About
137
Publications
13,431
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,250
Citations
Additional affiliations
July 1999 - December 2015
Publications
Publications (137)
Machine learning (ML) is ever more frequently used as a tool to aid decision-making. The need to understand the decisions made by ML algorithms has sparked a renewed interest in explainable ML models. A number of known models are often regarded as interpretable by human decision-makers with varying degrees of difficulty. The size of such models pla...
Bounded Model Checking (BMC) is one of the most prominent approaches used as a falsification engine, capable of identifying counterexamples of bounded length, in a scalable and sustainable way. Nevertheless, in the context of a portfolio-based verification suite, BMC can benefit from potential interaction with other engines, exploiting their capabi...
This paper addresses model checking based on SAT solvers and Craig interpolants. We tackle major scalability problems of state-of-the-art interpolation-based approaches, and we achieve two main results: (1) A novel model checking algorithm; (2) A new and flexible way to handle an incremental representation of (over-approximated) forward reachable s...
This study investigates the optimal process for locating generic service facilities by applying and comparing several well-known basic models from the literature. At a strategic level, we emphasize that selecting the right location model to use could result in a problematic and possibly misleading task if not supported by appropriate quantitative a...
Electric vehicles are accelerating the world transition to sustainable energy. Nevertheless, the lack of a proper charging station infrastructure in many real implementations still represents an obstacle for the spread of such a technology. In this paper, we present a real-case application of optimization techniques in order to solve the location p...
Spectre and Meltdown attacks in modern microprocessors represent a new class of attacks that have been difficult to deal with. They underline vulnerabilities in hardware design that have been going unnoticed for years. This shows the weakness of the state-of-the-art verification process and design practices. These attacks are OS-independent, and th...
Electric vehicles are accelerating the world’s transition to sustainable energy. Nevertheless, the lack of a proper charging station infrastructure in many real implementations still represents an obstacle for the spread of such a technology. In this
paper, we present a real case application of optimization techniques in order to solve the location...
We address the problem of reducing the size of Craig’s interpolants used in SAT-based Model Checking. Whereas it is well known that interpolants are highly redundant, their compaction is typically tackled by reducing the proof graph and/or by exploiting standard logic synthesis techniques. Furthermore, strengthening and weakening have been studied...
Though modern microprocessors embed several hardware security mechanisms, aimed at guaranteeing confidentiality and integrity of sensible data, recently disclosed attacks such as Spectre and Meltdown witness weaknesses with potentially great impact on CPU security. Both vulnerabilities exploit speculative execution of modern high-performance micro-...
Research on autonomous cars, early intensified in the 1990s, is becoming one of the main research paths in automotive industry. Recent works use Rapidly-exploring Random Trees to explore the state space along a given reference path, and to compute the minimum time collision-free path in real time. Those methods do not require good approximations of...
Hardware systems complexity has constantly increased in recent years. Guaranteeing their correctness is a must. Formal verification techniques, such as model checking, now play a major role in industrial environments. Their efficiency in dealing with large sets of properties is crucial. This paper deals with property grouping, decomposition, and co...
We address the problem of reducing the size of Craig’s interpolants used in SAT-based model checking. Craig’s interpolants are AND-OR circuits, generated by post-processing refutation proofs of SAT solvers. Being highly redundant, their compaction is typically tackled by reducing the proof graph and/or by exploiting standard logic synthesis techniq...
The realization of a deep neural architecture on a mobile platform is challenging, but can open up a number of possibilities for visual analysis applications. A neural network can be realized on a mobile platform by exploiting the computational power of the embedded GPU and simplifying the flow of a neural architecture trained on the desktop workst...
In this paper (This is a short paper accepted in the new ideas and work-in-progress section of SEFM 2017.) we introduce a technique to improve the efficiency of SAT calls in Bounded Model Checking (BMC) problems. The proposed technique is based on exploiting interpolation-based invariants as redundant constraints for BMC. Previous research addresse...
Convolution is the most computationally intensive task of the Convolutional Neural Network (CNN). It requires a lot of memory storage and computational power. There are different approaches to compute the solution of convolution and reduce its computational complexity. In this paper, a matrix multiplication-based convolution (ConvMM) approach is fu...
Embedded systems, like medical or automotive, require basic security functions, often referred to as secure communications. Interest has been growing around defining and formally verifying security related properties, as potentially able to catch hard-to-detect problems. We follow novel research works focused on formalizing security requirements fo...
Robotic controllers have to execute various complex independent tasks repeatedly. Massive processing power is required by the motion controllers to compute the solution of these computationally intensive algorithms. General-purpose graphics processing unit (GPGPU)-enabled mobile phones can be leveraged for acceleration of these motion controllers....
This paper addresses the problem of handling SAT solving in IC3. SAT queries posed by IC3 significantly differ in both character and number from those posed by other SAT-based model checking algorithms. In addition, IC3 has proven to be highly sensitive to the way its SAT solving requirements are handled at the implementation level. The scenario pi...
Deep convolutional neural networks achieve state-of-the-art performance in image classification. The computational and memory requirements of such networks are however huge, and that is an issue on embedded devices due to their constraints. Most of this complexity derives from the convolutional layers and in particular from the matrix multiplicatio...
Several modern applications involve huge graphs and require fast answers to reachability queries. In more than two decades since first proposals, several approaches have been presented adopting on-line searches, hop labelling or transitive closure compression. Transitive closure compression techniques usually construct a graph reachability index, f...
The SRAM cells that form the configuration memory of an SRAM-based FPGA make such FPGAs particularly vulnerable to soft errors. A soft error occurs when ionizing radiation corrupts the data stored in a circuit. The error persists until new data is written. Soft errors have long been recognized as a potential problem as radiation can come from a var...
Many embedded systems, like medical, sensing, automotive, military, require basic security functions, often referred to as “secure communications”. Nowadays, interest has been growing around defining new security related properties, expressing relationships with information flow and access control. In particular, novel research works are focused on...
Nowadays embedded devices collect various kinds of information and provide it to communication networks for further processing. These devices often provide critical functionalities that could be exploited by malicious parties. Using formal techniques is a natural way to increase the confidence in the overall embedded system security. However, the m...
Data representation plays an important role in a classifier's accuracy. A given dataset may lead to better results by simply applying a change of basis while keeping the original number of parameters. In this paper, Gabor Filter based image representation has been exploited for object classification. First, Gabor filter based convolution is compute...
Model checkers and sequential equivalence checkers have become essential tools for the semiconductor industry in recent years.
The Hardware Model Checking Competition (HWMCC) was founded in 2006 with the purpose of intensifying research interest in these technologies, and establishing more of a science behind them. For example, the conference provi...
Embedded systems are increasingly pervasive, interdependent and in many cases critical to our every day life and safety. As such devices are more and more subject to attacks, new protection mechanisms are needed to provide the required resilience and dependency at low cost. Remote attestation (RA) is a software-hardware mechanism that securely chec...
In order to make model checking applicable to realistic problems, simplification techniques are essential. Models may be simplified eliminating the variables that do not appear in the cone-of-influence (COI) of the properties under verification. Efficient COI computation is thus required. Algorithms based on depth-first visits may become cumbersome...
This paper addresses model checking based on SAT solvers and Craig interpolants. We tackle major scalability problems of state-of-The-Art interpolation-based approaches, and we achieve two main results: (1) a novel model checking algorithm; (2) a new and flexible way to handle an incremental representation of (over-Approximated) forward reachable s...
In the framework of symbolic model checking, BDD-based approximate reachability is potentially much more scalable than its exact counterpart. However, its practical applicability is highly limited by its static approach to abstraction, and the intrinsic difficulty to find an acceptable trade-off between accuracy and memory/time complexity. In this...
This paper1 addresses the problem of SAT solver performance in IC3, one of the major recent breakthroughs in Model Checking algorithms. Unlike other Bounded and Unbounded Model Checking algorithms, IC3 is characterized by numerous SAT solver queries on small sets of problem clauses. Besides algorithmic issues, the above scenario poses serious perfo...
This article describes a multithreaded, portfolio-based approach to model checking, where multiple cores are exploited as the underlying computing framework to support concurrent execution of cooperative engines.
We introduce a portfolio-based approach to model checking. Our portfolio is first driven by an approximate runtime predictor that provide...
This paper addresses the problem of reducing the size of Craig interpolants generated within inner steps of SAT-based Unbounded Model Checking. Craig interpolants are obtained from refutation proofs of unsatisfiable SAT runs, in terms of and/or circuits of linear size, w.r.t. the proof. Existing techniques address proof reduction, whereas interpola...
This paper describes a portfolio-based approach for model checking, i.e., an approach in which several model checking engines
are orchestrated to reach the best possible performance on a broad and real set of designs. Model checking algorithms are
evaluated through experiments, and experimental data inspire package tuning, as well as new algorithmi...
This work revisits the formulation of interpolation sequences, in order to better understand their relationships with Bounded Model Checking and with other Unbounded Model Checking approaches relying on standard interpolation. We first focus on different Bounded Model Checking schemes (bound, exact and exact-assume), pointing out their impact on th...
This paper addresses the problem of model checking multiple properties on the same circuit/system. Although this is a typical scenario in several industrial verification frameworks, most model checkers currently handle single properties, verifying multiple properties one at a time. Possible correlations and shared sub-problems, that could be consid...
The design of complex embedded systems deployed in safety-critical or mission-critical applications mandates the availability of methods to validate the system dependability across the whole design flow. In this article we introduce a fault injection approach, based on loadable kernel modules and running under the Linux operating system, which can...
This paper introduces an approach to effectively exploit incremental SAT in order to search for multiple equivalence-preserving
transformations of combinational circuits. Typical applications, such as redundancy removal with observability and external
care conditions, adequate abstractions and other optimizations used in a state-of-the-art SAT-base...
Interpolant-based model checking has been shown to be effective on large verification instances, as it efficiently combines automated abstraction and reachability fixed-point checks. On the other hand, methods based on variable quantification have proved their ability to remove free inputs, thus projecting the search space over state variables. In...
Hardware synthesis is the process by which system-level, Register Transfer (RT)-level, or behavioral descriptions can be turned into real implementations, in terms of logic gates. Scheduling is one of the most time-consuming steps in the overall design flow, and may become much more complex when performing hardware synthesis from high-level specifi...
This paper introduces an approach to effectively exploit incremental SAT in order to search for multiple equivalence-preserving transformations of combinational circuits. Typical applications such as redundancy removal with observability and external care conditions, adequate abstractions and other optimizations used in a state-of-the-art SAT-based...
Constraints represent a key component of state-of-the-art verification tools based on compositional approaches and assume--guarantee reasoning. In recent years, most of the research efforts on verification constraints have focused on defining formats and techniques to encode, or to synthesize, constraints starting from the specification of the desi...
This paper describes optimized techniques to efficiently compute and reap benefits from inductive invariants within satisfiability (SAT)-based model checking. We address sequential circuit verification and consider both equivalences and implications between pairs of nodes in the logic networks. First, we present a very efficient dynamic procedure,...
Interpolant-based model checking has been shown effective on large verification instances, as it efficiently combines automated abstraction and fixed-point checks. On the other hand, methods based on variable quantification have proved their ability to remove free inputs, thus projecting the search space over state variables. In this paper we propo...
This paper addresses the field of Unbounded Model Checking (UMC) based on SAT engines, where Craig interpolants have recently gained wide acceptance as an automated abstraction technique. We start from the observation that interpolants can be quite effective on large verification instances. As they operate on SAT-generated refutation proofs, interp...
SAT-based Unbounded Model Checking based on Craig Interpolants is often able to overcome BDDs and other SAT-based techniques on large verification instances. Based on refutation proofs gener- ated by SAT solvers, interpolants provide compact circuit representations of state sets, as they ab- stract away several nonrelevant details of the proofs. We...
This chapter covers mutual interactions between Boolean Satisfiability (SAT) solvers and Binary Decision Diagrams (BDDs).
More precisely, the presentation is focused on approaches mixing methodologies, techniques, and ideas coming from both research
domains. First of all, it gives some preliminary definitions and it presents the main differences an...
This paper focuses on inductive invariants in unbounded model checking to improve efficiency and scalability. First of all, it introduces optimized techniques to speedup the computation of inductive invariants, considering both equivalences and implications between pairs of nodes in the logic network. Secondly, it presents a very efficient dynamic...
This paper describes novel contributions to the problem of sequential equivalence checking. We address industrial setups,
where the design of VLSI chips typically requires checking the equivalence of an RTL model (the specification) and a gate
level optimized circuit (the implementation). Due to the size of the overall problem, compositionality is...
This paper addresses SAT-based Unbounded Model Check- ing based on Craig Interpolants. This recently introduced methodology is often able to outperform BDDs and other SAT-based techniques on large verification instances. Based on refutation proofs generated by SAT solvers, interpolants provide compact circuit representations of state sets, and abst...
This chapter overviewes Binary Decision Diagrams (BDDs) and their application in Formal Hardware Verification. BDDs are first
described as a representation formalism for Boolean functions. BDDs are directed acyclic graphs, deriving their efficiency
from canonicity, and from their ability to be exponentially more compact, in terms of node count, tha...
Symbolic state space traversal techniques are one of the most notable achievements in the fields of formal verification and of automated synthesis. Transition functions and transition relations are two alternative approaches. In terms of efficiency, transition functions have proven to be superior, although the transition relation is much more expre...
A non-canonical circuit-based state set representation is used to perform quantifier elimination efficiently. The novelty of this approach lies in adapting equivalence checking and logic synthesis techniques to the goal of compacting circuit based state set representations resulting from existential quantification. The method can be efficiently com...
Hardware scheduling is a well-known and well-studied problem. This paper defines a new SAT-based formulation of automata-based scheduling and proposes for the first time a completely new resolution algorithm based on SAT solvers and bounded model checking (BMC).
The new formulation is specifically suited to control-dominated applications. Alternati...
This work proposes a fully BDD-based approach based on: mixing forward and backward traversals, dovetailing approximate and exact methods, adopting guided and partitioned searches, and using conjunctive decompositions and generalized-cofactor-based BDD simplifications. The method is exact, i.e., it does not produce false negatives or positives, and...
In this paper, we propose a methodology to make Binary Decision Diagrams (BDDs) and Boolean Satisfiability (SAT) Solvers cooperate. The underlying idea is simple: We start a verification task with BDDs, we go on with them as long as the problem remains of manageable size, then we switch to SAT, without losing the work done on the BDD domain. We pro...
Binary Decision Diagrams (BDDs) have been widely used for hardware verification since the beginning of the '90s, whereas Boolean Satisfiability (SAT) has been gaining ground more recently, with the introduction of Bounded Model Checking (BMC). In this paper we dovetail BDD and SAT based methods to improve the efficiency of BMC More specifically, we...
This paper describes a novel application for SAT-based Bounded Model Checking (BMC) within hardware scheduling problems.First of all, it introduces a new model for control-dependent systems. In this model, alternative executions (producing “tree-like” scheduling traces) are managed as concurrent systems, where alternative behaviors are followed in...
Data l'importanza delle Macchine a Stati Finiti nell'hardware, sono stati sviluppati vari approcci alla loro sintesi, verifica, collaudo e diagnosi. Questo articolo presenta un approccio unificante, basato sulla rappresentazione delle funzioni booleane mediante Binary Decision Diagram (BDD) ed algoritmi di attraversamento simbolico dello spazio deg...
Over the last decade BDD-based symbolic manipulations have been among the most widely used core technologies in the verification domain. To improve their efficiency within the framework of Unbounded Model Checking, we follow some of the most successful trends proposed in this field.
We present a very promising approach based on: Mixing forward and...
The core computation in BDD-based symbolic synthesis and verification is forming the image and pre-image of sets of states under the transition relation characterizing the sequential behavior of the design. Computing an image or a pre-image consists of ordering the latch transition relations, clustering them and eventually re-ordering the clusters....
The usefulness of Bounded Model Checking (BMC) based on propositional satisfiability (SAT) methods has recently proven its efficacy for bug hunting. BDD based tools are able to verify broader sets of properties (e.g. CTL formulas) but recent experimental comparisons between SAT and BDDs in formal verification lead to the conclusion that SAT approac...
Scheduling is widely recognized as a very important step in high-level synthesis. Nevertheless, it is usually done without taking into account the effects on the actual hardware implementation. This paper presents an efficient symbolic technique to concurrently integrate operation scheduling and resource allocation. The technique inherits all the f...
Scheduling is widely recognized as a very important step in high-level synthesis. Nevertheless, it is usually done without taking into account the effects on the actual hardware implementation. This paper presents an efficient symbolic technique to concurrently integrate operation scheduling and resource allocation. The technique inherits all the f...
We propose a BDD based representation for Boolean functions, which extends conjunctive/disjunctive decompositions. The model
introduced (Meta-BDD) can be considered as a symbolic representation of k-Layer automata describing Boolean functions. A layer is the set of BDD nodes labeled by a given variable, and its characteristic
function is represente...
We address BDD based reachability analysis, which is the core technique of symbolic sequential verification and Model Checking.
Reachability analysis is an orthogonal, state-of-the-art technique for the verification and validation of finite state machines (FSMs). Due to the state space explosion problem, it is currently limited to medium-small circuits, and extending its applicability is still a key issue. Among the factors that limit reachability analysis, let us list: the...
We address BDD based reachability analysis, which is the core technique of symbolic sequential verification and Model Checking. Within this framework, non purely breadth-first and guided traversals have shown their value to improve efficiency by reducing memory consumption for BDD representation. We propose a guided search strategy exploiting perfo...
Embedded systems are increasingly important. They are currently
implemented as a mix of hardware and software components, and they must
satisfy strict real-time constraints. To achieve this, several counting
devices are usually introduced in the system. As a result, embedded
systems exhibit extremely deep state spaces, and standard analysis
methods...
State space exploration is often used to prove properties about sequential behavior of Finite State Machines (FSMs). For example, equivalence of two machines is proved by analyzing the reachable state set of their product machine. Nevertheless, reachability analysis is infeasible on large practical examples. Combinational verification is far less e...
Symbolic traversals are state-of-the-art techniques for proving the input/output equivalence of finite state machines. Due to state space explosion, they are currently limited to medium-small circuits. Starting from the limits of standard techniques, this paper presents a mix of approximate forward and exact backward traversals that results in an e...
Symbolic techniques have undergone major improvements in the last
few gears. Nevertheless, applications are still limited by memory size
and time constraints. As a consequence, extending their applicability to
larger and real circuits is still a key issue. Within this framework, we
introduce “activity profiles” as a novel technique to
characterize...
, Constrain, Restrict, ... They are implemented by resorting to the corresponding CUDD functions. Restrictions apply to partitioned forms (described in the package documentation). Load/store to le. Boolean functions and variables may be stored to le. The functions are implemented through the dddmp package (distributed with CUDD) which provides ecie...