Formal Verification of Safety Properties in Timed Circuits - PowerPoint PPT Presentation

1 / 77
About This Presentation
Title:

Formal Verification of Safety Properties in Timed Circuits

Description:

Formal Verification of Safety Properties in Timed Circuits Marco A. Pe a (Univ. Polit cnica de Catalunya) Jordi Cortadella (Univ. Polit cnica de Catalunya) – PowerPoint PPT presentation

Number of Views:79
Avg rating:3.0/5.0
Slides: 78
Provided by: Marc4293
Category:

less

Transcript and Presenter's Notes

Title: Formal Verification of Safety Properties in Timed Circuits


1
Formal Verification ofSafety Properties inTimed
Circuits
  • Marco A. Peña (Univ. Politècnica de
    Catalunya)
  • Jordi Cortadella (Univ. Politècnica de
    Catalunya)
  • Alex Kondratyev (Theseus Logic Inc.)
  • Enric Pastor (Univ. Politècnica de
    Catalunya)

2
Are there any hazards or glitches?
3
Outline
  • Preliminaries
  • Transitions systems and timing constraints
  • From absolute to relative timing
  • State space refinement by timing constraints
  • Verification algorithm
  • Results and conclusions

4
Gate Delay Model
X
d??? 3,5
Z
d??? 2,4
Y
X
Y
5
4
2
3
Z
5
A circuit is a concurrent system
Gates ? Processes Delays ? Computation
times Signal transitions ? Events
6
Previous work
  • Time separation of events
  • McMillan Dill (1992) min/max constraints in
    acyclic graphs
  • Hulgaard Burns (1994) max constraints for
    cyclic graphs with choice
  • Zone automata
  • Dill (1989) Clock zones represented as
    conjunctions of timing constraints
    (difference-bound matrices)
  • Rockiki, Myers, Belluomini (1994, 1998) Partial
    orders to reduce the number of geometric regions
    (ATACS)
  • Maler (1995) Timed polyhedra (Open KRONOS)
  • Incremental refinement
  • Alur et al. (1995) timing constraints added as
    needed (COSPAN, timed automata).
  • Balarin Sangiovanni-Vincentelli (1995)
    trace-based refinement
  • Negulescu (1997) process spaces (FIREMAPS)

7
Our approach
  • Time separation of events
  • McMillan Dill (1992) min/max constraints in
    acyclic graphs
  • Incremental refinement

for absolute timing analysis
by acyclic graphs with relative timing
8
Our approach features
  • Applicable to timed transition systems, with any
    type of causality relations
  • Verification of temporal safety properties
  • BDD-based symbolic representation(large untimed
    state spaces can be handled)
  • Backannotation sufficient (relative) timing
    constraints for correctness are reported

9
Transition systemsand timing constraints
10
x
a
b
  • Transition System
  • States
  • Transitions
  • Events

b
g
a
c
c
g
b
c
a
b
c
g
c
b
d
g
y
d
g
11
x
Firing Region (a)
a
b
b
g
a
c
c
g
b
c
a
b
c
g
c
b
d
g
y
d
g
12
x
Firing Region (b)
a
b
b
g
a
c
c
g
b
c
a
b
c
g
c
b
d
g
y
d
g
13
x
a
b
Concurrency a b
b
g
a
c
c
g
b
c
a
b
c
g
c
b
d
g
y
d
g
14
x
a
b
AND causality
b
g
a
c
c
a
b
c
g
b
c
a
b
c
g
FR (d)
d
c
b
d
g
y
d
g
15
x
a
b
OR causality
FR (c)
b
g
a
c
c
a
b
g
b
c
a
b
c
g
c
c
b
d
g
y
d
g
16
x
  • Property
  • g must fire before d after having fired x

a
b
b
g
a
c
c
g
b
c
a
b
c
g
c
b
d
g
y
d
g
17
x
  • Timed Transition System
  • (Manna, Pnueli)
  • Transition System
  • Min/Max Delays

a
b
b
g
a
c
c
b
c
c
g
d(a) ? 1,2 d(b) ? 1,2 d(c) ? 2.5,3 d(g) ?
0.5,0.5 d(d,x,y) ? 0,?)
c
y
d
18
From absolutetorelative timing
19
x
a
b
b
g
a
c
c
g
b
c
a
b
c
g
c
b
d
g
y
d
g
20
  • An event e can only become enabled at the time
    another event e fires (e triggers e)

21
x
x
a
b
a
g
c
b
c
d
d
g
22
Event structure from a trace
x
x
a
b
a
g
c
b
c
d
d
g
23
x
x
a,b
a
b,c,g
b
c,g
c
d,g
d
g
g
Ø
24
x
x
a,b
a
b,c,g
b
c,g
c
d,g
d
g
g
Ø
25
x
x
a,b
a
b,c,g
b
c,g
c
d,g
d
g
g
Ø
26
x
x
a,b
a
b,c,g
b
c,g
c
d,g
d
g
g
Ø
27
x
x
a,b
a
b,c,g
b
c,g
c
d,g
d
g
g
Ø
28
x
x
a,b
a
b,c,g
b
c,g
c
d,g
d
g
g
Ø
29
x
x
a,b
a
b,c,g
b
c,g
c
d,g
d
g
g
Ø
30
x
x
x
x
x
x
a,b
a,b
a,b
b
a
a
a
b,c,g
b,c,g
a
c
g
c,g
b,g
b,c
c
g
b
d,g
b
c
d
b
c
g
d
d
g
d
d
Ø
Ø
Ø
31
Maximum Time Separation (McMillan Dill, 1992)
x
1,2
1,2
a
b
0.5,0.5
2.5,3
g
c
0,?)
0,?)
d
max t(g) - t(d)
-2
32
Maximum Time Separation (McMillan Dill, 1992)
x
1,2
1,2
a
b
0.5,0.5
2.5,3
g
c
0,?)
0,?)
d
max t(g) - t(d)
-2
33
Maximum Time Separation (McMillan Dill, 1992)
x
From absolute to relative timing
a
b
g
c
d
max t(g) - t(d)
-2
34
x
x
x
x
x
x
x
x
a,b
a,b
a,b
a,b
a
b
a
a
b,c,g
a
b,c,g
b,c,g
b
a
c
g
c,g
c,g
b,g
b,c
c
c
g
b
d,g
d,g
b
c
d
d
b
c
g
g
d
d
g
g
d
d
Ø
Ø
Ø
Ø
35
x
x
Theorem The trace is timing consistent iffit is
an enabling-compatible traceof the timed event
structure
x
x
a,b
a,b
a
a
b,c,g
b,c,g
b
c
c,g
b,g
c
g
d,g
b
d
b
g
d
  • dmin and dmax for each event

g
d
Ø
Ø
36
State space refinementbytiming constraints
37
x
x
a
b
a
b
b
g
a
c
c
g
g
c
b
c
a
b
c
g
d
c
b
d
g
y
d
g
38
x
x
a
b
a
b
b
g
a
c
c
g
g
c
b
c
a
b
c
g
d
c
b
d
g
y
d
g
39
x
x
a
b
a
b
b
g
a
c
c
g
g
c
b
c
a
b
c
g
d
c
b
d
g
y
d
g
40
x
x
a
b
a
b
b
g
a
c
c
g
g
c
b
c
a
b
c
g
d
c
b
d
g
y
d
g
41
x
x
a
b
a
b
b
g
a
c
c
g
g
c
b
c
a
b
c
g
d
c
b
d
g
y
d
g
42
x
x
a
b
a
b
b
g
a
c
c
g
g
c
b
c
a
b
c
g
d
c
b
d
g
y
d
g
43
x
x
a
b
a
b
b
g
a
c
c
g
g
c
b
c
a
b
c
g
d
c
b
d
g
y
Enabling compatible
d
g
44
x
x
a
b
a
b
b
g
a
c
c
g
g
c
b
c
a
b
c
g
d
c
b
d
g
y
d
g
45
x
x
a
b
a
b
b
g
a
c
c
g
g
c
b
c
a
b
c
g
d
c
b
d
g
y
Not enabling compatible
d
g
46
x
x
a
b
a
b
b
g
a
c
c
g
g
c
b
c
a
b
c
g
d
c
b
d
g
y
Not enabling compatible
d
g
47
x
x
a
b
a
b
b
g
a
c
c
g
g
c
b
c
a
b
c
g
d
c
b
d
g
y
d
g
48
x
x
a
b
a
b
b
g
a
c
c
g
g
c
b
c
a
b
c
g
d
c
b
d
g
y
d
g
49
x
a
b
b
g
a
c
c
g
b
c
c
a
b
c
g
g
c
c
b
d
d
g
g
y
y
d
d
g
g
50
x
x
a
a
b
b
g
c
g
g
c
b
c
b
c
g
d
c
b
d
g
d
g
51
x
x
a
a
b
b
g
c
g
g
c
b
c
b
c
g
d
c
b
d
g
d
g
52
x
x
a
a
b
b
g
c
g
c
b
c
c
g
d
c
d
53
x
a
b
b
g
a
c
b
c
a
g
g
c
c
d
g
y
y
d
d
g
54
x
b
x
a
c
a
b
c
a
g
g
c
c
d
g
d
d
g
55
x
b
x
a
c
a
b
c
a
g
g
c
c
d
g
d
d
g
56
x
b
x
a
c
a
b
c
g
g
c
c
d
d
57
x
a
b
b
g
a
b
g
g
c
c
y
y
d
d
58
x
a
b
b
g
a
b
g
g
c
c
y
y
d
d
59
Verificationalgorithm
60
(No Transcript)
61
(No Transcript)
62
(No Transcript)
63
(No Transcript)
64
(No Transcript)
65
(No Transcript)
66
(No Transcript)
67
Symbolic state space exploration and failure
detection
68
Border of failure states
  • Failure trace
  • Composition

69
  • Failure trace
  • Event structure
  • Timing analysis
  • Composition

70
(No Transcript)
71
(No Transcript)
72
(No Transcript)
73
(No Transcript)
74
Backannotation (sufficient timing constraints)
75
Convergence of the algorithm
76
Implementation issues
  • Event structure calculated from the shortest
    suffix that invalidates the failure trace
  • Composition slight modification of the
    Transition Relation (one extra boolean variable
    to indicate enabling compatibility)
  • State encoding n bits for untimed states
    nk bits for timed states(k
    event structures used for timing analysis)

77
Experimental results
78
Experimental results
79
Conclusions
  • Timing analysis with absolute delays typically
    produces unmanageable state spaces
  • Temporal properties (no glitches, mutual
    exclusion, no conflicts) can be posed as relative
    timing constraints
  • Strategy combine absolute timing (for
    analysis)with relative timing (for state space
    calculation)
  • Backannotation important in the design flow and
    for sensitivity analysis

80
Experimental results the STARI FIFO
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Formal Verification of Safety Properties in Timed Circuits" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!