formal verification methods 2 symbolic simulation
play

Formal Verification Methods 2: Symbolic Simulation John Harrison - PDF document

Jan 03, 2023 •176 likes •334 views

Formal Verification Methods 2: Symbolic Simulation Formal Verification Methods 2: Symbolic Simulation John Harrison Intel Corporation Simulation Symbolic and ternary simulation BDDs Quaternary lattice Symbolic trajectory

  1. Formal Verification Methods 2: Symbolic Simulation Formal Verification Methods 2: Symbolic Simulation John Harrison Intel Corporation • Simulation • Symbolic and ternary simulation • BDDs • Quaternary lattice • Symbolic trajectory evaluation John Harrison Intel Corporation, 9 December 2002

  2. Formal Verification Methods 2: Symbolic Simulation Simulation The traditional method for testing and debugging hardware designs is simulation . This is just testing, done on a formal circuit model. 0 0 1 7-input 0 0 AND gate 1 1 0 Feed sets of arguments in as inputs, and check whether the output is as expected. John Harrison Intel Corporation, 9 December 2002

  3. Formal Verification Methods 2: Symbolic Simulation Generalizations of Simulation We can generalize basic simulation in two different ways: • Ternary simulation, where as well as 0 and 1 we have a “don’t care” value X. • Symbolic simulation, where inputs may be parametrized by Boolean variables, and outputs are functions of those variables. Rather surprisingly, it’s especially useful to do both at the same time, and have ternary values parametrized by Boolean variables. This leads on to symbolic trajectory evaluation (STE) and its generalizations. John Harrison Intel Corporation, 9 December 2002

  4. Formal Verification Methods 2: Symbolic Simulation Example of symbolic simulation We might use Boolean variables for all inputs: a 6 a 5 a 4 7-input a 3 a 0 ∧ · · · ∧ a 6 AND gate a 2 a 1 a 0 or just some of them: 1 1 1 7-input x x AND gate 1 1 1 John Harrison Intel Corporation, 9 December 2002

  5. Formal Verification Methods 2: Symbolic Simulation Example of ternary simulation If some inputs are undefined, the output often is too: X X 1 7-input X X AND gate 1 X X but not always: X X X 7-input X 0 AND gate 0 X X John Harrison Intel Corporation, 9 December 2002

  6. Formal Verification Methods 2: Symbolic Simulation Economies Consider the 7-input AND gate. To verify it exhaustively: • In conventional simulation, we would need 128 test cases, 0000000, 0000001, . . . , 1111111. • In symbolic simulation, we only need 1 symbolic test case, a 0 a 1 a 2 a 3 a 4 a 5 a 6 , but need to manipulate expressions, not just constants. • In ternary simulation, we need 8 test cases, XXXXXX0, XXXXX0X, . . . , 0XXXXXX and 1111111. If we combine symbolic and ternary simulation, we can parametrize the 8 test cases by just 3 Boolean variables. This makes the manipulation of expressions much more economical. John Harrison Intel Corporation, 9 December 2002

  7. Formal Verification Methods 2: Symbolic Simulation Representing Boolean expressions We could just represent Boolean expressions as formulas in the usual way. • Need to check equivalence of ouput expression and expectation • Essentially the same approach as in previous lecture Main alternative is to use a canonical representation for Boolean formulas. • Testing equivalence is trivial (are the expressions the same?) • There is more work in composing the operations internally The most popular canonical representation is (reduced ordered) binary decision diagrams (BDDs). John Harrison Intel Corporation, 9 December 2002

  8. Formal Verification Methods 2: Symbolic Simulation BDDs a a b c c c e e e e d b b b b e d d f f 0 1 0 1 Boolean functions are represented by directed acyclic graphs with maximal sharing and a canonical variables ordering. The variable ordering can make a big difference! John Harrison Intel Corporation, 9 December 2002

  9. Formal Verification Methods 2: Symbolic Simulation Quaternary simulation It’s theoretically convenient to generalize ternary to quaternary simulation, introducing an ‘overconstrained’ value T. We can think of each quaternary value as standing for a set of possible values: = {} T 0 = { 0 } 1 = { 1 } = { 0 , 1 } X This is essentially a simple case of an abstraction mapping. John Harrison Intel Corporation, 9 December 2002

  10. Formal Verification Methods 2: Symbolic Simulation Quaternary lattice We consider the quaternary values laid out in an information ordering: T � ❅ � ❅ � ❅ 0 1 ❅ � ❅ � ❅ � X The lattice ordering indicates that one value has ‘more information’ than another. John Harrison Intel Corporation, 9 December 2002

  11. Formal Verification Methods 2: Symbolic Simulation Extended truth tables The truth-tables for basic gates are extended: p ∧ q p ∨ q p = ⇒ q p ≡ q p q X X X X X X X 0 0 X X X X 1 X 1 1 X 0 X 0 X 1 X 0 0 0 0 1 1 0 1 0 1 1 0 1 X X 1 X X 1 0 0 1 0 0 1 1 1 1 1 1 Note that when composing gates in this simple way, we may lose information. Example: feeding X to ¬ p ∧ p gives X, not 0. But the abstraction is sound under preservation, and still often yields useful information. John Harrison Intel Corporation, 9 December 2002

  12. Formal Verification Methods 2: Symbolic Simulation Parametrizing quaternary values Parametrize sets of quaternary values using Boolean variables:  1 if p ∧ q ∧ r    a 0 = 0 if ¬ p ∧ ¬ q ∧ ¬ r   otherwise X  . . .  1 if p ∧ q ∧ r    a 6 = 0 if p ∧ q ∧ ¬ r   otherwise X  We can represent quaternary values as a pair of Boolean values during simulation, and thus use the standard BDD representation in terms of the parameters. John Harrison Intel Corporation, 9 December 2002

  13. Formal Verification Methods 2: Symbolic Simulation Symbolic trajectory evaluation Symbolic trajectory evaluation (STE) is a further development of ternary symbolic simulation. The user can write specifications in a restricted temporal logic , specifying the behaviour over bounded-length trajectories (sequences of circuit states). A typical specification would be: if the current state satisfies a property P , then after n time steps, the state will satisfy the property Q . The circuit can then be checked against this specification by symbolic quaternary simulation. STE is used extensively at Intel. John Harrison Intel Corporation, 9 December 2002

  14. Formal Verification Methods 2: Symbolic Simulation Summary • Simulation is the standard technique for testing and debugging circuit designs • The two generalizations to ternary and symbolic simulation are independently valuable. • A canonical representation of Boolean functions using BDDs often works well • We can generalize simulation to quaternary simulation, considering it as an abstraction mapping • STE arises by combining symbolic and ternary simulation, and using it to check properties expressed in a simple temporal logic. John Harrison Intel Corporation, 9 December 2002

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Verification Methods 2: Symbolic Simulation John Harrison Intel Corporation

Formal Verification Methods 2: Symbolic Simulation John Harrison Intel Corporation

Formal Verification Methods 2: Symbolic Simulation John Harrison Intel Corporation Marktoberdorf 2003 Thu 31st July 2003 (11:25 12:10) 0 Summary Simulation Symbolic and ternary simulation BDDs Quaternary lattice

507 views • 16 slides
Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification

Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification

Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification David Basin ETH Zurich Summer School on Verification Technology, Systems & Applications Nancy France August 2018 Outline 1 Formal Models 2

1.01k views • 81 slides
Generating and Solving Symbolic Parity Games Gijs Kant Jaco van de Pol Formal Methods &

Generating and Solving Symbolic Parity Games Gijs Kant Jaco van de Pol Formal Methods &

Generating and Solving Symbolic Parity Games Gijs Kant Jaco van de Pol Formal Methods & Tools University of Twente The Netherlands Games 2012, Napoli, Italia 1 / 26 Motivation Application: formal verification of process algebraic

531 views • 26 slides
Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
Introduction to Symbolic Verification Methods David Basin Institute of Information Security ETH

Introduction to Symbolic Verification Methods David Basin Institute of Information Security ETH

Introduction to Symbolic Verification Methods David Basin Institute of Information Security ETH Zurich Road map Motivation Basic notions Problems Symbolic models 1 Security protocols Omnipresent Authentication:

827 views • 37 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby Computer Science Laboratory SRI International Menlo Park, CA John Rushby, SR I Practical Formal Methods: 1 Need: Growing Importance and Cost of

278 views • 12 slides
Outline Static Analysis: Symbolic Execution and Inductive Verification Methods Overview TDDC90:

Outline Static Analysis: Symbolic Execution and Inductive Verification Methods Overview TDDC90:

Outline Static Analysis: Symbolic Execution and Inductive Verification Methods Overview TDDC90: Software Security Symbolic Execution Ahmed Rezine Hoare Triples and Deductive Reasoning IDA, Linkpings Universitet Hsttermin 2014 Static

373 views • 6 slides
A GENERAL-PURPOSE CRN-TO-DSD COMPILER WITH FORMAL VERIFICATION, OPTIMIZATION, AND SIMULATION

A GENERAL-PURPOSE CRN-TO-DSD COMPILER WITH FORMAL VERIFICATION, OPTIMIZATION, AND SIMULATION

A GENERAL-PURPOSE CRN-TO-DSD COMPILER WITH FORMAL VERIFICATION, OPTIMIZATION, AND SIMULATION CAPABILITIES Stefan Badelt , Seung Woo Shin, Robert F. Johnson, Qing Dong, Chris Thachuk, and Erik Winfree DNA and Natural Algorithms (DNA) Group,

320 views • 28 slides
Anna Slobodova Formal Verification Team Shilpi Goel Anna Slobodova Rob Sumners Sol Swords

Anna Slobodova Formal Verification Team Shilpi Goel Anna Slobodova Rob Sumners Sol Swords

Using Formal Methods in an Organization with a Simulation-Based Mentality IWLS 2017 Anna Slobodova Formal Verification Team Shilpi Goel Anna Slobodova Rob Sumners Sol Swords Centaur Technology Founded in 1995 as a startup to lower cost of

795 views • 17 slides
Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-1 Outline Formal verification techniques Design verification languages Bell-LaPadula and SPECIAL Current verification systems

911 views • 63 slides
Static Analysis: Symbolic Execution and Inductive Verification Methods TDDC90: Software Security

Static Analysis: Symbolic Execution and Inductive Verification Methods TDDC90: Software Security

Static Analysis: Symbolic Execution and Inductive Verification Methods TDDC90: Software Security Ahmed Rezine IDA, Linkpings Universitet Hsttermin 2020 Outline Overview Symbolic Execution Hoare Triples and Deductive Reasoning Outline

767 views • 33 slides
Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for

Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for

Formal Verification Methods 4: Theorem Proving Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for general theorem proving Set theory vs. higher-order logic Herbrand-based approaches

475 views • 18 slides
Formal Verification Methods 5: Floating Point Verification John Harrison Intel Corporation

Formal Verification Methods 5: Floating Point Verification John Harrison Intel Corporation

Formal Verification Methods 5: Floating Point Verification Formal Verification Methods 5: Floating Point Verification John Harrison Intel Corporation Itanium overview HOL overview Floating point numbers and Itanium formats HOL

591 views • 21 slides
Specification and verification in the field: Applying formal methods to BPF just-in-time

Specification and verification in the field: Applying formal methods to BPF just-in-time

Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel Luke Nelson, Jacob Van Geffen, Emina Torlak, and Xi Wang University of Washington Goal: formally verified (e)BPF JITs in the

267 views • 22 slides
Formal Verification Methods 1: Propositional Logic John Harrison Intel Corporation Course

Formal Verification Methods 1: Propositional Logic John Harrison Intel Corporation Course

Formal Verification Methods 1: Propositional Logic Formal Verification Methods 1: Propositional Logic John Harrison Intel Corporation Course overview Propositional logic A resurgence of interest Logic and circuits Normal

424 views • 18 slides
And Haman went out that day joyful and glad of heart. But when Haman saw Mordecai in the king's

And Haman went out that day joyful and glad of heart. But when Haman saw Mordecai in the king's

Esther 5:9-14 (ESV) And Haman went out that day joyful and glad of heart. But when Haman saw Mordecai in the king's gate, that he neither rose nor trembled before him, he was fjlled with wrath against Mordecai. 10 Nevertheless, Haman

434 views • 27 slides
A #SAT Algorithm for Small Constant-Depth Circuits with PTF gates. Nutan Limaye Compuer Science

A #SAT Algorithm for Small Constant-Depth Circuits with PTF gates. Nutan Limaye Compuer Science

A #SAT Algorithm for Small Constant-Depth Circuits with PTF gates. Nutan Limaye Compuer Science and Engineering Department, Indian Institute of Technology, Bombay, (IITB) India. Joint work with Swapnam Bajpai, Vaibhav Krishan, Deepanshu Kush,

2.27k views • 159 slides
Flash Memory Suzhen Wu*, Sijie Lan *, Jindong Zhou*, Hong Jiang, Zhirong Shen* *Xiamen

Flash Memory Suzhen Wu*, Sijie Lan *, Jindong Zhou*, Hong Jiang, Zhirong Shen* *Xiamen

BitFlip: A Bit-Flipping Scheme for Reducing Read Latency and Improving Reliability of Flash Memory Suzhen Wu*, Sijie Lan *, Jindong Zhou*, Hong Jiang, Zhirong Shen* *Xiamen University, China University of Texas at Arlington, USA 36 th

282 views • 25 slides
W4231: Analysis of Algorithms Formal Definition of Reduction 11/18/99 For a decision problem A ,

W4231: Analysis of Algorithms Formal Definition of Reduction 11/18/99 For a decision problem A ,

W4231: Analysis of Algorithms Formal Definition of Reduction 11/18/99 For a decision problem A , we use the notation x A to mean x is an input instance for which the right solution according NP and NP-completeness to problem A is

440 views • 4 slides
Multiplexer Goals Selectors: DEF: A MUX -gate (also known as a (2 : 1) -multiplexer) is a

Multiplexer Goals Selectors: DEF: A MUX -gate (also known as a (2 : 1) -multiplexer) is a

Multiplexer Goals Selectors: DEF: A MUX -gate (also known as a (2 : 1) -multiplexer) is a combinational gate that has three inputs D [0] , D [1] , S and Chapter 5: Selectors and Shifters review definition of multiplexer. one output Y . The

536 views • 5 slides
Deep Networks Andrea Passerini passerini@disi.unitn.it Machine Learning Deep Networks Need for

Deep Networks Andrea Passerini passerini@disi.unitn.it Machine Learning Deep Networks Need for

Deep Networks Andrea Passerini passerini@disi.unitn.it Machine Learning Deep Networks Need for Deep Networks Perceptron Can only model linear functions Kernel Machines Non-linearity provided by kernels Need to design appropriate kernels

563 views • 43 slides
Genetic Improvement and Approximation: From Hardware to Software Luk Sekanina Brno

Genetic Improvement and Approximation: From Hardware to Software Luk Sekanina Brno

Genetic Improvement and Approximation: From Hardware to Software Luk Sekanina Brno University of Technology, Faculty of Information Technology Brno, Czech Republic sekanina@fit.vutbr.cz CREST COW 45, London, January 25 -26, 2016 Genetic

559 views • 26 slides
CSE 421 P vs NP / NP Completeness Shayan Oveis Gharan 1 Decision Problems A decision problem

CSE 421 P vs NP / NP Completeness Shayan Oveis Gharan 1 Decision Problems A decision problem

CSE 421 P vs NP / NP Completeness Shayan Oveis Gharan 1 Decision Problems A decision problem is a computational problem where the answer is just yes/no Here, we study computational complexity of decision Problems. Why? much simpler to

277 views • 17 slides

More recommend