Formal Verification of Hardware/SoC: LTL vs CTL, Papers of Electrical and Electronics Engineering

Download Formal Verification of Hardware/SoC: LTL vs CTL and more Papers Electrical and Electronics Engineering in PDF only on Docsity! ECE 598 SV Formal Hardware/SoC Verification Lecture 5 There are some properties expressible either only in CTL or only in LTL. So there is no actual comparison between their expressive powers. However, CTL model checking is more efficient. Linear Temporal Logic (LTL) Atomic Proposition: It is a letter that takes on a value true/false in a given state. (In the Traffic Light example, r is a letter, with r = 0 and r = 1 being 2 possible assignments) Set of formulae such that the formula is either an atomic proposition (p, q) or one of: - True - p ∨ q - ¬ p - p ∧ q - p U q - X p U (Until) and X (next) were not defined in the original LTL paper, but have been commonly used in later applications. The operators F and G can be expressed as F p = true U p G p = ¬ F ¬ p Path: An infinite sequence of reachable states (can be seen in reactive systems) σ = s1, s2, s3, ….. (∞ times) Model checking query over a path: (σ, si)╞ f if f is true in state si of sequence σ. σ╞ f if f is true in the first state of sequence σ. Definition of LTL satisfaction - (σ, si)╞ p iff si╞ f - (σ, si)╞ ¬ p iff ¬ (si╞ p) - (σ, si)╞ p ∨ q iff (σ, si)╞ p ∨ (σ, si)╞ q - (σ, si)╞ Xp iff (σ, si+1)╞ p - (σ, si)╞ p U q iff for some j ≥ i (σ, sj)╞ q and for all i ≤ k < j (σ, sk)╞ p Duality of G and F G p = ¬ F ¬ p (Safety) F p = ¬ G ¬ p (Liveness) The duality of G and F shows the duality between the Safety and Liveness properties. Some equivalence relations are listed below. G p ∧ G q ≡ G (p ∧ q) F p ∨ F q ≡ F (p ∨ q) However, G p ∨ G q is NOT ≡ G (p ∨ q) F p ∧ F q is NOT ≡ F (p ∧ q) GF p : Infinitely often “p” . This is defined over a path and means that from any state on the path, p will eventually hold and this true for all states and forever (ie. over inifinite executions) Example: GF (send_msg) → GF (rcv_msg) LTL Model Checking For finite states, (M, si)╞ f For model checking, M and f are expressed as similar data structures and then language containment is checked. LTL uses automaton as the data structure (CTL uses STG).