a sat based procedure for verifying finite state machines
play

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 - PowerPoint PPT Presentation

Oct 02, 2022 •32 likes •252 views

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik Reeber {reeber,hunt}@cs.utexas.edu The University of Texas ACL2 Workshop, August 16 , 2006 Introduction The ACL2 theorem prover is great

  1. A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik Reeber {reeber,hunt}@cs.utexas.edu The University of Texas ACL2 Workshop, August 16 , 2006

  2. Introduction • The ACL2 theorem prover is great – Scalable to large industrial verification problems • But… – Proofs require a lot of human effort – Computer could do more • Especially when in decidable domains • Identify a decidable subclass of ALC2 properties – Based on tree structures • New ACL2 hint for proving properties in this domain – Available in a future version of ACL2 August 16, 2006 ACL2 2006 2

  3. Presentation Overview • Focus is on what you can do with the new hint – If you want to know how it works • Read paper • Look at code: www.cs.utexas.edu/users/reeber • Outline – Demo – Performance Results – Hardware Verification Methodology – Application: TRIPS Processor Components – Future Work – Conclusion August 16, 2006 ACL2 2006 3

  4. Demo August 16, 2006 ACL2 2006 4

  5. Performance Results ACL2 Clausifier BDD Engine SAT Engine 275 225 175 Time(s) 125 75 25 4-bit Add Assoc 32-bit Add 200-bit Add 32x6 Shift-0 64x7 Shift-0 32x4 Add-Shift 64x6 Add-Shift 100 Digit Dec Assoc Assoc Inv -25 August 16, 2006 ACL2 2006 5

  6. Lines of Code ACL2 Clausifier BDD Engine SAT Engine 350 300 250 200 # Lines 150 100 50 0 4-bit Add Assoc 32-bit Add 200-bit Add 32x6 Shift-0 64x7 Shift-0 32x4 Add-Shift 64x6 Add-Shift 100 Digit Dec Assoc Assoc Inv August 16, 2006 ACL2 2006 6

  7. Hardware Verification Methodology Verilog English Spec, C Model and Design Test Suite Testing & Inspection Manual Compiler Translation DE2 ACL2 Spec Design Guided Verifying SAT-Based Proof Compiler Decision Procedure SULFA ACL2 Model Properties August 16, 2006 ACL2 2006 7

  8. TRIPS LSQ • TRIPS Processor – Designed and built at University of Texas and IBM • Prototype next-generation processor – Multi-core, speculative, pipelined processor • 4 memory partitions, 16 ALUs • 256 speculative out-of-order instructions, partitioned into eight instruction blocks • Load Store Queue (LSQ) – Queue for speculative loads and stores not ready for cache – Four LSQ tiles, one for each memory partition • Verified LSQ internal communication protocol August 16, 2006 ACL2 2006 8

  9. Exception Mask Protocol Flush_mask Exception_mask • Exception can occur at each tile Tile 0 UDT_EX_Mask • Each tile stores a Flush_mask T0_Except Local_Except DDT_EX_Mask mask of known REG exceptions Tile 1 UDT_EX_Mask Flush_mask • Mask sent up T1_Except Local_Except DDT_EX_Mask each cycle REG Tile 2 • Eventually every UDT_EX_Mask Flush_mask T2_Except exception is Local_Except DDT_EX_Mask known by Tile 0 REG Tile 3 UDT_EX_Mask • Global flushes Flush_mask T3_Except remove Local_Except DDT_EX_Mask exceptions August 16, 2006 ACL2 2006 9

  10. Verification of Exception Protocol • Compiled Verilog design into DE2 • Compiled DE2 into ACL2 model – proven equivalence • Wrote single-tile exception model • Specification: – Safety. Tile 0 reports a subset of the exceptions reported by the single-tile model – Liveness. Eventually every exception produced by the single-tile model is reported by Tile 0 . August 16, 2006 ACL2 2006 10

  11. Exception Protocol Safety Property • Tile 0 reports a subset of the exceptions reported by the single-tile model (defthm specification-miss-exception-safety (implies (and (integerp tao) (<= 0 tao) (Tth-valid-inputsp tao input-list)) (submaskp 8 (acl2v-udt_miss_ordering_exceptions *t0* (Tth-model-state tao input-list) (nth tao input-list)) (spec-miss-exceptions (Tth-spec-state tao input-list) (nth tao input-list))))) August 16, 2006 ACL2 2006 11

  12. Safety Invariant Properties (defthm miss-order-inv-is-invariant-step (implies (and (inputs-goodp proof-st ins) (miss-order-inv proof-st)) (miss-order-inv (update-proof-state proof-st ins))) :hints (("Goal" :external (sat nil sat::$sat)))) (defthm miss-order-inv-implies-thm (implies (and (miss-order-inv proof-st) (inputs-goodp proof-st ins)) (submaskp 8 (acl2v-udt_miss_ordering_exceptions *t0* (proof-st-dsn-state proof-st) ins) (update-proof-st-0th-miss-mask *t0* proof-st ins))) :hints (("Goal" :external (sat nil sat::$sat)))) August 16, 2006 ACL2 2006 12

  13. Liveness Property • Eventually every exception produced by the single- tile model is reported by Tile 0 • ACL2 Specification – Prove theorem below – Use defun-sk definition on next slide • Proof process same as before – Unable to prove invariant directly with SAT (defthm specification-miss-exception-liveness (implies (and (integerp tao) (<= 0 tao)) (eventually-1T-miss-subset-of-4T-P tao input-list)) August 16, 2006 ACL2 2006 13

  14. Liveness Property Defun-sk (defun-sk eventually-1T-miss-subset-of-4T-P (tao input-list) (exists (tao-prime) (and (integerp tao-prime) (<= tao tao-prime) (implies (Tth-valid-inputsp tao-prime input-list) (submaskp 8 (spec-miss-exceptions (Tth-spec-state tao input-list) (nth tao input-list)) (bv-or 8 (recent-flushes tao tao-prime input-list) (acl2v-udt_miss_ordering_exceptions *t0* (Tth-model-state tao-prime input-list) (nth tao-prime input-list)))))))) August 16, 2006 ACL2 2006 14

  15. Store Mask Protocol • Each tile produces a mask of arrived stores • Protocol more complex than exception protocol – Up to 256 entries in store mask – Store mask sent to both neighbors • Specification & verification methodology similar to exception protocol • Analysis – Problem size: ~1500 Boolean variables – 130 hours of human effort – Multi-hour proof • Improvement over pure theorem proving – Counter examples especially helpful August 16, 2006 ACL2 2006 15

  16. Future Work • More applications – Full LSQ design – n-tile circuit generator • Performance improvements – Try the new BDD system • Expand SULFA – Constrained functions – Limited arithmetic • Add to ACL2 “waterfall” • Verify proof engine – Theoretical issues: function body, proof of termination – Practical issues: complex code, large clause inputs • Counter-example guided refinement August 16, 2006 ACL2 2006 16

  17. Conclusion • Defined decidable subclass of ACL2 formulas – Includes primitives if, cons, car, cdr, consp, and equal – Can be extended with user-defined functions • New hint for proving properties in this subclass – Fully automatic – Generates counter-examples to invalid properties • Applying to TRIPS processor – Multi-core, pipelined, out-of-order processor – Combining SAT-based reasoning with pure theorem proving – Solid improvement over pure theorem proving August 16, 2006 ACL2 2006 17

  18. Backup Slides August 16, 2006 ACL2 2006 18

  19. Single-Tile Exception Model • Wrote a single-tile model in ACL2 • The full mask of exceptions is generated each cycle Spec_EX_mask Flush_mask 8 NOT T0_Except 4 8 EN-DECODE R T1_Except * 8 A 4 8 E EN-DECODE N O G T2_Except * D 4 8 R EN-DECODE T3_Except * 4 8 EN-DECODE * This input has been modified: an exception is disabled if it occurs in an instruction that has already been flushed. August 16, 2006 ACL2 2006 19

  20. Single-Tile Exception Model • Wrote a single-tile model in ACL2 • The full mask of exceptions is generated each cycle Spec_EX_mask Flush_mask 8 NOT T0_Except 4 8 EN-DECODE R T1_Except * 8 A 4 8 E EN-DECODE N O G T2_Except * D 4 8 R EN-DECODE T3_Except * 4 8 EN-DECODE * This input has been modified: an exception is disabled if it occurs in an instruction that has already been flushed. August 16, 2006 ACL2 2006 20

  21. Store Mask Protocol Flush_mask Commit_mask • Each tile keeps a mask Tile 0… of arrived stores REG • Used in completion detection & deferred load Tile 1 UDT2_in UDT1_in UDT0_in UDT2_out UDT1_out UDT0_out awakening Flush_mask • Up to three stores are Commit_mask sent both upward and Store_mask downward at the Local_store DDT2_out DDT1_out DDT0_out DDT2_in DDT1_in DDT0_in beginning of each cycle • Eventually all arrived stores reach every tile REG • A flush or a commit removes stores Tile 2… August 16, 2006 ACL2 2006 21

  22. Single-Tile Store Model • Similar to single-tile exception mask Flush_mask Store_mask 256 NOR Expand Mask Commit_mask 256 256 T0_Store 9 EN-DECODE R T1_Store * 8 A 9 E EN-DECODE O N G T2_Store * R D 9 EN-DECODE T3_Store * 9 EN-DECODE * This input has been modified: an exception is disabled if it occurs in an instruction that has already been flushed. August 16, 2006 ACL2 2006 22

Recommend

Finite State Machines (FSM) AKA Finite State Automat on State Machines Introduction State

Finite State Machines (FSM) AKA Finite State Automat on State Machines Introduction State

Finite State Machines (FSM) AKA Finite State Automat on State Machines Introduction State Machines Mealy and Moore Machines State Machines Synchronous &amp; Asynchronous Systems State Diagrams Elements of Diagrams State Diagrams Properties

676 views • 33 slides
Hardware Design with VHDL Finite State Machines ECE 443 Finite State Machines FSMs are

Hardware Design with VHDL Finite State Machines ECE 443 Finite State Machines FSMs are

Hardware Design with VHDL Finite State Machines ECE 443 Finite State Machines FSMs are sequential machines with &quot;random&quot; next-state logic Used to implement functions that are realized by carrying out a sequence of steps -- commonly

794 views • 65 slides
Finite State Machines Finite State Machines Often AI as agents: sense , think , then act

Finite State Machines Finite State Machines Often AI as agents: sense , think , then act

3/24/2016 Finite State Machines Finite State Machines Often AI as agents: sense , think , then act But many different rules for agents Ex: sensing, thinking and acting when fighting , running , exploring Can be difficult to

299 views • 5 slides
Lecture 4 Finite State Machines 1 9/26/2019 Modeling Finite State Machines (FSMs)

Lecture 4 Finite State Machines 1 9/26/2019 Modeling Finite State Machines (FSMs)

Lecture 4 Finite State Machines 1 9/26/2019 Modeling Finite State Machines (FSMs) Manual FSM design &amp; synthesis process: 1. Design state diagram (behavior) 2. Derive state table 3. Reduce state table 4. Choose a state

531 views • 29 slides
Lecture 4 Finite State Machines 1 9/18/2020 Modeling Finite State Machines (FSMs)

Lecture 4 Finite State Machines 1 9/18/2020 Modeling Finite State Machines (FSMs)

Lecture 4 Finite State Machines 1 9/18/2020 Modeling Finite State Machines (FSMs) Manual FSM design &amp; synthesis process: 1. Design state diagram (behavior) 2. Derive state table 3. Reduce state table 4. Choose a state

533 views • 35 slides
Finite State Machines (FSM) Chapter 8 State Machines Introduction State Machines Mealy and

Finite State Machines (FSM) Chapter 8 State Machines Introduction State Machines Mealy and

Finite State Machines (FSM) Chapter 8 State Machines Introduction State Machines Mealy and Moore Machines State Machines Synchronous &amp; Asynchronous Systems State Diagrams Elements of Diagrams State Diagrams Properties State Diagrams

607 views • 33 slides
Implementing finite state machines A first introduction to PROLOG Encoding finite state

Implementing finite state machines A first introduction to PROLOG Encoding finite state

Implementing finite state machines A first introduction to PROLOG Encoding finite state machines in PROLOG Recognition and generation with finite state machines in PROLOG Search spaces and how to traverse them depth-first

549 views • 24 slides
Finite State Machines: Finite State Transducers; Specifying Control Logic Greg Plaxton Theory in

Finite State Machines: Finite State Transducers; Specifying Control Logic Greg Plaxton Theory in

Finite State Machines: Finite State Transducers; Specifying Control Logic Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Finite State Transducers A finite state

117 views • 9 slides
Finite State Machines Murray Cole Finite State Machines 1 Embedded Systems

Finite State Machines Murray Cole Finite State Machines 1 Embedded Systems

I V N E U R S E I H T Y T O H F G R E U D I B N Finite State Machines Murray Cole Finite State Machines 1 Embedded Systems Already 10s of processor chips per person in the world There will

512 views • 13 slides
Xerox Finite-State Tool Building Finite-State Machines Youll use it for homework

Xerox Finite-State Tool Building Finite-State Machines Youll use it for homework

Xerox Finite-State Tool Building Finite-State Machines Youll use it for homework Commercial product (but we have academic license here) One of several finite-state toolkits available This one is easiest to use but doesnt

93 views • 7 slides
(Finite) State Machines Lecture 22 Several Models of Computation Automata/Machines,

(Finite) State Machines Lecture 22 Several Models of Computation Automata/Machines,

(Finite) State Machines Lecture 22 Several Models of Computation Automata/Machines, Algebras/Calculi, Grammars, A few examples we shall see: (Finite) State Automata (Context Free) Grammars Circuits You already saw (implicitly): Random

658 views • 21 slides
cse 311: foundations of computing Fall 2015 Lecture 22: Finite state machines review: finite

cse 311: foundations of computing Fall 2015 Lecture 22: Finite state machines review: finite

cse 311: foundations of computing Fall 2015 Lecture 22: Finite state machines review: finite state machines States Transitions on inputs Start state and final states The language recognized by a machine is the set of strings that

430 views • 19 slides
Describing Finite State Machines Murray Cole Describing Finite State Machines 1

Describing Finite State Machines Murray Cole Describing Finite State Machines 1

I V N E U R S E I H T Y T O H F G R E U D I B N Describing Finite State Machines Murray Cole Describing Finite State Machines 1 A Notation for FSMs? FSMs are a useful tool (reactive systems are everywhere)

386 views • 13 slides
Overview A first introduction to Prolog Implementing finite state machines and learning

Overview A first introduction to Prolog Implementing finite state machines and learning

Overview A first introduction to Prolog Implementing finite state machines and learning Prolog along the way Encoding finite state machines in Prolog Recognition and generation with finite state machines in Prolog Completing the

542 views • 5 slides
Test-Based Extended Finite-State Machines Induction with Evolutionary Algorithms and Ant Colony

Test-Based Extended Finite-State Machines Induction with Evolutionary Algorithms and Ant Colony

Test-Based Extended Finite-State Machines Induction with Evolutionary Algorithms and Ant Colony Optimization Daniil Chivilikhin, Vladimir Ulyantsev, Fedor Tsarev tsarev@rain.ifmo.ru St. Petersburg National Research University of Information

858 views • 33 slides
Finite State Machines: Definitions; Verification Greg Plaxton Theory in Programming Practice,

Finite State Machines: Definitions; Verification Greg Plaxton Theory in Programming Practice,

Finite State Machines: Definitions; Verification Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Finite State Machine: Definition A (deterministic) finite state machine

130 views • 11 slides
Implementing finite state machines and learning Prolog along the way Detmar Meurers: Intro to

Implementing finite state machines and learning Prolog along the way Detmar Meurers: Intro to

Implementing finite state machines and learning Prolog along the way Detmar Meurers: Intro to Computational Linguistics I OSU, LING 684.01, 13. January 2003 Overview A first introduction to Prolog Encoding finite state machines in Prolog

623 views • 28 slides
Finite Finite- -state Model state Model Deterministic machines: next state S ( t +1) determined

Finite Finite- -state Model state Model Deterministic machines: next state S ( t +1) determined

Capabilities, Minimization, and Capabilities, Minimization, and Transformation of Sequential Machines Transformation of Sequential Machines f f f S f S 1 Zvi Kohavi and Niraj K. Jha Finite Finite- -state Model state Model Deterministic

601 views • 14 slides
Test-Based Extended Finite-State Machines Induction with Evolutionary Algorithms and Ant Colony

Test-Based Extended Finite-State Machines Induction with Evolutionary Algorithms and Ant Colony

NATIONAL RESEARCH UNIVERSITY Test-Based Extended Finite-State Machines Induction with Evolutionary Algorithms and Ant Colony Optimization Daniil Chivilikhin, Vladimir Ulyantsev, Fedor Tsarev St. Petersburg National Research University of

635 views • 32 slides
Using Squeeziness to test from Finite State Machines Manuel Nez (joint work with Alfredo

Using Squeeziness to test from Finite State Machines Manuel Nez (joint work with Alfredo

Squeeziness (round 1) Finite State Machines Squeeziness (round 2) Evaluating Squeeziness as a collision measure Application to testing Using Squeeziness to test from Finite State Machines Manuel Nez (joint work with Alfredo Ibias and Rob

597 views • 49 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (10/16/07) I E S R C E O V

UMBC A B M A L T F O U M B C I M Y O R T 1 (10/16/07) I E S R C E O V

Programmable Logic Devices Verilog State Machines CMPE 415 Behavioral Models of FSMs Two basic forms of Finite State Machines Inputs Outputs Next State and Output Combinational Logic State Asynchronous Register and subject to clock

446 views • 20 slides
1 Weights Need Not be Reals Goal: Parameterized FSMs a/ q / p b/ r Parameterized FSM:

1 Weights Need Not be Reals Goal: Parameterized FSMs a/ q / p b/ r Parameterized FSM:

Parameterized Finite-State Outline The Vision Slide! Machines and their Training 1. Finite-state machines as a shared modeling Jason Eisner Jason Eisner language. Johns Hopkins University October 16, 2002 AT&amp;T Speech Days 2.

546 views • 13 slides
MuACO sm A New Mutation-Based Ant Colony Optimization Algorithm for Learning Finite-State

MuACO sm A New Mutation-Based Ant Colony Optimization Algorithm for Learning Finite-State

MuACO sm A New Mutation-Based Ant Colony Optimization Algorithm for Learning Finite-State Machines Daniil Chivilikhin and Vladimir Ulyantsev National Research University of IT, Mechanics and Optics St. Petersburg, Russia Evolutionary and

817 views • 43 slides
Beyond Finite State Machines Beyond Finite State Machines Managing Complex, Intermixing Behavior

Beyond Finite State Machines Beyond Finite State Machines Managing Complex, Intermixing Behavior

Beyond Finite State Machines Beyond Finite State Machines Managing Complex, Intermixing Behavior Hierarchies Managing Complex, Intermixing Behavior Hierarchies Michael Mateas Michael Mateas Andrew Stern Andrew Stern Georgia Institute of

475 views • 14 slides

More recommend