Automated Refinement Checking of Concurrent Systems Sudipta Kundu, Sorin Lerner, Rajesh Gupta Department of Computer Science and Engineering, University.

Slides:

Advertisements

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

Advertisements

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.

Sugar 2.0 Formal Specification Language D ana F isman 1,2 Cindy Eisner 1 1 IBM Haifa Research Laboratory 1 IBM Haifa Research Laboratory 2 Weizmann Institute.

Technische universität dortmund fakultät für informatik informatik 12 Discrete Event Models Peter Marwedel TU Dortmund, Informatik 12 Germany

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Technische universität dortmund fakultät für informatik informatik 12 Discrete Event Models Jian-Jia Chen (slides are based on Peter Marwedel) TU Dortmund,

Lecture 24 MAS 714 Hartmut Klauck

EECE **** Embedded System Design

ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.

Computer Design Aided Computer Design Aided Fujita Lab, University of Tokyo Equivalence Checking in C-based System-Level Design by Sequentializing Concurrent.

Applying Petri Net Unfoldings for Verification of Mobile Systems Apostolos Niaouris Joint work with V. Khomenko, M. Koutny MOCA ‘06.

SpecC and SpecCharts Reviewed and Presented by Heemin Park and Eric Kwan EE202A - Fall 2001 Professor Mani Srivastava.

Model Checking : Making Automatic Formal Verification Scale Shaz Qadeer EECS Department University of California at Berkeley.

Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.

6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.

1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.

Symmetry-Aware Predicate Abstraction for Shared-Variable Concurrent Programs Alastair Donaldson, Alexander Kaiser, Daniel Kroening, and Thomas Wahl Computer.

Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Automatically Proving the Correctness of Compiler Optimizations Sorin Lerner Todd Millstein Craig Chambers University of Washington.

Behavioral Design Outline –Design Specification –Behavioral Design –Behavioral Specification –Hardware Description Languages –Behavioral Simulation –Behavioral.

Spec-C, Handel-C, SystemC : A Comparative Study By: Nikola Rank 13 March 2006.

Center for Embedded Computer Systems Dynamic Conditional Branch Balancing during the High-Level Synthesis of Control-Intensive.

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

Partial Order Reduction for Scalable Testing of SystemC TLM Designs Sudipta Kundu, University of California, San Diego Malay Ganai, NEC Laboratories America.

Validating High-Level Synthesis Sudipta Kundu, Sorin Lerner, Rajesh Gupta Department of Computer Science and Engineering, University of California, San.

Models of Computation for Embedded System Design Alvise Bonivento.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

From last time S1: l := new Cons p := l S2: t := new Cons *p := t p := t l p S1 l p tS2 l p S1 t S2 l t S1 p S2 l t S1 p S2 l t S1 p L2 l t S1 p S2 l t.

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

Formal verification Marco A. Peña Universitat Politècnica de Catalunya.

Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

Petros OikonomakosBashir M. Al-Hashimi Mark Zwolinski Versatile High-Level Synthesis of Self-Checking Datapaths Using an On-line Testability Metric Electronics.

Course Outline DayContents Day 1 Introduction Motivation, definitions, properties of embedded systems, outline of the current course How to specify embedded.

Institute for Applied Information Processing and Communications 1 Karin Greimel Semmering, Open Implication.

Compositional IS Development Framework Application Domain Application Domain Pre-existing components, legacy systems Extended for CD (ontologies) OAD Methods.

Using Mathematica for modeling, simulation and property checking of hardware systems Ghiath AL SAMMANE VDS group : Verification & Modeling of Digital systems.

Model-based Methods for Web Service Verification.

1 Program Correctness CIS 375 Bruce R. Maxim UM-Dearborn.

Extreme Makeover for EDA Industry

Introduction to Formal Methods Based on Jeannette M. Wing. A Specifier's Introduction to Formal Methods. IEEE Computer, 23(9):8-24, September,

Array Synthesis in SystemC Hardware Compilation Authors: J. Ditmar and S. McKeever Oxford University Computing Laboratory, UK Conference: Field Programmable.

Fast Simulation Techniques for Design Space Exploration Daniel Knorreck, Ludovic Apvrille, Renaud Pacalet

1 Checking Interaction Consistency in MARMOT Component Refinements Yunja Choi School of Electrical Engineering and Computer Science Kyungpook National.

Xiaosong Lu Togashi Laboratory Department of Computer Science Shizuoka University Ａｐｒｉｌ 1999 Specification and Verification of Hierarchical Reactive Systems.

A flexible simulator for control- dominated distributed real-time systems Johannes Petersson IDA/SaS/ESLAB Johannes Petersson IDA/SaS/ESLAB Master’s Thesis.

Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.

HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.

Verification of Behavioral Consistency in C by Using Symbolic Simulation and Program Slicer Takeshi Matsumoto Thanyapat Sakunkonchak Hiroshi Saito Masahiro.

Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.

Compositional Verification for System-on-Chip Designs SRC Student Symposium Paper 16.5 Nishant Sinha Edmund Clarke Carnegie Mellon University.

Hardware/Software Co-Design of Complex Embedded System NIKOLAOS S. VOROS, LUIS SANCHES, ALEJANDRO ALONSO, ALEXIOS N. BIRBAS, MICHAEL BIRBAS, AHMED JERRAYA.

Proving Optimizations Correct using Parameterized Program Equivalence University of California, San Diego Sudipta Kundu Zachary Tatlock Sorin Lerner.

Credible Compilation With Pointers Martin Rinard and Darko Marinov Laboratory for Computer Science Massachusetts Institute of Technology.

Digital System Design An Introduction to Verilog® HDL

Mechanical Certification of Loop Pipelining Transformations: A Preview

2. Specification and Modeling

ISA 763 Security Protocol Verification

IP – Based Design Methodology

Concurrent Depth-First Search Algorithms

Model Checking for an Executable Subset of UML

Process Calculus.

Programming Languages 2nd edition Tucker and Noonan

A Refinement Calculus for Promela

Digital Designs – What does it take

Programming Languages 2nd edition Tucker and Noonan

Presentation transcript:

Automated Refinement Checking of Concurrent Systems Sudipta Kundu, Sorin Lerner, Rajesh Gupta Department of Computer Science and Engineering, University of California, San Diego

2 Power Perfor mance Area Hardware Design Methodology Algorithmic Description RTL Description Functionally Equivalent Behavior Description Functionally Equivalent Functionally Equivalent Controller S0 S1 S2S3 S4 f !f Data path …. x = a * b; c = a < b; if (c) then a = b – x; else a = b + x; a = a + x; b = b * x; ….  C/C++, SystemC  Verilog, VHDL High Level Synthesis

3 The Model Properties of interest: Concurrency Visible events Model both the specification and implementation Formal semantics Various modeling languages Process Algebra [CSP, CCS] Petri Nets SpecC/SystemC

4 The Problem CSP Program (Specification) Transformed CSP Program (Implementation) Refinements (Trace) Refinement Checker

5 Previous Work Manual Semi Automatic Fully Automatic Infinite Finite Level of Automation State Space Relational Approach [Josephs 88] FDR Model Checker [FDR 05, Roscoe 95] Interactive Theorem Provers [Dutertre 97] [Tej 97] [Isobe 05] Our Approach Inspired by translation validation [Necula 00] [Pnueli 98] Previous work in Refinement Checking of CSP programs

6 Outline 1.Motivation and Problem definition 2.Algorithms Checking Algorithm Inference Algorithm 3.Experiments and Results 4.Conclusion

7 An Example of Refinement left Link right Specification: v14*v1 v14*v1 2*v1 Implementation: sendrecv mid ack right left v1 2*v1

8 A relation R that matches a given program state in the implementation with the corresponding state in the specification. The simulation relation is a set of entries of the form (p 1, p 2, Ф). p 1 – program point in Specification p 2 – program point in Implementation Ф – formula that relates the data CFGs for the Example Specification left?a w:=a*4 right!w Link Implementation | left?x y:=x*2 ack?_ SendRecv mid!y mid?u z:=u*2 ack!1 right!z Split state space in two parts: control flow state, which is finite. => explored by traversing the CFG dataflow state, which may be infinite. => explored using Automated Theorem Prover (ATP) a == x True w == z Simulation Relation

9 Checking Algorithm Specification Implementation left?a w:=a*4 right!w Link | left?x y:=x*2 ack?_ SendRecv mid!y mid?u z:=u*2 ack!1 right!z C2: a == x C3: w == z C1: True SpecImpl C1: True left ? aleft ? x C2: a == x SpecImpl C2: a == x w = a*4 y = x*2 u = y (mid?u :: mid!y) z = u*2 C3: w == z SpecImpl C3: w == z right!wright!z left?a _ = 1 left?x C2: a == x ATP[C1 => WP(C2)] ATP[(C2) => WP(C3)] ATP[(C3) => WP(C2)]

10 Outline 1.Motivation and Problem definition 2.Algorithms Checking Algorithm Inference Algorithm 3.Experiments and Results 4.Conclusion

11 Inference Algorithm It works in two steps. Forward pass: collect local condition for externally visible events to be matched. Backward pass: propagate local conditions backward, using weakest preconditions. May not terminate Loops - iterate to a fixed point In practice it can find the required simulation relation.

12 Inference Algorithm: Forward Pass SpecImpl C1 -> C2 Specification left?a w:=a*4 right!w Link Implementation | left?x y:=x*2 ack?_ SendRecv mid!y mid?u z:=u*2 ack!1 right!z w = a*4 y = x*2 u = y z = u*2 right!wright!z left?a _ = 1 left?x left ? aleft ? x C1 C2 C3: w == z C2 -> C3 C3 -> C2

13 Inference Algorithm: Backward Pass SpecImpl Specification left?a w:=a*4 right!w Link Implementation | left?x y:=x*2 ack?_ SendRecv mid!y mid?u z:=u*2 ack!1 right!z w = a*4 y = x*2 u = y z = u*2 right!wright!z left?a _ = 1 left?x left ? aleft ? x C1: True C2: True C3: w == z C2: True C2: a == x C1: True C3: w == z ATP[C2 -> WP(C3)] C2: C2 & WP(C3) ATP[C3 -> WP(C2)] ATP[C1 -> WP(C2)]

14 Outline 1.Motivation and Problem definition 2.Algorithms Checking Algorithm Inference Algorithm 3.Experiments and Results 4.Conclusion

15 Prototype Implementation - ARCCoS CSP Specification CSP Specification Front End Parser Specification (CFG) CSP Implementation CSP Implementation Implementation (CFG) Automated Theorem Prover (Simplify) ARCCoSARCCoS Simulation Relation Simulation Relation Inference Engine Partial Order Reduction Engine Checking Engine

16 Results from ARCCoS Descriptions#ProcessTime (no PO) (min:sec) Time (PO) (min:sec) SpecImplTotal Simple buffer34700:00 Simple vending machine11200:00 Cyclic scheduler33601:0100:49 College student tracking system12300:01 Single communication link381100:01 2 parallel communication links :2800:04 3 parallel communication links :5200:21 4 parallel communication links122032DNT01:11 5 parallel communication links152439DNT02:32 6 parallel communication links182846DNT08:29 7 parallel communication links213253DNT37:28 Hardware refinement35800:00 EP2 System12301:5101:47

17 Outline 1.Motivation and Problem definition 2.Algorithms Checking Algorithm Inference Algorithm 3.Experiments and Results 4.Conclusion

18 Conclusion and Future Directions We have presented an automated algorithm for checking trace refinement of CSP programs that has infinite state spaces. Checking Algorithm Inference Algorithm The work presented here is only the first step in a broader research plan whose goal is to check the refinement of SystemC.

19 Thank You