EP1127323A1 - Procede et dispositif pour la comparaison d'une premiere caracteristique avec des caracteristiques predeterminees d'un systeme technique - Google Patents

Procede et dispositif pour la comparaison d'une premiere caracteristique avec des caracteristiques predeterminees d'un systeme technique

Info

Publication number
EP1127323A1
EP1127323A1 EP99959229A EP99959229A EP1127323A1 EP 1127323 A1 EP1127323 A1 EP 1127323A1 EP 99959229 A EP99959229 A EP 99959229A EP 99959229 A EP99959229 A EP 99959229A EP 1127323 A1 EP1127323 A1 EP 1127323A1
Authority
EP
European Patent Office
Prior art keywords
comparison
technical system
property
methods
nodes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP99959229A
Other languages
German (de)
English (en)
Inventor
Jörg LOHSE
Peter Warkentin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Onespin Solutions GmbH
Original Assignee
Infineon Technologies AG
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Infineon Technologies AG, Siemens AG filed Critical Infineon Technologies AG
Publication of EP1127323A1 publication Critical patent/EP1127323A1/fr
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/30Circuit design
    • G06F30/32Circuit design at the digital level
    • G06F30/33Design verification, e.g. functional simulation or model checking
    • G06F30/3323Design verification, e.g. functional simulation or model checking using formal methods, e.g. equivalence checking or property checking

Definitions

  • the invention relates to a method and an arrangement for comparing a first property with specified properties of a technical system.
  • Model Checking is a technique for verifying the properties of a technical system using certain methods.
  • MC Model Checking
  • a first approach to combinatorial circuit verification attempts to generate functional implications by generating test patterns and comparing them
  • the SAT comparison method is characterized in that for any Boolean notation of the form
  • the object on which the invention is based is to compare a first property with specified properties of a technical system, in particular ensuring an automatic solution to the comparison problem.
  • a method for comparing a first property with specified properties of a technical system in which at least two comparison methods are provided, each of which can carry out a comparison of the first property with the specified properties of the technical system.
  • the at least two comparison methods are processed in a predetermined order until a result of the comparison is determined. It is particularly advantageous that different comparison methods are automatically processed.
  • a further development consists in the fact that the result of the comparison is an equality or a difference of the first property from the properties of the technical system.
  • the comparison can be broken off as soon as a single difference is discovered.
  • Another development provides that the first property is verified by the technical system on the basis of equality.
  • the at least two comparison methods can in particular be two of the following comparison methods: a) SAT comparison method; b) simulation methods; c) BDD procedure; d) ATPG procedure; e) Procedure based on internal equivalence points.
  • the BDD method can be a ROBDD method.
  • the ROBDD method can be carried out with regard to its leaves or with respect to the cutting planes.
  • the technical system can be a circuit, in particular an electrical digital circuit.
  • Comparison method an approach to represent the problem to be solved (here: the entire comparison). This is taken up in another comparison method as an intermediate result, which results in a saving in computing time and / or storage space.
  • diagnostic information is preferably displayed that enables a user to determine the cause of the inequality.
  • the technical system is described as a finite automaton.
  • the first property can be represented as a Boolean function.
  • the behavior of the technical system over a predetermined time interval can be described by the first property.
  • a hybrid proofer ie a process with several comparison methods, can be used to solve one Verification task can be used.
  • a hybrid prover is a framework that contains a lot of partial provers (individual comparison procedures).
  • the hybrid demonstrator coordinates the way the partial provers work. The goal is to solve verification tasks by using different provers that no provers would have solved on their own. If none of the partial provers can solve a given verification task, the verification task is broken down. For this purpose, each sub-demonstrator is assigned sub-tasks that he can work on by specifying resources. If a threshold value for the allocation of associated resources is exceeded, the verifier stops processing. The hybrid creator then decides whether the subtask is to be dealt with by another subprover, whether the resources should be increased, or whether another subtask should be continued.
  • a threshold value for resources to be provided e.g. storage space or computing power
  • time to be provided for carrying out the comparison method is determined for each comparison method, the respective comparison method being terminated as unsuccessful if the threshold value is exceeded.
  • sequence of the comparison methods to be carried out is adapted dynamically. This is preferably done by logging which comparison method has determined the most results, this "best" comparison method for future ones Comparisons are used first. Accordingly, the order is sorted using the "second best", the “third best”, etc. comparison method.
  • the result of the comparison can be used to design, adapt or control the technical system.
  • the result of the described comparison if it is positive, can be implemented directly by a predetermined description form initiating a production process of the circuit.
  • Properties of a technical system which has a processor unit which is set up such that a) at least two comparison methods are provided, each of which can carry out a comparison of the first property with the specified properties of the technical system; b) processing the at least two comparison methods in a predetermined sequence until a result of the comparison can be determined.
  • Fig.l is a block diagram for the operation of a hybrid verifier; 2 shows a block diagram for the selection of elementary proofers as parts of a hybrid proofer;
  • Fig. 3 is a block diagram for an internal equivalence point verifier
  • Fig. 4 is a block diagram illustrating the execution of a full simulation
  • FIG. 5 shows a block diagram with steps of a ROBDD detection method
  • FIG. 6 shows a processor unit
  • a procedure for Model Checking (MC) is in particular as follows:
  • t is an arbitrary fixed point in time. Properties are formulated with reference to this point in time.
  • a property (over n points in time) is a Boolean combination of finitely many time-related elementary statements
  • finite automata systems of this type are, for example, circuits (in the form of VHDL programs or EDIF network lists).
  • a finite, deterministic automaton is a 5-tuple of the form
  • MAA is a set of atomic statements (AA) and P: S x I - »power set (MAA) is an evaluation function.
  • the evaluation function P indicates which atomic statements (AA) are fulfilled in a state.
  • a characteristic function ⁇ j ? of a property E is used to determine the validity of the property E.
  • the characteristic function ⁇ jr is a function
  • denotes a path of length n if s k + ⁇ is a successor state of s k , ie if it holds
  • a property E over n points in time is met if and only if:
  • the combinatorial comparison compares two finite, deterministic automatons with output. These machines can e.g. represent two digital circuits.
  • a finite, deterministic automaton with output is a 5-tuple
  • M 2 are bijective images
  • the automatons Mi, M 2 are called combinationally equivalent with respect to a common coding according to equation (25) if and only if
  • a binary coding of S, I, 0 converts this into a (finite) number of equality relations between Boolean functions.
  • equation (31) In a first step, the functions according to equation (31) are represented by a directed acyclic graph.
  • the individual methods, also referred to as partial provers, are based on this graph structure.
  • a directed, acyclic graph is a set K of nodes and a set (c K x K) of directed edges, each connecting two nodes.
  • the graph does not include cycles.
  • a node k 2 is called the son of the node ki, if a directed edge connects the node k with the node k 2 .
  • Leaves are knots with no edges. Roots are knots with no edges. Directed edges run from top to bottom so that roots are at the top and leaves are at the bottom of the graph.
  • a base (also: section plane) of a graph is a subset of nodes with the property "every path from a root to a leaf runs through a node of the base".
  • the crowd forms all
  • k be a node in the graph structure G.
  • the so-called Cone of Influence of k is the smallest substructure G k of G for which the following applies: the node k belongs to G k and with a node k 'all belong Sons from k 'to G k .
  • a directed, acyclic graph represents a Boolean function:
  • a Boolean operation op k is assigned to each node k that is different from a leaf.
  • the sons of node k are the operands of op k .
  • Leaves (roots) represent the arguments (the value) of the Boolean function.
  • a leaf can also be a constant with a value "0" or a value "1".
  • Each node of the graph structure G represents a Boolean function boole k , which is dependent on the primary inputs.
  • the representation of a Boolean function as a graph is not canonical, ie there are generally many different representations. Nodes that represent the same Boolean function are called equivalent.
  • edges can be marked to symbolize single-digit operations, eg not. For example, in [1] in the node only a two-digit and-approved operation. The (single-digit) emergency operation is identified by marking the edge.
  • ATPG procedure automatic test pattern generation
  • SAT method Boolean satisfiability algorithms
  • each leaf is assigned a value "0" or "1". If a value has been assigned to each son of a node k, the value of the node k is determined by means of the operation op k .
  • ROBDDs Reduced Ordered Binary Decision Diagrams, (see [2]) represent a Boolean function as an acyclic graph. For a given permutation of the arguments, the variable order, this representation is unambiguous. In many cases, the variable order is decisive for the size of the graph If it is possible to represent the Boolean function as a ROBDD (taking into account existing restrictions on memory and runtime), the uniqueness of the representation means that the question of the equality of different technical systems is solved immediately. The success of this method depends on the Boolean function and the selected order of variables.
  • a BDD variable is assigned to each base node. This is important because the assignment of variables in particular is determined by this assignment. Are the ROBDDs for everyone Calculates sons of a node k, the ROBDD of node k can also be generated. If the size of a ROBDD exceeds a given limit, the ROBDD generation is aborted. (In [1] a new variable is assigned to the node and further calculated.)
  • ROBDDs is the main representative from a series of similar representations for Boolean functions (compare in particular [2]). Any of the representations listed there can be used here.
  • the Boolean functions (31) are represented by a directed, acyclic graph G. For each function Fj_j there is a node kj_j in graph G which represents Fj_j. The equations Fj ⁇ F 2 j are now sorted with respect to the
  • the hybrid verifier is called up successively for each pair of nodes (k ⁇ _j, k 2 jl, starting with pairs of nodes close to the leaves.
  • Fig.l a hybrid proof is shown.
  • Two nodes k, k 2 of the graph G serve as input into the proofer (see block 1 in FIG. 1).
  • the goal is to decide whether the functions represented by the nodes k, k boolek-,, boole k ;? are identical, ie whether
  • the graph G represents a global data structure that can be accessed by every partial verifier (elementary verifier, see block 102 and Fig. 2).
  • the partial provers try to simplify the graph G step by step by combining equivalent nodes, so that finally, for example by means of a complete simulation, the equation (34) can be proved or refuted.
  • C0I (k ⁇ , k 2 ) denotes the "Cone of Influence”. of ki, k 2 in graph G.
  • a block 103 is used to prove internal equivalence points (see also Fig. 3).
  • Each individual proofer can give the results "FALSE” 104, i.e. the technical systems to be compared are different, “TRUE” 106 if the systems are the same, or "OPEN” 105 if the prover could not come to a result.
  • Step 1 Complete simulation, see Fig. 2, block 201 and Fig. 4:
  • Step 2 ROBDDs regarding leaves, see block 202: choose the set of all leaves of COI (k, k 2 ) as a basis. Calculate ROBDDs on COI (k, k 2 ) up to a given size. If redundant nodes are present in C0I (k ⁇ , k 2 ), ie nodes with the same ROBDD representation occur, these redundant nodes are eliminated and step 2 is repeated.
  • Step 3 ROBDDs regarding cutting planes, see block 203 and Fig. 5:
  • Step 3 is repeated by moving the base towards the leaves (see block 504).
  • step 3 ended (see blocks 505 and 506).
  • Step 4 ATPG, see block 204:
  • Step 5 SAT, see block 205:
  • the statement (34) is converted into a conjunctive normal form and passed on to a SAT prover (e.g. [3] or [4]).
  • a SAT prover e.g. [3] or [4]
  • Step 6 Proof of internal equivalence points, see block 103 and Fig. 3: Step 6.1: (RPS - Random Pattern Simulation): The nodes of the graph structure G are broken down into equivalence classes (see block 301): starting from a breakdown ⁇ K ⁇ , an existing breakdown is refined by means of a simulation step. A class AK is broken down into two subclasses AKn, AK, AKi representing the set of all nodes e AK to which the value i is assigned by the simulation. The simulation uses a random generator for the value assignment of the
  • An equivalence class represents a set of nodes that potentially represent the same function.
  • Step 6.2 One after the other all potentially equivalent
  • the pair of nodes (u ⁇ , u 2 ) is actually equivalent: a node is redundant and can be eliminated (see block 307); b. the pair of nodes (u, u 2 ) is not equivalent: an assignment of the variables (leaves of the "Cone of Influence" of ui, u) was found on the the two functions boolean Ul and boolean u "differ. After assigning random values for the remaining sheets of graph G, graph G is simulated and the previous equivalence class decomposition is refined. This reduces the number of potentially equivalent node pairs (see block 308); c. the proof of equivalence is due
  • the processor unit PRZE comprises a processor CPU, a memory SPE and an input / output interface IOS, which is used in different ways via an interface IFC: an output is visible on a monitor MON and / or on a printer via a graphic interface PRT issued. An entry is made using a mouse MAS or a keyboard TAST.
  • the processor unit PRZE also has a data bus BUS, which ensures the connection of a memory MEM, the processor CPU and the input / output interface IOS.
  • additional components can be connected to the data bus BUS, for example additional memory, data storage (hard disk) or scanner.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Evolutionary Computation (AREA)
  • Geometry (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Tests Of Electronic Circuits (AREA)
  • Design And Manufacture Of Integrated Circuits (AREA)

Abstract

Dans le cadre d'une vérification de modèle, on essaie de détecter une caractéristique dans un système technique. A cet effet est effectuée une comparaison pendant laquelle plusieurs procédés de comparaison doivent être coordonnés pour que cette comparaison conduise à un résultat. En particulier, la comparaison est terminée dès qu'un procédé de comparaison apporte la preuve que la caractéristique recherchée est présente dans le système ou n'est pas présente dans ledit système.
EP99959229A 1998-11-03 1999-11-02 Procede et dispositif pour la comparaison d'une premiere caracteristique avec des caracteristiques predeterminees d'un systeme technique Ceased EP1127323A1 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE19850669 1998-11-03
DE19850669 1998-11-03
PCT/DE1999/003486 WO2000026824A1 (fr) 1998-11-03 1999-11-02 Procede et dispositif pour la comparaison d'une premiere caracteristique avec des caracteristiques predeterminees d'un systeme technique

Publications (1)

Publication Number Publication Date
EP1127323A1 true EP1127323A1 (fr) 2001-08-29

Family

ID=7886553

Family Applications (1)

Application Number Title Priority Date Filing Date
EP99959229A Ceased EP1127323A1 (fr) 1998-11-03 1999-11-02 Procede et dispositif pour la comparaison d'une premiere caracteristique avec des caracteristiques predeterminees d'un systeme technique

Country Status (4)

Country Link
US (1) US6581026B2 (fr)
EP (1) EP1127323A1 (fr)
JP (1) JP4418591B2 (fr)
WO (1) WO2000026824A1 (fr)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005043419A1 (fr) * 2003-10-31 2005-05-12 Fujitsu Limited Dispositif, procede et programme de support de verification et support d'enregistrement
US7346486B2 (en) * 2004-01-22 2008-03-18 Nec Laboratories America, Inc. System and method for modeling, abstraction, and analysis of software
US7093218B2 (en) * 2004-02-19 2006-08-15 International Business Machines Corporation Incremental, assertion-based design verification
US8359561B2 (en) * 2007-12-06 2013-01-22 Onespin Solutions Gmbh Equivalence verification between transaction level models and RTL at the example to processors
US9002781B2 (en) 2010-08-17 2015-04-07 Fujitsu Limited Annotating environmental data represented by characteristic functions
US8583718B2 (en) 2010-08-17 2013-11-12 Fujitsu Limited Comparing boolean functions representing sensor data
US8930394B2 (en) 2010-08-17 2015-01-06 Fujitsu Limited Querying sensor data stored as binary decision diagrams
US8645108B2 (en) * 2010-08-17 2014-02-04 Fujitsu Limited Annotating binary decision diagrams representing sensor data
US9138143B2 (en) 2010-08-17 2015-09-22 Fujitsu Limited Annotating medical data represented by characteristic functions
US8874607B2 (en) 2010-08-17 2014-10-28 Fujitsu Limited Representing sensor data as binary decision diagrams
US8495038B2 (en) 2010-08-17 2013-07-23 Fujitsu Limited Validating sensor data represented by characteristic functions
US8572146B2 (en) 2010-08-17 2013-10-29 Fujitsu Limited Comparing data samples represented by characteristic functions
US8838523B2 (en) 2011-09-23 2014-09-16 Fujitsu Limited Compression threshold analysis of binary decision diagrams
US8812943B2 (en) 2011-09-23 2014-08-19 Fujitsu Limited Detecting data corruption in medical binary decision diagrams using hashing techniques
US8781995B2 (en) 2011-09-23 2014-07-15 Fujitsu Limited Range queries in binary decision diagrams
US8909592B2 (en) 2011-09-23 2014-12-09 Fujitsu Limited Combining medical binary decision diagrams to determine data correlations
US9176819B2 (en) 2011-09-23 2015-11-03 Fujitsu Limited Detecting sensor malfunctions using compression analysis of binary decision diagrams
US9177247B2 (en) 2011-09-23 2015-11-03 Fujitsu Limited Partitioning medical binary decision diagrams for analysis optimization
US8719214B2 (en) 2011-09-23 2014-05-06 Fujitsu Limited Combining medical binary decision diagrams for analysis optimization
US8620854B2 (en) 2011-09-23 2013-12-31 Fujitsu Limited Annotating medical binary decision diagrams with health state information

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5754454A (en) * 1997-03-03 1998-05-19 Motorola, Inc. Method for determining functional equivalence between design models
US6086626A (en) * 1997-05-16 2000-07-11 Fijutsu Limited Method for verification of combinational circuits using a filtering oriented approach
US6308299B1 (en) * 1998-07-17 2001-10-23 Cadence Design Systems, Inc. Method and system for combinational verification having tight integration of verification techniques

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0026824A1 *

Also Published As

Publication number Publication date
WO2000026824A1 (fr) 2000-05-11
JP2003503763A (ja) 2003-01-28
US6581026B2 (en) 2003-06-17
JP4418591B2 (ja) 2010-02-17
US20020013680A1 (en) 2002-01-31

Similar Documents

Publication Publication Date Title
WO2000026824A1 (fr) Procede et dispositif pour la comparaison d'une premiere caracteristique avec des caracteristiques predeterminees d'un systeme technique
DE69838835T2 (de) Verfahren zur Prüfung und zur Darstellung einer Hardware durch Zerlegung und Aufteilung
DE69223787T2 (de) System fuer qualitative schlussfolgerung mit paralleler verarbeitung
DE69017785T2 (de) Verfahren zur Herstellung eines Expertensystems für Systemfehlerdiagnose.
DE69025543T2 (de) Leistungsmessung bei einem erweiterten endlichen Automaten
DE3856079T2 (de) Verfahren für einen Blockdiagramm-Simulator
DE69212673T2 (de) Prüfmustererzeugungseinrichtung
DE102020205539A1 (de) Verfahren und Vorrichtung zum Prüfen eines technischen Systems
EP2897011B1 (fr) Procédé et système de simulation pour la simulation d'une installation industrielle automatisée
EP0580663B1 (fr) Procede pour la verification de systemes traitant des donnees
EP3188053A1 (fr) Procede de configuration d'une co-simulation pour systeme entier
DE69127798T2 (de) Verfahren und Gerät zum Organisieren und Analysieren von Zeitsteuerungsinformationen
EP3812949A1 (fr) Jumeaux numériques configurables
EP1771799B1 (fr) Procede d'evaluation de la qualite d'un programme d'essai
DE10324594A1 (de) Verfahren zum Bereitstellen einer verbesserten Simulationsfähigkeit eines dynamischen Systems außerhalb der ursprünglichen Modellierungsumgebung
DE68910461T2 (de) GERäT ZUR RECHNERGESTÜTZEN ERZEUGUNG VON PRÜFPROGRAMMEN FÜR DIGITALE SCHALTUNGEN.
DE69323753T2 (de) Diagnoseeinrichtung
DE102008043374A1 (de) Vorrichtung und Verfahren zur Generierung redundanter, aber unterschiedlicher Maschinencodes aus einem Quellcode zur Verifizierung für ein sicherheitskritisches System
DE112018006331B4 (de) Testfallgenerierungsvorrichtung, Testfallgenerierungsverfahren und Testfallgenerierungsprogramm
EP1068580B1 (fr) Procede de comparaison de circuits electriques
EP2302554A2 (fr) Procédé de caractérisation d'une section de programme informatique compris dans un système de stockage informatique
DE69329007T2 (de) Kompilierungsmechanismus für Simulationsmodelle
WO2000026825A1 (fr) Procede et dispositif pour la comparaison de systemes techniques
DE102017104049B4 (de) Verfahren und vorrichtung zum überprüfen der zuverlässigkeit eines chips
DE102020206327A1 (de) Verfahren und Vorrichtung zum Prüfen eines technischen Systems

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20010516

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: INFINEON TECHNOLOGIES AG

RBV Designated contracting states (corrected)

Designated state(s): DE FR GB

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ONESPIN SOLUTIONS GMBH

17Q First examination report despatched

Effective date: 20060628

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20091112