Analog property checkers: a DDR2 case study

The formal specification component of verification can be exported to simulation through the idea of property checkers. The essence of this approach is the automatic construction of an observer from the specification in the form of a program that can be interfaced with a simulator and alert the user if the property is violated by a simulation trace. Although not complete, this lighter approach to formal verification has been effectively used in software and digital hardware to detect errors. Recently, the idea of property checkers has been extended to analog and mixed-signal systems.     

Practical formal verification in microprocessor design

Practical application of formal methods requires more than advanced technology and tools; it requires an appropriate methodology. A verification methodology for data-path-dominated hardware combines model checking and theorem proving in a customizable framework. This methodology has been effective in large-scale industrial trials, including verification of an IEEE-compliant floating-point adder     

Synthesizing safe control-command systems out of reusable components

This paper presents a safe design method for control-command embedded systems. It investigates the problem of building control-command systems out of Commercial off the shelf (COTS) components. The design method proposed uses in synergy the formal verification (FV) and the Discrete Controller Synthesis (DCS) techniques. COTS are formally specified using temporal logic and/or executable observers. New functions are built by assembling COTS together. As the COTS assembly operation is seldom error-free, behavioral incompatibilities may persist between COTS. For these reasons, COTS assemblies need to be formally verified and if errors are found, an automatic correction is attempted using DCS. The control-command code generated by DCS needs hardware specific post-processing: a structural decomposition, followed by a controllability assessment, followed by a dedicated formal verification step, ensuring that no spurious behavior is added by DCS. The resulting system is ready for hardware (e.g. FPGA) implementation.     

一种带偏置的基于相关性分析的Cache一致性协议验证方法

Cache一致性协议作为CC-NUMA系统的硬件基础,在CC-NUMA系统的设计过程中占有举足轻重的地位。对于复杂的CC-NUMA系统,由于其Cache一致性协议十分复杂,通常难以进行形式化验证,而常规的伪随机模拟又存在验证效率低下的问题。本文提出了一种对复杂CC-NUMA系统中Cache一致性协议进行模拟验证的方法。该方法通过对验证覆盖目标进行相关性分析,使用偏置技术对传统伪随机模拟验证方法进行了改进。实际验证结果表明,改进后的方法使得模拟验证覆盖率的增长速率有了明显提高。     

Formal hardware verification methods: A survey

Growing advances in VLSI technology have led to an increased level of complexity in current hardware systems. Late detection of design errors typically results in higher costs due to the associated time delay as well as loss of production. Thus it is important that hardware designs be free of errors. Formal verification has become an increasingly important technique towards establishing the correctness of hardware designs. In this article we survey the research that has been done in this area, with an emphasis on more recent trends. We present a classification framework for the various methods, based on the forms of the specification, the implementation, and the proff method. This framework enables us to better highlight the relationships and interactions between seemingly different approaches.     

共识协议的形式化验证研究现状与展望

分布式系统在计算环境中发挥重要的作用,其中的共识协议算法用于保证节点间行为的一致性.共识协议的设计错误可能导致系统运行故障,严重时可能对人员和环境造成灾难性的后果,因此保证共识协议设计的正确性非常重要.形式化验证能够严格证明设计模型中目标性质的正确性,适合用于验证共识协议.然而,随着分布式系统的规模增大,问题复杂度提升,使得分布式共识协议的形式化验证更为困难.采用什么方法对共识协议的设计进行形式化验证、如何提升验证规模,是共识协议形式化验证的重要研究问题.对目前采用形式化方法验证共识协议的研究工作进行调研,总结其中提出的重要建模方法和关键验证技术,并展望该领域未来有潜力的研究方向.     

优化OBDD性能的变量量化调度算法研究

在目前VLSI设计流程中,采用模型检测技术来实现形式化验证对可靠的硬件设计具有重要的意义。在以有序二值决策图(OBDD)为基础的符号综合和验证过程中,需要对有限状态机各传输关系合取运算的先后顺序进行量化调度,从而降低求解过程中各临时OBDD所消耗的内存资源,也就降低了对某些验证的状态空间爆炸的风险。调度策略通过对各传输关系与量化变量构成的关联矩阵的分析,以不断降低变量的平均生存量化跨度为目标,提出了能减少变量参与合取运算次数的MSTA(Minimum Subsist-ence Traversal Algorithm)过程、关联矩阵的连接子图分解策略和考虑关联矩阵中前后行关联程度的串接过程。实验表明了此合取量化调度过程的有效性和鲁棒性。     

Formal verification of hardware correctness: introduction andsurvey of current research

Formal verification techniques are analyzed, focusing on two key points: suitable representation systems and mechanizable proofs. Different approaches to hardware verification are first examined, and formal verification and automated synthesis are compared to show how they cooperate in producing zero-defect designs. The different techniques are evaluated. Cross fertilization with software verification techniques is discussed     

可信系统性质的分类和形式化研究综述

计算机系统被应用于各种重要领域,这些系统的失效可能会带来重大灾难.不同应用领域的系统对于可信性具有不同的要求,如何建立高质量的可信计算机系统,是这些领域共同面临的巨大挑战.近年来,具有严格数学基础的形式化方法已经被公认为开发高可靠软硬件系统的有效方法.目标是对形式化方法在不同系统的应用进行不同维度的分类,以更好地支撑可信软硬件系统的设计.首先从系统的特征出发,考虑6种系统特征:顺序系统、反应式系统、并发与通信系统、实时系统、概率随机系统以及混成系统.同时,这些系统又运行在众多应用场景,分别具有各自的需求.考虑4种应用场景:硬件系统、通信协议、信息流以及人工智能系统.对于以上的每个类别,介绍和总结其形式建模、性质描述以及验证方法与工具.这将允许形式化方法的使用者对不同的系统和应用场景,能够更准确地选择恰当的建模、验证技术与工具,帮助设计人员开发更加可靠的系统.     

网络验证研究综述

随着计算机网络规模和复杂度的日益增长,网络管理人员难以保证网络意图得到了正确实现,错误的网络配置将影响网络的安全性和可用性.受到形式化方法在硬软件验证领域中成功应用的启发,研究人员将形式化方法应用到网络中,形成了一个新的研究领域,即网络验证(network verification),旨在使用严格的数学方法证明网络的正确性.网络验证已经成为当下网络和安全领域的热点研究,其研究成果也在实际网络中得到了成功应用.从数据平面验证、控制平面验证和有状态网络验证3个研究方向,对网络验证领域的已有研究成果进行了系统总结,对研究热点内容与解决方法进行了分析,旨在整理网络验证领域的发展脉络,为本领域研究者提供系统性文献参考和未来工作展望.     

Formal verification of algorithms for critical systems

The authors describe their experience with formal, machine-checked verification of algorithms for critical applications, concentrating on a Byzantine fault-tolerant algorithm for synchronizing the clocks in the replicated computers of a digital flight control system. The problems encountered in unsynchronized systems and the necessity, and criticality, of fault-tolerant synchronization are described. An overview of one such algorithm and of the arguments for its correctness are given. A verification of the algorithm performed using the authors' EHDM system for formal specification and verification is described. The errors found in the published analysis of the algorithm and benefits derived from the verification are indicated. Based on their experience, the authors derive some key requirements for a formal specification and verification system adequate to the task of verifying algorithms of the type considered. The conclusions regarding the benefits of formal verification in this domain and the capabilities required of verification systems in order to realize those benefits are summarized     

L4虚拟内存子系统的形式化验证

第二代微内核L4在灵活度和性能方面极大地弥补了第一代微内核的不足,这引起学术界和工业界的关注.内核是实现操作系统的基础组件,一旦出现错误,可能导致整个系统瘫痪,进一步对用户造成损失.因此,提高内核的正确性和可靠性至关重要.虚拟内存子系统是实现L4内核的关键机制,聚焦于对该机制进行形式建模和验证.构建了L4虚拟内存子系统的形式模型,该模型涉及映射机制所有操作、地址空间所有管理操作以及带TLB的MMU行为等;形式化了功能正确性、功能安全和信息安全三方面的属性;通过部分正确性、不变式以及展开条件的推理,在定理证明器Isabelle/HOL中证明了提出的形式模型满足这些属性.在建模和验证过程中,发现源代码在功能正确性和信息安全方面共存在3点问题,给出了相应的解决方案或建议.     

Embedded Software Verification Using Symbolic Execution and Uninterpreted Functions

Symbolic simulation and uninterpreted functions have long been staple techniques for formal hardware verification. In recent years, we have adapted these techniques for the automatic, formal verification of low-level embedded software—specifically, checking the equivalence of different versions of assembly language programs. Our approach, though limited in scalability, has proven particularly promising for the intricate code optimizations and complex architectures typical of high-performance embedded software, such as for DSPs and VLIW processors. Indeed, one of our key findings was how easy it was to create or retarget our verification tools to different, even very complex, machines. The resulting tools automatically verified or found previously unknown bugs in several small sequences of industrial and published example code. This paper provides an introduction to these techniques and a review of our results.     

Verification of Mondex electronic purses with KIV: from transactions to a security protocol

The Mondex case study about the specification and refinement of an electronic purse as defined in the Oxford Technical Monograph PRG-126 has recently been proposed as a challenge for formal system-supported verification. In this paper we report on two results. First, on the successful verification of the full case study using the KIV specification and verification system. We demonstrate that even though the hand-made proofs were elaborated to an enormous level of detail we still could find small errors in the underlying data refinement theory, as well as the formal proofs of the case study. Second, the original Mondex case study verifies functional correctness assuming a suitable security protocol. We extend the case study here with a refinement to a suitable security protocol that uses symmetric cryptography to achieve the necessary properties of the security-relevant messages. The definition is based on a generic framework for defining such protocols based on abstract state machines (ASMs). We prove the refinement using a forward simulation. J. C. P. Woodcock     

Automatic synthesis and verification of real-time embedded software for mobile and ubiquitous systems

Currently available application frameworks that target the automatic design of real-time embedded software are poor in integrating functional and non-functional requirements for mobile and ubiquitous systems. In this work, we present the internal architecture and design flow of a newly proposed framework called Verifiable Embedded Real-Time Application Framework (VERTAF), which integrates three techniques namely software component-based reuse, formal synthesis, and formal verification. Component reuse is based on a formal unified modeling language (UML) real-time embedded object model. Formal synthesis employs quasi-static and quasi-dynamic scheduling with multi-layer portable efficient code generation, which can output either real-time operating systems (RTOS)-specific application code or automatically generated real-time executive with application code. Formal verification integrates a model checker kernel from state graph manipulators (SGM), by adapting it for embedded software. The proposed architecture for VERTAF is component-based which allows plug-and-play for the scheduler and the verifier. The architecture is also easily extensible because reusable hardware and software design components can be added. Application examples developed using VERTAF demonstrate significantly reduced relative design effort as compared to design without VERTAF, which also shows how high-level reuse of software components combined with automatic synthesis and verification increases design productivity.