Writing, Verifying and Exploiting Formal Specifications for Hardware Designs Chapter 3: Verifying a Specification Presenter: Scott Crosby.

Slides:

Advertisements

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

Advertisements

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.

Model Checking Lecture 1.

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

CS6133 Software Specification and Verification

Presenter: PCLee VLSI Design, Automatic and Test, (VLSI-TSA-DAT).

Software Failure: Reasons Incorrect, missing, impossible requirements * Requirement validation. Incorrect specification * Specification verification. Faulty.

VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.

6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.

Presenter: PCLee – This paper outlines the MBAC tool for the generation of assertion checkers in hardware. We begin with a high-level presentation.

Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions.

May 11, ACL2 Panel: What is the Future of Theorem Proving? Arvind Computer Science & Artificial Intelligence Laboratory.

© Katz, 2007CS Formal SpecificationsLecture - Temporal logic 1 Temporal Logic Formal Specifications CS Shmuel Katz The Technion.

Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

© Betty HC Cheng. This presentation is available free for non-commercial use with attribution under a creative commons license. Acknowledge: S.

Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.

Review of the automata-theoretic approach to model-checking.

Fundamentals of Simulation-Based Verification 1.Structure of a Testbench - stimulus, checkers, etc. 2.Observation and Assertions - automatic checking of.

A logic for reasoning about digital rights Riccardo Pucella, Vicky Weissman Cornell University.

University of Toronto Department of Computer Science © Steve Easterbrook. This presentation is available free for non-commercial use with attribution.

System Design Research Laboratory Specification-based Testing with Linear Temporal Logic Li Tan Oleg Sokolsky Insup Lee University of Pennsylvania.

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.

1 Temporal Logic-Overview FM Temporal Logic u Classical logic: Good for describing static conditions u Temporal logic: Adds temporal operators Describe.

1 Introduction to SMV and Model Checking Mostly by: Ken McMillan Cadence Berkeley Labs Small parts by: Brandon Eames ISIS/Vanderbilt.

Institute for Applied Information Processing and Communications 1 Karin Greimel Semmering, Open Implication.

ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.

Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.

On Reducing the Global State Graph for Verification of Distributed Computations Vijay K. Garg, Arindam Chakraborty Parallel and Distributed Systems Laboratory.

Specifying circuit properties in PSL. Formal methods Mathematical and logical methods used in system development Aim to increase confidence in riktighet.

CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.

COP4020 Programming Languages Introduction to Axiomatic Semantics Prof. Robert van Engelen.

- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -

Chapter 17. Assertions State Assertion – predicate intended to express that a descriptive or prescriptive property holds in an arbitrarily chose current.

Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.

Verification & Validation By: Amir Masoud Gharehbaghi

Constraints Assisted Modeling and Validation Presented in CS294-5 (Spring 2007) Thomas Huining Feng Based on: [1]Constraints Assisted Modeling and Validation.

Winter 2007SEG2101 Chapter 121 Chapter 12 Verification and Validation.

Bounded Model Checking A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic Model Checking without BDDs, TACAS’99 Presented by Daniel Choi Provable Software.

From Natural Language to LTL: Difficulties Capturing Natural Language Specification in Formal Languages for Automatic Analysis Elsa L Gunter NJIT.

September 1999Compaq Computer CorporationSlide 1 of 16 Verification of cache-coherence protocols with TLA+ Homayoon Akhiani, Damien Doligez, Paul Harter,

Deriving formal specifications (almost) automatically Glenn Ammons and Ras Bodik and James R. Larus.

Finding Security Vulnerabilities in a Network Protocol Using Formal Verification Methods Orna Grumberg Technion, Israel Joint work with Adi Sosnovich and.

Interface specifications At the core of each Larch interface language is a model of the state manipulated by the associated programming language. Each.

Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.

CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.

29/06/2016Verification Synchronous Languages Verification.

Complexity of Compositional Model Checking of Computation Tree Logic on Simple Structures Krishnendu Chatterjee Pallab Dasgupta P.P. Chakrabarti IWDC 2004,

CIS 842: Specification and Verification of Reactive Systems

Automatic Verification of Industrial Designs

Program correctness Model-checking CTL

Presentation transcript:

Writing, Verifying and Exploiting Formal Specifications for Hardware Designs Chapter 3: Verifying a Specification Presenter: Scott Crosby

The problem Specifications have problems –Incorrect –Buggy –No hardware to compare

What they have ‘Spell check’ a specification Check for correctness properties Automatically generate test sequences Proof it can be implemented –With no explicit state machine

Reminders Specification: –No explicit state machine –Monitor Judge Deterministic

Mealy Machine

Properties of Properties List of properties –Grouped by the agent Correct i = agent i is correct –ANTECEDENT  CONSEQUENT Consequent –Λ,V,¬, prev() Antecedent –Λ,V,¬, prev() –prev(trdy Λ stop)  stop

Temporal or Causal Cause  Effect –prev(trdy)  ¬prev(stop) V stop Past Conditions  Current State –prev(trdy Λ stop)  stop

Property Representation Restricted linear time – prev(ANTECEDENT)  CONSEQUENT Consequent –Λ,V,¬, and this agents outputs variables Antecedent –Λ,V,¬, prev(), any agents output variables

Properties of Properties Separable –Only describes outputs of one agent –Eg, mutual exclusion not explicit No nondeterminism Implementable Correctness only function of own outputs

Correctness of Specifications Problems –Too strict –Too loose What we want –No implementation –No state machines –Avoid state explosion –Easy to verify

Past Solutions Model checking –Huge state explosion –What to check? Abstract representation –How abstract?

What this offers Checking specifications for correctness Generating sample outputs Proof of implementability

Checking Specifications Specification –Restricted LTL Model checker –CTL Three ‘Spell Checks’ Human written characteristics

CTL Branching time logic Logic operators –Λ,V,¬ Temporal –EX, EG, E[a U b] Derived –AX, EF, A[a U b], AF

‘Spell Check’ of a specification Dead state

‘Spell Check’ of a specification Dead state address_phase=true irdy=false trdy=true stop=false

‘Spell Check’ of a specification Under-restriction

‘Spell Check’ of a specification Vacuous property –Every property is used

Characteristic Check Characteristics –User written properties –CTL formula –Human designed Requires debugging –Reusable

Results Will see details next friday Bugs found in PCI Bugs found in Itanium bus protocol

Generator Constraint solver Traces

Sample output

Generator Find missing properties Found bug –Eg, signal must remain constant –Wasn’t discovered Nobody thought to check

Receptiveness Proof What is receptiveness? Implementability –Can the spec be implemented? Receptiveness –Can the whole spec be implemented? –Every choice?

A note Spec with dead states is implementable

Property Representation Seperability – prev(ANTECEDENT)  CONSEQUENT Consequent –Λ,V,¬, and this agents outputs variables Antecedent –Λ,V,¬, prev(), any agents output variables

Theorem Any specification with –Separability –No dead states Is receptive –Whole thing is implementable –Behaves correctly, regardless of environment

Setup of proof Mealy machine You vs Environment

Separability Other agents My choice

No dead states Other agents

This Means: My correctness doesn’t depend on other’s behavior at the current time step. I always have a choice where I will be correct.

Corollary 1: Implementability If –No dead states for anyone –Separability Exists a set of machines that implement the specification.

Corollary 2: Receptiveness If –No dead states for anyone –Separability Exists a set of agent implementations that will go to every reachable state in system.

Conclusion Debug a specification Generate a sample run Prove that it is implementable