1 / 10

Model Checking

Model Checking. Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds for the design. A counterexample if the property does not hold.

harmon
Download Presentation

Model Checking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds for the design. A counterexample if the property does not hold. • Model checking is the alternative to simulation

  2. R R G R Y G Y G G R Computational Tree Logic (CTL) • CTL is a logic used to express properties for model checking • CTL is useful because there is an efficient technique to check it • A temporal logic is a logic which can express aspects of time • CTL makes statements about the computational tree of a state machine Traffic light FSM Computational tree for FSM

  3. CTL Formulae A CTL formula is built from three things: Atomic propositions - These are the variables Boolean connectives - AND, OR, NOT, etc. Temporal operators - Express something about paths in the computational tree A temporal operator has two parts: A path quantifier - A (for all paths) or E (there exists a path) A temporal modality - Describe the ordering of events in time

  4. Temporal Modalities • Assume that p is a CTL formula. F p - “p holds sometime in the future” Is true of a path is there exists a state on the path where p is true G p - “p is true globally” Is true of a path if p is true at all states on the path X p - “p holds in the next state” Is true of a path if p is true in the state immediately after the current state p1 U p2 - “p1 holds until p2 holds” Is true if p2 is true in a state and p1 is true in all preceding states

  5. A CTL Property • All temporal modalities, except G, are evaluated from the start state of the path AG (req -> AF ack) • For all reachable states, if req is asserted then we must reach a state where ack is asserted • AG is interpreted relative to the start state • AG selects all states reachable from start state • AF is interpreted relative to where req is asserted

  6. Another CTL Property AG AF enabled • For every reachable state, for all paths starting at that state we must reach another state where enabled is asserted AG EF restart • From any reachable state, there must exist a path reaching a state where restart is asserted • In other words, it must always be possible to reach the restart state

  7. Fairness Constraints • Fairness is when a set of constraints must be satisfied “infinitely often” • “Buchi” type of constraints • This can ensure fair access to a resource (bus access)

  8. Traffic Light Controller Constraint AG ( !((farm_light = GREEN) * (hwy_light = GREEN)) ); • Both lights can’t be green at the same time

  9. CTL VIS Verilog vl2mv Blif-MV Model Checking in VIS • We use VIS for model checking, not synthesis

  10. Running VIS % module load vis % vl2mv tlc.v % vis vis> read_blif_mv tlc.mv vis> init_verify vis> model_check -i tlc.ctl • Setup environment vars • Convert verilog to blif_mv • Start VIS • Read the blif • Initialize for verification • Model check with properties (tlc.ctl)

More Related