Formal Verification of Hardware/SoC with SPIN: Fairness & LTL Model Checking, Study notes of Electrical and Electronics Engineering

Download Formal Verification of Hardware/SoC with SPIN: Fairness & LTL Model Checking and more Study notes Electrical and Electronics Engineering in PDF only on Docsity! ECE 598 SV Formal Hardware/SoC Verification Lecture 7 SPIN SPIN is an LTL Model Checker. The term ‘asynchronous’ used in SPIN literature, means the same as non-determinism seen in hardware concurrency. SPIN provides the option to verify properties over only ‘fair’ paths. Fairness is defined as follows: Weak fairness: A specified set of transitions cannot be enabled forever, without being taken. Strong fairness: (Strett fairness) A specified set of transitions cannot be enabled infinitely often, without being taken. All possible paths in this systems is given by, q1(q3q1)*q2 ω U (q1q3) ω A strong fairness condition would be that the q1→q1 transition cannot be ignored forever. This is satisfied by the paths q1(q3q1)*q2 ω Now, back to LTL Model Checking. G p We would have the same structure for G (p^s^q^r^t), only the enabler has changed. |f| increases not through the number of variables, but through the modality of f. G (p → pUq) S1S0 p ¬q p ¬q ¬p q ¬p ¬q ¬p q For almost any practical f, the number of modalities is small. So, though exponential in |f|, LTL model checking is very feasible. S0 S1 S2 S3 S4S5 In the checking algorithm, the outer DFS is, S0 S1 S2 S1 (doesn’t reach any acceptance state) S0 S1 S3 S4 (reaches the acceptance state S4)