Presentation is loading. Please wait.

Presentation is loading. Please wait.

Formal verification Marco A. Peña Universitat Politècnica de Catalunya.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Formal verification Marco A. Peña Universitat Politècnica de Catalunya."— Presentation transcript:

1 Formal verification Marco A. Peña Universitat Politècnica de Catalunya

2 Outline l Motivation l Simulation l Formal verification –Theorem proving –Model checking l State space exploration l Formal verification with relative timing l Conclusions

3 Motivation

4 Motivation: the problem l System’s complexity: continuous growth is scale and functionality l Probability to introduce design errors increases l System failures are unacceptable: –Software: cost of update, credibility, etc. –Embedded software: no update possible –Hardware: high cost of fabrication/replacement –Safety-critical systems: catastrophic consequences l Delay in time-to-market, loss of money and human lives!!

5 Motivation: examples l 1994: Floating point divider unit of Pentium microprocessor –Bug in the implementation of the division algorithm –475 million US $ l 1996: Launch failure of Ariane 5 rocket –Wrong data type conversion when computing altitude –Explosion 36 minutes after lunch l 1986: Challenger space shuttle –… l What else?

6 Motivation: where do bugs come from? l Incorrect specifications l Misinterpretation of specifications l Misunderstandings between designers l Missed cases l Protocol non-conformance l And a long etcetera.

7 Motivation: what to do? l Develop methods to ensure systems reliability l Detect and fix bugs at the early stages of the design flow l Verification: –General bug-finding techniques. –Usually simulation. l Formal verification: –Methods for 100% bug coverage. –Use mathematical formalisms (logics, automata, etc.) and techniques to reason about the correctness of a system.

8 Simulation

9 l Predominant verification method: intuitive idea l Construction of test-cases: manually, randomly, etc. l “Heisenbug” paradigm: when trying to reproduce a bug it never shows up l Example: (x+1) 2 = x 2 + 2x +1 ?

10 Simulation l Example: –Concurrent processes A and B –Events happen concurrently every 10 10 operation cycles l Process A....... X := X + 1....... l Process B....... X := X - 1....... Precondition X = 0 Postcondition X = 1 (!)

11 Simulation: typical experience Time Functional testing PurgatoryProduct in the market Bugs found

12 Formal verification

13 l Ensures consistency with specification for all possible input patterns: exhaustive coverage l Requires: –Formal model of the system –Formal specification language: properties –Reasoning method l Main strategies: –Theorem proving –Model checking

14 Formal verification l Example: (x+1) 2 = x 2 + 2x +1 ?

15 Formal verification: theorem proving l Implementation and specification: formulas in some mathematical logic l Deep knowledge of the formalisms and proof techniques l The prover is often human l Useful for: arithmetic algorithms, etc.

16 Formal verification: theorem proving l Major drawbacks: no guarantee of a proof, complexity of the proof, no counterexample, … l Some impressive results: –AMD K7 floating point unit –Combined with model checking: Intel P4 instruction decoder l Few automatic tools exist l Not a general solution: –Too expert human interaction –Only for small problems or niche applications

17 Formal verification: model checking l The checker enumerates all the states of the system l Finite state space, but combinatorial explosion ! l Symbolic methods, partial orders, abstractions, etc. l Several automatic tools and success stories exist

18 Formal verification: model checking l Gaining acceptance but not yet widely used l Major drawbacks: state explosion problem and tools difficult to use for designers l Commercial tools start to appear: Abstract, Chrysalis, IBM, Lucent, Verysys, … l Companies have increasing interest: IBM, Intel, AT&T, etc.  Oportunity! l Not a general solution: –Combination with theorem proving –Combination with semi-formal strategies

19 State space exploration

20 l Combinatorial explosion l Symbolic representations: BDDs

21 State space exploration Some states do not exist, but …

22 State space exploration Time incorporates a new source of exponentiality !!

23 Formal verification with Relative Timing

24 Verification approach: main features l Model checking-like approach for timed systems l Iterative incremental refinement of the untimed state space by: –Off-line timing analysis on small acyclic graphs, and –Incorporation of Relative Timing constraints l Verification of temporal safety properties l BDD-based symbolic representation: large untimed state spaces l Backannotation: sufficient relative timing constraints for correctness are reported, or counterexample trace

25 Verification approach: system model l Timed Transition Systems: Transition System + delay bounds

26 Verification approach

27

28

29

30

31

32

33 Symbolic state space exploration and failure detection Verification approach

34 Failure states Failure trace Event structure x a b c g d Timing analysis Composition Verification approach [1,2] [3,4] [1,2]

35 Failure trace Event structure x a b c g d Timing analysis Composition Verification approach [1,2] [3,4] [1,2]

36 Verification approach: flow

37 Conclusions

38 Size of the system (state bits) Probability of verification Research Real systems 110100 10 3 10 4 10 5 10 6 10 7 100%

39 Conclusions: research l Research in Spain: University –PhD programs, FI/FPI grants –Possible stages in foreign universities/companies l Verification teams in companies grow much faster than design teams: oportunity! l Companies and research centers: –USA and Europe –PhD required

40 Conclusions: collaboration, projects,… l Long list of open problems: –Real case studies: circuits, protocols, etc. –Implementations of other techniques for comparison –Parallel implementations: clusters, etc. –Combination of techniques: formal and semi-formal, etc. –…

Download ppt "Formal verification Marco A. Peña Universitat Politècnica de Catalunya."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
A Survey of Runtime Verification Jonathan Amir 2004.

A Survey of Runtime Verification Jonathan Amir 2004.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Promising Directions in Hardware Design Verification Shaz Qadeer Serdar Tasiran Compaq Systems Research Center.

Promising Directions in Hardware Design Verification Shaz Qadeer Serdar Tasiran Compaq Systems Research Center.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Timed Automata.

Timed Automata.
What are Formal Verification Methods Mathematically based languages, techniques and tools for specifying and verifying systems Language – Clear unambiguous.

What are Formal Verification Methods Mathematically based languages, techniques and tools for specifying and verifying systems Language – Clear unambiguous.
Model Checking : Making Automatic Formal Verification Scale Shaz Qadeer EECS Department University of California at Berkeley.

Model Checking : Making Automatic Formal Verification Scale Shaz Qadeer EECS Department University of California at Berkeley.
B. Sharma, S.D. Dhodapkar, S. Ramesh 1 Assertion Checking Environment (ACE) for Formal Verification of C Programs Babita Sharma, S.D.Dhodapkar RCnD, BARC,

B. Sharma, S.D. Dhodapkar, S. Ramesh 1 Assertion Checking Environment (ACE) for Formal Verification of C Programs Babita Sharma, S.D.Dhodapkar RCnD, BARC,
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.
Software Failure: Reasons Incorrect, missing, impossible requirements * Requirement validation. Incorrect specification * Specification verification. Faulty.

Software Failure: Reasons Incorrect, missing, impossible requirements * Requirement validation. Incorrect specification * Specification verification. Faulty.
6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.

6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.
Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (www.dcs.warwick.ac.uk/~doron/notes.html)

Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (
Teaching MC to Undergrads. Abhik Roychoudhury National University of Singapore.

Teaching MC to Undergrads. Abhik Roychoudhury National University of Singapore.
Demonstration Of SPIN By Mitra Purandare

Demonstration Of SPIN By Mitra Purandare
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Similar presentations

Ads by Google