Aug 27, 2004 - assurer l'opération correcte. ..... representing arithmetic functions, although many of the operations have ...... using the Unix time commando.
NOTE TO USERS
This reproduction is the best copy available.
®
UMI
THESIS
INTERFACE TIMING VERIFICATION USING CONSTRAINT LOGIC PROGRAMMING AND BINARY DECISION DIAGRAMS
Submitted by: Albina Shapiro
Electrical and Computer Engineering
A thesis submitted to McGill University in partial fulfillment of the requirements of the degree of Master of Engineering August 27, 2004
© Albina Shapiro, 2004
1+1
Library and Archives Canada
Bibliothèque et Archives Canada
Published Heritage Branch
Direction du Patrimoine de l'édition
395 Wellington Street Ottawa ON K1A ON4 Canada
395, rue Wellington Ottawa ON K1A ON4 Canada Your file Votre référence ISBN: 0-494-12646-9 Our file Notre référence ISBN: 0-494-12646-9
NOTICE: The author has granted a nonexclusive license allowing Library and Archives Canada to reproduce, publish, archive, preserve, conserve, communicate to the public by telecommunication or on the Internet, loan, distribute and sell th es es worldwide, for commercial or noncommercial purposes, in microform, paper, electronic and/or any other formats.
AVIS: L'auteur a accordé une licence non exclusive permettant à la Bibliothèque et Archives Canada de reproduire, publier, archiver, sauvegarder, conserver, transmettre au public par télécommunication ou par l'Internet, prêter, distribuer et vendre des thèses partout dans le monde, à des fins commerciales ou autres, sur support microforme, papier, électronique et/ou autres formats.
The author retains copyright ownership and moral rights in this thesis. Neither the thesis nor substantial extracts from it may be printed or otherwise reproduced without the author's permission.
L'auteur conserve la propriété du droit d'auteur et des droits moraux qui protège cette thèse. Ni la thèse ni des extraits substantiels de celle-ci ne doivent être imprimés ou autrement reproduits sans son autorisation.
ln compliance with the Canadian Privacy Act some supporting forms may have been removed from this thesis.
Conformément à la loi canadienne sur la protection de la vie privée, quelques formulaires secondaires ont été enlevés de cette thèse.
While these forms may be included in the document page count, their removal does not represent any loss of content from the thesis.
Bien que ces formulaires aient inclus dans la pagination, il n'y aura aucun contenu manquant.
•••
Canada
Abstract
The design and verification of high performance circuits is becoming increasingly challenging due to the complex sets of constraints that must hold to ensure correct operation. The complexity of digital circuits increases rapidly, which in turn results in an increased complexity of the verification process and increased user effort. Efficient and easy to use tools are therefore required for timed verification.
In this thesis we propose two methods to aid the verification process.
Firstly, we
introduce a new verification methodology that combines the advantages of several existing successful approaches.
In particular, our verification technique uses a
combination of untimed, relative timing and timed verification. Secondly, we propose and evaluate a novel method of solving CSPs (constraint satisfaction problems) using BDDs (binary decision diagrams). We investigate two different implementations of a BDD-based CSP solver and their capacity to bridge the gap between untimed and timed verification. techniques.
Finally, we present two case studies to demonstrate the proposed
Résumé
La conception et la vérification des circuits de rendement élevé deviennent de plus en plus exigeantes à cause des ensembles complexes de contraintes qu'il faut combler pour assurer l'opération correcte. La complexité des circuits numériques augmente rapidement ce qui, à son tour, a comme conséquence une plus grande complexité du procédé de vérification et une augmentation des efforts de l'utilisateur. Des outils efficaces et faciles à utiliser sont donc devenus nécessaires pour la vérification synchronisée.
Dans cette thèse, nous proposons des méthodes pour améliorer la performance et pour optimiser le procédé de vérification.
Premièrement, nous présentons une nouvelle
méthodologie de vérification combinant les avantages de plusieurs approches réussies déjà existantes. En particulier, notre technique de vérification emploie une combinaison de la synchronisation relative, la vérification chronométrée et non chronométrée. Deuxièmement, nous proposons et évaluons une nouvelle méthode pour résoudre des PSCs (problèmes de satisfaction de contrainte) en utilisant des DBDs (diagrammes binaires de décision). Nous étudions deux réalisations différentes d'un solutionneur PSC, basé sur les DBDs, et leur capacité d'établir le lien entre la vérification chronométrée et non chronométrée.
En conclusion, nous présentons deux études démontrant les
techniques proposées.
2
Acknowledgements
1 would like to express my gratitude to professor Radu Negulescu for his supervision and guidance throughout my master's program. His regular availability, incredible patience, tremendous help and personal charm have made me greatly appreciative and thankful. Furthermore, 1 would like to thank professor Karim Khordoc for the financial support which has made this work possible. 1 am also grateful to Xiao-hua Kong, who has worked c10sely with me on this research. 1 am especiaHy thankful for his patience and his willingness to help in every situation.
His help has been enormous and his
contribution to this thesis has been invaluable. Last but not least, 1 would like to thank aH my friends from the MACS lab who have supported me throughout the pro gram and whose friendship has made my time in McGill university a memorable and enjoyable experience.
3
Table of Contents ABSTRA CT ....................................................................................................................... 1 RESUME ........................................................................................................................... 2
ACKN0 WLEDGEMENTS ............................................................................................. 3 TABLE OF CONTENTS ................................................................................................. 4
TABLE OF FIGURES ................................................................................................... 5 CHAPTER 1. INTRODUCTION ................................................................................ 6 1.1 MOTIVATION ........................................................................................................ 6 1.2 PREVIOUS W ORK ................................................................................................. 8 1.2.1 Verification Methods ....................................................................................... 8 1.2.2 BDDs in Verification Tools ............................................................................. 9 1.2.3 BDD Variants for Arithmetic Functions ....................................................... 11 1.3 CONTRIBUTIONS AND THESIS ORGANIZATION ................................................... 12
CHAPTER 2. BACKGROUND AND BASIC NOTIONS ...................................... 14 2.1 TIMING DIAGRAM SPECIFICATION AND VERIFICATION ........................................ 14 2.2 CONSTRAINT LOGIC PROGRAMMING ................................................................... 17 2.2.1 CSP ................................................................................................................ 17 2.2.2 Building CSP from Timing Diagrams ............................................................ 17 2.3 PROCESS SPACES ................................................................................................. 18 2.4 BINARY DECISION DIAGRAMS ........................................................................... 20 TOOLS OVERVIEW ............................................................................................... 22 2.5 2.5.1 RTCG ............................................................................................................. 22 2.5.2 zChaff............................................................................................................. 22 2.5.3 Firemaps ........................................................................................................ 23
CHAPTER 3. AUTOMATED VERIFICATION OF TIMED CIRCUITS USING TRACES AND CONSTRAINT LOGIC PROGRAMMING ..................................... 24 3.1 3.2 3.3
INTEGRATED NON-METRIC AND METRIC VERIFICATION FLOW ......................... TRACE-TO-CSP CONVERSION TOOL .................................................................. C-ELEMENT VERIFICATION CASE SruDY ............................................................
25 27 30
CHAPTER 4. SOLVING CONSTRAINT SATISFACTION PROBLEMS USING BINARY DECISION DIAGRAMS ............................................................................... 34 4.1 REPRESENTING CSP USING BDDs ....................................................................... 34 4.2 CSP SOLVER ....................................................................................................... 35 4.2.1 Minterm Generation ....................................................................................... 36 4.2.2 Direct Construction ....................................................................................... 38 4.3 CASE STUDY: CSP SOLVER .................................................................................. 40
CHAPTER 5. CONCLUDING REMARKS .............................................................. 46 REFEREN CES ................................................................................................................ 48
4
Table of Figures
FIGURE 1: TIMING DIAGRAM: HANDSHAKING PROTOCOL, SENDER ..................................... FIGURE 2: C-ELEMENT PROCESS ........................................................................................
16 19 FIGURE 3: OBDD FOR xl v x2v x3 .................................................................................... 21 FIGURE 4: OBDD FOR (xl v x2) /\ x3 ................................................................................ 21 FIGURE 5: TIMING VERIFICATION PROCESS ......................................................................... 25 FIGURE 6: C-ELEMENT CIRCUIT .......................................................................................... 30 FIGURE 7: GATE DELAYS FOR C-ELEMENT .......................................................................... 30 FIGURE 8: SEQUENCES OF GATE STATES CORRESPONDING TO THE EVENTS IN THE TRACE .. 31 FIGURE 9: C -ELEMENT VERIFICATION PROBLEM FORMULATED AS CSP ............................ 33 FIGURE 10: BDD FOR CONSTRAINT A ::; 3 ........................................................................... 35 FIGURE Il: DIRECT CONSTRUCTION: EXECUTION TIME VS BIT COUNT ............................... 44 FIGURE 12: DIRECT CONSTRUCTION: EXECUTION TIME VS NUMBER OF CONSTRAINTS ....... 44
TABLE 1: TABLE 2: TABLE 3: TABLE 4: TABLE 5:
TOTAL EXECUTION TIME (SEC) USING MINTERM GENERATION METHOD ........... MINTERM GENERATIONTIME (SEC) ................................................................... INTERSECTION + EMPTINESS TEST TIME (SEC) ................................................... EXECUTION TIME (SEC) USING DIRECT CONSTRUCTION METHOD ........................ EXECUTION TIME (SEC) USING PROLOG ..............................................................
5
41 41 42 42 43
CHAPTER
1.
Introduction
1.1
Motivation
The design and verification of high performance timed circuits is becoming increasingly challenging due to the complex sets of constraints that must hold to ensure correct operation.
As the size and functional complexity of digital designs increase, it is
becoming important to verify the design at different stages of design flow [Ku97].
The goal of formaI verification is to determine whether or not the circuit will operate correctly under aIl possible inputs and operating conditions, i.e., establish correctness for aIl cases. One way to solve the verification problem is to show that there are no solutions to the problem of finding sorne condition where the circuit fails [Br95]. Considering the increased complexity of today's designs, the verification process becomes non-trivial and it requires a systematic approach. Efficient and easy to use automated tools are therefore required for the verification of the pre- and post- layout circuits.
Various efficient verification methods have been proposed to address the issues of performance and automation. The existing verification methodologies inc1ude untimed (or non-numeric) and timed (numeric) analysis. While these approaches may differ in problem modeling, they have similar methods for solving the verification problem. One of the successful approaches to addressing a verification problem is to formulate it as a CSP (Constraint Satisfaction Problem) and solve it using constraint logic programming [CK95, GC97 and others].
Another highly successful approach in verification involves the use of BDDs (Binary Decision Diagrams), which are data structures that can encode huge sets of bit-vectors in a highly compact format [Br86]. BDDs can be used both as a memory-efficient storage
6
for Boolean or multivalued functions and representations facilitating the analysis of data. BDD structure provides canonical representation of discrete objects and immediately supports efficient Boolean-algebraic operators (such as conjunction, negation, etc.) [BGC, MiOI].
Overall, BDDs can provide a complete representation of the circuit
behavior in a compact and manageable form and thus realize a powerful tool for the verification process. There are also many successful techniques that verify circuits using BDDs and their variants [BCM+92, BC95 and others].
The work described in this thesis was undertaken to achieve two objectives. Firstly, we set a goal to optimize the verification process and improve on the existing verification techniques. In this thesis we propose to combine the advantages of various verification approaches mentioned above, thus creating our own efficient automated tool for verifying complex circuits. In particular, we have developed a technique to verify timed circuits using a combination of untimed, relative timing and timed verification. In our method the complexity of the verification process is reduced by integrating untimed analysis with the relative timing verification, delaying the application of the complex timed models and using real (extracted) gate delays in timed analysis.
Secondly, we focused on finding an optimal approach to solving verification problems efficiently. In this thesis we show how to solve constraint satisfaction problems using binary decision diagrams. By combining the two latter approaches, we are seeking to create an efficient constraint solver as well as explore the possible benefits of a novel approach to timed formaI verification. By integrating different verification techniques in one automated process, we are trying to improve the overall effectiveness and ease of use of the verification process by bridging the gap between untimed and timed verification.
7
1.2
Previous Work
This section de scribes the previous work relevant to our research and discusses the benefits and drawbacks of different previous approaches.
1.2.1
Verification Methods
A number of approaches have been proposed to develop efficient verification methods. A novel approach to verification of timed systems was proposed by Pena et al [PCK+OO]. This method performs an off-line timing analysis on a set of timed event structures using absolute gate delays and transforms it into a set of relative timing constraints. However, since these constraints are derived with the given min-max delays on aIl gates, the method still suffers from overly conservative delay bounds.
Another approach to
mention is proposed by Kim et al in [KBS02]. This approach is using untimed models and relative timing based verification to identify relative timing constraints sufficient to guarantee the correctness of a circuit. After such constraints are found, the post-layout circuits can be analyzed to validate these timing constraints given extracted min-max delays.
In [NP98], a verification methodology is proposed where a timed circuit is represented by an untimed model and untimed state space enumeration is done. There are also sorne methods [AD92, Mi99, KYM03 and others] which propose to verify timed circuits using timed automata. The untimed verification methods have an advantage of reducing the complexity of verification by using simpler untimed models. However since the timed circuit is analyzed as an untimed circuit, the resulting constraint set becomes larger than necessary producing an over-approximated failure set. On the other hand, the timed verification techniques use numeric timing information such as extracted gate delays, resulting in a relatively small set of constraints. The drawback of these techniques is having complex timed models, which significantly increase the verification cost.
8
The methods described above have inspired a new verification methodology described in this thesis. While each technique has its benefits and drawbacks, combined in a proper way, they can increase the performance of a verification process.
1.2.2
BDDs in Verification Toois
A number of works have been based on representing integers and solving integer systems using BDDs. For example, in [CAB+98], a BDD-based model checker SMV [Mc93] is used to analyze a specification of a complex software system. In this experiment authors report using BDDs to represent integer numbers as large as 15 bits. Similar issues are addressed in [HP94] , where a method of translating VHDL data types into a BDD representation is presented. The VHDL data types, inc1uding integers, are encoded in a set of binary variables. The arithmetic is performed on integer types using an interleaved order of the BDD variables used by the binary representations.
There have been also a lot of work in the area of solving integer-based systems by combining BDDs and constraint based approaches. In [BGL97], the authors proposed a model checker for integer systems which incorporates a constraint sol ver into BDD-based algorithms. In this approach BDDs and Presburger constraints are used as the underlying state representations. The constraint sol ver is able to handle specifications inc1uding a mixture of Booleans, integers and enumerated types, but is incomplete for integer Iinear arithmetic [SOO].
In [CAB+97], Chan et al propose to use BDD-based algorithms to verify systems with non-Iinear arithmetic constraints. In this technique model checking is performed by mapping constraints to BDD variables.
A constraint sol ver is used during model
checking to prune the BDDs by removing paths that correspond to infeasible constraints. Although this technique is capable of handIing non-Iinear constraints, it is restricted to systems where transitions are either data-memoryless (i.e., next state value of a data
9
variable does not depend on its CUITent state value), or data-invariant (i.e., data variables remain unchanged) [SOO]. The system of [CAB+97] can handle both linear and nonlinear constraints, but uses an off-the-shelf backtracking solver that can be very inefficient in practice.
The approaches described above use BDDs and the combination of BDDs with constraint-based methods to solve integer systems. Another paper that is important to mention is [BuOO], where the authors discuss BDDs and constraint representations as means of solving integer equations. The authors point out that constraint representations allow verification of infinite-state systems since they can represent variables with infinite domains. On the other hand, although BDDs are not capable of handling systems with unbounded integers, if the variables are restricted to a finite set of values, they can be represented using a binary encoding.
Therefore, for examples with small integer
domains, constraint representation would be very inefficient, and thus the use of BDDs is justified.
The methods described above mostly deal with model checking, however our goal is slightly different. Our research focuses on implementing an efficient CSP solver using BDDs.
In [WC97], the authors address similar issues by proposing a BDD-based
algorithm for the solution of large system of Boolean equations. The algorithm works by eliminating as many variables as possible through function decomposition. When the system can no longer be reduced in this way, the elimination process is continued through the use of Shannon decomposition. This method takes advantage of the fact that Boolean functions represented by BDDs can, in sorne particular cases, be performed in a very efficient manner. However, this method greatly depends on BDD variable ordering and thus will not be efficient for every problem.
10
1.2.3
BDD Variants for Arithmetic Functions
In addition, there have been several efforts to extend the basic ideas of BDDs to represent functions over Boolean variables, but having non-Boolean ranges, such as integers or real numbers [Br95]. These functions are relevant to our research since the CSP problem comprises a system of integer equations. The challenge of these efforts is to find a compact way to encode the numeric function values. While there have been a lot of work in this area, in this paper we note only those contributions which are most relevant to our research.
One of the BDD variations used for numeric-valued functions are "Multi-Terminal" BDD (MTBDD) [CMZ+93], also called "Arithmetic Decision Diagrams" (ADDs) [BFG+93]. MTBDDs use a decision graph like a BDD, but allow arbitrary values on the terminal nodes. MTBDDs are very similar to BDDs and simple to represent, however they are very inefficient for representing functions yielding values over a large range [Br95]. Therefore their use is limited to applications where the number of possible values is relatively small.
For applications where the number of possible function values is too high for MTBDDs, alternative representations have been devised. Lai et al developed "Edge-Valued" BDDs (EVBDDs) where the numeric weights are incorporated on the edges, which in turn allows greater sharing of subgraphs [TS92, LPV94].
EVBDDs always improve on
MTBDDs in terms of the number of nonterminal nodes, but have higher overhead per node [Br95]. EVBDDs have been successfully used in developing algorithms for solving integer linear programs. [LPV93, LPV94]
Other recent results which deal with constructing BDDs for arithmetic constraints inc1ude Binary Moment Diagrams [BC95, Ch98] and Hybrid Decision Diagrams [CFZ95]. Both BMDs and HDDs offer considerable advantages over aIl other known representations for representing arithmetic functions, although many of the operations have worst case complexity that grows exponentially in the operand graph sizes [Br95].
11
While different BDD variants result in efficient representations and are worth exploring, we must mention another research contribution, where the authors show a method to construct linear-sized BDDs from linear arithmetic constraints directly, without using BMDs and HDDs [BB03]. Since representing arithmetic constraints can often result in an exponential size BDDs, this method can greatly improve performance if integrated into a BDD-based model checker or constraint sol ver.
1.3
Contributions and Thesis Organization
In this section we point out differences between the work described in this thesis and other existing methods (Section 1.2).
In this thesis we propose a new automated
verification procedure. The main difference between our method and the verification tools discussed in the previous section, is that we combine untimed, relative timing and timed verification in one automated process.
Moreover, as part of the verification
process, we use a number of existing tools (described in Section 2.5). However we have also implemented a new tool, called Trace-to-CSP, which allows for the conversion of traces of execution to a constraint satisfaction problem. With the help of this tool, we were able to link untimed and timed verification in one process.
In addition, in this thesis we propose a method for solving constraint satisfaction problems using BDDs.
As mentioned in Section 1.2.2, for examples where integer
variables have small bounded domains, the use of BDDs is more efficient than, for example, constraint representation.
Since in circuit verification there are a lot of
applications that use integers with small domains (for example bounded delay model for logic gates), we have chosen to use BDDs to represent integers. While there has been a lot of work in the area of BDD-based verification, to the extent of our knowledge, this is the first attempt to solve CSPs using BDD-based methods. In this thesis we propose and assess two different approaches to solving CSPs using binary decision diagrams.
12
This thesis is organized as follows. Chapter 2 provides an overview of sorne theoretical background and basic notions.
Chapter 3 proposes a new verification method and
introduces a new tool which is used to convert traces of execution to CSP.
The
verification process and the implementation of the new tool are described in detail. Chapter 3 also inc1udes a case study and illustrates our verification method on an example.
Chapter 4 proposes a way to solve constraint satisfaction problems using binary decision diagrams. It explains how to represent and solve a CSP using BDDs and shows two different implementations of the CSP Sol ver. The performance of the sol ver is then evaluated by carrying out a case study.
The experimental results are discussed and
compared to those obtained by using other existing tools.
Finally, Chapter 5 conc1udes this thesis by summarizing our work and discussing limitations and future research.
13
2.
CHAPTER Background and Basic Notions
The following section provides sorne theory background and describes basic notions used in this paper. In particular, our work relies on a formalization of timing diagrams from [CK95], constraint logic programming (CLP), concurrency theory called process spaces, and binary decision diagrams.
2.1
Timing Diagram Specification and Verification
The ultimate objective of interface timing verification is ascertaining that, given the interface specification of various hardware components, their interconnection will satisfy each others protocol and timing requirements. Each interface is specified as a collection of events and constraints relating the occurrence times of these events [GC97]. The numerical information regarding the behavior of a device is specified using a timing diagram formalism from [CK95]. In this section, we briefly overview this formalism; for more details, the reader is referred to [CK95].
Signal values are described by the set of waveforms, each waveform containing the stable values and transitions. A signal transition is referred to as an event (see definition 1). The event interdependencies are called timing relations and described by means of an arrow connecting two different events. Each arrow extends from the source to the sink event and has a set of values associated with it, which can be shown next to the arrow. The set of values represent an interval of time and it is used to indicate the timing constraints between the occurrences of the two events.
14
Definition 1: Event and Occurrence Time. An event is a signal transition. An event is
said to occur at sorne granule tif it occurs at any instant during t. The occurrence time of an event is the instant, i.e., a time point on an underlying time axis, at which the event occurs.
Definition 2: Intervals and Timing Constraints. An intervaln is a set of values with
lower and upper bounds. An interval could be dense (i.e. real values) or discrete (i.e. integer values). A timing constraint could be represented as an interval between events. E.g. for
7r
= [min, max], timing constraint c = (ei, ej, ft) represents min:::; ej - ei :::; max,
where ej and ei are time occurrences of signal transitions i andj respectively.
Definition 3: Timing diagram [CK95]. A timing diagram is a 4-tuple AD=(E, C, A, R)
where •
E = {eo, el, ... ,en-l} is the set of events characterizing the behavior of the
device; •
C is the set of commit timing relation Cj;
•
A is the set of assume timing relations ai ;
•
R is the set of requirement timing relations ri ;
Commit relations define the behavior of a device, i.e., they affect the output events
produced by the device. Assume relations describe behaviors that the device expects from the environment, i.e., they describe input events produced by the environment. Requirement relations are relations that must be met once devices are connected. Figure
1 is a simple example of a timing diagram illustrating a handshaking protocol on the sender side. Timing relations are shown as arrows connecting two different events. Solid arrows indicate commit relations, while dashed arrows indicate requirement and assume relations. An interested reader is referred to [CK95, GC97, KDC+93] for more details.
15
Output
Rs
Input
As
Output
Ds
requirement
-----+ commit
Figure 1: Timing diagram: handshaking protocol, sender
In order to verify the proper operation of the device described by the timing diagram, consistency and satisfiability properties must be checked [BGM91].
The foUowing
definitions are based on [CK95, GC97].
Definition 4: Trace. A trace over a set of events E, where 1 E
1
=n, is a vector T =(t1, t2,
... tn ), where tj represents the occurrence time of event ej.
Definition 5: Consistency. Let tj be the occurrence time of an event ej
E
E. A timing
diagram specification TD = (E, C, A, R) is consistent if there exists a trace over E such that aU the timing relations in Cu A are satisfied. In other words, given any reference event ek E E, it is possible to compute time separations to an events ej E E.
Definition 6: Satisfiability. Given a timing diagram specification TD = (E, C, A, R), let {Tc} and {TAuR } be the sets of event occurrence times satisfying C and AuR
respectively. The assume and requirement timing relations are said to be satisfied if
The satisfiability definition formalizes situations where a timing diagram specification is satisfied on its own, in the sense that any set of occurrence times that satisfies the commit relations also satisfies the assume relations of the timing diagram. In particular, if there are no assume or requirement relations, any set of occurrence times satisfies AuR and the diagram is satisfied.
16
2.2
Constraint Logic Programming
Constraint logic programming (CLP) is a logic programming language, which allows for modeling, analyzing and solving constraint satisfaction problems (CSP).
2.2.1 CSP
Definition 7: Constraint Satisfaction Problem [Vh89]. A constraint satisfaction problem (CSP) is a 3-tuple P
=(l, D, C) where
•
1 = {Xl, x2, ... xdis a finite set of variables,
•
D
•
C is a set of constraints over l.
= {Dl, D2, ... Dk } is a finite set of domains, such that Xi E Di
Definition 8: Constraint. A constraint is a logical relation among several unknowns (or variables), each taking a value in a given domain. A constraint is often expressed as an equation or inequality.
Definition 9: Solution of a CSP [GC97, Vh89].
A solution s to a CSP P is an
assignment of values to all variables, such that it satisfies all the constraints. A constraint problem is inconsistent if there does not exist a solution s for the problem.
2.2.2 Building CSP trom Timing Diagrams
In this thesis, we introduce a verification method that makes use of constraint logic programming. We formulate our verification problem as a CSP since it will simplify the verification process by reducing the problem to a set of linear equations.
Since our
verification problem is originally specified using timing diagrams, we need a method of converting timing diagrams into a CSP.
17
In order to formulate our problem as a CSP, we need to express all the timing information of the circuit as a set of constraints, or inequalities. The constraints between events are indicated on the timing diagram as [min, max] intervals.
As shown in [GC97], expressing the timing diagram as a CSP involves the following process:
Given a timing diagram TD
=(E, CTD, A, R), we can produce a CSP P =(l, D, Cp) where
•
ej E E ti E J,
•
Cp=CTD u{,(AuR)}
ti
is the occurrence time of an event i
In order to solve the CSP and prove the satisfiability of a given timing diagram, we need to construct distinct CSPs Pi
= (l, D,
Cp), where Cp
= CTD
U
{,(A uR)}. In this case
the TD is consistent if V Pi> Pi 1= 0. In other words, taking the complement of (A uR), we would have proven that there is no possibility to have an inconsistent timing assignment if the solution to a CSP is an empty set. AIso, for simplicity, in aIl further verification examples we regard aIl assume and requirement relations as requirement relations, i.e. R
=A u
R. For an example of a CSP construction problem please refer to
the case study in Section 3.3.
2.3
Process Spaces
Process spaces [Ne98, NeOO] are a simplified theory of concurrency, closely related to CSP [H085] and trace theory [Di89], but parameterized by the execution type. Systems are represented in terms of their possible executions, which can be taken to be sequences of events, functions of time, etc., depending on the level of detail desired in the analysis. In this paper, executions are taken to be traces (sequences of events).
18
Let E be the set of aIl possible executions. A process p is a pair (X, Y) of subsets of E such that XuY = E. A process represents a contract between a device and its environment, from the device viewpoint. Executions in XnY, called goals, denoted by g p are legal for both the device and the environment. Executions from outside X, called escapes, denoted by e p, represent bad behavior on the part of the device. FinaIly, executions from outside Y, called rejects, denoted by r p, represent bad behavior on the part of the environment.
Process spaces can be used to build models of circuit behavior in a manner similar to the state machines of Figure 2.
Figure 2: C-element process
For an example of the models used in this paper, consider a C-element with inputs a and b and output c. If the input signaIs have the same logical value, the C-element copies that
value at the output; otherwise, the output value is unchanged. If aIl signaIs start low, the C-element can be represented by the process in Figure 1, where r, g, and e stand for reject, goal, and escape. Illegal output events lead to an escape state with self loops on aIl subsequent events, calI it a permanent escape, and illegal input events lead to a reject state that cannot be left either, calI it a permanent reject. The state where a-b leads is also marked e, making it illegal for the device to complete its operation by stopping there.
In this paper, we only use refinement check on processes. Refinement is a reflexive, transitive and antisymmetric binary relation, written p c:::: q , meaning "process q is a
19
satisfactory substitute for process pif.
We normally use the refinement relation to
compare an implementation process to a specification process. An alternative definition of refinement is to say that an 'implementation' q is correct with respect to a 'specification' p if q operates correctly in the environment of p. Another alternative definition of refinement is: q 'is better than or as good as' p if q passes aIl tests that p passes [Ne98]. A refinement violation is said to occur if q does not pass aIl the tests that
p passes.
For a more detailed definition and properties of refinement, an interested
reader is referred to [Ne98].
2.4
Binary Decision Diagrams
A BDD (binary decision diagram) is a data structure first introduced by Bryant in [Br86]. It represents a function as a graph, with each nonterminal node labeled by a function
variable. The following definitions are adopted from [Br86].
Definition 10: Function Graph. A function graph is a rooted, directed graph with vertex set V containing two types of vertices. A nonterminal vertex v has as attributes an argument index index(v) ç {1, ... ,n}, and two children low(v ),high(v)ç V. A terminal vertex v has as attribute a value value(v)
E
{0,1}.
Furthermore, for any nonterminal vertex v, if low(v) is also nonterminal, then we must have index(v) < index(low(v)). Similarly, if high(v) is nonterminal, then we must have
index(v) < index(high(v)).
The correspondence between function graphs and Boolean functions is as follows:
Definition 11: Function Graphs and Boolean Functions. A function graph G having root vertex v denotes a functionjv defined recursively as: 1. If v is a terminal vertex:
20
a. If value(v) =1, then fv
=1
b. Ifvalue(v) =0, then fv
=0
2. If v is a nonterminal vertex with index(v) =i, thenfv is the function
-
flx1, ... ,xn ) = X iizow(v;(X1, ... ,xn ) + x;f high(v) (X1, ... ,xn ).
In other words, a set of argument values X1, ... ,xn describe a path in the graph starting from the root. If sorne vertex v along the path has index(v) the low child if Xi
=i, then the path continues to
=0 and to the high child if Xi = 1. The value of the function for these
arguments equals the value of the terminal vertex at the end of the path. Note that the path defined by a set of argument values is unique. Furthermore, every vertex in the graph is contained in at least one path, i.e. no part of the graph is "unreachable" [Br86].
Examples of the BDDs are illustrated in figures 3 and 4. We use symbols
V,
À
to indicate
logical OR and AND respectively. Each node has two outgoing edges, corresponding to the cases where the variable evaluates to 0 (shown as a dashed line) or to 1 (shown as a solid line). The terminal nodes correspond to the function values and are shown as boxes containing either 0 or 1. The function value is determined by tracing a path from the root to a terminal node following the appropriate branch from each node [Br95].
l l
,
,'
1/"
GJ Figure 3: OBDD for xl vx2 vx3
Figure 4: OBDD for (xl vx2)
21
A
x3
The graphs of Figure 3 and 4 are examples of Ordered BDDs (OBDDs). That is, if we consider the variables to be ordered
Xl
