specifying circuit properties in psl formal methods
play

Specifying circuit properties in PSL Formal methods Mathematical - PDF document

Mar 04, 2023 •270 likes •524 views

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in system development Aim to increase confidence in riktighet of system Apply to both hardware and software 1 Formal methods Complement other

  1. Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in system development Aim to increase confidence in riktighet of system Apply to both hardware and software 1

  2. Formal methods Complement other analysis methods Are good at finding bugs Reduce development (and test) time (Verification time is often 70% of total time in hardware design projects) Some fundamental facts Low level of abstraction, Finite state systems => automatic proofs possible High level of abstraction, Fancy data types, general programs => automatic proofs IMPOSSIBLE 2

  3. Two main approaches • Squeeze the problem down into one that can be handled automatically – industrial success of model checkers – automatic proof-based methods very hot • Use powerful interactive theorem provers and highly trained staff – for example Harrison’s work at Intel on floating point algorithms (http://www.cl.cam.ac.uk/users/jrh/) Model Checking G(p -> F q) yes property MC algorithm no p p q q counterexample finite-state model (Ken McMillan) 3

  4. Again two main approaches • Linear-time Temporal Logic (LTL) – must properties, safety and liveness – Pnueli, 1977 • Computation Tree Logic (CTL) – branching time, may properties, safety and liveness – Clarke and Emerson, Queille and Sifakis, 1981 Linear time conceptually simplier (words vs trees) Branching time computationally more efficient We will return to this in a later lecture But temporal logics hard to read and write! 4

  5. Computation Tree Logic A sequence beginning with the assertion of signal strt, and containing two not necessarily consecutive assertions of signal get, during which signal kill is not asserted, must be followed by a sequence containing two assertions of signal put before signal end can be asserted AG~(strt & EX E[~get & ~kill U get & ~kill & EX E[~get & ~kill U get & ~kill & E[~put U end] | E[~put & ~end U (put & ~end & EX E[~put U end])]]]) Basis of PSL was Sugar (IBM, Haifa) Grew out of CTL (I believe) Added lots of syntactic sugar Engineer friendly, used in many projects Used in the industrial strength MC RuleBase 5

  6. Assertion Based Verification (ABV) can be done in two ways During simulation – (dynamic, at runtime, called semi-formal verification, checks only those runs) As a static check – (formal verification, covers all possible runs, more comprehensive, harder to do, restricted to a subset of the property language ) (Note: this duality has been important for PSL’s practical success, but it also complicates the semantics!) Properties always (p) states that p (a boolean expression made from signal names, constants and operators) is true on every cycle always (! (gr1 & gr2)) 6

  7. Properties always (a -> b) If a is true, then b is true a implies b a -> b not a or b always ((rd=’0’) -> next (prev(dout)=dout) ) Safety Properties always (p) ”Nothing bad will ever happen” Most common type of property checked in practice Easy to check (more later) Disproved by a finite run of the system 7

  8. Observer: a second approach Observer written in same language as circuit Safety properties only Used in verification of control programs (and in Lava later) F ok Prop Back to PSL always (p) Talks about one cycle at a time Sequential Extended Regular Expressions (SEREs) allow us to talk about spans of time A SERE describes a set of traces It is a building block for a property http://www.eda.org/vfv/docs/PSL-v1.1.pdf 8

  9. SERE examples {req; busy; grnt} All sequences of states, or traces, in which req is high on the first cycle, busy on the second, and grnt on the third. (source Sugar 2.0 presentation from IBM’s Dana Fisman and Cindy Eisner, with thanks) SERE examples {req; busy; grnt} req is in the set of traces busy grnt 9

  10. SERE examples {req; busy; grnt} req This too busy grnt SERE examples {req; busy; grnt} req busy and this grnt 10

  11. SERE examples {req; busy; grnt} req busy but not this Why? grnt SERE examples How can we specify ONLY those traces that start like this? req busy grnt 11

  12. SERE examples {req & !busy & !grnt; req !req & busy & !grnt; !req & !busy & grnt} busy grnt SERE examples How do we say that the {req,busy,grnt} sequence can start anywhere? req busy grnt 12

  13. SERE examples {[*]; req; busy; grnt} req [*] means skip zero or more busy cycles grnt SERE examples {[*]; req; busy; grnt} req so our original trace is still in the set busy described grnt 13

  14. SERE examples {true; req; busy; grnt} says that the req, busy, grnt req sequence starts exactly in the second cycle. It constrains only cycles 2,3,4 busy grnt {true[*4]; req; busy; grnt} rbg sequence must start at cycle 5 {true[+]; req; busy; grnt} true[+] = [+] one or more trues true[*] = [*] 14

  15. {[*]; req; busy[*3..5]; grnt} at least 3 and at most 5 busys {[*]; req; {b1,b2}[*]; grnt} {[*]; req; {b1,b2,b3}[*7]; grnt} subsequences can also be repeated && Simultaneous subsequences Same length, start and end together {start; a[*]; end} && {!abort[*]} 15

  16. || One of the subsequences should be matched Don’t need to be the same length {request; {rd; !cncl_r; !dne[*]} || {wr;!cncl_w;!dne[*]}; dne} Fancier properties at last! SEREs are themselves properties (in the latest version of PSL). Properties are also built from subproperties. {SERE1} |=> {SERE2} is a property If a trace matches SERE1, then its continuation should match SERE2 16

  17. {true[*]; req; ack} |=> {start; busy[*]; end} then if Not just the first req, ack {true[*]; req; ack} => {start; busy[*]; end} then if then if 17

  18. Overlap also possible! {true[*]; req; ack} => {start; busy[*]; end} then if then if {true[*]; req; ack} => {start; data[*]; end} then if 18

  19. Can check for data in non-consecutive cycles {true[*]; req; ack} => {start; data[=8]; end} 2 3 4 5 6 7 1 8 then if A form of implication {SERE1} |=> {SERE2} If a trace matches SERE1, then its continuation should match SERE2 19

  20. Another form of implication {SERE1} |-> {SERE2} If a trace matches SERE1, then SERE2 should be matched, starting from the last element of the trace matching SERE1 So there is one cycle of overlap in the middle Example {[*]; start; busy[*]; end} |-> {success; done} If signal start is asserted, signal end is asserted at the next cycle or later, and in the meantime signal busy holds, then success is asserted at the same time as end is, and in the next cycle done is asserted 20

  21. Example {[*]; {start; c[*]; end}&&{!abort[*]}} |-> {success} If there is no abort during {start,c[*],end}, success will be asserted with end {SERE1} |=> {SERE2} = {SERE1} |-> {true, SERE2} Both are formulas of the linear fragment (which is based on LTL) In Jasper Gold, we use this linear part. There is also an optional branching extension (which is where CTL comes back in) 21

  22. PSL has a small core and the rest is syntactic sugar, for example b[=i] = {not b[*]; b}[*i] ; not b[*] See formal semantics in LRM PSL Regular expressions (plus some operators) + Linear temporal logic (LTL) + Lots of syntactic sugar + (optional) Computation tree logic (CTL) 22

  23. Example revisited A sequence beginning with the assertion of signal strt, and containing two not necessarily consecutive assertions of signal get, during which signal kill is not asserted, must be followed by a sequence containing two assertions of signal put before signal end can be asserted AG~(strt & EX E[~get & ~kill U get & ~kill & EX E[~get & ~kill U get & ~kill & E[~put U end] | E[~put & ~end U (put & ~end & EX E[~put U end])]]]) In PSL (with 8 for 2) A sequence beginning with the assertion of signal strt, and containing eight not necessarily consecutive assertions of signal get, during which signal kill is not asserted, must be followed by a sequence containing eight assertions of signal put before signal end can be asserted always({strt; {get[=8]}&&{kill[=0]}} |=> {{put[=8]}&&{end[=0]}}) 23

  24. From PSL to CTL? always {a;b[*];c} -> {d;e[*];f} (source, lecture notes by Mike Gordon, question asked by PSL/Sugar designers) PSL Seems to be reasonably simple, elegant and concise! Jasper’s Göteborg based team have helped to define and simplify the formal semantics. See the LRM and also the paper in FMCAD 2004 (on course home page) 24

  25. Friday’s lecture By Jiri Gaisler on his two process method of using VHDL Do NOT miss this lecture. It is brilliant! Next week, I will return to LTL, CTL and how to model check them 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Grammar formalisms Tree Adjoining Grammar: Formal Properties, Part I Parsing Formal Properties

Grammar formalisms Tree Adjoining Grammar: Formal Properties, Part I Parsing Formal Properties

Some sample languages Pumping Lemma for TAL Closure Properties Grammar formalisms Tree Adjoining Grammar: Formal Properties, Part I Parsing Formal Properties of TAG Laura Kallmeyer, Timm Lichte, Wolfgang Maier Universit at T ubingen

260 views • 14 slides
Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical foundations of computer science 2 Formal Methods Logical foundations of computer science A language that machines can understand 2 Formal Methods

1.22k views • 121 slides
Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why Formalisms? Relationships Flaws Some systems Conclusions Why Formal Methods? We already can build systems. Roman Engineers built

671 views • 12 slides
Opportunities for Industrial Applications of Formal Methods John Rushby Computer Science

Opportunities for Industrial Applications of Formal Methods John Rushby Computer Science

Opportunities for Industrial Applications of Formal Methods John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I CAL Inauguration Seminar: 1 Formal Methods These are ways for exploring properties

740 views • 45 slides
Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Outline Formal specifications CISC422/853: Formal Methods Types of formal specifications: in Software Engineering: assertions invariants Computer-Aided Verification safety and liveness properties How to express safety

226 views • 22 slides
Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3. Course syllabus 4. Course objectives Introductory Lecture 5. Course organization 1. Lecturer 2. Formal Methods Name: Dilian Gurov Formal

56 views • 3 slides
Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations of computer science Formal Methods Logical foundations of computer science A language that machines can understand Formal Methods Logical

1.67k views • 123 slides
Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in Software Engineering: Practically : BIR, PROMELA How to express properties Computer-Aided Verification Assertions, invariants

196 views • 9 slides
A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4) Contents INTRODUCTION INTRODUCTION DEFINITION AND OVERVIEW OF FORMAL METHODS SPECIFICATION METHODS LIFE CYCLES AND

317 views • 19 slides
Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process What are Formal Methods? Advantages and Disadvantages of Formal Methods Formal Methods in the Requirement Process Mathematical Formulas

561 views • 20 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING

THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING

THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING LOGIC Peter Olveczky University of Oslo FMfun19, December 3, 2019 OUTLINE How to introduce formal methods to undergraduates? Fun!

1.95k views • 171 slides
Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal

Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal

Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal Methods Symposium NASA HQ, Washington DC 14th April 2010 (09:0010:00) 0 Table of contents Intels diverse verification problems Verifying

834 views • 45 slides
A Formal (proved) Approach to Discrete System Development Modeling J-R. Abrial September 2004

A Formal (proved) Approach to Discrete System Development Modeling J-R. Abrial September 2004

A Formal (proved) Approach to Discrete System Development Modeling J-R. Abrial September 2004 Purpose of the Course - Giving some insights about Formal Methods - Showing that Formal Methods can be made practical - Illustrating Formal Methods

1.25k views • 112 slides
Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T

Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T

F F F Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T M&&T June 27, 03 Formal Methods && Tools Group - ISTI CNR CAF - 1 F F F Outline Overview of the Formal Methods

276 views • 23 slides
Visualizing Fuchsian Groups David Dumas Dec 4, 2019 ICERM Special Interest Seminar Fuchsian

Visualizing Fuchsian Groups David Dumas Dec 4, 2019 ICERM Special Interest Seminar Fuchsian

Visualizing Fuchsian Groups David Dumas Dec 4, 2019 ICERM Special Interest Seminar Fuchsian groups correspond to hyperbolic 2-orbifolds, A Fuchsian group is a discrete subgroup < PSL(2, R ). because PSL(2, R ) Isom + ( H 2 ).

264 views • 11 slides
LARGE-SCALE KNOWLEDGE GRAPH IDENTIFICATION USING PSL Jay Pujara 1 , Hui Miao 1 , Lise Getoor 1

LARGE-SCALE KNOWLEDGE GRAPH IDENTIFICATION USING PSL Jay Pujara 1 , Hui Miao 1 , Lise Getoor 1

LARGE-SCALE KNOWLEDGE GRAPH IDENTIFICATION USING PSL Jay Pujara 1 , Hui Miao 1 , Lise Getoor 1 , William Cohen 2 1 University of Maryland, College Park, US 2 Carnegie Mellon University AAAI Symposium on Semantics for Big Data 11/16/2013

565 views • 37 slides
A Short Introduction to Probabilistic Soft Logic Angelika Kimmig, Stephen H. Bach, Matthias

A Short Introduction to Probabilistic Soft Logic Angelika Kimmig, Stephen H. Bach, Matthias

A Short Introduction to Probabilistic Soft Logic Angelika Kimmig, Stephen H. Bach, Matthias Broecheler, Bert Huang and Lise Getoor NIPS Workshop on Probabilistic Programming 2012 http://psl.umiacs.umd.edu 1 Probabilistic Soft Logic (PSL)

1.03k views • 68 slides
The R Package fechner Ali nl, Thomas Kiefer 1 Ehtibar N. Dzhafarov 2 1 University of Dortmund 2

The R Package fechner Ali nl, Thomas Kiefer 1 Ehtibar N. Dzhafarov 2 1 University of Dortmund 2

The R Package fechner Ali nl, Thomas Kiefer 1 Ehtibar N. Dzhafarov 2 1 University of Dortmund 2 Purdue University 2nd Workshop on Psychometric Computing Department of Statistics Ludwig-Maximilians-University Munich February 26, 2010 This

923 views • 38 slides
protoDUNE APA Commissioning Lessons Learned (so far) Andrzej Szelc (Manchester) & Serhan

protoDUNE APA Commissioning Lessons Learned (so far) Andrzej Szelc (Manchester) & Serhan

protoDUNE APA Commissioning Lessons Learned (so far) Andrzej Szelc (Manchester) & Serhan Tufanli (Yale) Introduction This talk is a summary of things we know about: Practicalities of commissioning the APAs in-situ How the

377 views • 27 slides
Asymptotics of certain families of Higgs bundles Qiongling Li (QGM-Caltech) (joint with Brian

Asymptotics of certain families of Higgs bundles Qiongling Li (QGM-Caltech) (joint with Brian

Asymptotics of certain families of Higgs bundles Qiongling Li (QGM-Caltech) (joint with Brian Collier, UIUC) AMS-EMS-SPM Porto Meeting Higgs Bundles and Character Varieties June, 2015 Qiongling Li (QGM-Caltech) (joint with Brian Collier,

604 views • 41 slides
Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/

Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/

Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/ Was popular in semiconductor industry via Cadence SMV Could handle large models A re-implementation of the SMV model checker: Good

110 views • 10 slides
Proof Strategy Language and Goal-Oriented Conjecturing for Isabelle/HOL Yutaka Nagashima and

Proof Strategy Language and Goal-Oriented Conjecturing for Isabelle/HOL Yutaka Nagashima and

Proof Strategy Language and Goal-Oriented Conjecturing for Isabelle/HOL Yutaka Nagashima and Julian Parsert Czech Technical University in Prague University of Innsbruck Isabelle/HOL before PSL Isabelle/HOL before PSL context proof goal

558 views • 33 slides

More recommend