150 likes | 314 Views
Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System. Wesley Gonçalves Silva <wesley@lisha.ufsc.br>. Hardware verification. Error state. Testbenches. Start state. Simulation. Hardware verification. Error state. Manually Defined. FSM.
E N D
Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva <wesley@lisha.ufsc.br>
Hardware verification Error state Testbenches Start state Simulation
Hardware verification Error state Manually Defined FSM Properties temporal logic F – eventually G – always N – next U – until Formal model Start state Formal Verification Formal Verification
Problem identification Formal Verification Simulation Verification • Best suitable for small systems, in order to avoid the state explosion problem • How many properties are required to guarantee 100% of design coverage? • Just data points are verified, i.e. incomplete coverage problem • Very dependent on system Property P1 Property P2 Property P3
Problem identification • Two main problems • To cover a hundred percent of the system • To automate de process • Automatic property generation is indicated • It is less susceptible to human error • Cost and time of the project can be decreased • It supports the identification of additional properties improving the system coverage
State-of-the-art • Rogin, F.; Klotz, T.; Fey, G.; Drechsler, R.; Riilke, S. Automatic Generation of Complex Properties for Hardware Designs. Design, Automation and Test in Europe, 2008 • Properties are extracted combining signals from simulation trace data • High-quality properties depend of extensive system simulation
State-of-the-art • Vasudevan, S.; Sheridan, D.; Patel, S.; Tcheng, D.; Tuohy, B.; Johnson, D. GoldMine: Automatic assertion generation using data mining and static analysis. Design, Automation & Test in Europe, 2010 • The developed tool also extracts properties analyzing simulation trace data • Static analysis (behavioral analysis) • Data mining (knowledge and information from simulation)
State-of-the-art • Both applied to RTL design verification • They extract properties from simulation trace • The quality of the properties depends of the simulation • It is required high effort in testbenches elaboration
State-of-the-art: Contribution Specification State Machines Property Generation Properties Formal verification tool • The proposed approach extracts properties from state machines • Avoiding the high effort in testbenches elaboration • A procedure explores the state space
Semi-automatic generation Has a FSM as input Visit each state foreach states as state … end foreachstate.next as next if state != next then setNextProperty(state, state.next) else setNotLockedProperty(state) end end foreachstate.next as next if state != next then setNextProperty(state, state.next) else setNotLockedProperty(state) end end setReachableFinalState(state) algorithm propertyGeneration(states) Identification of the next (X) operator Identification of infinite loops in a state Identification of reachable final states
Automatic property generation: implementation VeriABC ABC RTL + SVA AIGER Debug Error Trace Proven • Two tools are used to perform the verification, both from Berkeley • VeriABC(LONG, J.; RAY, S.; STERIN, B.; MISHCHENKO, A.; BRAYTON, R. Enhancing ABC for LTL stabilization verification of SystemVerilog/VHDL models. 2011) • ABC Model Checker (http://www.eecs.berkeley.edu/ alanmi/abc/)
Automatic property generation: implementation • Verification flow Specification State Machines Property Generation VeriABC ABC RTL + SVA AIGER Debug Error Trace Proven
Results buff_empty sending • F (data_available) → X (idle,send) • F(notbuff_empty) → X (idle,send) idle send data_available • F (end_sending) → X (send,inc.spc) • F(notsending) → X (send, inc.spc) wait_data end_sending inc. spc • F (wait_data) → X (inc.spc,idle)
Conclusion and future work • Model checking has a coverage problem depending on the number of properties • Automatic generation of properties is desirable • State-of-the-arts automatic generation depend of high effort in simulation • we proposed a semi-automatic generation of properties from state machines • Automation the formal verification helps the acceptance in the industrial process
Conclusion and future work To improve the heuristic to define and filter the properties To verify other modules of the UTMC