This document discusses formal verification in VLSI systems. It begins by explaining that formal verification uses mathematical proofs to show a system works as intended, as an alternative to testing which is limited and costly for large VLSI designs. It then covers various techniques in formal verification including Kripke structures to model systems, temporal logic to specify properties, and model checking to automatically verify properties by exhaustive search. The document provides examples and discusses the challenges of state explosion in formal verification.
Formal equivalence checking process is a part of electronic design automation (EDA), commonly used during the development of digital integrated circuits, to formally prove that two representations of a circuit design exhibit exactly the same behavior.
Equivalence checking is a portion of a larger discipline called formal verification. This technology uses mathematical modeling techniques to prove that two representations of design exhibit the same behavior. This approach should not be confused with functional verification, which uses exhaustive simulation to verify the correctness of a design.
Once a verified version of a design has been identified, equivalence checking can be used to determine if an alternate representation of the design behaves the same as the verified version. This technique does not use input vectors so it is more efficient.
Equivalence checking is useful to verify that a design’s function has not changed after an operation like synthesis, or after a functional ECO has been applied.
This is the first session from a series of sessions on Verification of VLSI Design. It focus on the basic flow of verification in context of system design flow, types of verification, Functional, formal and semi-formal verification, Simulation, Emulation and Static Timing Analysis.
What are the different opportunities for a VLSI Front end Verification engineer? What career path exists and how to build a career path in Verification of VLSI chip designs?
Sharing my experiences and Career journey as Verification Engineer
Formal equivalence checking process is a part of electronic design automation (EDA), commonly used during the development of digital integrated circuits, to formally prove that two representations of a circuit design exhibit exactly the same behavior.
Equivalence checking is a portion of a larger discipline called formal verification. This technology uses mathematical modeling techniques to prove that two representations of design exhibit the same behavior. This approach should not be confused with functional verification, which uses exhaustive simulation to verify the correctness of a design.
Once a verified version of a design has been identified, equivalence checking can be used to determine if an alternate representation of the design behaves the same as the verified version. This technique does not use input vectors so it is more efficient.
Equivalence checking is useful to verify that a design’s function has not changed after an operation like synthesis, or after a functional ECO has been applied.
This is the first session from a series of sessions on Verification of VLSI Design. It focus on the basic flow of verification in context of system design flow, types of verification, Functional, formal and semi-formal verification, Simulation, Emulation and Static Timing Analysis.
What are the different opportunities for a VLSI Front end Verification engineer? What career path exists and how to build a career path in Verification of VLSI chip designs?
Sharing my experiences and Career journey as Verification Engineer
Functional verification is one of the key bottlenecks in the rapid design of integrated circuits. It is estimated that verification in its entirety accounts for up to 60% of design resources, including duration, computer resources and total personnel. The three primary tools used in logic and functional verification of commercial integrated circuits are simulation (at various levels), emulation at the chip level, and formal verification.
RiseTime offers "Job Oriented VLSI Design & Verification Course"
In this course, you will learn both ASIC design and verification concepts. Verilog is covered as part of design and systemVerilog/UVM are covered as part of verification. The course highlights are periodical tests followed by extensive lab sessions and mock interviews.
Introduction to SOC Verification Fundamentals and System Verilog language coding. Explains concepts on Functional Verification methodologies used in industry like OVM, UVM
The journey of designing an ASIC (application specific integrated circuit) is long and involves a number of major steps – moving from a concept to specification to tape-outs. Although the end product is typically quite small (measured in nanometers), this long journey is interesting and filled with many engineering challenges.
Today, ASIC design flow is a very mature process in silicon turnkey design. The ASIC design flow and its various steps in VLSI engineering that we describe below are based on best practices and proven methodologies in ASIC chip designs. This blog attempts to explain different steps in the ASIC design flow, starting from ASIC design concept and moving from specifications to benefits.
To ensure successful ASIC design, engineers must follow a proven ASIC design flow which is based on a good understanding of ASIC specifications, requirements, low power design and performance, with a focus on meeting the goal of right time to market. Every stage of ASIC design cycle has EDA tools that can help to implement ASIC design with ease.
Before 2000 area, delay and performance were the most important parameters, if anyone design circuit the main focus was on how much less area is occupied by the circuit on the chip and what the speed is. Now situation is changed, the performance and speed is a secondary concern. In all nanometer (deep sub-micron) technology power becomes the most important parameter in the design. Almost all portable devices run on battery power. Power consumption is a very big challenge in modern-day VLSI design as technology is going to shrinks Because of
Increasing transistors count on small chip
Higher speed of operations
Greater device leakage currents
Visit https://www.vlsiuniverse.com/
https://www.vlsiuniverse.com/2020/05/complete-asic-design-flow.html
This is the standard VLSI design flow that every semiconductor company follows. The complete ASIC design flow is explained by considering each and every stage.
Basics of Functional Verification - Arrow DevicesArrow Devices
Are you new to functional verification? Or do you need a refresher? This presentation takes you through the basics of functional verification - overall scope and process with examples. Also included are some tips on do's and don'ts!
A Survey of functional verification techniquesIJSRD
In this paper, we present a survey of various techniques used in functional verification of industry hardware designs. Although the use of formal verification techniques has been increasing over time, there is still a need for an immediate practical solution resulting in an increased interest in hybrid verification techniques. Hybrid techniques combine formal and informal (traditional simulation based) techniques to take the advantage of both the worlds. A typical hybrid technique aims to address the verification bottleneck by enhancing the state space coverage.
Functional verification is one of the key bottlenecks in the rapid design of integrated circuits. It is estimated that verification in its entirety accounts for up to 60% of design resources, including duration, computer resources and total personnel. The three primary tools used in logic and functional verification of commercial integrated circuits are simulation (at various levels), emulation at the chip level, and formal verification.
RiseTime offers "Job Oriented VLSI Design & Verification Course"
In this course, you will learn both ASIC design and verification concepts. Verilog is covered as part of design and systemVerilog/UVM are covered as part of verification. The course highlights are periodical tests followed by extensive lab sessions and mock interviews.
Introduction to SOC Verification Fundamentals and System Verilog language coding. Explains concepts on Functional Verification methodologies used in industry like OVM, UVM
The journey of designing an ASIC (application specific integrated circuit) is long and involves a number of major steps – moving from a concept to specification to tape-outs. Although the end product is typically quite small (measured in nanometers), this long journey is interesting and filled with many engineering challenges.
Today, ASIC design flow is a very mature process in silicon turnkey design. The ASIC design flow and its various steps in VLSI engineering that we describe below are based on best practices and proven methodologies in ASIC chip designs. This blog attempts to explain different steps in the ASIC design flow, starting from ASIC design concept and moving from specifications to benefits.
To ensure successful ASIC design, engineers must follow a proven ASIC design flow which is based on a good understanding of ASIC specifications, requirements, low power design and performance, with a focus on meeting the goal of right time to market. Every stage of ASIC design cycle has EDA tools that can help to implement ASIC design with ease.
Before 2000 area, delay and performance were the most important parameters, if anyone design circuit the main focus was on how much less area is occupied by the circuit on the chip and what the speed is. Now situation is changed, the performance and speed is a secondary concern. In all nanometer (deep sub-micron) technology power becomes the most important parameter in the design. Almost all portable devices run on battery power. Power consumption is a very big challenge in modern-day VLSI design as technology is going to shrinks Because of
Increasing transistors count on small chip
Higher speed of operations
Greater device leakage currents
Visit https://www.vlsiuniverse.com/
https://www.vlsiuniverse.com/2020/05/complete-asic-design-flow.html
This is the standard VLSI design flow that every semiconductor company follows. The complete ASIC design flow is explained by considering each and every stage.
Basics of Functional Verification - Arrow DevicesArrow Devices
Are you new to functional verification? Or do you need a refresher? This presentation takes you through the basics of functional verification - overall scope and process with examples. Also included are some tips on do's and don'ts!
A Survey of functional verification techniquesIJSRD
In this paper, we present a survey of various techniques used in functional verification of industry hardware designs. Although the use of formal verification techniques has been increasing over time, there is still a need for an immediate practical solution resulting in an increased interest in hybrid verification techniques. Hybrid techniques combine formal and informal (traditional simulation based) techniques to take the advantage of both the worlds. A typical hybrid technique aims to address the verification bottleneck by enhancing the state space coverage.
DBTest 2013 - In Data Veritas - Data Driven Testing for Distributed SystemsMihir Gandhi
The increasing deployment of distributed systems to solve
large data and computational problems has not seen a con-
comitant increase in tools and techniques to test these sys-
tems. In this paper, we propose a data driven approach to
testing. We translate our intuitions and expectations about
how the system should behave into invariants, the truth of
which can be verified from data emitted by the system. Our
particular implementation of the invariants uses Q, a high-
performance analytical database, programmed with a vector
language.
Verification and validation of knowledge bases using test cases generated by ...Waqas Tariq
Knowledge based systems have been developed to solve many problems. Their main characteristic consists on the use of a knowledge representation of a specific domain to solve problems in such a way that it emulates the reasoning of a human specialist. As conventional systems, knowledge based systems are not free of failures. This justifies the need for validation and verification for this class of systems. Due to the lack of techniques which can guarantee their quality and reliability, this paper proposes a process to support validation of specific knowledge bases. In order to validate the knowledge base, restriction rules are used. These rules are elicit and represented as If Then Not rules and executed using a backward chaining reasoning process. As the result of this process test cases are created and submitted to the knowledge base in order to prove whether there are inconsistencies in the domain representation. Two main advantages can be highlighted here: the use of restriction rules which are considered as meta-knowledge (these rules improve the knowledge representation power of the system) and a process that can generate useful test cases (test cases are usually difficult and expensive to be created).
Annotated Bibliography
.
Guidelines: Annotated Bibliography
Purpose: Explore current literature (collection of writing on a specific topic) to increase
knowledge of leadership in nursing practice.
The annotated bibliography assignment will help students prepare to design and present a poster presentation regarding nursing leadership in practice. The focus is building student knowledge of various leadership roles in nursing (current trends). The assignment also promotes student reflection on development of their own leadership skills.
Students will read the summary of the Institute of Medicine (IOM) “The Future of Nursing: Leading Change, Advancing Health” for baseline identification of leadership roles (posted in Blackboard).
Students will then search the literature to identify and select five (5) nurse leaders, who will be the topic of the annotated bibliography summaries (students must use credible sources when searching literature).
Students may also choose to submit 2 of the 5 annotated bibliography summaries on the following topics:
1. Student Nurse Leaders (2)
2. Current Trends in Nursing Leadership (3)
Each of the five annotated bibliography summaries should be no more than one page, typed, and must include the following:
1. The identified leader’s specific roles & responsibilities
2. The identified leader’s accomplishments
3. Barriers and facilitators to leader achievement of goals
4. Knowledge gained from reading content included in the annotated bibliography summary
Annotated Bibliography Grading Rubric
Criteria
Points Possible
Points Earned
Faculty Comments
Provides a clear description of the identified leader’s role (s) and responsibilities (related to nursing)
20
Provides examples of the leader’s
accomplishments (at least 2 examples)
10
Summarizes barriers inhibiting the leader’s achievement of goals
15
Summarizes facilitators enhancing the leader’s achievement of goals
15
Summary of leadership knowledge gained from reading content included in the annotated bibliography summary
20
Correct grammar/spelling
10
APA format
10
Total
100
[Type text]
30 February 2005 QUEUE rants: [email protected] DARNEDTesting large systems is a daunting task, but there are steps we can take to ease the pain.
T
he increasing size and complexity of software, coupled with concurrency and dis-
tributed systems, has made apparent the ineffectiveness of using only handcrafted
tests. The misuse of code coverage and avoidance of random testing has exacer-
bated the problem. We must start again, beginning with good design (including
dependency analysis), good static checking (including model property checking), and
good unit testing (including good input selection). Code coverage can help select and
prioritize tests to make you more effi cient, as can the all-pairs technique for controlling
the number of confi gurations. Finally, testers can use models to generate test coverage
and good stochastic.
OS VERIFICATION- A SURVEY AS A SOURCE OF FUTURE CHALLENGESIJCSES Journal
Formal verification of an operating system kernel manifests absence of errors in the kernel and establishes trust in it. This paper evaluates various projects on operating system kernel verification and presents indepth survey of them. The methodologies and contributions of operating system verification projects have been discussed in the present work. At the end, few unattended and interesting future challenges in
operating system verification area have been discussed and possible directions towards the challenge solution have been described in brief.
Building a new CTL model checker using Web Servicesinfopapers
Florin Stoica, Laura Stoica, Building a new CTL model checker using Web Services, Proceeding The 21th International Conference on Software, Telecommunications and Computer Networks (SoftCOM 2013), At Split-Primosten, Croatia, 18-20 September, pp. 285-289, 2013
DOI=10.1109/SoftCOM.2013.6671858 http://dx.doi.org/10.1109/SoftCOM.2013.6671858
This is slides used at Arithmer seminar given by Dr. Masaaki Uesaka at Arithmer inc.
It is a summary of recent methods for quality assurance of machine learning model.
Arithmer Seminar is weekly held, where professionals from within our company give lectures on their respective expertise.
Arithmer株式会社は東京大学大学院数理科学研究科発の数学の会社です。私達は現代数学を応用して、様々な分野のソリューションに、新しい高度AIシステムを導入しています。AIをいかに上手に使って仕事を効率化するか、そして人々の役に立つ結果を生み出すのか、それを考えるのが私たちの仕事です。
Arithmer began at the University of Tokyo Graduate School of Mathematical Sciences. Today, our research of modern mathematics and AI systems has the capability of providing solutions when dealing with tough complex issues. At Arithmer we believe it is our job to realize the functions of AI through improving work efficiency and producing more useful results for society.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Formal verification
1. Formal Verification in VLSI
Dilawar Singh
Indian Institute of Technology Bombay
November 28, 2010
Dilawar Singh Formal Verification in VLSI
2. About
These slides were evolved
during Testing and
Verification of VLSI
course offered by Prof. M. P.
Desai at IIT Bombay. It deals
with non-technicalities of the
’formal verification’ rather
than theories and principles.
Some comments are
unprofessionally
personal.Reader discretion is
advised. :-)
Figure: From
http://shemesh.larc.nasa.gov/images/humor-sneak-
a-peek.jpg
Dilawar Singh Formal Verification in VLSI
3. Formal Verification
Traditionally one discovers error in software and hardware by
testing all possible combination e.g. using simulation.1
Since VLSI systems are too large, one can test only a (tiny?)
fraction of them in practice. And this is when computer
computer runs faster than Chacha Chaudhary’s Brain.
Besides, everything runs on simulation is orders of magnitude
slower than the real hardware, so pre-silicon testing is limited.
That is why so little new design are coming out of industries.
Testing has become way too costly. Over 25% of total cost.
Formal verification is an alternative that proves
mathematically that given VLSI system will work as intended.
Testing is for fault detection.Formal Verification is fault
avoidance technique.
1
I’m done simulating; Now what?, Kantrowiz M and Noack Lisa, DEC
Dilawar Singh Formal Verification in VLSI
4. Exhaustiveness
In 1914, Littlewood proved that π(n) − li(n) changes sign
infinitely often, where pi(n) is the number of primes ≤ n and
li(n) =
n
0
du
ln u though first instant of sign change occurs when
n ≥ 1.39822 × 10316 discovered by Bays & Hudson (2000).
Exhaustive testing using brute force may miss some
errors which can be detected by formal verification.
Most notable example is Pentium FDIV Bug
It’s good to be paranoid while verifying.
Dilawar Singh Formal Verification in VLSI
5. Formal Models
Specification First of all, we need to write down how my
system should behave. Mathematical Description.
Kripke Structures.
Formal verification that aims to prove the correctness of
design with respect to a given mathematical formal
specifications.
However, checking against a reference does not mean that
reference is correct. Sanity check of the reference is required.
Dilawar Singh Formal Verification in VLSI
6. How hard is formal verification
Writing out complete
proof for correctness is
like defeating Tai Lung
without a dragon scroll.
And even one has one,
not necessarily one can
use it.
Assumptions and special
cases must be made
explicit. Even for small
undertaking, this is a big
task. Figure: Stick to details and
procedures. Not everyone is gifted!
Dilawar Singh Formal Verification in VLSI
7. Theorem Provers
It would be great if one can prove or
even generate a proof using computer.
It will reduce the risk of mistakes and
can automate some part of it for a
large system.
Downside: People may become
dumber at a cost of smarter planet.
There are many software package
available for this purpose. A very good
list can be found here.a
a
http://www.cs.indiana.edu/formal-methods-
education/Tools/ Figure: From
http://shemesh.larc.nasa.gov/images/humor-whole-
truth.jpg
Dilawar Singh Formal Verification in VLSI
8. Verification - Hardware V/S Software
In recent years, formal hardware
verification have become very
important part of development
process. Almost all of the leading
companies use them but software
companies are still lagging. a
Why?
Probably because they can get away
with it. A faulty software does not
throw you our of business. Microsoft
Windows is still around.
Its easy to write patches for software.
Almost impossible for a hardware.
a
Formal methods : State of Art and Future
Directions, Clarke and Wing, CMU.
Figure: A faulty hardware (and
or (= xor?)) faulty software) can
make your machine life miserable.
Take care!
Dilawar Singh Formal Verification in VLSI
9. Combinational Comparison
One very fundamental question is whether two given
combinational circuits are equivalent for a given input
combination. For example, output of a synthesis tool modified
by a designer to reduce the gate.
Task is that optimised and unoptimised circuits are
equivalent. This can be done by verifying truth table.
Tautology checking.
Though this can be automated, but in practice, working with
truth table are tedious and inefficient.
Dilawar Singh Formal Verification in VLSI
10. Efficient tautology checking
Tautology is NP-complete problem. One have to find
heuristics for given cases till someone gives an efficient
algorithm to solve these problems.
Divide the circuit and solve for smaller parts.
In practice, Binary Decision Diagrams are efficient. They also
give a canonical representation for a given boolean formula
with a specific variable ordering. 2
Other methods are Integer Programming, Davis-Putnam
procedures.
Symbolic simulation is also a candidate. They have been
inefficient till now.
2
Bounded Model Checking, Armien Biere et al. Advances in computers,
2003
Dilawar Singh Formal Verification in VLSI
11. Symbolic Trajectory Evaluation
One can write specification in a restricted temporal logic
specifying the behavior over bounded-length trajectories
(sequence of circuit state).
One example : if the circuit satisfy the property P then after
n transition it will satisfy the property Q. E.g. if P (a counter
is reset) is true then Q (the output is n) will be true after n
transitions.
The the circuit can be checked for this specification. If this
does not hold true then a witness will be found.
Dilawar Singh Formal Verification in VLSI
12. Temporal Logic Model Checking
In general, specification can be written in more general
temporal logic without the limitation of bounded
trajectories.Hardware is reduced to a state transition system in
which at every state, one checks whether a given atomic
formula holds or not.
Linear Temporal Logic (LTL) and Computation Tree Logic
(CTL) can be used to describe the behaviour.
In CTL, behaviour can be specified by quantifying both over
future and over all range of possible states transition
sequence. Kripke Structure are natural for these specification.
Since every transition system is coded up with combination of
boolean variables, BDD are used to represent them. There are
many BDD packages available. 3
For example, EGf means that there exists a paths for which f
holds in every state. A path is a sequence of possible state
transition.
3
http://vlsicad.eecs.umich.edu/BK/Slots/cache/www.itu.dk/research/buddy/index.
Dilawar Singh Formal Verification in VLSI
13. Example : Kripke Structure
Kripke structure K = (S, I, T, L) .
S is the set of states; I ⊆ S is the set
of initial states; T ⊆ S × S is the
transition relations and L: S → P(A)
is the labeling function, where A is the
set of atomic proposition, and P(A)
denotes the power-set of A i.e. for a
state s ∈ S the set L(s) is made of the
atomic proposition that holds in s.
S = {00, 01, 10, 11}
I = {00}
T = {(00, 01), (00, 11), (01, 00), (01, 10),
(10, 11), (10, 01), (11, 10), (11, 00), (10, 00)}
Figure: A finite State Machine!
Dilawar Singh Formal Verification in VLSI
14. Example : Temporal representation
Let xnext is the next state and x is the
current state of two bit vector.
Assuming that both up and down can
not be 0 at same time,
xp(0) = ¬x(0) (1)
xp(1) = x(0) x(1) (2)
xm(0) = ¬x(0) (3)
xm(1) = ¬(x(1) ¬x(0)) (4)
T(xnext, x): xnext = (up ∧ ¬down ∧ xp)(5)
∨(¬up ∧ down ∧ xm) ∨ (up ∧ down ∧ xn)(6)
f : T holds.
EGf is true. In fact for every path f is
true i.e. AGf holds.
Figure: A finite State Machine!
Dilawar Singh Formal Verification in VLSI
15. Model Checking
In model checking, one builds a finite model of a system and
check that a desired property holds in that system. This is
done by search exhaustively (and some times wisely), if it does
not hold and a counterexample is produced. That is its
greatest strength to able to produce and error and thus
suitable for debugging. Since model is finite, it will terminate.
It is mostly used in hardware and protocol verification.
Two approaches are genrally used in model checking,
TEMPORAL MODEL CHECKING (we have seeb them ) and
‘find and automation and compare to the specification to
determine whether or not its behaviour conforms to that
specification . For example, Language Inclusion (Har’El and
Krushan, 19941], refinement ordering [Cleaveland et all. 93],
observal equivalence [Cleaveland et all 93, Fernandez, 96, Roy
and de Simone 90].
Vardi and Wolper [1986] have shown how the temporal model
checking problem could be recast in terms of automata, thus
Dilawar Singh Formal Verification in VLSI
16. Theorem Proving V/s Model Checking
Two well established approach to verification are model
checking and theorem proving. Model checking is very fast
but can handle finite states.
When theorem proving fails, unlike Model Checking, it does
not produce a counter-example.
Model checking is much faster than theorem proving. But the
problem is STATE EXPLOSION. There are heuristics to
improve this though [Krushan 1994; Krushan 1994] and
semantic minimization (Elseaidy et al. 1996] to eliminate
unnecessary states from a system modeling. Using this
method one has verified 10120 reachable states.
Theorem proving can deal with infinite state space. It uses
structural induction to prove over infinite domains.
Dilawar Singh Formal Verification in VLSI
17. Blah Blah
The overreaching goal of formal methods is to help engineers
construct more reliable systems. A global property is broken
into local properties which are conceptually easier to handle.
Abstraction is also needed. Hardware specification can written
down in more abstract language like Esteral (good for control
engineering freaks).
Combination of mathematical theories is also a very less
explored area. One solid concepts from one discipline can find
application in another numerous fields, graph theory is one of
the most remarkable example of it.
Who can forget to include better data structures and
algorithms.
Rather than building models for some specific problem, one
can ambitiously romanticise “meta-tools” which themselves
can produce or change themselves to handle a particular
problem domain. Integration of available methods?
Dilawar Singh Formal Verification in VLSI
18. Tools
In the hand of a Jedi Knight a simple looking light saber is
more efficient that a million dollar weapon. How to use your
available tool efficiently, one should learn through practice.
Anyone who have mastered vim editor will probably agree
with me.
A list of available tools are given here
http://www.cs.indiana.edu/formal-methods-
education/Tools/.
Dilawar Singh Formal Verification in VLSI