1,752 research outputs found
Symbolic QED Pre-silicon Verification for Automotive Microcontroller Cores: Industrial Case Study
We present an industrial case study that demonstrates the practicality and
effectiveness of Symbolic Quick Error Detection (Symbolic QED) in detecting
logic design flaws (logic bugs) during pre-silicon verification. Our study
focuses on several microcontroller core designs (~1,800 flip-flops, ~70,000
logic gates) that have been extensively verified using an industrial
verification flow and used for various commercial automotive products. The
results of our study are as follows: 1. Symbolic QED detected all logic bugs in
the designs that were detected by the industrial verification flow (which
includes various flavors of simulation-based verification and formal
verification). 2. Symbolic QED detected additional logic bugs that were not
recorded as detected by the industrial verification flow. (These additional
bugs were also perhaps detected by the industrial verification flow.) 3.
Symbolic QED enables significant design productivity improvements: (a) 8X
improved (i.e., reduced) verification effort for a new design (8 person-weeks
for Symbolic QED vs. 17 person-months using the industrial verification flow).
(b) 60X improved verification effort for subsequent designs (2 person-days for
Symbolic QED vs. 4-7 person-months using the industrial verification flow). (c)
Quick bug detection (runtime of 20 seconds or less), together with short
counterexamples (10 or fewer instructions) for quick debug, using Symbolic QED
Rich Counter-Examples for Temporal-Epistemic Logic Model Checking
Model checking verifies that a model of a system satisfies a given property,
and otherwise produces a counter-example explaining the violation. The verified
properties are formally expressed in temporal logics. Some temporal logics,
such as CTL, are branching: they allow to express facts about the whole
computation tree of the model, rather than on each single linear computation.
This branching aspect is even more critical when dealing with multi-modal
logics, i.e. logics expressing facts about systems with several transition
relations. A prominent example is CTLK, a logic that reasons about temporal and
epistemic properties of multi-agent systems. In general, model checkers produce
linear counter-examples for failed properties, composed of a single computation
path of the model. But some branching properties are only poorly and partially
explained by a linear counter-example.
This paper proposes richer counter-example structures called tree-like
annotated counter-examples (TLACEs), for properties in Action-Restricted CTL
(ARCTL), an extension of CTL quantifying paths restricted in terms of actions
labeling transitions of the model. These counter-examples have a branching
structure that supports more complete description of property violations.
Elements of these counter-examples are annotated with parts of the property to
give a better understanding of their structure. Visualization and browsing of
these richer counter-examples become a critical issue, as the number of
branches and states can grow exponentially for deeply-nested properties.
This paper formally defines the structure of TLACEs, characterizes adequate
counter-examples w.r.t. models and failed properties, and gives a generation
algorithm for ARCTL properties. It also illustrates the approach with examples
in CTLK, using a reduction of CTLK to ARCTL. The proposed approach has been
implemented, first by extending the NuSMV model checker to generate and export
branching counter-examples, secondly by providing an interactive graphical
interface to visualize and browse them.Comment: In Proceedings IWIGP 2012, arXiv:1202.422
Comparing BDD and SAT based techniques for model checking Chaum's Dining Cryptographers Protocol
We analyse different versions of the Dining Cryptographers protocol by means of automatic verification via model checking. Specifically we model the protocol in terms of a network of communicating automata and verify that the protocol meets the anonymity requirements specified. Two different model checking techniques (ordered binary decision diagrams and SAT-based bounded model checking) are evaluated and compared to verify the protocols
Bounded LTL Model Checking with Stable Models
In this paper bounded model checking of asynchronous concurrent systems is
introduced as a promising application area for answer set programming. As the
model of asynchronous systems a generalisation of communicating automata,
1-safe Petri nets, are used. It is shown how a 1-safe Petri net and a
requirement on the behaviour of the net can be translated into a logic program
such that the bounded model checking problem for the net can be solved by
computing stable models of the corresponding program. The use of the stable
model semantics leads to compact encodings of bounded reachability and deadlock
detection tasks as well as the more general problem of bounded model checking
of linear temporal logic. Correctness proofs of the devised translations are
given, and some experimental results using the translation and the Smodels
system are presented.Comment: 32 pages, to appear in Theory and Practice of Logic Programmin
- …