1. Field of the Invention
The present invention relates to a technique for deriving properties of a system, and more especially but not exclusively to a technique for deriving properties of a hardware system using a model of the system.
2. Description of the Prior Art
When seeking to derive the properties of a system on the basis of known transition functions of the system and all of the possible starting states, it is known to use so-called "post-image" techniques to derive the reachable states of the system. A known set of initial states is selected and the post-image of that initial set is formed to provide a first reachable set. The first reachable set is compared to the known set of reachable states and, if the known set does not comprise the first reachable set, a new set of known reachable states is formed comprising the combination of the set of reachable states and the first reachable set. If however the known set of reachable states comprises the first reachable set, the set of reachable states is determined to be an invariant of the system, and computation ceases.
Where the system model is a set of transition functions, it would be considerably more efficient to produce the so-called "pre-image" of a set of states than it would be to produce the post-image. In simple terms, where each of several inputs to a system causes one of a set of outputs, a worst case for testing which input provided one particular output of interest would require all of the inputs to be applied in turn before it was possible to identify the input that gave rise to the particular output.