Unbounded Protocol Compliance Verification Using Interval Property Checking With Invariants

We propose a methodology to formally prove protocol compliance for communication blocks in System-on-Chip (SoC) designs. In this methodology, a set of operational properties is specified with respect to the states of a central finite state machine (FSM). This central FSM is called main FSM and controls the overall behavior of the design. In order to prove a set of compliance properties, we developed an approach that combines property checking on a bounded circuit model with an approximate reachability analysis. The property checker determines whether a property is valid for an arbitrary state of the design regardless of its reachability. In order to avoid false negatives, reachability constraints are added to the property, which are generated by an approximate FSM traversal algorithm. We show how the existence of a main FSM can be exploited systematically in the reachability analysis and how to partition both the transition relation and the state space such that the computational complexity is reduced drastically. This makes formal verification of protocol compliance tractable even for large designs with several thousand state variables. Our approach has been applied successfully to verify several industrial designs.

[1]  In-Ho Moon,et al.  Least fixpoint approximations for reachability analysis , 1999, 1999 IEEE/ACM International Conference on Computer-Aided Design. Digest of Technical Papers (Cat. No.99CH37051).

[2]  Armin Biere,et al.  Bounded model checking , 2003, Adv. Comput..

[3]  Jae-Young Jang,et al.  Iterative abstraction-based CTL model checking , 2000, DATE '00.

[4]  Enrico Macii,et al.  Algorithms for approximate FSM traversal based on state space decomposition , 1996, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[5]  Edmund M. Clarke,et al.  Sequential circuit verification using symbolic model checking , 1991, DAC '90.

[6]  Aarti Gupta,et al.  Efficient SAT-based unbounded symbolic model checking using circuit cofactoring , 2004, IEEE/ACM International Conference on Computer Aided Design, 2004. ICCAD-2004..

[7]  Gianpiero Cabodi,et al.  Decomposed symbolic forward traversals of large finite state machines , 1996, Proceedings EURO-DAC '96. European Design Automation Conference with EURO-VHDL '96 and Exhibition.

[8]  Chao Wang,et al.  Improving Ariadne's Bundle by Following Multiple Threads in Abstraction Refinement , 2003, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[9]  Kenneth L. McMillan,et al.  Automatic Abstraction without Counterexamples , 2003, TACAS.

[10]  Peter A. Beerel,et al.  Safe BDD minimization using don't cares , 1997, DAC.

[11]  Helmut Veith,et al.  Automated Abstraction Refinement for Model Checking Large State Spaces Using SAT Based Conflict Analysis , 2002, FMCAD.

[12]  Niklas Sörensson,et al.  An Extensible SAT-solver , 2003, SAT.

[13]  Robert K. Brayton,et al.  Early quantification and partitioned transition relations , 1996, Proceedings International Conference on Computer Design. VLSI in Computers and Processors.

[14]  Moshe Y. Vardi,et al.  GSTE is partitioned model checking , 2004, Formal Methods Syst. Des..

[15]  Dominik Stoffel,et al.  Cost-efficient block verification for a UMTS up-link chip-rate coprocessor , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[16]  Olivier Coudert,et al.  A unified framework for the formal verification of sequential circuits , 1990, 1990 IEEE International Conference on Computer-Aided Design. Digest of Technical Papers.

[17]  Enrico Macii,et al.  Automatic state space decomposition for approximate FSM traversal based on circuit analysis , 1996, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[18]  Daniel Kroening,et al.  Word-Level Predicate-Abstraction and Refinement Techniques for Verifying RTL Verilog , 2008, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[19]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[20]  Alan J. Hu,et al.  Approximate reachability with BDDs using overlapping projections , 1998, Proceedings 1998 Design and Automation Conference. 35th DAC. (Cat. No.98CH36175).

[21]  Edmund M. Clarke,et al.  Symbolic model checking for sequential circuit verification , 1993, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[22]  Kenneth L. McMillan,et al.  Applying SAT Methods in Unbounded Symbolic Model Checking , 2002, CAV.

[23]  Zijiang Yang,et al.  Iterative Abstraction using SAT-based BMC with Proof Analysis , 2003, ICCAD 2003.

[24]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[25]  Markus Wedler,et al.  Transition-by-transition FSM traversal for reachability analysis in bounded model checking , 2005, ICCAD-2005. IEEE/ACM International Conference on Computer-Aided Design, 2005..

[26]  Tiziano Villa,et al.  VIS: A System for Verification and Synthesis , 1996, CAV.

[27]  Kavita Ravi,et al.  High-density reachability analysis , 1995, ICCAD.

[28]  Carl-Johan H. Seger,et al.  Introduction to generalized symbolic trajectory evaluation , 2003, IEEE Trans. Very Large Scale Integr. Syst..

[29]  In-Ho Moon,et al.  To split or to conjoin: the question in image computation , 2000, DAC.

[30]  Alan J. Hu,et al.  Reasoning about GSTE Assertion Graphs , 2003, CHARME.

[31]  Luciano Lavagno,et al.  Disjunctive partitioning and partial iterative squaring: an effective approach for symbolic traversal of large circuits , 1997, DAC.

[32]  Mary Sheeran,et al.  Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.