Techniques for the Formal Verification of Analog and Mixed- Signal Designs Mohamed HamedZaki Hussein AThesis in TheDepartment of ElectricalandComputerEngineering PresentedinPartialFulfillmentoftheRequirements fortheDegreeofDoctorofPhilosophyat ConcordiaUniversity Montre´al,Que´bec,Canada 2008 (cid:176)c MohamedHamedZakiHussein,2008 CONCORDIAUNIVERSITY DivisionofGraduateStudies Thisistocertifythatthethesisprepared By: MohamedHamedZakiHussein Entitled: Techniques for the Formal Verification of Analog and Mixed- Signal Designs andsubmittedinpartialfulfilmentoftherequirementsforthedegreeof DoctorofPhilosophy complies with the regulations of this University and meets the accepted standards with respecttooriginalityandquality. Signedbythefinalexaminingcommittee: Dr. PeterGrogono Dr. MarkGreenstreet Dr. IbrahimHassan Dr. PeymanGohari Dr. GlennCowan Dr. Sofie`neTahar Dr. GuyBois Approvedby ChairoftheECEDepartment 2008 DeanofEngineering ABSTRACT Techniques for the Formal Verification of Analog and Mixed- Signal Designs MohamedHamedZakiHussein,Ph.D. ConcordiaUniversity,2008 Embeddedsystemsarebecomingacoretechnologyinagrowingrangeofelectronic devices. Cornerstonesofembeddedsystemsareanalogandmixedsignal(AMS)designs, which are integrated circuits required at the interfaces with the real world environment. TheverificationofAMSdesignsisconcernedwiththeassuranceofcorrectfunctionality, in addition to checking whether an AMS design is robust with respect to different types of inaccuracies like parameter tolerances, nonlinearities, etc. The verification framework describedinthisthesisiscomposedoftwoproposedmethodologieseachconcernedwith a class of AMS designs, i.e., continuous-time AMS designs and discrete-time AMS de- signs. The common idea behind both methodologies is built on top of Bounded Model Checking (BMC) algorithms. In BMC, we search for a counter-example for a property verified against the design model for bounded number of verification steps. If a concrete counter-example is found, then the verification is complete and reports a failure, other- wise, we need to increment the number of steps until property validation is achieved. In general, the verification is not complete because of limitations in time and memory neededfortheverification. Toalleviatethisproblem,weobservedthatundercertaincon- ditions and for some classes of specification properties, the verification can be complete if we complement the BMC with other methods such as abstraction and constraint based iii verification methods. To test and validate the proposed approaches, we developed a pro- totypeimplementationinMathematicaandwetargetedanalogandmixedsignalsystems, likeoscillatorcircuits,switchedcapacitorbaseddesigns,Delta-Sigmamodulatorsforour initialtestsofthisapproach. iv Tomyparentsandmysister v ACKNOWLEDGEMENTS I have been very fortunate to have Dr. Sofie`ne Tahar and Dr. Guy Bois as my su- pervisors. Iwouldliketoexpressmydeepandsinceregratitudetobothofthem. Withthe enthusiasm, inspiration, sound advice and guidance they provided throughout my Ph.D’s studies,Iwasabletofinallywritethisthesis. Iwouldalsoliketothankthemforsupport- ingmefinanciallywhichfacilitatedmetoactivelyconcentrateonresearch. Dr. Tahargavemethefreedomtopursuethisresearch. Hiscontinuoussupportand great effort were a corner stone in my research, and his great personality has shaped my researchinterest. IwouldliketothankDr. Boisforhispatiencewithmedeliveringtheresearchcon- tributionhewasexpectedandforprovidingthenecessaryfeedbackduringthethesis. It has been a great opportunity for me to work with Dr. Ghiath Al Sammane. I am greatly grateful to him also for the inspiring ideas and the long discussions. Without his help,Icouldnothavecompletedthiswork. I also wish to express my gratitude to my Ph.D committee members, Dr. Peyman GohariandDr. IbrahimHassanfortheirinvaluablefeedbackthroughoutthePh.Dandfor giving their limited time for reviewing my thesis. I am specially grateful to Dr. Glenn Cowan for accepting to be on my examination committee. I also like to thank Dr. Mark Greenstreet for taking time out of his busy schedule to serve as my external examiner. I reallyappreciatehavinganexpertofhighcaliberlikehiminmycommittee MycolleaguesfromtheHardwareVerificationGroup(HVG),atConcordiaUniver- sity supported me in my research work. I want to thank them for providing a stimulating andfunenvironment. Iwouldliketoreservemydeepestthankstomyparentsandmysisterfortheirper- petualloveandencouragement. Theirlifetimesupportandencouragementhaveprovided thebasicfoundationofanysuccessIwilleverachieve. EverythingIhaveisgivenbyGod,andmygratitudewouldalwaysbeduetoHim. vi TABLE OF CONTENTS LISTOFTABLES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi LISTOFFIGURES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii LISTOFACRONYMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv 1 Introduction 1 1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1.1 AMSComputer-AidedDesign . . . . . . . . . . . . . . . . . . . 3 1.2 AMSDesignsasHybridSystems . . . . . . . . . . . . . . . . . . . . . . 8 1.2.1 HybridSystemsModeling . . . . . . . . . . . . . . . . . . . . . 9 1.2.2 HybridSystemApproaches . . . . . . . . . . . . . . . . . . . . 10 1.2.3 HybridSystemsVerification . . . . . . . . . . . . . . . . . . . . 12 1.2.4 ModelCheckingHybridSystems . . . . . . . . . . . . . . . . . 13 1.3 ScopeoftheThesis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 1.3.1 AMSFormalVerification . . . . . . . . . . . . . . . . . . . . . . 17 1.3.2 StateoftheArt . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 1.3.3 BasicVerificationConcepts . . . . . . . . . . . . . . . . . . . . 20 1.3.4 ProposedVerificationMethodology . . . . . . . . . . . . . . . . 22 1.4 ThesisContribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 1.5 ThesisOrganization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 2 LiteratureOverview 30 2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 2.2 EquivalenceChecking . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 2.2.1 RelevantWork . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 2.2.2 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 2.3 ProofBasedandSymbolicMethods . . . . . . . . . . . . . . . . . . . . 35 2.3.1 RelevantWork . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 vii 2.3.2 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 2.4 Run-TimeVerification . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 2.4.1 RelevantWork . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 2.4.2 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 2.5 ModelCheckingandReachabilityAnalysis . . . . . . . . . . . . . . . . 40 2.5.1 RelevantWork . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 2.5.2 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 2.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 3 Preliminaries 48 3.1 BasicConcepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 3.1.1 GeneralizedIf-Formula . . . . . . . . . . . . . . . . . . . . . . . 49 3.1.2 TaylorApproximation . . . . . . . . . . . . . . . . . . . . . . . 51 3.1.3 IntervalArithmetics . . . . . . . . . . . . . . . . . . . . . . . . 52 3.1.4 TaylorModels . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 3.1.5 SymbolicSimulation . . . . . . . . . . . . . . . . . . . . . . . . 57 3.2 ModelingAMSDesigns . . . . . . . . . . . . . . . . . . . . . . . . . . 60 3.2.1 Discrete-TimeAMSDesigns . . . . . . . . . . . . . . . . . . . . 61 3.2.2 Continuous-timeAMSDesigns . . . . . . . . . . . . . . . . . . 62 3.2.3 ApproximatingtheBehaviorofCT-AMSDesigns . . . . . . . . . 66 3.2.4 IntervalAbstraction . . . . . . . . . . . . . . . . . . . . . . . . 70 3.3 SpecificationLanguages . . . . . . . . . . . . . . . . . . . . . . . . . . 73 3.3.1 MITL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 3.3.2 ∀CTL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 3.4 SymbolicSimplification . . . . . . . . . . . . . . . . . . . . . . . . . . 79 4 BoundedModelCheckingforCT-AMSDesigns 82 4.1 ReachabilityAnalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 4.1.1 TaylorModelBasedReachability . . . . . . . . . . . . . . . . . 86 viii 4.1.2 SufficientDiscretizationConditions . . . . . . . . . . . . . . . . 90 4.1.3 CheckingSwitchingCondition . . . . . . . . . . . . . . . . . . . 95 4.2 BoundedModelChecking . . . . . . . . . . . . . . . . . . . . . . . . . 98 4.2.1 IntervalBasedBoundedModelChecking . . . . . . . . . . . . . 100 4.2.2 BMCAlgorithms . . . . . . . . . . . . . . . . . . . . . . . . . . 101 4.3 FindingCounter-example . . . . . . . . . . . . . . . . . . . . . . . . . . 109 4.3.1 Counter-exampleGenerationandValidation . . . . . . . . . . . . 111 4.4 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 4.4.1 TunnelDiodeCircuit . . . . . . . . . . . . . . . . . . . . . . . . 115 4.4.2 SchmittTrigger . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 4.4.3 Continuous-Time∆ΣModulator . . . . . . . . . . . . . . . . . . 119 4.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 5 QualitativeAbstractionforCT-AMSVerification 122 5.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 5.1.1 PredicateAbstraction . . . . . . . . . . . . . . . . . . . . . . . . 124 5.1.2 AbstractionBasedVerification . . . . . . . . . . . . . . . . . . . 125 5.1.3 Invariants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 5.2 InvariantsBasedVerification . . . . . . . . . . . . . . . . . . . . . . . . 128 5.2.1 SafetyProperties . . . . . . . . . . . . . . . . . . . . . . . . . . 129 5.2.2 SwitchingProperties . . . . . . . . . . . . . . . . . . . . . . . . 130 5.2.3 ReachabilityVerification . . . . . . . . . . . . . . . . . . . . . . 131 5.3 PredicateAbstraction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 5.3.1 AbstractStateSpace . . . . . . . . . . . . . . . . . . . . . . . . 135 5.3.2 ComputingAbstractTransitions . . . . . . . . . . . . . . . . . . 138 5.3.3 AbstractModelRefinement . . . . . . . . . . . . . . . . . . . . 139 5.4 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 5.4.1 BJTColpittsCircuit . . . . . . . . . . . . . . . . . . . . . . . . 140 5.4.2 Non-LinearAnalogCircuit . . . . . . . . . . . . . . . . . . . . . 141 ix 5.4.3 RLCCircuitOscillator . . . . . . . . . . . . . . . . . . . . . . . 141 5.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 6 VerificationofDT-AMSDesigns 144 6.1 TheVerificationAlgorithms . . . . . . . . . . . . . . . . . . . . . . . . 146 6.1.1 IntervalbasedBMC . . . . . . . . . . . . . . . . . . . . . . . . 146 6.1.2 ConstrainedInductionbasedVerification . . . . . . . . . . . . . 150 6.2 d-InductionBMCMethodology . . . . . . . . . . . . . . . . . . . . . . 154 6.2.1 d-induction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 6.2.2 Combiningd-inductionandIntervalbasedBMC . . . . . . . . . 158 6.3 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 6.3.1 Third-order ∆ΣModulator . . . . . . . . . . . . . . . . . . . . . 160 6.3.2 Non-LinearVoltageSwitchingCircuit . . . . . . . . . . . . . . . 161 6.3.3 Discussions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 6.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 7 Conclusion 166 A MathematicaImplementations 170 A.1 MathematicaFunctions . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Bibliography 174 x
Description: