satGSTE : Combining the Abstraction of GSTEwith the Capacity of a SAT

GSTE (Generalized Symbolic Trajectory Evaluation) is a model checking technique based on symbolic simulation 4]. GSTE is a very signiicant extension of STE 2], 3] that combines the eeciency, capacity and ease of use of STE with the ability of classic symbolic model checking for verifying a rich set of properties on very large HW designs. GSTE has vastly demonstrated its viability for full formal veriication in various real-life industrial veriication cases 5]. GSTE speciications are given as assertion graphs. An assertion graph is an operational speciication formalism , through which one is both providing sequential scalar/symbolic stimuli for simulating the design-under-veriication (DUV), and is specifying the expected response. More speciically, an assertion graph is a labeled transition graph where each edge is associated with two expressions: one is called antecedent for specifying the way the circuit should be simulated, and the other is called consequent for specifying the expected response. A circuit satisses an assertion graph if for every nite trace of the circuit and every nite path in the assertion graph, if the trace satisses all the antecedents on the path, then it must also satisfy all the consequents on the path. GSTE model checking formally veriies whether the actual behavior of the circuit complies with the expected behavior described in the graph. Assertion Graphs are often cyclic and express behavior of circuits along unbounded computations. Here we propose a technique for reducing the veriication condition of bounded linear paths in an AG to a propo-sitional satissability problem-to be checked by a SAT Solver. Our motivation is two-folded. The more apparent is to take advantage of the ever-increasing high-capacity modern SAT solvers in the domain of GSTE model checking. What we suggest is a way to check bounded linear paths in an assertion graph. An assertion graph can be viewed as an (innnite) collection of those paths that describe interesting nite behaviors of the DUV. Model checking these paths is of interest both for a full proof of certain behaviors and for nding bugs in the DUV. The other major motivation is to improve user productivity while constructing assertion graph speciications. We want to reduce the time it takes to develop a full formal speciication. The importance of reducing user time cannot be overstated in industrial applications (see 1]). To make the latter point clearer, consider the speciica-tion development in classic SMC and in GSTE. In classic SMC, …