Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva
Hardware verification Simulation 1 Start state Error state Testbenches
Hardware verification Formal Verification 2 Properties temporal logic Properties temporal logic FSM Formal model Formal Verification F – eventually G – always N – next U – until Start state Error state Manually Defined
Problem identification 3 Just data points are verified, i.e. incomplete coverage problem Very dependent on system Best suitable for small systems, in order to avoid the state explosion problem How many properties are required to guarantee 100% of design coverage? Simulation Verification Formal Verification Property P1 Property P2 Property P3
Problem identification Two main problems To cover a hundred percent of the system To automate de process Automatic property generation is indicated It is less susceptible to human error Cost and time of the project can be decreased It supports the identification of additional properties improving the system coverage 4
State-of-the-art Rogin, F.; Klotz, T.; Fey, G.; Drechsler, R.; Riilke, S. Automatic Generation of Complex Properties for Hardware Designs. Design, Automation and Test in Europe, 2008 Properties are extracted combining signals from simulation trace data High-quality properties depend of extensive system simulation 5
State-of-the-art Vasudevan, S.; Sheridan, D.; Patel, S.; Tcheng, D.; Tuohy, B.; Johnson, D. GoldMine: Automatic assertion generation using data mining and static analysis. Design, Automation & Test in Europe, 2010 The developed tool also extracts properties analyzing simulation trace data Static analysis (behavioral analysis) Data mining (knowledge and information from simulation) 6
State-of-the-art Both applied to RTL design verification They extract properties from simulation trace The quality of the properties depends of the simulation It is required high effort in testbenches elaboration 7
Property Generation State-of-the-art: Contribution The proposed approach extracts properties from state machines Avoiding the high effort in testbenches elaboration A procedure explores the state space State Machines Properties Formal verification tool Specification
Semi-automatic generation 9 algorithm propertyGeneration (states) Visit each state Identification of the next (X) operator Identification of infinite loops in a state foreach states as state … end foreach state.next as next if state != next then setNextProperty(state, state.next) else setNotLockedProperty(state) end foreach state.next as next if state != next then setNextProperty(state, state.next) else setNotLockedProperty(state) end Has a FSM as input Identification of reachable final states setReachableFinalState(state)
Automatic property generation: implementation Two tools are used to perform the verification, both from Berkeley VeriABC (LONG, J.; RAY, S.; STERIN, B.; MISHCHENKO, A.; BRAYTON, R. Enhancing ABC for LTL stabilization verification of SystemVerilog/VHDL models. 2011) ABC Model Checker ( alanmi/abc/ ) 10 VeriABC Error Trace Error Trace Proven Debug RTL + SVA AIGER ABC
Automatic property generation: implementation 11 Specification State Machines Property Generation Verification flow VeriABC Error Trace Error Trace Proven Debug RTL + SVA AIGER ABC
Results 12 idle send inc. spc inc. spc F (data_available) → X (idle,send) F(not buff_empty) → X (idle,send) F (end_sending) → X (send,inc.spc) F(not sending) → X (send, inc.spc) F (wait_data) → X (inc.spc,idle) buff_empty data_available sending end_sendingwait_data
Conclusion and future work Model checking has a coverage problem depending on the number of properties Automatic generation of properties is desirable State-of-the-arts automatic generation depend of high effort in simulation we proposed a semi-automatic generation of properties from state machines Automation the formal verification helps the acceptance in the industrial process 13
Conclusion and future work To improve the heuristic to define and filter the properties To verify other modules of the UTMC 14