- About this Journal ·
- Abstracting and Indexing ·
- Aims and Scope ·
- Annual Issues ·
- Article Processing Charges ·
- Author Guidelines ·
- Bibliographic Information ·
- Citations to this Journal ·
- Contact Information ·
- Editorial Board ·
- Editorial Workflow ·
- Free eTOC Alerts ·
- Publication Ethics ·
- Recently Accepted Articles ·
- Reviewers Acknowledgment ·
- Submit a Manuscript ·
- Subscription Information ·
- Table of Contents
Journal of Applied Mathematics
Volume 2013 (2013), Article ID 272781, 10 pages
Algebraic Verification Method for SEREs Properties via Groebner Bases Approaches
1School of Computer and Information Technology, Beijing Jiaotong University, Beijing 10044, China
2School of Electronic and Information Engineering, Lanzhou Jiaotong University, Lanzhou 730070, China
3Guangxi Key Laboratory of Hybrid Computation and IC Design Analysis, Guangxi University for Nationalities, Nanning 530006, China
4School of Software of Dalian University of Technology, Dalian 116620, China
Received 8 February 2013; Accepted 22 March 2013
Academic Editor: Xiaoyu Song
Copyright © 2013 Ning Zhou et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
This work presents an efficient solution using computer algebra system to perform linear temporal properties verification for synchronous digital systems. The method is essentially based on both Groebner bases approaches and symbolic simulation. A mechanism for constructing canonical polynomial set based symbolic representations for both circuit descriptions and assertions is studied. We then present a complete checking algorithm framework based on these algebraic representations by using Groebner bases. The computational experience result in this work shows that the algebraic approach is a quite competitive checking method and will be a useful supplement to the existent verification methods based on simulation.
With the complexity of circuits increases, it becomes an important issue to find efficient ways to express and verify design properties. Actually, verification is a very difficult and computationally intensive task. Although great advances have been made over the past decades, all these verification methods suffer from this problem in some way.
Currently, assertion based verification (ABV) has emerged as a promising solution for this problem. In particularly, an assertion specifying language named Property Specification Language (PSL) [1–3] has now become an IEEE standard and accepted by a wide variety of companies. PSL has totally changed the way how designers specify and verify functional requirements and properties of digital systems. Moreover, PSL based ABV has recently been supported by most EDA companies in their tools for both formal and runtime verification.
So far, there have been many efforts in assertion checking solvers including model checking, theorem proving (e.g., HOL ), and runtime verification. In , an efficient approach to model check safety properties expressed in PSL property has been studied. While in , a temporal tester was introduced as a compositional basis for the construction of automata corresponding to temporal formulas in the PSL logic for PSL assertion run-time checking.
As well known, the conventional simulation for assertion checking is a well-understood and the most commonly used technique, but only feasible for very small scale systems and cannot provide exhaustive checking, while symbolic simulation proposed by Darringer  as early as 1979 can provide exhaustive checking by covering many conditions with a single simulation sequence but could not handle large circuits due to exponential symbolic expressions.
In our work, to address this functional verification challenge, we propose an alternative implementation mechanism based on algebra symbolic computation combining with symbolic simulation for PSL assertion checking.
Earlier work in applications of symbolic manipulation and algebra computation has gained significant extensions and improvements. In , a technique framework on Groebner bases was demonstrated that computer algebra geometry method can be used to perform symbolic model checking by using an encoding of boolean sets as the common zeros of sets of polynomials. In , a similar technique framework based Wu's Method has been further extended to bit level symbolic model checking. In , an improved framework for multi-valued model checking via Groebner bases approached was proposed, which is based on a canonical polynomial representation of the multivalued logics.
All these existing articles just mainly focus on model checking via algebraic symbolic computation approaches. In our research, instead of static analysis or model checking, we extend this algebraic approach to the area of simulation-based runtime verification methods over polynomial representation models and towards PSL assertions checking.
Our aim is to verify a given temporal property holds or not on the traces produced after several cycles running over a given sequential circuit model.
The idea is that, for any pure combinational circuit model, we can derive its data-flow-based polynomial representation named PM. Meanwhile, for any sequential circuit model and a given running cycle number , we can also derive its equivalent polynomial representation by unrolling this sequential circuit times and translating it into a pure combinational model. In a similar way, we can get polynomial set representation for any temporal assertion.
By suitable restrictions of Boolean and SERE temporal layer of PSL and redefining a hierarchy of PSL assertions, we can guarantee the availability of above polynomial set model. Based on these polynomial set models, symbolic simulation can be performed to produce symbolic traces and temporal relationship constraints of signal variables as well. We then apply symbolic algebra approach to check the zeros set inclusion relationship between their polynomials and and determine whether the temporal assertion holds or not under current running cycle .
In this section, we will give some preliminary knowledge throughout this paper.
2.1. Cycle-Based Symbolic Simulation
We will firstly sketch the underlying system model for simulation used in our work.
The system model we used is a cycle-based symbolic simulation model that is performed on a cycle-by-cycle basis for synchronous digital systems.
Here, the term cycle is defined as one iteration of the evaluation process, during which the state of the design is recomputed and may change. In other words, a cycle is the smallest granularity of time.
Intuitively, cycle-based symbolic simulation is a hybrid approach in the sense that the values that are propagated through the network can be both symbolic expressions or constant Boolean values. It assumes that there exists one unified clock signal in the circuit and all inputs of the systems remain unchanged while evaluating their values in each simulation cycle. The results of simulation report only the final values of the output signals or states in the current simulation cycle.
By convention, we give the model structure definition for symbolic simulation as follows.
Definition 1 (simulation model). The symbolic Simulation Model for synchronous digital system is a tuple , where (i) is a finite set of input assignment including numeric value and symbolic value, Boolean or integer;(ii) is a finite set of primary input variables;(iii) is a finite set of primary output variables;(iv) is a finite set of intermediate variables;(v) is the sequential depth of the network or running cycles;(vi) is a finite output function regarding input or intermediate variables, and note that each is defined on .
Given sequential depth of the network, a synchronous sequential logic network can be transformed into a pure combinational function of delayed input variables with delay less than or equal to , that is,
The behavior of a circuit is defined by its excitation function that serves a role similar to the transition relation or next-state functions of temporal logic model checkers.
The simulation process can be described as follows.
Firstly, cycle-based symbolic simulation is initialized by setting the state of the circuit to the initial vector (). Each of the primary input signals will be assigned a distinct symbolic variable or a symbolic constant. Then, at the end of a simulation step, the expressions representing the next-state functions generally undergo a parametric transformation based optimization. After parameterization, the newly generated functions are used as present state for the next state of simulation.
In this paper, simulation based verification is to check whether the given assertion is satisfied or not after running a few cycles.
2.2. PSL Preliminary
PSL is a hierarchical language and its syntax is very declarative and structural. Generally, PSL contains four layers: Boolean, temporal, verification, and modeling layers.
(i) Modeling Layer. Modeling layer is needed to define the verification environment specially for formal verification tools. This layer is used to model behavior of design inputs and to model auxiliary parts of the design that are needed for verification.
(ii) Verification Layer. Verification layer is more related to the description of verification tools where notions like assume and guarantee are present. This layer is used to tell the verification tool what to do with the properties described by the temporal layer.
(iii) Temporal Layer. Temporal layer is the essence of PSL where complex temporal relations between signals can be expressed. This layer can describe properties that involve complex temporal relations which are evaluated over a series of evaluation cycles.
(iv) Boolean Layer. Boolean layer is used to build expressions for the other layers, specifically the temporal layer. Boolean expressions are evaluated in a single evaluation cycle.
PSL allows the engineer to define assertions describing the system's behavior once and reuse them between different forms of formal, semiformal, or functional verification. With PSL, it is possible to perform assertion based runtime verifications of the design while simulation properties are checked.
The Boolean layer comprises all Boolean expressions including signal names as well as HDL expressions and PSL expressions (especially all built-in function calls like, e.g., and and the logical implication and other operators).
The Boolean layer forms an underlying basis for the whole assertion architecture. In this paper, we will limit our discussion only to a special subset of the Boolean layer for our purpose. We then further build a restricted simple subset of SERE layer for temporal property specification and verification over this constrained Boolean layer.
3. System Polynomial Representation Model
In this section, we will discuss polynomial modeling for combinational and sequential circuits. Previous work  has shown that any combinational circuit can be uniquely represented by a minimum order polynomial. Here, we give an alternative data-flow based polynomial set representation model for our assertions checking purpose whose zero set can make such a data-flow model work well.
3.1. Arithmetic and Logic Unit Modeling
In this paper, we only focus on arithmetic unit for calculating fixed-point operations. For any arithmetic unit, integer arithmetic operations (addition, subtraction, multiplication, and division) can be constructed by the following polynomials:(1),(2),(3),(4).
The basic logic operations  like “AND,” “OR,” and “NOT” can be modeled by the following forms:
Furthermore, we can extend the above rule to other logic operators. For example, (or ) .
For all bit level variable , a limitation should be added.
3.2. Branch and Sequential Unit Modeling
Basically, multiway branch is an important control structure in digital system. It provides a set of condition bits, , a set of target identifiers, , and a mapping from condition bit values to target identifiers. This mapping takes the form of a condition tree. For any binary signal , its value should be limited to by adding ,
Each flip-flop (FF) in the circuit can be modeled as a multiplexer, as illustrated in Figure 1. We have the following proposition to state this model.
Proposition 2. For a FF model ( is the next state), with an enable signal , its equivalent combinational formal is , whose polynomial algebraic model can be described as
Proof. Let be the current state and let denote the next state of the flip-flop. When the clock value is 0, has the same value as so that the FF maintains its present state; when the clock value is 1, takes a new value from the input (where denotes the new value next state of the FF). Therefore, we have the 2-value multiway branch model and its polynomial set representation for FF.
Proposition 3. Let be a FF model ( is the next state), without enable signal; then its equivalent combinational formal polynomial algebraic model can be described as .
3.3. Sequential Unrolling
Generally, for a sequential circuit, one time frame of a sequential circuit is viewed as a combinational circuit in which each flip-flop will be converted into two corresponding signals: a pseudo primary input (PPI) and a pseudo primary output (PPO).
Symbolical simulation of a sequential circuit for cycles can be regarded as unrolling the circuit times. The unrolled circuit is still a pure combinational circuit, and the th copy of the circuit represents the circuit at cycle . Thus, the unrolled circuit contains all the symbolic results from the cycles.
To illustrate the sequential modeling for a given cycle number clearly, we define an indexed polynomial set representation for the th cycle.
For example, is defined as follows. , where denotes signal variable name while denotes variable state in th simulation cycle. If the given running cycle is , then we have the system representation: .
Let denote the input signals for the lth clock, let denote the intermediate signals, and let denote the output signals. We then have the following time frame expansion model for the sequential circuit: where denotes the th time frame model.
Time frame expansion is achieved by connecting the PPIs (e.g., from ) of the time frame to the corresponding PPOs from of the previous time frame.
3.4. Sequence Operator Modeling
In this paper, only a so-called simple subset of PSL will be considered, which subsumes the properties in which time advances monotonically, from left to right through the property: if an entity (a Boolean Expression or a SERE) needs to be evaluated at a given time, all other entities right of it do so far not need to be known. Many properties not in the simple subset can be rewritten by the simple subset. The most properties to be verified can be expressed within the bounds of the simple subset.
For SEREs, only the following features are supported by our modeling method:(1)standard Boolean expressions,(2)fixed length Kleene closure,(3)SERE concatenation,(4)SERE fusion,(5)SERE disjunction,(6)length-matching SERE conjunction.
By the constrained simple subset of PSL, the user can specify a safety property using only nonnegated weak operators. Intuitively, a safety property is used to ensure that “something bad does not happen” which is important in formal verification. Because safety properties are easier to verify, this approach is only able to deal with safety properties.(1)Next Operator It indicates that the property will hold if its operand holds at the next cycle. For example, states that if signal is asserted then will be asserted at next cycle: .(2)Semicolons Operator Semicolons operator, a semicolon(;), is used to join two SEREs (or two expressions, or a expression and a SERE) in such a way that the right-hand SERE starts the cycle after the left-hand SERE ends. For example, states that when signal is asserted then will be asserted at next cycle: , . (3)Fusion Operator The fusion operator, a colon (:), is used to join two SEREs (or two expressions, or a expression and a SERE) in such a way that there is a single cycle of overlap between them: the right-hand SERE just starts the same cycle that the left-hand SERE ends. For example, states that when signal is asserted then and will be asserted at next cycle: , .(4)Repeat Operator Repeat operators allow the user to build more sophisticated SEREs, using variations on the SERE repetition operators , , and so forth. Consecutive repetition operators provide a shortcut to typing the same sub-SERE a number of times. In this paper, we only consider fixed times repeat operator . For example, states that when signal is asserted times then will be asserted at next cycle. We then have .
4. Translation of SERE
In this section, we will mainly discuss the hierarchical modeling method of SERE. The temporal layer contains “Sequential Extended Regular Expressions” (SEREs) which allow describing the relation between Boolean layer expressions over time.
Firstly, we discuss the general algebraization process of SERE from a symbolic computation point of view.
4.1. Algebraization Process
The algebraization process of SERE properties can be demonstrated in Figure 2. The properties written in SERE will be unrolled and checked against the design for bounded time steps in our method. Note that only a constrained subset of SERE can be supported by our method (unspecified upper bound time range and first-match operator are excluded).
Firstly, we translate the properties described by the constrained subset of SERE into flat sequences according to the semantics of each supported operator.
Secondly, the unrolled flat sequences will be added temporal constraints to form proportional formulas with logical connectives (, , and ).
Finally, the resulted proportional formulas will be translated into equivalent polynomial set.
In summary, the verification problem is reduced to proving zero set inclusion relationship which can be resolved by Groebner bases approaches.
4.2. Boolean Layer Modeling
The PSL Boolean layer forms an underlying basis for the whole assertion architecture. In this paper, we limit our discussion only to the Boolean layer and a special constrained subset of it.
While the Boolean layer consists of Boolean expressions that hold or do not hold at a given cycle, the temporal layer provides a way to describe relationships between Boolean expressions over time.
In this paper, we distinguish between signal logic and Boolean proposition logic.
Therefore, we have the following two definitions.
Definition 4 (signal logic). In digital circuit systems, signal logic (, for short) is defined as follows:(i)if a signal is active-high (H, for short), then its signal value is defined as 1;(ii)if a signal is active-low (L, for short), then its signal value is defined as 0; (iii)if a signal is assigned a symbolic value, then its signal value is defined as .
Definition 5 (symbolic trajectory logic). The definition of trajectory evaluation logic (TEL) is extended as the following grammar:
where “is” is used to state the value of a Boolean or word-level node in the circuit. Defined recursively over , where is a Boolean expression over ; is a node or variable name; , , are TEL formulas; is the next-time operator.
For example, a symbolic trajectory assertion, assume , then [(in is ) N(true) N(out is )].
Let numeric subscript denote time frame number for each variable, then we have .
In this paper, all temporal operators in PSL SEREs specification will be modeled by next operator .
We will introduce a notion of symbolic constant to PSL inspired from GSTE .
Definition 6 (symbolic constant). A symbolic constant  is a rigid Boolean or integer variable that forever holds the same boolean value. The notion of symbolic constant is introduced in an assertion for two purposes:(1)to encode an arbitrary Boolean constraints among a set of circuit nodes in a parametric form; (2)to encode all possible scalar values for a set of nodes.
Consider and as an example. According to our definitions, and are signals belonging to signal logic, while both and themselves are of assertion logic.
Here, we provide a formal syntax definition for assertion proposition logic, namely, Assertion Boolean Logic.
If , , , and are of , then we have , , , , and are all of valid and can also be verified by using polynomial model.
Definition 7 (assertion Boolean logic layer syntax). If and , then is an atom Boolean formula; .
Built-in functions: , , , , , are of atom Boolean formulas.
If is an integer signal logic variable (denoted by ) and symbolic constant , then is also an atom Boolean formula; .
If and are atom Boolean formulas, then(1)[Standard Logic “AND”],(2)[Standard Logic “OR”],(3)[Standard Logic “NOT”],(4)[Standard Logic “Implication”] are Boolean formulas.
Assertion proposition logic () for PSL is defined as standard Boolean logic. A Boolean expression of is an expression that is evaluated in a single cycle and has the value or . Boolean connectives for are interpreted in the standard.
For example, assertion , given in the Verilog flavor of PSL, is a valid Boolean expression which means and are equal.
The state of a signal variable can be viewed as a zero of a set of polynomials. We have the following.(1)For any signal holds at a given time step ; thus, the state of ( is active-high at cycle ) can be represented by polynomial .(2)Alternatively, the state of ( is active-low at cycle ) can be represented by polynomial .(3)Symbolically, the state of ( is active-high at the th cycle) can be modeled as .
5. Algorithm Framework
In this section, we will describe how an assertion is checked using Groebner basis approach.
As we all know, in traditional numeric simulation , PSL assertion checking process can be described as follows. Firstly, the design file with PSL codes is compiled into local executable binary code via simulation tools (such as, QuestaSim or ModelSim). The designer then provides a testbench file to set input values, running cycles, and other parameters. Finally, the designer performs simulation by starting “run” command to produce traces for assertion checking.
5.1. Groebner Bases Preliminary
We begin by listing some general facts and establishing notations.
Let be an algebraically closed field, and let be the polynomial ring in variables with coefficient in , under addition and multiplication of polynomial.
Here, let be an ideal. As we all know, the following theorem holds.
Theorem 8 (Hilbert basis theorem). Every ideal has a finite generating set. That is, for some .
Then, by the Hilbert basis theorem, there exist finitely many polynomials such that . A polynomial defines a map via evaluation .
The set is called the variety associated with .
If and are the varieties defined by ideals and , then we have and , where . If and , then .
Any set of points in can be regarded as the variety of some ideal. Note that there will be more than one ideal defining a given variety. For example, the ideals and both define the variety . In order to perform verification, we need to be able to determine when two ideals represent the same set of points. That is to say, we need a canonical representation for any ideal. Groebner bases can be used for this purpose.
Definition 9 (Groebner basis). Fix a monomial order. A finite subset of an ideal is said to be a Groebner basis (or standard basis) if .
Equivalently, but more informally, a set is a Groebner basis of if and only if the leading term of any element of is divisible by one of the .
In work , Buchberger provided an algorithm for constructing a Groebner basis for a given ideal. This algorithm can also be used to determine whether a polynomial belongs to a given ideal.
A reduced Groebner basis is a Groebner basis where the leading coefficients of polynomials in are all 1, and no monomial of an element of lies in the ideal generated by the leading terms of other elements of , no monomial of is in .
The important result is that, for a fixed monomial ordering, any nonzero ideal has a unique reduced Groebner basis. The algorithm for finding a Groebner basis can easily be extended to output its reduced Groebner basis. Thus we will have a canonical symbolic representation for any ideal.
Theorem 10 (the elimination theorem). Let be an ideal and let be a Groebner basis of with respect to lex order where . Then, for every , the set is a Groebner basis of the lth elimination ideal .
Theorem 11. Let be a Groebner basis for an ideal and let . Then if and only if the remainder on division of by is zero, denoted by, .
The property given in Theorem 11 can also be taken as the definition of a Groebner basis. Then we will get an efficient algorithm for solving the ideal membership problem. Assumed that we know a Groebner basis for the ideal in question, we only need to compute a remainder with respect to to determine whether .
5.2. Verification Principle Based Theorem Proving
As just mentioned in previous section, our checking method is based on algebraic geometry theory. Algebraic geometry is the study of the geometric objects arising as the common zeros of collections of polynomials. Our aim is to find polynomials whose zeros correspond to system states in which the appropriate assignments are made.
In our method, we regard any set of points in as the variety of some ideal. We can use the ideal or any basis for the ideal as a way of encoding the set of states. The verification problem is then transformed into ideal membership problem that can be solved by computation algorithms.
Proposition 12. Let and be polynomial sets of , and is a Groebner basis for , then one has .
All supported SEREs properties can be classified into two categories.(1)Implication-typed: Properties of this type have an explicit antecedent that can be taken as an initial precondition. If the precondition is conflict with the system model, this property will be viewed as false. Otherwise, further checking process will be performed.(2)Sequence-typed: Properties of this type have no explicit antecedent, and therefore an initial condition should be provided by the testbench. If the precondition is in conflict with the system model, this sequence property will also be viewed as false. Otherwise, further checking process will be performed.
Theorem 13. Suppose that (If is an implication-typed property, then denotes the antecedent; otherwise, is a sequence-typed property, then is the precondition) and is a system model. Let and be the polynomial set representations for and , respectively, constructed by previous mentioned rules. Let , (where denotes the ideal generated by ), denotes the polynomial set representation for , , then one has .
Proof. By Hilbert’s Nullstellensatz theory and previously mentioned notions, it is easy to have the conclusion.
5.3. Checking Algorithm
For a practical assertion checking process, it needs to build complicated syntax analysis tree for a given assertion and call the basic checking functions to perform checking. For simplicity, we only provide the core decision algorithms and the basic process flow.
Firstly, the original circuit is sliced with respect to the given assertion . Polynomial representation for sliced circuit model, antecedent, and consequent will then be built, respectively. Finally, we calculate the hypothesis set and its Groebner bases to determine whether the assertion holds or not.
From the above discussion, we have the process steps and detailed algorithm description in Algorithm 1.
An important advantage of our algorithm is that it only requires a comparatively small amount of state variables to verify a given assertion due to slicing reduction.
From the above discussion, we have the process steps and detailed algorithm description in Algorithm 2.
Firstly, the original circuit is transformed into a normal polynomial representation and the assertion as well. Then, calculate Groebner bases using the Buchberger algorithm  and their elimination ideals. Finally, examine the relation between elimination ideals and determine whether the assertion holds or not.
6. A Case Study
In this section, we will study a case to show how PSL SERE properties are verified by polynomial representation and algebra computation.
6.1. Circuit and PSL Modeling
As an example, consider the 3-bit synchronous counter circuit in Figure 3, whose polynomial set can be constructed as follows. In this circuit, there exists a design bug that “AND” gate is replaced by “OR” gate incorrectly. Now, let us show how to check this error using our symbolic algebraic method: where denotes the next state of . For the th cycle, we use to denote variable name in current cycle.
To illustrate the problem clearly, we define polynomial set representation for th cycle as follows:
Therefore, we have .
For any boolean variable , we will impose an extra constraint: . Thus, we should define the corresponding constraints set as follows: for all bit-level variables in the th cycle.
In the same manner, we have .
The sequential properties of this counter circuit can be specified by the following assertions: , , , and the rest may be deduced by analogy.
Afterward, we will demonstrate the verification process step by step.
Firstly, we calculate the sequential depth and have , , and .
Secondly, to verify a given property hold or not, we have to build a system model with 8 cycles at most and check steps.
The circuit model to be verified is below:
The properties of this counter can be specified as the following PSL assertions listed in Table 1.
6.2. Assertion Checking Using Maple
We run this example by using Maple 13 software. Before running, we manually translated all models into polynomials. The experiment is performed on a Computer with a 2.40 GHz CPU (Intel i5 M450) and 512 MB of memory. It took about 0.04 seconds and 0.81 MB of memory to find this error when applying Groebner method: with(Groebner) /* Circuit Model */ , , , .
As shown in maple outputs, the given circuit has been modeled as polynomial set (its Groebner basis is denoted by ) and assertion representation as . From the running result, we have return value of is 0 which means be divided with no remainder by . Thus, from the previously mentioned verification principles, it is easy to conclude that the SERE assertion holds under this circuit model after 1 cycle. Other results are shown in Table 2.
From Table 2, when checking assertion, the result so that we can conclude the assertion does not hold and there must exist some error in the original circuit. This case is a fairly complete illustration of how our checking algorithm works.
In this paper, we presented a new method for constrained SERE temporal assertions checking by combining symbolic simulation with symbolic algebraic approaches. We modified the original PSL specification to adapt our verification requirements and rebuilt a new constrained class of boolean and temporal layer.
We first introduce a notion of symbolic constant for data path verification, which can gain great state coverage for simulation based verification. This method allows users to deal with more than one state and many input combinations at a time. This advantage comes directly from the fact that many vectors are simulated at once using symbolic value.
We then defined a constrained simple subset of SERE and proposed an practical algebraization method for each temporal operator. For sequential circuits verification, we introduce a parameterized polynomial set modeling method based on time frame expansion.
Our approach is based on polynomial models construction for both circuits and assertions. In other words, symbolic simulation is performed on data-flow model and its unrolled form in polynomial representation. Our method is to eventually translate a simulation based verification problem into a pure algebraic zero set determination problem by previously mentioned steps, which can be performed on any general symbolic algebraic tool. An experimental evaluation using maple has shown that the method is extremely efficient and useful.
Furthermore, we can summarize the advantages of our checking method as follows:(1)from the real case, we see that SERE properties verification can be achieved easier using symbolic algebraic than traditional method. Complex test bench or test vector is not essential for this approach;(2)this advantage comes directly from the fact that many vectors are simulated at once using symbolic value;(3)for assertion property verification, an efficient slicing reduction technique can be applied to gain performance improvement.
Basically, our method can be taken as a useful theoretical insight for verification methodology.
Finally, we plan to explore further tradeoffs and combine numeric computation with symbolic simulation for boosting performance, in particular, and to apply this method to more industrial case studies.
The project is supported by the National Natural Science Foundation of China under Grant no. 60973147, the Natural Science Foundation of Guangxi under Grant no. 2011GXNSFA018154, the Science and Technology Foundation of Guangxi under Grant no. 10169-1, Guangxi Scientific Research Project no. 201012MS274, and Grants (HCIC201102) of Guangxi Key Laboratory of Hybrid Computation and IC Design Analysis Open Fund. The authors would like to thank their colleagues for participating in the research. They also appreciate the anonymous reviewers for their helpful comments.
- “IEEE standard for property specification language (psl),” IEEE Std 1850-2005, 2005.
- C. Eisner and D. Fisman, A Practical Introduction to PSL, Integrated Circuits and Systems, Springer, New York, NY, USA, 2006.
- “IEEE standard for property specification language (psl),” IEEE Std 1850-2010, 2010, Revision of IEEE Std 1850-2005.
- T. Tuerk, K. Schneider, and M. Gordon., “Model checking PSL using HOL and SMV,” in Proceedings of the 2nd International Haifa Verification Conference on Hardware and Software, Verification and Testing (HVC ’06), E. Bin, A. Ziv, and S. Ur, Eds., pp. 1–15, Springer, Berlin, Germany, 2006.
- T. Launiainen, K. Heljanko, and T. Junttila, “Efficient model checking of PSL safety properties,” IET Computers & Digital Techniques, vol. 5, no. 6, pp. 479–492, 2011.
- A. Pnueli and A. Zaks, “PSL model checking and run-time verification via testers,” in Proceedings of the 14th international conference on Formal Methods (FM ’06), pp. 573–586, 2006.
- L. Darringer, “Application of program verification techniques to hardware verification,” in Proceedings of IEEE-ACM Design Automation Conference, pp. 375–381, 1979.
- G. S. Avrunin, “Symbolic model checking using algebraic geometry,” in Proceedings of the 8th International Conference on Computer Aided Verification (CAV '96), pp. 26–37, 1996.
- W. Mao and J. Wu, “Application of Wu's method to symbolic model checking,” in Proceedings of the International Symposium on Symbolic and Algebraic Computation (ISSAC '05), pp. 237–244, July 2005.
- J. Wu and L. Zhao, “Multi-valued model checking via groebner basis approach,” in Proceedings of the 1st Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering (TASE '07), pp. 35–44, June 2007.
- C. Eisner and D. Fisman, A Practical Introduction to PSL, Integrated Circuits and Systems, Springer, New York, NY, USA, 2006.
- J. Smith and G. De Micheli, “Polynomial methods for component matching and verification,” in Proceedings of IEEE/ACM International Conference on Computer-Aided Design (ICCAD '98), pp. 678–685, November 1998.
- Y. M. Ryabukhin, “Boolean ring,” in Encyclopaedia of Mathematics, M. Hazewinkel, Ed., Springer, 2001.
- C. J. H. Seger and R. E. Bryant, “Formal verification by symbolic evaluation of partially-ordered trajectories,” Formal Methods in System Design, vol. 6, no. 2, pp. 147–189, 1995.
- K. H. Chang, W. T. Tu, Y. J. Yeh, and S. Y. Kuo, “A simulation-based temporal assertion checker for psl,” in Proceedings of IEEE International Symposium on Micro-NanoMechatronics and Human Science, pp. 1528–1531, 2003.
- D. Cox and D. O'Shea, Ideals, Varieties, and Algorithms, Springer, New York, NY, USA, 1992.
- T. Becker and V. Weispfenning, Groebner Bases: A Computational Approach to Commutative Algebra, vol. 141, Springer, New York, NY, USA, 1993.
- B. Buchberger, “Groebner bases: an algorithmic method in polynomial ideal theory,” in Multidimensional Systems Theory, pp. 184–232, Reidel, 1985.
- D. Cox, J. Little, and D. O'Shea, Eds., Ideals, Varieties, and Algorithms: An Introduction to Computational Algebraic Geometry and Commutative Algebra, Undergraduate Texts in Mathematics, Springer, 3rd edition, 2007.