semi-automatic property generation for the formal verification of a satellite on-board system wesley...
TRANSCRIPT
![Page 1: Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva](https://reader035.vdocument.in/reader035/viewer/2022072016/56649ef05503460f94c00d0e/html5/thumbnails/1.jpg)
Semi-automatic Property Generation for the Formal
Verification of a Satellite On-board System
Wesley Gonçalves Silva
![Page 2: Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva](https://reader035.vdocument.in/reader035/viewer/2022072016/56649ef05503460f94c00d0e/html5/thumbnails/2.jpg)
Hardware verification
Simulation
2
Start state Error stateTestbenches
![Page 3: Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva](https://reader035.vdocument.in/reader035/viewer/2022072016/56649ef05503460f94c00d0e/html5/thumbnails/3.jpg)
Hardware verification
Formal Verification
3
Propertiestemporal logic
FSM
Formal model
Formal Verification
F – eventuallyG – alwaysN – nextU – until Start state Error state
ManuallyDefined
![Page 4: Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva](https://reader035.vdocument.in/reader035/viewer/2022072016/56649ef05503460f94c00d0e/html5/thumbnails/4.jpg)
Problem identification 4
Just data points are verified, i.e. incomplete coverage problem
Very dependent on system
Best suitable for small systems, in order to avoid the state explosion problem
How many properties are required to guarantee 100% of design coverage?
Simulation Verification Formal VerificationProperty P1
Property P2
Property P3
![Page 5: Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva](https://reader035.vdocument.in/reader035/viewer/2022072016/56649ef05503460f94c00d0e/html5/thumbnails/5.jpg)
Problem identification
Two main problems
To cover a hundred percent of the system
To automate de process
Automatic property generation is indicated
It is less susceptible to human error
Cost and time of the project can be decreased
It supports the identification of additional properties
improving the system coverage
5
![Page 6: Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva](https://reader035.vdocument.in/reader035/viewer/2022072016/56649ef05503460f94c00d0e/html5/thumbnails/6.jpg)
State-of-the-art
Rogin, F.; Klotz, T.; Fey, G.; Drechsler, R.; Riilke, S.
Automatic Generation of Complex Properties for
Hardware Designs. Design, Automation and Test in
Europe, 2008
Properties are extracted combining signals from
simulation trace data
High-quality properties depend of extensive system
simulation
6
![Page 7: Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva](https://reader035.vdocument.in/reader035/viewer/2022072016/56649ef05503460f94c00d0e/html5/thumbnails/7.jpg)
State-of-the-art
Vasudevan, S.; Sheridan, D.; Patel, S.; Tcheng, D.;
Tuohy, B.; Johnson, D. GoldMine: Automatic assertion
generation using data mining and static
analysis. Design, Automation & Test in Europe, 2010
The developed tool also extracts properties analyzing
simulation trace data
Static analysis (behavioral analysis)
Data mining (knowledge and information from simulation)
7
![Page 8: Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva](https://reader035.vdocument.in/reader035/viewer/2022072016/56649ef05503460f94c00d0e/html5/thumbnails/8.jpg)
State-of-the-art
Both applied to RTL design verification
They extract properties from simulation trace
The quality of the properties depends of the
simulation
It is required high effort in testbenches elaboration
8
![Page 9: Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva](https://reader035.vdocument.in/reader035/viewer/2022072016/56649ef05503460f94c00d0e/html5/thumbnails/9.jpg)
Property Generation
State-of-the-art: ContributionState-of-the-art: Contribution
The proposed approach
extracts properties from
state machines
Avoiding the high effort in
testbenches elaboration
A procedure explores
the state space
State Machines
Properties
Formal verification tool
Specification
![Page 10: Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva](https://reader035.vdocument.in/reader035/viewer/2022072016/56649ef05503460f94c00d0e/html5/thumbnails/10.jpg)
Semi-automatic generation 10
algorithm propertyGeneration (states)
Visit each state
Identification of the next (X) operator
Identification of infinite loops in a state
foreach states as state…
end
foreach state.next as next if state != next then setNextProperty(state, state.next) else setNotLockedProperty(state) endend
foreach state.next as next if state != next then setNextProperty(state, state.next) else setNotLockedProperty(state) endend
Has a FSM as input
Identification of reachable final states
setReachableFinalState(state)
![Page 11: Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva](https://reader035.vdocument.in/reader035/viewer/2022072016/56649ef05503460f94c00d0e/html5/thumbnails/11.jpg)
Automatic property generation: implementation
Two tools are used to perform the verification, both from
Berkeley VeriABC (LONG, J.; RAY, S.; STERIN, B.; MISHCHENKO, A.; BRAYTON, R. Enhancing ABC for LTL stabilization verification of SystemVerilog/VHDL models. 2011)
ABC Model Checker (http://www.eecs.berkeley.edu/ alanmi/abc/)
11
VeriABC
ErrorTrace
ProvenDebug
RTL + SVA
AIGER ABC
![Page 12: Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva](https://reader035.vdocument.in/reader035/viewer/2022072016/56649ef05503460f94c00d0e/html5/thumbnails/12.jpg)
Automatic property generation: implementation 12
SpecificationState
MachinesProperty
Generation
Verification flow
VeriABC
ErrorTrace
ProvenDebug
RTL + SVA
AIGER ABC
![Page 13: Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva](https://reader035.vdocument.in/reader035/viewer/2022072016/56649ef05503460f94c00d0e/html5/thumbnails/13.jpg)
Results 13
idle send
inc.spc
F (data_available) → X (idle,send)
F(not buff_empty) → X (idle,send)
F (end_sending) → X (send,inc.spc)
F(not sending) → X (send, inc.spc)
F (wait_data) → X (inc.spc,idle)
buff_empty
data_available
sending
end_sendingwait_data
![Page 14: Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva](https://reader035.vdocument.in/reader035/viewer/2022072016/56649ef05503460f94c00d0e/html5/thumbnails/14.jpg)
Conclusion and future work
Model checking has a coverage problem depending on
the number of properties
Automatic generation of properties is desirable
State-of-the-arts automatic generation depend of high
effort in simulation
we proposed a semi-automatic generation of properties from
state machines
Automation the formal verification helps the acceptance
in the industrial process
14
![Page 15: Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva](https://reader035.vdocument.in/reader035/viewer/2022072016/56649ef05503460f94c00d0e/html5/thumbnails/15.jpg)
Conclusion and future work
To improve the heuristic to define and filter the
properties
To verify other modules of the UTMC
15