Skip to main content
Springer Nature Link
Log in

Too Few or Too Many Properties? Measure it by ATPG!

  • Published:
Journal of Electronic Testing Aims and scope Submit manuscript

Abstract

Verification of a design, based on model checking, requires the identification of a set of formal properties manually derived from the specification of the design under verification (DUV). Such a set can include too few or too many properties. This paper proposes to use a functional ATPG to identify missing properties and to remove unnecessary ones. In particular, the paper refines, extends, and compares, with other symbolic approaches, a methodology to estimate the completeness of formal properties, which exploits a functional fault model and a functional ATPG. Moreover, the same fault model and ATPG are used to face the opposite problem of identifying useless properties, that is, properties which are in logical consequence. Logical consequence between properties is generally examined by using theorem proving, which may require a large amount of time and space resources. On the contrary, the paper proposes a faster approach which analyzes logical consequence by observing the property capability of revealing functional faults. The joint use of the methodologies allows to optimize the set of properties used for several verification sessions needed to check all design phases of an incremental design flow.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Notes

  1. Note that, the proposed methodology is applied in the same way when the environment is not required.

  2. Note that ι is also a test sequence for f on \({\cal I}\).

  3. A safety property is a formula that states that the DUV must never evolve in a not accepted configuration.

  4. A liveness property is a formula that states that sooner or later the DUV must evolve in a particular configuration.

  5. This is true if the sets to be compared are ordered. However, this is guaranteed by the fault simulator, which analyzes faults in ascending order with respect to the activation codes.

References

  1. Abarbanel Y, Beer I, Gluhovsky L, Keidar S, Wolfsthal Y (2000) FoCs—Automatic generation of simulation checkers from formal specifications. In: Proc. of CAV, vol 1855 of LNCS. Springer-Verlag, pp 538–542

  2. Cheng K-T, Jou J-Y (1990) A single-state-transition fault model for sequential machines. In: Proc. of IEEE ICCAD, pp 226–229

  3. Clarke E, Grumberg D, Peled D (2000) Model checking. MIT Press

  4. Clarke E, Grumberg O, McMillan K, Zhao X (1995) Efficient generation of counterexamples and witnesses in symbolic model checking. In: Proc. of ACM/IEEE DAC, pp 427–432

  5. Chockler H, Kupferman O, Kurshan RP, Vardi MY (2001) A practical approach to coverage in model checking. In: Proc. of CAV, pp 66–78

  6. Chockler H, Kupferman O, Vardi MY (2001) Coverage metrics for temporal logic model checking. In: Proc. of international conference on tools and algorithms for the construction and analysis of systems, vol 2031 of LNCS. Springer, New York, NY, pp 528–542

    Chapter  Google Scholar 

  7. Chockler H, Kupferman O, Vardi MY (2003) Coverage metrics for formal verification. In: Correct hardware design and verification methods, vol 2860 of LNCS. Springer, New York, NY, pp 111–125

    Google Scholar 

  8. Department of Electrical and Computer Engineering at the University of Texas, Austin (1999) Texas97 benchmarks. In: http://embedded.eecs.berkeley.edu/research/vis/texas-97

  9. Di Guglielmo G, Fummi F, Marconcini C, Pravadelli G (2006) FATE: a functional ATPG to traverse unstabilized EFSMs. In: Proc. of IEEE ETS, pp 179–184

  10. Emerson E, Halpen J (1985) Decision procedures and expressiveness in the temporal logic of branching time. J Comput Syst Sci 30:1–24

    Article  MATH  Google Scholar 

  11. Fedeli A, Fummi F, Pravadelli G, Rossi U, Toto F (2003) On the use of a high-level fault model to check properties incompleteness. In: Proc. of ACM/IEEE MEMOCODE, pp 145–152

  12. Ferrandi F, Fummi F, Gerli L, Sciuto D (1999) Symbolic functional vector generation for VHDL specifications. In: Proc. of IEEE DATE, pp 442–446

  13. Fin A, Fummi F (2003) Laerte++: an object oriented high-level TPG for systemC designs. In: Languages for system specification: Selected contributions on UML, systemC, system Verilog, mixed-signal systems, and property specification from FDL’03, pp 105–107

  14. Harris I (2003) Fault models and test generation for hardware-software covalidation. IEEE Des Test Comput 20(4):40–47

    Article  Google Scholar 

  15. Hoskote Y, Kam T, Ho PH, Zao X (1999) Coverage estimation for symbolic model checking. In: Proc. of ACM/IEEE DAC, pp 300–305

  16. Jayakumar N, Purandare M, Somenzi F (2003) Dos and don’ts of CTL state coverage estimation. In: Proc. of ACM/IEEE DAC, pp 292–295

  17. Katz S, Grumberg O, Geist D (1999) Have I written enough properties? - A method of comparison between specification and implementation. In: Correct hardware design and verification methods, vol 1703 of LNCS. Springer, New York, NY, pp 280–297

    Google Scholar 

  18. Lee T-C, Hsiung P-A (2004) Mutation coverage estimation for model checking. In: Proc. of international symposium on automated technology for verification and analysis, vol 3299 of LNCS. Springer, pp 534–368

  19. Lichtenstein O, Pnueli A (2000) Propositional temporal logics: decidability and completeness. Log J IGPL 8:55–85

    Article  MATH  MathSciNet  Google Scholar 

  20. McMillan KL (1993) Symbolic model checking. Kluwer, Norwell, MA

    MATH  Google Scholar 

  21. Politecnico di Torino (1999) ITC-99 benchmarks. In: http://www.cad.polito.it/tools/itc99.html

  22. Reynolds M (2001) An axiomatization of full computation tree logic. J Symb Log 66(3):1011–1057

    Article  MATH  MathSciNet  Google Scholar 

  23. Santos MB, Gonçalves FM, Teixeira IC, Teixeira JP (2000) RTL-based functional test generation for high defects coverage in digital SoCs. In: Proc. of IEEE ETW, pp 99–104

  24. Taziran S, Keutzer K (2001) Coverage metrics for functional validation of hardware design. IEEE Des Test Comput 18(4):36–45

    Article  Google Scholar 

  25. Xu X, Kimura S, Horikawa K, Tsuchiya T (2005) Transition traversal coverage estimation for symbolic model checking. In: Proc. of ACM/IEEE MEMOCODE, pp 259–26

  26. Xu X, Kimura S, Horikawa K, Tsuchiya T (2006) Transition-based coverage estimation for symbolic model checking. In: Proc. of ACM/IEEE ASP-DAC, pp 1–6

Download references

Acknowledgment

This work has been partially supported by the VERTIGO European project FP6-2005-IST-5-033709.

Author information

Authors and Affiliations

  1. Dipartimento di Informatica, Università di Verona, Verona, Italy

    Franco Fummi & Graziano Pravadelli

Authors
  1. Franco Fummi
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Graziano Pravadelli
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Graziano Pravadelli.

Additional information

Responsible Editor: C. Landrault

Rights and permissions

Reprints and permissions

About this article

Cite this article

Fummi, F., Pravadelli, G. Too Few or Too Many Properties? Measure it by ATPG!. J Electron Test 23, 373–388 (2007). https://doi.org/10.1007/s10836-007-5015-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10836-007-5015-5

Keywords