Daniel Geist - Academia.edu (original) (raw)
Papers by Daniel Geist
Lecture Notes in Computer Science, 2003
The Accellera EDA standards body has recently approved the PSL a standard property specification ... more The Accellera EDA standards body has recently approved the PSL a standard property specification language for use in assertionbased verification via simulation and formal verification tools. This language, which is based on the Sugar language from IBM, is now supported by many EDA vendors. More than 40 individuals representing over 20 companies participated in the efforts to form the PSL standard from its Sugar basis. The tutorial comprises 2 parts. In the first part, we describe the basic principles of PSL/Sugar, focusing on the ease with which complex design behaviors may be described with concise, readable PSL/Sugar assertions that crisply capture design intent. We summarize the temporal constructs of the language, including parameterized sequences and properties, directives, and modeling capabilities. We cover the general timing model of PSL/Sugar, which transparently supports both (singleor multi-clock) synchronous and asynchronous design, and, time permitting, we explain how PSL/Sugar has been defined to ensure consistent semantics for both simulation and formal verification applications. In the second part of the tutorial, we present several applications of PSL/Sugar, ranging from simple to advanced assertion-based verification solutions. These include use of PSL/Sugar for dynamic assertion checking and formal model checking, including support for environment modeling and assume/guarantee reasoning. Examples of commercial verification tools which support the PSL/Sugar languages will also be presented. Participants in the tutorial will have an excellent opportunity to learn about both the language and its applications directly from the speaker, Dr. Danny Geist, who heads a research group in the IBM Haifa lab where Sugar was conceived.
Lecture Notes in Computer Science, 2001
This paper investigates specification, verification and test generation for synchronous and async... more This paper investigates specification, verification and test generation for synchronous and asynchronous circuits. The approach is called DILL (Digital Logic in LOTOS). DILL models are discussed for synchronous and asynchronous circuits. Relations for (strong) conformance are defined for verifying a design specification against a high-level specification. An algorithm is also outlined for generating and applying implementation tests based on a specification. Tools have been developed for automated test generation and verification of conformance between an implementation and its specification. The approach is illustrated with various benchmark circuits as case studies.
These are the preliminary proceedings of the third international workshop on Bounded Model Checki... more These are the preliminary proceedings of the third international workshop on Bounded Model Checking (BMC’05) that was held on July 11th, 2005 in Edinburgh, Scotland, UK. The final proceedings will be published in Electronic Notes in Theoretical Computer Science (ENTCS), together with other Computer Aided Verification (CAV’05) workshops. Out of 8 submissions the program committee selected six papers. Each of these papers was reviewed by three or four program committee members. The workshop began with an invited talk by Sharad Malik on Experiences with Quantified Boolean Formula Solvers. We thank the program committee for their effort in evaluating the articles and giving helpful comments to the authors. We also thank the organizers
This report describes formal verification of a processor's Bus Interface Unit (hereafter is ... more This report describes formal verification of a processor's Bus Interface Unit (hereafter is called BIU). The methodology employed in this project consisted of first formally verifying the individual blocks, and then the entire control logic of the design. In all, 73 control logic bugs were detected, some of which would have been difficult to find using simulation. Formal verification was the most productive component in the logic verification of the BIU. This project provides an example of the successful application of formal verification, as embedded in RuleBase, a tool that was designed in IBM Haifa Research Laboratory, to a full scale industrial design.
Proceedings of the 28th IEEE Conference on Decision and Control
Abstract The development of a conceptual framework for an operational, onboard, real-time multipr... more Abstract The development of a conceptual framework for an operational, onboard, real-time multiprocessing computer system, capable of assisting the pilot in flight and fire control decisions, ie a tactical decision aiding expert system, is discussed. Air combat is ...
Conference Proceedings., IEEE International Conference on Systems, Man and Cybernetics
Intelligent decision systems in time-invariant situations must be able to manipulate time-variant... more Intelligent decision systems in time-invariant situations must be able to manipulate time-variant data and functions. The authors present an algorithm for the following dynamic computational problem: given a set of continuous functions, keep track efficiently of their order in their domain. The algorithm has time complexity of O(nlog/sub 2/n+K min(log/sub 2/n, log/sub 2/K)), where n is the number of functions and K is the total number of intersections between the functions. The solution provides for a convenient object-oriented view of the time-variant priority queue. Contrary to the abstract data type consisting of the array (data structure) and the associated utilities (push, pop), the time-variant priority queue maintains a private state as the data change.<<ETX>>
Design Automation Conference, 1999
We claim that the verification crisis may be solved by bridging the gap between formal verificati... more We claim that the verification crisis may be solved by bridging the gap between formal verification and simulation. This paper presents a study of a functional verification methodology using the coverage of formal models to specify tests. This methodology was applied to a modern superscalar microprocessor and the resulting tests were compared to tests generated using existing methods. The results show that hybrid techniques can indeed improve functional verification. 1.
2008 IEEE International High Level Design Validation and Test Workshop, 2008
A very important class of bugs that occurs in VLSI projects, and especially in System on Chip (So... more A very important class of bugs that occurs in VLSI projects, and especially in System on Chip (SoC) type projects, are bugs caused by two or more processes on chip trying to access a shared resource simultaneously. These kinds of bugs are both hard to find and very likely have the potential to cause a respin if not found since
Eighteenth Convention of Electrical and Electronics Engineers in Israel, 1995
As a means for improving performance, advanced vector processors use an extension of pipelining, ... more As a means for improving performance, advanced vector processors use an extension of pipelining, called vector chaining, whereby the execution of independent instructions is overlapped. The complexity of vector chaining architectures, together with their inherent parallelism and asynchrony, renders their verification extremely difficult. This paper presents an efficient simulation-based scheme for verifying such architectures. The scheme presented here can be
IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 1995
Discrete Applied Mathematics, 2005
For any two n-bit numbers a⩽ b define the Boolean function f [a, b]:{0, 1} n→{0, 1} to be the fun... more For any two n-bit numbers a⩽ b define the Boolean function f [a, b]:{0, 1} n→{0, 1} to be the function for which f [a, b](x)= 1 if and only if x is the binary representation of a number in the interval [a, b]. We consider the disjunctive normal form representation of such functions, ...
Computers & Operations Research, 1992
The research described below was a portion of a large project, involving the utilization of Seman... more The research described below was a portion of a large project, involving the utilization of Semantic Control Theory [E. Y. Rodin, Semantic control theory. Appl. Math. LPrt. 1, 73-78 (1988)] in air combat situations [E. Y. Rodin, L. Wilbur, B. McElhany. S. Mittnik and Y. Lirov, Artificial intelligence in air combat games. Pursuit Et&on Diflermrial Gumes (Edited by Y. Yavin and M. Pachter) pp. 261-274, Pergamon Press, Oxford (1987)]. Specifically, a portion of the model consisted of a knapsack formulation, and it was necessary to study the question of the quality of second and third best solutions; hence the results presented here were developed.
Lecture Notes in Computer Science, 1999
This work presents a novel approach for evaluating the quality of the model checking process. Giv... more This work presents a novel approach for evaluating the quality of the model checking process. Given a model of a design (or implementation) and a temporal logic formula that describes a specification, model checking determines whether the model satisfies the specification. Assume that all specification formulas were successfully checked for the implementation. Are we sure that the implementation is correct? If the specification is incomplete, we may fail to find an error in the implementation. On the other hand, if the specification is complete, then the model checking process can be stopped without adding more specification formulas. Thus, knowing whether the specification is complete may both avoid missed implementation errors and save precious verification time. The completeness of a specification with respect to a given implementation is determined as follows. The specification formula is first transformed into a tableau. The simulation preorder is then used to compare the implementation model and the tableau model. We suggest four comparison criteria, each revealing a certain dissimilarity between the implementation and the specification. If all comparison criteria are empty, we conclude that the tableau is bisimilar to the implementation model and that the specification fully describes the implementation. We also conclude that there are no redundant states in the implementation. The method is exemplified on a small hardware example. We implemented our method symbolically as an extension to SMV. The implementation involves efficient OBDD manipulations that reduce the number of OBDD variables from 4n to 2n.
Proceedings of the 36th ACM/IEEE conference on Design automation conference - DAC '99, 1999
Computers & Mathematics with Applications, 1990
This paper describes the use of logic programming to facilitate in decisions of task assignment i... more This paper describes the use of logic programming to facilitate in decisions of task assignment in air combat. Our approach to the a~r combat problem is through semantic control. We analyze knowledge requirements for reasoning and decision making for this task, and show that a goal selector for this problem can be constructed via logic programming. The assignment problem of a~rcraft to targets is treated as an extension of the classical multiple knapsack problem. A possible temporal tree for soking this problem is described. The model used can also be utilized in other applications where cooperation in a time-varying environment is required: for instance control of robots in a time-varymg environment.
Lecture Notes in Computer Science, 2003
The Accellera EDA standards body has recently approved the PSL a standard property specification ... more The Accellera EDA standards body has recently approved the PSL a standard property specification language for use in assertionbased verification via simulation and formal verification tools. This language, which is based on the Sugar language from IBM, is now supported by many EDA vendors. More than 40 individuals representing over 20 companies participated in the efforts to form the PSL standard from its Sugar basis. The tutorial comprises 2 parts. In the first part, we describe the basic principles of PSL/Sugar, focusing on the ease with which complex design behaviors may be described with concise, readable PSL/Sugar assertions that crisply capture design intent. We summarize the temporal constructs of the language, including parameterized sequences and properties, directives, and modeling capabilities. We cover the general timing model of PSL/Sugar, which transparently supports both (singleor multi-clock) synchronous and asynchronous design, and, time permitting, we explain how PSL/Sugar has been defined to ensure consistent semantics for both simulation and formal verification applications. In the second part of the tutorial, we present several applications of PSL/Sugar, ranging from simple to advanced assertion-based verification solutions. These include use of PSL/Sugar for dynamic assertion checking and formal model checking, including support for environment modeling and assume/guarantee reasoning. Examples of commercial verification tools which support the PSL/Sugar languages will also be presented. Participants in the tutorial will have an excellent opportunity to learn about both the language and its applications directly from the speaker, Dr. Danny Geist, who heads a research group in the IBM Haifa lab where Sugar was conceived.
Lecture Notes in Computer Science, 2001
This paper investigates specification, verification and test generation for synchronous and async... more This paper investigates specification, verification and test generation for synchronous and asynchronous circuits. The approach is called DILL (Digital Logic in LOTOS). DILL models are discussed for synchronous and asynchronous circuits. Relations for (strong) conformance are defined for verifying a design specification against a high-level specification. An algorithm is also outlined for generating and applying implementation tests based on a specification. Tools have been developed for automated test generation and verification of conformance between an implementation and its specification. The approach is illustrated with various benchmark circuits as case studies.
These are the preliminary proceedings of the third international workshop on Bounded Model Checki... more These are the preliminary proceedings of the third international workshop on Bounded Model Checking (BMC’05) that was held on July 11th, 2005 in Edinburgh, Scotland, UK. The final proceedings will be published in Electronic Notes in Theoretical Computer Science (ENTCS), together with other Computer Aided Verification (CAV’05) workshops. Out of 8 submissions the program committee selected six papers. Each of these papers was reviewed by three or four program committee members. The workshop began with an invited talk by Sharad Malik on Experiences with Quantified Boolean Formula Solvers. We thank the program committee for their effort in evaluating the articles and giving helpful comments to the authors. We also thank the organizers
This report describes formal verification of a processor's Bus Interface Unit (hereafter is ... more This report describes formal verification of a processor's Bus Interface Unit (hereafter is called BIU). The methodology employed in this project consisted of first formally verifying the individual blocks, and then the entire control logic of the design. In all, 73 control logic bugs were detected, some of which would have been difficult to find using simulation. Formal verification was the most productive component in the logic verification of the BIU. This project provides an example of the successful application of formal verification, as embedded in RuleBase, a tool that was designed in IBM Haifa Research Laboratory, to a full scale industrial design.
Proceedings of the 28th IEEE Conference on Decision and Control
Abstract The development of a conceptual framework for an operational, onboard, real-time multipr... more Abstract The development of a conceptual framework for an operational, onboard, real-time multiprocessing computer system, capable of assisting the pilot in flight and fire control decisions, ie a tactical decision aiding expert system, is discussed. Air combat is ...
Conference Proceedings., IEEE International Conference on Systems, Man and Cybernetics
Intelligent decision systems in time-invariant situations must be able to manipulate time-variant... more Intelligent decision systems in time-invariant situations must be able to manipulate time-variant data and functions. The authors present an algorithm for the following dynamic computational problem: given a set of continuous functions, keep track efficiently of their order in their domain. The algorithm has time complexity of O(nlog/sub 2/n+K min(log/sub 2/n, log/sub 2/K)), where n is the number of functions and K is the total number of intersections between the functions. The solution provides for a convenient object-oriented view of the time-variant priority queue. Contrary to the abstract data type consisting of the array (data structure) and the associated utilities (push, pop), the time-variant priority queue maintains a private state as the data change.<<ETX>>
Design Automation Conference, 1999
We claim that the verification crisis may be solved by bridging the gap between formal verificati... more We claim that the verification crisis may be solved by bridging the gap between formal verification and simulation. This paper presents a study of a functional verification methodology using the coverage of formal models to specify tests. This methodology was applied to a modern superscalar microprocessor and the resulting tests were compared to tests generated using existing methods. The results show that hybrid techniques can indeed improve functional verification. 1.
2008 IEEE International High Level Design Validation and Test Workshop, 2008
A very important class of bugs that occurs in VLSI projects, and especially in System on Chip (So... more A very important class of bugs that occurs in VLSI projects, and especially in System on Chip (SoC) type projects, are bugs caused by two or more processes on chip trying to access a shared resource simultaneously. These kinds of bugs are both hard to find and very likely have the potential to cause a respin if not found since
Eighteenth Convention of Electrical and Electronics Engineers in Israel, 1995
As a means for improving performance, advanced vector processors use an extension of pipelining, ... more As a means for improving performance, advanced vector processors use an extension of pipelining, called vector chaining, whereby the execution of independent instructions is overlapped. The complexity of vector chaining architectures, together with their inherent parallelism and asynchrony, renders their verification extremely difficult. This paper presents an efficient simulation-based scheme for verifying such architectures. The scheme presented here can be
IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 1995
Discrete Applied Mathematics, 2005
For any two n-bit numbers a⩽ b define the Boolean function f [a, b]:{0, 1} n→{0, 1} to be the fun... more For any two n-bit numbers a⩽ b define the Boolean function f [a, b]:{0, 1} n→{0, 1} to be the function for which f [a, b](x)= 1 if and only if x is the binary representation of a number in the interval [a, b]. We consider the disjunctive normal form representation of such functions, ...
Computers & Operations Research, 1992
The research described below was a portion of a large project, involving the utilization of Seman... more The research described below was a portion of a large project, involving the utilization of Semantic Control Theory [E. Y. Rodin, Semantic control theory. Appl. Math. LPrt. 1, 73-78 (1988)] in air combat situations [E. Y. Rodin, L. Wilbur, B. McElhany. S. Mittnik and Y. Lirov, Artificial intelligence in air combat games. Pursuit Et&on Diflermrial Gumes (Edited by Y. Yavin and M. Pachter) pp. 261-274, Pergamon Press, Oxford (1987)]. Specifically, a portion of the model consisted of a knapsack formulation, and it was necessary to study the question of the quality of second and third best solutions; hence the results presented here were developed.
Lecture Notes in Computer Science, 1999
This work presents a novel approach for evaluating the quality of the model checking process. Giv... more This work presents a novel approach for evaluating the quality of the model checking process. Given a model of a design (or implementation) and a temporal logic formula that describes a specification, model checking determines whether the model satisfies the specification. Assume that all specification formulas were successfully checked for the implementation. Are we sure that the implementation is correct? If the specification is incomplete, we may fail to find an error in the implementation. On the other hand, if the specification is complete, then the model checking process can be stopped without adding more specification formulas. Thus, knowing whether the specification is complete may both avoid missed implementation errors and save precious verification time. The completeness of a specification with respect to a given implementation is determined as follows. The specification formula is first transformed into a tableau. The simulation preorder is then used to compare the implementation model and the tableau model. We suggest four comparison criteria, each revealing a certain dissimilarity between the implementation and the specification. If all comparison criteria are empty, we conclude that the tableau is bisimilar to the implementation model and that the specification fully describes the implementation. We also conclude that there are no redundant states in the implementation. The method is exemplified on a small hardware example. We implemented our method symbolically as an extension to SMV. The implementation involves efficient OBDD manipulations that reduce the number of OBDD variables from 4n to 2n.
Proceedings of the 36th ACM/IEEE conference on Design automation conference - DAC '99, 1999
Computers & Mathematics with Applications, 1990
This paper describes the use of logic programming to facilitate in decisions of task assignment i... more This paper describes the use of logic programming to facilitate in decisions of task assignment in air combat. Our approach to the a~r combat problem is through semantic control. We analyze knowledge requirements for reasoning and decision making for this task, and show that a goal selector for this problem can be constructed via logic programming. The assignment problem of a~rcraft to targets is treated as an extension of the classical multiple knapsack problem. A possible temporal tree for soking this problem is described. The model used can also be utilized in other applications where cooperation in a time-varying environment is required: for instance control of robots in a time-varymg environment.