Successfully reported this slideshow.
Upcoming SlideShare
×

# Theorie, Praxis und Perspektiven der operationsbasierten formalen Schaltungsverifikation

819 views

Published on

Published in: Technology
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Hi there! Get Your Professional Job-Winning Resume Here - Check our website! http://bit.ly/resumpro

Are you sure you want to  Yes  No
• Be the first to like this

### Theorie, Praxis und Perspektiven der operationsbasierten formalen Schaltungsverifikation

1. 1. Theory, Practice and Perspectives ofOperation-Based Formal Circuit Verification Wolfram Büttner wolfram-buettner@aon.at December 2012
2. 2. Principles of Mathematical Work Overall objective - Construct mathematical object - Document understanding of object in terms of theorems Process of gaining understanding - Pre-proof: Set up hypothesis, constraints, assertions - Proof: Prove hypothesis or adjust hypothesis, constraints, assertions until proof succeeds - Theory formation: Develop hierarchy of theorems to achieve good understanding of object Formal verification - Analyze mathematical models capturing key functionality of technical systems – most important models are FSM‘s describing discrete control - Emphasis is on finding errors – proof as termination criterion for successful verification - Automated proof is essential for acceptance in Engineering - Automated proof is necessary, but is it sufficient for a good verification solution?December 2012Page 2
3. 3. Model Checking: Automated Debugging/Proof Temporal Logic as Property Description Language for FSM‘s AGp - p holds for all EGp - p holds for all AFp - p holds for some states of all traces states of some trace state in every trace More complex properties e.g. AG(p AFq), AGAFp, AGEFp EFp - p holds for some state in some traceDecember 2012Page 3
4. 4. Model Checking: Automated Debugging/Proof Does temporal logic formula hold for FSM ? AGp - p holds for all Basic Model Checking: states of all traces if p does not hold for z0 then reset activation defines counterexample, else for i > 0 … { • calculate Zi+1 z0 • if Zi+1 = Zi proof holds, stop else • examine all new z that can be reached from Zi in one step if p does not hold for z then calculate trace to z, stop } } z0 = reset state Z0 = {z0} Symbolic Model Checking: …. • Identify sets Zi with their characteristic (Boolean) functions Zi+1 = Zi plus new • f Boolean then f(x1, …, xn) = ite (x1=1, f(1, ……, xn), f(0, …… , xn)) states reachable • Iterated decomposition represents f as directed acyclic graph (BDD) from states in Zi • Graph is often compact; permits efficient build-up of Zi, comparison in one step of Zi and Zi+1 and intersection of Zi+1 with set of states violating pDecember 2012Page 4
5. 5. Model Checking: Automated Debugging/Proof Assessment Status of approach • Best known automated formal verification paradigm • Bound to be an add-on to conventional simulation-based testing • Applied in various domains by experts verifying critical functionality – no generally accepted engineering practice • Often faces state-explosion requiring problem specific abstractions • Finding safe abstractions requires deep knowledge of tool and application Conclusions • Push-button verification solution based on MC works only for simple properties • Additional support of „process of gaining understanding“ is essential for broad acceptance of formal verification in industry • In early 1990s new circuit verification approach emerged supporting pre-proof, proof and theory formation – OFV (operation-based formal circuit verification)December 2012Page 5
6. 6. OFV: Running Example - Memory Controller Processor request rw address wdata rdata ready SDRAM Controller (for e.g., DDR 2 RAMs) sd_addr sd_wdata sd_ctrl sd_rdata SDRAMDecember 2012Page 6