R. Hojati and R.K. Brayton, "Automatic datapath abstraction of hardware systems," in Computer Aided Verification (CAV'95), Springer-Verlag, Berlin, 1995.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....Germany fschoenherr,straubeg eas.iis.fhg.de 1. Introduction One of the big challenges in circuit design is the formal verification at clocked algorithmic or register transfer level. To overcome the limits of BDD based approaches we apply an abstraction of the datapath by uninterpreted functions [2]. A function f is uninterpreted if all properties except 8i:#s i = t i # # f #s 1 ; s n #= f #t 1 ; t n # are dropped. In the past symbolic execution and theorem proving were used to check the equivalence of two sequential circuits that are abstracted by uninterpreted functions. Symbolic ....

....i # # f #s 1 ; s n #= f #t 1 ; t n # are dropped. In the past symbolic execution and theorem proving were used to check the equivalence of two sequential circuits that are abstracted by uninterpreted functions. Symbolic execution is an enumeration of states reachable from the initial state [2]. Because of the uninterpreted functions there is no general termination condition of such procedures. In the theorem prover based approach [4] the proof is usually carried out using the induction principle. Often lemmas are needed to prove the equivalence. These lemmas are also proven by ....

R. Hojati and R. K. Brayton. Automatic datapath abstraction in hardware systems. In CAV'95, pages 98--113, 1995.

....on X is not available is also studied in the literature, as are weaker variants such as allowing constants of type X and unary predicates on X . A variety of results which enable model checking [5] of important classes of in nite state systems are based on exploiting data independence (e.g. [22, 12, 10, 19, 6, 14, 21, 18]) Although their proofs are in terms of semantics, most of these results are based on de nitions of data independence which are by means of syntactic restrictions in particular formalisms. We acknowledge support from the EPSRC Standard Research Grant Exploiting Data Independence , GR M32900. ....

R. Hojati and R. K. Brayton. Automatic datapath abstraction in hardware systems. In Proceedings of the 7th International Conference On Computer Aided Veri- cation, volume 939 of Lecture Notes in Computer Science, pages 98-113. Springer Verlag, 1995.

....on X is not available is also studied in the literature, as are weaker variants such as allowing constants of type X and unary predicates on X . A variety of results which enable model checking [5] of important classes of in nite state systems are based on exploiting data independence (e.g. [23, 12, 10, 20, 6, 14, 22, 19]) For most of those results, although their proofs are in terms of semantics, they are based on de nitions of data independence which are by means of syntactic restrictions in particular formalisms. The rst semantic de nition of data independence which accommodates the variants with or ....

R. Hojati and R. K. Brayton. Automatic datapath abstraction in hardware systems. In Proceedings of the 7th International Conference On Computer Aided Veri- cation, volume 939 of Lecture Notes in Computer Science, pages 98-113. Springer Verlag, 1995.

....the bisimulation may be model checked on the smaller, finite quotient structure instead of the original large structure. Examples of the application of this general idea may be found in the theory of Symmetry Reduction [ES 93, CFJ 93] Real Time Automata [AD 91] and Data Independence [Wolper 86, HB 95] The kinds of temporal properties that are preserved depends on the kind of bisimulation used. For strong bisimulation, general calculus properties are preserved, while for weaker notions of bisimulation such as stuttering bisimulation, properties in the next time free sublogic of CTL are ....

Hojati, R., Brayton, R. Automatic Datapath Abstraction in Hardware Systems, CAV 1995.

....processors by abstracting away the data path. Abstracting the datapath using uninterpreted function symbols is very useful for verifying pipeline systems [9, 21, 20, 21, 64, 103, 104] A number of researchers have modeled or verified industrial hardware systems using abstraction techniques [47, 53, 55, 56]. In many cases, their abstractions are generated manually and combined with theorem proving techniques [95, 96] Dingel and Filkorn have used data abstraction and assume guarantee reasoning combined with theorem proving techniques to verify infinite state systems [39] Recently, McMillan has ....

R. Hojati and R. K. Brayton. Automatic datapath abstraction in hardware systems. In P. Wolper, editor, Proceedings of the 7th International Conference On Computer Aided Verification, volume 939 of Lecture Notes in Computer Science, pages 98--113, Liege, Belgium, July 1995. Springer Verlag.

....Hence, the control flow is dependent on only a finite number of data predicates. Several papers describe restrictions on program syntax to ensure data insensitivity, and provide abstraction algorithms which replace data domains by small finite domains, keeping the program actions unchanged [Wol86,HB95,ID96,Laz99] This is justified by showing a bisimulation between the large and small domain instances. Our program transformation method terminates for each of the above classes of programs. For instance, in [ID96] the only atomic predicate is = and every assignment has the form X : Y . As ....

....inputs where assignments are of the form X : Y , our abstraction algorithm terminates with a bisimulationequivalent abstract program. Our algorithm also terminates for showing that the program below has an infinite computation, which is not possible to show with a finite domain method (cf. HB95] Thus, our algorithm is strictly more powerful than the finite domain methods. var x : natural initially x = 0 action a[i : natural] x i) x : i 5.2 Symmetric Programs Bisimulation reductions for semantically symmetric programs have been proposed in [ES93,CFJ93] It is ....

[Article contains additional citation context not shown here]

R. Hojati and R.K. Brayton. Automatic datapath abstraction of hardware systems. In CAV, volume 939 of LNCS, 1995.

....to many others in the automated verification community: it seeks to extend the very successful body of work on model checking fixed finite state systems to particular sorts of parameterised and infinite state systems. In this we build on the existing body of work on data independence (for example [11, 5, 7, 9]) whose aim is to prove properties of systems parameterised by one or more data types, on the assumption that these types are treated relatively simply by the program in question. It is obviously desirable to add to the range of operations permitted over these types, and the possibility of using ....

R. Hojati and R.K. Brayton, Automatic datapath abstraction in hardware systems, Proceedings of the 7th International Conference on Computer Aided Verification (CAV '95), Lecture Notes in Computer Science 939, 98--113, Springer, 1995.

....and sequential verification conditions. But even these may often be discharged automatically, e.g. if each single data loop can be handled by BDD techniques after it is extracted from the context of the rest of the system. More similar results involving data control separation can be found in [17] where another generalization of Wolper s data independence is pursued. Due to the different system description format used there, separation has a different meaning and thus the results are complementary to ours. However, 17] does not even attempt to cope with data computations, and does not ....

....More similar results involving data control separation can be found in [17] where another generalization of Wolper s data independence is pursued. Due to the different system description format used there, separation has a different meaning and thus the results are complementary to ours. However, [17] does not even attempt to cope with data computations, and does not include techniques for first order verification condition generation. Verification techniques in the style of [20] which underly e.g. procedures of the STEP system [19] are closer to our approach. Indeed, one could certainly ....

Hojati, R. and Brayton, R.K. Automatic datapath abstraction in hardware systems, CAV '95, to appear.

....description of the model (for example, a program in a hardware description language) and combining the abstraction procedure with compilation. 2 Data path Abstractions are those which eliminate portions of the data path or reduce the size (bit width) of the data path elements. Hojati and Brayton [8] introduced the notion of data insensitive controllers and data sensitive controllers. Data insensitive controllers are those that move data around, and are not sensitive to the value of the data. They proved that for verifying certain types of safety properties, a single bit of data for each ....

....description of a design, these are variables that interact with control variables or other mixed variables at some point. Data Control properties are properties involving mixed variables. These properties are the most difficult to verify, and only ad hoc techniques have been used to verify them [8]. If we are trying to verify data control properties then data variables are reduced to a single bit instance at the start of the abstraction procedure. The design is then subjected to interval analysis to determine the reduced sizes of all the storage elements. Since our goal is to preserve all ....

[Article contains additional citation context not shown here]

Ramin Hojati and Robert K. Brayton. "Automatic datapath abstraction in hardware systems". In 7th International Conference on Computer-Aided Verification, 1995.

....systems realized in hardware as well as finite state models thereof are assumed to be data independent; i.e. the control logic of the system moves data around, and does not base its control point settings on the data values themselves. We also assume that the system is address semi dependent [16], i.e. the control logic can at most compare two addresses for equality or inequality and base its actions on the outcome of this test. These assumptions are standard, and form the basis for defining test automata as well as memory rule safety properties. 3.2 Creation of test automata As ....

R. Hojati and R. Brayton. Automatic datapath abstraction of hardware systems. In Conference on Computer-Aided Verification, 1995.

....is important only for an in nite instantiation (for example, the type of natural numbers) which gives us a special case of the problem of model checking in nite state systems. Techniques for model checking data independent systems have been developed for a number of di erent frameworks [23, 10, 9, 7, 8, 12]. They enable veri cation for all instantiations of the data type to be reduced, either statically or dynamically, to the veri cation for a nite number of nite instantiations (or only one) Consequently, in the special case of data independent systems, the challenges of model checking ....

....(which involves in nite state systems) by model checking [19] This paper. Based on the intuitive de nition of data independence stated above, it is straightforward to formulate syntactic restrictions which ensure that a system or a speci cation is data independent with respect to a data type. In [10, 9, 7, 8, 12], such syntactic restrictions are given for each of the formalisms used. However, it is hard to see how the restrictions and the results for di erent formalisms are related. Data independence therefore needs to be de ned semantically. This has turned out to be dicult, since a satisfactory de ....

[Article contains additional citation context not shown here]

R. Hojati and R.K. Brayton. Automatic Datapath Abstraction In Hardware Systems. In Proc. of CAV, volume 939 of LNCS, pages 98-113, 1995. Springer Verlag.

....Church (Oxford) and previously by a Domus and Harmsworth Senior Scholarship at Merton College (Oxford) and by a scholarship from Hajrija Boris Vukobrat and Copechim France SA. y Supported by grants from the US ONR. Two closely related techniques for achieving this are data independence [14, 6, 5, 7] and exploring state spaces with symbolic rather than expanded data [4, 13, 5, 1] For a concurrent system P to be data independent in type X, it must make sense for any nonempty X; thus data independence is closely related to the concept of polymorphism from (often functional) programming. The ....

....at Merton College (Oxford) and by a scholarship from Hajrija Boris Vukobrat and Copechim France SA. y Supported by grants from the US ONR. Two closely related techniques for achieving this are data independence [14, 6, 5, 7] and exploring state spaces with symbolic rather than expanded data [4, 13, 5, 1]. For a concurrent system P to be data independent in type X, it must make sense for any nonempty X; thus data independence is closely related to the concept of polymorphism from (often functional) programming. The intention of the concept of data independence is that concurrent systems ....

[Article contains additional citation context not shown here]

Hojati, R. and R.K. Brayton, Automatic Datapath Abstraction in Hardware Systems, Proceedings of the 7 th CAV, Springer LNCS 939, 98-113, 1995.

....concurrent system P and a condition C, does P satisfy C for all instantiations of the parameters Xi There has recently been much research on the PVP. It is undecidable in general [AK86] and so most effort has been put into either finding restricted versions of it which are decidable (see e.g. [Wol86, JP93, ID96a, HB95, HDB97, GS92, YJL96, EN96]) or providing procedures whose termination is unpredictable or which require user assistance (see e.g. HL95, HGD95, CZ 97, HIB97, CGJ95, ID96b, KM 97] The main result of this paper, Theorem 1, says that in order to verify that a concurrent system P which uses unbounded arrays (i.e. memories) ....

Hojati, R. and R.K. Brayton, Automatic Datapath Abstraction in Hardware Systems, 98--113, Proc. of the 7 th CAV, Springer LNCS 939, 1995.

....system P and a condition C, does P satisfy C for all instantiations of the parameters Xi There has recently been much research on the PVP. It is undecidable in general [AK86] and so most effort has been put into either finding decision procedures for restricted versions of it (see e.g. [Wol86, JP93, ID96a, HB95, HDB97, GS92, YJL96, EN96]) or providing automated techniques whose termination is unpredictable or which require user involvement (see e.g. HL95, HGD95, CZ 97, HIB97, CGJ95, ID96b, KM 97] The main result of this paper, Theorem 1, says that in order to verify that a concurrent system P which uses unbounded arrays ....

Hojati, R. and R.K. Brayton, Automatic Datapath Abstraction in Hardware Systems, 98--113, Proc. of the 7 th CAV, Springer LNCS 939, 1995.

....or where there are at least techniques that have a reasonable chance of resolving the issue. A variety of techniques have been proposed for addressing versions of the PVP, the most prominent of which are induction over network size structure [20, 1, 14, 15] and data independence analysis (see [19, 9, 7]; for our work see below) Using the latter it can often be shown that for a data type parameter T it is sufficient to consider a given finite data type (or perhaps a finite selection of finite data types) to prove a result for all types, or that it is possible to run a model checker on a system ....

Hojati, R. and R.K. Brayton, Automatic Datapath Abstraction in Hardware Systems, 98--113, Proceedings of the 7 th CAV, Springer LNCS 939, 1995.

....of the system. In the refinement method, one uses a high level model of the system as a specification, and verifies separately that each system component implements its part of the high level specification. A specification is a description of the intended required behavior of a hardware design [4]. Various formalisms have been used to represent specifications. SMV uses logic based specification like modal logic (e.g. temporal logic, extended temporal logic) Other tools use automaton based specification. An implementation description for a task at any given level serves also as a ....

R. Hojati, R. K. Brayton. Automatic Datapath Abstraction in Hardware Systems. Computer Aided Verification, LNCS 939, Springer Verlag, 1995, pp. 98-113.

....is important only for an in nite instantiation (for example, the type of natural numbers) which gives us a special case of the problem of model checking in nite state systems. Techniques for model checking data independent systems have been developed for a number of di erent frameworks [24, 10, 9, 7, 8, 12]. They enable veri cation for all instantiations of the data type to be reduced, either statically or dynamically, to the veri cation for a nite number of nite instantiations (or only one) Consequently, in the special case of data independent systems, the challenges of model checking ....

....(which involves in nite state systems) by model checking [20] This paper. Based on the intuitive de nition of data independence stated above, it is straightforward to formulate syntactic restrictions which ensure that a system or a speci cation is data independent with respect to a data type. In [10, 9, 7, 8, 12], such syntactic restrictions are given for each of the formalisms used. However, it is hard to see how the restrictions and the results for di erent formalisms are related. Data independence therefore needs to be de ned semantically. This has turned out to be dicult, since a satisfactory de ....

[Article contains additional citation context not shown here]

R. Hojati and R.K. Brayton. Automatic Datapath Abstraction In Hardware Systems. In P. Wolper, editor, Proceedings of the 7th International Conference On Computer Aided Verication, volume 939 of Lecture Notes in Computer Science, pages 98-113, 1995. Springer Verlag.

....verifying properties about systems containing data paths. Clarke, Grumberg and Long [1] proposed that an abstraction that specifies a mapping between the actual data values in the system and a small set of abstract values, can be used to reduce the complexity of model checking. Hojati and Brayton [6] proved that for verifying certain types of safety properties of data insensitive controllers, a single bit of data for each variable is sufficient. They also showed that for data sensitive controllers, depending on the predicates applied to the data values, a few bits can suffice to check the ....

Ramin Hojati and Robert K. Brayton. "Automatic datapath abstraction in hardware systems". In 7th International Conference on Computer-Aided Verification, 1995.

....but also extends to several circuits and protocols. Some researchers solved this problem using two dioeerent approaches. The rst one consists of combining eOEcient decision procedures for nite domains with theorem proving [33, 30] The second one allows a kind of abstraction in BDD based provers [16, 25]. They provide a support for non Boolean data types [26] or they give symbolic representations derived from BDDs. Most of these representations are described in [8] But, to our knowledge, no processor including microprogram loops to implement arithmetic instructions have been veried, either ....

R. Hojati and R. K. Brayton. Automatic datapath abstraction in hardware systems. In Computer-Aided Verication, volume 939 of LNCS, 1995.

No context found.

R. Hojati and R.K. Brayton, "Automatic datapath abstraction of hardware systems," in Computer Aided Verification (CAV'95), Springer-Verlag, Berlin, 1995.

No context found.

R. Hojati and R. K. Brayton. Automatic datapath abstraction in hardware systems. CAV'95: 7th International Conference on Computer Aided Verification, LNCS 939, 98-113, Springer Verlag, 1995.

No context found.

R. Hojati and R.K. Brayton. Automatic datapath abstraction in hardware systems. In Proceedings of the 7th International Conference on Computer Aided Veri cation, volume 939 of Lecture Notes in Computer Science, pages 98-113. Springer-Verlag, 1995.

No context found.

R. Hojati and R. Brayton. Automatic datapath abstraction of hardware systems. In Conference on Computer-Aided Verification,1995.

No context found.

Ramin Hojati, Robert K. Brayton, "Automatic Datapath Abstraction In Hardware Systems", In Computer Aided Verification, June 1995.

No context found.

Hojati, R., Brayton, R. Automatic Datapath Abstraction in Hardware Systems, CAV 1995.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC