darmstadt university of technology- 1 - sequential verification by symbolic simulation darmstadt...

Darmstadt University of Technology - 1 -

Sequential Verification by Symbolic Simulation

Darmstadt University of Technology Dept. of Electrical and Computer Engineering

Germany

Gerd Ritter

(if 78rf[adrB] b, x mem[adr2]);twert ( mem[adr2]); (if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe

erweirwerwereri we ewroiw weioruwerijw

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]); mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 (if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR werwerweroewihgoerijhgbe mem[adr2]);twersfawetwerwerweroewihgoerijhgbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 78then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 (if adr1=adr2 78 mem[adr1]vawerwesrwaerwearwerwerwerawerawerwarwearl);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);werwerweoiruwepoir,pweiurcmpouopeiwurwrwerwerweirwerwereri we ewroiw weioruwerijw

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[wwerwerwerwaerwdr2]);wrwerwerl);erwrwerwerwerwerwet5erioustgnfodsegkjerogtkjerogtkjerogtkmeorkegmrkhmgethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);(if adrA adrB then rf[adrA] a; mem[adr1]val); then zval+rf[adrR] else zx+rf[adrR]);mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR ( mem[adr2]);twerweroewihg(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778ewrwerawer ewvtroiejwcro[iwehjnr[occwn3r[oweictweticwopjertijeroginhreisgvbsdrpgvjnsdprigjzseriogjerogh;serozighzr;‘ongvosrzegmnseirogregoerijngerzos[goxdrijzdghnb;zdriozdjo‘gergeroigtjer[ognifd;lindzgher[tjisereartoearjiopgb;zjndfl/gmnio;dlzkhrje;oyhinser[ohinmstophtrfshsrtyoeaijyeoritisoert

tijeroginhreisgvbsdrpgvjnsdprigjzseriogjerogh;serozighzr;‘ongvosrzegmnseirogregoerijngerzos[goxdrijzdghnb;zdriozdjo‘gergeroigtjer[ognifd;lindzgher[tjisereartoearjiopgb;zjndfl/gmnio;dlzkhrje;oyhinser[ohinmstophtrfshsrtyoeaijyeoritisoert

(if 78r adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR werwerweroewihgoerijhgbe mem[adr2]);twersfawetwerwerweroewihgoerijhgbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 f[adrB] b, x mem[adr2]);twert ( mem[adr2]); (if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]); mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 (if i68i 778 then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 78then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 (if adr1=adr2adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR werwerweroewihgoerijhgbe mem[adr2]);twersfawetwerwerweroewihgoerijhgbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[wwerwerwerwaerwdr2]);wrwerwerl);erwrwerwerwerwerwet5erioustgnfodsegkjerogtkjerogtkjerogtkmeorkegmrkhmgethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);(if adrA adrB then rf[adrA] a; mem[adr1]val); then zval+rf[adrR] else zx+rf[adrR]);mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR ( mem[adr2]);twerweroewihg[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);werwerweoiruwepoir,pweiurcmpouopeiwurwrwerwerweirwerwereri we ewroiw weioruwerijw

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);(if adrA adrBertetioerptkerotk8iperot

(if 78rf[adrB] b, x mem[adr2]);twert ( mem[adr2]); (if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 (if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR werwerweroewihgoerijhgbe mem[adr2]);twersfawetwerwerweroewihgoerijhgbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 78then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 (if adr1=adr2 78 mem[adr1]vawerwesrwaerwearwerwerwerawerawerwarwearl);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);werwerweoiruwepoir,pweiurcmpouopeiwurwrwerwerweirwerwereri we ewroiw weioruwerijw

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[wwerwerwerwaerwdr2]);wrwerwerl);erwrwerwerwerwerwet5erioustgnfodsegkjerogtkjerogtkjerogtkmeorkegmrkhmgethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);(if adrA adrB then rf[adrA] a; mem[adr1]val); then zval+rf[adrR] else zx+rf[adrR]);mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR ( mem[adr2]);twerweroewihg(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778ewrwerawer ewvtroiejwcro[iwehjnr[occwn3r[oweictweticwopjertijeroginhreisgvbsdrpgvjnsdprigjzseriogjerogh;serozighzr;‘ongvosrzegmnseirogregoerijngerzos[goxdrijzdghnb;zdriozdjo‘gergeroigtjer[ognifd;lindzgher[tjisereartoearjiopgb;zjndfl/gmnio;dlzkhrje;oyhinser[ohinmstophtrfshsrtyoeaijyeoritisoert

(if 78rf[adrB] b,if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 (if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR werwerweroewihgoerijhgbe mem[adr2]);twersfawetwerwerweroewihgoerijhgbe(if adrA adrBertetioerptkerotk8iperot x mem[adr2]);twert ( mem[adr2]); (then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 the adr1]vawerwesrwaerwearwerwerwerawerawerwarwearl);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);werwerweoiruwepoir,pweiurcmpouopeiwurwrwerwerweirwerwereri we ewroiw weioruwerijw

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe ni87 i else zx+rf[adrR]);7i 7878 78then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 (if adr1=adr2 78 mem[ mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[wwerwerwerwaerwdr2]);wrwerwerl);erwrwerwer(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR ( mem[adr2]);twerweroewihg(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778ewrwerawer ewvtroiejwcro[iwehjnr[occwn3r[oweictweticwopjertijeroginhreisgvbsdrpgvjnsdprigjzseriogjerogh;serozighzr;‘ongvosrzegmnseirogregoerijngerzos[goxdrijzdghnb;zdriozdjo‘gerwerwerwet5erioustgnfodsegkjerogtkjerogtkjerogtkmeorkegmrkhmgethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);(if adrA adrB then rf[adrA] a; mem[adr1]val); then zval+rf[adrR] else zx+rf[adrR]);mem[adr1]val);geroigtjer[ognifd;lindzgher[tjiserearjiopgb;zjndfl/gmnio;dlzkhrje;oyhinser[ohinmstophtrfshsrtyoeaijyeoritisoert

x a;if opcode(m) = 101

then r b x;else r b x;

(x a, y b);z opcode(m);if z = 101then r x y;else r (x y);

(if 78rf[adrB] b, x mem[adr2]);twert ( mem[adr2]); (if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]); mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 (if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR werwerweroewihgoerijhgbe mem[adr2]);twersfawetwerwerweroewihgoerijhgbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 78then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 (if adr1=adr2 78 mem[adr1]vawerwesrwaerwearwerwerwerawerawerwarwearl);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);werwerweoiruwepoir,pweiurcmpouopeiwurwrwerwerweirwerwereri we ewroiw weioruwerijw

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[wwerwerwerwaerwdr2]);wrwerwerl);erwrwerwerwerwerwet5erioustgnfodsegkjerogtkjerogtkjerogtkmeorkegmrkhmgethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);(if adrA adrB then rf[adrA] a; mem[adr1]val); then zval+rf[adrR] else zx+rf[adrR]);mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR ( mem[adr2]);twerweroewihg(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778ewrwerawer ewvtroiejwcro[iwehjnr[occwn3r[oweictweticwopjertijeroginhreisgvbsdrpgvjnsdprigjzseriogjerogh;serozighzr;‘ongvosrzegmnseirogregoerijngerzos[goxdrijzdghnb;zdriozdjo‘gergeroigtjer[ognifd;lindzgher[tjisereartoearjiopgb;zjndfl/gmnio;dlzkhrje;oyhinser[ohinmstophtrfshsrtyoeaijyeoritisoert

tijeroginhreisgvbsdrpgvjnsdprigjzseriogjerogh;serozighzr;‘ongvosrzegmnseirogregoerijngerzos[goxdrijzdghnb;zdriozdjo‘gergeroigtjer[ognifd;lindzgher[tjisereartoearjiopgb;zjndfl/gmnio;dlzkhrje;oyhinser[ohinmstophtrfshsrtyoeaijyeoritisoert

(if 78r adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR werwerweroewihgoerijhgbe mem[adr2]);twersfawetwerwerweroewihgoerijhgbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 f[adrB] b, x mem[adr2]);twert ( mem[adr2]); (if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]); mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 (if i68i 778 then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 78then zval+rf[adrR]7 878 i78 i87 i else zx+rf[adrR]);7i 7878 (if adr1=adr2adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR werwerweroewihgoerijhgbe mem[adr2]);twersfawetwerwerweroewihgoerijhgbe(if adrA adrBertetioerptkerotk8iperot then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[wwerwerwerwaerwdr2]);wrwerwerl);erwrwerwerwerwerwet5erioustgnfodsegkjerogtkjerogtkjerogtkmeorkegmrkhmgethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);(if adrA adrB then rf[adrA] a; mem[adr1]val); then zval+rf[adrR] else zx+rf[adrR]);mem[adr1]val);(if adr1=adr2etyer54 78768 7776 8676 i68i 778 then zval+rf[adrR ( mem[adr2]);twerweroewihg[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);werwerweoiruwepoir,pweiurcmpouopeiwurwrwerwerweirwerwereri we ewroiw weioruwerijw

oewriefwerwerwethen rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);x mem[adr2]);l);then rf[adrA] a;erteroterj[o ermjgi7ethbe mem[adr2]);twertwerwerweroewihgoerijhgbe(if 78 mem[adr1]val);(if adrA adrBertetioerptkerotk8iperot

x a;if opcode(m) = 101

then r b x;else r b x;

en_a en_rf

r r+1;if m = 0

then r r+1;else r 000;

&r[1]&r[0]&

Verification Scope

automatic

interpreted

sequential

Verification

no significant user interaction

no insight into the verification process

automatic

Verification Scope

automatic

interpreted

sequential

Verification

demonstrating the verification goal requires an interpretation of functions

not necessary for some problems where specialized approaches perform better

Verification Scope

automatic

interpreted

sequential

Verification

not only logic verification

several control steps/cycles to demonstrate verification goal

different numbers of steps in specification and

implementation

Outline introduction

essentials of our symbolicsimulation approach

example of gate-level verification

experimental results

application areas & conclusion

techniques denoted “symbolic simulation“ or “symbolic evaluation” developed since the 1970s

the following four essentials distinguish our symbolic

simulation approach permit sequential verification at

different levels of abstraction

Essentials

terms are never manipulated, e.g., by canonizing or rewriting them

1. Essential

ab ab=

a(bc) baSuppose

terms are never manipulated, e.g., by canonizing or rewriting them

1. Essential

relationships are notified atequivalence classes instead

a(bc) ba

a(bc) b

ac+e+x[6:15]+y;

2. Essential

ac+e+x[6:15]+y+ac+e+x[6:15]+y;

Problem: term-size explosion possible if rewriting register with expression assigned to it

ac ac+e;bc x[6:15]+y;if ir=000111 then ac ac + bc ; res ac + ac ; else ...

2. Essential

ac1 ac+e;bc1 x[6:15]+y;if ir=000111 then ac2 ac1 + bc1; res1 ac2 + ac2; else ...

Solution: several register assignments along a valid path are explicitly

distinguished

2. Essential

ac1 ac+e

ac1 ac+e;bc1 x[6:15]+y;if ir=000111 then ac2 ac1 + bc1; res1 ac2 + ac2; else ...

ac2 ac1+bc1

Solution: several register assignments along a valid path are explicitly

distinguished

the verfication problem is not reduced to a single formula which is checked afterwards

3. Essential

VerificationProblem

Formulachecker

if z=101 then a¬bd elsif a¬bd then if(a+b)<(c+e)... .....

TRUE or FALSE

3) a b

the verfication problem is not reduced to a single formula which is checked afterwards

simulation is guided along valid, i.e., logical consistent paths instead

3. Essential

...if a = b

then c y+5;else c a;

if a = cthen res ...;else res ...;

3 valid paths

1) a = b =c2) a = b c

equivalence of subterms is sufficient in most cases to reveal equivalences of terms

4. Essential

aa(bc) ba

a(bc) b

Challenges

equivalence detection of symbolic terms

consistent case splits during simulation must consider sequential behaviour avoid false paths

Equivalence detection flexible use of an open library of different

equivalence detection techniquesduring symbolic simulation “on the fly” good compromise between

accuracy and speed not focus of this talk

decision diagram based techniques reveal “special” equivalences which occur seldom or are hard to detect

“Make the common case fast”

r r+1;if m = 0

&r[1]&r[0]&

r r+1;if m = 0then r r +1;else r 000;

r1 r+1;if m1 = 0then r2 r1+1;else r2 000;

r1 r+1

r2 r1+1s ss

duplicate according to number of

cycles (here: 2 cycles)

Gate-level design

describes only

one cycle...

&r[1]&r[0]&

Break feed-back of registers...

&r[1]&r[0]&

Register-outputs of previous cycle are inputs of next cycle

ctrlctrl ctrl

&r[1]&r[0]&

cycle 1 cycle 2initial

symbolicvalues

finalsymbolic

values

ctrlctrl ctrl

Assumption about initialization of ctrl-register

&r[1]&r[0]&

ctrlm1

&r[1]&r[0]&

ctrl ctrlctrl

&r[1]&r[0]&

ctrlm1

&r[1]&r[0]&

ctrl ctrlclk

ctrl ctrl

Assumption about initialization of ctrl-register

Indexing the different register values

&r[1]&r[0]&

ctrlm1

&r[1]&r[0]&

ctrl ctrl

&r2[1]&r2[0]&

ctrlm1

&r1[1]&r1[0]&

ctrl2 ctrl3

ctrl ctrl1

Indexing the different register values

1 ctrl1 nand m

&r2[1]&r2[0]&

ctrlm1

ctrl2 ctrl3

0 ctrl1

ctrl10

(not r[0])r1[0]

(ctrl1 nand m) and (not r[0])

&r2[1]&r2[0]&

ctrlm1

ctrl2 ctrl3

0 ctrl1

(r[1] xor r[0])r1[1]

(ctrl1 nand m) and (r[1] xor r[0])

&r2[1]&r2[0]&

ctrlm1

ctrl2 ctrl3

ctrl ctrl1

&r2[1]&r2[0]&

ctrlm1

&r1[1]&r1[0]&

ctrl2 ctrl3

ctrl ctrl1

r1 r+1

r2 r1+1s ss

r1 r+1s

&r2[1]&r2[0]&

ctrlm1

&r1[1]&r1[0]&

ctrl2 ctrl3

ctrl ctrl1

Decision Diagram basedTechniques

reveal “special” equivalences which occur seldom or are hard to detect

build formula for equivalence use results of other equivalence detection

techniques “on the fly” information notified at equivalence classes

check formula by vectors of OBDDs

Formula checkedin this example

r+1r1[2]

&r1[1]&r1[0]&

Formula checkedin this example

&a[2]a[1]

?r1 r+1s

&r2[1]&r2[0]&

ctrlm1

&r1[1]&r1[0]&

ctrl2 ctrl3

ctrl ctrl1

ctrlm1

&r1[1]&r1[0]&

ctrl2 ctrl3

0 ctrl10

ctrlm1

&r1[1]&

ctrl2 ctrl3

ctrl ctrl1

r1 r+1

r2 r1+1s ss

r2 r1+1s s

r2[2]&r2[1]&r2[0]

ctrlm1

&r1[1]&r1[0]&

ctrl2 ctrl3

ctrl ctrl1

&r2[1]&r2[0]&

ctrlm1

&r1[1]&r1[0]&

ctrl2 ctrl3

ctrl ctrl1

(r+1)+1

&r2[1]&r2[0]&

ctrlm1

&r1[1]&r1[0]&

ctrl2 ctrl3

ctrl ctrl1

the equivalent termsare used as “cutpoints”

&r2[1]&r2[0]&

ctrlm1

ctrl2 ctrl3

the equivalent termsare used as “cutpoints”

use again information of equivalence classes to obtain simpler formula

&a[2]a[1]

Reuse hashed result no need to build OBDDs again

?r2 r1+1s s

r2[2]&r2[1]&r2[0]

ctrlm1

&r1[1]&r1[0]&

ctrl2 ctrl3

ctrl ctrl1

r1 r+1 m1 1

Other case ...

ctrlm1

&r1[1]&r1[0]&

ctrl2 ctrl3

0 ctrl10

clkr2[2]

&r[1]&r[0]&

datapath-operations are performed on separate blocks from standard libraries

no decision diagrams required for symbolic simulation

datapath-operations are performed on separate blocks from standard libraries

use high-leveloperation “inc”

r r+1;if m = 0

&r[1]&r[0]&

cycle equivalent

&r[1]&r[0]&

if m = 0then r r+2;else r 000;

NOTcycle equivalent

Experimental Results

Verificationcheck number spec impl time

(1) RWA (one cycle) 1 1 -(2) RWA (one instruction) 3 3 -(3) MPA (with cycle-equiv.) 1 1 13(4) MPA (w/o cycle-equiv.) 92

cyclesdd-checks

1.7 s5.5 s74 s

786 s 8 10

Synthesis tool: Synopsys® Design Compiler™

Application Area equivalence checking at different

levels of abstraction behavioral rtl structural rtl gate-level FMCAD’00, ASIAN’99, CHARME’99 et al

first application to property verification register binding verification C. Blank, Wave’2000

Limitations

verification of finite sequences the maximum number of loop iterations

has to be known verification problem can be reduced for

many cyclic designs with infinite loops to

check of acyclic sequences

examples used in experiments still notnearly so complex as commercial designs

Conclusion sequential verification of examples at

different levels of abstraction

flexible use of an open library of different equivalence detection techniques good compromise between

accuracy and speed

good debugging support

joint work withTIMA laboratory, Grenoble

darmstadt university of technology- 1 - sequential verification by symbolic simulation darmstadt...

z x rfadrr memadr1 val

z val rfadrr7

z x rfadrr7i

x memadr2twert memadr2

r adr1

rwe reri

i78 i87

rfadrb b

Documents

project homepage: experts: technische universität...

atomization and sprays - fmp technology course on...

darmstadt university of technology research group on work,...

high speed machines hitachi 2012 - ew.tu-darmstadt.de ·...

strategic brand identity and symbolic design cues brand...

biomanufacturing technology roadmap - …€¦ · executive...

darmstadt university of technology

großkrotzenburg obertshausen bayern · 2018. 4. 28. ·...

segmented symbolic analysis wei le rochester institute of...

dr. tsuyoshi takagi darmstadt university of technology

helmut oeschler darmstadt university of technology

gsi darmstadt

symbolic systems technology - csl.sri.com · symbolic...

professor dr. norbert pietralla tu darmstadt nuclear...

technische universit at darmstadt - … · yintel...

regierungspräsidium darmstadt hessen · 2020. 3. 18. ·...

metaphors result in technology (?) kees doevendans...

manz cigs technology gmbh manz ag - … · manz ag die...

from symbolic violence to symbolic reparation

barcelona, may 13, 2003 asset management development of new...