Post on 31-Jul-2020
transcript
Hindawi Publishing CorporationJournal of Applied MathematicsVolume 2013 Article ID 272781 10 pageshttpdxdoiorg1011552013272781
Research ArticleAlgebraic Verification Method for SEREs Properties viaGroebner Bases Approaches
Ning Zhou12 Jinzhao Wu13 and Xinyan Gao4
1 School of Computer and Information Technology Beijing Jiaotong University Beijing 10044 China2 School of Electronic and Information Engineering Lanzhou Jiaotong University Lanzhou 730070 China3 Guangxi Key Laboratory of Hybrid Computation and IC Design Analysis Guangxi University for NationalitiesNanning 530006 China
4 School of Software of Dalian University of Technology Dalian 116620 China
Correspondence should be addressed to Jinzhao Wu jzwu zhyahoocn
Received 8 February 2013 Accepted 22 March 2013
Academic Editor Xiaoyu Song
Copyright copy 2013 Ning Zhou et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited
This work presents an efficient solution using computer algebra system to perform linear temporal properties verification forsynchronous digital systems The method is essentially based on both Groebner bases approaches and symbolic simulation Amechanism for constructing canonical polynomial set based symbolic representations for both circuit descriptions and assertionsis studied We then present a complete checking algorithm framework based on these algebraic representations by using Groebnerbases The computational experience result in this work shows that the algebraic approach is a quite competitive checking methodand will be a useful supplement to the existent verification methods based on simulation
1 Introduction
With the complexity of circuits increases it becomes animportant issue to find efficient ways to express and verifydesign properties Actually verification is a very difficultand computationally intensive task Although great advanceshave been made over the past decades all these verificationmethods suffer from this problem in some way
Currently assertion based verification (ABV) hasemerged as a promising solution for this problem Inparticularly an assertion specifying language namedProperty Specification Language (PSL) [1ndash3] has nowbecome an IEEE standard and accepted by a wide variety ofcompanies PSL has totally changed the way how designersspecify and verify functional requirements and properties ofdigital systems Moreover PSL based ABV has recently beensupported by most EDA companies in their tools for bothformal and runtime verification
So far there have been many efforts in assertion checkingsolvers including model checking theorem proving (egHOL [4]) and runtime verification In [5] an efficient
approach to model check safety properties expressed in PSLproperty has been studied While in [6] a temporal testerwas introduced as a compositional basis for the constructionof automata corresponding to temporal formulas in the PSLlogic for PSL assertion run-time checking
As well known the conventional simulation for assertionchecking is a well-understood and the most commonly usedtechnique but only feasible for very small scale systemsand cannot provide exhaustive checking while symbolicsimulation proposed by Darringer [7] as early as 1979 canprovide exhaustive checking by covering many conditionswith a single simulation sequence but could not handle largecircuits due to exponential symbolic expressions
In our work to address this functional verification chal-lenge we propose an alternative implementation mechanismbased on algebra symbolic computation combining withsymbolic simulation for PSL assertion checking
Earlier work in applications of symbolic manipulationand algebra computation has gained significant extensionsand improvements In [8] a technique framework on Groeb-ner bases was demonstrated that computer algebra geometry
2 Journal of Applied Mathematics
method can be used to perform symbolic model checking byusing an encoding of boolean sets as the common zeros of setsof polynomials In [9] a similar technique framework basedWursquos Method has been further extended to bit level symbolicmodel checking In [10] an improved framework for multi-valued model checking via Groebner bases approached wasproposed which is based on a canonical polynomial repre-sentation of the multivalued logics
All these existing articles just mainly focus on modelchecking via algebraic symbolic computation approaches Inour research instead of static analysis or model checkingwe extend this algebraic approach to the area of simulation-based runtime verification methods over polynomial repre-sentation models and towards PSL assertions checking
Our aim is to verify a given temporal property holds ornot on the traces produced after several cycles running overa given sequential circuit model
The idea is that for any pure combinational circuitmodelwe can derive its data-flow-based polynomial representationnamed PM Meanwhile for any sequential circuit modeland a given running cycle number 119899 we can also deriveits equivalent polynomial representation PM[119899] by unrollingthis sequential circuit 119899 times and translating it into a purecombinationalmodel In a similar way we can get polynomialset representation PS for any temporal assertion
By suitable restrictions of Boolean and SERE temporallayer of PSL and redefining a hierarchy of PSL assertionswe can guarantee the availability of above polynomial setmodel Based on these polynomial set models symbolicsimulation can be performed to produce symbolic traces andtemporal relationship constraints of signal variables as wellWe then apply symbolic algebra approach to check the zerosset inclusion relationship between their polynomials PM[119899]and PS and determine whether the temporal assertion holdsor not under current running cycle 119899
2 Preliminaries
In this section we will give some preliminary knowledgethroughout this paper
21 Cycle-Based Symbolic Simulation We will firstly sketchthe underlying systemmodel for simulation used in ourwork
The system model we used is a cycle-based symbolicsimulation model that is performed on a cycle-by-cycle basisfor synchronous digital systems
Here the term cycle is defined as one iteration of theevaluation process during which the state of the design isrecomputed and may change In other words a cycle is thesmallest granularity of time
Intuitively cycle-based symbolic simulation is a hybridapproach in the sense that the values that are propagatedthrough the network can be both symbolic expressions orconstant Boolean values It assumes that there exists oneunified clock signal in the circuit and all inputs of the systemsremain unchanged while evaluating their values in eachsimulation cycle The results of simulation report only thefinal values of the output signals or states in the currentsimulation cycle
By convention we give the model structure definition forsymbolic simulation as follows
Definition 1 (simulation model) The symbolic SimulationModel for synchronous digital system is a tuple Σ =
(1198830 119883 119884119872 119878 119865 119899) where
(i) 1198830is a finite set of input assignment including
numeric value and symbolic value Boolean or inte-ger
(ii) 119883 is a finite set of primary input variables
(iii) 119884 = 119910119894| 1 le 119894 le 119873
119884 is a finite set of primary output
variables
(iv) 119872 = 119898119894| 1 le 119894 le 119873
119872 is a finite set of intermediate
variables
(v) 119899 is the sequential depth of the network or runningcycles
(vi) 119865 = 1199101 1199102 119910
119898 is a finite output function
regarding input or intermediate variables and notethat each 119910
119894= 119891119894(1199091 1199092 119909
119899 ) (1 le 119894 le 119899) is
defined on119883⋃119872
Given sequential depth 119899 of the network a synchronoussequential logic network can be transformed into a purecombinational function of delayed input variables with delayless than or equal to 119899 that is
119884 = 119865 (1198831198831 1198831198991198721198721 119872119899) (1)
The behavior of a circuit is defined by its excitationfunction 119884 that serves a role similar to the transition relationor next-state functions of temporal logic model checkers
The simulation process can be described as followsFirstly cycle-based symbolic simulation is initialized by
setting the state of the circuit to the initial vector (1198830)
Each of the primary input signals will be assigned a distinctsymbolic variable or a symbolic constant Then at the endof a simulation step the expressions representing the next-state functions generally undergo a parametric transforma-tion based optimization After parameterization the newlygenerated functions are used as present state for the next stateof simulation
In this paper simulation based verification is to checkwhether the given assertion is satisfied or not after runninga few cycles
22 PSL Preliminary PSL is a hierarchical language andits syntax is very declarative and structural Generally PSLcontains four layers Boolean temporal verification andmodeling layers
(i) Modeling Layer Modeling layer is needed to define theverification environment specially for formal verificationtools This layer is used to model behavior of design inputsand to model auxiliary parts of the design that are needed forverification
Journal of Applied Mathematics 3
(ii) Verification Layer Verification layer is more related to thedescription of verification tools where notions like assumeand guarantee are present This layer is used to tell theverification tool what to do with the properties described bythe temporal layer
(iii) Temporal Layer Temporal layer is the essence of PSLwhere complex temporal relations between signals can beexpressed This layer can describe properties that involvecomplex temporal relations which are evaluated over a seriesof evaluation cycles
(iv) Boolean Layer Boolean layer is used to build expressionsfor the other layers specifically the temporal layer Booleanexpressions are evaluated in a single evaluation cycle
PSL allows the engineer to define assertions describingthe systemrsquos behavior once and reuse them between differentforms of formal semiformal or functional verification WithPSL it is possible to perform assertion based runtime verifi-cations of the design while simulation properties are checked
According to PSL specification [1 3 11] every assertionwritten in PSL can be broken down into parts that can beattributed to one of those four layers
The Boolean layer comprises all Boolean expressionsincluding signal names as well as HDL expressions and PSLexpressions (especially all built-in function calls like eg119901119903119890V(119887) and 119903119900119904119890(119887) and the logical implication and otheroperators)
The Boolean layer forms an underlying basis for thewhole assertion architecture In this paper we will limitour discussion only to a special subset of the Boolean layerfor our purpose We then further build a restricted simplesubset of SERE layer for temporal property specification andverification over this constrained Boolean layer
3 System Polynomial Representation Model
In this section we will discuss polynomial modeling forcombinational and sequential circuits Previous work [12]has shown that any combinational circuit can be uniquelyrepresented by a minimum order polynomial Here we givean alternative data-flow based polynomial set representationmodel for our assertions checking purposewhose zero set canmake such a data-flow model work well
31 Arithmetic and Logic Unit Modeling In this paper weonly focus on arithmetic unit for calculating fixed-point oper-ations For any arithmetic unit integer arithmetic operations(addition subtraction multiplication and division) can beconstructed by the following polynomials
(1) 119910 = 119886 + 119887 rArr (119910 minus 119886 minus 119887)
(2) 119910 = 119886 minus 119887 rArr (119910 minus 119886 + 119887)
(3) 119910 = 119886 lowast 119887 rArr (119910 minus 119886 lowast 119887)
(4) 119910 = 119886119887 rArr (119910 lowast 119887 minus 119886)
The basic logic operations [13] like ldquoANDrdquo ldquoORrdquo andldquoNOTrdquo can be modeled by the following forms
119910 = 119873119874119879 119909 997904rArr (1 minus 119909 minus 119910)
119910 = 1199091119860119873119863 119909
2997904rArr (119909
1lowast 1199092minus 119910)
119910 = 1199091119874119877 119909
2997904rArr (119909
1+ 1199092minus 1199091lowast 1199092minus 119910)
(2)
Furthermore we can extend the above rule to other logicoperators For example
119910 = 1199091oplus 1199092(or 119910 = 119909
1XOR 119909
2)rArr (119910 minus (119909
1+ 1199092minus
1199091lowast 1199092) lowast (1 minus 119909
1lowast 1199092))
For all bit level variable 119909119894(0 le 119894 le 119899) a limitation 119909
119894lowast
119909119894minus 119909119894should be added
32 Branch and Sequential Unit Modeling Basically mul-tiway branch is an important control structure in digitalsystem It provides a set of condition bits 119887119894 (0 le 119894 le 119861) aset of target identifiers (0 119879 minus 1) and a mapping fromcondition bit values to target identifiers This mapping takesthe form of a condition tree For any binary signal 119909 its valueshould be limited to 1 0 by adding 119909 lowast 119909 minus 119909
119910 = MUX (1199090 1199091 119909
119899 119904) 119894 = 119904 997904rArr 119910 = 119909
119894
(0 le 119894 le 119899) 997904rArr 119910 minus
119899minus1
sum
119894=1
( prod
119895isin01119899minus1119894
(
(119904 minus 119895)
(119894 minus 119895)
))
lowast 119909119894 with
119899minus1
prod
119894=0
(119904 minus 119894) = 0
(3)
Each flip-flop (FF) in the circuit can be modeled as amultiplexer as illustrated in Figure 1 We have the followingproposition to state this model
Proposition 2 For a 119863 FF model (1198631015840 is the next state) withan enable signal 119888 its equivalent combinational formal is 1199101015840 =MUX(1198631198631015840 119904) 119894 = 119904 rarr 119910
1015840= 119909119894(0 le 119894 lt 2 119909
0= 119863 119909
1=
1198631015840) whose polynomial algebraic model can be described as
(1199101015840minus 119863) lowast (119888 minus 1) (119910
1015840minus 1198631015840) lowast 119888
(1199101015840minus 119863) lowast (119910
1015840minus 1198631015840)
119900119903
1199101015840minus 119863 lowast (119888 minus 1) minus 119863
1015840lowast 119888
(4)
Proof Let 119863 be the current state and let 1199101015840 denote the nextstate of the flip-flopWhen the clock value is 01199101015840 has the samevalue as119863 so that the FFmaintains its present state when theclock value is 1 1199101015840 takes a new value from the1198631015840 input (where1198631015840 denotes the new value next state of the FF) Therefore we
have the 2-value multiway branch model and its polynomialset representation for FF
Proposition 3 Let 119863 be a FF model (1198631015840 is the next state)without enable signal then its equivalent combinational formalpolynomial algebraic model can be described as (1199101015840 minus 119863)
4 Journal of Applied Mathematics
FF119863119863
119888 119888
119863998400
119863998400
0
1119910998400
Figure 1 Flip-flop model
33 Sequential Unrolling Generally for a sequential circuitone time frame of a sequential circuit is viewed as a combi-national circuit in which each flip-flop will be converted intotwo corresponding signals a pseudo primary input (PPI) anda pseudo primary output (PPO)
Symbolical simulation of a sequential circuit for 119899 cyclescan be regarded as unrolling the circuit 119899 timesThe unrolledcircuit is still a pure combinational circuit and the ith copy ofthe circuit represents the circuit at cycle 119894 Thus the unrolledcircuit contains all the symbolic results from the 119899 cycles
To illustrate the sequential modeling for a given cyclenumber clearly we define an indexed polynomial set represen-tation for the ith cycle
For example PM[119894] is defined as follows PM[119894] = (1199091[119894]minus
1198982[119894]minus 1199103[119894]) where 1199091 denotes signal variable name
while 1199091[119894]
denotes variable state in ith simulation cycleIf the given running cycle is 119899 then we have the systemrepresentation PM = ⋃
119899
119894=0PM[119894]
Let 119909119894[119897](0 le 119894 le 119903) denote the input signals for the lth
clock let 119898119894[119897](0 le 119894 le 119904) denote the intermediate signals
and let 119910119894[119897](0 le 119894 le 119905) denote the output signals We
then have the following time frame expansion model for thesequential circuit
FM =
119899
⋃
119894=0
FM [119894] (5)
where FM[119894] = C(1199091[119894] 1198981
[119894] 1198981
[119894] 1199091
[119894+1]
1198981[119894+1] 1199101
[119894+1] ) denotes the ith time frame model
Time frame expansion is achieved by connecting thePPIs (eg 1199091
[119894+1]from FM[119894 + 1]) of the time frame to the
corresponding PPOs (1199091[119894+1]
from FM[119894]) of the previoustime frame
34 Sequence Operator Modeling In this paper only a so-called simple subset of PSL will be considered which sub-sumes the properties in which time advances monotonicallyfrom left to right through the property if an entity (a BooleanExpression or a SERE) needs to be evaluated at a given timeall other entities right of it do so far not need to be knownMany properties not in the simple subset can be rewritten bythe simple subset The most properties to be verified can beexpressed within the bounds of the simple subset
For SEREs only the following features are supported byour modeling method
(1) standard Boolean expressions(2) fixed length Kleene closure(3) SERE concatenation(4) SERE fusion
(5) SERE disjunction(6) length-matching SERE conjunctionBy the constrained simple subset of PSL the user can
specify a safety property using only nonnegated weak oper-ators Intuitively a safety property is used to ensure thatldquosomething bad does not happenrdquo which is important informal verification Because safety properties are easier toverify this approach is only able to deal with safety properties
(1) Next OperatorIt indicates that the property will hold if its operandholds at the next cycle For example
assert (119903119890119902minus gt 119899119890119909119905 119886119888119896) (6)
states that if signal 119903119890119902 is asserted then 119886119888119896 will beasserted at next cyclerArr N119894(119903119890119902) and N119894+1(119886119888119896)
(2) Semicolons OperatorSemicolons operator a semicolon() is used to jointwo SEREs (or twoAL expressions or aAL expressionand a SERE) in such a way that the right-hand SEREstarts the cycle after the left-hand SERE endsFor example 119866 = assert (119903119890119902 119886119888119896) states that whensignal 119903119890119902 is asserted then 119886119888119896 will be asserted at nextcyclerArr N119894(119903119890119902) and N119894+1(119886119888119896)hArr N119894(119903119890119902 is 119867) andN119894+1(119886119888119896 is119867)where (0 le 119894 le 119889119890119901(119866))
(3) Fusion OperatorThe fusion operator a colon () is used to join twoSEREs (or twoAL expressions or aAL expression anda SERE) in such a way that there is a single cycle ofoverlap between them the right-hand SERE just startsthe same cycle that the left-hand SERE endsFor example 119866 = assert always (119903119890119902 119886119888119896 119892119899119905)states that when signal 119903119890119902 is asserted then 119886119888119896 and119892119899119905 will be asserted at next cyclerArrN119894(119903119890119902 is 119867) andN119894(119886119888119896 is119867) andN119894+1(119892119899119905 is119867)where (0 le 119894 le 119889119890119901(119866))
(4) Repeat OperatorRepeat operators allow the user to build more sophis-ticated SEREs using variations on the SERE repeti-tion operators [lowast119899] [= 119899] and so forth Consecutiverepetition operators provide a shortcut to typing thesame sub-SERE a number of timesIn this paper we only consider fixed times repeatoperator [= 119899]For example 119866 = assert (119903119890119902[119899] 119886119888119896) states thatwhen signal 119903119890119902 is asserted 119899 times then 119886119888119896 will beasserted at next cycle We then haverArr N1(119903119890119902 is119867) and sdot sdot sdot and N119899(119903119890119902 is119867)and N119899+1(119886119888119896 is119867)
Journal of Applied Mathematics 5
(1) DecompositionSERE property Common sequence set
(3) Reduction (2) UnrollingFlat sequence
(4) AlgebraizationPropositional formulas
Polynomial set
Figure 2 Algebraization steps of SEREs
4 Translation of SERE
In this section we will mainly discuss the hierarchicalmodeling method of SERE The temporal layer containsldquoSequential Extended Regular Expressionsrdquo (SEREs) whichallow describing the relation between Boolean layer expres-sions over time
Firstly we discuss the general algebraization process ofSERE from a symbolic computation point of view
41 Algebraization Process The algebraization process ofSERE properties can be demonstrated in Figure 2 The prop-erties written in SERE will be unrolled and checked againstthe design for bounded time steps in our method Note thatonly a constrained subset of SERE can be supported by ourmethod (unspecified upper bound time range and first-matchoperator are excluded)
Firstly we translate the properties described by theconstrained subset of SERE into flat sequences according tothe semantics of each supported operator
Secondly the unrolled flat sequences will be addedtemporal constraints to form proportional formulas withlogical connectives (or and and not)
Finally the resulted proportional formulas will be trans-lated into equivalent polynomial set
In summary the verification problem is reduced toproving zero set inclusion relationship which can be resolvedby Groebner bases approaches
42 Boolean LayerModeling ThePSLBoolean layer forms anunderlying basis for the whole assertion architecture In thispaper we limit our discussion only to the Boolean layer anda special constrained subset of it
While the Boolean layer consists of Boolean expressionsthat hold or do not hold at a given cycle the temporal layerprovides a way to describe relationships between Booleanexpressions over time
In this paper we distinguish between signal logic andBoolean proposition logic
Therefore we have the following two definitions
Definition 4 (signal logic) In digital circuit systems signallogic (SL for short) is defined as follows
(i) if a signal 119904 is active-high (H for short) then its signalvalue is defined as 1
(ii) if a signal 119904 is active-low (L for short) then its signalvalue is defined as 0
(iii) if a signal 119904 is assigned a symbolic value then its signalvalue is defined as 119880
Definition 5 (symbolic trajectory logic) The definition oftrajectory evaluation logic (TEL) is extended as the followinggrammar
119891 = 119899 is 0 | 119899 is 1 | 119908 is N | 1198911and 119891
2| 119875 997888rarr 119891 | N (119891)
(7)
where ldquoisrdquo is used to state the value of a Boolean or word-levelnode in the circuit Defined recursively over 119881 where 119901 is aBoolean expression over 119881 119899 is a node or variable name 1198911198911 1198912are TEL formulas N is the next-time operator
For example a symbolic trajectory assertion assume119881 =119886 then [(in is 119886) and N(true) =rArrN(out is 119886)]
Let numeric subscript denote time framenumber for eachvariable then we have in
[0]is 119886 out
[1]is 119886
In this paper all temporal operators in PSL SEREsspecification will be modeled by next operator N
We will introduce a notion of symbolic constant to PSLinspired from GSTE [14]
Definition 6 (symbolic constant) A symbolic constant [14] isa rigid Boolean or integer variable that forever holds the sameboolean valueThe notion of symbolic constant is introducedin an assertion for two purposes
(1) to encode an arbitrary Boolean constraints among aset of circuit nodes in a parametric form
(2) to encode all possible scalar values for a set of nodes
Consider 119886119904119904119890119903119905119894119900119899 (119903119890119902 is 119867) and (119886119888119896 is 119867) as anexample According to our definitions 119903119890119902 and 119886119888119896 aresignals belonging to signal logic while both (119903119890119902 is 119867) and(119886119888119896 is 119867) themselves are of assertion logic
Here we provide a formal syntax definition for assertionproposition logic namely Assertion Boolean Logic
If 1199091 1199092 119898 and 119899 are of SL then we have 119909
1= 1199092 119898 =
1199091amp 1199092 119898 = 119909
11199092 119898 = 119909
2 and (119898 = 119909
1) and (119899 = 119909
2) are
all of valid AL and can also be verified by using polynomialmodel
Definition 7 (assertion Boolean logic layer syntax) If 119886 isin SLand 119867 isin BC then 119886 = 119867 is an atom Boolean formula[119860119905119900119898 119861119900119900119897119890119886119899 119865119900119903119898119906119897119886]
Built-in functions 119904119905119886119887119897119890() 119903119900119904119890() 119891119890119897119897() 119894119904119906119899119896119899119900119908119899()119900119899119890ℎ119900119905() and 119900119899119890ℎ1199001199050() are of atom Boolean formulas
If 119886 is an integer signal logic variable (denoted by 119886 isin ISL)and symbolic constant 119868 isin 119868119862 then 119886 = 119868 is also an atomBoolean formula [119860119905119900119898119861119900119900119897119890119886119899 119865119900119903119898119906119897119886]
If 1198861and 1198862are atom Boolean formulas then
(1) 1198861amp amp 119886
2[Standard Logic ldquoANDrdquo]
(2) 1198861 1198862[Standard Logic ldquoORrdquo]
(3) 1198861[Standard Logic ldquoNOTrdquo]
(4) 1198861minus gt 119886
2[Standard Logic ldquoImplicationrdquo] are Boolean
formulas
6 Journal of Applied Mathematics
Assertion proposition logic (AL) for PSL is defined asstandard Boolean logic A Boolean expression of AL is anexpression that is evaluated in a single cycle and has the value119905119903119906119890 or 119891119886119897119904119890 Boolean connectives for AL are interpreted inthe standard
For example assertion (119886[15 0] == 119887[15 0]) given inthe Verilog flavor of PSL is a valid Boolean expression whichmeans 119886[15 0] and 119887[15 0] are equal
The state of a signal variable can be viewed as a zero of aset of polynomials We have the following
(1) For any signal 119909 holds at a given time step 119894 thus thestate of 119909 == 1 (119909 is active-high at cycle 119894) can berepresented by polynomial 119909
[119894]minus 1
(2) Alternatively the state of 119909 == 0 (119909 is active-low atcycle 119894 ) can be represented by polynomial 119909
[119894]
(3) Symbolically the state of 119909 == 119867 (119909 is active-high119867at the ith cycle) can be modeled as 119909
[119894]minus 119867
5 Algorithm Framework
In this section we will describe how an assertion is checkedusing Groebner basis approach
As we all know in traditional numeric simulation [15]PSL assertion checking process can be described as followsFirstly the design file with PSL codes is compiled into localexecutable binary code via simulation tools (such as Ques-taSim or ModelSim) The designer then provides a testbenchfile to set input values running cycles and other parametersFinally the designer performs simulation by starting ldquorunrdquocommand to produce traces for assertion checking
Firstly wewill sketch some of the key notions ofGroebnerbases theory [16 17] and symbolic computation
51 Groebner Bases Preliminary We begin by listing somegeneral facts and establishing notations
Let 119896 be an algebraically closed field and let 119896[1199091 119909
119899]
be the polynomial ring in variables 1199091 1199092 119909
119899with coeffi-
cient in 119896 under addition and multiplication of polynomialHere let 119868 sube 119896[119909
1 119909
119899] be an ideal As we all know the
following theorem holds
Theorem 8 (Hilbert basis theorem) Every ideal 119868 sub
119896[1199091 119909
119899] has a finite generating set That is 119868 = ⟨119892
1
119892119905⟩ for some 119892
1 119892
119905isin 119868
Then by the Hilbert basis theorem there exist finitelymany polynomials 119891
1 119891
119898such that 119868 = ⟨119891
1 119891
119898⟩ A
polynomial 119891 sube 119896[1199091 119909
119899] defines a map 119891 119896119899 rarr 119896 via
evaluation (1198861 119886
119899) 997891rarr 119891(119886
1 119886
119899)
The set 119881(119868) = 119886 isin 119896119899 | forall119891 isin 119868 119891(119886) = 0 sube 119896119899 is calledthe variety associated with 119868
If 1198811= 119881(119868
1) and 119881
2= 119881(119868
2) are the varieties defined
by ideals 1198681and 1198682 then we have 119881
1cap 1198812= 119881(⟨119868
1 1198682⟩) and
1198811cup1198812= 119881(119868
1times1198682) where 119868
1times1198682= ⟨11989111198912| 1198911isin 1198681 1198912isin 1198682⟩ If
1198681= ⟨1198911 119891
119903⟩ and 119868
2= ⟨ℎ1 ℎ
119904⟩ then 119868
1times1198682= ⟨119891119894times119892119895|
1 le 119894 le 119903 1 le 119895 le 119904⟩Any set of points in 119896119899 can be regarded as the variety
of some ideal Note that there will be more than one ideal
defining a given variety For example the ideals ⟨1199090⟩ and
⟨1199090 11990911199090minus 1⟩ both define the variety 119881(119909
0) In order to
perform verification we need to be able to determine whentwo ideals represent the same set of points That is to say weneed a canonical representation for any ideal Groebner basescan be used for this purpose
Definition 9 (Groebner basis) Fix a monomial order A finitesubset 119866 = 119892
1 119892
119905 of an ideal 119868 is said to be a Groebner
basis (or standard basis) if ⟨119871119879(1198921) 119871119879(119892
119905)⟩ = ⟨119871119879(119868)⟩
Equivalently but more informally a set 1198921 119892
119905 sub 119868
is a Groebner basis of 119868 if and only if the leading term of anyelement of 119868 is divisible by one of the 119871119879(119892
119894)
In work [18] Buchberger provided an algorithm for con-structing a Groebner basis for a given ideal This algorithmcan also be used to determine whether a polynomial belongsto a given ideal
A reduced Groebner basis 119866 is a Groebner basis wherethe leading coefficients of polynomials in 119866 are all 1 and nomonomial of an element of119866 lies in the ideal generated by theleading terms of other elements of 119866 forall119892 isin 119866 no monomialof 119892 is in ⟨119871119879(119866 minus 119892)⟩
The important result is that for a fixed monomial order-ing any nonzero ideal has a unique reduced Groebner basisThe algorithm for finding a Groebner basis can easily beextended to output its reduced Groebner basis Thus we willhave a canonical symbolic representation for any ideal
Theorem 10 (the elimination theorem) Let 119868 sub 119896[1199091 119909
119899]
be an ideal and let 119866 be a Groebner basis of 119868 with respect tolex order where 119909
1≻ 1199092≻ sdot sdot sdot ≻ 119909
119899 Then for every 0 le 119897 le 119899
the set
119866119897= 119866 cap 119896 [119909
119897+1 119909
119899] (8)
is a Groebner basis of the lth elimination ideal 119868119897
Theorem 11 Let 119866 be a Groebner basis for an ideal 119868 sub
119896[1199091 119909
119899] and let 119891 isin 119896[119909
1 119909
119899] Then 119891 isin 119868 if and
only if the remainder on division of 119891 by 119866 is zero denoted by119903119890119898119889(119891 119866) = 0
The property given in Theorem 11 can also be taken asthe definition of a Groebner basis Then we will get anefficient algorithm for solving the idealmembership problemAssumed that we know a Groebner basis 119866 for the ideal inquestion we only need to compute a remainder with respectto 119866 to determine whether 119891 isin 119868
52 Verification Principle Based Theorem Proving As justmentioned in previous section our checking method isbased on algebraic geometry theory Algebraic geometry isthe study of the geometric objects arising as the commonzeros of collections of polynomials Our aim is to findpolynomials whose zeros correspond to system states inwhich the appropriate assignments are made
In our method we regard any set of points in 119896119899 as thevariety of some ideal We can use the ideal or any basis forthe ideal as a way of encoding the set of statesThe verification
Journal of Applied Mathematics 7
problem is then transformed into ideal membership problemthat can be solved by computation algorithms
From Groebner Bases theory [16 18] every nonzero ideal119868 sub 119896[119909
1 119909
119899] has a Groebner basis and the following
proposition evidently holds
Proposition 12 Let 119862 and 119878 be polynomial sets of119896[1199091 119909
119899] and ⟨119866119878⟩ is a Groebner basis for ⟨119878⟩ then
one has ⟨119862⟩ sube ⟨119878⟩ hArr forall119888 isin 119862 119903119890119898119889(119888 119866119878) = 0
All supported SEREs properties can be classified into twocategories
(1) Implication-typed Properties of this type have anexplicit antecedent that can be taken as an initialprecondition If the precondition is conflict withthe system model this property will be viewed asfalse Otherwise further checking process will beperformed
(2) Sequence-typed Properties of this type have noexplicit antecedent and therefore an initial conditionshould be provided by the testbench If the pre-condition is in conflict with the system model thissequence property will also be viewed as false Oth-erwise further checking process will be performed
Theorem 13 Suppose that 119866 (If 119866 = [119860 rArr 119862] is animplication-typed property then 119860 denotes the antecedentotherwise 119866 is a sequence-typed property then 119860 is theprecondition) and 119872 is a system model Let 119875119860 and PM bethe polynomial set representations for 119860 and 119872 respectivelyconstructed by previous mentioned rules Let119867 = 119875119860 cup PM =
ℎ1 ℎ2 ℎ
119904 sube 119896[119909
1 119909
119899] 119868 = ⟨119867⟩ (where ⟨119867⟩ denotes
the ideal generated by119867) 1198881 1198882 119888
119903 denotes the polynomial
set representation for 119862 119866119861119867= 119892119887119886119904119894119904(119867 ≺) then one has
((1 notin 119866119861119867) and 119903119890119898119889 (119862 119866119861
119867) == 0)
hArr ((1 notin 119866119861119867) and ⋀119903
119894=0(119903119890119898119889 (119888
119894 119866119861119867) == 0))
hArr (119872 |= 119866)
Proof By Hilbertrsquos Nullstellensatz theory and previouslymentioned notions it is easy to have the conclusion
53 Checking Algorithm For a practical assertion checkingprocess it needs to build complicated syntax analysis treefor a given assertion and call the basic checking functions toperform checking For simplicity we only provide the coredecision algorithms and the basic process flow
Firstly the original circuit is sliced with respect to thegiven assertion119866 Polynomial representation for sliced circuitmodel antecedent and consequent will then be built respec-tively Finally we calculate the hypothesis set and itsGroebnerbases to determine whether the assertion holds or not
From the above discussion we have the process steps anddetailed algorithm description in Algorithm 1
An important advantage of our algorithm is that it onlyrequires a comparatively small amount of state variables toverify a given assertion due to slicing reduction
Input Circuit model C an assertion 119866 = [ArArr C]Output Boolean true or falseBEGIN
lowast Step 0 initialize input signals via testbench lowast(0) 119868119899119894119905119878119894119892119899119886119897119904(
997888rarr
1198830)
(1) S = 0M = 0 119875119878119860= 0119867 = 0 119875119878
119862= 0
lowast Step 1 build polynomial model lowast(2) M = 119861119906119894119897119889119875119878(S)
lowast Step 3 build polynomial set for antecedentAlowast(3) 119875119878A = 119861119906119894119897119889119875119878(A)
lowast Step 3 build polynomial set for consequentClowast(4) 119875119878C = 119861119906119894119897119889119875119878(C)
lowast Step 4 calculate the 119875119878A cupMlowast(5) 119867 = 119875119878A cupM
lowast Step 5 calculate the Groebner base of ⟨119867⟩ lowast(6) 119866119861
119867= 119892119887119886119904119894119904(119867 ≺)
lowast Step 6 calculate the Groebner base of ⟨119867⟩ lowast(7) if(1 isin 119866119861
119867)
(8) return false (9) if(119903119890119898119889(119875119878C 119866119861119867) = 0)(10) return false (11) return 119905119903119906119890 lowast Assertion does hold lowastEND
Algorithm 1 Assertion checking 119860119904119904119862ℎ119896 (C 119866)
From the above discussion we have the process steps anddetailed algorithm description in Algorithm 2
Firstly the original circuit is transformed into a normalpolynomial representation and the assertion as well ThencalculateGroebner bases using the Buchberger algorithm [19]and their elimination ideals Finally examine the relationbetween elimination ideals and determine whether the asser-tion holds or not
6 A Case Study
In this section we will study a case to show how PSL SEREproperties are verified by polynomial representation andalgebra computation
61 Circuit and PSL Modeling As an example considerthe 3-bit synchronous counter circuit C in Figure 3 whosepolynomial set can be constructed as follows In this circuitthere exists a design bug that ldquoANDrdquo gate is replaced by ldquoORrdquogate incorrectly Now let us show how to check this errorusing our symbolic algebraic method
119875119878119890119905counter
= (1199101 minus (1198981 + 1198984 minus 1198981 lowast 1198984) lowast (1 minus 1198981 lowast 1198984))
(1199102 minus (1198982 + 1198983 minus 1198982 lowast 1198983) lowast (1 minus 1198982 lowast 1198983))
(1 minus 1198983 minus 1199103) (1 minus 1198984 minus 1198983 lowast 1198982)
(11989811015840minus 1199101) (1198982
1015840minus 1199102) (1198983
1015840minus 1199103)
(9)
8 Journal of Applied Mathematics
Input Circuit model C a temporal assertion 119904 running cycles 119888119910119888119897119890119904Output Boolean true or falseBEGIN(1) 119894 = 0(2) 119904119908119894119905119888ℎ(119900119901119890119903119886119905119900119903(119904))
(3) case always (4) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(5) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(6) return false(7) 119894+ = 119889119890119901(119904)
(8) lowast end while lowast(9) case eventually(10) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(11) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(12) return true(13) 119894+ = 119889119890119901(119904)
(14) lowast end while lowast(15) lowast end case lowast(16) case never (17) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(18) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(19) return false(20) 119894+ = 119889119890119901(119904)
(21) lowast end while lowast(22) lowast end case lowast(23) deafult (24) 119903119890119905119906119903119899 119860119904119904119862ℎ119896(119862 119904 119894)(25) lowast end switch lowast(26)
END
Algorithm 2 Assertion checking 119879119890119898119901119900119903119886119897119860119904119904119862ℎ119896 (C 119904 119888119910119888119897119890119904)
where 11990911015840 denotes the next state of 1199091 For the ith cycle weuse 1199091
[119894]to denote variable name in current cycle
To illustrate the problem clearly we define polynomial setrepresentation PM[119894] for ith cycle as follows
PM [119894]
= (1199101[119894]minus(1198981
[119894]+1198984[119894]minus1198981[119894]lowast 119898) lowast (1 minus 1198981
[119894]lowast 1198984[119894]))
(1199102[119894]minus(1198982
[119894]+1198983[119894]minus1198982[119894]lowast 1198983) lowast (1minus1198982
[119894]lowast 1198983[119894]))
(1 minus 1198983[119894]minus 1199103[119894]) (1 minus 1198984
[119894]minus1198983[119894]lowast1198982[119894])
(1198981[119894+1]
minus1199101[119894]) (1198982
[119894+1]minus1199102[119894]) (1198983
[119894+1]minus1199103[119894])
(10)
Therefore we have PM = ⋃7
119894=0PM[119894]
For any boolean variable 119886 we will impose an extraconstraint 119886lowast119886minus119886Thus we should define the correspondingconstraints set as follows CNS[119894] = 119886
[119894]lowast119886[119894]minus119886[119894] for all bit-
level variables in the ith cycleIn the same manner we have CNS = ⋃7
119894=0CNS[119894]
The sequential properties of this counter circuit can bespecified by the following assertions
1198661= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867)
NOT
XOR
XOR
OR
AND
1198981
1198982
1198983
1198984
1199101
1199102
1199103
1198810
1198811
1198812
Figure 3 Synchronous counter
1198662= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867)1198663= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867) and the restmay be deduced by analogy
Journal of Applied Mathematics 9
Table 1 Polynomial representations for properties to be verified
No Precondition Expected consequent0 1198981
[0]1198982[0]1198983[0]
NACycle1 NA (1198981
[1] 1198982[1] 1198983[1]minus 1)
Cycle2 NA (1198981[2] 1198982[2]minus 11198983
[2])
Cycle3 NA (1198981[3] 1198982[3]minus 11198983
[3]minus 1)
Cycle4 NA (1198981[4]minus 11198982
[4] 1198983[4])
Cycle5 NA (1198981[5]minus 11198982
[5] 1198983[5]minus 1)
Cycle6 NA (1198981[6]minus 11198982
[6]minus 11198983
[6])
Cycle7 NA (1198981[7]minus 11198982
[7]minus 11198983
[7]minus 1)
Afterward we will demonstrate the verification processstep by step
Firstly we calculate the sequential depth and have
119889119890119901(1198661) = 2 119889119890119901(119866
2) = 2 and 119889119890119901(119866
2) = 2
Secondly to verify a given property hold or not we haveto build a system model with 8 cycles at most and check119889119890119901(119866
1) = 2 steps
The circuit model to be verified is below
SM = PM⋃CNS (11)
The properties of this counter can be specified as thefollowing PSL assertions listed in Table 1
62 Assertion Checking Using Maple We run this exampleby using Maple 13 software Before running we manuallytranslated all models into polynomials The experiment isperformed on a Computer with a 240GHz CPU (Intel i5M450) and 512MB of memory It took about 004 secondsand 081MB of memory to find this error when applyingGroebner method
[gtwith(Groebner)[gt CM = sdot sdot sdot lowast Circuit Model lowast[gt TDEG = 119905119889119890119892(
1198981[0] 1198982[0] 1198983[0] 1198984[0] 1198981[1] 1198982[1]
1198983[1] 1198984[1] 1198981[2] 1198982[2] 1198983[2] 1198984[2]
1199101[0] 1199101[1] 1199101[2] 1199102[0] 1199102[1] 1199102[2]
1199103[0] 1199103[1] 1199103[2])
[gt CGB = 119861119886119904119894119904(GTDEG)[gt 119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898(1198983
[0]minus 1CGBTDEG)
[gt 119903119890119905 = 0
As shown in maple outputs the given circuit has beenmodeled as polynomial set CM (its Groebner basis is denotedby CGB) and assertion representation as (1198983
[0]minus 1) From
the running result we have return value of 119873119900119903119898119886119897 119865119900119903119898is 0 which means CGB be divided with no remainder by(1198983[0]minus1) Thus from the previously mentioned verification
principles it is easy to conclude that the SERE assertion 1198661
holds under this circuit model after 1 cycle Other results areshown in Table 2
Table 2 Result table
Cycle no Polynomial ResultCycle1 1198981
[0] 1198982[0] 1198983[0]minus 1 119903119890119905 = 0
Cycle2 1198981[1] 1198982[1]minus 11198983
[1]119903119890119905 = 01198981
[1]fails
Cycle3 1198981[2] 1198982[2]minus 11198983
[2]minus 1 Stop
From Table 2 when checking 1198662assertion the result
119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898 (1198981[1]CGBTDEG) = 1 = 0 so that we
can conclude the assertion does not hold and theremust existsome error in the original circuitThis case is a fairly completeillustration of how our checking algorithm works
7 Conclusion
In this paper we presented a new method for constrainedSERE temporal assertions checking by combining symbolicsimulation with symbolic algebraic approaches We modi-fied the original PSL specification to adapt our verificationrequirements and rebuilt a new constrained class of booleanand temporal layer
We first introduce a notion of symbolic constant for datapath verification which can gain great state coverage forsimulation based verification This method allows users todeal with more than one state and many input combinationsat a time This advantage comes directly from the fact thatmany vectors are simulated at once using symbolic value
We then defined a constrained simple subset of SEREand proposed an practical algebraization method for eachtemporal operator For sequential circuits verification weintroduce a parameterized polynomial set modeling methodbased on time frame expansion
Our approach is based on polynomial models construc-tion for both circuits and assertions In other words symbolicsimulation is performed on data-flow model and its unrolledform in polynomial representation Our method is to even-tually translate a simulation based verification problem into apure algebraic zero set determination problem by previouslymentioned steps which can be performed on any generalsymbolic algebraic tool An experimental evaluation usingmaple has shown that the method is extremely efficient anduseful
Furthermore we can summarize the advantages of ourchecking method as follows
(1) from the real case we see that SERE properties verifi-cation can be achieved easier using symbolic algebraicthan traditional method Complex test bench or testvector is not essential for this approach
(2) this advantage comes directly from the fact that manyvectors are simulated at once using symbolic value
(3) for assertion property verification an efficient slicingreduction technique can be applied to gain perfor-mance improvement
Basically our method can be taken as a useful theoreticalinsight for verification methodology
Finally we plan to explore further tradeoffs and combinenumeric computation with symbolic simulation for boosting
10 Journal of Applied Mathematics
performance in particular and to apply this method to moreindustrial case studies
Acknowledgments
The project is supported by the National Natural Sci-ence Foundation of China under Grant no 60973147 theNatural Science Foundation of Guangxi under Grant no2011GXNSFA018154 the Science and Technology Foundationof Guangxi under Grant no 10169-1 Guangxi ScientificResearch Project no 201012MS274 andGrants (HCIC201102)of Guangxi Key Laboratory of Hybrid Computation andIC Design Analysis Open Fund The authors would like tothank their colleagues for participating in the research Theyalso appreciate the anonymous reviewers for their helpfulcomments
References
[1] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2005 2005
[2] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[3] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2010 2010 Revision of IEEE Std 1850-2005
[4] T Tuerk K Schneider and M Gordon ldquoModel checking PSLusing HOL and SMVrdquo in Proceedings of the 2nd InternationalHaifa Verification Conference on Hardware and Software Verifi-cation and Testing (HVC rsquo06) E Bin A Ziv and S Ur Eds pp1ndash15 Springer Berlin Germany 2006
[5] T Launiainen K Heljanko and T Junttila ldquoEfficient modelchecking of PSL safety propertiesrdquo IET Computers amp DigitalTechniques vol 5 no 6 pp 479ndash492 2011
[6] A Pnueli and A Zaks ldquoPSL model checking and run-timeverification via testersrdquo in Proceedings of the 14th internationalconference on Formal Methods (FM rsquo06) pp 573ndash586 2006
[7] L Darringer ldquoApplication of program verification techniquesto hardware verificationrdquo in Proceedings of IEEE-ACM DesignAutomation Conference pp 375ndash381 1979
[8] G S Avrunin ldquoSymbolic model checking using algebraicgeometryrdquo in Proceedings of the 8th International Conference onComputer Aided Verification (CAV rsquo96) pp 26ndash37 1996
[9] W Mao and J Wu ldquoApplication of Wursquos method to symbolicmodel checkingrdquo in Proceedings of the International Symposiumon Symbolic and Algebraic Computation (ISSAC rsquo05) pp 237ndash244 July 2005
[10] J Wu and L Zhao ldquoMulti-valued model checking via groebnerbasis approachrdquo in Proceedings of the 1st Joint IEEEIFIP Sympo-sium on Theoretical Aspects of Software Engineering (TASE rsquo07)pp 35ndash44 June 2007
[11] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[12] J Smith and G De Micheli ldquoPolynomial methods for compo-nent matching and verificationrdquo in Proceedings of IEEEACMInternational Conference on Computer-Aided Design (ICCADrsquo98) pp 678ndash685 November 1998
[13] Y M Ryabukhin ldquoBoolean ringrdquo in Encyclopaedia of Mathe-matics M Hazewinkel Ed Springer 2001
[14] C J H Seger and R E Bryant ldquoFormal verification by symbolicevaluation of partially-ordered trajectoriesrdquo Formal Methods inSystem Design vol 6 no 2 pp 147ndash189 1995
[15] K H Chang W T Tu Y J Yeh and S Y Kuo ldquoA simulation-based temporal assertion checker for pslrdquo in Proceedings ofIEEE International Symposium onMicro-NanoMechatronics andHuman Science pp 1528ndash1531 2003
[16] D Cox and D OrsquoShea Ideals Varieties and AlgorithmsSpringer New York NY USA 1992
[17] T Becker and V Weispfenning Groebner Bases A Computa-tional Approach to Commutative Algebra vol 141 Springer NewYork NY USA 1993
[18] B Buchberger ldquoGroebner bases an algorithmic method inpolynomial ideal theoryrdquo in Multidimensional Systems Theorypp 184ndash232 Reidel 1985
[19] D Cox J Little and D OrsquoShea Eds Ideals Varieties and Algo-rithms An Introduction to Computational Algebraic Geometryand Commutative Algebra Undergraduate Texts in Mathemat-ics Springer 3rd edition 2007
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
2 Journal of Applied Mathematics
method can be used to perform symbolic model checking byusing an encoding of boolean sets as the common zeros of setsof polynomials In [9] a similar technique framework basedWursquos Method has been further extended to bit level symbolicmodel checking In [10] an improved framework for multi-valued model checking via Groebner bases approached wasproposed which is based on a canonical polynomial repre-sentation of the multivalued logics
All these existing articles just mainly focus on modelchecking via algebraic symbolic computation approaches Inour research instead of static analysis or model checkingwe extend this algebraic approach to the area of simulation-based runtime verification methods over polynomial repre-sentation models and towards PSL assertions checking
Our aim is to verify a given temporal property holds ornot on the traces produced after several cycles running overa given sequential circuit model
The idea is that for any pure combinational circuitmodelwe can derive its data-flow-based polynomial representationnamed PM Meanwhile for any sequential circuit modeland a given running cycle number 119899 we can also deriveits equivalent polynomial representation PM[119899] by unrollingthis sequential circuit 119899 times and translating it into a purecombinationalmodel In a similar way we can get polynomialset representation PS for any temporal assertion
By suitable restrictions of Boolean and SERE temporallayer of PSL and redefining a hierarchy of PSL assertionswe can guarantee the availability of above polynomial setmodel Based on these polynomial set models symbolicsimulation can be performed to produce symbolic traces andtemporal relationship constraints of signal variables as wellWe then apply symbolic algebra approach to check the zerosset inclusion relationship between their polynomials PM[119899]and PS and determine whether the temporal assertion holdsor not under current running cycle 119899
2 Preliminaries
In this section we will give some preliminary knowledgethroughout this paper
21 Cycle-Based Symbolic Simulation We will firstly sketchthe underlying systemmodel for simulation used in ourwork
The system model we used is a cycle-based symbolicsimulation model that is performed on a cycle-by-cycle basisfor synchronous digital systems
Here the term cycle is defined as one iteration of theevaluation process during which the state of the design isrecomputed and may change In other words a cycle is thesmallest granularity of time
Intuitively cycle-based symbolic simulation is a hybridapproach in the sense that the values that are propagatedthrough the network can be both symbolic expressions orconstant Boolean values It assumes that there exists oneunified clock signal in the circuit and all inputs of the systemsremain unchanged while evaluating their values in eachsimulation cycle The results of simulation report only thefinal values of the output signals or states in the currentsimulation cycle
By convention we give the model structure definition forsymbolic simulation as follows
Definition 1 (simulation model) The symbolic SimulationModel for synchronous digital system is a tuple Σ =
(1198830 119883 119884119872 119878 119865 119899) where
(i) 1198830is a finite set of input assignment including
numeric value and symbolic value Boolean or inte-ger
(ii) 119883 is a finite set of primary input variables
(iii) 119884 = 119910119894| 1 le 119894 le 119873
119884 is a finite set of primary output
variables
(iv) 119872 = 119898119894| 1 le 119894 le 119873
119872 is a finite set of intermediate
variables
(v) 119899 is the sequential depth of the network or runningcycles
(vi) 119865 = 1199101 1199102 119910
119898 is a finite output function
regarding input or intermediate variables and notethat each 119910
119894= 119891119894(1199091 1199092 119909
119899 ) (1 le 119894 le 119899) is
defined on119883⋃119872
Given sequential depth 119899 of the network a synchronoussequential logic network can be transformed into a purecombinational function of delayed input variables with delayless than or equal to 119899 that is
119884 = 119865 (1198831198831 1198831198991198721198721 119872119899) (1)
The behavior of a circuit is defined by its excitationfunction 119884 that serves a role similar to the transition relationor next-state functions of temporal logic model checkers
The simulation process can be described as followsFirstly cycle-based symbolic simulation is initialized by
setting the state of the circuit to the initial vector (1198830)
Each of the primary input signals will be assigned a distinctsymbolic variable or a symbolic constant Then at the endof a simulation step the expressions representing the next-state functions generally undergo a parametric transforma-tion based optimization After parameterization the newlygenerated functions are used as present state for the next stateof simulation
In this paper simulation based verification is to checkwhether the given assertion is satisfied or not after runninga few cycles
22 PSL Preliminary PSL is a hierarchical language andits syntax is very declarative and structural Generally PSLcontains four layers Boolean temporal verification andmodeling layers
(i) Modeling Layer Modeling layer is needed to define theverification environment specially for formal verificationtools This layer is used to model behavior of design inputsand to model auxiliary parts of the design that are needed forverification
Journal of Applied Mathematics 3
(ii) Verification Layer Verification layer is more related to thedescription of verification tools where notions like assumeand guarantee are present This layer is used to tell theverification tool what to do with the properties described bythe temporal layer
(iii) Temporal Layer Temporal layer is the essence of PSLwhere complex temporal relations between signals can beexpressed This layer can describe properties that involvecomplex temporal relations which are evaluated over a seriesof evaluation cycles
(iv) Boolean Layer Boolean layer is used to build expressionsfor the other layers specifically the temporal layer Booleanexpressions are evaluated in a single evaluation cycle
PSL allows the engineer to define assertions describingthe systemrsquos behavior once and reuse them between differentforms of formal semiformal or functional verification WithPSL it is possible to perform assertion based runtime verifi-cations of the design while simulation properties are checked
According to PSL specification [1 3 11] every assertionwritten in PSL can be broken down into parts that can beattributed to one of those four layers
The Boolean layer comprises all Boolean expressionsincluding signal names as well as HDL expressions and PSLexpressions (especially all built-in function calls like eg119901119903119890V(119887) and 119903119900119904119890(119887) and the logical implication and otheroperators)
The Boolean layer forms an underlying basis for thewhole assertion architecture In this paper we will limitour discussion only to a special subset of the Boolean layerfor our purpose We then further build a restricted simplesubset of SERE layer for temporal property specification andverification over this constrained Boolean layer
3 System Polynomial Representation Model
In this section we will discuss polynomial modeling forcombinational and sequential circuits Previous work [12]has shown that any combinational circuit can be uniquelyrepresented by a minimum order polynomial Here we givean alternative data-flow based polynomial set representationmodel for our assertions checking purposewhose zero set canmake such a data-flow model work well
31 Arithmetic and Logic Unit Modeling In this paper weonly focus on arithmetic unit for calculating fixed-point oper-ations For any arithmetic unit integer arithmetic operations(addition subtraction multiplication and division) can beconstructed by the following polynomials
(1) 119910 = 119886 + 119887 rArr (119910 minus 119886 minus 119887)
(2) 119910 = 119886 minus 119887 rArr (119910 minus 119886 + 119887)
(3) 119910 = 119886 lowast 119887 rArr (119910 minus 119886 lowast 119887)
(4) 119910 = 119886119887 rArr (119910 lowast 119887 minus 119886)
The basic logic operations [13] like ldquoANDrdquo ldquoORrdquo andldquoNOTrdquo can be modeled by the following forms
119910 = 119873119874119879 119909 997904rArr (1 minus 119909 minus 119910)
119910 = 1199091119860119873119863 119909
2997904rArr (119909
1lowast 1199092minus 119910)
119910 = 1199091119874119877 119909
2997904rArr (119909
1+ 1199092minus 1199091lowast 1199092minus 119910)
(2)
Furthermore we can extend the above rule to other logicoperators For example
119910 = 1199091oplus 1199092(or 119910 = 119909
1XOR 119909
2)rArr (119910 minus (119909
1+ 1199092minus
1199091lowast 1199092) lowast (1 minus 119909
1lowast 1199092))
For all bit level variable 119909119894(0 le 119894 le 119899) a limitation 119909
119894lowast
119909119894minus 119909119894should be added
32 Branch and Sequential Unit Modeling Basically mul-tiway branch is an important control structure in digitalsystem It provides a set of condition bits 119887119894 (0 le 119894 le 119861) aset of target identifiers (0 119879 minus 1) and a mapping fromcondition bit values to target identifiers This mapping takesthe form of a condition tree For any binary signal 119909 its valueshould be limited to 1 0 by adding 119909 lowast 119909 minus 119909
119910 = MUX (1199090 1199091 119909
119899 119904) 119894 = 119904 997904rArr 119910 = 119909
119894
(0 le 119894 le 119899) 997904rArr 119910 minus
119899minus1
sum
119894=1
( prod
119895isin01119899minus1119894
(
(119904 minus 119895)
(119894 minus 119895)
))
lowast 119909119894 with
119899minus1
prod
119894=0
(119904 minus 119894) = 0
(3)
Each flip-flop (FF) in the circuit can be modeled as amultiplexer as illustrated in Figure 1 We have the followingproposition to state this model
Proposition 2 For a 119863 FF model (1198631015840 is the next state) withan enable signal 119888 its equivalent combinational formal is 1199101015840 =MUX(1198631198631015840 119904) 119894 = 119904 rarr 119910
1015840= 119909119894(0 le 119894 lt 2 119909
0= 119863 119909
1=
1198631015840) whose polynomial algebraic model can be described as
(1199101015840minus 119863) lowast (119888 minus 1) (119910
1015840minus 1198631015840) lowast 119888
(1199101015840minus 119863) lowast (119910
1015840minus 1198631015840)
119900119903
1199101015840minus 119863 lowast (119888 minus 1) minus 119863
1015840lowast 119888
(4)
Proof Let 119863 be the current state and let 1199101015840 denote the nextstate of the flip-flopWhen the clock value is 01199101015840 has the samevalue as119863 so that the FFmaintains its present state when theclock value is 1 1199101015840 takes a new value from the1198631015840 input (where1198631015840 denotes the new value next state of the FF) Therefore we
have the 2-value multiway branch model and its polynomialset representation for FF
Proposition 3 Let 119863 be a FF model (1198631015840 is the next state)without enable signal then its equivalent combinational formalpolynomial algebraic model can be described as (1199101015840 minus 119863)
4 Journal of Applied Mathematics
FF119863119863
119888 119888
119863998400
119863998400
0
1119910998400
Figure 1 Flip-flop model
33 Sequential Unrolling Generally for a sequential circuitone time frame of a sequential circuit is viewed as a combi-national circuit in which each flip-flop will be converted intotwo corresponding signals a pseudo primary input (PPI) anda pseudo primary output (PPO)
Symbolical simulation of a sequential circuit for 119899 cyclescan be regarded as unrolling the circuit 119899 timesThe unrolledcircuit is still a pure combinational circuit and the ith copy ofthe circuit represents the circuit at cycle 119894 Thus the unrolledcircuit contains all the symbolic results from the 119899 cycles
To illustrate the sequential modeling for a given cyclenumber clearly we define an indexed polynomial set represen-tation for the ith cycle
For example PM[119894] is defined as follows PM[119894] = (1199091[119894]minus
1198982[119894]minus 1199103[119894]) where 1199091 denotes signal variable name
while 1199091[119894]
denotes variable state in ith simulation cycleIf the given running cycle is 119899 then we have the systemrepresentation PM = ⋃
119899
119894=0PM[119894]
Let 119909119894[119897](0 le 119894 le 119903) denote the input signals for the lth
clock let 119898119894[119897](0 le 119894 le 119904) denote the intermediate signals
and let 119910119894[119897](0 le 119894 le 119905) denote the output signals We
then have the following time frame expansion model for thesequential circuit
FM =
119899
⋃
119894=0
FM [119894] (5)
where FM[119894] = C(1199091[119894] 1198981
[119894] 1198981
[119894] 1199091
[119894+1]
1198981[119894+1] 1199101
[119894+1] ) denotes the ith time frame model
Time frame expansion is achieved by connecting thePPIs (eg 1199091
[119894+1]from FM[119894 + 1]) of the time frame to the
corresponding PPOs (1199091[119894+1]
from FM[119894]) of the previoustime frame
34 Sequence Operator Modeling In this paper only a so-called simple subset of PSL will be considered which sub-sumes the properties in which time advances monotonicallyfrom left to right through the property if an entity (a BooleanExpression or a SERE) needs to be evaluated at a given timeall other entities right of it do so far not need to be knownMany properties not in the simple subset can be rewritten bythe simple subset The most properties to be verified can beexpressed within the bounds of the simple subset
For SEREs only the following features are supported byour modeling method
(1) standard Boolean expressions(2) fixed length Kleene closure(3) SERE concatenation(4) SERE fusion
(5) SERE disjunction(6) length-matching SERE conjunctionBy the constrained simple subset of PSL the user can
specify a safety property using only nonnegated weak oper-ators Intuitively a safety property is used to ensure thatldquosomething bad does not happenrdquo which is important informal verification Because safety properties are easier toverify this approach is only able to deal with safety properties
(1) Next OperatorIt indicates that the property will hold if its operandholds at the next cycle For example
assert (119903119890119902minus gt 119899119890119909119905 119886119888119896) (6)
states that if signal 119903119890119902 is asserted then 119886119888119896 will beasserted at next cyclerArr N119894(119903119890119902) and N119894+1(119886119888119896)
(2) Semicolons OperatorSemicolons operator a semicolon() is used to jointwo SEREs (or twoAL expressions or aAL expressionand a SERE) in such a way that the right-hand SEREstarts the cycle after the left-hand SERE endsFor example 119866 = assert (119903119890119902 119886119888119896) states that whensignal 119903119890119902 is asserted then 119886119888119896 will be asserted at nextcyclerArr N119894(119903119890119902) and N119894+1(119886119888119896)hArr N119894(119903119890119902 is 119867) andN119894+1(119886119888119896 is119867)where (0 le 119894 le 119889119890119901(119866))
(3) Fusion OperatorThe fusion operator a colon () is used to join twoSEREs (or twoAL expressions or aAL expression anda SERE) in such a way that there is a single cycle ofoverlap between them the right-hand SERE just startsthe same cycle that the left-hand SERE endsFor example 119866 = assert always (119903119890119902 119886119888119896 119892119899119905)states that when signal 119903119890119902 is asserted then 119886119888119896 and119892119899119905 will be asserted at next cyclerArrN119894(119903119890119902 is 119867) andN119894(119886119888119896 is119867) andN119894+1(119892119899119905 is119867)where (0 le 119894 le 119889119890119901(119866))
(4) Repeat OperatorRepeat operators allow the user to build more sophis-ticated SEREs using variations on the SERE repeti-tion operators [lowast119899] [= 119899] and so forth Consecutiverepetition operators provide a shortcut to typing thesame sub-SERE a number of timesIn this paper we only consider fixed times repeatoperator [= 119899]For example 119866 = assert (119903119890119902[119899] 119886119888119896) states thatwhen signal 119903119890119902 is asserted 119899 times then 119886119888119896 will beasserted at next cycle We then haverArr N1(119903119890119902 is119867) and sdot sdot sdot and N119899(119903119890119902 is119867)and N119899+1(119886119888119896 is119867)
Journal of Applied Mathematics 5
(1) DecompositionSERE property Common sequence set
(3) Reduction (2) UnrollingFlat sequence
(4) AlgebraizationPropositional formulas
Polynomial set
Figure 2 Algebraization steps of SEREs
4 Translation of SERE
In this section we will mainly discuss the hierarchicalmodeling method of SERE The temporal layer containsldquoSequential Extended Regular Expressionsrdquo (SEREs) whichallow describing the relation between Boolean layer expres-sions over time
Firstly we discuss the general algebraization process ofSERE from a symbolic computation point of view
41 Algebraization Process The algebraization process ofSERE properties can be demonstrated in Figure 2 The prop-erties written in SERE will be unrolled and checked againstthe design for bounded time steps in our method Note thatonly a constrained subset of SERE can be supported by ourmethod (unspecified upper bound time range and first-matchoperator are excluded)
Firstly we translate the properties described by theconstrained subset of SERE into flat sequences according tothe semantics of each supported operator
Secondly the unrolled flat sequences will be addedtemporal constraints to form proportional formulas withlogical connectives (or and and not)
Finally the resulted proportional formulas will be trans-lated into equivalent polynomial set
In summary the verification problem is reduced toproving zero set inclusion relationship which can be resolvedby Groebner bases approaches
42 Boolean LayerModeling ThePSLBoolean layer forms anunderlying basis for the whole assertion architecture In thispaper we limit our discussion only to the Boolean layer anda special constrained subset of it
While the Boolean layer consists of Boolean expressionsthat hold or do not hold at a given cycle the temporal layerprovides a way to describe relationships between Booleanexpressions over time
In this paper we distinguish between signal logic andBoolean proposition logic
Therefore we have the following two definitions
Definition 4 (signal logic) In digital circuit systems signallogic (SL for short) is defined as follows
(i) if a signal 119904 is active-high (H for short) then its signalvalue is defined as 1
(ii) if a signal 119904 is active-low (L for short) then its signalvalue is defined as 0
(iii) if a signal 119904 is assigned a symbolic value then its signalvalue is defined as 119880
Definition 5 (symbolic trajectory logic) The definition oftrajectory evaluation logic (TEL) is extended as the followinggrammar
119891 = 119899 is 0 | 119899 is 1 | 119908 is N | 1198911and 119891
2| 119875 997888rarr 119891 | N (119891)
(7)
where ldquoisrdquo is used to state the value of a Boolean or word-levelnode in the circuit Defined recursively over 119881 where 119901 is aBoolean expression over 119881 119899 is a node or variable name 1198911198911 1198912are TEL formulas N is the next-time operator
For example a symbolic trajectory assertion assume119881 =119886 then [(in is 119886) and N(true) =rArrN(out is 119886)]
Let numeric subscript denote time framenumber for eachvariable then we have in
[0]is 119886 out
[1]is 119886
In this paper all temporal operators in PSL SEREsspecification will be modeled by next operator N
We will introduce a notion of symbolic constant to PSLinspired from GSTE [14]
Definition 6 (symbolic constant) A symbolic constant [14] isa rigid Boolean or integer variable that forever holds the sameboolean valueThe notion of symbolic constant is introducedin an assertion for two purposes
(1) to encode an arbitrary Boolean constraints among aset of circuit nodes in a parametric form
(2) to encode all possible scalar values for a set of nodes
Consider 119886119904119904119890119903119905119894119900119899 (119903119890119902 is 119867) and (119886119888119896 is 119867) as anexample According to our definitions 119903119890119902 and 119886119888119896 aresignals belonging to signal logic while both (119903119890119902 is 119867) and(119886119888119896 is 119867) themselves are of assertion logic
Here we provide a formal syntax definition for assertionproposition logic namely Assertion Boolean Logic
If 1199091 1199092 119898 and 119899 are of SL then we have 119909
1= 1199092 119898 =
1199091amp 1199092 119898 = 119909
11199092 119898 = 119909
2 and (119898 = 119909
1) and (119899 = 119909
2) are
all of valid AL and can also be verified by using polynomialmodel
Definition 7 (assertion Boolean logic layer syntax) If 119886 isin SLand 119867 isin BC then 119886 = 119867 is an atom Boolean formula[119860119905119900119898 119861119900119900119897119890119886119899 119865119900119903119898119906119897119886]
Built-in functions 119904119905119886119887119897119890() 119903119900119904119890() 119891119890119897119897() 119894119904119906119899119896119899119900119908119899()119900119899119890ℎ119900119905() and 119900119899119890ℎ1199001199050() are of atom Boolean formulas
If 119886 is an integer signal logic variable (denoted by 119886 isin ISL)and symbolic constant 119868 isin 119868119862 then 119886 = 119868 is also an atomBoolean formula [119860119905119900119898119861119900119900119897119890119886119899 119865119900119903119898119906119897119886]
If 1198861and 1198862are atom Boolean formulas then
(1) 1198861amp amp 119886
2[Standard Logic ldquoANDrdquo]
(2) 1198861 1198862[Standard Logic ldquoORrdquo]
(3) 1198861[Standard Logic ldquoNOTrdquo]
(4) 1198861minus gt 119886
2[Standard Logic ldquoImplicationrdquo] are Boolean
formulas
6 Journal of Applied Mathematics
Assertion proposition logic (AL) for PSL is defined asstandard Boolean logic A Boolean expression of AL is anexpression that is evaluated in a single cycle and has the value119905119903119906119890 or 119891119886119897119904119890 Boolean connectives for AL are interpreted inthe standard
For example assertion (119886[15 0] == 119887[15 0]) given inthe Verilog flavor of PSL is a valid Boolean expression whichmeans 119886[15 0] and 119887[15 0] are equal
The state of a signal variable can be viewed as a zero of aset of polynomials We have the following
(1) For any signal 119909 holds at a given time step 119894 thus thestate of 119909 == 1 (119909 is active-high at cycle 119894) can berepresented by polynomial 119909
[119894]minus 1
(2) Alternatively the state of 119909 == 0 (119909 is active-low atcycle 119894 ) can be represented by polynomial 119909
[119894]
(3) Symbolically the state of 119909 == 119867 (119909 is active-high119867at the ith cycle) can be modeled as 119909
[119894]minus 119867
5 Algorithm Framework
In this section we will describe how an assertion is checkedusing Groebner basis approach
As we all know in traditional numeric simulation [15]PSL assertion checking process can be described as followsFirstly the design file with PSL codes is compiled into localexecutable binary code via simulation tools (such as Ques-taSim or ModelSim) The designer then provides a testbenchfile to set input values running cycles and other parametersFinally the designer performs simulation by starting ldquorunrdquocommand to produce traces for assertion checking
Firstly wewill sketch some of the key notions ofGroebnerbases theory [16 17] and symbolic computation
51 Groebner Bases Preliminary We begin by listing somegeneral facts and establishing notations
Let 119896 be an algebraically closed field and let 119896[1199091 119909
119899]
be the polynomial ring in variables 1199091 1199092 119909
119899with coeffi-
cient in 119896 under addition and multiplication of polynomialHere let 119868 sube 119896[119909
1 119909
119899] be an ideal As we all know the
following theorem holds
Theorem 8 (Hilbert basis theorem) Every ideal 119868 sub
119896[1199091 119909
119899] has a finite generating set That is 119868 = ⟨119892
1
119892119905⟩ for some 119892
1 119892
119905isin 119868
Then by the Hilbert basis theorem there exist finitelymany polynomials 119891
1 119891
119898such that 119868 = ⟨119891
1 119891
119898⟩ A
polynomial 119891 sube 119896[1199091 119909
119899] defines a map 119891 119896119899 rarr 119896 via
evaluation (1198861 119886
119899) 997891rarr 119891(119886
1 119886
119899)
The set 119881(119868) = 119886 isin 119896119899 | forall119891 isin 119868 119891(119886) = 0 sube 119896119899 is calledthe variety associated with 119868
If 1198811= 119881(119868
1) and 119881
2= 119881(119868
2) are the varieties defined
by ideals 1198681and 1198682 then we have 119881
1cap 1198812= 119881(⟨119868
1 1198682⟩) and
1198811cup1198812= 119881(119868
1times1198682) where 119868
1times1198682= ⟨11989111198912| 1198911isin 1198681 1198912isin 1198682⟩ If
1198681= ⟨1198911 119891
119903⟩ and 119868
2= ⟨ℎ1 ℎ
119904⟩ then 119868
1times1198682= ⟨119891119894times119892119895|
1 le 119894 le 119903 1 le 119895 le 119904⟩Any set of points in 119896119899 can be regarded as the variety
of some ideal Note that there will be more than one ideal
defining a given variety For example the ideals ⟨1199090⟩ and
⟨1199090 11990911199090minus 1⟩ both define the variety 119881(119909
0) In order to
perform verification we need to be able to determine whentwo ideals represent the same set of points That is to say weneed a canonical representation for any ideal Groebner basescan be used for this purpose
Definition 9 (Groebner basis) Fix a monomial order A finitesubset 119866 = 119892
1 119892
119905 of an ideal 119868 is said to be a Groebner
basis (or standard basis) if ⟨119871119879(1198921) 119871119879(119892
119905)⟩ = ⟨119871119879(119868)⟩
Equivalently but more informally a set 1198921 119892
119905 sub 119868
is a Groebner basis of 119868 if and only if the leading term of anyelement of 119868 is divisible by one of the 119871119879(119892
119894)
In work [18] Buchberger provided an algorithm for con-structing a Groebner basis for a given ideal This algorithmcan also be used to determine whether a polynomial belongsto a given ideal
A reduced Groebner basis 119866 is a Groebner basis wherethe leading coefficients of polynomials in 119866 are all 1 and nomonomial of an element of119866 lies in the ideal generated by theleading terms of other elements of 119866 forall119892 isin 119866 no monomialof 119892 is in ⟨119871119879(119866 minus 119892)⟩
The important result is that for a fixed monomial order-ing any nonzero ideal has a unique reduced Groebner basisThe algorithm for finding a Groebner basis can easily beextended to output its reduced Groebner basis Thus we willhave a canonical symbolic representation for any ideal
Theorem 10 (the elimination theorem) Let 119868 sub 119896[1199091 119909
119899]
be an ideal and let 119866 be a Groebner basis of 119868 with respect tolex order where 119909
1≻ 1199092≻ sdot sdot sdot ≻ 119909
119899 Then for every 0 le 119897 le 119899
the set
119866119897= 119866 cap 119896 [119909
119897+1 119909
119899] (8)
is a Groebner basis of the lth elimination ideal 119868119897
Theorem 11 Let 119866 be a Groebner basis for an ideal 119868 sub
119896[1199091 119909
119899] and let 119891 isin 119896[119909
1 119909
119899] Then 119891 isin 119868 if and
only if the remainder on division of 119891 by 119866 is zero denoted by119903119890119898119889(119891 119866) = 0
The property given in Theorem 11 can also be taken asthe definition of a Groebner basis Then we will get anefficient algorithm for solving the idealmembership problemAssumed that we know a Groebner basis 119866 for the ideal inquestion we only need to compute a remainder with respectto 119866 to determine whether 119891 isin 119868
52 Verification Principle Based Theorem Proving As justmentioned in previous section our checking method isbased on algebraic geometry theory Algebraic geometry isthe study of the geometric objects arising as the commonzeros of collections of polynomials Our aim is to findpolynomials whose zeros correspond to system states inwhich the appropriate assignments are made
In our method we regard any set of points in 119896119899 as thevariety of some ideal We can use the ideal or any basis forthe ideal as a way of encoding the set of statesThe verification
Journal of Applied Mathematics 7
problem is then transformed into ideal membership problemthat can be solved by computation algorithms
From Groebner Bases theory [16 18] every nonzero ideal119868 sub 119896[119909
1 119909
119899] has a Groebner basis and the following
proposition evidently holds
Proposition 12 Let 119862 and 119878 be polynomial sets of119896[1199091 119909
119899] and ⟨119866119878⟩ is a Groebner basis for ⟨119878⟩ then
one has ⟨119862⟩ sube ⟨119878⟩ hArr forall119888 isin 119862 119903119890119898119889(119888 119866119878) = 0
All supported SEREs properties can be classified into twocategories
(1) Implication-typed Properties of this type have anexplicit antecedent that can be taken as an initialprecondition If the precondition is conflict withthe system model this property will be viewed asfalse Otherwise further checking process will beperformed
(2) Sequence-typed Properties of this type have noexplicit antecedent and therefore an initial conditionshould be provided by the testbench If the pre-condition is in conflict with the system model thissequence property will also be viewed as false Oth-erwise further checking process will be performed
Theorem 13 Suppose that 119866 (If 119866 = [119860 rArr 119862] is animplication-typed property then 119860 denotes the antecedentotherwise 119866 is a sequence-typed property then 119860 is theprecondition) and 119872 is a system model Let 119875119860 and PM bethe polynomial set representations for 119860 and 119872 respectivelyconstructed by previous mentioned rules Let119867 = 119875119860 cup PM =
ℎ1 ℎ2 ℎ
119904 sube 119896[119909
1 119909
119899] 119868 = ⟨119867⟩ (where ⟨119867⟩ denotes
the ideal generated by119867) 1198881 1198882 119888
119903 denotes the polynomial
set representation for 119862 119866119861119867= 119892119887119886119904119894119904(119867 ≺) then one has
((1 notin 119866119861119867) and 119903119890119898119889 (119862 119866119861
119867) == 0)
hArr ((1 notin 119866119861119867) and ⋀119903
119894=0(119903119890119898119889 (119888
119894 119866119861119867) == 0))
hArr (119872 |= 119866)
Proof By Hilbertrsquos Nullstellensatz theory and previouslymentioned notions it is easy to have the conclusion
53 Checking Algorithm For a practical assertion checkingprocess it needs to build complicated syntax analysis treefor a given assertion and call the basic checking functions toperform checking For simplicity we only provide the coredecision algorithms and the basic process flow
Firstly the original circuit is sliced with respect to thegiven assertion119866 Polynomial representation for sliced circuitmodel antecedent and consequent will then be built respec-tively Finally we calculate the hypothesis set and itsGroebnerbases to determine whether the assertion holds or not
From the above discussion we have the process steps anddetailed algorithm description in Algorithm 1
An important advantage of our algorithm is that it onlyrequires a comparatively small amount of state variables toverify a given assertion due to slicing reduction
Input Circuit model C an assertion 119866 = [ArArr C]Output Boolean true or falseBEGIN
lowast Step 0 initialize input signals via testbench lowast(0) 119868119899119894119905119878119894119892119899119886119897119904(
997888rarr
1198830)
(1) S = 0M = 0 119875119878119860= 0119867 = 0 119875119878
119862= 0
lowast Step 1 build polynomial model lowast(2) M = 119861119906119894119897119889119875119878(S)
lowast Step 3 build polynomial set for antecedentAlowast(3) 119875119878A = 119861119906119894119897119889119875119878(A)
lowast Step 3 build polynomial set for consequentClowast(4) 119875119878C = 119861119906119894119897119889119875119878(C)
lowast Step 4 calculate the 119875119878A cupMlowast(5) 119867 = 119875119878A cupM
lowast Step 5 calculate the Groebner base of ⟨119867⟩ lowast(6) 119866119861
119867= 119892119887119886119904119894119904(119867 ≺)
lowast Step 6 calculate the Groebner base of ⟨119867⟩ lowast(7) if(1 isin 119866119861
119867)
(8) return false (9) if(119903119890119898119889(119875119878C 119866119861119867) = 0)(10) return false (11) return 119905119903119906119890 lowast Assertion does hold lowastEND
Algorithm 1 Assertion checking 119860119904119904119862ℎ119896 (C 119866)
From the above discussion we have the process steps anddetailed algorithm description in Algorithm 2
Firstly the original circuit is transformed into a normalpolynomial representation and the assertion as well ThencalculateGroebner bases using the Buchberger algorithm [19]and their elimination ideals Finally examine the relationbetween elimination ideals and determine whether the asser-tion holds or not
6 A Case Study
In this section we will study a case to show how PSL SEREproperties are verified by polynomial representation andalgebra computation
61 Circuit and PSL Modeling As an example considerthe 3-bit synchronous counter circuit C in Figure 3 whosepolynomial set can be constructed as follows In this circuitthere exists a design bug that ldquoANDrdquo gate is replaced by ldquoORrdquogate incorrectly Now let us show how to check this errorusing our symbolic algebraic method
119875119878119890119905counter
= (1199101 minus (1198981 + 1198984 minus 1198981 lowast 1198984) lowast (1 minus 1198981 lowast 1198984))
(1199102 minus (1198982 + 1198983 minus 1198982 lowast 1198983) lowast (1 minus 1198982 lowast 1198983))
(1 minus 1198983 minus 1199103) (1 minus 1198984 minus 1198983 lowast 1198982)
(11989811015840minus 1199101) (1198982
1015840minus 1199102) (1198983
1015840minus 1199103)
(9)
8 Journal of Applied Mathematics
Input Circuit model C a temporal assertion 119904 running cycles 119888119910119888119897119890119904Output Boolean true or falseBEGIN(1) 119894 = 0(2) 119904119908119894119905119888ℎ(119900119901119890119903119886119905119900119903(119904))
(3) case always (4) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(5) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(6) return false(7) 119894+ = 119889119890119901(119904)
(8) lowast end while lowast(9) case eventually(10) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(11) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(12) return true(13) 119894+ = 119889119890119901(119904)
(14) lowast end while lowast(15) lowast end case lowast(16) case never (17) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(18) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(19) return false(20) 119894+ = 119889119890119901(119904)
(21) lowast end while lowast(22) lowast end case lowast(23) deafult (24) 119903119890119905119906119903119899 119860119904119904119862ℎ119896(119862 119904 119894)(25) lowast end switch lowast(26)
END
Algorithm 2 Assertion checking 119879119890119898119901119900119903119886119897119860119904119904119862ℎ119896 (C 119904 119888119910119888119897119890119904)
where 11990911015840 denotes the next state of 1199091 For the ith cycle weuse 1199091
[119894]to denote variable name in current cycle
To illustrate the problem clearly we define polynomial setrepresentation PM[119894] for ith cycle as follows
PM [119894]
= (1199101[119894]minus(1198981
[119894]+1198984[119894]minus1198981[119894]lowast 119898) lowast (1 minus 1198981
[119894]lowast 1198984[119894]))
(1199102[119894]minus(1198982
[119894]+1198983[119894]minus1198982[119894]lowast 1198983) lowast (1minus1198982
[119894]lowast 1198983[119894]))
(1 minus 1198983[119894]minus 1199103[119894]) (1 minus 1198984
[119894]minus1198983[119894]lowast1198982[119894])
(1198981[119894+1]
minus1199101[119894]) (1198982
[119894+1]minus1199102[119894]) (1198983
[119894+1]minus1199103[119894])
(10)
Therefore we have PM = ⋃7
119894=0PM[119894]
For any boolean variable 119886 we will impose an extraconstraint 119886lowast119886minus119886Thus we should define the correspondingconstraints set as follows CNS[119894] = 119886
[119894]lowast119886[119894]minus119886[119894] for all bit-
level variables in the ith cycleIn the same manner we have CNS = ⋃7
119894=0CNS[119894]
The sequential properties of this counter circuit can bespecified by the following assertions
1198661= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867)
NOT
XOR
XOR
OR
AND
1198981
1198982
1198983
1198984
1199101
1199102
1199103
1198810
1198811
1198812
Figure 3 Synchronous counter
1198662= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867)1198663= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867) and the restmay be deduced by analogy
Journal of Applied Mathematics 9
Table 1 Polynomial representations for properties to be verified
No Precondition Expected consequent0 1198981
[0]1198982[0]1198983[0]
NACycle1 NA (1198981
[1] 1198982[1] 1198983[1]minus 1)
Cycle2 NA (1198981[2] 1198982[2]minus 11198983
[2])
Cycle3 NA (1198981[3] 1198982[3]minus 11198983
[3]minus 1)
Cycle4 NA (1198981[4]minus 11198982
[4] 1198983[4])
Cycle5 NA (1198981[5]minus 11198982
[5] 1198983[5]minus 1)
Cycle6 NA (1198981[6]minus 11198982
[6]minus 11198983
[6])
Cycle7 NA (1198981[7]minus 11198982
[7]minus 11198983
[7]minus 1)
Afterward we will demonstrate the verification processstep by step
Firstly we calculate the sequential depth and have
119889119890119901(1198661) = 2 119889119890119901(119866
2) = 2 and 119889119890119901(119866
2) = 2
Secondly to verify a given property hold or not we haveto build a system model with 8 cycles at most and check119889119890119901(119866
1) = 2 steps
The circuit model to be verified is below
SM = PM⋃CNS (11)
The properties of this counter can be specified as thefollowing PSL assertions listed in Table 1
62 Assertion Checking Using Maple We run this exampleby using Maple 13 software Before running we manuallytranslated all models into polynomials The experiment isperformed on a Computer with a 240GHz CPU (Intel i5M450) and 512MB of memory It took about 004 secondsand 081MB of memory to find this error when applyingGroebner method
[gtwith(Groebner)[gt CM = sdot sdot sdot lowast Circuit Model lowast[gt TDEG = 119905119889119890119892(
1198981[0] 1198982[0] 1198983[0] 1198984[0] 1198981[1] 1198982[1]
1198983[1] 1198984[1] 1198981[2] 1198982[2] 1198983[2] 1198984[2]
1199101[0] 1199101[1] 1199101[2] 1199102[0] 1199102[1] 1199102[2]
1199103[0] 1199103[1] 1199103[2])
[gt CGB = 119861119886119904119894119904(GTDEG)[gt 119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898(1198983
[0]minus 1CGBTDEG)
[gt 119903119890119905 = 0
As shown in maple outputs the given circuit has beenmodeled as polynomial set CM (its Groebner basis is denotedby CGB) and assertion representation as (1198983
[0]minus 1) From
the running result we have return value of 119873119900119903119898119886119897 119865119900119903119898is 0 which means CGB be divided with no remainder by(1198983[0]minus1) Thus from the previously mentioned verification
principles it is easy to conclude that the SERE assertion 1198661
holds under this circuit model after 1 cycle Other results areshown in Table 2
Table 2 Result table
Cycle no Polynomial ResultCycle1 1198981
[0] 1198982[0] 1198983[0]minus 1 119903119890119905 = 0
Cycle2 1198981[1] 1198982[1]minus 11198983
[1]119903119890119905 = 01198981
[1]fails
Cycle3 1198981[2] 1198982[2]minus 11198983
[2]minus 1 Stop
From Table 2 when checking 1198662assertion the result
119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898 (1198981[1]CGBTDEG) = 1 = 0 so that we
can conclude the assertion does not hold and theremust existsome error in the original circuitThis case is a fairly completeillustration of how our checking algorithm works
7 Conclusion
In this paper we presented a new method for constrainedSERE temporal assertions checking by combining symbolicsimulation with symbolic algebraic approaches We modi-fied the original PSL specification to adapt our verificationrequirements and rebuilt a new constrained class of booleanand temporal layer
We first introduce a notion of symbolic constant for datapath verification which can gain great state coverage forsimulation based verification This method allows users todeal with more than one state and many input combinationsat a time This advantage comes directly from the fact thatmany vectors are simulated at once using symbolic value
We then defined a constrained simple subset of SEREand proposed an practical algebraization method for eachtemporal operator For sequential circuits verification weintroduce a parameterized polynomial set modeling methodbased on time frame expansion
Our approach is based on polynomial models construc-tion for both circuits and assertions In other words symbolicsimulation is performed on data-flow model and its unrolledform in polynomial representation Our method is to even-tually translate a simulation based verification problem into apure algebraic zero set determination problem by previouslymentioned steps which can be performed on any generalsymbolic algebraic tool An experimental evaluation usingmaple has shown that the method is extremely efficient anduseful
Furthermore we can summarize the advantages of ourchecking method as follows
(1) from the real case we see that SERE properties verifi-cation can be achieved easier using symbolic algebraicthan traditional method Complex test bench or testvector is not essential for this approach
(2) this advantage comes directly from the fact that manyvectors are simulated at once using symbolic value
(3) for assertion property verification an efficient slicingreduction technique can be applied to gain perfor-mance improvement
Basically our method can be taken as a useful theoreticalinsight for verification methodology
Finally we plan to explore further tradeoffs and combinenumeric computation with symbolic simulation for boosting
10 Journal of Applied Mathematics
performance in particular and to apply this method to moreindustrial case studies
Acknowledgments
The project is supported by the National Natural Sci-ence Foundation of China under Grant no 60973147 theNatural Science Foundation of Guangxi under Grant no2011GXNSFA018154 the Science and Technology Foundationof Guangxi under Grant no 10169-1 Guangxi ScientificResearch Project no 201012MS274 andGrants (HCIC201102)of Guangxi Key Laboratory of Hybrid Computation andIC Design Analysis Open Fund The authors would like tothank their colleagues for participating in the research Theyalso appreciate the anonymous reviewers for their helpfulcomments
References
[1] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2005 2005
[2] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[3] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2010 2010 Revision of IEEE Std 1850-2005
[4] T Tuerk K Schneider and M Gordon ldquoModel checking PSLusing HOL and SMVrdquo in Proceedings of the 2nd InternationalHaifa Verification Conference on Hardware and Software Verifi-cation and Testing (HVC rsquo06) E Bin A Ziv and S Ur Eds pp1ndash15 Springer Berlin Germany 2006
[5] T Launiainen K Heljanko and T Junttila ldquoEfficient modelchecking of PSL safety propertiesrdquo IET Computers amp DigitalTechniques vol 5 no 6 pp 479ndash492 2011
[6] A Pnueli and A Zaks ldquoPSL model checking and run-timeverification via testersrdquo in Proceedings of the 14th internationalconference on Formal Methods (FM rsquo06) pp 573ndash586 2006
[7] L Darringer ldquoApplication of program verification techniquesto hardware verificationrdquo in Proceedings of IEEE-ACM DesignAutomation Conference pp 375ndash381 1979
[8] G S Avrunin ldquoSymbolic model checking using algebraicgeometryrdquo in Proceedings of the 8th International Conference onComputer Aided Verification (CAV rsquo96) pp 26ndash37 1996
[9] W Mao and J Wu ldquoApplication of Wursquos method to symbolicmodel checkingrdquo in Proceedings of the International Symposiumon Symbolic and Algebraic Computation (ISSAC rsquo05) pp 237ndash244 July 2005
[10] J Wu and L Zhao ldquoMulti-valued model checking via groebnerbasis approachrdquo in Proceedings of the 1st Joint IEEEIFIP Sympo-sium on Theoretical Aspects of Software Engineering (TASE rsquo07)pp 35ndash44 June 2007
[11] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[12] J Smith and G De Micheli ldquoPolynomial methods for compo-nent matching and verificationrdquo in Proceedings of IEEEACMInternational Conference on Computer-Aided Design (ICCADrsquo98) pp 678ndash685 November 1998
[13] Y M Ryabukhin ldquoBoolean ringrdquo in Encyclopaedia of Mathe-matics M Hazewinkel Ed Springer 2001
[14] C J H Seger and R E Bryant ldquoFormal verification by symbolicevaluation of partially-ordered trajectoriesrdquo Formal Methods inSystem Design vol 6 no 2 pp 147ndash189 1995
[15] K H Chang W T Tu Y J Yeh and S Y Kuo ldquoA simulation-based temporal assertion checker for pslrdquo in Proceedings ofIEEE International Symposium onMicro-NanoMechatronics andHuman Science pp 1528ndash1531 2003
[16] D Cox and D OrsquoShea Ideals Varieties and AlgorithmsSpringer New York NY USA 1992
[17] T Becker and V Weispfenning Groebner Bases A Computa-tional Approach to Commutative Algebra vol 141 Springer NewYork NY USA 1993
[18] B Buchberger ldquoGroebner bases an algorithmic method inpolynomial ideal theoryrdquo in Multidimensional Systems Theorypp 184ndash232 Reidel 1985
[19] D Cox J Little and D OrsquoShea Eds Ideals Varieties and Algo-rithms An Introduction to Computational Algebraic Geometryand Commutative Algebra Undergraduate Texts in Mathemat-ics Springer 3rd edition 2007
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Journal of Applied Mathematics 3
(ii) Verification Layer Verification layer is more related to thedescription of verification tools where notions like assumeand guarantee are present This layer is used to tell theverification tool what to do with the properties described bythe temporal layer
(iii) Temporal Layer Temporal layer is the essence of PSLwhere complex temporal relations between signals can beexpressed This layer can describe properties that involvecomplex temporal relations which are evaluated over a seriesof evaluation cycles
(iv) Boolean Layer Boolean layer is used to build expressionsfor the other layers specifically the temporal layer Booleanexpressions are evaluated in a single evaluation cycle
PSL allows the engineer to define assertions describingthe systemrsquos behavior once and reuse them between differentforms of formal semiformal or functional verification WithPSL it is possible to perform assertion based runtime verifi-cations of the design while simulation properties are checked
According to PSL specification [1 3 11] every assertionwritten in PSL can be broken down into parts that can beattributed to one of those four layers
The Boolean layer comprises all Boolean expressionsincluding signal names as well as HDL expressions and PSLexpressions (especially all built-in function calls like eg119901119903119890V(119887) and 119903119900119904119890(119887) and the logical implication and otheroperators)
The Boolean layer forms an underlying basis for thewhole assertion architecture In this paper we will limitour discussion only to a special subset of the Boolean layerfor our purpose We then further build a restricted simplesubset of SERE layer for temporal property specification andverification over this constrained Boolean layer
3 System Polynomial Representation Model
In this section we will discuss polynomial modeling forcombinational and sequential circuits Previous work [12]has shown that any combinational circuit can be uniquelyrepresented by a minimum order polynomial Here we givean alternative data-flow based polynomial set representationmodel for our assertions checking purposewhose zero set canmake such a data-flow model work well
31 Arithmetic and Logic Unit Modeling In this paper weonly focus on arithmetic unit for calculating fixed-point oper-ations For any arithmetic unit integer arithmetic operations(addition subtraction multiplication and division) can beconstructed by the following polynomials
(1) 119910 = 119886 + 119887 rArr (119910 minus 119886 minus 119887)
(2) 119910 = 119886 minus 119887 rArr (119910 minus 119886 + 119887)
(3) 119910 = 119886 lowast 119887 rArr (119910 minus 119886 lowast 119887)
(4) 119910 = 119886119887 rArr (119910 lowast 119887 minus 119886)
The basic logic operations [13] like ldquoANDrdquo ldquoORrdquo andldquoNOTrdquo can be modeled by the following forms
119910 = 119873119874119879 119909 997904rArr (1 minus 119909 minus 119910)
119910 = 1199091119860119873119863 119909
2997904rArr (119909
1lowast 1199092minus 119910)
119910 = 1199091119874119877 119909
2997904rArr (119909
1+ 1199092minus 1199091lowast 1199092minus 119910)
(2)
Furthermore we can extend the above rule to other logicoperators For example
119910 = 1199091oplus 1199092(or 119910 = 119909
1XOR 119909
2)rArr (119910 minus (119909
1+ 1199092minus
1199091lowast 1199092) lowast (1 minus 119909
1lowast 1199092))
For all bit level variable 119909119894(0 le 119894 le 119899) a limitation 119909
119894lowast
119909119894minus 119909119894should be added
32 Branch and Sequential Unit Modeling Basically mul-tiway branch is an important control structure in digitalsystem It provides a set of condition bits 119887119894 (0 le 119894 le 119861) aset of target identifiers (0 119879 minus 1) and a mapping fromcondition bit values to target identifiers This mapping takesthe form of a condition tree For any binary signal 119909 its valueshould be limited to 1 0 by adding 119909 lowast 119909 minus 119909
119910 = MUX (1199090 1199091 119909
119899 119904) 119894 = 119904 997904rArr 119910 = 119909
119894
(0 le 119894 le 119899) 997904rArr 119910 minus
119899minus1
sum
119894=1
( prod
119895isin01119899minus1119894
(
(119904 minus 119895)
(119894 minus 119895)
))
lowast 119909119894 with
119899minus1
prod
119894=0
(119904 minus 119894) = 0
(3)
Each flip-flop (FF) in the circuit can be modeled as amultiplexer as illustrated in Figure 1 We have the followingproposition to state this model
Proposition 2 For a 119863 FF model (1198631015840 is the next state) withan enable signal 119888 its equivalent combinational formal is 1199101015840 =MUX(1198631198631015840 119904) 119894 = 119904 rarr 119910
1015840= 119909119894(0 le 119894 lt 2 119909
0= 119863 119909
1=
1198631015840) whose polynomial algebraic model can be described as
(1199101015840minus 119863) lowast (119888 minus 1) (119910
1015840minus 1198631015840) lowast 119888
(1199101015840minus 119863) lowast (119910
1015840minus 1198631015840)
119900119903
1199101015840minus 119863 lowast (119888 minus 1) minus 119863
1015840lowast 119888
(4)
Proof Let 119863 be the current state and let 1199101015840 denote the nextstate of the flip-flopWhen the clock value is 01199101015840 has the samevalue as119863 so that the FFmaintains its present state when theclock value is 1 1199101015840 takes a new value from the1198631015840 input (where1198631015840 denotes the new value next state of the FF) Therefore we
have the 2-value multiway branch model and its polynomialset representation for FF
Proposition 3 Let 119863 be a FF model (1198631015840 is the next state)without enable signal then its equivalent combinational formalpolynomial algebraic model can be described as (1199101015840 minus 119863)
4 Journal of Applied Mathematics
FF119863119863
119888 119888
119863998400
119863998400
0
1119910998400
Figure 1 Flip-flop model
33 Sequential Unrolling Generally for a sequential circuitone time frame of a sequential circuit is viewed as a combi-national circuit in which each flip-flop will be converted intotwo corresponding signals a pseudo primary input (PPI) anda pseudo primary output (PPO)
Symbolical simulation of a sequential circuit for 119899 cyclescan be regarded as unrolling the circuit 119899 timesThe unrolledcircuit is still a pure combinational circuit and the ith copy ofthe circuit represents the circuit at cycle 119894 Thus the unrolledcircuit contains all the symbolic results from the 119899 cycles
To illustrate the sequential modeling for a given cyclenumber clearly we define an indexed polynomial set represen-tation for the ith cycle
For example PM[119894] is defined as follows PM[119894] = (1199091[119894]minus
1198982[119894]minus 1199103[119894]) where 1199091 denotes signal variable name
while 1199091[119894]
denotes variable state in ith simulation cycleIf the given running cycle is 119899 then we have the systemrepresentation PM = ⋃
119899
119894=0PM[119894]
Let 119909119894[119897](0 le 119894 le 119903) denote the input signals for the lth
clock let 119898119894[119897](0 le 119894 le 119904) denote the intermediate signals
and let 119910119894[119897](0 le 119894 le 119905) denote the output signals We
then have the following time frame expansion model for thesequential circuit
FM =
119899
⋃
119894=0
FM [119894] (5)
where FM[119894] = C(1199091[119894] 1198981
[119894] 1198981
[119894] 1199091
[119894+1]
1198981[119894+1] 1199101
[119894+1] ) denotes the ith time frame model
Time frame expansion is achieved by connecting thePPIs (eg 1199091
[119894+1]from FM[119894 + 1]) of the time frame to the
corresponding PPOs (1199091[119894+1]
from FM[119894]) of the previoustime frame
34 Sequence Operator Modeling In this paper only a so-called simple subset of PSL will be considered which sub-sumes the properties in which time advances monotonicallyfrom left to right through the property if an entity (a BooleanExpression or a SERE) needs to be evaluated at a given timeall other entities right of it do so far not need to be knownMany properties not in the simple subset can be rewritten bythe simple subset The most properties to be verified can beexpressed within the bounds of the simple subset
For SEREs only the following features are supported byour modeling method
(1) standard Boolean expressions(2) fixed length Kleene closure(3) SERE concatenation(4) SERE fusion
(5) SERE disjunction(6) length-matching SERE conjunctionBy the constrained simple subset of PSL the user can
specify a safety property using only nonnegated weak oper-ators Intuitively a safety property is used to ensure thatldquosomething bad does not happenrdquo which is important informal verification Because safety properties are easier toverify this approach is only able to deal with safety properties
(1) Next OperatorIt indicates that the property will hold if its operandholds at the next cycle For example
assert (119903119890119902minus gt 119899119890119909119905 119886119888119896) (6)
states that if signal 119903119890119902 is asserted then 119886119888119896 will beasserted at next cyclerArr N119894(119903119890119902) and N119894+1(119886119888119896)
(2) Semicolons OperatorSemicolons operator a semicolon() is used to jointwo SEREs (or twoAL expressions or aAL expressionand a SERE) in such a way that the right-hand SEREstarts the cycle after the left-hand SERE endsFor example 119866 = assert (119903119890119902 119886119888119896) states that whensignal 119903119890119902 is asserted then 119886119888119896 will be asserted at nextcyclerArr N119894(119903119890119902) and N119894+1(119886119888119896)hArr N119894(119903119890119902 is 119867) andN119894+1(119886119888119896 is119867)where (0 le 119894 le 119889119890119901(119866))
(3) Fusion OperatorThe fusion operator a colon () is used to join twoSEREs (or twoAL expressions or aAL expression anda SERE) in such a way that there is a single cycle ofoverlap between them the right-hand SERE just startsthe same cycle that the left-hand SERE endsFor example 119866 = assert always (119903119890119902 119886119888119896 119892119899119905)states that when signal 119903119890119902 is asserted then 119886119888119896 and119892119899119905 will be asserted at next cyclerArrN119894(119903119890119902 is 119867) andN119894(119886119888119896 is119867) andN119894+1(119892119899119905 is119867)where (0 le 119894 le 119889119890119901(119866))
(4) Repeat OperatorRepeat operators allow the user to build more sophis-ticated SEREs using variations on the SERE repeti-tion operators [lowast119899] [= 119899] and so forth Consecutiverepetition operators provide a shortcut to typing thesame sub-SERE a number of timesIn this paper we only consider fixed times repeatoperator [= 119899]For example 119866 = assert (119903119890119902[119899] 119886119888119896) states thatwhen signal 119903119890119902 is asserted 119899 times then 119886119888119896 will beasserted at next cycle We then haverArr N1(119903119890119902 is119867) and sdot sdot sdot and N119899(119903119890119902 is119867)and N119899+1(119886119888119896 is119867)
Journal of Applied Mathematics 5
(1) DecompositionSERE property Common sequence set
(3) Reduction (2) UnrollingFlat sequence
(4) AlgebraizationPropositional formulas
Polynomial set
Figure 2 Algebraization steps of SEREs
4 Translation of SERE
In this section we will mainly discuss the hierarchicalmodeling method of SERE The temporal layer containsldquoSequential Extended Regular Expressionsrdquo (SEREs) whichallow describing the relation between Boolean layer expres-sions over time
Firstly we discuss the general algebraization process ofSERE from a symbolic computation point of view
41 Algebraization Process The algebraization process ofSERE properties can be demonstrated in Figure 2 The prop-erties written in SERE will be unrolled and checked againstthe design for bounded time steps in our method Note thatonly a constrained subset of SERE can be supported by ourmethod (unspecified upper bound time range and first-matchoperator are excluded)
Firstly we translate the properties described by theconstrained subset of SERE into flat sequences according tothe semantics of each supported operator
Secondly the unrolled flat sequences will be addedtemporal constraints to form proportional formulas withlogical connectives (or and and not)
Finally the resulted proportional formulas will be trans-lated into equivalent polynomial set
In summary the verification problem is reduced toproving zero set inclusion relationship which can be resolvedby Groebner bases approaches
42 Boolean LayerModeling ThePSLBoolean layer forms anunderlying basis for the whole assertion architecture In thispaper we limit our discussion only to the Boolean layer anda special constrained subset of it
While the Boolean layer consists of Boolean expressionsthat hold or do not hold at a given cycle the temporal layerprovides a way to describe relationships between Booleanexpressions over time
In this paper we distinguish between signal logic andBoolean proposition logic
Therefore we have the following two definitions
Definition 4 (signal logic) In digital circuit systems signallogic (SL for short) is defined as follows
(i) if a signal 119904 is active-high (H for short) then its signalvalue is defined as 1
(ii) if a signal 119904 is active-low (L for short) then its signalvalue is defined as 0
(iii) if a signal 119904 is assigned a symbolic value then its signalvalue is defined as 119880
Definition 5 (symbolic trajectory logic) The definition oftrajectory evaluation logic (TEL) is extended as the followinggrammar
119891 = 119899 is 0 | 119899 is 1 | 119908 is N | 1198911and 119891
2| 119875 997888rarr 119891 | N (119891)
(7)
where ldquoisrdquo is used to state the value of a Boolean or word-levelnode in the circuit Defined recursively over 119881 where 119901 is aBoolean expression over 119881 119899 is a node or variable name 1198911198911 1198912are TEL formulas N is the next-time operator
For example a symbolic trajectory assertion assume119881 =119886 then [(in is 119886) and N(true) =rArrN(out is 119886)]
Let numeric subscript denote time framenumber for eachvariable then we have in
[0]is 119886 out
[1]is 119886
In this paper all temporal operators in PSL SEREsspecification will be modeled by next operator N
We will introduce a notion of symbolic constant to PSLinspired from GSTE [14]
Definition 6 (symbolic constant) A symbolic constant [14] isa rigid Boolean or integer variable that forever holds the sameboolean valueThe notion of symbolic constant is introducedin an assertion for two purposes
(1) to encode an arbitrary Boolean constraints among aset of circuit nodes in a parametric form
(2) to encode all possible scalar values for a set of nodes
Consider 119886119904119904119890119903119905119894119900119899 (119903119890119902 is 119867) and (119886119888119896 is 119867) as anexample According to our definitions 119903119890119902 and 119886119888119896 aresignals belonging to signal logic while both (119903119890119902 is 119867) and(119886119888119896 is 119867) themselves are of assertion logic
Here we provide a formal syntax definition for assertionproposition logic namely Assertion Boolean Logic
If 1199091 1199092 119898 and 119899 are of SL then we have 119909
1= 1199092 119898 =
1199091amp 1199092 119898 = 119909
11199092 119898 = 119909
2 and (119898 = 119909
1) and (119899 = 119909
2) are
all of valid AL and can also be verified by using polynomialmodel
Definition 7 (assertion Boolean logic layer syntax) If 119886 isin SLand 119867 isin BC then 119886 = 119867 is an atom Boolean formula[119860119905119900119898 119861119900119900119897119890119886119899 119865119900119903119898119906119897119886]
Built-in functions 119904119905119886119887119897119890() 119903119900119904119890() 119891119890119897119897() 119894119904119906119899119896119899119900119908119899()119900119899119890ℎ119900119905() and 119900119899119890ℎ1199001199050() are of atom Boolean formulas
If 119886 is an integer signal logic variable (denoted by 119886 isin ISL)and symbolic constant 119868 isin 119868119862 then 119886 = 119868 is also an atomBoolean formula [119860119905119900119898119861119900119900119897119890119886119899 119865119900119903119898119906119897119886]
If 1198861and 1198862are atom Boolean formulas then
(1) 1198861amp amp 119886
2[Standard Logic ldquoANDrdquo]
(2) 1198861 1198862[Standard Logic ldquoORrdquo]
(3) 1198861[Standard Logic ldquoNOTrdquo]
(4) 1198861minus gt 119886
2[Standard Logic ldquoImplicationrdquo] are Boolean
formulas
6 Journal of Applied Mathematics
Assertion proposition logic (AL) for PSL is defined asstandard Boolean logic A Boolean expression of AL is anexpression that is evaluated in a single cycle and has the value119905119903119906119890 or 119891119886119897119904119890 Boolean connectives for AL are interpreted inthe standard
For example assertion (119886[15 0] == 119887[15 0]) given inthe Verilog flavor of PSL is a valid Boolean expression whichmeans 119886[15 0] and 119887[15 0] are equal
The state of a signal variable can be viewed as a zero of aset of polynomials We have the following
(1) For any signal 119909 holds at a given time step 119894 thus thestate of 119909 == 1 (119909 is active-high at cycle 119894) can berepresented by polynomial 119909
[119894]minus 1
(2) Alternatively the state of 119909 == 0 (119909 is active-low atcycle 119894 ) can be represented by polynomial 119909
[119894]
(3) Symbolically the state of 119909 == 119867 (119909 is active-high119867at the ith cycle) can be modeled as 119909
[119894]minus 119867
5 Algorithm Framework
In this section we will describe how an assertion is checkedusing Groebner basis approach
As we all know in traditional numeric simulation [15]PSL assertion checking process can be described as followsFirstly the design file with PSL codes is compiled into localexecutable binary code via simulation tools (such as Ques-taSim or ModelSim) The designer then provides a testbenchfile to set input values running cycles and other parametersFinally the designer performs simulation by starting ldquorunrdquocommand to produce traces for assertion checking
Firstly wewill sketch some of the key notions ofGroebnerbases theory [16 17] and symbolic computation
51 Groebner Bases Preliminary We begin by listing somegeneral facts and establishing notations
Let 119896 be an algebraically closed field and let 119896[1199091 119909
119899]
be the polynomial ring in variables 1199091 1199092 119909
119899with coeffi-
cient in 119896 under addition and multiplication of polynomialHere let 119868 sube 119896[119909
1 119909
119899] be an ideal As we all know the
following theorem holds
Theorem 8 (Hilbert basis theorem) Every ideal 119868 sub
119896[1199091 119909
119899] has a finite generating set That is 119868 = ⟨119892
1
119892119905⟩ for some 119892
1 119892
119905isin 119868
Then by the Hilbert basis theorem there exist finitelymany polynomials 119891
1 119891
119898such that 119868 = ⟨119891
1 119891
119898⟩ A
polynomial 119891 sube 119896[1199091 119909
119899] defines a map 119891 119896119899 rarr 119896 via
evaluation (1198861 119886
119899) 997891rarr 119891(119886
1 119886
119899)
The set 119881(119868) = 119886 isin 119896119899 | forall119891 isin 119868 119891(119886) = 0 sube 119896119899 is calledthe variety associated with 119868
If 1198811= 119881(119868
1) and 119881
2= 119881(119868
2) are the varieties defined
by ideals 1198681and 1198682 then we have 119881
1cap 1198812= 119881(⟨119868
1 1198682⟩) and
1198811cup1198812= 119881(119868
1times1198682) where 119868
1times1198682= ⟨11989111198912| 1198911isin 1198681 1198912isin 1198682⟩ If
1198681= ⟨1198911 119891
119903⟩ and 119868
2= ⟨ℎ1 ℎ
119904⟩ then 119868
1times1198682= ⟨119891119894times119892119895|
1 le 119894 le 119903 1 le 119895 le 119904⟩Any set of points in 119896119899 can be regarded as the variety
of some ideal Note that there will be more than one ideal
defining a given variety For example the ideals ⟨1199090⟩ and
⟨1199090 11990911199090minus 1⟩ both define the variety 119881(119909
0) In order to
perform verification we need to be able to determine whentwo ideals represent the same set of points That is to say weneed a canonical representation for any ideal Groebner basescan be used for this purpose
Definition 9 (Groebner basis) Fix a monomial order A finitesubset 119866 = 119892
1 119892
119905 of an ideal 119868 is said to be a Groebner
basis (or standard basis) if ⟨119871119879(1198921) 119871119879(119892
119905)⟩ = ⟨119871119879(119868)⟩
Equivalently but more informally a set 1198921 119892
119905 sub 119868
is a Groebner basis of 119868 if and only if the leading term of anyelement of 119868 is divisible by one of the 119871119879(119892
119894)
In work [18] Buchberger provided an algorithm for con-structing a Groebner basis for a given ideal This algorithmcan also be used to determine whether a polynomial belongsto a given ideal
A reduced Groebner basis 119866 is a Groebner basis wherethe leading coefficients of polynomials in 119866 are all 1 and nomonomial of an element of119866 lies in the ideal generated by theleading terms of other elements of 119866 forall119892 isin 119866 no monomialof 119892 is in ⟨119871119879(119866 minus 119892)⟩
The important result is that for a fixed monomial order-ing any nonzero ideal has a unique reduced Groebner basisThe algorithm for finding a Groebner basis can easily beextended to output its reduced Groebner basis Thus we willhave a canonical symbolic representation for any ideal
Theorem 10 (the elimination theorem) Let 119868 sub 119896[1199091 119909
119899]
be an ideal and let 119866 be a Groebner basis of 119868 with respect tolex order where 119909
1≻ 1199092≻ sdot sdot sdot ≻ 119909
119899 Then for every 0 le 119897 le 119899
the set
119866119897= 119866 cap 119896 [119909
119897+1 119909
119899] (8)
is a Groebner basis of the lth elimination ideal 119868119897
Theorem 11 Let 119866 be a Groebner basis for an ideal 119868 sub
119896[1199091 119909
119899] and let 119891 isin 119896[119909
1 119909
119899] Then 119891 isin 119868 if and
only if the remainder on division of 119891 by 119866 is zero denoted by119903119890119898119889(119891 119866) = 0
The property given in Theorem 11 can also be taken asthe definition of a Groebner basis Then we will get anefficient algorithm for solving the idealmembership problemAssumed that we know a Groebner basis 119866 for the ideal inquestion we only need to compute a remainder with respectto 119866 to determine whether 119891 isin 119868
52 Verification Principle Based Theorem Proving As justmentioned in previous section our checking method isbased on algebraic geometry theory Algebraic geometry isthe study of the geometric objects arising as the commonzeros of collections of polynomials Our aim is to findpolynomials whose zeros correspond to system states inwhich the appropriate assignments are made
In our method we regard any set of points in 119896119899 as thevariety of some ideal We can use the ideal or any basis forthe ideal as a way of encoding the set of statesThe verification
Journal of Applied Mathematics 7
problem is then transformed into ideal membership problemthat can be solved by computation algorithms
From Groebner Bases theory [16 18] every nonzero ideal119868 sub 119896[119909
1 119909
119899] has a Groebner basis and the following
proposition evidently holds
Proposition 12 Let 119862 and 119878 be polynomial sets of119896[1199091 119909
119899] and ⟨119866119878⟩ is a Groebner basis for ⟨119878⟩ then
one has ⟨119862⟩ sube ⟨119878⟩ hArr forall119888 isin 119862 119903119890119898119889(119888 119866119878) = 0
All supported SEREs properties can be classified into twocategories
(1) Implication-typed Properties of this type have anexplicit antecedent that can be taken as an initialprecondition If the precondition is conflict withthe system model this property will be viewed asfalse Otherwise further checking process will beperformed
(2) Sequence-typed Properties of this type have noexplicit antecedent and therefore an initial conditionshould be provided by the testbench If the pre-condition is in conflict with the system model thissequence property will also be viewed as false Oth-erwise further checking process will be performed
Theorem 13 Suppose that 119866 (If 119866 = [119860 rArr 119862] is animplication-typed property then 119860 denotes the antecedentotherwise 119866 is a sequence-typed property then 119860 is theprecondition) and 119872 is a system model Let 119875119860 and PM bethe polynomial set representations for 119860 and 119872 respectivelyconstructed by previous mentioned rules Let119867 = 119875119860 cup PM =
ℎ1 ℎ2 ℎ
119904 sube 119896[119909
1 119909
119899] 119868 = ⟨119867⟩ (where ⟨119867⟩ denotes
the ideal generated by119867) 1198881 1198882 119888
119903 denotes the polynomial
set representation for 119862 119866119861119867= 119892119887119886119904119894119904(119867 ≺) then one has
((1 notin 119866119861119867) and 119903119890119898119889 (119862 119866119861
119867) == 0)
hArr ((1 notin 119866119861119867) and ⋀119903
119894=0(119903119890119898119889 (119888
119894 119866119861119867) == 0))
hArr (119872 |= 119866)
Proof By Hilbertrsquos Nullstellensatz theory and previouslymentioned notions it is easy to have the conclusion
53 Checking Algorithm For a practical assertion checkingprocess it needs to build complicated syntax analysis treefor a given assertion and call the basic checking functions toperform checking For simplicity we only provide the coredecision algorithms and the basic process flow
Firstly the original circuit is sliced with respect to thegiven assertion119866 Polynomial representation for sliced circuitmodel antecedent and consequent will then be built respec-tively Finally we calculate the hypothesis set and itsGroebnerbases to determine whether the assertion holds or not
From the above discussion we have the process steps anddetailed algorithm description in Algorithm 1
An important advantage of our algorithm is that it onlyrequires a comparatively small amount of state variables toverify a given assertion due to slicing reduction
Input Circuit model C an assertion 119866 = [ArArr C]Output Boolean true or falseBEGIN
lowast Step 0 initialize input signals via testbench lowast(0) 119868119899119894119905119878119894119892119899119886119897119904(
997888rarr
1198830)
(1) S = 0M = 0 119875119878119860= 0119867 = 0 119875119878
119862= 0
lowast Step 1 build polynomial model lowast(2) M = 119861119906119894119897119889119875119878(S)
lowast Step 3 build polynomial set for antecedentAlowast(3) 119875119878A = 119861119906119894119897119889119875119878(A)
lowast Step 3 build polynomial set for consequentClowast(4) 119875119878C = 119861119906119894119897119889119875119878(C)
lowast Step 4 calculate the 119875119878A cupMlowast(5) 119867 = 119875119878A cupM
lowast Step 5 calculate the Groebner base of ⟨119867⟩ lowast(6) 119866119861
119867= 119892119887119886119904119894119904(119867 ≺)
lowast Step 6 calculate the Groebner base of ⟨119867⟩ lowast(7) if(1 isin 119866119861
119867)
(8) return false (9) if(119903119890119898119889(119875119878C 119866119861119867) = 0)(10) return false (11) return 119905119903119906119890 lowast Assertion does hold lowastEND
Algorithm 1 Assertion checking 119860119904119904119862ℎ119896 (C 119866)
From the above discussion we have the process steps anddetailed algorithm description in Algorithm 2
Firstly the original circuit is transformed into a normalpolynomial representation and the assertion as well ThencalculateGroebner bases using the Buchberger algorithm [19]and their elimination ideals Finally examine the relationbetween elimination ideals and determine whether the asser-tion holds or not
6 A Case Study
In this section we will study a case to show how PSL SEREproperties are verified by polynomial representation andalgebra computation
61 Circuit and PSL Modeling As an example considerthe 3-bit synchronous counter circuit C in Figure 3 whosepolynomial set can be constructed as follows In this circuitthere exists a design bug that ldquoANDrdquo gate is replaced by ldquoORrdquogate incorrectly Now let us show how to check this errorusing our symbolic algebraic method
119875119878119890119905counter
= (1199101 minus (1198981 + 1198984 minus 1198981 lowast 1198984) lowast (1 minus 1198981 lowast 1198984))
(1199102 minus (1198982 + 1198983 minus 1198982 lowast 1198983) lowast (1 minus 1198982 lowast 1198983))
(1 minus 1198983 minus 1199103) (1 minus 1198984 minus 1198983 lowast 1198982)
(11989811015840minus 1199101) (1198982
1015840minus 1199102) (1198983
1015840minus 1199103)
(9)
8 Journal of Applied Mathematics
Input Circuit model C a temporal assertion 119904 running cycles 119888119910119888119897119890119904Output Boolean true or falseBEGIN(1) 119894 = 0(2) 119904119908119894119905119888ℎ(119900119901119890119903119886119905119900119903(119904))
(3) case always (4) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(5) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(6) return false(7) 119894+ = 119889119890119901(119904)
(8) lowast end while lowast(9) case eventually(10) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(11) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(12) return true(13) 119894+ = 119889119890119901(119904)
(14) lowast end while lowast(15) lowast end case lowast(16) case never (17) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(18) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(19) return false(20) 119894+ = 119889119890119901(119904)
(21) lowast end while lowast(22) lowast end case lowast(23) deafult (24) 119903119890119905119906119903119899 119860119904119904119862ℎ119896(119862 119904 119894)(25) lowast end switch lowast(26)
END
Algorithm 2 Assertion checking 119879119890119898119901119900119903119886119897119860119904119904119862ℎ119896 (C 119904 119888119910119888119897119890119904)
where 11990911015840 denotes the next state of 1199091 For the ith cycle weuse 1199091
[119894]to denote variable name in current cycle
To illustrate the problem clearly we define polynomial setrepresentation PM[119894] for ith cycle as follows
PM [119894]
= (1199101[119894]minus(1198981
[119894]+1198984[119894]minus1198981[119894]lowast 119898) lowast (1 minus 1198981
[119894]lowast 1198984[119894]))
(1199102[119894]minus(1198982
[119894]+1198983[119894]minus1198982[119894]lowast 1198983) lowast (1minus1198982
[119894]lowast 1198983[119894]))
(1 minus 1198983[119894]minus 1199103[119894]) (1 minus 1198984
[119894]minus1198983[119894]lowast1198982[119894])
(1198981[119894+1]
minus1199101[119894]) (1198982
[119894+1]minus1199102[119894]) (1198983
[119894+1]minus1199103[119894])
(10)
Therefore we have PM = ⋃7
119894=0PM[119894]
For any boolean variable 119886 we will impose an extraconstraint 119886lowast119886minus119886Thus we should define the correspondingconstraints set as follows CNS[119894] = 119886
[119894]lowast119886[119894]minus119886[119894] for all bit-
level variables in the ith cycleIn the same manner we have CNS = ⋃7
119894=0CNS[119894]
The sequential properties of this counter circuit can bespecified by the following assertions
1198661= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867)
NOT
XOR
XOR
OR
AND
1198981
1198982
1198983
1198984
1199101
1199102
1199103
1198810
1198811
1198812
Figure 3 Synchronous counter
1198662= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867)1198663= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867) and the restmay be deduced by analogy
Journal of Applied Mathematics 9
Table 1 Polynomial representations for properties to be verified
No Precondition Expected consequent0 1198981
[0]1198982[0]1198983[0]
NACycle1 NA (1198981
[1] 1198982[1] 1198983[1]minus 1)
Cycle2 NA (1198981[2] 1198982[2]minus 11198983
[2])
Cycle3 NA (1198981[3] 1198982[3]minus 11198983
[3]minus 1)
Cycle4 NA (1198981[4]minus 11198982
[4] 1198983[4])
Cycle5 NA (1198981[5]minus 11198982
[5] 1198983[5]minus 1)
Cycle6 NA (1198981[6]minus 11198982
[6]minus 11198983
[6])
Cycle7 NA (1198981[7]minus 11198982
[7]minus 11198983
[7]minus 1)
Afterward we will demonstrate the verification processstep by step
Firstly we calculate the sequential depth and have
119889119890119901(1198661) = 2 119889119890119901(119866
2) = 2 and 119889119890119901(119866
2) = 2
Secondly to verify a given property hold or not we haveto build a system model with 8 cycles at most and check119889119890119901(119866
1) = 2 steps
The circuit model to be verified is below
SM = PM⋃CNS (11)
The properties of this counter can be specified as thefollowing PSL assertions listed in Table 1
62 Assertion Checking Using Maple We run this exampleby using Maple 13 software Before running we manuallytranslated all models into polynomials The experiment isperformed on a Computer with a 240GHz CPU (Intel i5M450) and 512MB of memory It took about 004 secondsand 081MB of memory to find this error when applyingGroebner method
[gtwith(Groebner)[gt CM = sdot sdot sdot lowast Circuit Model lowast[gt TDEG = 119905119889119890119892(
1198981[0] 1198982[0] 1198983[0] 1198984[0] 1198981[1] 1198982[1]
1198983[1] 1198984[1] 1198981[2] 1198982[2] 1198983[2] 1198984[2]
1199101[0] 1199101[1] 1199101[2] 1199102[0] 1199102[1] 1199102[2]
1199103[0] 1199103[1] 1199103[2])
[gt CGB = 119861119886119904119894119904(GTDEG)[gt 119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898(1198983
[0]minus 1CGBTDEG)
[gt 119903119890119905 = 0
As shown in maple outputs the given circuit has beenmodeled as polynomial set CM (its Groebner basis is denotedby CGB) and assertion representation as (1198983
[0]minus 1) From
the running result we have return value of 119873119900119903119898119886119897 119865119900119903119898is 0 which means CGB be divided with no remainder by(1198983[0]minus1) Thus from the previously mentioned verification
principles it is easy to conclude that the SERE assertion 1198661
holds under this circuit model after 1 cycle Other results areshown in Table 2
Table 2 Result table
Cycle no Polynomial ResultCycle1 1198981
[0] 1198982[0] 1198983[0]minus 1 119903119890119905 = 0
Cycle2 1198981[1] 1198982[1]minus 11198983
[1]119903119890119905 = 01198981
[1]fails
Cycle3 1198981[2] 1198982[2]minus 11198983
[2]minus 1 Stop
From Table 2 when checking 1198662assertion the result
119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898 (1198981[1]CGBTDEG) = 1 = 0 so that we
can conclude the assertion does not hold and theremust existsome error in the original circuitThis case is a fairly completeillustration of how our checking algorithm works
7 Conclusion
In this paper we presented a new method for constrainedSERE temporal assertions checking by combining symbolicsimulation with symbolic algebraic approaches We modi-fied the original PSL specification to adapt our verificationrequirements and rebuilt a new constrained class of booleanand temporal layer
We first introduce a notion of symbolic constant for datapath verification which can gain great state coverage forsimulation based verification This method allows users todeal with more than one state and many input combinationsat a time This advantage comes directly from the fact thatmany vectors are simulated at once using symbolic value
We then defined a constrained simple subset of SEREand proposed an practical algebraization method for eachtemporal operator For sequential circuits verification weintroduce a parameterized polynomial set modeling methodbased on time frame expansion
Our approach is based on polynomial models construc-tion for both circuits and assertions In other words symbolicsimulation is performed on data-flow model and its unrolledform in polynomial representation Our method is to even-tually translate a simulation based verification problem into apure algebraic zero set determination problem by previouslymentioned steps which can be performed on any generalsymbolic algebraic tool An experimental evaluation usingmaple has shown that the method is extremely efficient anduseful
Furthermore we can summarize the advantages of ourchecking method as follows
(1) from the real case we see that SERE properties verifi-cation can be achieved easier using symbolic algebraicthan traditional method Complex test bench or testvector is not essential for this approach
(2) this advantage comes directly from the fact that manyvectors are simulated at once using symbolic value
(3) for assertion property verification an efficient slicingreduction technique can be applied to gain perfor-mance improvement
Basically our method can be taken as a useful theoreticalinsight for verification methodology
Finally we plan to explore further tradeoffs and combinenumeric computation with symbolic simulation for boosting
10 Journal of Applied Mathematics
performance in particular and to apply this method to moreindustrial case studies
Acknowledgments
The project is supported by the National Natural Sci-ence Foundation of China under Grant no 60973147 theNatural Science Foundation of Guangxi under Grant no2011GXNSFA018154 the Science and Technology Foundationof Guangxi under Grant no 10169-1 Guangxi ScientificResearch Project no 201012MS274 andGrants (HCIC201102)of Guangxi Key Laboratory of Hybrid Computation andIC Design Analysis Open Fund The authors would like tothank their colleagues for participating in the research Theyalso appreciate the anonymous reviewers for their helpfulcomments
References
[1] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2005 2005
[2] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[3] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2010 2010 Revision of IEEE Std 1850-2005
[4] T Tuerk K Schneider and M Gordon ldquoModel checking PSLusing HOL and SMVrdquo in Proceedings of the 2nd InternationalHaifa Verification Conference on Hardware and Software Verifi-cation and Testing (HVC rsquo06) E Bin A Ziv and S Ur Eds pp1ndash15 Springer Berlin Germany 2006
[5] T Launiainen K Heljanko and T Junttila ldquoEfficient modelchecking of PSL safety propertiesrdquo IET Computers amp DigitalTechniques vol 5 no 6 pp 479ndash492 2011
[6] A Pnueli and A Zaks ldquoPSL model checking and run-timeverification via testersrdquo in Proceedings of the 14th internationalconference on Formal Methods (FM rsquo06) pp 573ndash586 2006
[7] L Darringer ldquoApplication of program verification techniquesto hardware verificationrdquo in Proceedings of IEEE-ACM DesignAutomation Conference pp 375ndash381 1979
[8] G S Avrunin ldquoSymbolic model checking using algebraicgeometryrdquo in Proceedings of the 8th International Conference onComputer Aided Verification (CAV rsquo96) pp 26ndash37 1996
[9] W Mao and J Wu ldquoApplication of Wursquos method to symbolicmodel checkingrdquo in Proceedings of the International Symposiumon Symbolic and Algebraic Computation (ISSAC rsquo05) pp 237ndash244 July 2005
[10] J Wu and L Zhao ldquoMulti-valued model checking via groebnerbasis approachrdquo in Proceedings of the 1st Joint IEEEIFIP Sympo-sium on Theoretical Aspects of Software Engineering (TASE rsquo07)pp 35ndash44 June 2007
[11] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[12] J Smith and G De Micheli ldquoPolynomial methods for compo-nent matching and verificationrdquo in Proceedings of IEEEACMInternational Conference on Computer-Aided Design (ICCADrsquo98) pp 678ndash685 November 1998
[13] Y M Ryabukhin ldquoBoolean ringrdquo in Encyclopaedia of Mathe-matics M Hazewinkel Ed Springer 2001
[14] C J H Seger and R E Bryant ldquoFormal verification by symbolicevaluation of partially-ordered trajectoriesrdquo Formal Methods inSystem Design vol 6 no 2 pp 147ndash189 1995
[15] K H Chang W T Tu Y J Yeh and S Y Kuo ldquoA simulation-based temporal assertion checker for pslrdquo in Proceedings ofIEEE International Symposium onMicro-NanoMechatronics andHuman Science pp 1528ndash1531 2003
[16] D Cox and D OrsquoShea Ideals Varieties and AlgorithmsSpringer New York NY USA 1992
[17] T Becker and V Weispfenning Groebner Bases A Computa-tional Approach to Commutative Algebra vol 141 Springer NewYork NY USA 1993
[18] B Buchberger ldquoGroebner bases an algorithmic method inpolynomial ideal theoryrdquo in Multidimensional Systems Theorypp 184ndash232 Reidel 1985
[19] D Cox J Little and D OrsquoShea Eds Ideals Varieties and Algo-rithms An Introduction to Computational Algebraic Geometryand Commutative Algebra Undergraduate Texts in Mathemat-ics Springer 3rd edition 2007
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
4 Journal of Applied Mathematics
FF119863119863
119888 119888
119863998400
119863998400
0
1119910998400
Figure 1 Flip-flop model
33 Sequential Unrolling Generally for a sequential circuitone time frame of a sequential circuit is viewed as a combi-national circuit in which each flip-flop will be converted intotwo corresponding signals a pseudo primary input (PPI) anda pseudo primary output (PPO)
Symbolical simulation of a sequential circuit for 119899 cyclescan be regarded as unrolling the circuit 119899 timesThe unrolledcircuit is still a pure combinational circuit and the ith copy ofthe circuit represents the circuit at cycle 119894 Thus the unrolledcircuit contains all the symbolic results from the 119899 cycles
To illustrate the sequential modeling for a given cyclenumber clearly we define an indexed polynomial set represen-tation for the ith cycle
For example PM[119894] is defined as follows PM[119894] = (1199091[119894]minus
1198982[119894]minus 1199103[119894]) where 1199091 denotes signal variable name
while 1199091[119894]
denotes variable state in ith simulation cycleIf the given running cycle is 119899 then we have the systemrepresentation PM = ⋃
119899
119894=0PM[119894]
Let 119909119894[119897](0 le 119894 le 119903) denote the input signals for the lth
clock let 119898119894[119897](0 le 119894 le 119904) denote the intermediate signals
and let 119910119894[119897](0 le 119894 le 119905) denote the output signals We
then have the following time frame expansion model for thesequential circuit
FM =
119899
⋃
119894=0
FM [119894] (5)
where FM[119894] = C(1199091[119894] 1198981
[119894] 1198981
[119894] 1199091
[119894+1]
1198981[119894+1] 1199101
[119894+1] ) denotes the ith time frame model
Time frame expansion is achieved by connecting thePPIs (eg 1199091
[119894+1]from FM[119894 + 1]) of the time frame to the
corresponding PPOs (1199091[119894+1]
from FM[119894]) of the previoustime frame
34 Sequence Operator Modeling In this paper only a so-called simple subset of PSL will be considered which sub-sumes the properties in which time advances monotonicallyfrom left to right through the property if an entity (a BooleanExpression or a SERE) needs to be evaluated at a given timeall other entities right of it do so far not need to be knownMany properties not in the simple subset can be rewritten bythe simple subset The most properties to be verified can beexpressed within the bounds of the simple subset
For SEREs only the following features are supported byour modeling method
(1) standard Boolean expressions(2) fixed length Kleene closure(3) SERE concatenation(4) SERE fusion
(5) SERE disjunction(6) length-matching SERE conjunctionBy the constrained simple subset of PSL the user can
specify a safety property using only nonnegated weak oper-ators Intuitively a safety property is used to ensure thatldquosomething bad does not happenrdquo which is important informal verification Because safety properties are easier toverify this approach is only able to deal with safety properties
(1) Next OperatorIt indicates that the property will hold if its operandholds at the next cycle For example
assert (119903119890119902minus gt 119899119890119909119905 119886119888119896) (6)
states that if signal 119903119890119902 is asserted then 119886119888119896 will beasserted at next cyclerArr N119894(119903119890119902) and N119894+1(119886119888119896)
(2) Semicolons OperatorSemicolons operator a semicolon() is used to jointwo SEREs (or twoAL expressions or aAL expressionand a SERE) in such a way that the right-hand SEREstarts the cycle after the left-hand SERE endsFor example 119866 = assert (119903119890119902 119886119888119896) states that whensignal 119903119890119902 is asserted then 119886119888119896 will be asserted at nextcyclerArr N119894(119903119890119902) and N119894+1(119886119888119896)hArr N119894(119903119890119902 is 119867) andN119894+1(119886119888119896 is119867)where (0 le 119894 le 119889119890119901(119866))
(3) Fusion OperatorThe fusion operator a colon () is used to join twoSEREs (or twoAL expressions or aAL expression anda SERE) in such a way that there is a single cycle ofoverlap between them the right-hand SERE just startsthe same cycle that the left-hand SERE endsFor example 119866 = assert always (119903119890119902 119886119888119896 119892119899119905)states that when signal 119903119890119902 is asserted then 119886119888119896 and119892119899119905 will be asserted at next cyclerArrN119894(119903119890119902 is 119867) andN119894(119886119888119896 is119867) andN119894+1(119892119899119905 is119867)where (0 le 119894 le 119889119890119901(119866))
(4) Repeat OperatorRepeat operators allow the user to build more sophis-ticated SEREs using variations on the SERE repeti-tion operators [lowast119899] [= 119899] and so forth Consecutiverepetition operators provide a shortcut to typing thesame sub-SERE a number of timesIn this paper we only consider fixed times repeatoperator [= 119899]For example 119866 = assert (119903119890119902[119899] 119886119888119896) states thatwhen signal 119903119890119902 is asserted 119899 times then 119886119888119896 will beasserted at next cycle We then haverArr N1(119903119890119902 is119867) and sdot sdot sdot and N119899(119903119890119902 is119867)and N119899+1(119886119888119896 is119867)
Journal of Applied Mathematics 5
(1) DecompositionSERE property Common sequence set
(3) Reduction (2) UnrollingFlat sequence
(4) AlgebraizationPropositional formulas
Polynomial set
Figure 2 Algebraization steps of SEREs
4 Translation of SERE
In this section we will mainly discuss the hierarchicalmodeling method of SERE The temporal layer containsldquoSequential Extended Regular Expressionsrdquo (SEREs) whichallow describing the relation between Boolean layer expres-sions over time
Firstly we discuss the general algebraization process ofSERE from a symbolic computation point of view
41 Algebraization Process The algebraization process ofSERE properties can be demonstrated in Figure 2 The prop-erties written in SERE will be unrolled and checked againstthe design for bounded time steps in our method Note thatonly a constrained subset of SERE can be supported by ourmethod (unspecified upper bound time range and first-matchoperator are excluded)
Firstly we translate the properties described by theconstrained subset of SERE into flat sequences according tothe semantics of each supported operator
Secondly the unrolled flat sequences will be addedtemporal constraints to form proportional formulas withlogical connectives (or and and not)
Finally the resulted proportional formulas will be trans-lated into equivalent polynomial set
In summary the verification problem is reduced toproving zero set inclusion relationship which can be resolvedby Groebner bases approaches
42 Boolean LayerModeling ThePSLBoolean layer forms anunderlying basis for the whole assertion architecture In thispaper we limit our discussion only to the Boolean layer anda special constrained subset of it
While the Boolean layer consists of Boolean expressionsthat hold or do not hold at a given cycle the temporal layerprovides a way to describe relationships between Booleanexpressions over time
In this paper we distinguish between signal logic andBoolean proposition logic
Therefore we have the following two definitions
Definition 4 (signal logic) In digital circuit systems signallogic (SL for short) is defined as follows
(i) if a signal 119904 is active-high (H for short) then its signalvalue is defined as 1
(ii) if a signal 119904 is active-low (L for short) then its signalvalue is defined as 0
(iii) if a signal 119904 is assigned a symbolic value then its signalvalue is defined as 119880
Definition 5 (symbolic trajectory logic) The definition oftrajectory evaluation logic (TEL) is extended as the followinggrammar
119891 = 119899 is 0 | 119899 is 1 | 119908 is N | 1198911and 119891
2| 119875 997888rarr 119891 | N (119891)
(7)
where ldquoisrdquo is used to state the value of a Boolean or word-levelnode in the circuit Defined recursively over 119881 where 119901 is aBoolean expression over 119881 119899 is a node or variable name 1198911198911 1198912are TEL formulas N is the next-time operator
For example a symbolic trajectory assertion assume119881 =119886 then [(in is 119886) and N(true) =rArrN(out is 119886)]
Let numeric subscript denote time framenumber for eachvariable then we have in
[0]is 119886 out
[1]is 119886
In this paper all temporal operators in PSL SEREsspecification will be modeled by next operator N
We will introduce a notion of symbolic constant to PSLinspired from GSTE [14]
Definition 6 (symbolic constant) A symbolic constant [14] isa rigid Boolean or integer variable that forever holds the sameboolean valueThe notion of symbolic constant is introducedin an assertion for two purposes
(1) to encode an arbitrary Boolean constraints among aset of circuit nodes in a parametric form
(2) to encode all possible scalar values for a set of nodes
Consider 119886119904119904119890119903119905119894119900119899 (119903119890119902 is 119867) and (119886119888119896 is 119867) as anexample According to our definitions 119903119890119902 and 119886119888119896 aresignals belonging to signal logic while both (119903119890119902 is 119867) and(119886119888119896 is 119867) themselves are of assertion logic
Here we provide a formal syntax definition for assertionproposition logic namely Assertion Boolean Logic
If 1199091 1199092 119898 and 119899 are of SL then we have 119909
1= 1199092 119898 =
1199091amp 1199092 119898 = 119909
11199092 119898 = 119909
2 and (119898 = 119909
1) and (119899 = 119909
2) are
all of valid AL and can also be verified by using polynomialmodel
Definition 7 (assertion Boolean logic layer syntax) If 119886 isin SLand 119867 isin BC then 119886 = 119867 is an atom Boolean formula[119860119905119900119898 119861119900119900119897119890119886119899 119865119900119903119898119906119897119886]
Built-in functions 119904119905119886119887119897119890() 119903119900119904119890() 119891119890119897119897() 119894119904119906119899119896119899119900119908119899()119900119899119890ℎ119900119905() and 119900119899119890ℎ1199001199050() are of atom Boolean formulas
If 119886 is an integer signal logic variable (denoted by 119886 isin ISL)and symbolic constant 119868 isin 119868119862 then 119886 = 119868 is also an atomBoolean formula [119860119905119900119898119861119900119900119897119890119886119899 119865119900119903119898119906119897119886]
If 1198861and 1198862are atom Boolean formulas then
(1) 1198861amp amp 119886
2[Standard Logic ldquoANDrdquo]
(2) 1198861 1198862[Standard Logic ldquoORrdquo]
(3) 1198861[Standard Logic ldquoNOTrdquo]
(4) 1198861minus gt 119886
2[Standard Logic ldquoImplicationrdquo] are Boolean
formulas
6 Journal of Applied Mathematics
Assertion proposition logic (AL) for PSL is defined asstandard Boolean logic A Boolean expression of AL is anexpression that is evaluated in a single cycle and has the value119905119903119906119890 or 119891119886119897119904119890 Boolean connectives for AL are interpreted inthe standard
For example assertion (119886[15 0] == 119887[15 0]) given inthe Verilog flavor of PSL is a valid Boolean expression whichmeans 119886[15 0] and 119887[15 0] are equal
The state of a signal variable can be viewed as a zero of aset of polynomials We have the following
(1) For any signal 119909 holds at a given time step 119894 thus thestate of 119909 == 1 (119909 is active-high at cycle 119894) can berepresented by polynomial 119909
[119894]minus 1
(2) Alternatively the state of 119909 == 0 (119909 is active-low atcycle 119894 ) can be represented by polynomial 119909
[119894]
(3) Symbolically the state of 119909 == 119867 (119909 is active-high119867at the ith cycle) can be modeled as 119909
[119894]minus 119867
5 Algorithm Framework
In this section we will describe how an assertion is checkedusing Groebner basis approach
As we all know in traditional numeric simulation [15]PSL assertion checking process can be described as followsFirstly the design file with PSL codes is compiled into localexecutable binary code via simulation tools (such as Ques-taSim or ModelSim) The designer then provides a testbenchfile to set input values running cycles and other parametersFinally the designer performs simulation by starting ldquorunrdquocommand to produce traces for assertion checking
Firstly wewill sketch some of the key notions ofGroebnerbases theory [16 17] and symbolic computation
51 Groebner Bases Preliminary We begin by listing somegeneral facts and establishing notations
Let 119896 be an algebraically closed field and let 119896[1199091 119909
119899]
be the polynomial ring in variables 1199091 1199092 119909
119899with coeffi-
cient in 119896 under addition and multiplication of polynomialHere let 119868 sube 119896[119909
1 119909
119899] be an ideal As we all know the
following theorem holds
Theorem 8 (Hilbert basis theorem) Every ideal 119868 sub
119896[1199091 119909
119899] has a finite generating set That is 119868 = ⟨119892
1
119892119905⟩ for some 119892
1 119892
119905isin 119868
Then by the Hilbert basis theorem there exist finitelymany polynomials 119891
1 119891
119898such that 119868 = ⟨119891
1 119891
119898⟩ A
polynomial 119891 sube 119896[1199091 119909
119899] defines a map 119891 119896119899 rarr 119896 via
evaluation (1198861 119886
119899) 997891rarr 119891(119886
1 119886
119899)
The set 119881(119868) = 119886 isin 119896119899 | forall119891 isin 119868 119891(119886) = 0 sube 119896119899 is calledthe variety associated with 119868
If 1198811= 119881(119868
1) and 119881
2= 119881(119868
2) are the varieties defined
by ideals 1198681and 1198682 then we have 119881
1cap 1198812= 119881(⟨119868
1 1198682⟩) and
1198811cup1198812= 119881(119868
1times1198682) where 119868
1times1198682= ⟨11989111198912| 1198911isin 1198681 1198912isin 1198682⟩ If
1198681= ⟨1198911 119891
119903⟩ and 119868
2= ⟨ℎ1 ℎ
119904⟩ then 119868
1times1198682= ⟨119891119894times119892119895|
1 le 119894 le 119903 1 le 119895 le 119904⟩Any set of points in 119896119899 can be regarded as the variety
of some ideal Note that there will be more than one ideal
defining a given variety For example the ideals ⟨1199090⟩ and
⟨1199090 11990911199090minus 1⟩ both define the variety 119881(119909
0) In order to
perform verification we need to be able to determine whentwo ideals represent the same set of points That is to say weneed a canonical representation for any ideal Groebner basescan be used for this purpose
Definition 9 (Groebner basis) Fix a monomial order A finitesubset 119866 = 119892
1 119892
119905 of an ideal 119868 is said to be a Groebner
basis (or standard basis) if ⟨119871119879(1198921) 119871119879(119892
119905)⟩ = ⟨119871119879(119868)⟩
Equivalently but more informally a set 1198921 119892
119905 sub 119868
is a Groebner basis of 119868 if and only if the leading term of anyelement of 119868 is divisible by one of the 119871119879(119892
119894)
In work [18] Buchberger provided an algorithm for con-structing a Groebner basis for a given ideal This algorithmcan also be used to determine whether a polynomial belongsto a given ideal
A reduced Groebner basis 119866 is a Groebner basis wherethe leading coefficients of polynomials in 119866 are all 1 and nomonomial of an element of119866 lies in the ideal generated by theleading terms of other elements of 119866 forall119892 isin 119866 no monomialof 119892 is in ⟨119871119879(119866 minus 119892)⟩
The important result is that for a fixed monomial order-ing any nonzero ideal has a unique reduced Groebner basisThe algorithm for finding a Groebner basis can easily beextended to output its reduced Groebner basis Thus we willhave a canonical symbolic representation for any ideal
Theorem 10 (the elimination theorem) Let 119868 sub 119896[1199091 119909
119899]
be an ideal and let 119866 be a Groebner basis of 119868 with respect tolex order where 119909
1≻ 1199092≻ sdot sdot sdot ≻ 119909
119899 Then for every 0 le 119897 le 119899
the set
119866119897= 119866 cap 119896 [119909
119897+1 119909
119899] (8)
is a Groebner basis of the lth elimination ideal 119868119897
Theorem 11 Let 119866 be a Groebner basis for an ideal 119868 sub
119896[1199091 119909
119899] and let 119891 isin 119896[119909
1 119909
119899] Then 119891 isin 119868 if and
only if the remainder on division of 119891 by 119866 is zero denoted by119903119890119898119889(119891 119866) = 0
The property given in Theorem 11 can also be taken asthe definition of a Groebner basis Then we will get anefficient algorithm for solving the idealmembership problemAssumed that we know a Groebner basis 119866 for the ideal inquestion we only need to compute a remainder with respectto 119866 to determine whether 119891 isin 119868
52 Verification Principle Based Theorem Proving As justmentioned in previous section our checking method isbased on algebraic geometry theory Algebraic geometry isthe study of the geometric objects arising as the commonzeros of collections of polynomials Our aim is to findpolynomials whose zeros correspond to system states inwhich the appropriate assignments are made
In our method we regard any set of points in 119896119899 as thevariety of some ideal We can use the ideal or any basis forthe ideal as a way of encoding the set of statesThe verification
Journal of Applied Mathematics 7
problem is then transformed into ideal membership problemthat can be solved by computation algorithms
From Groebner Bases theory [16 18] every nonzero ideal119868 sub 119896[119909
1 119909
119899] has a Groebner basis and the following
proposition evidently holds
Proposition 12 Let 119862 and 119878 be polynomial sets of119896[1199091 119909
119899] and ⟨119866119878⟩ is a Groebner basis for ⟨119878⟩ then
one has ⟨119862⟩ sube ⟨119878⟩ hArr forall119888 isin 119862 119903119890119898119889(119888 119866119878) = 0
All supported SEREs properties can be classified into twocategories
(1) Implication-typed Properties of this type have anexplicit antecedent that can be taken as an initialprecondition If the precondition is conflict withthe system model this property will be viewed asfalse Otherwise further checking process will beperformed
(2) Sequence-typed Properties of this type have noexplicit antecedent and therefore an initial conditionshould be provided by the testbench If the pre-condition is in conflict with the system model thissequence property will also be viewed as false Oth-erwise further checking process will be performed
Theorem 13 Suppose that 119866 (If 119866 = [119860 rArr 119862] is animplication-typed property then 119860 denotes the antecedentotherwise 119866 is a sequence-typed property then 119860 is theprecondition) and 119872 is a system model Let 119875119860 and PM bethe polynomial set representations for 119860 and 119872 respectivelyconstructed by previous mentioned rules Let119867 = 119875119860 cup PM =
ℎ1 ℎ2 ℎ
119904 sube 119896[119909
1 119909
119899] 119868 = ⟨119867⟩ (where ⟨119867⟩ denotes
the ideal generated by119867) 1198881 1198882 119888
119903 denotes the polynomial
set representation for 119862 119866119861119867= 119892119887119886119904119894119904(119867 ≺) then one has
((1 notin 119866119861119867) and 119903119890119898119889 (119862 119866119861
119867) == 0)
hArr ((1 notin 119866119861119867) and ⋀119903
119894=0(119903119890119898119889 (119888
119894 119866119861119867) == 0))
hArr (119872 |= 119866)
Proof By Hilbertrsquos Nullstellensatz theory and previouslymentioned notions it is easy to have the conclusion
53 Checking Algorithm For a practical assertion checkingprocess it needs to build complicated syntax analysis treefor a given assertion and call the basic checking functions toperform checking For simplicity we only provide the coredecision algorithms and the basic process flow
Firstly the original circuit is sliced with respect to thegiven assertion119866 Polynomial representation for sliced circuitmodel antecedent and consequent will then be built respec-tively Finally we calculate the hypothesis set and itsGroebnerbases to determine whether the assertion holds or not
From the above discussion we have the process steps anddetailed algorithm description in Algorithm 1
An important advantage of our algorithm is that it onlyrequires a comparatively small amount of state variables toverify a given assertion due to slicing reduction
Input Circuit model C an assertion 119866 = [ArArr C]Output Boolean true or falseBEGIN
lowast Step 0 initialize input signals via testbench lowast(0) 119868119899119894119905119878119894119892119899119886119897119904(
997888rarr
1198830)
(1) S = 0M = 0 119875119878119860= 0119867 = 0 119875119878
119862= 0
lowast Step 1 build polynomial model lowast(2) M = 119861119906119894119897119889119875119878(S)
lowast Step 3 build polynomial set for antecedentAlowast(3) 119875119878A = 119861119906119894119897119889119875119878(A)
lowast Step 3 build polynomial set for consequentClowast(4) 119875119878C = 119861119906119894119897119889119875119878(C)
lowast Step 4 calculate the 119875119878A cupMlowast(5) 119867 = 119875119878A cupM
lowast Step 5 calculate the Groebner base of ⟨119867⟩ lowast(6) 119866119861
119867= 119892119887119886119904119894119904(119867 ≺)
lowast Step 6 calculate the Groebner base of ⟨119867⟩ lowast(7) if(1 isin 119866119861
119867)
(8) return false (9) if(119903119890119898119889(119875119878C 119866119861119867) = 0)(10) return false (11) return 119905119903119906119890 lowast Assertion does hold lowastEND
Algorithm 1 Assertion checking 119860119904119904119862ℎ119896 (C 119866)
From the above discussion we have the process steps anddetailed algorithm description in Algorithm 2
Firstly the original circuit is transformed into a normalpolynomial representation and the assertion as well ThencalculateGroebner bases using the Buchberger algorithm [19]and their elimination ideals Finally examine the relationbetween elimination ideals and determine whether the asser-tion holds or not
6 A Case Study
In this section we will study a case to show how PSL SEREproperties are verified by polynomial representation andalgebra computation
61 Circuit and PSL Modeling As an example considerthe 3-bit synchronous counter circuit C in Figure 3 whosepolynomial set can be constructed as follows In this circuitthere exists a design bug that ldquoANDrdquo gate is replaced by ldquoORrdquogate incorrectly Now let us show how to check this errorusing our symbolic algebraic method
119875119878119890119905counter
= (1199101 minus (1198981 + 1198984 minus 1198981 lowast 1198984) lowast (1 minus 1198981 lowast 1198984))
(1199102 minus (1198982 + 1198983 minus 1198982 lowast 1198983) lowast (1 minus 1198982 lowast 1198983))
(1 minus 1198983 minus 1199103) (1 minus 1198984 minus 1198983 lowast 1198982)
(11989811015840minus 1199101) (1198982
1015840minus 1199102) (1198983
1015840minus 1199103)
(9)
8 Journal of Applied Mathematics
Input Circuit model C a temporal assertion 119904 running cycles 119888119910119888119897119890119904Output Boolean true or falseBEGIN(1) 119894 = 0(2) 119904119908119894119905119888ℎ(119900119901119890119903119886119905119900119903(119904))
(3) case always (4) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(5) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(6) return false(7) 119894+ = 119889119890119901(119904)
(8) lowast end while lowast(9) case eventually(10) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(11) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(12) return true(13) 119894+ = 119889119890119901(119904)
(14) lowast end while lowast(15) lowast end case lowast(16) case never (17) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(18) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(19) return false(20) 119894+ = 119889119890119901(119904)
(21) lowast end while lowast(22) lowast end case lowast(23) deafult (24) 119903119890119905119906119903119899 119860119904119904119862ℎ119896(119862 119904 119894)(25) lowast end switch lowast(26)
END
Algorithm 2 Assertion checking 119879119890119898119901119900119903119886119897119860119904119904119862ℎ119896 (C 119904 119888119910119888119897119890119904)
where 11990911015840 denotes the next state of 1199091 For the ith cycle weuse 1199091
[119894]to denote variable name in current cycle
To illustrate the problem clearly we define polynomial setrepresentation PM[119894] for ith cycle as follows
PM [119894]
= (1199101[119894]minus(1198981
[119894]+1198984[119894]minus1198981[119894]lowast 119898) lowast (1 minus 1198981
[119894]lowast 1198984[119894]))
(1199102[119894]minus(1198982
[119894]+1198983[119894]minus1198982[119894]lowast 1198983) lowast (1minus1198982
[119894]lowast 1198983[119894]))
(1 minus 1198983[119894]minus 1199103[119894]) (1 minus 1198984
[119894]minus1198983[119894]lowast1198982[119894])
(1198981[119894+1]
minus1199101[119894]) (1198982
[119894+1]minus1199102[119894]) (1198983
[119894+1]minus1199103[119894])
(10)
Therefore we have PM = ⋃7
119894=0PM[119894]
For any boolean variable 119886 we will impose an extraconstraint 119886lowast119886minus119886Thus we should define the correspondingconstraints set as follows CNS[119894] = 119886
[119894]lowast119886[119894]minus119886[119894] for all bit-
level variables in the ith cycleIn the same manner we have CNS = ⋃7
119894=0CNS[119894]
The sequential properties of this counter circuit can bespecified by the following assertions
1198661= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867)
NOT
XOR
XOR
OR
AND
1198981
1198982
1198983
1198984
1199101
1199102
1199103
1198810
1198811
1198812
Figure 3 Synchronous counter
1198662= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867)1198663= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867) and the restmay be deduced by analogy
Journal of Applied Mathematics 9
Table 1 Polynomial representations for properties to be verified
No Precondition Expected consequent0 1198981
[0]1198982[0]1198983[0]
NACycle1 NA (1198981
[1] 1198982[1] 1198983[1]minus 1)
Cycle2 NA (1198981[2] 1198982[2]minus 11198983
[2])
Cycle3 NA (1198981[3] 1198982[3]minus 11198983
[3]minus 1)
Cycle4 NA (1198981[4]minus 11198982
[4] 1198983[4])
Cycle5 NA (1198981[5]minus 11198982
[5] 1198983[5]minus 1)
Cycle6 NA (1198981[6]minus 11198982
[6]minus 11198983
[6])
Cycle7 NA (1198981[7]minus 11198982
[7]minus 11198983
[7]minus 1)
Afterward we will demonstrate the verification processstep by step
Firstly we calculate the sequential depth and have
119889119890119901(1198661) = 2 119889119890119901(119866
2) = 2 and 119889119890119901(119866
2) = 2
Secondly to verify a given property hold or not we haveto build a system model with 8 cycles at most and check119889119890119901(119866
1) = 2 steps
The circuit model to be verified is below
SM = PM⋃CNS (11)
The properties of this counter can be specified as thefollowing PSL assertions listed in Table 1
62 Assertion Checking Using Maple We run this exampleby using Maple 13 software Before running we manuallytranslated all models into polynomials The experiment isperformed on a Computer with a 240GHz CPU (Intel i5M450) and 512MB of memory It took about 004 secondsand 081MB of memory to find this error when applyingGroebner method
[gtwith(Groebner)[gt CM = sdot sdot sdot lowast Circuit Model lowast[gt TDEG = 119905119889119890119892(
1198981[0] 1198982[0] 1198983[0] 1198984[0] 1198981[1] 1198982[1]
1198983[1] 1198984[1] 1198981[2] 1198982[2] 1198983[2] 1198984[2]
1199101[0] 1199101[1] 1199101[2] 1199102[0] 1199102[1] 1199102[2]
1199103[0] 1199103[1] 1199103[2])
[gt CGB = 119861119886119904119894119904(GTDEG)[gt 119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898(1198983
[0]minus 1CGBTDEG)
[gt 119903119890119905 = 0
As shown in maple outputs the given circuit has beenmodeled as polynomial set CM (its Groebner basis is denotedby CGB) and assertion representation as (1198983
[0]minus 1) From
the running result we have return value of 119873119900119903119898119886119897 119865119900119903119898is 0 which means CGB be divided with no remainder by(1198983[0]minus1) Thus from the previously mentioned verification
principles it is easy to conclude that the SERE assertion 1198661
holds under this circuit model after 1 cycle Other results areshown in Table 2
Table 2 Result table
Cycle no Polynomial ResultCycle1 1198981
[0] 1198982[0] 1198983[0]minus 1 119903119890119905 = 0
Cycle2 1198981[1] 1198982[1]minus 11198983
[1]119903119890119905 = 01198981
[1]fails
Cycle3 1198981[2] 1198982[2]minus 11198983
[2]minus 1 Stop
From Table 2 when checking 1198662assertion the result
119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898 (1198981[1]CGBTDEG) = 1 = 0 so that we
can conclude the assertion does not hold and theremust existsome error in the original circuitThis case is a fairly completeillustration of how our checking algorithm works
7 Conclusion
In this paper we presented a new method for constrainedSERE temporal assertions checking by combining symbolicsimulation with symbolic algebraic approaches We modi-fied the original PSL specification to adapt our verificationrequirements and rebuilt a new constrained class of booleanand temporal layer
We first introduce a notion of symbolic constant for datapath verification which can gain great state coverage forsimulation based verification This method allows users todeal with more than one state and many input combinationsat a time This advantage comes directly from the fact thatmany vectors are simulated at once using symbolic value
We then defined a constrained simple subset of SEREand proposed an practical algebraization method for eachtemporal operator For sequential circuits verification weintroduce a parameterized polynomial set modeling methodbased on time frame expansion
Our approach is based on polynomial models construc-tion for both circuits and assertions In other words symbolicsimulation is performed on data-flow model and its unrolledform in polynomial representation Our method is to even-tually translate a simulation based verification problem into apure algebraic zero set determination problem by previouslymentioned steps which can be performed on any generalsymbolic algebraic tool An experimental evaluation usingmaple has shown that the method is extremely efficient anduseful
Furthermore we can summarize the advantages of ourchecking method as follows
(1) from the real case we see that SERE properties verifi-cation can be achieved easier using symbolic algebraicthan traditional method Complex test bench or testvector is not essential for this approach
(2) this advantage comes directly from the fact that manyvectors are simulated at once using symbolic value
(3) for assertion property verification an efficient slicingreduction technique can be applied to gain perfor-mance improvement
Basically our method can be taken as a useful theoreticalinsight for verification methodology
Finally we plan to explore further tradeoffs and combinenumeric computation with symbolic simulation for boosting
10 Journal of Applied Mathematics
performance in particular and to apply this method to moreindustrial case studies
Acknowledgments
The project is supported by the National Natural Sci-ence Foundation of China under Grant no 60973147 theNatural Science Foundation of Guangxi under Grant no2011GXNSFA018154 the Science and Technology Foundationof Guangxi under Grant no 10169-1 Guangxi ScientificResearch Project no 201012MS274 andGrants (HCIC201102)of Guangxi Key Laboratory of Hybrid Computation andIC Design Analysis Open Fund The authors would like tothank their colleagues for participating in the research Theyalso appreciate the anonymous reviewers for their helpfulcomments
References
[1] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2005 2005
[2] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[3] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2010 2010 Revision of IEEE Std 1850-2005
[4] T Tuerk K Schneider and M Gordon ldquoModel checking PSLusing HOL and SMVrdquo in Proceedings of the 2nd InternationalHaifa Verification Conference on Hardware and Software Verifi-cation and Testing (HVC rsquo06) E Bin A Ziv and S Ur Eds pp1ndash15 Springer Berlin Germany 2006
[5] T Launiainen K Heljanko and T Junttila ldquoEfficient modelchecking of PSL safety propertiesrdquo IET Computers amp DigitalTechniques vol 5 no 6 pp 479ndash492 2011
[6] A Pnueli and A Zaks ldquoPSL model checking and run-timeverification via testersrdquo in Proceedings of the 14th internationalconference on Formal Methods (FM rsquo06) pp 573ndash586 2006
[7] L Darringer ldquoApplication of program verification techniquesto hardware verificationrdquo in Proceedings of IEEE-ACM DesignAutomation Conference pp 375ndash381 1979
[8] G S Avrunin ldquoSymbolic model checking using algebraicgeometryrdquo in Proceedings of the 8th International Conference onComputer Aided Verification (CAV rsquo96) pp 26ndash37 1996
[9] W Mao and J Wu ldquoApplication of Wursquos method to symbolicmodel checkingrdquo in Proceedings of the International Symposiumon Symbolic and Algebraic Computation (ISSAC rsquo05) pp 237ndash244 July 2005
[10] J Wu and L Zhao ldquoMulti-valued model checking via groebnerbasis approachrdquo in Proceedings of the 1st Joint IEEEIFIP Sympo-sium on Theoretical Aspects of Software Engineering (TASE rsquo07)pp 35ndash44 June 2007
[11] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[12] J Smith and G De Micheli ldquoPolynomial methods for compo-nent matching and verificationrdquo in Proceedings of IEEEACMInternational Conference on Computer-Aided Design (ICCADrsquo98) pp 678ndash685 November 1998
[13] Y M Ryabukhin ldquoBoolean ringrdquo in Encyclopaedia of Mathe-matics M Hazewinkel Ed Springer 2001
[14] C J H Seger and R E Bryant ldquoFormal verification by symbolicevaluation of partially-ordered trajectoriesrdquo Formal Methods inSystem Design vol 6 no 2 pp 147ndash189 1995
[15] K H Chang W T Tu Y J Yeh and S Y Kuo ldquoA simulation-based temporal assertion checker for pslrdquo in Proceedings ofIEEE International Symposium onMicro-NanoMechatronics andHuman Science pp 1528ndash1531 2003
[16] D Cox and D OrsquoShea Ideals Varieties and AlgorithmsSpringer New York NY USA 1992
[17] T Becker and V Weispfenning Groebner Bases A Computa-tional Approach to Commutative Algebra vol 141 Springer NewYork NY USA 1993
[18] B Buchberger ldquoGroebner bases an algorithmic method inpolynomial ideal theoryrdquo in Multidimensional Systems Theorypp 184ndash232 Reidel 1985
[19] D Cox J Little and D OrsquoShea Eds Ideals Varieties and Algo-rithms An Introduction to Computational Algebraic Geometryand Commutative Algebra Undergraduate Texts in Mathemat-ics Springer 3rd edition 2007
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Journal of Applied Mathematics 5
(1) DecompositionSERE property Common sequence set
(3) Reduction (2) UnrollingFlat sequence
(4) AlgebraizationPropositional formulas
Polynomial set
Figure 2 Algebraization steps of SEREs
4 Translation of SERE
In this section we will mainly discuss the hierarchicalmodeling method of SERE The temporal layer containsldquoSequential Extended Regular Expressionsrdquo (SEREs) whichallow describing the relation between Boolean layer expres-sions over time
Firstly we discuss the general algebraization process ofSERE from a symbolic computation point of view
41 Algebraization Process The algebraization process ofSERE properties can be demonstrated in Figure 2 The prop-erties written in SERE will be unrolled and checked againstthe design for bounded time steps in our method Note thatonly a constrained subset of SERE can be supported by ourmethod (unspecified upper bound time range and first-matchoperator are excluded)
Firstly we translate the properties described by theconstrained subset of SERE into flat sequences according tothe semantics of each supported operator
Secondly the unrolled flat sequences will be addedtemporal constraints to form proportional formulas withlogical connectives (or and and not)
Finally the resulted proportional formulas will be trans-lated into equivalent polynomial set
In summary the verification problem is reduced toproving zero set inclusion relationship which can be resolvedby Groebner bases approaches
42 Boolean LayerModeling ThePSLBoolean layer forms anunderlying basis for the whole assertion architecture In thispaper we limit our discussion only to the Boolean layer anda special constrained subset of it
While the Boolean layer consists of Boolean expressionsthat hold or do not hold at a given cycle the temporal layerprovides a way to describe relationships between Booleanexpressions over time
In this paper we distinguish between signal logic andBoolean proposition logic
Therefore we have the following two definitions
Definition 4 (signal logic) In digital circuit systems signallogic (SL for short) is defined as follows
(i) if a signal 119904 is active-high (H for short) then its signalvalue is defined as 1
(ii) if a signal 119904 is active-low (L for short) then its signalvalue is defined as 0
(iii) if a signal 119904 is assigned a symbolic value then its signalvalue is defined as 119880
Definition 5 (symbolic trajectory logic) The definition oftrajectory evaluation logic (TEL) is extended as the followinggrammar
119891 = 119899 is 0 | 119899 is 1 | 119908 is N | 1198911and 119891
2| 119875 997888rarr 119891 | N (119891)
(7)
where ldquoisrdquo is used to state the value of a Boolean or word-levelnode in the circuit Defined recursively over 119881 where 119901 is aBoolean expression over 119881 119899 is a node or variable name 1198911198911 1198912are TEL formulas N is the next-time operator
For example a symbolic trajectory assertion assume119881 =119886 then [(in is 119886) and N(true) =rArrN(out is 119886)]
Let numeric subscript denote time framenumber for eachvariable then we have in
[0]is 119886 out
[1]is 119886
In this paper all temporal operators in PSL SEREsspecification will be modeled by next operator N
We will introduce a notion of symbolic constant to PSLinspired from GSTE [14]
Definition 6 (symbolic constant) A symbolic constant [14] isa rigid Boolean or integer variable that forever holds the sameboolean valueThe notion of symbolic constant is introducedin an assertion for two purposes
(1) to encode an arbitrary Boolean constraints among aset of circuit nodes in a parametric form
(2) to encode all possible scalar values for a set of nodes
Consider 119886119904119904119890119903119905119894119900119899 (119903119890119902 is 119867) and (119886119888119896 is 119867) as anexample According to our definitions 119903119890119902 and 119886119888119896 aresignals belonging to signal logic while both (119903119890119902 is 119867) and(119886119888119896 is 119867) themselves are of assertion logic
Here we provide a formal syntax definition for assertionproposition logic namely Assertion Boolean Logic
If 1199091 1199092 119898 and 119899 are of SL then we have 119909
1= 1199092 119898 =
1199091amp 1199092 119898 = 119909
11199092 119898 = 119909
2 and (119898 = 119909
1) and (119899 = 119909
2) are
all of valid AL and can also be verified by using polynomialmodel
Definition 7 (assertion Boolean logic layer syntax) If 119886 isin SLand 119867 isin BC then 119886 = 119867 is an atom Boolean formula[119860119905119900119898 119861119900119900119897119890119886119899 119865119900119903119898119906119897119886]
Built-in functions 119904119905119886119887119897119890() 119903119900119904119890() 119891119890119897119897() 119894119904119906119899119896119899119900119908119899()119900119899119890ℎ119900119905() and 119900119899119890ℎ1199001199050() are of atom Boolean formulas
If 119886 is an integer signal logic variable (denoted by 119886 isin ISL)and symbolic constant 119868 isin 119868119862 then 119886 = 119868 is also an atomBoolean formula [119860119905119900119898119861119900119900119897119890119886119899 119865119900119903119898119906119897119886]
If 1198861and 1198862are atom Boolean formulas then
(1) 1198861amp amp 119886
2[Standard Logic ldquoANDrdquo]
(2) 1198861 1198862[Standard Logic ldquoORrdquo]
(3) 1198861[Standard Logic ldquoNOTrdquo]
(4) 1198861minus gt 119886
2[Standard Logic ldquoImplicationrdquo] are Boolean
formulas
6 Journal of Applied Mathematics
Assertion proposition logic (AL) for PSL is defined asstandard Boolean logic A Boolean expression of AL is anexpression that is evaluated in a single cycle and has the value119905119903119906119890 or 119891119886119897119904119890 Boolean connectives for AL are interpreted inthe standard
For example assertion (119886[15 0] == 119887[15 0]) given inthe Verilog flavor of PSL is a valid Boolean expression whichmeans 119886[15 0] and 119887[15 0] are equal
The state of a signal variable can be viewed as a zero of aset of polynomials We have the following
(1) For any signal 119909 holds at a given time step 119894 thus thestate of 119909 == 1 (119909 is active-high at cycle 119894) can berepresented by polynomial 119909
[119894]minus 1
(2) Alternatively the state of 119909 == 0 (119909 is active-low atcycle 119894 ) can be represented by polynomial 119909
[119894]
(3) Symbolically the state of 119909 == 119867 (119909 is active-high119867at the ith cycle) can be modeled as 119909
[119894]minus 119867
5 Algorithm Framework
In this section we will describe how an assertion is checkedusing Groebner basis approach
As we all know in traditional numeric simulation [15]PSL assertion checking process can be described as followsFirstly the design file with PSL codes is compiled into localexecutable binary code via simulation tools (such as Ques-taSim or ModelSim) The designer then provides a testbenchfile to set input values running cycles and other parametersFinally the designer performs simulation by starting ldquorunrdquocommand to produce traces for assertion checking
Firstly wewill sketch some of the key notions ofGroebnerbases theory [16 17] and symbolic computation
51 Groebner Bases Preliminary We begin by listing somegeneral facts and establishing notations
Let 119896 be an algebraically closed field and let 119896[1199091 119909
119899]
be the polynomial ring in variables 1199091 1199092 119909
119899with coeffi-
cient in 119896 under addition and multiplication of polynomialHere let 119868 sube 119896[119909
1 119909
119899] be an ideal As we all know the
following theorem holds
Theorem 8 (Hilbert basis theorem) Every ideal 119868 sub
119896[1199091 119909
119899] has a finite generating set That is 119868 = ⟨119892
1
119892119905⟩ for some 119892
1 119892
119905isin 119868
Then by the Hilbert basis theorem there exist finitelymany polynomials 119891
1 119891
119898such that 119868 = ⟨119891
1 119891
119898⟩ A
polynomial 119891 sube 119896[1199091 119909
119899] defines a map 119891 119896119899 rarr 119896 via
evaluation (1198861 119886
119899) 997891rarr 119891(119886
1 119886
119899)
The set 119881(119868) = 119886 isin 119896119899 | forall119891 isin 119868 119891(119886) = 0 sube 119896119899 is calledthe variety associated with 119868
If 1198811= 119881(119868
1) and 119881
2= 119881(119868
2) are the varieties defined
by ideals 1198681and 1198682 then we have 119881
1cap 1198812= 119881(⟨119868
1 1198682⟩) and
1198811cup1198812= 119881(119868
1times1198682) where 119868
1times1198682= ⟨11989111198912| 1198911isin 1198681 1198912isin 1198682⟩ If
1198681= ⟨1198911 119891
119903⟩ and 119868
2= ⟨ℎ1 ℎ
119904⟩ then 119868
1times1198682= ⟨119891119894times119892119895|
1 le 119894 le 119903 1 le 119895 le 119904⟩Any set of points in 119896119899 can be regarded as the variety
of some ideal Note that there will be more than one ideal
defining a given variety For example the ideals ⟨1199090⟩ and
⟨1199090 11990911199090minus 1⟩ both define the variety 119881(119909
0) In order to
perform verification we need to be able to determine whentwo ideals represent the same set of points That is to say weneed a canonical representation for any ideal Groebner basescan be used for this purpose
Definition 9 (Groebner basis) Fix a monomial order A finitesubset 119866 = 119892
1 119892
119905 of an ideal 119868 is said to be a Groebner
basis (or standard basis) if ⟨119871119879(1198921) 119871119879(119892
119905)⟩ = ⟨119871119879(119868)⟩
Equivalently but more informally a set 1198921 119892
119905 sub 119868
is a Groebner basis of 119868 if and only if the leading term of anyelement of 119868 is divisible by one of the 119871119879(119892
119894)
In work [18] Buchberger provided an algorithm for con-structing a Groebner basis for a given ideal This algorithmcan also be used to determine whether a polynomial belongsto a given ideal
A reduced Groebner basis 119866 is a Groebner basis wherethe leading coefficients of polynomials in 119866 are all 1 and nomonomial of an element of119866 lies in the ideal generated by theleading terms of other elements of 119866 forall119892 isin 119866 no monomialof 119892 is in ⟨119871119879(119866 minus 119892)⟩
The important result is that for a fixed monomial order-ing any nonzero ideal has a unique reduced Groebner basisThe algorithm for finding a Groebner basis can easily beextended to output its reduced Groebner basis Thus we willhave a canonical symbolic representation for any ideal
Theorem 10 (the elimination theorem) Let 119868 sub 119896[1199091 119909
119899]
be an ideal and let 119866 be a Groebner basis of 119868 with respect tolex order where 119909
1≻ 1199092≻ sdot sdot sdot ≻ 119909
119899 Then for every 0 le 119897 le 119899
the set
119866119897= 119866 cap 119896 [119909
119897+1 119909
119899] (8)
is a Groebner basis of the lth elimination ideal 119868119897
Theorem 11 Let 119866 be a Groebner basis for an ideal 119868 sub
119896[1199091 119909
119899] and let 119891 isin 119896[119909
1 119909
119899] Then 119891 isin 119868 if and
only if the remainder on division of 119891 by 119866 is zero denoted by119903119890119898119889(119891 119866) = 0
The property given in Theorem 11 can also be taken asthe definition of a Groebner basis Then we will get anefficient algorithm for solving the idealmembership problemAssumed that we know a Groebner basis 119866 for the ideal inquestion we only need to compute a remainder with respectto 119866 to determine whether 119891 isin 119868
52 Verification Principle Based Theorem Proving As justmentioned in previous section our checking method isbased on algebraic geometry theory Algebraic geometry isthe study of the geometric objects arising as the commonzeros of collections of polynomials Our aim is to findpolynomials whose zeros correspond to system states inwhich the appropriate assignments are made
In our method we regard any set of points in 119896119899 as thevariety of some ideal We can use the ideal or any basis forthe ideal as a way of encoding the set of statesThe verification
Journal of Applied Mathematics 7
problem is then transformed into ideal membership problemthat can be solved by computation algorithms
From Groebner Bases theory [16 18] every nonzero ideal119868 sub 119896[119909
1 119909
119899] has a Groebner basis and the following
proposition evidently holds
Proposition 12 Let 119862 and 119878 be polynomial sets of119896[1199091 119909
119899] and ⟨119866119878⟩ is a Groebner basis for ⟨119878⟩ then
one has ⟨119862⟩ sube ⟨119878⟩ hArr forall119888 isin 119862 119903119890119898119889(119888 119866119878) = 0
All supported SEREs properties can be classified into twocategories
(1) Implication-typed Properties of this type have anexplicit antecedent that can be taken as an initialprecondition If the precondition is conflict withthe system model this property will be viewed asfalse Otherwise further checking process will beperformed
(2) Sequence-typed Properties of this type have noexplicit antecedent and therefore an initial conditionshould be provided by the testbench If the pre-condition is in conflict with the system model thissequence property will also be viewed as false Oth-erwise further checking process will be performed
Theorem 13 Suppose that 119866 (If 119866 = [119860 rArr 119862] is animplication-typed property then 119860 denotes the antecedentotherwise 119866 is a sequence-typed property then 119860 is theprecondition) and 119872 is a system model Let 119875119860 and PM bethe polynomial set representations for 119860 and 119872 respectivelyconstructed by previous mentioned rules Let119867 = 119875119860 cup PM =
ℎ1 ℎ2 ℎ
119904 sube 119896[119909
1 119909
119899] 119868 = ⟨119867⟩ (where ⟨119867⟩ denotes
the ideal generated by119867) 1198881 1198882 119888
119903 denotes the polynomial
set representation for 119862 119866119861119867= 119892119887119886119904119894119904(119867 ≺) then one has
((1 notin 119866119861119867) and 119903119890119898119889 (119862 119866119861
119867) == 0)
hArr ((1 notin 119866119861119867) and ⋀119903
119894=0(119903119890119898119889 (119888
119894 119866119861119867) == 0))
hArr (119872 |= 119866)
Proof By Hilbertrsquos Nullstellensatz theory and previouslymentioned notions it is easy to have the conclusion
53 Checking Algorithm For a practical assertion checkingprocess it needs to build complicated syntax analysis treefor a given assertion and call the basic checking functions toperform checking For simplicity we only provide the coredecision algorithms and the basic process flow
Firstly the original circuit is sliced with respect to thegiven assertion119866 Polynomial representation for sliced circuitmodel antecedent and consequent will then be built respec-tively Finally we calculate the hypothesis set and itsGroebnerbases to determine whether the assertion holds or not
From the above discussion we have the process steps anddetailed algorithm description in Algorithm 1
An important advantage of our algorithm is that it onlyrequires a comparatively small amount of state variables toverify a given assertion due to slicing reduction
Input Circuit model C an assertion 119866 = [ArArr C]Output Boolean true or falseBEGIN
lowast Step 0 initialize input signals via testbench lowast(0) 119868119899119894119905119878119894119892119899119886119897119904(
997888rarr
1198830)
(1) S = 0M = 0 119875119878119860= 0119867 = 0 119875119878
119862= 0
lowast Step 1 build polynomial model lowast(2) M = 119861119906119894119897119889119875119878(S)
lowast Step 3 build polynomial set for antecedentAlowast(3) 119875119878A = 119861119906119894119897119889119875119878(A)
lowast Step 3 build polynomial set for consequentClowast(4) 119875119878C = 119861119906119894119897119889119875119878(C)
lowast Step 4 calculate the 119875119878A cupMlowast(5) 119867 = 119875119878A cupM
lowast Step 5 calculate the Groebner base of ⟨119867⟩ lowast(6) 119866119861
119867= 119892119887119886119904119894119904(119867 ≺)
lowast Step 6 calculate the Groebner base of ⟨119867⟩ lowast(7) if(1 isin 119866119861
119867)
(8) return false (9) if(119903119890119898119889(119875119878C 119866119861119867) = 0)(10) return false (11) return 119905119903119906119890 lowast Assertion does hold lowastEND
Algorithm 1 Assertion checking 119860119904119904119862ℎ119896 (C 119866)
From the above discussion we have the process steps anddetailed algorithm description in Algorithm 2
Firstly the original circuit is transformed into a normalpolynomial representation and the assertion as well ThencalculateGroebner bases using the Buchberger algorithm [19]and their elimination ideals Finally examine the relationbetween elimination ideals and determine whether the asser-tion holds or not
6 A Case Study
In this section we will study a case to show how PSL SEREproperties are verified by polynomial representation andalgebra computation
61 Circuit and PSL Modeling As an example considerthe 3-bit synchronous counter circuit C in Figure 3 whosepolynomial set can be constructed as follows In this circuitthere exists a design bug that ldquoANDrdquo gate is replaced by ldquoORrdquogate incorrectly Now let us show how to check this errorusing our symbolic algebraic method
119875119878119890119905counter
= (1199101 minus (1198981 + 1198984 minus 1198981 lowast 1198984) lowast (1 minus 1198981 lowast 1198984))
(1199102 minus (1198982 + 1198983 minus 1198982 lowast 1198983) lowast (1 minus 1198982 lowast 1198983))
(1 minus 1198983 minus 1199103) (1 minus 1198984 minus 1198983 lowast 1198982)
(11989811015840minus 1199101) (1198982
1015840minus 1199102) (1198983
1015840minus 1199103)
(9)
8 Journal of Applied Mathematics
Input Circuit model C a temporal assertion 119904 running cycles 119888119910119888119897119890119904Output Boolean true or falseBEGIN(1) 119894 = 0(2) 119904119908119894119905119888ℎ(119900119901119890119903119886119905119900119903(119904))
(3) case always (4) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(5) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(6) return false(7) 119894+ = 119889119890119901(119904)
(8) lowast end while lowast(9) case eventually(10) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(11) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(12) return true(13) 119894+ = 119889119890119901(119904)
(14) lowast end while lowast(15) lowast end case lowast(16) case never (17) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(18) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(19) return false(20) 119894+ = 119889119890119901(119904)
(21) lowast end while lowast(22) lowast end case lowast(23) deafult (24) 119903119890119905119906119903119899 119860119904119904119862ℎ119896(119862 119904 119894)(25) lowast end switch lowast(26)
END
Algorithm 2 Assertion checking 119879119890119898119901119900119903119886119897119860119904119904119862ℎ119896 (C 119904 119888119910119888119897119890119904)
where 11990911015840 denotes the next state of 1199091 For the ith cycle weuse 1199091
[119894]to denote variable name in current cycle
To illustrate the problem clearly we define polynomial setrepresentation PM[119894] for ith cycle as follows
PM [119894]
= (1199101[119894]minus(1198981
[119894]+1198984[119894]minus1198981[119894]lowast 119898) lowast (1 minus 1198981
[119894]lowast 1198984[119894]))
(1199102[119894]minus(1198982
[119894]+1198983[119894]minus1198982[119894]lowast 1198983) lowast (1minus1198982
[119894]lowast 1198983[119894]))
(1 minus 1198983[119894]minus 1199103[119894]) (1 minus 1198984
[119894]minus1198983[119894]lowast1198982[119894])
(1198981[119894+1]
minus1199101[119894]) (1198982
[119894+1]minus1199102[119894]) (1198983
[119894+1]minus1199103[119894])
(10)
Therefore we have PM = ⋃7
119894=0PM[119894]
For any boolean variable 119886 we will impose an extraconstraint 119886lowast119886minus119886Thus we should define the correspondingconstraints set as follows CNS[119894] = 119886
[119894]lowast119886[119894]minus119886[119894] for all bit-
level variables in the ith cycleIn the same manner we have CNS = ⋃7
119894=0CNS[119894]
The sequential properties of this counter circuit can bespecified by the following assertions
1198661= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867)
NOT
XOR
XOR
OR
AND
1198981
1198982
1198983
1198984
1199101
1199102
1199103
1198810
1198811
1198812
Figure 3 Synchronous counter
1198662= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867)1198663= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867) and the restmay be deduced by analogy
Journal of Applied Mathematics 9
Table 1 Polynomial representations for properties to be verified
No Precondition Expected consequent0 1198981
[0]1198982[0]1198983[0]
NACycle1 NA (1198981
[1] 1198982[1] 1198983[1]minus 1)
Cycle2 NA (1198981[2] 1198982[2]minus 11198983
[2])
Cycle3 NA (1198981[3] 1198982[3]minus 11198983
[3]minus 1)
Cycle4 NA (1198981[4]minus 11198982
[4] 1198983[4])
Cycle5 NA (1198981[5]minus 11198982
[5] 1198983[5]minus 1)
Cycle6 NA (1198981[6]minus 11198982
[6]minus 11198983
[6])
Cycle7 NA (1198981[7]minus 11198982
[7]minus 11198983
[7]minus 1)
Afterward we will demonstrate the verification processstep by step
Firstly we calculate the sequential depth and have
119889119890119901(1198661) = 2 119889119890119901(119866
2) = 2 and 119889119890119901(119866
2) = 2
Secondly to verify a given property hold or not we haveto build a system model with 8 cycles at most and check119889119890119901(119866
1) = 2 steps
The circuit model to be verified is below
SM = PM⋃CNS (11)
The properties of this counter can be specified as thefollowing PSL assertions listed in Table 1
62 Assertion Checking Using Maple We run this exampleby using Maple 13 software Before running we manuallytranslated all models into polynomials The experiment isperformed on a Computer with a 240GHz CPU (Intel i5M450) and 512MB of memory It took about 004 secondsand 081MB of memory to find this error when applyingGroebner method
[gtwith(Groebner)[gt CM = sdot sdot sdot lowast Circuit Model lowast[gt TDEG = 119905119889119890119892(
1198981[0] 1198982[0] 1198983[0] 1198984[0] 1198981[1] 1198982[1]
1198983[1] 1198984[1] 1198981[2] 1198982[2] 1198983[2] 1198984[2]
1199101[0] 1199101[1] 1199101[2] 1199102[0] 1199102[1] 1199102[2]
1199103[0] 1199103[1] 1199103[2])
[gt CGB = 119861119886119904119894119904(GTDEG)[gt 119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898(1198983
[0]minus 1CGBTDEG)
[gt 119903119890119905 = 0
As shown in maple outputs the given circuit has beenmodeled as polynomial set CM (its Groebner basis is denotedby CGB) and assertion representation as (1198983
[0]minus 1) From
the running result we have return value of 119873119900119903119898119886119897 119865119900119903119898is 0 which means CGB be divided with no remainder by(1198983[0]minus1) Thus from the previously mentioned verification
principles it is easy to conclude that the SERE assertion 1198661
holds under this circuit model after 1 cycle Other results areshown in Table 2
Table 2 Result table
Cycle no Polynomial ResultCycle1 1198981
[0] 1198982[0] 1198983[0]minus 1 119903119890119905 = 0
Cycle2 1198981[1] 1198982[1]minus 11198983
[1]119903119890119905 = 01198981
[1]fails
Cycle3 1198981[2] 1198982[2]minus 11198983
[2]minus 1 Stop
From Table 2 when checking 1198662assertion the result
119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898 (1198981[1]CGBTDEG) = 1 = 0 so that we
can conclude the assertion does not hold and theremust existsome error in the original circuitThis case is a fairly completeillustration of how our checking algorithm works
7 Conclusion
In this paper we presented a new method for constrainedSERE temporal assertions checking by combining symbolicsimulation with symbolic algebraic approaches We modi-fied the original PSL specification to adapt our verificationrequirements and rebuilt a new constrained class of booleanand temporal layer
We first introduce a notion of symbolic constant for datapath verification which can gain great state coverage forsimulation based verification This method allows users todeal with more than one state and many input combinationsat a time This advantage comes directly from the fact thatmany vectors are simulated at once using symbolic value
We then defined a constrained simple subset of SEREand proposed an practical algebraization method for eachtemporal operator For sequential circuits verification weintroduce a parameterized polynomial set modeling methodbased on time frame expansion
Our approach is based on polynomial models construc-tion for both circuits and assertions In other words symbolicsimulation is performed on data-flow model and its unrolledform in polynomial representation Our method is to even-tually translate a simulation based verification problem into apure algebraic zero set determination problem by previouslymentioned steps which can be performed on any generalsymbolic algebraic tool An experimental evaluation usingmaple has shown that the method is extremely efficient anduseful
Furthermore we can summarize the advantages of ourchecking method as follows
(1) from the real case we see that SERE properties verifi-cation can be achieved easier using symbolic algebraicthan traditional method Complex test bench or testvector is not essential for this approach
(2) this advantage comes directly from the fact that manyvectors are simulated at once using symbolic value
(3) for assertion property verification an efficient slicingreduction technique can be applied to gain perfor-mance improvement
Basically our method can be taken as a useful theoreticalinsight for verification methodology
Finally we plan to explore further tradeoffs and combinenumeric computation with symbolic simulation for boosting
10 Journal of Applied Mathematics
performance in particular and to apply this method to moreindustrial case studies
Acknowledgments
The project is supported by the National Natural Sci-ence Foundation of China under Grant no 60973147 theNatural Science Foundation of Guangxi under Grant no2011GXNSFA018154 the Science and Technology Foundationof Guangxi under Grant no 10169-1 Guangxi ScientificResearch Project no 201012MS274 andGrants (HCIC201102)of Guangxi Key Laboratory of Hybrid Computation andIC Design Analysis Open Fund The authors would like tothank their colleagues for participating in the research Theyalso appreciate the anonymous reviewers for their helpfulcomments
References
[1] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2005 2005
[2] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[3] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2010 2010 Revision of IEEE Std 1850-2005
[4] T Tuerk K Schneider and M Gordon ldquoModel checking PSLusing HOL and SMVrdquo in Proceedings of the 2nd InternationalHaifa Verification Conference on Hardware and Software Verifi-cation and Testing (HVC rsquo06) E Bin A Ziv and S Ur Eds pp1ndash15 Springer Berlin Germany 2006
[5] T Launiainen K Heljanko and T Junttila ldquoEfficient modelchecking of PSL safety propertiesrdquo IET Computers amp DigitalTechniques vol 5 no 6 pp 479ndash492 2011
[6] A Pnueli and A Zaks ldquoPSL model checking and run-timeverification via testersrdquo in Proceedings of the 14th internationalconference on Formal Methods (FM rsquo06) pp 573ndash586 2006
[7] L Darringer ldquoApplication of program verification techniquesto hardware verificationrdquo in Proceedings of IEEE-ACM DesignAutomation Conference pp 375ndash381 1979
[8] G S Avrunin ldquoSymbolic model checking using algebraicgeometryrdquo in Proceedings of the 8th International Conference onComputer Aided Verification (CAV rsquo96) pp 26ndash37 1996
[9] W Mao and J Wu ldquoApplication of Wursquos method to symbolicmodel checkingrdquo in Proceedings of the International Symposiumon Symbolic and Algebraic Computation (ISSAC rsquo05) pp 237ndash244 July 2005
[10] J Wu and L Zhao ldquoMulti-valued model checking via groebnerbasis approachrdquo in Proceedings of the 1st Joint IEEEIFIP Sympo-sium on Theoretical Aspects of Software Engineering (TASE rsquo07)pp 35ndash44 June 2007
[11] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[12] J Smith and G De Micheli ldquoPolynomial methods for compo-nent matching and verificationrdquo in Proceedings of IEEEACMInternational Conference on Computer-Aided Design (ICCADrsquo98) pp 678ndash685 November 1998
[13] Y M Ryabukhin ldquoBoolean ringrdquo in Encyclopaedia of Mathe-matics M Hazewinkel Ed Springer 2001
[14] C J H Seger and R E Bryant ldquoFormal verification by symbolicevaluation of partially-ordered trajectoriesrdquo Formal Methods inSystem Design vol 6 no 2 pp 147ndash189 1995
[15] K H Chang W T Tu Y J Yeh and S Y Kuo ldquoA simulation-based temporal assertion checker for pslrdquo in Proceedings ofIEEE International Symposium onMicro-NanoMechatronics andHuman Science pp 1528ndash1531 2003
[16] D Cox and D OrsquoShea Ideals Varieties and AlgorithmsSpringer New York NY USA 1992
[17] T Becker and V Weispfenning Groebner Bases A Computa-tional Approach to Commutative Algebra vol 141 Springer NewYork NY USA 1993
[18] B Buchberger ldquoGroebner bases an algorithmic method inpolynomial ideal theoryrdquo in Multidimensional Systems Theorypp 184ndash232 Reidel 1985
[19] D Cox J Little and D OrsquoShea Eds Ideals Varieties and Algo-rithms An Introduction to Computational Algebraic Geometryand Commutative Algebra Undergraduate Texts in Mathemat-ics Springer 3rd edition 2007
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
6 Journal of Applied Mathematics
Assertion proposition logic (AL) for PSL is defined asstandard Boolean logic A Boolean expression of AL is anexpression that is evaluated in a single cycle and has the value119905119903119906119890 or 119891119886119897119904119890 Boolean connectives for AL are interpreted inthe standard
For example assertion (119886[15 0] == 119887[15 0]) given inthe Verilog flavor of PSL is a valid Boolean expression whichmeans 119886[15 0] and 119887[15 0] are equal
The state of a signal variable can be viewed as a zero of aset of polynomials We have the following
(1) For any signal 119909 holds at a given time step 119894 thus thestate of 119909 == 1 (119909 is active-high at cycle 119894) can berepresented by polynomial 119909
[119894]minus 1
(2) Alternatively the state of 119909 == 0 (119909 is active-low atcycle 119894 ) can be represented by polynomial 119909
[119894]
(3) Symbolically the state of 119909 == 119867 (119909 is active-high119867at the ith cycle) can be modeled as 119909
[119894]minus 119867
5 Algorithm Framework
In this section we will describe how an assertion is checkedusing Groebner basis approach
As we all know in traditional numeric simulation [15]PSL assertion checking process can be described as followsFirstly the design file with PSL codes is compiled into localexecutable binary code via simulation tools (such as Ques-taSim or ModelSim) The designer then provides a testbenchfile to set input values running cycles and other parametersFinally the designer performs simulation by starting ldquorunrdquocommand to produce traces for assertion checking
Firstly wewill sketch some of the key notions ofGroebnerbases theory [16 17] and symbolic computation
51 Groebner Bases Preliminary We begin by listing somegeneral facts and establishing notations
Let 119896 be an algebraically closed field and let 119896[1199091 119909
119899]
be the polynomial ring in variables 1199091 1199092 119909
119899with coeffi-
cient in 119896 under addition and multiplication of polynomialHere let 119868 sube 119896[119909
1 119909
119899] be an ideal As we all know the
following theorem holds
Theorem 8 (Hilbert basis theorem) Every ideal 119868 sub
119896[1199091 119909
119899] has a finite generating set That is 119868 = ⟨119892
1
119892119905⟩ for some 119892
1 119892
119905isin 119868
Then by the Hilbert basis theorem there exist finitelymany polynomials 119891
1 119891
119898such that 119868 = ⟨119891
1 119891
119898⟩ A
polynomial 119891 sube 119896[1199091 119909
119899] defines a map 119891 119896119899 rarr 119896 via
evaluation (1198861 119886
119899) 997891rarr 119891(119886
1 119886
119899)
The set 119881(119868) = 119886 isin 119896119899 | forall119891 isin 119868 119891(119886) = 0 sube 119896119899 is calledthe variety associated with 119868
If 1198811= 119881(119868
1) and 119881
2= 119881(119868
2) are the varieties defined
by ideals 1198681and 1198682 then we have 119881
1cap 1198812= 119881(⟨119868
1 1198682⟩) and
1198811cup1198812= 119881(119868
1times1198682) where 119868
1times1198682= ⟨11989111198912| 1198911isin 1198681 1198912isin 1198682⟩ If
1198681= ⟨1198911 119891
119903⟩ and 119868
2= ⟨ℎ1 ℎ
119904⟩ then 119868
1times1198682= ⟨119891119894times119892119895|
1 le 119894 le 119903 1 le 119895 le 119904⟩Any set of points in 119896119899 can be regarded as the variety
of some ideal Note that there will be more than one ideal
defining a given variety For example the ideals ⟨1199090⟩ and
⟨1199090 11990911199090minus 1⟩ both define the variety 119881(119909
0) In order to
perform verification we need to be able to determine whentwo ideals represent the same set of points That is to say weneed a canonical representation for any ideal Groebner basescan be used for this purpose
Definition 9 (Groebner basis) Fix a monomial order A finitesubset 119866 = 119892
1 119892
119905 of an ideal 119868 is said to be a Groebner
basis (or standard basis) if ⟨119871119879(1198921) 119871119879(119892
119905)⟩ = ⟨119871119879(119868)⟩
Equivalently but more informally a set 1198921 119892
119905 sub 119868
is a Groebner basis of 119868 if and only if the leading term of anyelement of 119868 is divisible by one of the 119871119879(119892
119894)
In work [18] Buchberger provided an algorithm for con-structing a Groebner basis for a given ideal This algorithmcan also be used to determine whether a polynomial belongsto a given ideal
A reduced Groebner basis 119866 is a Groebner basis wherethe leading coefficients of polynomials in 119866 are all 1 and nomonomial of an element of119866 lies in the ideal generated by theleading terms of other elements of 119866 forall119892 isin 119866 no monomialof 119892 is in ⟨119871119879(119866 minus 119892)⟩
The important result is that for a fixed monomial order-ing any nonzero ideal has a unique reduced Groebner basisThe algorithm for finding a Groebner basis can easily beextended to output its reduced Groebner basis Thus we willhave a canonical symbolic representation for any ideal
Theorem 10 (the elimination theorem) Let 119868 sub 119896[1199091 119909
119899]
be an ideal and let 119866 be a Groebner basis of 119868 with respect tolex order where 119909
1≻ 1199092≻ sdot sdot sdot ≻ 119909
119899 Then for every 0 le 119897 le 119899
the set
119866119897= 119866 cap 119896 [119909
119897+1 119909
119899] (8)
is a Groebner basis of the lth elimination ideal 119868119897
Theorem 11 Let 119866 be a Groebner basis for an ideal 119868 sub
119896[1199091 119909
119899] and let 119891 isin 119896[119909
1 119909
119899] Then 119891 isin 119868 if and
only if the remainder on division of 119891 by 119866 is zero denoted by119903119890119898119889(119891 119866) = 0
The property given in Theorem 11 can also be taken asthe definition of a Groebner basis Then we will get anefficient algorithm for solving the idealmembership problemAssumed that we know a Groebner basis 119866 for the ideal inquestion we only need to compute a remainder with respectto 119866 to determine whether 119891 isin 119868
52 Verification Principle Based Theorem Proving As justmentioned in previous section our checking method isbased on algebraic geometry theory Algebraic geometry isthe study of the geometric objects arising as the commonzeros of collections of polynomials Our aim is to findpolynomials whose zeros correspond to system states inwhich the appropriate assignments are made
In our method we regard any set of points in 119896119899 as thevariety of some ideal We can use the ideal or any basis forthe ideal as a way of encoding the set of statesThe verification
Journal of Applied Mathematics 7
problem is then transformed into ideal membership problemthat can be solved by computation algorithms
From Groebner Bases theory [16 18] every nonzero ideal119868 sub 119896[119909
1 119909
119899] has a Groebner basis and the following
proposition evidently holds
Proposition 12 Let 119862 and 119878 be polynomial sets of119896[1199091 119909
119899] and ⟨119866119878⟩ is a Groebner basis for ⟨119878⟩ then
one has ⟨119862⟩ sube ⟨119878⟩ hArr forall119888 isin 119862 119903119890119898119889(119888 119866119878) = 0
All supported SEREs properties can be classified into twocategories
(1) Implication-typed Properties of this type have anexplicit antecedent that can be taken as an initialprecondition If the precondition is conflict withthe system model this property will be viewed asfalse Otherwise further checking process will beperformed
(2) Sequence-typed Properties of this type have noexplicit antecedent and therefore an initial conditionshould be provided by the testbench If the pre-condition is in conflict with the system model thissequence property will also be viewed as false Oth-erwise further checking process will be performed
Theorem 13 Suppose that 119866 (If 119866 = [119860 rArr 119862] is animplication-typed property then 119860 denotes the antecedentotherwise 119866 is a sequence-typed property then 119860 is theprecondition) and 119872 is a system model Let 119875119860 and PM bethe polynomial set representations for 119860 and 119872 respectivelyconstructed by previous mentioned rules Let119867 = 119875119860 cup PM =
ℎ1 ℎ2 ℎ
119904 sube 119896[119909
1 119909
119899] 119868 = ⟨119867⟩ (where ⟨119867⟩ denotes
the ideal generated by119867) 1198881 1198882 119888
119903 denotes the polynomial
set representation for 119862 119866119861119867= 119892119887119886119904119894119904(119867 ≺) then one has
((1 notin 119866119861119867) and 119903119890119898119889 (119862 119866119861
119867) == 0)
hArr ((1 notin 119866119861119867) and ⋀119903
119894=0(119903119890119898119889 (119888
119894 119866119861119867) == 0))
hArr (119872 |= 119866)
Proof By Hilbertrsquos Nullstellensatz theory and previouslymentioned notions it is easy to have the conclusion
53 Checking Algorithm For a practical assertion checkingprocess it needs to build complicated syntax analysis treefor a given assertion and call the basic checking functions toperform checking For simplicity we only provide the coredecision algorithms and the basic process flow
Firstly the original circuit is sliced with respect to thegiven assertion119866 Polynomial representation for sliced circuitmodel antecedent and consequent will then be built respec-tively Finally we calculate the hypothesis set and itsGroebnerbases to determine whether the assertion holds or not
From the above discussion we have the process steps anddetailed algorithm description in Algorithm 1
An important advantage of our algorithm is that it onlyrequires a comparatively small amount of state variables toverify a given assertion due to slicing reduction
Input Circuit model C an assertion 119866 = [ArArr C]Output Boolean true or falseBEGIN
lowast Step 0 initialize input signals via testbench lowast(0) 119868119899119894119905119878119894119892119899119886119897119904(
997888rarr
1198830)
(1) S = 0M = 0 119875119878119860= 0119867 = 0 119875119878
119862= 0
lowast Step 1 build polynomial model lowast(2) M = 119861119906119894119897119889119875119878(S)
lowast Step 3 build polynomial set for antecedentAlowast(3) 119875119878A = 119861119906119894119897119889119875119878(A)
lowast Step 3 build polynomial set for consequentClowast(4) 119875119878C = 119861119906119894119897119889119875119878(C)
lowast Step 4 calculate the 119875119878A cupMlowast(5) 119867 = 119875119878A cupM
lowast Step 5 calculate the Groebner base of ⟨119867⟩ lowast(6) 119866119861
119867= 119892119887119886119904119894119904(119867 ≺)
lowast Step 6 calculate the Groebner base of ⟨119867⟩ lowast(7) if(1 isin 119866119861
119867)
(8) return false (9) if(119903119890119898119889(119875119878C 119866119861119867) = 0)(10) return false (11) return 119905119903119906119890 lowast Assertion does hold lowastEND
Algorithm 1 Assertion checking 119860119904119904119862ℎ119896 (C 119866)
From the above discussion we have the process steps anddetailed algorithm description in Algorithm 2
Firstly the original circuit is transformed into a normalpolynomial representation and the assertion as well ThencalculateGroebner bases using the Buchberger algorithm [19]and their elimination ideals Finally examine the relationbetween elimination ideals and determine whether the asser-tion holds or not
6 A Case Study
In this section we will study a case to show how PSL SEREproperties are verified by polynomial representation andalgebra computation
61 Circuit and PSL Modeling As an example considerthe 3-bit synchronous counter circuit C in Figure 3 whosepolynomial set can be constructed as follows In this circuitthere exists a design bug that ldquoANDrdquo gate is replaced by ldquoORrdquogate incorrectly Now let us show how to check this errorusing our symbolic algebraic method
119875119878119890119905counter
= (1199101 minus (1198981 + 1198984 minus 1198981 lowast 1198984) lowast (1 minus 1198981 lowast 1198984))
(1199102 minus (1198982 + 1198983 minus 1198982 lowast 1198983) lowast (1 minus 1198982 lowast 1198983))
(1 minus 1198983 minus 1199103) (1 minus 1198984 minus 1198983 lowast 1198982)
(11989811015840minus 1199101) (1198982
1015840minus 1199102) (1198983
1015840minus 1199103)
(9)
8 Journal of Applied Mathematics
Input Circuit model C a temporal assertion 119904 running cycles 119888119910119888119897119890119904Output Boolean true or falseBEGIN(1) 119894 = 0(2) 119904119908119894119905119888ℎ(119900119901119890119903119886119905119900119903(119904))
(3) case always (4) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(5) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(6) return false(7) 119894+ = 119889119890119901(119904)
(8) lowast end while lowast(9) case eventually(10) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(11) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(12) return true(13) 119894+ = 119889119890119901(119904)
(14) lowast end while lowast(15) lowast end case lowast(16) case never (17) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(18) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(19) return false(20) 119894+ = 119889119890119901(119904)
(21) lowast end while lowast(22) lowast end case lowast(23) deafult (24) 119903119890119905119906119903119899 119860119904119904119862ℎ119896(119862 119904 119894)(25) lowast end switch lowast(26)
END
Algorithm 2 Assertion checking 119879119890119898119901119900119903119886119897119860119904119904119862ℎ119896 (C 119904 119888119910119888119897119890119904)
where 11990911015840 denotes the next state of 1199091 For the ith cycle weuse 1199091
[119894]to denote variable name in current cycle
To illustrate the problem clearly we define polynomial setrepresentation PM[119894] for ith cycle as follows
PM [119894]
= (1199101[119894]minus(1198981
[119894]+1198984[119894]minus1198981[119894]lowast 119898) lowast (1 minus 1198981
[119894]lowast 1198984[119894]))
(1199102[119894]minus(1198982
[119894]+1198983[119894]minus1198982[119894]lowast 1198983) lowast (1minus1198982
[119894]lowast 1198983[119894]))
(1 minus 1198983[119894]minus 1199103[119894]) (1 minus 1198984
[119894]minus1198983[119894]lowast1198982[119894])
(1198981[119894+1]
minus1199101[119894]) (1198982
[119894+1]minus1199102[119894]) (1198983
[119894+1]minus1199103[119894])
(10)
Therefore we have PM = ⋃7
119894=0PM[119894]
For any boolean variable 119886 we will impose an extraconstraint 119886lowast119886minus119886Thus we should define the correspondingconstraints set as follows CNS[119894] = 119886
[119894]lowast119886[119894]minus119886[119894] for all bit-
level variables in the ith cycleIn the same manner we have CNS = ⋃7
119894=0CNS[119894]
The sequential properties of this counter circuit can bespecified by the following assertions
1198661= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867)
NOT
XOR
XOR
OR
AND
1198981
1198982
1198983
1198984
1199101
1199102
1199103
1198810
1198811
1198812
Figure 3 Synchronous counter
1198662= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867)1198663= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867) and the restmay be deduced by analogy
Journal of Applied Mathematics 9
Table 1 Polynomial representations for properties to be verified
No Precondition Expected consequent0 1198981
[0]1198982[0]1198983[0]
NACycle1 NA (1198981
[1] 1198982[1] 1198983[1]minus 1)
Cycle2 NA (1198981[2] 1198982[2]minus 11198983
[2])
Cycle3 NA (1198981[3] 1198982[3]minus 11198983
[3]minus 1)
Cycle4 NA (1198981[4]minus 11198982
[4] 1198983[4])
Cycle5 NA (1198981[5]minus 11198982
[5] 1198983[5]minus 1)
Cycle6 NA (1198981[6]minus 11198982
[6]minus 11198983
[6])
Cycle7 NA (1198981[7]minus 11198982
[7]minus 11198983
[7]minus 1)
Afterward we will demonstrate the verification processstep by step
Firstly we calculate the sequential depth and have
119889119890119901(1198661) = 2 119889119890119901(119866
2) = 2 and 119889119890119901(119866
2) = 2
Secondly to verify a given property hold or not we haveto build a system model with 8 cycles at most and check119889119890119901(119866
1) = 2 steps
The circuit model to be verified is below
SM = PM⋃CNS (11)
The properties of this counter can be specified as thefollowing PSL assertions listed in Table 1
62 Assertion Checking Using Maple We run this exampleby using Maple 13 software Before running we manuallytranslated all models into polynomials The experiment isperformed on a Computer with a 240GHz CPU (Intel i5M450) and 512MB of memory It took about 004 secondsand 081MB of memory to find this error when applyingGroebner method
[gtwith(Groebner)[gt CM = sdot sdot sdot lowast Circuit Model lowast[gt TDEG = 119905119889119890119892(
1198981[0] 1198982[0] 1198983[0] 1198984[0] 1198981[1] 1198982[1]
1198983[1] 1198984[1] 1198981[2] 1198982[2] 1198983[2] 1198984[2]
1199101[0] 1199101[1] 1199101[2] 1199102[0] 1199102[1] 1199102[2]
1199103[0] 1199103[1] 1199103[2])
[gt CGB = 119861119886119904119894119904(GTDEG)[gt 119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898(1198983
[0]minus 1CGBTDEG)
[gt 119903119890119905 = 0
As shown in maple outputs the given circuit has beenmodeled as polynomial set CM (its Groebner basis is denotedby CGB) and assertion representation as (1198983
[0]minus 1) From
the running result we have return value of 119873119900119903119898119886119897 119865119900119903119898is 0 which means CGB be divided with no remainder by(1198983[0]minus1) Thus from the previously mentioned verification
principles it is easy to conclude that the SERE assertion 1198661
holds under this circuit model after 1 cycle Other results areshown in Table 2
Table 2 Result table
Cycle no Polynomial ResultCycle1 1198981
[0] 1198982[0] 1198983[0]minus 1 119903119890119905 = 0
Cycle2 1198981[1] 1198982[1]minus 11198983
[1]119903119890119905 = 01198981
[1]fails
Cycle3 1198981[2] 1198982[2]minus 11198983
[2]minus 1 Stop
From Table 2 when checking 1198662assertion the result
119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898 (1198981[1]CGBTDEG) = 1 = 0 so that we
can conclude the assertion does not hold and theremust existsome error in the original circuitThis case is a fairly completeillustration of how our checking algorithm works
7 Conclusion
In this paper we presented a new method for constrainedSERE temporal assertions checking by combining symbolicsimulation with symbolic algebraic approaches We modi-fied the original PSL specification to adapt our verificationrequirements and rebuilt a new constrained class of booleanand temporal layer
We first introduce a notion of symbolic constant for datapath verification which can gain great state coverage forsimulation based verification This method allows users todeal with more than one state and many input combinationsat a time This advantage comes directly from the fact thatmany vectors are simulated at once using symbolic value
We then defined a constrained simple subset of SEREand proposed an practical algebraization method for eachtemporal operator For sequential circuits verification weintroduce a parameterized polynomial set modeling methodbased on time frame expansion
Our approach is based on polynomial models construc-tion for both circuits and assertions In other words symbolicsimulation is performed on data-flow model and its unrolledform in polynomial representation Our method is to even-tually translate a simulation based verification problem into apure algebraic zero set determination problem by previouslymentioned steps which can be performed on any generalsymbolic algebraic tool An experimental evaluation usingmaple has shown that the method is extremely efficient anduseful
Furthermore we can summarize the advantages of ourchecking method as follows
(1) from the real case we see that SERE properties verifi-cation can be achieved easier using symbolic algebraicthan traditional method Complex test bench or testvector is not essential for this approach
(2) this advantage comes directly from the fact that manyvectors are simulated at once using symbolic value
(3) for assertion property verification an efficient slicingreduction technique can be applied to gain perfor-mance improvement
Basically our method can be taken as a useful theoreticalinsight for verification methodology
Finally we plan to explore further tradeoffs and combinenumeric computation with symbolic simulation for boosting
10 Journal of Applied Mathematics
performance in particular and to apply this method to moreindustrial case studies
Acknowledgments
The project is supported by the National Natural Sci-ence Foundation of China under Grant no 60973147 theNatural Science Foundation of Guangxi under Grant no2011GXNSFA018154 the Science and Technology Foundationof Guangxi under Grant no 10169-1 Guangxi ScientificResearch Project no 201012MS274 andGrants (HCIC201102)of Guangxi Key Laboratory of Hybrid Computation andIC Design Analysis Open Fund The authors would like tothank their colleagues for participating in the research Theyalso appreciate the anonymous reviewers for their helpfulcomments
References
[1] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2005 2005
[2] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[3] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2010 2010 Revision of IEEE Std 1850-2005
[4] T Tuerk K Schneider and M Gordon ldquoModel checking PSLusing HOL and SMVrdquo in Proceedings of the 2nd InternationalHaifa Verification Conference on Hardware and Software Verifi-cation and Testing (HVC rsquo06) E Bin A Ziv and S Ur Eds pp1ndash15 Springer Berlin Germany 2006
[5] T Launiainen K Heljanko and T Junttila ldquoEfficient modelchecking of PSL safety propertiesrdquo IET Computers amp DigitalTechniques vol 5 no 6 pp 479ndash492 2011
[6] A Pnueli and A Zaks ldquoPSL model checking and run-timeverification via testersrdquo in Proceedings of the 14th internationalconference on Formal Methods (FM rsquo06) pp 573ndash586 2006
[7] L Darringer ldquoApplication of program verification techniquesto hardware verificationrdquo in Proceedings of IEEE-ACM DesignAutomation Conference pp 375ndash381 1979
[8] G S Avrunin ldquoSymbolic model checking using algebraicgeometryrdquo in Proceedings of the 8th International Conference onComputer Aided Verification (CAV rsquo96) pp 26ndash37 1996
[9] W Mao and J Wu ldquoApplication of Wursquos method to symbolicmodel checkingrdquo in Proceedings of the International Symposiumon Symbolic and Algebraic Computation (ISSAC rsquo05) pp 237ndash244 July 2005
[10] J Wu and L Zhao ldquoMulti-valued model checking via groebnerbasis approachrdquo in Proceedings of the 1st Joint IEEEIFIP Sympo-sium on Theoretical Aspects of Software Engineering (TASE rsquo07)pp 35ndash44 June 2007
[11] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[12] J Smith and G De Micheli ldquoPolynomial methods for compo-nent matching and verificationrdquo in Proceedings of IEEEACMInternational Conference on Computer-Aided Design (ICCADrsquo98) pp 678ndash685 November 1998
[13] Y M Ryabukhin ldquoBoolean ringrdquo in Encyclopaedia of Mathe-matics M Hazewinkel Ed Springer 2001
[14] C J H Seger and R E Bryant ldquoFormal verification by symbolicevaluation of partially-ordered trajectoriesrdquo Formal Methods inSystem Design vol 6 no 2 pp 147ndash189 1995
[15] K H Chang W T Tu Y J Yeh and S Y Kuo ldquoA simulation-based temporal assertion checker for pslrdquo in Proceedings ofIEEE International Symposium onMicro-NanoMechatronics andHuman Science pp 1528ndash1531 2003
[16] D Cox and D OrsquoShea Ideals Varieties and AlgorithmsSpringer New York NY USA 1992
[17] T Becker and V Weispfenning Groebner Bases A Computa-tional Approach to Commutative Algebra vol 141 Springer NewYork NY USA 1993
[18] B Buchberger ldquoGroebner bases an algorithmic method inpolynomial ideal theoryrdquo in Multidimensional Systems Theorypp 184ndash232 Reidel 1985
[19] D Cox J Little and D OrsquoShea Eds Ideals Varieties and Algo-rithms An Introduction to Computational Algebraic Geometryand Commutative Algebra Undergraduate Texts in Mathemat-ics Springer 3rd edition 2007
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Journal of Applied Mathematics 7
problem is then transformed into ideal membership problemthat can be solved by computation algorithms
From Groebner Bases theory [16 18] every nonzero ideal119868 sub 119896[119909
1 119909
119899] has a Groebner basis and the following
proposition evidently holds
Proposition 12 Let 119862 and 119878 be polynomial sets of119896[1199091 119909
119899] and ⟨119866119878⟩ is a Groebner basis for ⟨119878⟩ then
one has ⟨119862⟩ sube ⟨119878⟩ hArr forall119888 isin 119862 119903119890119898119889(119888 119866119878) = 0
All supported SEREs properties can be classified into twocategories
(1) Implication-typed Properties of this type have anexplicit antecedent that can be taken as an initialprecondition If the precondition is conflict withthe system model this property will be viewed asfalse Otherwise further checking process will beperformed
(2) Sequence-typed Properties of this type have noexplicit antecedent and therefore an initial conditionshould be provided by the testbench If the pre-condition is in conflict with the system model thissequence property will also be viewed as false Oth-erwise further checking process will be performed
Theorem 13 Suppose that 119866 (If 119866 = [119860 rArr 119862] is animplication-typed property then 119860 denotes the antecedentotherwise 119866 is a sequence-typed property then 119860 is theprecondition) and 119872 is a system model Let 119875119860 and PM bethe polynomial set representations for 119860 and 119872 respectivelyconstructed by previous mentioned rules Let119867 = 119875119860 cup PM =
ℎ1 ℎ2 ℎ
119904 sube 119896[119909
1 119909
119899] 119868 = ⟨119867⟩ (where ⟨119867⟩ denotes
the ideal generated by119867) 1198881 1198882 119888
119903 denotes the polynomial
set representation for 119862 119866119861119867= 119892119887119886119904119894119904(119867 ≺) then one has
((1 notin 119866119861119867) and 119903119890119898119889 (119862 119866119861
119867) == 0)
hArr ((1 notin 119866119861119867) and ⋀119903
119894=0(119903119890119898119889 (119888
119894 119866119861119867) == 0))
hArr (119872 |= 119866)
Proof By Hilbertrsquos Nullstellensatz theory and previouslymentioned notions it is easy to have the conclusion
53 Checking Algorithm For a practical assertion checkingprocess it needs to build complicated syntax analysis treefor a given assertion and call the basic checking functions toperform checking For simplicity we only provide the coredecision algorithms and the basic process flow
Firstly the original circuit is sliced with respect to thegiven assertion119866 Polynomial representation for sliced circuitmodel antecedent and consequent will then be built respec-tively Finally we calculate the hypothesis set and itsGroebnerbases to determine whether the assertion holds or not
From the above discussion we have the process steps anddetailed algorithm description in Algorithm 1
An important advantage of our algorithm is that it onlyrequires a comparatively small amount of state variables toverify a given assertion due to slicing reduction
Input Circuit model C an assertion 119866 = [ArArr C]Output Boolean true or falseBEGIN
lowast Step 0 initialize input signals via testbench lowast(0) 119868119899119894119905119878119894119892119899119886119897119904(
997888rarr
1198830)
(1) S = 0M = 0 119875119878119860= 0119867 = 0 119875119878
119862= 0
lowast Step 1 build polynomial model lowast(2) M = 119861119906119894119897119889119875119878(S)
lowast Step 3 build polynomial set for antecedentAlowast(3) 119875119878A = 119861119906119894119897119889119875119878(A)
lowast Step 3 build polynomial set for consequentClowast(4) 119875119878C = 119861119906119894119897119889119875119878(C)
lowast Step 4 calculate the 119875119878A cupMlowast(5) 119867 = 119875119878A cupM
lowast Step 5 calculate the Groebner base of ⟨119867⟩ lowast(6) 119866119861
119867= 119892119887119886119904119894119904(119867 ≺)
lowast Step 6 calculate the Groebner base of ⟨119867⟩ lowast(7) if(1 isin 119866119861
119867)
(8) return false (9) if(119903119890119898119889(119875119878C 119866119861119867) = 0)(10) return false (11) return 119905119903119906119890 lowast Assertion does hold lowastEND
Algorithm 1 Assertion checking 119860119904119904119862ℎ119896 (C 119866)
From the above discussion we have the process steps anddetailed algorithm description in Algorithm 2
Firstly the original circuit is transformed into a normalpolynomial representation and the assertion as well ThencalculateGroebner bases using the Buchberger algorithm [19]and their elimination ideals Finally examine the relationbetween elimination ideals and determine whether the asser-tion holds or not
6 A Case Study
In this section we will study a case to show how PSL SEREproperties are verified by polynomial representation andalgebra computation
61 Circuit and PSL Modeling As an example considerthe 3-bit synchronous counter circuit C in Figure 3 whosepolynomial set can be constructed as follows In this circuitthere exists a design bug that ldquoANDrdquo gate is replaced by ldquoORrdquogate incorrectly Now let us show how to check this errorusing our symbolic algebraic method
119875119878119890119905counter
= (1199101 minus (1198981 + 1198984 minus 1198981 lowast 1198984) lowast (1 minus 1198981 lowast 1198984))
(1199102 minus (1198982 + 1198983 minus 1198982 lowast 1198983) lowast (1 minus 1198982 lowast 1198983))
(1 minus 1198983 minus 1199103) (1 minus 1198984 minus 1198983 lowast 1198982)
(11989811015840minus 1199101) (1198982
1015840minus 1199102) (1198983
1015840minus 1199103)
(9)
8 Journal of Applied Mathematics
Input Circuit model C a temporal assertion 119904 running cycles 119888119910119888119897119890119904Output Boolean true or falseBEGIN(1) 119894 = 0(2) 119904119908119894119905119888ℎ(119900119901119890119903119886119905119900119903(119904))
(3) case always (4) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(5) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(6) return false(7) 119894+ = 119889119890119901(119904)
(8) lowast end while lowast(9) case eventually(10) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(11) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(12) return true(13) 119894+ = 119889119890119901(119904)
(14) lowast end while lowast(15) lowast end case lowast(16) case never (17) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(18) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(19) return false(20) 119894+ = 119889119890119901(119904)
(21) lowast end while lowast(22) lowast end case lowast(23) deafult (24) 119903119890119905119906119903119899 119860119904119904119862ℎ119896(119862 119904 119894)(25) lowast end switch lowast(26)
END
Algorithm 2 Assertion checking 119879119890119898119901119900119903119886119897119860119904119904119862ℎ119896 (C 119904 119888119910119888119897119890119904)
where 11990911015840 denotes the next state of 1199091 For the ith cycle weuse 1199091
[119894]to denote variable name in current cycle
To illustrate the problem clearly we define polynomial setrepresentation PM[119894] for ith cycle as follows
PM [119894]
= (1199101[119894]minus(1198981
[119894]+1198984[119894]minus1198981[119894]lowast 119898) lowast (1 minus 1198981
[119894]lowast 1198984[119894]))
(1199102[119894]minus(1198982
[119894]+1198983[119894]minus1198982[119894]lowast 1198983) lowast (1minus1198982
[119894]lowast 1198983[119894]))
(1 minus 1198983[119894]minus 1199103[119894]) (1 minus 1198984
[119894]minus1198983[119894]lowast1198982[119894])
(1198981[119894+1]
minus1199101[119894]) (1198982
[119894+1]minus1199102[119894]) (1198983
[119894+1]minus1199103[119894])
(10)
Therefore we have PM = ⋃7
119894=0PM[119894]
For any boolean variable 119886 we will impose an extraconstraint 119886lowast119886minus119886Thus we should define the correspondingconstraints set as follows CNS[119894] = 119886
[119894]lowast119886[119894]minus119886[119894] for all bit-
level variables in the ith cycleIn the same manner we have CNS = ⋃7
119894=0CNS[119894]
The sequential properties of this counter circuit can bespecified by the following assertions
1198661= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867)
NOT
XOR
XOR
OR
AND
1198981
1198982
1198983
1198984
1199101
1199102
1199103
1198810
1198811
1198812
Figure 3 Synchronous counter
1198662= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867)1198663= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867) and the restmay be deduced by analogy
Journal of Applied Mathematics 9
Table 1 Polynomial representations for properties to be verified
No Precondition Expected consequent0 1198981
[0]1198982[0]1198983[0]
NACycle1 NA (1198981
[1] 1198982[1] 1198983[1]minus 1)
Cycle2 NA (1198981[2] 1198982[2]minus 11198983
[2])
Cycle3 NA (1198981[3] 1198982[3]minus 11198983
[3]minus 1)
Cycle4 NA (1198981[4]minus 11198982
[4] 1198983[4])
Cycle5 NA (1198981[5]minus 11198982
[5] 1198983[5]minus 1)
Cycle6 NA (1198981[6]minus 11198982
[6]minus 11198983
[6])
Cycle7 NA (1198981[7]minus 11198982
[7]minus 11198983
[7]minus 1)
Afterward we will demonstrate the verification processstep by step
Firstly we calculate the sequential depth and have
119889119890119901(1198661) = 2 119889119890119901(119866
2) = 2 and 119889119890119901(119866
2) = 2
Secondly to verify a given property hold or not we haveto build a system model with 8 cycles at most and check119889119890119901(119866
1) = 2 steps
The circuit model to be verified is below
SM = PM⋃CNS (11)
The properties of this counter can be specified as thefollowing PSL assertions listed in Table 1
62 Assertion Checking Using Maple We run this exampleby using Maple 13 software Before running we manuallytranslated all models into polynomials The experiment isperformed on a Computer with a 240GHz CPU (Intel i5M450) and 512MB of memory It took about 004 secondsand 081MB of memory to find this error when applyingGroebner method
[gtwith(Groebner)[gt CM = sdot sdot sdot lowast Circuit Model lowast[gt TDEG = 119905119889119890119892(
1198981[0] 1198982[0] 1198983[0] 1198984[0] 1198981[1] 1198982[1]
1198983[1] 1198984[1] 1198981[2] 1198982[2] 1198983[2] 1198984[2]
1199101[0] 1199101[1] 1199101[2] 1199102[0] 1199102[1] 1199102[2]
1199103[0] 1199103[1] 1199103[2])
[gt CGB = 119861119886119904119894119904(GTDEG)[gt 119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898(1198983
[0]minus 1CGBTDEG)
[gt 119903119890119905 = 0
As shown in maple outputs the given circuit has beenmodeled as polynomial set CM (its Groebner basis is denotedby CGB) and assertion representation as (1198983
[0]minus 1) From
the running result we have return value of 119873119900119903119898119886119897 119865119900119903119898is 0 which means CGB be divided with no remainder by(1198983[0]minus1) Thus from the previously mentioned verification
principles it is easy to conclude that the SERE assertion 1198661
holds under this circuit model after 1 cycle Other results areshown in Table 2
Table 2 Result table
Cycle no Polynomial ResultCycle1 1198981
[0] 1198982[0] 1198983[0]minus 1 119903119890119905 = 0
Cycle2 1198981[1] 1198982[1]minus 11198983
[1]119903119890119905 = 01198981
[1]fails
Cycle3 1198981[2] 1198982[2]minus 11198983
[2]minus 1 Stop
From Table 2 when checking 1198662assertion the result
119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898 (1198981[1]CGBTDEG) = 1 = 0 so that we
can conclude the assertion does not hold and theremust existsome error in the original circuitThis case is a fairly completeillustration of how our checking algorithm works
7 Conclusion
In this paper we presented a new method for constrainedSERE temporal assertions checking by combining symbolicsimulation with symbolic algebraic approaches We modi-fied the original PSL specification to adapt our verificationrequirements and rebuilt a new constrained class of booleanand temporal layer
We first introduce a notion of symbolic constant for datapath verification which can gain great state coverage forsimulation based verification This method allows users todeal with more than one state and many input combinationsat a time This advantage comes directly from the fact thatmany vectors are simulated at once using symbolic value
We then defined a constrained simple subset of SEREand proposed an practical algebraization method for eachtemporal operator For sequential circuits verification weintroduce a parameterized polynomial set modeling methodbased on time frame expansion
Our approach is based on polynomial models construc-tion for both circuits and assertions In other words symbolicsimulation is performed on data-flow model and its unrolledform in polynomial representation Our method is to even-tually translate a simulation based verification problem into apure algebraic zero set determination problem by previouslymentioned steps which can be performed on any generalsymbolic algebraic tool An experimental evaluation usingmaple has shown that the method is extremely efficient anduseful
Furthermore we can summarize the advantages of ourchecking method as follows
(1) from the real case we see that SERE properties verifi-cation can be achieved easier using symbolic algebraicthan traditional method Complex test bench or testvector is not essential for this approach
(2) this advantage comes directly from the fact that manyvectors are simulated at once using symbolic value
(3) for assertion property verification an efficient slicingreduction technique can be applied to gain perfor-mance improvement
Basically our method can be taken as a useful theoreticalinsight for verification methodology
Finally we plan to explore further tradeoffs and combinenumeric computation with symbolic simulation for boosting
10 Journal of Applied Mathematics
performance in particular and to apply this method to moreindustrial case studies
Acknowledgments
The project is supported by the National Natural Sci-ence Foundation of China under Grant no 60973147 theNatural Science Foundation of Guangxi under Grant no2011GXNSFA018154 the Science and Technology Foundationof Guangxi under Grant no 10169-1 Guangxi ScientificResearch Project no 201012MS274 andGrants (HCIC201102)of Guangxi Key Laboratory of Hybrid Computation andIC Design Analysis Open Fund The authors would like tothank their colleagues for participating in the research Theyalso appreciate the anonymous reviewers for their helpfulcomments
References
[1] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2005 2005
[2] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[3] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2010 2010 Revision of IEEE Std 1850-2005
[4] T Tuerk K Schneider and M Gordon ldquoModel checking PSLusing HOL and SMVrdquo in Proceedings of the 2nd InternationalHaifa Verification Conference on Hardware and Software Verifi-cation and Testing (HVC rsquo06) E Bin A Ziv and S Ur Eds pp1ndash15 Springer Berlin Germany 2006
[5] T Launiainen K Heljanko and T Junttila ldquoEfficient modelchecking of PSL safety propertiesrdquo IET Computers amp DigitalTechniques vol 5 no 6 pp 479ndash492 2011
[6] A Pnueli and A Zaks ldquoPSL model checking and run-timeverification via testersrdquo in Proceedings of the 14th internationalconference on Formal Methods (FM rsquo06) pp 573ndash586 2006
[7] L Darringer ldquoApplication of program verification techniquesto hardware verificationrdquo in Proceedings of IEEE-ACM DesignAutomation Conference pp 375ndash381 1979
[8] G S Avrunin ldquoSymbolic model checking using algebraicgeometryrdquo in Proceedings of the 8th International Conference onComputer Aided Verification (CAV rsquo96) pp 26ndash37 1996
[9] W Mao and J Wu ldquoApplication of Wursquos method to symbolicmodel checkingrdquo in Proceedings of the International Symposiumon Symbolic and Algebraic Computation (ISSAC rsquo05) pp 237ndash244 July 2005
[10] J Wu and L Zhao ldquoMulti-valued model checking via groebnerbasis approachrdquo in Proceedings of the 1st Joint IEEEIFIP Sympo-sium on Theoretical Aspects of Software Engineering (TASE rsquo07)pp 35ndash44 June 2007
[11] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[12] J Smith and G De Micheli ldquoPolynomial methods for compo-nent matching and verificationrdquo in Proceedings of IEEEACMInternational Conference on Computer-Aided Design (ICCADrsquo98) pp 678ndash685 November 1998
[13] Y M Ryabukhin ldquoBoolean ringrdquo in Encyclopaedia of Mathe-matics M Hazewinkel Ed Springer 2001
[14] C J H Seger and R E Bryant ldquoFormal verification by symbolicevaluation of partially-ordered trajectoriesrdquo Formal Methods inSystem Design vol 6 no 2 pp 147ndash189 1995
[15] K H Chang W T Tu Y J Yeh and S Y Kuo ldquoA simulation-based temporal assertion checker for pslrdquo in Proceedings ofIEEE International Symposium onMicro-NanoMechatronics andHuman Science pp 1528ndash1531 2003
[16] D Cox and D OrsquoShea Ideals Varieties and AlgorithmsSpringer New York NY USA 1992
[17] T Becker and V Weispfenning Groebner Bases A Computa-tional Approach to Commutative Algebra vol 141 Springer NewYork NY USA 1993
[18] B Buchberger ldquoGroebner bases an algorithmic method inpolynomial ideal theoryrdquo in Multidimensional Systems Theorypp 184ndash232 Reidel 1985
[19] D Cox J Little and D OrsquoShea Eds Ideals Varieties and Algo-rithms An Introduction to Computational Algebraic Geometryand Commutative Algebra Undergraduate Texts in Mathemat-ics Springer 3rd edition 2007
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
8 Journal of Applied Mathematics
Input Circuit model C a temporal assertion 119904 running cycles 119888119910119888119897119890119904Output Boolean true or falseBEGIN(1) 119894 = 0(2) 119904119908119894119905119888ℎ(119900119901119890119903119886119905119900119903(119904))
(3) case always (4) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(5) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(6) return false(7) 119894+ = 119889119890119901(119904)
(8) lowast end while lowast(9) case eventually(10) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(11) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(12) return true(13) 119894+ = 119889119890119901(119904)
(14) lowast end while lowast(15) lowast end case lowast(16) case never (17) 119908ℎ119894119897119890(119894 lt 119888119910119888119897119890119904)
(18) 119894119891(119860119904119904119862ℎ119896(119862 119904 119894))(19) return false(20) 119894+ = 119889119890119901(119904)
(21) lowast end while lowast(22) lowast end case lowast(23) deafult (24) 119903119890119905119906119903119899 119860119904119904119862ℎ119896(119862 119904 119894)(25) lowast end switch lowast(26)
END
Algorithm 2 Assertion checking 119879119890119898119901119900119903119886119897119860119904119904119862ℎ119896 (C 119904 119888119910119888119897119890119904)
where 11990911015840 denotes the next state of 1199091 For the ith cycle weuse 1199091
[119894]to denote variable name in current cycle
To illustrate the problem clearly we define polynomial setrepresentation PM[119894] for ith cycle as follows
PM [119894]
= (1199101[119894]minus(1198981
[119894]+1198984[119894]minus1198981[119894]lowast 119898) lowast (1 minus 1198981
[119894]lowast 1198984[119894]))
(1199102[119894]minus(1198982
[119894]+1198983[119894]minus1198982[119894]lowast 1198983) lowast (1minus1198982
[119894]lowast 1198983[119894]))
(1 minus 1198983[119894]minus 1199103[119894]) (1 minus 1198984
[119894]minus1198983[119894]lowast1198982[119894])
(1198981[119894+1]
minus1199101[119894]) (1198982
[119894+1]minus1199102[119894]) (1198983
[119894+1]minus1199103[119894])
(10)
Therefore we have PM = ⋃7
119894=0PM[119894]
For any boolean variable 119886 we will impose an extraconstraint 119886lowast119886minus119886Thus we should define the correspondingconstraints set as follows CNS[119894] = 119886
[119894]lowast119886[119894]minus119886[119894] for all bit-
level variables in the ith cycleIn the same manner we have CNS = ⋃7
119894=0CNS[119894]
The sequential properties of this counter circuit can bespecified by the following assertions
1198661= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867)
NOT
XOR
XOR
OR
AND
1198981
1198982
1198983
1198984
1199101
1199102
1199103
1198810
1198811
1198812
Figure 3 Synchronous counter
1198662= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867)1198663= assert always (1198981 = 119867amp1198982 = 119867amp1198983 =
119867) |rArr (1198981 = 119867amp1198982 = 119867amp1198983 = 119867) and the restmay be deduced by analogy
Journal of Applied Mathematics 9
Table 1 Polynomial representations for properties to be verified
No Precondition Expected consequent0 1198981
[0]1198982[0]1198983[0]
NACycle1 NA (1198981
[1] 1198982[1] 1198983[1]minus 1)
Cycle2 NA (1198981[2] 1198982[2]minus 11198983
[2])
Cycle3 NA (1198981[3] 1198982[3]minus 11198983
[3]minus 1)
Cycle4 NA (1198981[4]minus 11198982
[4] 1198983[4])
Cycle5 NA (1198981[5]minus 11198982
[5] 1198983[5]minus 1)
Cycle6 NA (1198981[6]minus 11198982
[6]minus 11198983
[6])
Cycle7 NA (1198981[7]minus 11198982
[7]minus 11198983
[7]minus 1)
Afterward we will demonstrate the verification processstep by step
Firstly we calculate the sequential depth and have
119889119890119901(1198661) = 2 119889119890119901(119866
2) = 2 and 119889119890119901(119866
2) = 2
Secondly to verify a given property hold or not we haveto build a system model with 8 cycles at most and check119889119890119901(119866
1) = 2 steps
The circuit model to be verified is below
SM = PM⋃CNS (11)
The properties of this counter can be specified as thefollowing PSL assertions listed in Table 1
62 Assertion Checking Using Maple We run this exampleby using Maple 13 software Before running we manuallytranslated all models into polynomials The experiment isperformed on a Computer with a 240GHz CPU (Intel i5M450) and 512MB of memory It took about 004 secondsand 081MB of memory to find this error when applyingGroebner method
[gtwith(Groebner)[gt CM = sdot sdot sdot lowast Circuit Model lowast[gt TDEG = 119905119889119890119892(
1198981[0] 1198982[0] 1198983[0] 1198984[0] 1198981[1] 1198982[1]
1198983[1] 1198984[1] 1198981[2] 1198982[2] 1198983[2] 1198984[2]
1199101[0] 1199101[1] 1199101[2] 1199102[0] 1199102[1] 1199102[2]
1199103[0] 1199103[1] 1199103[2])
[gt CGB = 119861119886119904119894119904(GTDEG)[gt 119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898(1198983
[0]minus 1CGBTDEG)
[gt 119903119890119905 = 0
As shown in maple outputs the given circuit has beenmodeled as polynomial set CM (its Groebner basis is denotedby CGB) and assertion representation as (1198983
[0]minus 1) From
the running result we have return value of 119873119900119903119898119886119897 119865119900119903119898is 0 which means CGB be divided with no remainder by(1198983[0]minus1) Thus from the previously mentioned verification
principles it is easy to conclude that the SERE assertion 1198661
holds under this circuit model after 1 cycle Other results areshown in Table 2
Table 2 Result table
Cycle no Polynomial ResultCycle1 1198981
[0] 1198982[0] 1198983[0]minus 1 119903119890119905 = 0
Cycle2 1198981[1] 1198982[1]minus 11198983
[1]119903119890119905 = 01198981
[1]fails
Cycle3 1198981[2] 1198982[2]minus 11198983
[2]minus 1 Stop
From Table 2 when checking 1198662assertion the result
119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898 (1198981[1]CGBTDEG) = 1 = 0 so that we
can conclude the assertion does not hold and theremust existsome error in the original circuitThis case is a fairly completeillustration of how our checking algorithm works
7 Conclusion
In this paper we presented a new method for constrainedSERE temporal assertions checking by combining symbolicsimulation with symbolic algebraic approaches We modi-fied the original PSL specification to adapt our verificationrequirements and rebuilt a new constrained class of booleanand temporal layer
We first introduce a notion of symbolic constant for datapath verification which can gain great state coverage forsimulation based verification This method allows users todeal with more than one state and many input combinationsat a time This advantage comes directly from the fact thatmany vectors are simulated at once using symbolic value
We then defined a constrained simple subset of SEREand proposed an practical algebraization method for eachtemporal operator For sequential circuits verification weintroduce a parameterized polynomial set modeling methodbased on time frame expansion
Our approach is based on polynomial models construc-tion for both circuits and assertions In other words symbolicsimulation is performed on data-flow model and its unrolledform in polynomial representation Our method is to even-tually translate a simulation based verification problem into apure algebraic zero set determination problem by previouslymentioned steps which can be performed on any generalsymbolic algebraic tool An experimental evaluation usingmaple has shown that the method is extremely efficient anduseful
Furthermore we can summarize the advantages of ourchecking method as follows
(1) from the real case we see that SERE properties verifi-cation can be achieved easier using symbolic algebraicthan traditional method Complex test bench or testvector is not essential for this approach
(2) this advantage comes directly from the fact that manyvectors are simulated at once using symbolic value
(3) for assertion property verification an efficient slicingreduction technique can be applied to gain perfor-mance improvement
Basically our method can be taken as a useful theoreticalinsight for verification methodology
Finally we plan to explore further tradeoffs and combinenumeric computation with symbolic simulation for boosting
10 Journal of Applied Mathematics
performance in particular and to apply this method to moreindustrial case studies
Acknowledgments
The project is supported by the National Natural Sci-ence Foundation of China under Grant no 60973147 theNatural Science Foundation of Guangxi under Grant no2011GXNSFA018154 the Science and Technology Foundationof Guangxi under Grant no 10169-1 Guangxi ScientificResearch Project no 201012MS274 andGrants (HCIC201102)of Guangxi Key Laboratory of Hybrid Computation andIC Design Analysis Open Fund The authors would like tothank their colleagues for participating in the research Theyalso appreciate the anonymous reviewers for their helpfulcomments
References
[1] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2005 2005
[2] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[3] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2010 2010 Revision of IEEE Std 1850-2005
[4] T Tuerk K Schneider and M Gordon ldquoModel checking PSLusing HOL and SMVrdquo in Proceedings of the 2nd InternationalHaifa Verification Conference on Hardware and Software Verifi-cation and Testing (HVC rsquo06) E Bin A Ziv and S Ur Eds pp1ndash15 Springer Berlin Germany 2006
[5] T Launiainen K Heljanko and T Junttila ldquoEfficient modelchecking of PSL safety propertiesrdquo IET Computers amp DigitalTechniques vol 5 no 6 pp 479ndash492 2011
[6] A Pnueli and A Zaks ldquoPSL model checking and run-timeverification via testersrdquo in Proceedings of the 14th internationalconference on Formal Methods (FM rsquo06) pp 573ndash586 2006
[7] L Darringer ldquoApplication of program verification techniquesto hardware verificationrdquo in Proceedings of IEEE-ACM DesignAutomation Conference pp 375ndash381 1979
[8] G S Avrunin ldquoSymbolic model checking using algebraicgeometryrdquo in Proceedings of the 8th International Conference onComputer Aided Verification (CAV rsquo96) pp 26ndash37 1996
[9] W Mao and J Wu ldquoApplication of Wursquos method to symbolicmodel checkingrdquo in Proceedings of the International Symposiumon Symbolic and Algebraic Computation (ISSAC rsquo05) pp 237ndash244 July 2005
[10] J Wu and L Zhao ldquoMulti-valued model checking via groebnerbasis approachrdquo in Proceedings of the 1st Joint IEEEIFIP Sympo-sium on Theoretical Aspects of Software Engineering (TASE rsquo07)pp 35ndash44 June 2007
[11] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[12] J Smith and G De Micheli ldquoPolynomial methods for compo-nent matching and verificationrdquo in Proceedings of IEEEACMInternational Conference on Computer-Aided Design (ICCADrsquo98) pp 678ndash685 November 1998
[13] Y M Ryabukhin ldquoBoolean ringrdquo in Encyclopaedia of Mathe-matics M Hazewinkel Ed Springer 2001
[14] C J H Seger and R E Bryant ldquoFormal verification by symbolicevaluation of partially-ordered trajectoriesrdquo Formal Methods inSystem Design vol 6 no 2 pp 147ndash189 1995
[15] K H Chang W T Tu Y J Yeh and S Y Kuo ldquoA simulation-based temporal assertion checker for pslrdquo in Proceedings ofIEEE International Symposium onMicro-NanoMechatronics andHuman Science pp 1528ndash1531 2003
[16] D Cox and D OrsquoShea Ideals Varieties and AlgorithmsSpringer New York NY USA 1992
[17] T Becker and V Weispfenning Groebner Bases A Computa-tional Approach to Commutative Algebra vol 141 Springer NewYork NY USA 1993
[18] B Buchberger ldquoGroebner bases an algorithmic method inpolynomial ideal theoryrdquo in Multidimensional Systems Theorypp 184ndash232 Reidel 1985
[19] D Cox J Little and D OrsquoShea Eds Ideals Varieties and Algo-rithms An Introduction to Computational Algebraic Geometryand Commutative Algebra Undergraduate Texts in Mathemat-ics Springer 3rd edition 2007
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Journal of Applied Mathematics 9
Table 1 Polynomial representations for properties to be verified
No Precondition Expected consequent0 1198981
[0]1198982[0]1198983[0]
NACycle1 NA (1198981
[1] 1198982[1] 1198983[1]minus 1)
Cycle2 NA (1198981[2] 1198982[2]minus 11198983
[2])
Cycle3 NA (1198981[3] 1198982[3]minus 11198983
[3]minus 1)
Cycle4 NA (1198981[4]minus 11198982
[4] 1198983[4])
Cycle5 NA (1198981[5]minus 11198982
[5] 1198983[5]minus 1)
Cycle6 NA (1198981[6]minus 11198982
[6]minus 11198983
[6])
Cycle7 NA (1198981[7]minus 11198982
[7]minus 11198983
[7]minus 1)
Afterward we will demonstrate the verification processstep by step
Firstly we calculate the sequential depth and have
119889119890119901(1198661) = 2 119889119890119901(119866
2) = 2 and 119889119890119901(119866
2) = 2
Secondly to verify a given property hold or not we haveto build a system model with 8 cycles at most and check119889119890119901(119866
1) = 2 steps
The circuit model to be verified is below
SM = PM⋃CNS (11)
The properties of this counter can be specified as thefollowing PSL assertions listed in Table 1
62 Assertion Checking Using Maple We run this exampleby using Maple 13 software Before running we manuallytranslated all models into polynomials The experiment isperformed on a Computer with a 240GHz CPU (Intel i5M450) and 512MB of memory It took about 004 secondsand 081MB of memory to find this error when applyingGroebner method
[gtwith(Groebner)[gt CM = sdot sdot sdot lowast Circuit Model lowast[gt TDEG = 119905119889119890119892(
1198981[0] 1198982[0] 1198983[0] 1198984[0] 1198981[1] 1198982[1]
1198983[1] 1198984[1] 1198981[2] 1198982[2] 1198983[2] 1198984[2]
1199101[0] 1199101[1] 1199101[2] 1199102[0] 1199102[1] 1199102[2]
1199103[0] 1199103[1] 1199103[2])
[gt CGB = 119861119886119904119894119904(GTDEG)[gt 119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898(1198983
[0]minus 1CGBTDEG)
[gt 119903119890119905 = 0
As shown in maple outputs the given circuit has beenmodeled as polynomial set CM (its Groebner basis is denotedby CGB) and assertion representation as (1198983
[0]minus 1) From
the running result we have return value of 119873119900119903119898119886119897 119865119900119903119898is 0 which means CGB be divided with no remainder by(1198983[0]minus1) Thus from the previously mentioned verification
principles it is easy to conclude that the SERE assertion 1198661
holds under this circuit model after 1 cycle Other results areshown in Table 2
Table 2 Result table
Cycle no Polynomial ResultCycle1 1198981
[0] 1198982[0] 1198983[0]minus 1 119903119890119905 = 0
Cycle2 1198981[1] 1198982[1]minus 11198983
[1]119903119890119905 = 01198981
[1]fails
Cycle3 1198981[2] 1198982[2]minus 11198983
[2]minus 1 Stop
From Table 2 when checking 1198662assertion the result
119903119890119905 = 119873119900119903119898119886119897 119865119900119903119898 (1198981[1]CGBTDEG) = 1 = 0 so that we
can conclude the assertion does not hold and theremust existsome error in the original circuitThis case is a fairly completeillustration of how our checking algorithm works
7 Conclusion
In this paper we presented a new method for constrainedSERE temporal assertions checking by combining symbolicsimulation with symbolic algebraic approaches We modi-fied the original PSL specification to adapt our verificationrequirements and rebuilt a new constrained class of booleanand temporal layer
We first introduce a notion of symbolic constant for datapath verification which can gain great state coverage forsimulation based verification This method allows users todeal with more than one state and many input combinationsat a time This advantage comes directly from the fact thatmany vectors are simulated at once using symbolic value
We then defined a constrained simple subset of SEREand proposed an practical algebraization method for eachtemporal operator For sequential circuits verification weintroduce a parameterized polynomial set modeling methodbased on time frame expansion
Our approach is based on polynomial models construc-tion for both circuits and assertions In other words symbolicsimulation is performed on data-flow model and its unrolledform in polynomial representation Our method is to even-tually translate a simulation based verification problem into apure algebraic zero set determination problem by previouslymentioned steps which can be performed on any generalsymbolic algebraic tool An experimental evaluation usingmaple has shown that the method is extremely efficient anduseful
Furthermore we can summarize the advantages of ourchecking method as follows
(1) from the real case we see that SERE properties verifi-cation can be achieved easier using symbolic algebraicthan traditional method Complex test bench or testvector is not essential for this approach
(2) this advantage comes directly from the fact that manyvectors are simulated at once using symbolic value
(3) for assertion property verification an efficient slicingreduction technique can be applied to gain perfor-mance improvement
Basically our method can be taken as a useful theoreticalinsight for verification methodology
Finally we plan to explore further tradeoffs and combinenumeric computation with symbolic simulation for boosting
10 Journal of Applied Mathematics
performance in particular and to apply this method to moreindustrial case studies
Acknowledgments
The project is supported by the National Natural Sci-ence Foundation of China under Grant no 60973147 theNatural Science Foundation of Guangxi under Grant no2011GXNSFA018154 the Science and Technology Foundationof Guangxi under Grant no 10169-1 Guangxi ScientificResearch Project no 201012MS274 andGrants (HCIC201102)of Guangxi Key Laboratory of Hybrid Computation andIC Design Analysis Open Fund The authors would like tothank their colleagues for participating in the research Theyalso appreciate the anonymous reviewers for their helpfulcomments
References
[1] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2005 2005
[2] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[3] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2010 2010 Revision of IEEE Std 1850-2005
[4] T Tuerk K Schneider and M Gordon ldquoModel checking PSLusing HOL and SMVrdquo in Proceedings of the 2nd InternationalHaifa Verification Conference on Hardware and Software Verifi-cation and Testing (HVC rsquo06) E Bin A Ziv and S Ur Eds pp1ndash15 Springer Berlin Germany 2006
[5] T Launiainen K Heljanko and T Junttila ldquoEfficient modelchecking of PSL safety propertiesrdquo IET Computers amp DigitalTechniques vol 5 no 6 pp 479ndash492 2011
[6] A Pnueli and A Zaks ldquoPSL model checking and run-timeverification via testersrdquo in Proceedings of the 14th internationalconference on Formal Methods (FM rsquo06) pp 573ndash586 2006
[7] L Darringer ldquoApplication of program verification techniquesto hardware verificationrdquo in Proceedings of IEEE-ACM DesignAutomation Conference pp 375ndash381 1979
[8] G S Avrunin ldquoSymbolic model checking using algebraicgeometryrdquo in Proceedings of the 8th International Conference onComputer Aided Verification (CAV rsquo96) pp 26ndash37 1996
[9] W Mao and J Wu ldquoApplication of Wursquos method to symbolicmodel checkingrdquo in Proceedings of the International Symposiumon Symbolic and Algebraic Computation (ISSAC rsquo05) pp 237ndash244 July 2005
[10] J Wu and L Zhao ldquoMulti-valued model checking via groebnerbasis approachrdquo in Proceedings of the 1st Joint IEEEIFIP Sympo-sium on Theoretical Aspects of Software Engineering (TASE rsquo07)pp 35ndash44 June 2007
[11] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[12] J Smith and G De Micheli ldquoPolynomial methods for compo-nent matching and verificationrdquo in Proceedings of IEEEACMInternational Conference on Computer-Aided Design (ICCADrsquo98) pp 678ndash685 November 1998
[13] Y M Ryabukhin ldquoBoolean ringrdquo in Encyclopaedia of Mathe-matics M Hazewinkel Ed Springer 2001
[14] C J H Seger and R E Bryant ldquoFormal verification by symbolicevaluation of partially-ordered trajectoriesrdquo Formal Methods inSystem Design vol 6 no 2 pp 147ndash189 1995
[15] K H Chang W T Tu Y J Yeh and S Y Kuo ldquoA simulation-based temporal assertion checker for pslrdquo in Proceedings ofIEEE International Symposium onMicro-NanoMechatronics andHuman Science pp 1528ndash1531 2003
[16] D Cox and D OrsquoShea Ideals Varieties and AlgorithmsSpringer New York NY USA 1992
[17] T Becker and V Weispfenning Groebner Bases A Computa-tional Approach to Commutative Algebra vol 141 Springer NewYork NY USA 1993
[18] B Buchberger ldquoGroebner bases an algorithmic method inpolynomial ideal theoryrdquo in Multidimensional Systems Theorypp 184ndash232 Reidel 1985
[19] D Cox J Little and D OrsquoShea Eds Ideals Varieties and Algo-rithms An Introduction to Computational Algebraic Geometryand Commutative Algebra Undergraduate Texts in Mathemat-ics Springer 3rd edition 2007
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
10 Journal of Applied Mathematics
performance in particular and to apply this method to moreindustrial case studies
Acknowledgments
The project is supported by the National Natural Sci-ence Foundation of China under Grant no 60973147 theNatural Science Foundation of Guangxi under Grant no2011GXNSFA018154 the Science and Technology Foundationof Guangxi under Grant no 10169-1 Guangxi ScientificResearch Project no 201012MS274 andGrants (HCIC201102)of Guangxi Key Laboratory of Hybrid Computation andIC Design Analysis Open Fund The authors would like tothank their colleagues for participating in the research Theyalso appreciate the anonymous reviewers for their helpfulcomments
References
[1] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2005 2005
[2] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[3] ldquoIEEE standard for property specification language (psl)rdquo IEEEStd 1850-2010 2010 Revision of IEEE Std 1850-2005
[4] T Tuerk K Schneider and M Gordon ldquoModel checking PSLusing HOL and SMVrdquo in Proceedings of the 2nd InternationalHaifa Verification Conference on Hardware and Software Verifi-cation and Testing (HVC rsquo06) E Bin A Ziv and S Ur Eds pp1ndash15 Springer Berlin Germany 2006
[5] T Launiainen K Heljanko and T Junttila ldquoEfficient modelchecking of PSL safety propertiesrdquo IET Computers amp DigitalTechniques vol 5 no 6 pp 479ndash492 2011
[6] A Pnueli and A Zaks ldquoPSL model checking and run-timeverification via testersrdquo in Proceedings of the 14th internationalconference on Formal Methods (FM rsquo06) pp 573ndash586 2006
[7] L Darringer ldquoApplication of program verification techniquesto hardware verificationrdquo in Proceedings of IEEE-ACM DesignAutomation Conference pp 375ndash381 1979
[8] G S Avrunin ldquoSymbolic model checking using algebraicgeometryrdquo in Proceedings of the 8th International Conference onComputer Aided Verification (CAV rsquo96) pp 26ndash37 1996
[9] W Mao and J Wu ldquoApplication of Wursquos method to symbolicmodel checkingrdquo in Proceedings of the International Symposiumon Symbolic and Algebraic Computation (ISSAC rsquo05) pp 237ndash244 July 2005
[10] J Wu and L Zhao ldquoMulti-valued model checking via groebnerbasis approachrdquo in Proceedings of the 1st Joint IEEEIFIP Sympo-sium on Theoretical Aspects of Software Engineering (TASE rsquo07)pp 35ndash44 June 2007
[11] C Eisner and D Fisman A Practical Introduction to PSLIntegrated Circuits and Systems Springer New York NY USA2006
[12] J Smith and G De Micheli ldquoPolynomial methods for compo-nent matching and verificationrdquo in Proceedings of IEEEACMInternational Conference on Computer-Aided Design (ICCADrsquo98) pp 678ndash685 November 1998
[13] Y M Ryabukhin ldquoBoolean ringrdquo in Encyclopaedia of Mathe-matics M Hazewinkel Ed Springer 2001
[14] C J H Seger and R E Bryant ldquoFormal verification by symbolicevaluation of partially-ordered trajectoriesrdquo Formal Methods inSystem Design vol 6 no 2 pp 147ndash189 1995
[15] K H Chang W T Tu Y J Yeh and S Y Kuo ldquoA simulation-based temporal assertion checker for pslrdquo in Proceedings ofIEEE International Symposium onMicro-NanoMechatronics andHuman Science pp 1528ndash1531 2003
[16] D Cox and D OrsquoShea Ideals Varieties and AlgorithmsSpringer New York NY USA 1992
[17] T Becker and V Weispfenning Groebner Bases A Computa-tional Approach to Commutative Algebra vol 141 Springer NewYork NY USA 1993
[18] B Buchberger ldquoGroebner bases an algorithmic method inpolynomial ideal theoryrdquo in Multidimensional Systems Theorypp 184ndash232 Reidel 1985
[19] D Cox J Little and D OrsquoShea Eds Ideals Varieties and Algo-rithms An Introduction to Computational Algebraic Geometryand Commutative Algebra Undergraduate Texts in Mathemat-ics Springer 3rd edition 2007
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of