caltech cs137 spring2002 -- dehon cs137: electronic design automation day 9: may 6, 2002 fsm...

Download CALTECH CS137 Spring2002 -- DeHon CS137: Electronic Design Automation Day 9: May 6, 2002 FSM Equivalence Checking

Post on 03-Jan-2016




0 download

Embed Size (px)


  • CS137:Electronic Design AutomationDay 9: May 6, 2002FSM Equivalence Checking

  • TodaySequential VerificationDFA equivalenceIssuesExtracting STGValid state reductionIncomplete SpecificationSolutionsState PODEMState/path exploration

  • FYIPODEMPath Oriented Decision Making

  • Cornerstone ResultGiven two DFAs, can test their equivalence in finite timeN.B.:Can visit all states in a DFA with finite input stringsNo longer than number of statesAny string longer must have visited some state more than once (by pigeon-hole principle)Cannot distinguish any prefix longer than number of states from some shorter prefix which eliminates cycle

  • EquivalenceGiven same sequence of inputsReturns same sequence of outputs

    Observation means can reason about finite sequence prefixes and extend to infinite sequences which DFAs (FSMs) are defined over

  • EquivalenceBrute Force:Generate all strings of length |state| (for smaller DFA)Feed to both DFAsObserve any differences?|Alphabet|states

  • SmarterCreate composite DFAXOR together acceptance of two DFAs in each composite stateAsk if the new machine accepts anythingAnything it accepts is a proof of non-equivalenceAccepts nothing equivalent

  • Composite DFAAssume know start state for each DFAEach state in composite is labeled by the pair {S1i, S2j}At most product of statesStart in {S10, S20} For each symbol a, create a new edge:T(a,{S10, S20}) {S1i, S2j} If T1(a, S10) S1i, and T2(a, S20) S2jRepeat for each composite state reached

  • Composite DFAAt most |alphabet|*|State1|*|State2| edges == workCan group together original edgesi.e. in each state compute intersections of outgoing edgesReally at most |E1|*|E2|

  • AcceptanceState {S1i, S2j} is an accepting state iffState S1i accepts and S2j does not acceptState S1i does not accept and S2j acceptsIf S1i and S2j have the same acceptance for all composite states, it is impossible to distinguish the machines They are equivalentA state with differing acceptance Implies a string which is accepted by one machine but not the other

  • Empty LanguageNow that we have a composite state machine, with this acceptanceQuestion: does this composite state machine accept anything? Is there a reachable state which accepts the input?

  • Answering Empty LanguageStart at composite start state {S10, S20} Search for path to an Accepting stateUse any search (BFS, DFS)End when find accepting stateNot equivalentOR when have explored entire reachable graph w/out findingAre equivalent

  • Reachability SearchWorst: explore all edges at most onceO(|E|)=O(|E1|*|E2|)Actually, should be able to find during composite constructionIf only follow edges, fill-in as search

  • Examples3s40s0s1s2011011010= accept state

  • Issues to AddressGet State-Transition Graph from RTL, LogicIncompletely specified FSM?Know valid (possible) states?Know start State for Logic?Computing the composite FSM may be large

  • Getting STG Verilog/VHDLGather up logic to wait statementMake one stateSplit states (add edges) on if/else, selectBackedges with while/forBranching edges on loop conditionsStart state is first state at beginning of code.

  • Getting STG from LogicBrute ForceFor each stateFor each input mintermSimulate/compute outputAdd edgesCompute set of states will transition toSmarterUse modified PODEM to justify outputs and next stateExploit cube grouping, search pruning

  • PODEM state extractionSearch for all reachable statesDont stop once find one outputKeep enumerating and generating possible outputs

  • Incomplete State SpecificationAdd edge for unspecified transition to Single, new, terminal stateReachability of this state may indicate problemActually, if both transition to this new state for same casesMight say are equivalentJust need to distinguish one machine in this state and other not

  • Valid StatesPODEM justification finds set of possibly reachable statesComposite state construction and reachability further show whats reachableSo, end up finding set of valid statesNot all possible states from state bits

  • Start State for LogicStart states should output same thing between two FSMsStart search with state set {S10, S2i} for all S2i with same output as S10Use these for acceptance (contradiction) reachability search

  • Memory?Concern for size of search spaceProduct set of statesNodes in search space

    CombineGenerationReachabilityState justification/enumeration

  • Composite AlgorithmPathEnumerate(st, path, ValStates)ValStates+=stWhile !(st.enumerated)Edge=EnumerateStateFanout(st) // PODEMSimulate Edge on M2Equivalent result? If not return(FAIL)If (Edge.FaninState(M1),Edge.FaninState(M2) in Path.Spairs)Return(PATH_OK) ;; already visisted/expanded that stateElseValStates+=Edge.FaninState(M1)Path=Path+Edge; Update Path.SpairsPathEnuemrate(Edge.FaninState(M1),Path,ValStates)

  • Start Composite AlgorithmPathEnumerate(Start(M1),empty,empty)

    Succeed if complete path search and not failNot encounter contradiction

  • Big IdeasEquivalenceSame observable behaviorInternal implementation irrelevant Number/organization of states, encoding of state bitsExploit structureFinite DFA necessity of reconvergent pathsPruning Search group together cubesLimit to valid/reachable statesProving invariants vs. empirical verification


View more >