Seger, C.-J. and R. Bryant, Formal verification by symbolic evaluation of partially-ordered trajectories, Formal Methods in System Design 6 (1995).  Home/Search   Document Details and Download   Summary   Related Articles   Check

.... encoding of the following set of states: f(a;b;c;0;0;0) a;b;c 2 f0;1g g Applying the next state function we might get (X;X;X; b;a;0) which represents the set f(0;0;0;1;0;0) 0;0;1;1;0;0) 0;1;0;0;0;0) 0;1;1;0;0;0) 1;0;0;1;1;0) g For more detail on this representation see [6, 8, 11]. 5 not canonical don t have nice algorithms for set manipulation to get full benefit of approach, can support limited temporal logics Don t need a monolithic BDD to represent state space or next state function Only as many BDD variables as there are parametric variables largely ....

....vector and parm vector should be of the same length let pvars = depends ( map fst vector) map snd vector) in let pv = itlist ( x. y.variable x AND y) pvars T in quant thereis pv (compare list char vars vector) In conclusion, there are many reasons for using C rather than B . Please see [6, 8, 11] for more details. ....

C.-J.H. Seger and R.E. Bryant. Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories. Formal Methods in Systems Design, 6:147--189, March 1995. 8

....that is best (in a certain well defined sense) 1. Introduction A number of recent approaches to verifying properties of hardware and software systems have used 3 valued logics of one sort or another. For instance, 3 valued propositional logic is used in Symbolic Trajectory Evaluation (STE) [23, 12, 7] for verifying properties of hardware systems. In program analysis, dataflow analyses that simultaneously track may and must information (e.g. 20, 4] can also be viewed as working in 3 valued propositional logic. In 3 valued logic, a third truth value ( 1=2 ) is introduced to denote ....

C.-J. Seger and R. Bryant. Formal verification by symbolic evaluation of partially-ordered trajectories. Formal Methods in System Design, 6(2):147--189, Mar. 1995.

....by Abadi and Lamport [AL89] Because each component is verified separately, model checking is only applied to small circuits, and we avoid the problem of state space explosion. This shows that the circuit is eligible. 9 3. 2 Symbolic trajectory evaluation Symbolic trajectory evaluation (STE) SB95] is a verification technique for circuits with a deterministic next state function and specifications written in a restricted logic called trajectory formulas. STE does not compute the reachable subset of the state space and can be applied successfully to much larger circuits than model ....

....here. We address this point more in sections 4. 3.3 Design representation The designs are modeled at the component level using VHDL. Each component is described using behavioural VHDL, and these are combined to form the complete design using structural VHDL. The Voss system for STE [SB95] supports VHDL design descriptions. Modifying the models of environment components to test periodicity as described above is easily done in VHDL. For the model checking part of the verification, we use the st2fl model checker [LGS94] Translation from VHDL to ST for the model checker 10 is ....

Carl-Johan Seger and Randal E. Bryant. Formal verification by symbolic evaluation of partially-ordered trajectories. Formal Methods in System Design, 6(2), March 1995.

.... was carried out in the Forte verification environment a combined model checking and theoremproving system [10] The interface language to Forte is FL, a lazy strongly typed functional language in the ML family [18] Model checking in Forte is done via symbolic trajectory evaluation (STE) [23]. Theorem proving is done in the ThmTac proof tool. 2 Proof Framework We use a variant of the traditional pre postcondition framework for formulating temporal aspects of our specification statements. One main reason for introducing the pre postcondition framework was to enable reasoning about ....

C.-J. H. Seger and R. E. Bryant. Formal verification by symbolic evaluation of partially-ordered trajectories. Formal Methods in System Design, 6(2):147--189, Mar. 1995. 8

....set of scalar tests in the input space with a single symbolic test. Since each scalar test may require a different value on each input, symbolic functions encoded using BDDs are used to represent all the possible values on each input. This is the method used in Symbolic Trajectory Evaluation (STE) [8]. The advantage of STE is that it can cover large input spaces efficiently and completely and that it is design size independent allowing scaling to large designs. However, the use of BDDs means that it is not reliable due to the well known BDD blow up problem [3] When BDD blow up occurs, no ....

C.-J. Seger and R. E. Bryant. Formal verification by symbolic evaluation of partially-ordered trajectories. Formal Methods in System Design, 6(2):147--189, 1995.

....list and collects the necessary information from the entries. This approach has a few disadvantages. First, scanning this list in every read operation can be a computationally expensive task if there is a large number of list entries. As their primary application is symbolic trajectory evaluation [11, 3, 1] where usually only few cycles are simulated, it is unlikely that they will run into problems. In a general symbolic simulator, however, the number of memory writes and thus the length of the list can grow very large. A second disadvantage is that their list representation is not canonical, i.e. ....

C.-J. Seger and R. Bryant. Formal verification by symbolic evaluation of partially-ordered trajectories. In Formal Methods in System Design, volume 6(2), pages 147--190, 1995.

....a prefix of length k of some computation [BCC 99,BCRZ99] In symbolic trajectory evaluation (STE) we try to falsify the correctness of a computation by referring only to a bounded prefix of it. The method is sound but not complete: we may terminate with no answer to the model checking problem [SB95] While it is possible to extend both SAT based model checking and STE to handle regular properties , the key idea of bounded model checking methodologies is to reason about prefixes of a bounded length. Recall that if a safety property is violated, then there is a finite prefix along which ....

C.J.H. Seger and R.E. Bryant. Formal verification by symbolic evaluation of partiallyordered trajectories. Formal Methods in System Design, 6:147--189, 1995.

.... both) Early experiments include links to model checking based on embeddings of the modal mucalculus in the logics of the HOL and PVS theorem provers [4, 47] A notable example of current work is Intel s Forte system [1, 2] which intimately combines Symbolic Trajectory Evaluation model checking [49] and theorem proving in a single framework. This has been used very effectively for industrial scale formal hardware verification [45] Another approach being investigated by Ken McMillan at Cadence Berkeley Labs is to extend the top level of a model checker with proof rules for abstraction and ....

C.-J. H. Seger and R. E. Bryant, `Formal verification by symbolic evaluation of partiallyordered trajectories', Formal Methods in System Design, vol. 6 (1995), pp. 147--189.

....of reporting an error trace to the user. The solution to this problem will be discussed in Section 5. Finally, we describe the implementation of our simulator and present some experimental results in Sections 6 and 7. 2. RELATED WORK Several publications on STE (Symbolic Trajectory Evaluation) [9, 4, 1] and other techniques [11] have already demonstrated the power of symbolic simulation in hardware verification. However, these papers only tackle gate and switch level simulation. As we will demonstrate in Section 3, RT level simulation necessitates additional concepts. Borrione et al. 2, 3] use ....

C.-J. Seger and R. Bryant. Formal verification by symbolic evaluation of partially-ordered trajectories. In Formal Methods in System Design, volume 6(2), pages 147--190, 1995.

....behavior gets lost. Therefore, we do not replace in our approach the intermediate register values but distinguish them only by indices, see section 3. SVC is more efficient for uninterpreted verification where they usually outperform interpreted techniques. Symbolic Trajectory Evaluation (STE) [23] 1 is an efficient model checking approach which reasons about Trajectory Formulas, i.e. a restricted temporal logic which combines Boolean expressions and the next time operator. An assertion (A ) C) is verified by simulating the system over the weakest trajectory for A which is a possible ....

C.-J. H. Seger and R. E. Bryant. Formal verification by symbolic evaluation of partially-ordered trajectories. Formal Methods in System Design, 6(2):147--190, 1995.

....in the memory subsystem of the Alpha chip. The first technique, bounded model checking (BMC) 6] has previously been applied to industrial verification, but not for finding bugs of length anywhere near what we will describe. The second of these techniques, symbolic trajectory evaluation (STE) [81], has previously not been used together with SAT solvers at all. We compare the performance of SAT based bounded model checking to state ofthe art BDD based model checking, and present results showing the usefulness of SAT based STE. Our experiences are very positive: the use of SAT based ....

....finding, real, deep bugs. One of our important contributions is therefore that we demonstrate that BMC together with cutting edge SAT solvers has the capacity to find realistic bugs in industrial designs. Symbolic trajectory evaluation (STE) is a model checking method invented by Seger and Bryant [81] that consists of an interesting mix of abstract interpretation and symbolic evaluation. STE is in industrial use, primarily for data path and memory verification, at companies including Intel [1] and Motorola. Up to now, STE has always been implemented using BDDs; the use of SATsolvers to do STE ....

C.-J. H. Seger and R. E. Bryant. Formal verification by symbolic evaluation of partially ordered trajectories. Formal Methods in System Design, 6(2):147--190, March 1995.

....set of scalar tests in the input space with a single symbolic test. Since each scalar test may require a different value on each input, symbolic functions encoded using BDDs are used to represent all the possible values on each input. This is the method used in Symbolic Trajectory Evaluation (STE) [8]. The advantage of STE is that it can cover large input spaces efficiently and completely and that it is design size independent allowing scaling to large designs. However, the use of BDDs means that it is not reliable due to the well known BDD blow up problem [3] When BDD blow up occurs, no ....

C.-J. Seger and R. E. Bryant. Formal verification by symbolic evaluation of partially-ordered trajectories. Formal Methods in System Design, 6(2):147--189, 1995.

....The preliminary results, although limited, were promising: the abstraction could be constructed and verified with relatively modest cost, thereby reducing the human cost of verification significantly. 1 Introduction 1. 1 Motivation The development of efficient model checking algorithms (such as [6, 25]) based on binary decision diagrams (BDDs) has meant that automatic verification methods are now applicable to a wide range of circuits. However, although the use of BDDs has extended the size of circuits that can be verified by orders of magnitude, they do not change the underlying computational ....

....Section 4 shows how this theory can be implemented in practice for a restricted version of the logic. Section 5 presents some experimental data, and Section 6 concludes. 2 Background The model checking algorithm used is symbolic trajectory evaluation (STE) originally proposed by Bryant and Seger [2, 25] and later extended by Hazelhurst and Seger [14, 16] It is an approach that has had much success in verifying a variety of circuits (e.g. 3, 9] and it has an associated compositional theory which has extended its use (e.g. 1, 19] Section 2.1 discusses STE s novel method of representing ....

[Article contains additional citation context not shown here]

C.-J.H. Seger and R.E. Bryant. Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories. Formal Methods in Systems Design, 6:147--189, March 1995.

....and specification circuits. Essential to this is the EMM s property to dynamically introduce identical initial state to two simulation sequences [4] In replacing these blocks, we assume that their actual implementations have been verified separately. For example, symbolic trajectory evaluation [16][11] has been combined with symmetry reductions [14] to enable the verification of very large memory arrays at the transistor level. An efficient representation of word level functions has enabled the verification of complex functional units like floating point multipliers [7] Additionally, we ....

C.-J.H. Seger, and R.E. Bryant, "Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories, " Formal Methods in System Design, Vol. 6, No. 2, March 1995, pp. 147-190.

....Trajectory Evaluation is used to verify the set of trajectory assertions on the circuit. We use the terms trajectory specification and trajectory assertions partly for historical reasons. Our trajectory assertions are a generalization of the trajectory assertions introduced by Seger and Bryant[18]. The justification is that the assertions define a set of trajectories in the circuit. Informally, a trajectory is a sequence of states that represents an acceptable behavior of the circuit. Once the abstract assertions have been individually verified, the methodology must be able to stitch ....

....was used to verify the set of symbolic patterns on the circuit. The set of symbolic patterns corresponded to single sequence of states in a state diagram. Seger and Bryant extended STE to perform fixed point computations to verify a single sequence of states augmented with a limited set of loops[18]. In our work trajectory assertions are general state diagrams. We have extended STE to deal with generalized trajectory assertions. STE has been used to verify memory arrays such as on chip caches and register files. Pandey and others used the VOSS STE system to verify a multi ported register ....

[Article contains additional citation context not shown here]

C. J. H. Seger and R. E. Bryant, "Formal Verification by Symbolic Evaluation of PartiallyOrdered Trajectories," Formal Methods in System Design 6, pp. 147-189, 1995.

....extends Burch and Dill s pipeline verification method [4] to efficiently model the complete functionality of the data path at the bit level; and 4) experimental results that confirm the applicability of the new ideas. We consider two forms of verification: 1) Symbolic Trajectory Evaluation (STE) [12], where one proves that a circuit satisfies a specification given as a temporal logic formula; and 2) Correspondence checking, where one proves a correspondence between two circuits by evaluating two execution sequences starting from a common initial state and showing that they yield identical ....

C.-J. H. Seger, and R. E. Bryant, "Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories," Formal Methods in System Design, Vol. 6, No. 2 (March 1995), pp. 147-190.

....the temporal logic used, and the more complicated the properties specified, the greater computational complexity becomes. Generally, one should use the simplest model checker that can express the desired verification properties. E. Symbolic Trajectory Evaluation Symbolic trajectory evaluation [25] is an attempt to combine the efficiency of symbolic simulation with a bit of the temporal expressiveness of model checking. The basic idea is that if we severely restrict the temporal logic used for specifying properties, we can verify the properties using symbolic simulation. In symbolic ....

C.-J. H. Seger and R. E. Bryant, "Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories," Formal Methods in System Design, Vol. 6, 1995, pp. 147--189.

....of trajectory evaluation is given in a later section. Although many circuits can be verified very efficiently, there are, however, some limitations. It is these limitations which have motivated this work. Introductory references for symbolic trajectory evaluation include (Beatty et al. 1991; Seger Bryant, 1993). 1.2 Motivation Although trajectory evaluation is a very successful approach for verifying many realistic circuits, two weaknesses have been noted of this method. First, there can be a semantic gap between the trajectory evaluation verification and what the user has in mind to verify. Part of ....

....properly in relation to our work, but the motivation behind the work is similar to ours. 3 The Theory Behind Trajectory Evaluation In this section we shall give a brief introduction to the theory behind symbolic trajectory evaluation. For the complete theory, the interested reader is referred to (Seger Bryant, 1993). We shall assume the reader has a working knowledge of elementary concepts from lattice theory. In particular, the concepts of partial orders, lattices, monotone functions, etc. will be used without further explanation. The model we use of a system is simple and general. A model structure is a ....

[Article contains additional citation context not shown here]

Seger, Carl-Johan H., & Bryant, Randal E. 1993 (Apr.). Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories. Technical Report 93-8. Department of Computer Science, University of British Columbia.

....3. FORMAL VERIFICATION 34 There are many other approaches which have been taken to formally verifying hardware. As mentioned previously, there are approaches which are rooted in theorem proving [112] which are more expressive, but harder to automate efficiently. Symbolic trajectory evaluation [103] is less expressive than CTL, but allows for more efficient verification. The PSPACE completeness of the model checking problem, often referred to as state explosion) even in its simplest forms, simply reinforces the need for heuristics [18] Other approaches rely on restricting the verification ....

C.-J. H. Seger and R. E. Bryant. Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories. Technical Report TR-93-8, University of British Columbia, Department of Computer Science, April 1993.

....2.4 Symbolic Trajectory Evaluation This section briefly outlines the existing STE based approach. This is useful in the later discussion and will help illustrate some of the novel aspects of the thesis. Symbolic trajectory evaluation was first proposed in [23] and the full theory can be found in [116]. Good examples of verification using STE can be found in [8, 47] This section is heavily based on the presentation of STE found in [77] The model of a system is simple and general, a tuple M = hS; v i; Y) where hS; v i is a complete lattice (S being the state space and v a partial order on S) ....

....The method of computing the approximations to the minimal sets of formulas is based on symbolic trajectory evaluation (STE) a model checking algorithm for checking partially ordered state spaces. The original version of STE was first presented in [25] and a full description of STE can be found in [116]. In these presentations, the algorithm is applied only to trajectory formulas, a restricted, two valued temporal logic. This chapter generalises earlier work in two important respects. 1. It presents the theory for applying STE to the quaternary logic. 2. It presents the theory for the full class ....

C.-J.H. Seger and R.E. Bryant. Formal Verification by Symbolic Evaluation of PartiallyOrdered Trajectories. Formal Methods in Systems Design, 6:147--189, March 1995.

....memory accesses rather than to the size of the memory. It is based on the observation that a single execution sequence typically contains a limited number of memory accesses. Symbolic Trajectory Evaluation (STE) is an extension of symbolic simulation that has been used to formally verify circuits [8]. STE has been applied on the verification of a simple pipelined data path [2] Incorporation of the EMM in STE enabled us 1. This research was supported in part by the SRC under contract 96 DC 068. Miroslav N. Velev Department of Electrical and Computer Engineering Carnegie Mellon University ....

C.-J. H. Seger, and R. E. Bryant, "Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories," Formal Methods in System Design, Vol. 6, No. 2 (March, 1995), pp. 147-190.

....the transistor level memory model when verifying a simple pipelined data path. 1 Introduction Ternary simulation, where the unknown value X is used to indicate that a signal can be either 0 or 1, has proven to be very powerful for both validation and formal verification of digital circuits [10]. Given that the simulation algorithm satisfies a monotonicity property to be described later, any binary values resulting from simulating patterns with X s would also result when the X s are replaced by any combination of 0 s and 1 s. Hence, employing X s reduces the number of simulation ....

....conservative approximation of the replaced memory array. Since symbolic ternary values are a superset of symbolic binary values, the extended EMM defined in this paper is a superset of the one from [11] Experimental results for the EMM were obtained using the Symbolic Trajectory Evaluation (STE) [10] technique for formal verification. STE is an extension of symbolic simulation that has been used to formally verify circuits, including a simple pipelined data path [3] Incorporation of the EMM in STE enabled the verification of the pipelined data path with a significantly larger register file ....

C.-J. H. Seger, and R. E. Bryant, "Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories," Formal Methods in System Design, Vol. 6, No. 2 (March 1995), pp. 147-190.

No context found.

C. J. H. Seger, R. E. Bryant, "Formal verification by symbolic evaluation of partially-ordered trajectories," Formal Methods in System Design,6:147--189 (1995).

No context found.

Carl-Johan H. Seger and Randal E. Bryant. Formal verification by symbolic evaluation of partially-ordered trajectories. Formal Methods in System Design, 6:147--189, 1995.

No context found.

C.-J. Seger, and R. E. Bryant, "Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories," submitted for publication, April, 1993.

No context found.

Carl-Johan H. Seger and Randal E. Bryant. Formal verification by symbolic evaluation of partially-ordered trajectories. Formal Methods in System Design, 6:147-- 189, 1995. This article was processed using the L a T E X macro package with LLNCS style

....evolved. The effort required to port and maintain the verification script was greatly mitigated by the high capacity of our verification engines and by techniques that minimize implementation dependent details in the verification script. 2TheForteSystem Symbolic trajectory evaluation (STE) [20] is the core of Forte. It is used as a model checker and as a symbolic simulation engine. The STE model checker verifies that if a finite length circuit behavior satisfies given assumptions, it also satisfies given specification obligations. STE is the primary semantic link between the circuit ....

C.-J. H. Seger and R. E. Bryant. Formal verification by symbolic evaluation of partially-ordered trajectories. Formal Methods in System Design, 6(2):147--189, Mar. 1995.

No context found.

C.-J.H. Seger and R.E. Bryant, "Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories," Formal Methods in System Design, vol. 6, no. 2, Mar. 1995, pp. 147-189.

....sim ulation called Symbolic Trajectory Evaluation[1] is used to perform the verification task. We use the term trajectory specification and trajectory assertions partly for historical reasons. Our trajectory assertions are a generalization of the trajectory assertions introduced by Seger[4]. The justification is that the assertions define a set of trajectories in the simulator. The formal verification methodology presented in this paper is currently being used to verify a superscalar processor which implements the PowerPC architecture[12] The processor has several complex features ....

....has been used earlier to verify trajectory assertions. Beatty[3] mapped each abstract assertion into a set of symbolic patterns. STE was used to verify the set of symbolic patterns on the circuit. The set of symbolic patterns corresponded to a single sequence of states in a state diagram. Seger[4] extended STE to perform fixed point computations to verify a single sequence of states augmented with a limited set of loops. In our work, trajectory assertions are general state diagrams. We have extended STE to deal with generalized trajectory assertions. Our work has some resemblance to the ....

[Article contains additional citation context not shown here]

C. J. H. Seger and R. E. Bryant, "Formal Verification by Symbolic Evaluation of Partially -Ordered Trajectories," Formal Methods in System Design 6, pp. 147-189, 1995.

....has been used earlier to verify trajectory assertions. Beatty [2] mapped each abstract assertion into a set of symbolic patterns. STE was used to verify the set of symbolic patterns on the circuit. The set of symbolic patterns corresponded to a single sequence of states in a state diagram. Seger[3] extended STE to perform fixed point computations to verify a single sequence of states augmented with a limited set of loops. We have extended STE to deal with arbitrary state diagrams. Our work has some resemblance to the capabilities provided by the Symbolic Model Verifier (SMV) 5] 6] SMV ....

C. J. H Seger and R. E. Bryant, "Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories," Formal Methods in System Design 6, pp. 147-189, 1994.

....simulated provides some amount of coverage. This often is sufficient to verify that, for example, the multiplier above is correctly communicating with the rest of the circuit. 2 Related Work The symbolic simulation methodology most closely related to ours is Symbolic Trajectory Evaluation (STE) [15]. STE encodes sets of ternary vectors as pairs of BDDs which are then propagated through the simulator. The only chance for approximation in this method is in the selection of the ternary vectors, which is done by the user. Our methodology allows the simulator to choose the amount of approximation ....

C.-J. Seger and R. E. Bryant. Formal verification by symbolic evaluation of partially-ordered trajectories. Formal Methods in System Design, 6(2):147--189, 1995.

....and demonstrate their application on a large and complex industrial example. We present an overview of the IA 32 instruction set and the IM. We then describe our correctness statement and the proof itself. We conclude with a summary of the bugs we discovered. 2 Background Trajectory evaluation [8] is based on traditional notions of digital circuit simulation and excels at datapath verification. The two keys to the efficiency of trajectory evaluation are the restricted language of the temporal formulas (there is no negation and the only temporal operator is next ) and the extended ....

C.-J. H. Seger and R. E. Bryant. Formal verification by symbolic evaluation of partially-ordered trajectories. Formal Methods in System Design, 6(2):147, Mar. 1995.

....on two complex CAMs (Sections 4 and 5) from a recent PowerPC processor. This verification was carried out at the joint Motorola IBM PowerPC design center, Somerset, located in Austin, Texas. In our work, we utilized the Voss STE system [8] 2. Background 2.1. Symbolic trajectory evaluation STE [7] is a ternary symbolic simulation based technique for verifying behaviors of a system over bounded, finite time intervals. Specifications are trajectory assertions of the form #Antecedent #Consequent#,whereAntecedent and Consequent are trajectory formulae. Intuitively, the antecedent defines an ....

C. J. H. Seger, R. E. Bryant, "Formal verification by symbolic evaluation of partially-ordered trajectories," Formal Methods in System Design,6:147--189 (1995).

....input to FL, the result is T, indicating that the expression is a tautology. Typically, significantly more complex expressions with more variables are used. Originally, FL was designed as meta language for one particular type of formal hardware verification, namely symbolic trajectory evaluation [SB93] but since FL is a general purpose functional language, it has become a language of choice for prototyping formal verification approaches that benefit from efficient handling of Boolean functions. Translating ST Programs to FL Programs In order to reason about Synchronized Transitions programs ....

C-J. Seger and R. E. Bryant. Formal verification by symbolic evaluation of partiallyordered trajectories. Technical Report UBC-CS-93-8, Department of Computer Science, University of British Columbia, Vancouver, B.C., Canada, 1993.

....g holds between s j and t j for j = 0; n. 2.3 Verification Methodology The verification methodology proposed is the integrated use of theorem proving and model checking. The model checking approach is based on the method of symbolic trajectory evaluation (STE) proposed by Seger and Bryant [6]. This work developed STE for a restricted temporal logic, trajectory formulas (TF) The Voss system [5] implements STE efficiently. However, model checking has inherent limitations, and there are many circuits that model checking cannot deal with. Earlier work of ours [2] presented a ....

C.-J.H. Seger and R.E. Bryant. Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories. Journal of Formal Methods in Systems Design, 6:147--189, March 1995.

....indicates the value of a signal for many different operating conditions, parameterised in terms of a set of symbolic Boolean variables. In essence, ternary symbolic simulation allows us to combine multiple ternary simulation sequences into a single symbolic sequence. Symbolic trajectory evaluation [51] takes the notion of ternary symbolic simulation one step further by providing a concrete means of specifying and verifying the desired behaviour of the system operating over time. The specifications take the form of symbolic trajectory formulas mixing Boolean expressions and the temporal ....

....The method of computing the approximations to the minimal sets of formulas is based on symbolic trajectory evaluation (STE) a model checking algorithm for checking partially ordered state spaces. The original version of STE was first presented in [19] and a full description of STE can be found in [51]. In these presentations, the algorithm is applied only to trajectory formulas, a restricted, two valued temporal logic. This chapter generalises earlier work in two important respects: 1. It presents the theory for applying STE to the quaternary logic. 2. It presents the theory for the full class ....

[Article contains additional citation context not shown here]

C.-J.H. Seger and R.E. Bryant. Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories. Formal Methods in Systems Design, 6:147--189, March 1995.

....the method presented in [5] assumes simulation over symbolic binary values. Ternary simulation, where the unknown value X is used to indicate that a signal can be either 0 or 1, has proven to be more powerful than binary simulation for both validation and formal verification of digital circuits [17]. Given that the simulation algorithm satisfies a monotonicity property, any binary values resulting when simulating patterns with X s would also result when the X s are replaced by any combination of 0 s and 1 s. Hence, 1. This research was supported in part by the SRC under contract 97 DC 068. ....

....simulation; 3) a variable group indexing technique for generating the initial state of EMMs; and 4) experimental results with a shortened MIPS pipeline showing the potential of the new ideas. We consider two forms of verification, supported by our tool: 1) Symbolic Trajectory Evaluation (STE) [17], where one proves that a circuit satisfies a specification given as a temporal logic formula; and 2) Correspondence Checking, where one proves a correspondence between two circuits by evaluating two execution sequences starting from a common initial state and showing that they yield identical ....

C.-J.H. Seger, and R.E. Bryant, "Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories," Formal Methods in System Design, Vol. 6, No. 2 (March 1995), pp. 147-190.

....patterns. Since we are using a symbolic simulator, variables can appear in simulation patterns. We check the generated patterns using symbolic trajectory evaluation, a form of symbolic simulation which allows precise constraining and checking of system state during sequences of operation [12]. This exploits the power of the switch level model s ternary X value in reducing extraneous analysis of circuit components that do not participate in a calculation (thereby reducing precision, but remaining accurate, i.e. not producing incorrect binary values) 6 6 Of course, a simulator that ....

C.-J. H. Seger and R. E. Bryant. Formal verification by symbolic evaluation of partially-ordered trajectories. Technical report 93-- 8. Comp. Sci. Dept., Univ. of British Columbia, 1993.

....simulator to detect combinational hazards, critical races, and feedback oscillations. Given that the simulation algorithm satisfies a monotonicity property, any binary values resulting when simulating patterns with X s would also result when the X s are replaced by any combination of 0 s and 1 s [12]. Hence, employing X s reduces the number of simulation patterns, often dramatically. However, ternary simulators will sometimes produce a value X, when an exhaustive analysis would determine the value to be binary (i.e. 0 or 1) This problem has been resolved by combining ternary modeling with ....

....pattern that involves far fewer variables than would be required for a complete binary symbolic simulation. In addition to validation, symbolic ternary simulation has proven to be very powerful for formal verification, as demonstrated by the Symbolic Trajectory Evaluation (STE) technique [12][7] Furthermore, symbolic ternary simulation can be combined with different delay models. This has been achieved by Seger and Bryant [11] by assuming that gates have zero delays and are connected in series with delay boxes that model inertial delay bounded by a minimum and a maximum value. ....

[Article contains additional citation context not shown here]

C.-J.H. Seger, and R.E. Bryant, "Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories," Formal Methods in System Design, Vol. 6, No. 2 (March 1995), pp. 147-190.

....is useful to do when dealing with a state space with an information ordering defined on it, where in some states there may be insufficient or contradictory information available. The paper presents the syntax and semantics of a quaternary valued temporal logic. Symbolic trajectory evaluation (STE) [32] has been used to model check partially ordered state spaces with some success. The limitation of STE so far has been that the temporal logic used (a two valued logic) has been restricted, whereas a more expressive temporal logic is often useful. This paper generalises the theory of symbolic ....

....basic blocks, and the meaning of the formulas is defined by a satisfaction relation between formulas and sequences of the underlying state space. Symbolic trajectory evaluation (STE) is a model checking algorithm which has successfully exploited partially ordered state spaces representations [32]. Moreover, STE does not use fix point computations of the next state relation to determine sets of reachable states (symbolic simulation of the model is used to explore the model s behaviour) Although these properties of STE have important performance advantages, the price paid for the ....

[Article contains additional citation context not shown here]

C.-J.H. Seger and R.E. Bryant. Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories. Journal of Formal Methods in Systems Design, 6:147--189, March 1995.

No context found.

Seger, C.-J. and R. Bryant, Formal verification by symbolic evaluation of partially-ordered trajectories, Formal Methods in System Design 6 (1995).

No context found.

C.-J.H. Seger and R.E. Bryant. Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories. Formal Methods in System Design: An Inter. Journal, 6(2), 1995.

No context found.

C.-J.H. Seger and R.E. Bryant. Formal Verification by Symbolic Evaluation of PartiallyOrdered Trajectories. Formal Methods in System Design: An Inter. Journal, 6(2), 1995.

No context found.

C.-J.H. Seger, and R.E. Bryant, "Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories," Formal Methods in System Design, Vol. 6, No. 2 (March 1995), pp. 147--190.

No context found.

C.-J. Seger and R. Bryant. Formal verification by symbolic evaluation of partially-ordered trajectories. Formal Methods in System Design, 6(2):147--190, March 1995.

No context found.

Seger, C.-J. and R. Bryant, Formal verification by symbolic evaluation of partially-ordered trajectories, Formal Methods in System Design 6 (1995).

No context found.

C-J.H. Seger and R.E. Bryant, Formal Verification by Symbolic Evaluation of PartiallyOrdered Trajectories, Tech. Report 93-8, Computer Sci. Dept., Univ. of British Columbia, Vancouver, 1993.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC