O. Coudert, C. Berthet, and J. C. Madre, "Verification of sequential machines using Boolean functional vectors," in IMEC-IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pp. 111--128, November 1989.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....[1, 11] We also prove that the normalized function method is a special case of our method. Parametric representation has been used to model the verification environment based on design constraints [1, 11] Various parametric representations of Boolean expressions have been discussed in [5, 7, 8, 9, 1, 11]. Parametric representation using BDDs was introduced by Coudert et al. 7, 8] and improved by Aagaard et al. 1] The authors in [1] proposed a method to generate the parameterized outputs as BDDs from the constraints represented by a single BDD [1] However this method can deal with only the ....

....our method. Parametric representation has been used to model the verification environment based on design constraints [1, 11] Various parametric representations of Boolean expressions have been discussed in [5, 7, 8, 9, 1, 11] Parametric representation using BDDs was introduced by Coudert et al.[7, 8] and improved by Aagaard et al. 1] The authors in [1] proposed a method to generate the parameterized outputs as BDDs from the constraints represented by a single BDD [1] However this method can deal with only the output variables of the environment, in other words the variables do not depend on ....

[Article contains additional citation context not shown here]

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using Boolean functional vectors. In L. Claesen, editor, Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, November 1989.

....to verify the formula f . This is because the edge (7,10) is not killed by adding counter 0 only. 5. Approximate Satisfying Don t Care Reachability analysis of a system has a significant role in model checking. A set of reachable states is used to make transition relation smaller by RESTRICT [5] operation. This minimized transition relation is smaller than original one because unreachable states are used as don t care states. This type of don t cares is called Reachability Don t Care(RDC) In [11] a superset of exact reachable Figure 4. Upper bound approximate STGs of a modulo 10 ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. Claesen, editor, Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, Nov. 1989.

....quantification of x 1 from f is defined by f x 1 and enjoys the following important property. Theorem 2 Existential quantification distributes over conjunction if only one operand depends on the quantified variable. That is: y (1) The constrain operator [10] (denoted by ) plays a significant role in image computation. It is defined as follows: Definition 1 Let f : B and g : B B be functions of x n and let x 1 x n be the variable order. Let the distance between two points y and z in B be given by D z 2 ....

....relations, in which, if one exclusively applies splitting (Equations 5 and 7) the next state variables are not needed, for the images can be directly computed in terms of the x variables. The recursive method that results is known as the transition function approach to image computation [10, 11, 7]. The application of the expansion theorem leads to a disjunctive decomposition of image computation. Conjunctive decomposition is easy (thanks to Theorem 2) if the conjuncts can be partitioned so that no variables are shared by the various blocks. Detecting conjunctive decomposition is ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. Claesen, editor, Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, November 1989.

....for which it is often difficult to design simulation stimuli that will expose subtle bugs. On the other hand, the exhaustive verification afforded by model checking is often accompanied by the so called state explosion problem. A combination of techniques, including the use of BDDs [Bry86, CBM89, McM94] or efficient SAT solvers [BCCZ99] the recourse to abstract interpretations [CC77] and assume guarantee reasoning [CGL92] have been employed to mitigate the problem. The purpose of these techniques is either to reduce the complexity of the model subjected to verification, or to increase ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. Claesen, editor, Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, November 1989.

....# # # # # #### #### # # ## #######. To make the notation more compact we will use boldface lower case letters to denote vector boolean functions (VBFs) Over the last 15 20 years there have been many attempts to formalize the notions of equivalence and containment between two sequential machines [11, 20, 19, 8, 15]. In this paper we follow the notion of equivalence as defined below: Definition 1: Equivalence) Two sequential circuits # # and # # are called equivalent denoted by # # , # # iff for every state of ## there is at least one equivalent state of # # and for every state of # # there is at ....

O. Coudert, C. Berthet, and J. Madre. " Verification of Sequential Machines Using Boolean Functional Vectors". Formal VLSI Correctness Verification. Elsevier Sc., pages 179--196, 1990.

....funzioni booleane e manipolazioni simboliche che permettano di contenere l esplosione degli stati. I Binary Decision Diagrams (BDD) Brya86] sono attualmente la miglior risposta alla prima esigenza, mentre le tecniche di attraversamento simbolico sembrano essere la soluzione alla seconda [BCMM91] [CoBM89], CCCG92] L esplorazione simbolica dello spazio degli stati L algoritmo si basa sulla tecnica di esplorazione simbolica in ampiezza degli stati raggiungibili da M ij di [CoMa90] Questa tecnica di esplorazione lineare calcola il seguente minimo punto fisso: ij n 1 = # ij ij n ....

.... booleana #A (s) S # B, definita come segue: #A (s) 1 se s 0 altrimenti Dato un generico vettore funzionale booleano F = f 1 , f N ] X # Y , una funzione caratteristica c : X # B e valori del dominio x # X , seguendo la tecnica di esplorazione simbolica degli stati di [CoBM89] ed utilizzando la simbologia proposta in [CHJP90] definiamo un operatore #, chiamato cofattore generalizzato e restrittore di immagine, che verra usato ampiamente per semplificare funzioni e calcolare immagini. L operazione F c ritorna un nuovo vettore funzionale booleano che soddisfi le ....

O. Coudert, C. Berthet, J.C. Madre: "Verification of Sequential Machines Using Boolean Function Vectors," IFIP International Workshop on "Applied Formal Methods for Correct VLSI Design", Leuven (Belgium), November 1989, Vol. 1, pp. 111-128

....can increase the accuracy of the power estimate by calculating the static probabilities of the present state lines more accurately. Techniques to compute the reachable set of states, or the strongly connected portion of the STG of a sequential machine, can be developed, based on the strategies of [9, 4]. These techniques are viable for machines with up to approximately 50 flip flops. Thereafter, the static probability of each present state line can be calculated. For example, if a machine has states 00, 01, and 10, and it is in these states with proabilities 0.1, 0.5, 0.4, respectively, then the ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of Sequential Machines Using Boolean Functional Vectors. In IMEC-IFIP Int'l Work- shop on Applied Formal Methods for Correct VLSI Design, pages 111-128, November 1989.

....9v[Z(v) ffi (v; u) which is the smallest set Z such that S Z and any state that is a successor under ffi of a state in Z is also in Z [6] We will call this approach forward traversal. The expression 9v[Z(v) ffi (v; u) is generally called the image of set Z under transition relation ffi [9, 19], which we will denote by Image(ffi; Z) Also commonly used is the image on the domain of ffi of a subset of the codomain given by 9v[Z(v) ffi (u; v) which we denote by PreImage(ffi; Z) We will also be using the expression 8v[ffi(u; v) Z(v) which we will denote by BackImage(ffi; Z) The ....

....there are many possible policies for applying these simplifications. We have achieved reasonable results with a very simple policy: we use a BDD simplification algorithm proposed by Coudert, Berthet, and Madre [8] to simplify one BDD using another as a don t care, Another choice is the constrain [9] or generalized cofactor [19] operator. we compute I i 1 [j] I i [j] H i [j] as above, but then simplify each I i 1 [j] by all I i 1 [k] for k j. Further research into conjunction and simplification policies may uncover other successful policies. Testing for termination at Point C could ....

Olivier Coudert, Christian Berthet, and Jean Christophe Madre, "Verification of Sequential Machines Using Boolean Functional Vectors," IMEC-IFIP International Workshop on Applied Formal Methods For Correct VLSI Design, Luc J.M. Claesen, ed., North Holland, 1989.

....= s i ( x; q) i = 1; 2; n. To make the notation more compact we will use boldface lower case letters to denote vector boolean functions (VBFs) Over the last 15 20 years there have been many attempts to formalize the notions of equivalence and containment between two sequential machines [12, 19, 18, 9, 15]. In this paper we follow the notion of equivalence as defined below: Definition 1: Equivalence) Two sequential circuits C a and C b are called equivalent denoted by C a , C b iff for every state of C a there is at least one equivalent state of C b and for every state of C b there is at ....

O. Coudert, C. Berthet, and J. Madre. " Verification of Sequential Machines Using Boolean Functional Vectors". Formal VLSI Correctness Verification. Elsevier Sc., pages 179--196, 1990.

....language of the other (Kurshan s approach is typical [53] One particularly simple case occurs when comparing a synchronous FSM with its hardware implementation. Then both automata are on finite strings, and the proof of equivalence can be performed by traversing the state space of their product [69]. Simulation relations are an efficient sufficient (i.e. conservative) criterion to establish language containment properties between automata, originating from the process algebraic community ( 47] 46] Informally, a simulation relation is a relation R between the states of the two ....

.... problem that are currently EDWARDS et al. DESIGN OF EMBEDDED SYSTEMS: FORMAL MODELS, VALIDATION, AND SYNTHESIS 379 close to industrial applicability, thanks to: The development of extremely efficient implicit representation methods for the state space, based on Binary Decision Diagrams ( 81] [69]) that do not require to represent and store every reachable state of the modeled system explicitly. The good degree of automation, at least of the property satisfaction or language containment checks themselves (once a suitable abstraction has been found by hand) The good match between ....

O. Coudert, C. Berthet, and J. C. Madre, "Verification of Sequential Machines Using Boolean Functional Vectors," in IMEC-IFIP Int'l Workshop on Applied Formal Methods for Correct VLSI Design, November 1989, pp. 111--128.

....of Ratel [Rat92] by goal ) with the restrict operator. raymond : Use the precondition algorithm of Raymond (by conjunction) raymond restrict : Use the precondition algorithm of Raymond (by conjunction) with the restrict operator. coudert : Use the precondition algorithm of Coudert [CBM89] by disjunction) coudert restrict : Use the precondition algorithm of Coudert [CBM89] by disjunction) with the restrict operator. coudert info : Use the precondition algorithm of Coudert [CBM89] by disjunction) with saving on nodes. 5 Examples 5.1 Program synthesis 5.1.1 The nim game ....

....algorithm of Raymond (by conjunction) raymond restrict : Use the precondition algorithm of Raymond (by conjunction) with the restrict operator. coudert : Use the precondition algorithm of Coudert [CBM89] by disjunction) coudert restrict : Use the precondition algorithm of Coudert [CBM89] by disjunction) with the restrict operator. coudert info : Use the precondition algorithm of Coudert [CBM89] by disjunction) with saving on nodes. 5 Examples 5.1 Program synthesis 5.1.1 The nim game Let us consider n lines of matches. The first one has 1 match, the second one 3, the ....

[Article contains additional citation context not shown here]

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. J. M. Claesen, editor, Formal VLSI Correctness Verification. North-Holland, November 1989.

....a (nearly) minimum number of nodes among all BMDs fulfilling this property. To the best of our knowledge the heuristics presented in this paper are the first solution to this problem. For the minimization of BDDs under don t care conditions there is a number of methods in the literature, e.g. [8, 7, 5, 18, 17, 11]. However for BMDs the problem seems to be more difficult, since due to the Davio decomposition in BMDs a change of the function value for a single input vector (exploiting a don t care for this input vector) has not only a local effect in the Decision Diagram, but can affect larger parts of ....

O. Coudert, C. Berthet, and J.C. Madre. Verification of sequential machines using Boolean functional vectors. In Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, 1989.

....state transition function, of the current state set for all the inputs. Traversal is either a depth first or a breadth first visit. The latter strategy is preferrable, as it deals with multiple states at the same time. Image computation is either an explicit enumeration [20] or a symbolic one [7] [8], 3] 15] Due to their theoretical and practical superiority, we shall restrict our investigation to symbolic techniques. Symbolic techniques are better because of the representation for Boolean functions, of the way they represent and manipulate sets, namely sets of states, and of the ....

....manipulate sets, namely sets of states, and of the algorithms for image computation. Binary Decision Diagrams (BDDs) 5] 4] are a solution to the first issue. Characteristic functions represent sets and, being Boolean, they benefit from the efficiency of BDDs. Image computation techniques [7] [8], 15] are tailored to the state transition function. The transition relation [7] 3] describes the sequential behavior of the FSM by means of the characteristic function of the set listing the couples current state next state , independently of the inputs. It is difficult to build the ....

[Article contains additional citation context not shown here]

O. Coudert, C. Berthet, J.C. Madre: "Verification of Sequential Machines Using Boolean Function Vectors," IFIP Int'l Workshop on "Applied Formal Methods for Correct VLSI Design", Leuven (Belgium), November 1989, Vol. 1, pp. 111--128 19

....has a (nearly) minimum number of nodes among all BMDs fulfilling this property. To the best of our knowledge the heuristics presented in this paper are the first solution to this problem. For the minimization of BDDs under don t care conditions there is a number of methods in the literature, e.g. [9, 8, 6, 20, 19, 12]. However for BMDs the problem seems to be more difficult, since due to the Davio decomposition in BMDs a change of the function value for a single input vector (exploiting a don t care for this input vector) has not only a local effect in the Decision Diagram, but can affect larger parts of ....

O. Coudert, C. Berthet, and J.C. Madre. Verification of sequential machines using Boolean functional vectors. In Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, 1989.

....of PNs, and or transformations of other specifications into PNs under different design constraints and optimization criteria. Fig. 1 shows our framework for synthesizing PNs and transforming specifications. 1. 2 Applications of the Method There are well known algorithms (see, e.g. [18], 32] 1] to extract a finite state representation of the sequential behavior of a synchronous or asynchronous circuit. But, a really user friendly interaction can be achieved only by presenting the designer a timing diagram like PN that represents the same behavior, with explicit causality. ....

# O. Coudert, C. Berthet, and J.C. Madre, "Verification of Sequential Machines Using Boolean Functional Vectors," Proc. IFIP Int'l Workshop Applied Formal Methods for Correct VSLI Design, L. Claesen, ed., pp. 111-128, Leuven, Belgium, Nov. 1989.

....In this paper we use the finite state machine (FSM) model to represent sequential behavior. This Mealy type FSM is a 6 tuple ( Sigma; O; S; s 0 ; Delta; where Delta and are multiple output boolean functions of cardinality c d and l, respectively, referred as Boolean functional vectors [9]. 18 5.1 Algorithm For Finding Reachable States Given an FSM with next state functional vector Delta : S Theta Sigma S; Delta = ffi 1 ( x; q) ffi c d ( x; q) the transition relation of the machine can be written as: T ( x; q; Q) c d Y i=1 Q i fi ffi i ( x; q) 3) ....

O. Coudert, C. Berthet, and J. Madre. Verification of sequential machines using boolean functional vectors. Formal VLSI Correctness Verification. Elsevier Sc., pages 179--196, 1990.

....In this paper we use the finite state machine (FSM) model to represent sequential behavior. This Mealy type FSM is a 6 tuple ( Sigma; O; S; s 0 ; Delta; where Delta and are multiple output boolean functions of cardinality c d and l, respectively, referred as Boolean functional vectors [13]. 3.3.1 Algorithm For Finding Reachable States Given an FSM with next state functional vector Delta : S Theta Sigma S; Delta = ffi 1 ( x; q) ffi c d ( x; q) the transition relation of the machine can be written as: T ( x; q; Q) c d Y i=1 Q i fi ffi i ( x; q) 3.3) where ....

O. Coudert, C. Berthet, and J. Madre. Verification of sequential machines using boolean functional vectors. Formal VLSI Correctness Verification. Elsevier Sc., pages 179--196, 1990.

....primary input distributions. Then, given that the computation of the activation function depends on the input probabilities, we expect the size and the probability of F a to be affected by the use of non equiprobable input distributions. As an example, let us consider the minmax3 circuit [17]; in Figure 6 we plot the value of PROB(F a ) for varying values of the probability of the enable (active high) and clear (active low) control inputs. For 19 Circuit PI PO States Power Savings Symbolic Explicit bbara 4 2 10 45 49 bbtas 2 2 6 12 21 keyb 7 2 19 26 11 lion9 2 1 9 10 13 ....

O. Coudert, C. Berthet, J. C. Madre, "Verification of Sequential Machines Using Boolean Functional Vectors, " IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pp. 111-128, Leuven, Belgium, November 1989. 24

....s 4 ) s 2 Phi s 3 ) s 5 Phi s 8 ) s 6 Phi s 7 ) s 1 Phi s 2 ) s 5 Phi s 6 ) 1) that can be efficiently represented by an OBDD. Traversal algorithms for building the reachability set of the Petri net from its initial marking can be efficiently implemented by using boolean operations [4, 3]. In particular, if m 0 is the initial marking of a net N , the reachability set S can be obtained by computing the least fix point of the following recurrence: S 0 = fm 0 g S i 1 = S i [ Image(N; S i ) 2) where Image is a function that returns the states reachable from S i in one step. In the ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. Claesen, editor, Proc. IFIP Int. Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, November 1989.

....balanced partitions. The effectiveness of our contributions is demonstrated by improved results in reachability analysis for some hard problem instances. 1 Introduction Symbolic state enumeration techniques based on Binary Decision Diagrams (BDDs [2] have revolutionized formal verification [8, 4, 17, 1, 14]. They have two key features that make them suitable to the exploration of very large state graphs: They represent sets compactly, and they avoid explicit enumeration in image computation. Given the transition relation of a system, R#x; y#,anda set of states, F #x#, the set of states reachable in ....

....first # This work was supported in part by NSF grant MIP 94 22268 and SRC contract 96 DJ 560. x y z f r c 1 Figure 1: Remapping in constrain and restrict. Solid lines are then arcs. Dashed lines are regular else arcs, and dotted lines are complement arcs. relevant results are the constrain [8] and restrict [9] algorithms. We discuss restrict briefly now for two reasons: First, to provide the background required in Section 3, and second, to illustrate an approach to manipulation of BDDs that is common to the algorithms introduced in this paper. Throughout this paper we assume that a ....

[Article contains additional citation context not shown here]

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. Claesen, editor, Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, November 1989.

....to verify the formula f . This is because the edge (7,10) is not killed by adding counter[0] only. 5 Approximate Satisfying Don t Care Reachability analysis of a system has a significant role in model checking. A set of reachable states is used to make transition relation smaller by RESTRICT [4] operation. This minimized transition relation is smaller than original one because unreachable states Figure 2: Upper bound approximate STGs of a modulo 10 counter with different T . Only part of the whole STG is shown. A dashed line is a pseudo edge. 1)T = T3T2T1T0 , 2)T = T3T2T1 , ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. Claesen, editor, Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, November 1989.

....manipulating Boolean functions efficiently is central to many different problems in logic synthesis, testing and verification. In recent years, reduced, ordered Binary Decision Diagrams (ROBDDs) 3] have gained widespread use in the areas of combinational and sequential logic verification (e.g. [6, 13]) due to their canonicity and ease of manipulation. The efficiency of an ROBDD representation depends strongly on the input ordering. Finding a good ordering is a difficult problem that has received considerable attention (e.g. 13] However, there are classes of combinational circuits, notably ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of Sequential Machines Using Boolean Functional Vectors. In IMEC-IFIP Int'l Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, November 1989.

....of the other (Kurshan s approach is typical [Kur94] One particularly simple case occurs when comparing a synchronous FSM with its hardware implementation. Then both automata are on finite strings, and the proof of equivalence can be performed by traversing the state space of their product [CBM89] 34 Simulation relations are an efficient sufficient (i.e. conservative) criterion to establish language containment properties between automata, originating from the process algebraic community ( Mil89, Hoa78] Informally, a simulation relation is a relation R between the states of the ....

.... paradigms represent about the only solutions to the specification verification problem that are currently close to industrial applicability, thanks to: The development of extremely efficient implicit representation methods for the state space, based on Binary Decision Diagrams ( Bry86] CBM89] that do not require to represent and store every reachable state of the modeled system explicitly. The good degree of automation, at least of the property satisfaction or language containment checks themselves (once a suitable abstraction has been found by hand) The good match between ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of Sequential Machines Using Boolean Functional Vectors. In IMEC-IFIP Int 'l Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, November 1989.

....finding the best cofactors according to some criterion. A common criterion is the size of the representations, that is, when BDDs are used, the number of nodes. As we saw, the values of f g are fixed wherever g = 1. The problem is therefore to choose the values of f g where g = 0. Coudert et al. [21] introduced an operator on BDDs, called constrain that normally returns compact cofactors. The strategy of constrain is to map each minterm in the offset of g into a minterm of the onset of g and use this map to define the values of f g wherever g = 0. The map depends on g and on the following ....

....Figure 20. 8.4 Image Computation for Transition Functions We now examine how to compute the image of a function f : B n B m , when the transition function is given as a set of BDDs, one for each next state variable. It is possible to find Img(f; C) by breaking the computation in two steps [21]: 1. Find a new function whose image over the entire domain B n equals the image of f over the restricted domain C . 2. Find the (unconstrained) image of the new function. 46 f f f a a a b b b c 1 2 3 Figure 20: BDDs for the image computation examples. C B n B m f x 1 x v 1 v ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. Claesen, editor, Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, November 1989.

....representation can be chosen for a given incompletely specified function. Coudert et al. introduced an operator called constraint that, given a boolean function and the set of points in the domain for which the function is specified, tries to find among all possible representations, a compact one [CBM89] The procedure is not exact, it is not guaranteed to find the most compact representation for the function, but it has been shown to produce significant reductions in the size of the BDDs. The implemented model checking algorithm exploits this concept in order to speed up the verification ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. Claesen, editor, Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, November 1989.

....for which it is often difficult to design simulation stimuli that will expose subtle bugs. On the other hand, the exhaustive verification afforded by model checking is often accompanied by the so called state explosion problem. A combination of techniques, including the use of BDDs [Bry86, CBM89, McM94] or efficient SAT solvers [BCCZ99] the recourse to abstract interpretations [CC77] and assume guarantee reasoning [CGL92] have been employed to mitigate the problem. The purpose of these techniques is either to reduce the complexity of the model subjected to verification, or to increase ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. Claesen, editor, Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, November 1989.

....to verify the formula f . This is because the edge (7,10) is not killed by adding counter[0] only. 5. Approximate Satisfying Don t Care Reachability analysis of a system has a significant role in model checking. A set of reachable states is used to make transition relation smaller by RESTRICT [5] operation. This minimized transition relation is smaller than original one because unreachable states are used as don t care states. This type of don t cares is called Reachability Don t Care(RDC) In [11] a superset of exact reachable Figure 4. Upper bound approximate STGs of a modulo 10 ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. Claesen, editor, Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, Nov. 1989.

....the system subjected to symbolic model checking is given as a predicate T (y; w; x) that is true if there is a transition from State x to State y under Input w. The predicate is usually described by a Binary Decision Diagram [2] Representing T (y; w; x) by a single formula is often impractical [5, 14, 3]; a partitioned representation is used in those cases. The partitioned transition relation approach is especially natural when the system to be analyzed is a deterministic hardware circuit. Then, each binary memory element of the circuit gives rise to one term of the transition relation. When the ....

....in the number of state variables. The dependence matrices of large circuits are almost invariably sparse. The study of the dependence matrix in image computation was the topic of [10] The context there was image computation with the transition function method input splitting in particular [5, 4]. From the dependence matrix one could extract information about the BDD variable order and the choice of the splitting variable. More recently, Moon et al. 12] have used the dependence matrix to dynamically guide the choice of image computation algorithm. The rest of this paper is organized as ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. Claesen, editor, Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, November 1989.

....results show that the overall runtime can be reduced significantly and is also clearly superior to the combinational approach. 1. INTRODUCTION Based on ordered Binary Decision Diagrams (BDDs) 3] Finite State Machines (FSMs) of more than 10 20 states could be symbolically traversed [5, 6, 4]. In the meantime, these techniques have been successfully applied in practice and have also been integrated in industrial verification tools. However, as well known BDDs are very sensitive to the variable ordering, i.e. the size of a BDD (measured in the number of nodes) may vary from linear to ....

O. Coudert, C. Berthet, and J.C. Madre. Verification of sequential machines using Boolean functional vectors. In Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, 1989.

....primary inputs (the inputs coming from the other submachines) Inside this loop, in Line 4, a submachine index is retrieved from the queue. In Line 5, the transition relation of the submachine is constrained with respect to the reachable states of its fanin submachines. The use of constrain [CBM89, TSL 90] instead of conjunction and the restriction to the fanin submachines are for efficiency. Then, in Line 6, FsmTraversal computes the states of this submachine that are reachable from the current reached states. Notice that here MBM uses the initial states. LMBM could also use the ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. Claesen, editor, Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, November 1989.

....Bac include computing the set of reachable configurations (taking fully into account our general notion of care sets) and verification of the invariance of Boolean formulas either by forward or by backward traversal. Bac makes use of the Bdd package described in [17] and of standard techniques [7, 2, 9, 17] for image and back image computation. Moreover, translators from Argos and Lustre to Boolean automata are available, which have made possible experiments on large examples (hundreds variables) These experiments show that the loop analysis procedure is quite efficient. The expensive part is ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean 6 functional vectors. In L. J. M. Claesen, editor, Formal VLSI Correctness Verification. NorthHolland, November 1989.

....we are interested in are OBDDs (ordered binary decision diagrams) for a fixed variable ordering. For the definition of OBDD, we refer to Bryant [2] Our problem has many applications. In order to construct the set of reachable states of a finite state machine, Coudert, Berthet and Madre [4] have noted that one may search for new states from any set of states between the set of states reached for the first time in the last round of the algorithm and the set of states ever reached. Hence, they work with OBDDs for incompletely specified functions. Small OBDD covers are also useful if ....

O. Coudert, C. Berthet, J. C. Madre: "Verification of Sequential Machines Using Boolean Functional Vectors". In Proc. of the IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, p. 111--128, Nov. 1989.

....oracles have to be removed. Notice that determinization with oracles is not only useful for causality analysis. Determinism with respect to inputs is also a key property for symbolic verification, since specific, efficient BDD based techniques have been designed for input deterministic machines [CBM89]: This explains the remarkable success of BDD based techniques in the domain of circuits and their relative failure in dealing with non deterministic systems. So, determinization with oracles is surely a useful first step in the verification of non deterministic systems. ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. J. M. Claesen, editor, Formal VLSI Correctness Verification. North-Holland, November 1989.

....timing models. One can view the combined effect of these research projects as providing a spectrum of checking based verifiers that trade off between expressiveness and performance. Most other automated approaches to sequential circuit verification are based on testing state machine equivalence [16, 19]. Such methods are useful for comparing two different (but hopefully equivalent) representations of the system, such as one at a register transfer level and one at a gate level. However, they do not work well for verifying the correctness of incompletely specified systems, nor for reasoning about ....

O. Coudert, C. Berthet, and J. C. Madre, "Verification of Sequential Machines using Boolean Functional Vectors," IMEC-IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, 1989, pp. 111--128.

....of x 1 from f is defined by f x 1 f :x 1 and enjoys the following important property. Theorem 2 Existential quantification distributes over conjunction if only one operand depends on the quantified variable. That is: 9x: f (x;y) g(y) 9x: f (x;y) g(y) 1) The constrain operator [10] (denoted by #) plays a significant role in image computation. It is defined as follows: Definition 1 Let f : B n B m and g : B n B be functions of x 1 ; x n and let x 1 x 2 x n be the variable order. Let the distance between two points y and z in B n be given by ....

....relations, in which, if one exclusively applies splitting (Equations 5 and 7) the next state variables are not needed, for the images can be directly computed in terms of the x variables. The recursive method that results is known as the transition function approach to image computation [10, 11, 7]. The application of the expansion theorem leads to a disjunctive decomposition of image computation. Conjunctive decomposition is easy (thanks to Theorem 2) if the conjuncts can be partitioned so that no variables are shared by the various blocks. Detecting conjunctive decomposition is ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. Claesen, editor, Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, November 1989.

....by calculating all reachable markings (states) of the STG. Given the initial marking m 0 of N and the initial values of the signals s 0 , the set of states of an STG can be calculated by using symbolic traversal techniques, similar to those used for the verification of finite state machines [8]. Figure 14 describes an algorithm for symbolic traversal. It starts from an initial full state (m 0 ; s 0 ) For each outermost iteration, all transitions of the Petri net are visited and fired from all the new states found so far. The algorithm halts when a fixed point is reached (no new states ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. Claesen, editor, Proc. IFIP Int. Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, November 1989.

....transformations of PNs, and or transformations of other specifications into PNs under different design constraints and optimization criteria. Figure 1 shows our framework for synthesizing PNs and transforming specifications. Applications of the method. There are well known algorithms (see, e.g. [18], 32] or [1] to extract a finite state representation of the sequential behavior of a synchronous or asynchronous circuit. But a really user friendly interaction can be achieved only by presenting the designer a timing diagram like PN that represents the same behavior, with explicit causality. ....

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. Claesen, editor, Proc. IFIP Int. Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, November 1989.

....problems involving an image computation with a bounded output, for instance tests, have a lower complexity. Knowing whether Img( f ; 1) 1 is one of these problems, and it is an interesting problem because it could be used to dramatically speed up the image computation by recursion pruning [7, 9]. But Theorem 3.3 shows that this test is also NP hard. Even testing whether an element of f0; 1g n belongs to Img( f ; 1) is NP complete. Theorem 3.3 Being given the graph of f , to test whether Img( f ; 1) 1 or not is NP hard. 6 Proof. Let C = V k=n k=1 c k be a ....

....of these components has to be saved. These two elimination processes reduce the number of entries in the cache, and increase the hit ratio. So the number of recursive calls to the function range is reduced. Theorem 3. 6 uses a partitioning of the vector into sets of functions of disjoint supports [9]. If the graphs f 1 ; fn can be partitioned into a partition P = f 1 ; f q ) where the vectors f k have disjoint supports of variables, then computing Img( f 1 : fn ] 1) comes down to performing the product of the q characteristic functions of Img( f k ; 1) And ....

[Article contains additional citation context not shown here]

O. Coudert, C. Berthet, J. C. Madre, "Verification of Sequential Machines Using Boolean Functional Vectors", in Proc. of the IFIP Int'l Workshop, Applied Formal Methods for Correct VLSI Design, Leuven, Belgium, November 1989.

No context found.

O. Coudert, C. Berthet, and J. C. Madre, "Verification of sequential machines using Boolean functional vectors," in IMEC-IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pp. 111--128, November 1989.

No context found.

O. Coudert, C. Berthet, and J. C. Madre, "Verification of sequential machines using Boolean functional vectors," in IMEC-IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, Nov. 1989.

No context found.

O. Coudert, C. Berthet, and J. C. Madre, "Verification of sequential machines using Boolean functional vectors," in IMEC-IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pp. 111--128, November 1989.

No context found.

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. J. M. Claesen, editor, Formal VLSI Correctness Verification. North-Holland, November 1989.

No context found.

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using boolean functional vectors. In L. Claesen, editor, Proceedings IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, Leuven, Belgium, November 1989. North-Holland. 48

No context found.

Olivier Coudert, Christian Berthet, and Jean-Christophe Madre. Verification of sequential machines using boolean functional vectors. In Proceedings of the IMECIFIP Workshop on AppliedFormal Methods for Correct VLSI Design, Leuven, Belgium, pages 179--196, November 1989. 14

No context found.

O. Coudert, C. Berthet, and J. C. Madre, "Verification of Sequential Machines using Boolean Functional Vectors," IMEC-IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, 1989, pp. 111--128.

No context found.

O. Coudert, C. Berthet, and J. C. Madre. Verification of Sequential Machines using Boolean Functional Vectors. In Proceedings of the IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, pages 179--196, 1989.

No context found.

O. Coudert, C. Berthet, and J. C. Madre. Verification of sequential machines using Boolean functional vectors. In Proc. IFIP Int. Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, 1989.

No context found.

O. Coudert, C. Berthet, and J. C. Madre, "Verification of Sequential Machines using Boolean Functional Vectors," IMEC-IFIP International Workshop on Applied Formal Methods for Correct VLSI Design, 1989, pp. 111--128.

No context found.

O. Coudert, C. Berthet, and J. C. Madre. Verification of Sequential Machines Using Boolean Functional Vectors. In IMEC-IFIP Int'l Workshop on Applied Formal Methods for Correct VLSI Design, pages 111--128, November 1989.

No context found.

Olivier Coudert, Christian Berthet, and Jean Christophe Madre,"Verification of Sequential Machines Using Boolean Functional Vectors," IMECIFIP International Workshop on Applied Formal Methods For Correct VLSI Design, Luc J.M. Claesen, ed., North Holland, 1989.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC