Coverage of formal properties based on a high-level fault model and functional ATPG

The use of model checking to validate descriptions of digital systems lacks a coverage metrics. If the set of formal properties defined to prove the correctness of the design is incomplete, the verification can lead to a false sense of security. This paper refines, extends, and compares with other symbolic approaches, a methodology to estimate the incompleteness of formal properties, which exploits a high-level fault model and functional ATPG.

[1]  Kurt Keutzer,et al.  Coverage Metrics for Functional Validation of Hardware Designs , 2001, IEEE Des. Test Comput..

[2]  Timothy Kam,et al.  Coverage estimation for symbolic model checking , 1999, DAC '99.

[3]  Ilan Beer,et al.  FoCs: Automatic Generation of Simulation Checkers from Formal Specifications , 2000, CAV.

[4]  Fabio Somenzi,et al.  Dos and don'ts of CTL state coverage estimation , 2003, DAC '03.

[5]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[6]  Fabrizio Ferrandi,et al.  Symbolic functional vector generation for VHDL specifications , 1999, Design, Automation and Test in Europe Conference and Exhibition, 1999. Proceedings (Cat. No. PR00078).

[7]  Robert P. Kurshan,et al.  A Practical Approach to Coverage in Model Checking , 2001, CAV.

[8]  Orna Grumberg,et al.  "Have I written enough Properties?" - A Method of Comparison between Specification and Implementation , 1999, CHARME.

[9]  Edmund M. Clarke,et al.  Efficient generation of counterexamples and witnesses in symbolic model checking , 1995, DAC '95.

[10]  Franco Fummi,et al.  On the use of a high-level fault model to check properties incompleteness , 2003, First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings..