Verification of Synchronization in SpecC Description with the Use of Difference Decision Diagrams Thanyapat Sakunkonchak Masahiro Fujita Department of.

Slides:



Advertisements
Similar presentations
Masahiro Fujita Yoshihisa Kojima University of Tokyo May 2, 2008
Advertisements

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Computer Design Aided Computer Design Aided Fujita Lab, University of Tokyo Equivalence Checking in C-based System-Level Design by Sequentializing Concurrent.
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
High Level Languages: A Comparison By Joel Best. 2 Sources The Challenges of Synthesizing Hardware from C-Like Languages  by Stephen A. Edwards High-Level.
The LC-3 – Chapter 6 COMP 2620 Dr. James Money COMP
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
Automatic Predicate Abstraction of C-Programs T. Ball, R. Majumdar T. Millstein, S. Rajamani.
ISBN Chapter 3 Describing Syntax and Semantics.
Symmetry-Aware Predicate Abstraction for Shared-Variable Concurrent Programs Alastair Donaldson, Alexander Kaiser, Daniel Kroening, and Thomas Wahl Computer.
Efficient Software Performance Estimation Methods for Hardware/Software Codesign Kei Suzuki Alberto Sangiovanni-Vincentelli Present: Yanmei Li.
1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.
A High Performance Application Representation for Reconfigurable Systems Wenrui GongGang WangRyan Kastner Department of Electrical and Computer Engineering.
SAT-Based Decision Procedures for Subsets of First-Order Logic
CS 267: Automated Verification Lectures 14: Predicate Abstraction, Counter- Example Guided Abstraction Refinement, Abstract Interpretation Instructor:
Environments and Evaluation
Predicate Abstraction for Software and Hardware Verification Himanshu Jain Model checking seminar April 22, 2005.
Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.
Computing Over­Approximations with Bounded Model Checking Daniel Kroening ETH Zürich.
1 Abstraction Refinement for Bounded Model Checking Anubhav Gupta, CMU Ofer Strichman, Technion Highly Jet Lagged.
Describing Syntax and Semantics
Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
CSC2108 Lazy Abstraction on Software Model Checking Wai Sum Mong.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Verification and Validation Yonsei University 2 nd Semester, 2014 Sanghyun Park.
7/13/2003BMC A SAT-Based Approach to Abstraction Refinement in Model Checking Bing Li, Chao Wang and Fabio Somenzi University of Colorado at Boulder.
SOFTWARE DESIGN AND ARCHITECTURE LECTURE 21. Review ANALYSIS PHASE (OBJECT ORIENTED DESIGN) Functional Modeling – Use case Diagram Description.
1 Automatic Refinement and Vacuity Detection for Symbolic Trajectory Evaluation Orna Grumberg Technion Haifa, Israel Joint work with Rachel Tzoref.
Author: Graham Hughes, Tevfik Bultan Computer Science Department, University of California, Santa Barbara, CA 93106, USA Source: International Journal.
Yang Liu, Jun Sun and Jin Song Dong School of Computing National University of Singapore.
Chapter 6 Programming Languages (2) Introduction to CS 1 st Semester, 2015 Sanghyun Park.
Inferring Specifications to Detect Errors in Code Mana Taghdiri Presented by: Robert Seater MIT Computer Science & AI Lab.
1 Generating FSMs from Abstract State Machines Wolfgang Grieskamp Yuri Gurevich Wolfram Schulte Margus Veanes Foundations of Software Engineering Microsoft.
On Reducing the Global State Graph for Verification of Distributed Computations Vijay K. Garg, Arindam Chakraborty Parallel and Distributed Systems Laboratory.
ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.
Predicate Abstraction of ANSI-C Programs Using SAT By Edmund Clarke, Daniel Kroening, Natalia Sharygina, Karen Yorav Presented by Yunho Kim Provable Software.
Introduction to Problem Solving. Steps in Programming A Very Simplified Picture –Problem Definition & Analysis – High Level Strategy for a solution –Arriving.
Muhammad Idrees Lecturer University of Lahore 1. Outline Introduction The General Problem of Describing Syntax Formal Methods of Describing Syntax Attribute.
A Framework on Synchronization Verification in System-Level Design Thanyapat Sakunkonchak Satoshi Komatsu Masahiro Fujita Fujita Laboratory University.
Integrating high-level constructs into programming languages Language extensions to make programming more productive Underspecified programs –give assertions,
Convergence of Model Checking & Program Analysis Philippe Giabbanelli CMPT 894 – Spring 2008.
1 Embedded Computer System Laboratory Systematic Embedded Software Gerneration from SystemC.
Proving Non-Termination Gupta, Henzinger, Majumdar, Rybalchenko, Ru-Gang Xu presentation by erkan.
Author: Alex Groce, Daniel Kroening, and Flavio Lerda Computer Science Department, Carnegie Mellon University Pittsburgh, PA Source: R. Alur and.
Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.
Verification & Validation By: Amir Masoud Gharehbaghi
Verifying Programs with BDDs Topics Representing Boolean functions with Binary Decision Diagrams Application to program verification class-bdd.ppt
Reasoning about the Behavior of Semantic Web Services with Concurrent Transaction Logic Presented By Dumitru Roman, Michael Kifer University of Innsbruk,
Verification of Behavioral Consistency in C by Using Symbolic Simulation and Program Slicer Takeshi Matsumoto Thanyapat Sakunkonchak Hiroshi Saito Masahiro.
1 Proving program termination Lecture 5 · February 4 th, 2008 TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A.
Model Checking Lecture 1. Model checking, narrowly interpreted: Decision procedures for checking if a given Kripke structure is a model for a given formula.
CS357 Lecture 13: Symbolic model checking without BDDs Alex Aiken David Dill 1.
CHARME’03 Predicate abstraction with Minimum Predicates Sagar Chaki*, Ed Clarke*, Alex Groce*, Ofer Strichman** * Carnegie Mellon University ** Technion.
Boolean Programs: A Model and Process For Software Analysis By Thomas Ball and Sriram K. Rajamani Microsoft technical paper MSR-TR Presented by.
Model Checking Lecture 1: Specification Tom Henzinger.
1 Compiler Construction Vana Doufexi office CS dept.
Finding bugs with a constraint solver daniel jackson. mandana vaziri mit laboratory for computer science issta 2000.
Counterexample-Guided Abstraction Refinement By Edmund Clarke, Orna Grumberg, Somesh Jha, Yuan Lu, and Helmut Veith Presented by Yunho Kim Provable Software.
Presentation Title 2/4/2018 Software Verification using Predicate Abstraction and Iterative Refinement: Part Bug Catching: Automated Program Verification.
Abstraction and Refinement for Large Scale Model Checking
SS 2017 Software Verification Bounded Model Checking, Outlook
Over-Approximating Boolean Programs with Unbounded Thread Creation
Thanyapat Sakunkonchak Masahiro Fujita
Synchronization Verification in System-Level Design with ILP Solvers
Predicate Abstraction
Verifying Programs with BDDs Sept. 22, 2006
Presentation transcript:

Verification of Synchronization in SpecC Description with the Use of Difference Decision Diagrams Thanyapat Sakunkonchak Masahiro Fujita Department of Electronic Engineering University of Tokyo

FDL'02 Sep.26T. Sakunkonchak and M. Fujita2Content Introduction Introduction Background Background Verification Flows Verification Flows Experimental Results Experimental Results Conclusion and Outlook Conclusion and Outlook

FDL'02 Sep.26T. Sakunkonchak and M. Fujita3Introduction More and more complex and larger VLSI must be designed with shorter time-to-market More and more complex and larger VLSI must be designed with shorter time-to-market SoC needs simultaneous development of both HW and SW SoC needs simultaneous development of both HW and SW Needs ways to describe HW/SW seamlessly Needs ways to describe HW/SW seamlessly C-based specification/design languages are promising C-based specification/design languages are promising SpecC [ SpecC [ Standardized for HW/SW co-design Standardized for HW/SW co-design Based on ANSI-C and extended Based on ANSI-C and extended

FDL'02 Sep.26T. Sakunkonchak and M. Fujita4Content Introduction Introduction Background Background Verification Flows Verification Flows Experimental Results Experimental Results Conclusion and Outlook Conclusion and Outlook

FDL'02 Sep.26T. Sakunkonchak and M. Fujita5 Synchronization in SpecC Two processes a, b are running in parallel Two processes a, b are running in parallel par a.main(); b.main(); par a.main(); b.main(); a: a: b: b: Without scheduling (synchronization), ambiguous results may happen Without scheduling (synchronization), ambiguous results may happen st1->st2->st3 st1->st2->st3 st3->st1->st2 ? st3->st1->st2 ? st1->st3->st2 st1->st3->st2 Any orderings are allowed !

FDL'02 Sep.26T. Sakunkonchak and M. Fujita6 Synchronization in SpecC Ambiguous results on y causing from x = 10; /*st1*/ x = 20; /*st3*/ y = 20 (always)

FDL'02 Sep.26T. Sakunkonchak and M. Fujita7 Synchronization in SpecC (cont.) Ambiguous results on y causing from x = 10; /*st1*/ x = 20; /*st3*/ Tas=Tbs, Tae=Tbe Tas=Tbs, Tae=Tbe Tas<=T1s<T1e<=T2s<T2e<=Tas Tas<=T1s<T1e<=T2s<T2e<=Tas Tbs<=T3s<T3e<=Tbe Tbs<=T3s<T3e<=Tbe

FDL'02 Sep.26T. Sakunkonchak and M. Fujita8 Synchronization in SpecC (cont.) y = 20 (always) Tas=Tbs, Tae=Tbe Tas=Tbs, Tae=Tbe Tas<=T1s<T1e<=T2s<T2e<=Tas Tas<=T1s<T1e<=T2s<T2e<=Tas Tbs<=T3s<T3e<=Tbe Tbs<=T3s<T3e<=Tbe T2e<=T3s T2e<=T3s

FDL'02 Sep.26T. Sakunkonchak and M. Fujita9 The verification problem Given SpecC programs, check if specific ordering of executions are guaranteed or not Given SpecC programs, check if specific ordering of executions are guaranteed or not Along with well-accepted Boolean comparison techniques for logic designs, this could be a basic verification method to check if sequential and parallel version of the same SpecC are equivalent or not Along with well-accepted Boolean comparison techniques for logic designs, this could be a basic verification method to check if sequential and parallel version of the same SpecC are equivalent or not (Sequential) C Sequential SpecC Parallel SpecC Equivalence checking

FDL'02 Sep.26T. Sakunkonchak and M. Fujita10 Boolean Program Proposed by Ball and Rajamani under SLAM project at Microsoft Research Proposed by Ball and Rajamani under SLAM project at Microsoft Research Think of SW like a model (like FSM in HW) and verify it by first abstracting away unnecessary statements with user-defined predicates Think of SW like a model (like FSM in HW) and verify it by first abstracting away unnecessary statements with user-defined predicates BP abstracts the original program: BP abstracts the original program: if properties on BP hold, so as original one

FDL'02 Sep.26T. Sakunkonchak and M. Fujita11 Our Boolean SpecC based on the original Boolean program is a subset of original program is a subset of original program ‘if-else’ conditions are replaced by proportional vars. e.g. if(x if(c0) ‘if-else’ conditions are replaced by proportional vars. e.g. if(x if(c0) Statements other than ‘notify/wait’ and ‘if’, (ones that don’t effect the sync.) are abstracted away (abstract unnecessary info.) Statements other than ‘notify/wait’ and ‘if’, (ones that don’t effect the sync.) are abstracted away (abstract unnecessary info.) Only for verification of synchronization Only for verification of synchronization

FDL'02 Sep.26T. Sakunkonchak and M. Fujita12 Difference Decision Diagrams ( DDD ) Introduce by M Φ ller, et al. Introduce by M Φ ller, et al. Symbolic representation of ‘non-boolean’, such as inequality: less efficient if using BDD Symbolic representation of ‘non-boolean’, such as inequality: less efficient if using BDD DDD represents difference constraints (x- y≤c), x,y are integers, c is constant DDD represents difference constraints (x- y≤c), x,y are integers, c is constant Represents graph for ¬(x−z<1)Λ(x−y≤0)Λ(y−z≤2)

FDL'02 Sep.26T. Sakunkonchak and M. Fujita13Content Introduction Introduction Background Background Verification Flows Verification Flows Experimental Results Experimental Results Conclusion and Outlook Conclusion and Outlook

FDL'02 Sep.26T. Sakunkonchak and M. Fujita14 Verification Flows Goals: Goals: Check whether given SpecC codes (with ‘par’, ‘notify/wait’) are properly synchronized Check whether given SpecC codes (with ‘par’, ‘notify/wait’) are properly synchronized If checking fails, counter-examples should be generated (trace to source of errors) If checking fails, counter-examples should be generated (trace to source of errors) Based on: Based on: Boolean SpecC, DDD, SVC, Program Slicing,... Boolean SpecC, DDD, SVC, Program Slicing,...

FDL'02 Sep.26T. Sakunkonchak and M. Fujita15 Verification Flows(1) Yes SpecC Source Program Boolean SpecC C++ with DDD Parsed & Translated (1) Parsed & Translated (2) Verify: PASS? Users add some properties to be check Synchronization is SATISFIED Verification of SpecC synchronization Verifying Stage: (current implementation) SpecC source is parsed and translated into Boolean SpecC and then to C++ accompanied with DDD. Then, check for synchronization whether it is satisfied. If it is, terminates with SATISFIED. Otherwise, go to the next stage. No

FDL'02 Sep.26T. Sakunkonchak and M. Fujita16

FDL'02 Sep.26T. Sakunkonchak and M. Fujita17 Verification Flows(1) Yes SpecC Source Program Boolean SpecC C++ with DDD Parsed & Translated (1) Parsed & Translated (2) Verify: PASS? Users add some properties to be check Synchronization is SATISFIED Verification of SpecC synchronization Verifying Stage: (current implementation) SpecC source is parsed and translated into Boolean SpecC and then to C++ accompanied with DDD. Then, check for synchronization whether it is satisfied. If it is, terminates with SATISFIED. Otherwise, go to the next stage. No

FDL'02 Sep.26T. Sakunkonchak and M. Fujita18 From Boolean SpecC to C++ with DDD Header Branching func. for DDD Declare timing variables Setup DDD graphs Verify

FDL'02 Sep.26T. Sakunkonchak and M. Fujita19 Verification Flows(1) Yes SpecC Source Program Boolean SpecC C++ with DDD Parsed & Translated (1) Parsed & Translated (2) Verify: PASS? Users add some properties to be check Synchronization is SATISFIED Verification of SpecC synchronization Verifying Stage: (current implementation) SpecC source is parsed and translated into Boolean SpecC and then to C++ accompanied with DDD. Then, check for synchronization whether it is satisfied. If it is, terminates with SATISFIED. Otherwise, go to the next stage. No

FDL'02 Sep.26T. Sakunkonchak and M. Fujita20 Verification Flows(2) No Not realizableRealizable Verify Condition on Ci PASS? Refinement Program Slicing SVC NO COUNTER-EXAMPLEDON’T KNOWCOUNTER-EXAMPLE Verification of SpecC synchronization Counter-example & Refinement Stage: (on-going work) ‘SVC’ and ‘Program Slicing’ may be considered to help verifying and refining the condition of predicate Ci. If it is not realizable, it means that the result is concrete enough to use as the COUNTER- EXAMPLE. UNSATISFIED when it is realizable, and DON’T KNOW, otherwise. …

FDL'02 Sep.26T. Sakunkonchak and M. Fujita21Content Introduction Introduction Background Background Verification Flows Verification Flows Experimental Results Experimental Results Conclusion and Outlook Conclusion and Outlook

FDL'02 Sep.26T. Sakunkonchak and M. Fujita22 Verification Results Sleeping barber problem Sleeping barber problem barber customer empty chair barber chair barber: finished cutting->call customer barber: no customer->wait customer: barber wait->has hair cut customer: chairs occupied->come again customer: a chair empty->wait

FDL'02 Sep.26T. Sakunkonchak and M. Fujita23

FDL'02 Sep.26T. Sakunkonchak and M. Fujita24 Verification Results All take only a couple of seconds to verify All take only a couple of seconds to verify

FDL'02 Sep.26T. Sakunkonchak and M. Fujita25Content Introduction Introduction Background Background Verification Flows Verification Flows Experimental Results Experimental Results Conclusion and Outlook Conclusion and Outlook

FDL'02 Sep.26T. Sakunkonchak and M. Fujita26 Conclusion and Outlook(1) Verification of sync. in SpecC is introduced Verification of sync. in SpecC is introduced Boolean SpecC & DDD are accompanied for abstraction and helping verification Boolean SpecC & DDD are accompanied for abstraction and helping verification Current implementation: Current implementation: Can handle basic SpecC constructs only Can handle basic SpecC constructs only Able to get some properties to be checked Able to get some properties to be checked Verify for Satisfied or Unsatisfied (no error trace): “Don’t know” is don’t know (no support) Verify for Satisfied or Unsatisfied (no error trace): “Don’t know” is don’t know (no support)

FDL'02 Sep.26T. Sakunkonchak and M. Fujita27 Conclusion and Outlook(2) Future plan: Future plan: When verification fails, try to give the counter-examples (error trace) When verification fails, try to give the counter-examples (error trace) Based on error traces, plan to develop automatic “refinement of abstractions” Based on error traces, plan to develop automatic “refinement of abstractions” Expand capability to support more complex SpecC structure, e.g. loop, functions, recursive Expand capability to support more complex SpecC structure, e.g. loop, functions, recursive

FDL'02 Sep.26T. Sakunkonchak and M. Fujita28 Future plan (cont.) No Not realizableRealizable Verify Condition on Ci PASS? Refinement Program Slicing SVC NO COUNTER-EXAMPLEDON’T KNOWCOUNTER-EXAMPLE Verification of SpecC synchronization Counter-example & Refinement Stage: (on-going work) ‘SVC’ and ‘Program Slicing’ may be considered to help verifying and refining the condition of predicate Ci. If it is not realizable, it means that the result is concrete enough to use as the COUNTER- EXAMPLE. UNSATISFIED when it is realizable, and DON’T KNOW, otherwise. … Automatic

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.