Semi-automatic Property Generation for the Formal
Verification of a Satellite On-board System
Wesley Gonçalves Silva
Hardware verification
Simulation
2
Start state Error stateTestbenches
Hardware verification
Formal Verification
3
Propertiestemporal logic
FSM
Formal model
Formal Verification
F – eventuallyG – alwaysN – nextU – until Start state Error state
ManuallyDefined
Problem identification 4
Just data points are verified, i.e. incomplete coverage problem
Very dependent on system
Best suitable for small systems, in order to avoid the state explosion problem
How many properties are required to guarantee 100% of design coverage?
Simulation Verification Formal VerificationProperty P1
Property P2
Property P3
Problem identification
Two main problems
To cover a hundred percent of the system
To automate de process
Automatic property generation is indicated
It is less susceptible to human error
Cost and time of the project can be decreased
It supports the identification of additional properties
improving the system coverage
5
State-of-the-art
Rogin, F.; Klotz, T.; Fey, G.; Drechsler, R.; Riilke, S.
Automatic Generation of Complex Properties for
Hardware Designs. Design, Automation and Test in
Europe, 2008
Properties are extracted combining signals from
simulation trace data
High-quality properties depend of extensive system
simulation
6
State-of-the-art
Vasudevan, S.; Sheridan, D.; Patel, S.; Tcheng, D.;
Tuohy, B.; Johnson, D. GoldMine: Automatic assertion
generation using data mining and static
analysis. Design, Automation & Test in Europe, 2010
The developed tool also extracts properties analyzing
simulation trace data
Static analysis (behavioral analysis)
Data mining (knowledge and information from simulation)
7
State-of-the-art
Both applied to RTL design verification
They extract properties from simulation trace
The quality of the properties depends of the
simulation
It is required high effort in testbenches elaboration
8
Property Generation
State-of-the-art: ContributionState-of-the-art: Contribution
The proposed approach
extracts properties from
state machines
Avoiding the high effort in
testbenches elaboration
A procedure explores
the state space
State Machines
Properties
Formal verification tool
Specification
Semi-automatic generation 10
algorithm propertyGeneration (states)
Visit each state
Identification of the next (X) operator
Identification of infinite loops in a state
foreach states as state…
end
foreach state.next as next if state != next then setNextProperty(state, state.next) else setNotLockedProperty(state) endend
foreach state.next as next if state != next then setNextProperty(state, state.next) else setNotLockedProperty(state) endend
Has a FSM as input
Identification of reachable final states
setReachableFinalState(state)
Automatic property generation: implementation
Two tools are used to perform the verification, both from
Berkeley VeriABC (LONG, J.; RAY, S.; STERIN, B.; MISHCHENKO, A.; BRAYTON, R. Enhancing ABC for LTL stabilization verification of SystemVerilog/VHDL models. 2011)
ABC Model Checker (http://www.eecs.berkeley.edu/ alanmi/abc/)
11
VeriABC
ErrorTrace
ProvenDebug
RTL + SVA
AIGER ABC
Automatic property generation: implementation 12
SpecificationState
MachinesProperty
Generation
Verification flow
VeriABC
ErrorTrace
ProvenDebug
RTL + SVA
AIGER ABC
Results 13
idle send
inc.spc
F (data_available) → X (idle,send)
F(not buff_empty) → X (idle,send)
F (end_sending) → X (send,inc.spc)
F(not sending) → X (send, inc.spc)
F (wait_data) → X (inc.spc,idle)
buff_empty
data_available
sending
end_sendingwait_data
Conclusion and future work
Model checking has a coverage problem depending on
the number of properties
Automatic generation of properties is desirable
State-of-the-arts automatic generation depend of high
effort in simulation
we proposed a semi-automatic generation of properties from
state machines
Automation the formal verification helps the acceptance
in the industrial process
14
Conclusion and future work
To improve the heuristic to define and filter the
properties
To verify other modules of the UTMC
15