a sat based procedure for verifying finite state machines
play

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 - PowerPoint PPT Presentation

Oct 02, 2022 •32 likes •252 views

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik Reeber {reeber,hunt}@cs.utexas.edu The University of Texas ACL2 Workshop, August 16 , 2006 Introduction The ACL2 theorem prover is great

  1. A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik Reeber {reeber,hunt}@cs.utexas.edu The University of Texas ACL2 Workshop, August 16 , 2006

  2. Introduction • The ACL2 theorem prover is great – Scalable to large industrial verification problems • But… – Proofs require a lot of human effort – Computer could do more • Especially when in decidable domains • Identify a decidable subclass of ALC2 properties – Based on tree structures • New ACL2 hint for proving properties in this domain – Available in a future version of ACL2 August 16, 2006 ACL2 2006 2

  3. Presentation Overview • Focus is on what you can do with the new hint – If you want to know how it works • Read paper • Look at code: www.cs.utexas.edu/users/reeber • Outline – Demo – Performance Results – Hardware Verification Methodology – Application: TRIPS Processor Components – Future Work – Conclusion August 16, 2006 ACL2 2006 3

  4. Demo August 16, 2006 ACL2 2006 4

  5. Performance Results ACL2 Clausifier BDD Engine SAT Engine 275 225 175 Time(s) 125 75 25 4-bit Add Assoc 32-bit Add 200-bit Add 32x6 Shift-0 64x7 Shift-0 32x4 Add-Shift 64x6 Add-Shift 100 Digit Dec Assoc Assoc Inv -25 August 16, 2006 ACL2 2006 5

  6. Lines of Code ACL2 Clausifier BDD Engine SAT Engine 350 300 250 200 # Lines 150 100 50 0 4-bit Add Assoc 32-bit Add 200-bit Add 32x6 Shift-0 64x7 Shift-0 32x4 Add-Shift 64x6 Add-Shift 100 Digit Dec Assoc Assoc Inv August 16, 2006 ACL2 2006 6

  7. Hardware Verification Methodology Verilog English Spec, C Model and Design Test Suite Testing & Inspection Manual Compiler Translation DE2 ACL2 Spec Design Guided Verifying SAT-Based Proof Compiler Decision Procedure SULFA ACL2 Model Properties August 16, 2006 ACL2 2006 7

  8. TRIPS LSQ • TRIPS Processor – Designed and built at University of Texas and IBM • Prototype next-generation processor – Multi-core, speculative, pipelined processor • 4 memory partitions, 16 ALUs • 256 speculative out-of-order instructions, partitioned into eight instruction blocks • Load Store Queue (LSQ) – Queue for speculative loads and stores not ready for cache – Four LSQ tiles, one for each memory partition • Verified LSQ internal communication protocol August 16, 2006 ACL2 2006 8

  9. Exception Mask Protocol Flush_mask Exception_mask • Exception can occur at each tile Tile 0 UDT_EX_Mask • Each tile stores a Flush_mask T0_Except Local_Except DDT_EX_Mask mask of known REG exceptions Tile 1 UDT_EX_Mask Flush_mask • Mask sent up T1_Except Local_Except DDT_EX_Mask each cycle REG Tile 2 • Eventually every UDT_EX_Mask Flush_mask T2_Except exception is Local_Except DDT_EX_Mask known by Tile 0 REG Tile 3 UDT_EX_Mask • Global flushes Flush_mask T3_Except remove Local_Except DDT_EX_Mask exceptions August 16, 2006 ACL2 2006 9

  10. Verification of Exception Protocol • Compiled Verilog design into DE2 • Compiled DE2 into ACL2 model – proven equivalence • Wrote single-tile exception model • Specification: – Safety. Tile 0 reports a subset of the exceptions reported by the single-tile model – Liveness. Eventually every exception produced by the single-tile model is reported by Tile 0 . August 16, 2006 ACL2 2006 10

  11. Exception Protocol Safety Property • Tile 0 reports a subset of the exceptions reported by the single-tile model (defthm specification-miss-exception-safety (implies (and (integerp tao) (<= 0 tao) (Tth-valid-inputsp tao input-list)) (submaskp 8 (acl2v-udt_miss_ordering_exceptions *t0* (Tth-model-state tao input-list) (nth tao input-list)) (spec-miss-exceptions (Tth-spec-state tao input-list) (nth tao input-list))))) August 16, 2006 ACL2 2006 11

  12. Safety Invariant Properties (defthm miss-order-inv-is-invariant-step (implies (and (inputs-goodp proof-st ins) (miss-order-inv proof-st)) (miss-order-inv (update-proof-state proof-st ins))) :hints (("Goal" :external (sat nil sat::$sat)))) (defthm miss-order-inv-implies-thm (implies (and (miss-order-inv proof-st) (inputs-goodp proof-st ins)) (submaskp 8 (acl2v-udt_miss_ordering_exceptions *t0* (proof-st-dsn-state proof-st) ins) (update-proof-st-0th-miss-mask *t0* proof-st ins))) :hints (("Goal" :external (sat nil sat::$sat)))) August 16, 2006 ACL2 2006 12

  13. Liveness Property • Eventually every exception produced by the single- tile model is reported by Tile 0 • ACL2 Specification – Prove theorem below – Use defun-sk definition on next slide • Proof process same as before – Unable to prove invariant directly with SAT (defthm specification-miss-exception-liveness (implies (and (integerp tao) (<= 0 tao)) (eventually-1T-miss-subset-of-4T-P tao input-list)) August 16, 2006 ACL2 2006 13

  14. Liveness Property Defun-sk (defun-sk eventually-1T-miss-subset-of-4T-P (tao input-list) (exists (tao-prime) (and (integerp tao-prime) (<= tao tao-prime) (implies (Tth-valid-inputsp tao-prime input-list) (submaskp 8 (spec-miss-exceptions (Tth-spec-state tao input-list) (nth tao input-list)) (bv-or 8 (recent-flushes tao tao-prime input-list) (acl2v-udt_miss_ordering_exceptions *t0* (Tth-model-state tao-prime input-list) (nth tao-prime input-list)))))))) August 16, 2006 ACL2 2006 14

  15. Store Mask Protocol • Each tile produces a mask of arrived stores • Protocol more complex than exception protocol – Up to 256 entries in store mask – Store mask sent to both neighbors • Specification & verification methodology similar to exception protocol • Analysis – Problem size: ~1500 Boolean variables – 130 hours of human effort – Multi-hour proof • Improvement over pure theorem proving – Counter examples especially helpful August 16, 2006 ACL2 2006 15

  16. Future Work • More applications – Full LSQ design – n-tile circuit generator • Performance improvements – Try the new BDD system • Expand SULFA – Constrained functions – Limited arithmetic • Add to ACL2 “waterfall” • Verify proof engine – Theoretical issues: function body, proof of termination – Practical issues: complex code, large clause inputs • Counter-example guided refinement August 16, 2006 ACL2 2006 16

  17. Conclusion • Defined decidable subclass of ACL2 formulas – Includes primitives if, cons, car, cdr, consp, and equal – Can be extended with user-defined functions • New hint for proving properties in this subclass – Fully automatic – Generates counter-examples to invalid properties • Applying to TRIPS processor – Multi-core, pipelined, out-of-order processor – Combining SAT-based reasoning with pure theorem proving – Solid improvement over pure theorem proving August 16, 2006 ACL2 2006 17

  18. Backup Slides August 16, 2006 ACL2 2006 18

  19. Single-Tile Exception Model • Wrote a single-tile model in ACL2 • The full mask of exceptions is generated each cycle Spec_EX_mask Flush_mask 8 NOT T0_Except 4 8 EN-DECODE R T1_Except * 8 A 4 8 E EN-DECODE N O G T2_Except * D 4 8 R EN-DECODE T3_Except * 4 8 EN-DECODE * This input has been modified: an exception is disabled if it occurs in an instruction that has already been flushed. August 16, 2006 ACL2 2006 19

  20. Single-Tile Exception Model • Wrote a single-tile model in ACL2 • The full mask of exceptions is generated each cycle Spec_EX_mask Flush_mask 8 NOT T0_Except 4 8 EN-DECODE R T1_Except * 8 A 4 8 E EN-DECODE N O G T2_Except * D 4 8 R EN-DECODE T3_Except * 4 8 EN-DECODE * This input has been modified: an exception is disabled if it occurs in an instruction that has already been flushed. August 16, 2006 ACL2 2006 20

  21. Store Mask Protocol Flush_mask Commit_mask • Each tile keeps a mask Tile 0… of arrived stores REG • Used in completion detection & deferred load Tile 1 UDT2_in UDT1_in UDT0_in UDT2_out UDT1_out UDT0_out awakening Flush_mask • Up to three stores are Commit_mask sent both upward and Store_mask downward at the Local_store DDT2_out DDT1_out DDT0_out DDT2_in DDT1_in DDT0_in beginning of each cycle • Eventually all arrived stores reach every tile REG • A flush or a commit removes stores Tile 2… August 16, 2006 ACL2 2006 21

  22. Single-Tile Store Model • Similar to single-tile exception mask Flush_mask Store_mask 256 NOR Expand Mask Commit_mask 256 256 T0_Store 9 EN-DECODE R T1_Store * 8 A 9 E EN-DECODE O N G T2_Store * R D 9 EN-DECODE T3_Store * 9 EN-DECODE * This input has been modified: an exception is disabled if it occurs in an instruction that has already been flushed. August 16, 2006 ACL2 2006 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Finite State Machines (FSM) AKA Finite State Automat on State Machines Introduction State

Finite State Machines (FSM) AKA Finite State Automat on State Machines Introduction State

Finite State Machines (FSM) AKA Finite State Automat on State Machines Introduction State Machines Mealy and Moore Machines State Machines Synchronous &amp; Asynchronous Systems State Diagrams Elements of Diagrams State Diagrams Properties

676 views • 33 slides
Hardware Design with VHDL Finite State Machines ECE 443 Finite State Machines FSMs are

Hardware Design with VHDL Finite State Machines ECE 443 Finite State Machines FSMs are

Hardware Design with VHDL Finite State Machines ECE 443 Finite State Machines FSMs are sequential machines with &quot;random&quot; next-state logic Used to implement functions that are realized by carrying out a sequence of steps -- commonly

794 views • 65 slides
Finite State Machines Finite State Machines Often AI as agents: sense , think , then act

Finite State Machines Finite State Machines Often AI as agents: sense , think , then act

3/24/2016 Finite State Machines Finite State Machines Often AI as agents: sense , think , then act But many different rules for agents Ex: sensing, thinking and acting when fighting , running , exploring Can be difficult to

299 views • 5 slides
Lecture 4 Finite State Machines 1 9/26/2019 Modeling Finite State Machines (FSMs)

Lecture 4 Finite State Machines 1 9/26/2019 Modeling Finite State Machines (FSMs)

Lecture 4 Finite State Machines 1 9/26/2019 Modeling Finite State Machines (FSMs) Manual FSM design &amp; synthesis process: 1. Design state diagram (behavior) 2. Derive state table 3. Reduce state table 4. Choose a state

531 views • 29 slides
Lecture 4 Finite State Machines 1 9/18/2020 Modeling Finite State Machines (FSMs)

Lecture 4 Finite State Machines 1 9/18/2020 Modeling Finite State Machines (FSMs)

Lecture 4 Finite State Machines 1 9/18/2020 Modeling Finite State Machines (FSMs) Manual FSM design &amp; synthesis process: 1. Design state diagram (behavior) 2. Derive state table 3. Reduce state table 4. Choose a state

533 views • 35 slides
Finite State Machines (FSM) Chapter 8 State Machines Introduction State Machines Mealy and

Finite State Machines (FSM) Chapter 8 State Machines Introduction State Machines Mealy and

Finite State Machines (FSM) Chapter 8 State Machines Introduction State Machines Mealy and Moore Machines State Machines Synchronous &amp; Asynchronous Systems State Diagrams Elements of Diagrams State Diagrams Properties State Diagrams

607 views • 33 slides
Implementing finite state machines A first introduction to PROLOG Encoding finite state

Implementing finite state machines A first introduction to PROLOG Encoding finite state

Implementing finite state machines A first introduction to PROLOG Encoding finite state machines in PROLOG Recognition and generation with finite state machines in PROLOG Search spaces and how to traverse them depth-first

549 views • 24 slides
Finite State Machines: Finite State Transducers; Specifying Control Logic Greg Plaxton Theory in

Finite State Machines: Finite State Transducers; Specifying Control Logic Greg Plaxton Theory in

Finite State Machines: Finite State Transducers; Specifying Control Logic Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Finite State Transducers A finite state

117 views • 9 slides
Finite State Machines Murray Cole Finite State Machines 1 Embedded Systems

Finite State Machines Murray Cole Finite State Machines 1 Embedded Systems

I V N E U R S E I H T Y T O H F G R E U D I B N Finite State Machines Murray Cole Finite State Machines 1 Embedded Systems Already 10s of processor chips per person in the world There will

512 views • 13 slides
Xerox Finite-State Tool Building Finite-State Machines Youll use it for homework

Xerox Finite-State Tool Building Finite-State Machines Youll use it for homework

Xerox Finite-State Tool Building Finite-State Machines Youll use it for homework Commercial product (but we have academic license here) One of several finite-state toolkits available This one is easiest to use but doesnt

93 views • 7 slides
(Finite) State Machines Lecture 22 Several Models of Computation Automata/Machines,

(Finite) State Machines Lecture 22 Several Models of Computation Automata/Machines,

(Finite) State Machines Lecture 22 Several Models of Computation Automata/Machines, Algebras/Calculi, Grammars, A few examples we shall see: (Finite) State Automata (Context Free) Grammars Circuits You already saw (implicitly): Random

658 views • 21 slides
cse 311: foundations of computing Fall 2015 Lecture 22: Finite state machines review: finite

cse 311: foundations of computing Fall 2015 Lecture 22: Finite state machines review: finite

cse 311: foundations of computing Fall 2015 Lecture 22: Finite state machines review: finite state machines States Transitions on inputs Start state and final states The language recognized by a machine is the set of strings that

430 views • 19 slides
Describing Finite State Machines Murray Cole Describing Finite State Machines 1

Describing Finite State Machines Murray Cole Describing Finite State Machines 1

I V N E U R S E I H T Y T O H F G R E U D I B N Describing Finite State Machines Murray Cole Describing Finite State Machines 1 A Notation for FSMs? FSMs are a useful tool (reactive systems are everywhere)

386 views • 13 slides
Overview A first introduction to Prolog Implementing finite state machines and learning

Overview A first introduction to Prolog Implementing finite state machines and learning

Overview A first introduction to Prolog Implementing finite state machines and learning Prolog along the way Encoding finite state machines in Prolog Recognition and generation with finite state machines in Prolog Completing the

542 views • 5 slides
Test-Based Extended Finite-State Machines Induction with Evolutionary Algorithms and Ant Colony

Test-Based Extended Finite-State Machines Induction with Evolutionary Algorithms and Ant Colony

Test-Based Extended Finite-State Machines Induction with Evolutionary Algorithms and Ant Colony Optimization Daniil Chivilikhin, Vladimir Ulyantsev, Fedor Tsarev tsarev@rain.ifmo.ru St. Petersburg National Research University of Information

858 views • 33 slides
Finite State Machines: Definitions; Verification Greg Plaxton Theory in Programming Practice,

Finite State Machines: Definitions; Verification Greg Plaxton Theory in Programming Practice,

Finite State Machines: Definitions; Verification Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Finite State Machine: Definition A (deterministic) finite state machine

130 views • 11 slides
Destination Mercury BepiColombo and its payload: Detectors for the X-ray spectrometer MIXS

Destination Mercury BepiColombo and its payload: Detectors for the X-ray spectrometer MIXS

Workshop Ringberg Destination Mercury BepiColombo and its payload: Detectors for the X-ray spectrometer MIXS 3.5.2009 Johannes Treis MPI Semiconductor laboratory &amp; MPI for solar system research Mercury as seen on 16.9.2004 1 Johannes

941 views • 74 slides
Overview Day 1 1. Introduction, types of concepts, relation to tasks, invariance 2.

Overview Day 1 1. Introduction, types of concepts, relation to tasks, invariance 2.

Computer Vision by Learning Cees Snoek Laurens van der Maaten Arnold W.M. Smeulders University of Amsterdam Delft University of Technology Overview Day 1 1. Introduction, types of concepts, relation to tasks, invariance 2. Observables,

799 views • 52 slides
Tower Hamlets Suicide Prevention Strategy Action Plan update 2017/18 Somen Banerjee Director of

Tower Hamlets Suicide Prevention Strategy Action Plan update 2017/18 Somen Banerjee Director of

Tower Hamlets Suicide Prevention Strategy Action Plan update 2017/18 Somen Banerjee Director of Public Health Outline of priority areas The Tower Hamlets Suicide Prevention Strategy identified five priority areas for action: Early

191 views • 6 slides
Su Susta tainab inabili ility ty Training ining Se Series! ies! We will be starting

Su Susta tainab inabili ility ty Training ining Se Series! ies! We will be starting

Welcome e to to th the Campu pus s Su Susta tainab inabili ility ty Training ining Se Series! ies! We will be starting shortly. As we are waiting, please chat your name and campus to the Chat pod on the right-hand side of

811 views • 42 slides
1 Depto. Farmacia, CRIDECIT, FCNyCS, UNPSJB, Km. 4, (9000), Comodoro Rivadavia, Chubut. 2 Depto. de

1 Depto. Farmacia, CRIDECIT, FCNyCS, UNPSJB, Km. 4, (9000), Comodoro Rivadavia, Chubut. 2 Depto. de

SUPRAMOLECULAR COMPLEX OF NORFLOXACIN AND SULFAMETHOXAZOLE: SYNTHESIS, CHARACTERIZATION AND EVALUATION OF THE ANTIBACTERIAL ACTIVITY Avila CD 1 , Ayala Gmez R, 1 Becerra MC 2 , Mazzieri MR 2 , Pinto Vitorino G 1 . 1 Depto. Farmacia, CRIDECIT,

1.13k views • 15 slides
Incremental SAT Library Integration using Abstract Stobjs Sol Swords Centaur Technology, Inc.

Incremental SAT Library Integration using Abstract Stobjs Sol Swords Centaur Technology, Inc.

Incremental SAT Library Integration using Abstract Stobjs Sol Swords Centaur Technology, Inc. ACL2 Workshop 2018 Incremental vs. Monolithic SAT Monolithic SAT: Incremental SAT: Provide a Boolean formula (CNF), check Check SAT for permanent

317 views • 15 slides
Models for Computer-Aided Trial &amp; Program Design Terrence Blaschke, M.D. VP, Methodology

Models for Computer-Aided Trial &amp; Program Design Terrence Blaschke, M.D. VP, Methodology

Models for Computer-Aided Trial &amp; Program Design Terrence Blaschke, M.D. VP, Methodology and Science Pharsight Corporation &amp; Professor of Medicine &amp; Molecular Pharmacology Stanford University MODELS What is a model and

507 views • 40 slides
Miner Lake Association Spring 2016 Meeting May 28, 2016 Agenda Approve Minutes from Fall

Miner Lake Association Spring 2016 Meeting May 28, 2016 Agenda Approve Minutes from Fall

Miner Lake Association Spring 2016 Meeting May 28, 2016 Agenda Approve Minutes from Fall Meeting Treasurer Report Update on the Miner Lake Dam Water Quality Report and Monitoring for 2016 Replacement of VP position Membership Topics and Q/A

300 views • 18 slides

More recommend