Component-Based Abstraction and Refinement Juncao Li 1, Xiuli Sun 2, Fei Xie 1, and Xiaoyu Song 2 1 Dept. of Computer Science 2 Dept. of ECE Portland State.

Slides:



Advertisements
Similar presentations
Verified Systems by Composition from Verified Components Fei Xie and James C. Browne.
Advertisements

Model Checking for an Executable Subset of UML Fei Xie 1, Vladimir Levin 2, and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories,
Algorithmic Software Verification VII. Computation tree logic and bisimulations.
Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.
ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.
Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Simulation Verification of Different Constraints in System Level Design in SystemC Piyush Ranjan Satapathy CS220 Class Project Presentation.
Timed Automata.
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by SRC Contract.
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by Intel.
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Fault Detection in a HW/SW CoDesign Environment Prepared by A. Gaye Soykök.
Integration of Model Checking into Software Development Processes Fei Xie.
Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar Shaz Qadeer.
Hardware/Software System Design and Validation Dr. Xiaoyu Song Networked Sensors Architecture Platform based on Component-based.
1 HW/SW Partitioning Embedded Systems Design. 2 Hardware/Software Codesign “Exploration of the system design space formed by combinations of hardware.
Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar [UC Berkeley] Shaz Qadeer [Microsoft Research]
Verification of Hierarchical Cache Coherence Protocols for Future Processors Student: Xiaofang Chen Advisor: Ganesh Gopalakrishnan.
FunState – An Internal Design Representation for Codesign A model that enables representations of different types of system components. Mixture of functional.
Component-Based Abstraction Juncao Li Dept. of Computer Science Portland State University.
ESIDE: An Integrated Development Environment for Component-Based Embedded Systems Nicholas T. Pilkington, Juncao Li, and Fei Xie Department of Computer.
Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.
Embedded Architecture Description Language Qiang Liu School of Software, Tshinghua University Joint work with Juncao Li, Nick Pilkington, and Fei Xie Dept.
Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by SRC Contract.
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
Maria-Cristina Marinescu Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology A Synthesis Algorithm for Modular Design of.
Maria-Cristina Marinescu Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology High-level Specification and Efficient Implementation.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
UML - Development Process 1 Software Development Process Using UML (2)
Verification Case Studies with ObjectCheck Fei Xie (Joint work with James C. Browne, Robert P. Kurshan, and Vladimir Levin) Presentation at Microsoft Research,
Using Mathematica for modeling, simulation and property checking of hardware systems Ghiath AL SAMMANE VDS group : Verification & Modeling of Digital systems.
Automatic Abstraction Refinement for GSTE Yan Chen, Yujing He, and Fei Xie Portland State University Jin Yang Intel Nov 13, 2007.
Software Life Cycle Requirements and problem analysis. –What exactly is this system supposed to do? Design –How will the system solve the problem? Coding.
1 Automatic Refinement and Vacuity Detection for Symbolic Trajectory Evaluation Orna Grumberg Technion Haifa, Israel Joint work with Rachel Tzoref.
Testing -- Part II. Testing The role of testing is to: w Locate errors that can then be fixed to produce a more reliable product w Design tests that systematically.
High Performance Embedded Computing © 2007 Elsevier Lecture 3: Design Methodologies Embedded Computing Systems Mikko Lipasti, adapted from M. Schulte Based.
High Performance Embedded Computing © 2007 Elsevier Chapter 1, part 2: Embedded Computing High Performance Embedded Computing Wayne Wolf.
CS6133 Software Specification and Verification
Hardware/Software Co-design Design of Hardware/Software Systems A Class Presentation for VLSI Course by : Akbar Sharifi Based on the work presented in.
Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specifications 1.
© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.
Formalizing Hardware/Software Interface Specifications
1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.
May University of Glasgow Generalising Feature Interactions in Muffy Calder, Alice Miller Dept. of Computing Science University of Glasgow.
1 Copyright  2001 Pao-Ann Hsiung SW HW Module Outline l Introduction l Unified HW/SW Representations l HW/SW Partitioning Techniques l Integrated HW/SW.
© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.
Towards Interoperability Test Generation of Time Dependent Protocols: a Case Study Zhiliang Wang, Jianping Wu, Xia Yin Department of Computer Science Tsinghua.
Verification & Validation By: Amir Masoud Gharehbaghi
CSCI1600: Embedded and Real Time Software Lecture 11: Modeling IV: Concurrency Steven Reiss, Fall 2015.
Formal Verification. Background Information Formal verification methods based on theorem proving techniques and model­checking –To prove the absence of.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
SystemC Semantics by Actors and Reduction Techniques in Model Checking Marjan Sirjani Formal Methods Lab, ECE Dept. University of Tehran, Iran MoCC 2008.
Compositional Verification for System-on-Chip Designs SRC Student Symposium Paper 16.5 Nishant Sinha Edmund Clarke Carnegie Mellon University.
Complexity Relief Techniques for Model Checking METU, Aug SOFTWARE VERIFICATION WORKSHOP Hüsnü Yenigün Sabanci University Informatics Institute,
Aaron Gember-Jacobson
Software Design Methodology
Logical architecture refinement
Model Checking for an Executable Subset of UML
Presentation transcript:

Component-Based Abstraction and Refinement Juncao Li 1, Xiuli Sun 2, Fei Xie 1, and Xiaoyu Song 2 1 Dept. of Computer Science 2 Dept. of ECE Portland State University

System Verification Laboratory, Portland State University2 Agenda Problems and Challenges Component-Based Abstraction and Refinement Case Studies and Evaluations Conclusions and Future Work

System Verification Laboratory, Portland State University3 Goal Correctness of Development and Reuse in Component-Based Development (CBD) In CBD: –A system is developed by components –Components do not share states –Communicate through interfaces

System Verification Laboratory, Portland State University4 Problems of CBD Same interface, but different behaviors Literal specification is not accurate Whether sub-components together can implement system functionalities Explosion of Ariane 5 rocket on June 4, 1996 (cost $500 million)

System Verification Laboratory, Portland State University5 Solution: Model Checking Checking whether a given model conforms to given formal specifications –Model, e.g., hardware or software design –Formal specification, e.g., temporal logic formula

System Verification Laboratory, Portland State University6 State Space Explosion Model checking tries all possibilities State space explosion –Possible states and execution paths in a real-world system could be too large to explore Compositional reasoning for CBD –Decompose system into modules –Check module properties locally –Derive system properties from the module properties –Potential to relieve the problem

System Verification Laboratory, Portland State University7 Research Challenges How to reuse verification efforts –Verified properties should not be checked again How to build the abstraction for verification –Important to reduce the complexity How to determine the causes for a compositional reasoning failure –Real error or abstraction inaccuracy

System Verification Laboratory, Portland State University8 Our Contributions Verification reuse –Verified properties as component abstractions Automatic component-based abstraction algorithm Mechanized assistant for abstraction refinement Application –Co-verification of embedded systems: consider both HW and SW in verification

System Verification Laboratory, Portland State University9 Agenda Problems and Challenges Component-Based Abstraction and Refinement Case Studies and Evaluations Conclusions and Future Work

System Verification Laboratory, Portland State University10 Unifying hardware and software component models Component = (Design, Interface, Properties) HW, SW, and bridge components –Different design and interface specifications –Same property specification Verified properties are associated with components Unified Component Model Software Component Software Component Software Component Bridge Component Bridge Component Hardware Component Hardware Component

System Verification Laboratory, Portland State University11 Environment of C (Components interacting with C ) Component Property A property of a component C is a pair (p, A(p)) –p is a temporal assertion –A(p) is a set of assumptions on environment of C –p is verified assuming A(p) holds. C p A(p)  p holds on C A(p) Assumptions = Assumed Properties

System Verification Laboratory, Portland State University12 Example: Software Sensor Component Output Message Type Component Boundary xUML Object Instance Input Message Type

System Verification Laboratory, Portland State University13 Software Sensor Properties /* Properties on overall component functionality */ IfRepeatedly (C_Intr) Repeatedly (Output); /* Properties on interactions with software components */ After (Output) Never (Output) UnlessAfter (OP_Ack); /* Properties on interactions with hardware and responses to scheduling */ After (C_Intr) Eventually (C_Ret); Never (C_Ret) UnlessAfter (C_Intr); After (C_Ret) Never (C_Ret) UnlessAfter (C_Intr); After (A_Intr) Eventually (A_Ret); Never (A_Ret) UnlessAfter (A_Intr); After (A_Ret) Never (A_Ret) UnlessAfter (A_Intr); After (ADC.Pending) Never (ADC.Pending) UnlessAfter (A_Ret); After (S_Schd) Eventually (S_Ret); Never (S_Ret) UnlessAfter (S_Schd); After (S_Ret) Never (S_Ret) UnlessAfter (S_Schd); After (STQ.Empty = False) Never (STQ.Empty = False) UnlessAfter (S_Ret);

System Verification Laboratory, Portland State University14 Software Sensor Assumptions /* Assumptions on interactions with software components */ After (Output) Eventually (OP_Ack); Never (OP_Ack) UnlessAfter (Output); After (OP_Ack) Never (OP_Ack) UnlessAfter (Output); /* Assumptions on interactions with hardware and on scheduling */ After (C_Intr) Never (C_Intr+A_Intr+S_Schd) UnlessAfter (C_Ret); After (ADC.Pending) Eventually (A_Intr); Never (A_Intr) UnlessAfter (ADC.Pending); After (A_Intr) Never (C_Intr+A_Intr+S_Schd) UnlessAfter (A_Ret); After (A_Ret) Never (A_Intr) UnlessAfter (ADC.Pending) After (STQ.Empty = FALSE) Eventually (S_Schd); Never (S_Schd) UnlessAfter (STQ.Empty = FALSE); After (S_Schd) Never (C_Intr+A_Intr+S_Schd) UnlessAfter (S_Ret); After (S_Ret) Never (S_Schd) UnlessAfter (STQ.Empty = FALSE);

System Verification Laboratory, Portland State University15 Unify hardware and software semantics via translation Verilog-to-S/R Translation Semantics Mapping xUML-to-S/R Translation Semantics Mapping Asynchronous Interleaving Message-passing Semantics ω-automaton Semantics Synchronous Clock- driven Semantics Executable UML (xUML) S/RVerilog Semantics Conformance Semantics Conformance Semantics Conformance

System Verification Laboratory, Portland State University16 Properties as Component Abstractions ω-automaton ω2 (simulating the interface of C2; non-deterministic) ω-automaton ω1 (simulating the interface of C1; non-deterministic) ω-automaton env (simulating the interface of the composition’s environment; non-deterministic) Abstraction for checking p on the composition of C1 and C2: Constraints: properties of C1 related to p and whose assumptions hold Constraints: properties of C2 related to p and whose assumptions hold Constraints: the composition’s environment assumptions related to p Note: Circular reasoning must be ruled out by appropriate compositional reasoning rules.

System Verification Laboratory, Portland State University17 Key Challenges in Abstraction (1) What component properties are related? –ABV tends to introduce many properties Construct property dependency graph –Add dependency arcs of (q, A(q)) based on A(q) –Dependency analysis based on variables –Optimizations based on property templates Differentiating safety and liveness properties Utilizing template semantics to remove false arcs

System Verification Laboratory, Portland State University18 Dependency Graph Example

System Verification Laboratory, Portland State University19 Key Challenges in Abstraction (2) What component properties can be included? –Properties have assumptions –Circular dependencies among properties Enable component properties optimistically –Follow the dependency graph –Check whether their assumptions are satisfied –Assume that dependency cycles do not cause problems Detect cycles of liveness properties –No cycle with both safety and liveness properties –Cycles of safety properties not a problem

System Verification Laboratory, Portland State University20 Automatic Abstraction Algorithm

System Verification Laboratory, Portland State University21 Automatic Abstraction Algorithm (Cont.)

System Verification Laboratory, Portland State University22 Mechanized Refinement Assistant Unsatisfied assumptions of component properties Identification –Breadth-first search on the dependency graph –All nodes marked “directly unsatisfied” and reachable from (true, {p}) only via “indirectly unsatisfied” nodes Automatic remedies –Verify unsatisfied assumptions of identified properties Manual remedies –Modify existing component properties –Introduce new component properties

System Verification Laboratory, Portland State University23 Mechanized Refinement Assistant (Cont.) Liveness property dependency cycles Identification –Done in abstraction algorithm Automatic remedies –Exclude properties on the cycles –Apply CR rules with automatic checks [Amla, et al. 01] Manual remedies –Conduct temporal inductions [McMillan 99] –Modify component properties involved

System Verification Laboratory, Portland State University24 Agenda Problems and Challenges Component-Based Abstraction and Refinement Case Studies and Evaluations Conclusions and Future Work

System Verification Laboratory, Portland State University25 Bottom-Up Verification of Basic Components Verification of primitive HW/SW components Direct application of model checking Verification of properties shown before Properties are verified under their assumptions ComponentsTime (Seconds)Memory (Mbytes) S-SEN S-NET H-CLK H-SEN H-NET

System Verification Laboratory, Portland State University26 Top-Down Verification of Basic Sensor System Properties of bridge components –Derived from properties of HW/SW components they connect –Verified in 3.76 seconds and 6.03 MB and 0.66 seconds and 4.07 MB System property –Verified on an abstraction constructed from component properties –Using 0.1 seconds and 3.40 MB Repeated Transmission Property: Repeated (H-NET.flag); Repeated (H-NET.flag = False) S-SENS-NET H-CLKH-SEN H-NET Bridge

System Verification Laboratory, Portland State University27 Top-Down Verification of Basic Sensor (Cont.) Abstraction construction and verification –No verified component properties are included –The property does not hold on the abstraction Abstraction refinement –Introducing and verifying new component properties –Facilitating detection of design errors No Consecutive 1’s Property: Never ((S-NET.RFM.Rev=1) and (S-NET.RFM.Buf=1) and (S-NET.RFM.Status=Transmitting)) S-SENS-NET H-CLKH-SEN H-NET Bridge

System Verification Laboratory, Portland State University28 Top-Down Verification of Multi-Sensor System Properties of new bridge component –Derived from properties of HW/SW components it connects –Verified in seconds and 6.05 MB System property –Verified on an abstraction constructed from component properties –Using 0.1 seconds and 3.40 MB Repeated Transmission Property: Repeated (H-NET.flag); Repeated (H-NET.flag = False) S-SENS-NET H-CLKH-SEN 1H-SEN 2H-NET Bridge

System Verification Laboratory, Portland State University29 Top-Down Verification of Encryption-Enabled Sensor Properties of S-ENC and H-ENC –Verified in 0.24 seconds and 3.57 MB and 0.22 seconds and 3.39 MB Properties of new bridge component –Verified in seconds and 6.05 MB System property –Verified on an abstraction constructed from component properties –Using 0.1 seconds and 3.40 MB Repeated Transmission Property: Repeated (H-NET.flag); Repeated (H-NET.flag = False) S-SENS-ENCS-NET H-CLKH-SENH-ENCH-NET Bridge

System Verification Laboratory, Portland State University30 Integrated Verification of New Reusable Components A new reusable composite component: encryption-enabled network is constructed bottom-up Properties IfRepeatedly (Raw) Repeatedly (HNET.flag); IfRepeatedly (Raw) Repeatedly (HNET.flag=False); After (Raw) Eventually (Raw_Ack); Never (Raw_Ack) UnlessAfter (Raw); After (Raw_Ack) Never (Raw_Ack) UnlessAfter (Raw); Assumptions: After (Raw) Never (Raw+E_Intr+N_Schd+R_Intr) UnlessAfter (Raw_Ack); After (E_Intr) Never (Raw+E_Intr+N_Schd+R_Intr) UnlessAfter (E_Ret); After (N_Schd) Never (Raw+E_Intr+N_Schd+R_Intr) UnlessAfter (N_Ret); After (R_Intr) Never (Raw+E_Intr+N_Schd+R_Intr) UnlessAfter (R_Ret); S-ENCS-NET H-ENCH-NET Bridge

System Verification Laboratory, Portland State University31 Verification of the repeated transmission property on three systems Conducted on a SUN Workstation with 1GHZ CPU and 2GB memory CBCV: Time (or memory) usage = sum (or max) of time (or memory) usages for verifying new components and abstractions Scalability Evaluation on Small-Size Systems UsagesBasicMultiEncrypting FlatTime (Sec.) Out of memory FlatMem. (MB) Manual CBCVTime (Sec.) Manual CBCVMem. (MB) Manual CBCV# of COSPAN Calls824 Automatic CBCVTime (Sec.) Automatic CBCVMem. (MB) Automatic CBCV# of COSPAN Calls392439

System Verification Laboratory, Portland State University32 Agenda Problems and Challenges Component-Based Co-Verification Case Studies and Evaluations Conclusions and Future Work

System Verification Laboratory, Portland State University33 Conclusions and Future Work An important step towards component-based HW/SW co-verification of embedded systems Preliminary results are promising –Achieved major verification reuse –Led to order-of-magnitude verification reductions Future work –Heuristics for automating property formulation –Further evaluation and cost quantification

System Verification Laboratory, Portland State University34 Further Information Website: – Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.