Hardware/software formal co-verification using hardware verification techniques
02 Oct 2012-pp 465-470
TL;DR: The proposed methodology to verify an industrial LIN being ported to an open source micro controller and a systematic method to formulate properties for the system using extracted information from software programs are proposed.
Abstract: This paper describes a methodology for hardware/software formal co-verification. In the proposed methodology, a unified computational model is constructed for a hardware/software system under verification, in which the software and the hardware are tightly connected. In addition, we proposed a systematic method to formulate properties for the system using extracted information from software programs. Consequently, the properties can describe system behaviors in both software and hardware level. The interval property checking (IPC) technique is used to verify the computational model against the properties. We applied the proposed methodology to verify an industrial LIN being ported to an open source micro controller.
Citations
More filters
01 Jan 2021
27 Apr 2021
TL;DR: In this article, the structure of a system for joint hardware/software simulation on functional-logic level is described based on the analysis of the features of modern digital systems, and the purpose of the simulation is to debug a design of digital system before production.
Abstract: Based on the analysis of the features of modern digital systems, the structure of a system for joint hardware/software simulation on functional-logic level are described. The purpose of the simulation is to debug a design of digital system before production. A hardware mathematical model is proposed, taking into account the peculiarities of modern digital systems, namely: the presence of bidirectional buses, high-impedance state of the outputs, internal memory of blocks. It is shown that the joint hardware/software simulation is reduced to solving systems of logical equations at each cycle of simulation.
01 Jan 2021
DOI•
09 Jun 2022
TL;DR: It is shown that the most universal and convenient approach is to use the computer model of a digital system design as a debug object, which could be used for any structure and architecture of adigital system.
Abstract: In digital system design, it is necessary to check the infallibility of the design and to eliminate errors, if any. This process is called design debugging. It requires a debugging object, debugging modes for digital system functioning, a set of tests representing all modes of digital system functioning, the opportunity to define the correctness of output and internal variables of the debugging object and possibilities to correct the design. Design debugging can be done on a hardware prototype or computer model of a digital system. Intermediate approaches include prototyping only non-typical electronic blocks and connecting them with a typical hardware core or adding special hardware blocks to the computer model of a digital system. All abovementioned components of the debugging process are discussed for four cases of debug objects representing digital system. Fundamental possibility, convenience, cost and efficiency are considered. It is shown that the most universal and convenient approach is to use the computer model of a digital system design as a debug object. This approach could be used for any structure and architecture of a digital system. Nevertheless, other approaches are also used.
01 Oct 2013
TL;DR: A case-study of formal co-verification of a Local Interconnect Network (LIN) master node which is implemented as an embedded system is described, and an abstract technique is applied to reduce the size of the LIN master node implementation.
Abstract: In this paper, we describe a case-study of formal co-verification of a Local Interconnect Network (LIN) master node which is implemented as an embedded system. We use the framework described in [1] to formally co-verify the LIN master node. However, as the proof problem of verifying global behaviors of the LIN master node is complex and exceeds the capacity of a state-of-the-art formal property checker, we apply an abstract technique to reduce the size of the LIN master node implementation. In our abstraction technique, only LIN protocol-related behaviors are kept in the new, simplified LIN master node. After abstraction, we can successfully verify several global properties against the LIN master node.
Cites background or methods from "Hardware/software formal co-verific..."
...We use the framework described in [1] to formally co-verify the LIN master node....
[...]
...In [1], the authors proposed to verify the tightly integrated embedded systems using hardware verification technique....
[...]
...Compared to the verification framework in [1], the efficiency of the abstraction-based framework has increased tremendously, in term of both CPU time and memory consumption....
[...]
...We conduct experiment with the LIN master node described in [1]....
[...]
...Several works [1, 6, 7] have been proposed to verify the embedded systems as tightly integrated systems....
[...]
References
More filters
29 Mar 2004
TL;DR: The tool supports almost all ANSI-C language features, including pointer constructs, dynamic memory allocation, recursion, and the float and double data types, and is integrated into a graphical user interface.
Abstract: We present a tool for the formal verification of ANSI-C programs using Bounded Model Checking (BMC). The emphasis is on usability: the tool supports almost all ANSI-C language features, including pointer constructs, dynamic memory allocation, recursion, and the float and double data types. From the perspective of the user, the verification is highly automated: the only input required is the BMC bound. The tool is integrated into a graphical user interface. This is essential for presenting long counterexample traces: the tool allows stepping through the trace in the same way a debugger allows stepping through a program.
1,425 citations
"Hardware/software formal co-verific..." refers methods in this paper
...software programs are verified using software verification techniques [7], [8], [3], [12]....
[...]
01 Jan 2002
TL;DR: This work has successfully applied the SLAM toolkit to Windows XP device drivers, to both validate behavior and find defects in their usage of kernel APIs.
Abstract: The goal of the SLAM project is to check whether or not a program obeys "API usage rules" that specify what it means to be a good client of an API. The SLAM toolkit statically analyzes a C program to determine whether or not it violates given usage rules. The toolkit has two unique aspects: it does not require the programmer to annotate the source program (invariants are inferred); it minimizes noise (false error messages) through a process known as "counterexample-driven refinement". SLAM exploits and extends results from program analysis, model checking and automated deduction. We have successfully applied the SLAM toolkit to Windows XP device drivers, to both validate behavior and find defects in their usage of kernel APIs.
1,024 citations
"Hardware/software formal co-verific..." refers methods in this paper
...Even though this traditional approach is successful in formally verifying hardware processors [13] and in identifying important bugs in software programs [4] the method has disadvantages when applied to an hardware/software system where hardware components and software programs are integrated more tightly....
[...]
TL;DR: This article surveys a technique called Bounded Model Checking (BMC), which uses a propositional SAT solver rather than BDD manipulation techniques, and is widely perceived as a complementary technique to BDD-based model checking.
Abstract: Symbolic model checking with Binary Decision Diagrams (BDDs) has been successfully used in the last decade for formally verifying finite state systems such as sequential circuits and protocols. Since its introduction in the beginning of the 90's, it has been integrated in the quality assurance process of several major hardware companies. The main bottleneck of this method is that BDDs may grow exponentially, and hence the amount of available memory re- stricts the size of circuits that can be verified efficiently. In this article we survey a technique called Bounded Model Checking (BMC), which uses a propositional SAT solver rather than BDD manipulation techniques. Since its introduction in 1999, BMC has been well received by the industry. It can find many logical er- rors in complex systems that can not be handled by competing techniques, and is therefore widely perceived as a complementary technique to BDD-based model checking. This observation is supported by several independent comparisons that have been published in the last few years.
904 citations
01 May 2001
TL;DR: This work presents the first algorithm to automatically construct a predicate abstraction of programs written in am industrial programming language such as C, and its implementation in a tool -- C2BP, part of the SLAM toolkit.
Abstract: Model checking has been widely successful in validating and debugging designs in the hardware and protocol domains. However, state-space explosion limits the applicability of model checking tools, so model checkers typically operate on abstractions of systems.Recently, there has been significant interest in applying model checking to software. For infinite-state systems like software, abstraction is even more critical. Techniques for abstracting software are a prerequisite to making software model checking a reality.We present the first algorithm to automatically construct a predicate abstraction of programs written in an industrial programming language such as C, and its implementation in a tool — C2BP. The C2BP tool is part of the SLAM toolkit, which uses a combination of predicate abstraction, model checking, symbolic reasoning, and iterative refinement to statically check temporal safety properties of programs.Predicate abstraction of software has many applications, including detecting program errors, synthesizing program invariants, and improving the precision of program analyses through predicate sensitivity. We discuss our experience applying the C2BP predicate abstraction tool to a variety of problems, ranging from checking that list-manipulating code preserves heap invariants to finding errors in Windows NT device drivers.
800 citations
"Hardware/software formal co-verific..." refers methods in this paper
...software programs are verified using software verification techniques [7], [8], [3], [12]....
[...]
01 Jan 2009
TL;DR: This article surveys a technique called Bounded Model Checking (BMC), which uses a propositional SAT solver rather than BDD manipulation techniques, and is widely perceived as a complementary technique to BDD-based model checking.
Abstract: Besides Equivalence Checking [KK97, KPKG02] the most important industrial application of SAT is currently Bounded Model Checking (BMC) [BCCZ99]. Both techniques are used for formal hardware verification in the context of electronic design automation (EDA), but have successfully been applied to many other domains as well. In this chapter, we focus on BMC. In practice, BMC is mainly used for falsification resp. testing, which is concerned with violations of temporal properties. However, the original paper on BMC [BCCZ99] already discussed extensions that can prove properties. A considerable part of this chapter discusses these complete extensions, which are often called “unbounded” model checking techniques, even though they are build upon the same principles as plain BMC. Two further related applications, in which BMC becomes more and more important, are automatic test case generation for closing coverage holes, and disproving redundancy in designs. Most of the techniques discussed in this chapter transfer to this more general setting as well, even though our focus is on property verification resp. falsification. The basic idea of BMC is to represent a counterexample-trace of bounded length symbolically and check the resulting propositional formula with a SAT solver. If the formula is satisfiable and thus the path feasible, a satisfying assignment returned by the SAT solver can be translated into a concrete counterexample trace that shows that the property is violated. Otherwise, the bound is increased and the process repeated. Complete extensions to BMC allow to stop this process at one point, with the conclusion that the property cannot be violated, hopefully before the available resources are exhausted.
689 citations
"Hardware/software formal co-verific..." refers methods in this paper
...Hence, the number of time frames that the design needs to be unrolled is only given by the length of the property instead of the diameter of the design as in conventional BMC. IPC has been succefully used to verify industrial hardware designs....
[...]
...Similar to Bounded Model Checking BMC [5], it uses a SAT solver to refute an interval property....
[...]
...Similar to Bounded Model Checking BMC [5], it uses a SAT solver to...
[...]
...The resulting SAT instance is given by the following equation: p =as(V 0) ∧ t=n−1∧ t=0 (at(X t))∧( t=n−1∨ t=0 ct(Xt, Y t, V t) ∨ ce(V t) ) ∧ t=n−1∧ t=0 T (V t, Xt, V t+1) (4) In the Equation 4, Xt, Y t, V t, and T respectively denote the input variables, the output variables, the state variables and the transition relation of the design at time point t. Importantly, in contrast to standard BMC, in IPC the time points t in the above model are relative offsets from an arbitrary state at an arbitrary time....
[...]