properties incompleteness evaluation by functional verification ieee transactions on computers, vol....
DESCRIPTION
Introduction 3 Simulation-based techniques Lack of exhaustiveness Formal verification Overcome the exhaustiveness problem Properties are derived from informal design specifications. Model checking: prove the presence of bugs, but not their absenceTRANSCRIPT
![Page 1: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/1.jpg)
1
Properties Incompleteness Evaluation by Functional Verification
IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007
![Page 2: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/2.jpg)
2
Outline Introduction Background Methodology
Generation of faulty implementations Estimation of golden model incompleteness Incremental property coverage computation
Experimental results Conclusion
![Page 3: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/3.jpg)
4
Verification Flow Based on Model Checking
![Page 4: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/4.jpg)
5
Vacuum Cleaning vs. Property Coverage Evaluation
Vacuum cleaning Property coverage evaluation
P = { p1 , p2 , … , pn }
pi pi
pn+1
![Page 5: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/5.jpg)
9
Background Kripke structure K = {S, S0 , R, L} FSM M = {I, O, S, s0 , R} Product machine MP = M1 XP M2 Retroactive network
Ιε
![Page 6: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/6.jpg)
10
Methodology Overview
![Page 7: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/7.jpg)
11
Why Properties will be incomplete?
Functional test plan
Design Verification
System specifications
Informal to formal
![Page 8: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/8.jpg)
12
Methodology Overview
![Page 9: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/9.jpg)
13
Static vs. Dynamic Static method
Formal verification Time-consuming Great effort in terms of memory resources Exhaustive verification response
Dynamic method ATPG & simulation
Lack of exhaustiveness Rapider than static method
![Page 10: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/10.jpg)
15
Generation of Faulty Implementations Fault model and fault coverage for ATPG Define functional fault model
RTL level Bit coverage
Bit failure: stuck-at 0 or stuck-at 1 Condition failure: stuck-at true or stuck-at false Single fault: A faulty implementation is generated for
each fault Has been proved to be related to design errors
![Page 11: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/11.jpg)
16
Detectable Faults
fi
0 1
0 0 0 011
Environment
![Page 12: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/12.jpg)
18
Generation of Faulty Implementations(cont.) A non-optimized algorithm
If fail then f is ε-detectable Time-consuming and very likely state explosion
In this work: an approximation of the real set of ε-detectable
![Page 13: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/13.jpg)
19
Methodology Overview
![Page 14: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/14.jpg)
20
p-detectable and P-detectable
fi
0 1
0 0 0 011
Environment
pi
SAT
pi
UNSAT
P = { p1, p2, … , pn }
![Page 15: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/15.jpg)
22
Property coverage
CP = 1 P is complete w.r.t. a specific fault model
Non-optimized algorithm
![Page 16: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/16.jpg)
24
Witnesses and Counterexamples Witnesses
Existentially quantified CTL property
Counterexamples Universally quantified CTL property
![Page 17: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/17.jpg)
25
Estimation of Golden Model Incompleteness(cont.) Witnesses and counterexamples
Tools can provide witnesses and counterexamples for CTL and LTL properties
Input witness and input counterexample
![Page 18: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/18.jpg)
26
Witness Coverage Property coverage can be estimated by using
input witnesses From formal verification to dynamic method Under some conditions, CP = Cw
![Page 19: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/19.jpg)
27
Proof of CP = Cw
Consider the safety and liveness properties separately Proof of theorem 5.6 (safety property):
fI
I I
, detable, is p-detectable for fail on
exist a finite counterexample (Def.5.1) holds on , is an input witness for (hypothesis)
Because is only temporal relations between
p P f f pp
ip i
p
PI and PO is a test sequence for (Def.4.1)i f
![Page 20: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/20.jpg)
28
Proof of CP = Cw (cont.) wp-detectable and WP -detectable
![Page 21: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/21.jpg)
29
Proof of CP = Cw (cont.)
( )det
detdet det
P
P
f Wf PW P
fI
I
( )det
, is p-detectableexist for on
w is witness for on (Theorem 5.6) is w-detectable
W-det
f Pp P f
w p
pff
![Page 22: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/22.jpg)
30
Incremental Property Coverage Computation
![Page 23: Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL 2007 1](https://reader036.vdocuments.site/reader036/viewer/2022081521/5a4d1ade7f8b9ab059975d5e/html5/thumbnails/23.jpg)
32
Experimental ResultsTest vector