# caltech cs137 spring2002 -- dehon cs137: electronic design automation day 9: may 6, 2002 fsm...

Post on 03-Jan-2016

212 views

Embed Size (px)

TRANSCRIPT

CS137:Electronic Design AutomationDay 9: May 6, 2002FSM Equivalence Checking

TodaySequential VerificationDFA equivalenceIssuesExtracting STGValid state reductionIncomplete SpecificationSolutionsState PODEMState/path exploration

FYIPODEMPath Oriented Decision Making

Cornerstone ResultGiven two DFAs, can test their equivalence in finite timeN.B.:Can visit all states in a DFA with finite input stringsNo longer than number of statesAny string longer must have visited some state more than once (by pigeon-hole principle)Cannot distinguish any prefix longer than number of states from some shorter prefix which eliminates cycle

EquivalenceGiven same sequence of inputsReturns same sequence of outputs

Observation means can reason about finite sequence prefixes and extend to infinite sequences which DFAs (FSMs) are defined over

EquivalenceBrute Force:Generate all strings of length |state| (for smaller DFA)Feed to both DFAsObserve any differences?|Alphabet|states

SmarterCreate composite DFAXOR together acceptance of two DFAs in each composite stateAsk if the new machine accepts anythingAnything it accepts is a proof of non-equivalenceAccepts nothing equivalent

Composite DFAAssume know start state for each DFAEach state in composite is labeled by the pair {S1i, S2j}At most product of statesStart in {S10, S20} For each symbol a, create a new edge:T(a,{S10, S20}) {S1i, S2j} If T1(a, S10) S1i, and T2(a, S20) S2jRepeat for each composite state reached

Composite DFAAt most |alphabet|*|State1|*|State2| edges == workCan group together original edgesi.e. in each state compute intersections of outgoing edgesReally at most |E1|*|E2|

AcceptanceState {S1i, S2j} is an accepting state iffState S1i accepts and S2j does not acceptState S1i does not accept and S2j acceptsIf S1i and S2j have the same acceptance for all composite states, it is impossible to distinguish the machines They are equivalentA state with differing acceptance Implies a string which is accepted by one machine but not the other

Empty LanguageNow that we have a composite state machine, with this acceptanceQuestion: does this composite state machine accept anything? Is there a reachable state which accepts the input?

Answering Empty LanguageStart at composite start state {S10, S20} Search for path to an Accepting stateUse any search (BFS, DFS)End when find accepting stateNot equivalentOR when have explored entire reachable graph w/out findingAre equivalent

Reachability SearchWorst: explore all edges at most onceO(|E|)=O(|E1|*|E2|)Actually, should be able to find during composite constructionIf only follow edges, fill-in as search

Examples3s40s0s1s2011011010= accept state

Issues to AddressGet State-Transition Graph from RTL, LogicIncompletely specified FSM?Know valid (possible) states?Know start State for Logic?Computing the composite FSM may be large

Getting STG Verilog/VHDLGather up logic to wait statementMake one stateSplit states (add edges) on if/else, selectBackedges with while/forBranching edges on loop conditionsStart state is first state at beginning of code.

Getting STG from LogicBrute ForceFor each stateFor each input mintermSimulate/compute outputAdd edgesCompute set of states will transition toSmarterUse modified PODEM to justify outputs and next stateExploit cube grouping, search pruning

PODEM state extractionSearch for all reachable statesDont stop once find one outputKeep enumerating and generating possible outputs

Incomplete State SpecificationAdd edge for unspecified transition to Single, new, terminal stateReachability of this state may indicate problemActually, if both transition to this new state for same casesMight say are equivalentJust need to distinguish one machine in this state and other not

Valid StatesPODEM justification finds set of possibly reachable statesComposite state construction and reachability further show whats reachableSo, end up finding set of valid statesNot all possible states from state bits

Start State for LogicStart states should output same thing between two FSMsStart search with state set {S10, S2i} for all S2i with same output as S10Use these for acceptance (contradiction) reachability search

Memory?Concern for size of search spaceProduct set of statesNodes in search space

CombineGenerationReachabilityState justification/enumeration

Composite AlgorithmPathEnumerate(st, path, ValStates)ValStates+=stWhile !(st.enumerated)Edge=EnumerateStateFanout(st) // PODEMSimulate Edge on M2Equivalent result? If not return(FAIL)If (Edge.FaninState(M1),Edge.FaninState(M2) in Path.Spairs)Return(PATH_OK) ;; already visisted/expanded that stateElseValStates+=Edge.FaninState(M1)Path=Path+Edge; Update Path.SpairsPathEnuemrate(Edge.FaninState(M1),Path,ValStates)

Start Composite AlgorithmPathEnumerate(Start(M1),empty,empty)

Succeed if complete path search and not failNot encounter contradiction

Big IdeasEquivalenceSame observable behaviorInternal implementation irrelevant Number/organization of states, encoding of state bitsExploit structureFinite DFA necessity of reconvergent pathsPruning Search group together cubesLimit to valid/reachable statesProving invariants vs. empirical verification