industry for verifying very large models with wide data paths =-=[19, 17, 22]-=-. The common method for performing STE is by representing the values of each node in the circuit by Binary Decision Diagrams (BDDs) that depend on the symbolic variables [19]. In this method, the dual... |

5 |
Symbolic trajectory evaluation using a satisfiability solver
- Roorda
- 2005
(Show Context)
Citation Context ... size. In [2] and [4], the dual rail encoding is used to create a CNF formula for STE. This representation uses two Boolean variables for each node in the circuit, which we avoid in our algorithm. In =-=[15]-=-, a 3-valued SAT solver was suggested, which did not perform well. Additionally in [15], an approximation for a 3-valued SAT solver is computed. This approximation, however, does not completely corres... |

4 |
Tzoref and Orna Grumberg. Automatic refinement and vacuity detection for Symbolic Trajectory Evaluation
- Rachel
- 2006
(Show Context)
Citation Context ...me t for which a constraint exists in f on some node n, plus 1. 3sGiven a TEL formula f over V, a symbolic trajectory π over V, and an assignment φ to V, we define the satisfaction of f as defined in =-=[20]-=-: [φ, π |= f] = ⊥ ↔ ∃i ≥ 0, n ∈ N : φ(π)(i)(n) = ⊥. Otherwise: [φ, π |= n is p] = 1 ↔ φ(π)(0)(n) = φ(p) [φ, π |= n is p] = 0 ↔ φ(π)(0)(n) �= φ(p) and φ(π)(0)(n) ∈ {0, 1} [φ, π |= n is p] = X ↔ φ(π)(0)... |

1 | Hybrid BDD and all-sat method for model checking and other application
- Grumberg, Schuster, et al.
- 2007
(Show Context)
Citation Context ...sal of abstracted parts of the circuit, thus reducing the amount of work. We implemented our 3-valued justification algorithm on top of zChaff [13], which is a state of the art CNF SAT solver, and of =-=[9]-=-. We employed our tool for solving several STE problems, and compared it to other methods. Using our algorithm, we managed to solve problems that could not be solved by BDDs, and in most cases it outp... |