1 / 15

Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System

Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System. Wesley Gonçalves Silva <wesley@lisha.ufsc.br>. Hardware verification. Error state. Testbenches. Start state. Simulation. Hardware verification. Error state. Manually Defined. FSM.

asta
Télécharger la présentation

Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva <wesley@lisha.ufsc.br>

  2. Hardware verification Error state Testbenches Start state Simulation

  3. Hardware verification Error state Manually Defined FSM Properties temporal logic F – eventually G – always N – next U – until Formal model Start state Formal Verification Formal Verification

  4. Problem identification Formal Verification Simulation Verification • Best suitable for small systems, in order to avoid the state explosion problem • How many properties are required to guarantee 100% of design coverage? • Just data points are verified, i.e. incomplete coverage problem • Very dependent on system Property P1 Property P2 Property P3

  5. Problem identification • Two main problems • To cover a hundred percent of the system • To automate de process • Automatic property generation is indicated • It is less susceptible to human error • Cost and time of the project can be decreased • It supports the identification of additional properties improving the system coverage

  6. State-of-the-art • Rogin, F.; Klotz, T.; Fey, G.; Drechsler, R.; Riilke, S. Automatic Generation of Complex Properties for Hardware Designs. Design, Automation and Test in Europe, 2008 • Properties are extracted combining signals from simulation trace data • High-quality properties depend of extensive system simulation

  7. State-of-the-art • Vasudevan, S.; Sheridan, D.; Patel, S.; Tcheng, D.; Tuohy, B.; Johnson, D. GoldMine: Automatic assertion generation using data mining and static analysis. Design, Automation & Test in Europe, 2010 • The developed tool also extracts properties analyzing simulation trace data • Static analysis (behavioral analysis) • Data mining (knowledge and information from simulation)

  8. State-of-the-art • Both applied to RTL design verification • They extract properties from simulation trace • The quality of the properties depends of the simulation • It is required high effort in testbenches elaboration

  9. State-of-the-art: Contribution Specification State Machines Property Generation Properties Formal verification tool • The proposed approach extracts properties from state machines • Avoiding the high effort in testbenches elaboration • A procedure explores the state space

  10. Semi-automatic generation Has a FSM as input Visit each state foreach states as state … end foreachstate.next as next if state != next then setNextProperty(state, state.next) else setNotLockedProperty(state) end end foreachstate.next as next if state != next then setNextProperty(state, state.next) else setNotLockedProperty(state) end end setReachableFinalState(state) algorithm propertyGeneration(states) Identification of the next (X) operator Identification of infinite loops in a state Identification of reachable final states

  11. Automatic property generation: implementation VeriABC ABC RTL + SVA AIGER Debug Error Trace Proven • Two tools are used to perform the verification, both from Berkeley • VeriABC(LONG, J.; RAY, S.; STERIN, B.; MISHCHENKO, A.; BRAYTON, R. Enhancing ABC for LTL stabilization verification of SystemVerilog/VHDL models. 2011) • ABC Model Checker (http://www.eecs.berkeley.edu/ alanmi/abc/)

  12. Automatic property generation: implementation • Verification flow Specification State Machines Property Generation VeriABC ABC RTL + SVA AIGER Debug Error Trace Proven

  13. Results buff_empty sending • F (data_available) → X (idle,send) • F(notbuff_empty) → X (idle,send) idle send data_available • F (end_sending) → X (send,inc.spc) • F(notsending) → X (send, inc.spc) wait_data end_sending inc. spc • F (wait_data) → X (inc.spc,idle)

  14. Conclusion and future work • Model checking has a coverage problem depending on the number of properties • Automatic generation of properties is desirable • State-of-the-arts automatic generation depend of high effort in simulation • we proposed a semi-automatic generation of properties from state machines • Automation the formal verification helps the acceptance in the industrial process

  15. Conclusion and future work To improve the heuristic to define and filter the properties To verify other modules of the UTMC

More Related