Presentation is loading. Please wait.

Presentation is loading. Please wait.

Survey on the Formal Verification Dept. of Nuclear and Quantum Engineering NICIEL 2003.3.17 Myung Jun Song.

Published byMelvyn Harrington Modified over 8 years ago

Similar presentations

Presentation on theme: "Survey on the Formal Verification Dept. of Nuclear and Quantum Engineering NICIEL 2003.3.17 Myung Jun Song."— Presentation transcript:

1 Survey on the Formal Verification Dept. of Nuclear and Quantum Engineering NICIEL 2003.3.17 Myung Jun Song

2 Table of contents Outline Introduction State of the Art Informal verification Formal verification Theorem proving Model checking Summary Further Study

3 Outline Objective NuSDS(tool) FBD-style specification Verification Traceability analysis Basic verification - syntax checking - semantic checking Formal verification - Theorem proving - Model checking Traceability analysis Basic verification - syntax checking - semantic checking Formal verification - Theorem proving - Model checking

4 Introduction H/W and S/W systems will inevitably grow in scale and functionality Because of this increase in complexity, the likelihood of subtle errors is much greater Today typically 50% to 70% of the design cycle time is spent in verifying correctness. There is now a wider recognition for the need to include formal methods in the verification task. Formal Methods : mathematically-based languages, techniques, and tools for specifying and verifying systems They increase understanding of a system by revealing inconsistencies, ambiguities, and incompleteness

5 State of the Art Some 20 years ago, the use of formal methods did not seem practical because Notations are too obscure Techniques did not scale with problem size Formal methods are an inadequate tool support or too hard to use They are only a few non-trivial case studies available Few people had the necessary training Recently more promising picture of formal methods is appeared S/W specification : Industry tried out notations like Z to documents system’s properties S/W verification : Industry adopted model checking and some theorem proving to complement simulation Industrial case studies are increasing confidence in using formal methods

6 Informal verification Simulation It compares against an executable version of the specification, also known as THE GOLDEN MODEL It simulates in software and hardware Test cases They are written by the designers hardly They randomly generated test vectors Problem Number of test vectors is proportional to design complexity Simulation cannot guarantee correctness H/W, S/W systems are becoming increasingly complex Number of basic components grows exponentially Designs are increasingly aggressive

7 Formal Verification

8 Definition Formal verification is to establish properties of H/W or S/W designs using logic, rather than testing or informal arguments This involves formal specification of the requirement, formal modeling of the implementation, and precise rules of inference to prove that the implementation satisfies the specification Formal verification is proving that the functions in the specification are the same as the functions in the implementation The proof is done mathematically not experimentally Functional correctness Any piece of H/W is functionally correct if we can so prove that its implementation realizes the specification

9 Advantage and Disadvantage Advantage Mathematically proves correctness Shows specification satisfies requirement properties Shows implementation satisfies the properties required by specification Higher performance Use symmetry and decomposition Collapse sets of similar behaviors into a single cases Disadvantage Often difficult to apply Tend to take too long time Gap between abstraction and real implementation Assumption about the environment

10 Theorem proving(1) A technique where both the system and its desired properties are expressed as formulas in some mathematical logic This logic is given by a formal system, which defines a set of axioms and a set of inference rules The process is to find a proof of a property from the axioms of the system It can deal directly with infinite state spaces The automated systems have been useful as general search procedures and have had noteworthy success in solving various combinatorial problems The interactive systems have been more suitable for the systematic formal development of mathematics and in mechanizing formal methods

11 Theorem proving(2) Advantage gains invaluable insight into the system of the property being proved Disadvantage slow error-prone

12 Notable examples(1) SRT division algorithm In 1995 Clarke, German, and Zhao used automatic theorem- proving techniques based in symbolic algebraic manipulation to prove the correctness of an SRT division algorithm similar to the one in the Pentium AAMP5 During 1993-1995 Srivas of the Stanford Research Institute and Miller of Rockwell International collaborated on the specification and verification of the Collins Commercial Avionics AAMP5 micro- processor They used PVS to specify AAMP5 instruction and to verify microcode about instructions

13 Notable examples(2) Motorola CAP During 1992-1996 Brock of Computational Logic, Inc., working in collaboration with Motorola designers, developed a ACL2 specification of the entire Motorola Complex Arithmetic Processor (CAP) Brock verified binary microcode about some DSP (Digital Signal Processing) algorithm using ACL2

14 Theorem provers User-guided automatic deduction tools Systems like ACL2 and LP are guided by a sequence of definitions but each theorem is proved automatically using built-in heuristics for induction, lemma-driven rewriting, and simplication Proof checkers Example include HOL and LEGO They have been used to formalize and verify hard problems in mathematics and in program verification Combination provers Analytica, which combines theorem proving with the symbolic algebra system Mathematica, has successfully proved some hard number-theoretic problems PVS has been used to verify a number of H/W designs and reactive, real-time, and fault-tolerant algorithms

15 Model Checking(1) A technique that relies on building a finite model of a system and checking that a desired property holds on that model The check is performed as an exhaustive state space search which is guaranteed to terminate since the model is finite The technical challenge in model checking is in devising algorithms and data structures that allow us to handle large search spaces The current trend is to apply this technique to analyzing specifications of S/W systems General approaches to model checking Temporal model checking automaton

16 Model Checking(2) Advantages automatic fast partial specification Counterexample Disadvantages state explosion problem Model checkers today are routinely expected to handle systems with between 100 and 200 state variables Model checkers have checked interesting systems with reachable states, and by using appropriate abstraction techniques

17 Notable examples(1) IEEE Futurebus+ In 1992 Clarke and his students at Carnegie Mellon used SMV to verify the cache coherence protocol described in the IEEE Futurebus+ Standard 896.1-1991 They found a number of previously undetected errors and potential errors in the design of the protocol ISDN The NewCoRe Project was the first full-scale application of formal verification methods in a routine S/W design project within AT&T Formal modeling and automated verification were applied to the development of the International Telecommunications Union ISDN/IUPP A total of 7,500 lines of source code was verified; 112 errors were revealed in the high-level design; approximately 55% of the original design requirements were discovered to be logically inconsistent

18 Notable examples(2) PowerScale In 1995 a group at Bull in collaboration with researchers of the Verimag Lab. used LOTOS to describe the processors, memory controller, and bus arbiter of the multiprocessor architecture called PowerScale This architecture is based on PC, servers, and workstations The correctness of the arbitration algorithm was established automatically in a few minutes

19 Model checkers Temporal logic model checkers SMV is the first model checker to use BDDs The SPIN system uses partial order reduction to reduce the state explosion problem HyTech is a model checker for hybrid systems Behavior conformance checkers FDR checks refinement between CSP programs Combination checkers STeP combines model checking with deductive methods VIS combines model checking with logic synthesis

20 Summary Theorem ProvingModel Checking Definition A technique where both the system and its desired properties are expressed as formulas in some mathematical logic given by a set of axioms and a set of inference rules A technique that relies on building a finite model of a system and checking that a desired property holds on that model Advantages high abstraction and powerful logic expressiveness Unrestricted applications Useful for verifying parameterized datapath-dominated circuits completely automatic fast provides counterexamples for identifying design errors Disadvantages Interactive (under user guidance) Usable by experts Automated for narrow classes of designs state explosion problem problems with large data paths low abstraction level Tools PVS ACL2 HOL SMV SPIN VIS

21 Further study Traceability analysis Formal verification in PLC programming Tool of formal verification

Download ppt "Survey on the Formal Verification Dept. of Nuclear and Quantum Engineering NICIEL 2003.3.17 Myung Jun Song."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Functional Decompositions for Hardware Verification With a few speculations on formal methods for embedded systems Ken McMillan.

Functional Decompositions for Hardware Verification With a few speculations on formal methods for embedded systems Ken McMillan.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Conclusion Summary Research trends Resources.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Conclusion Summary Research trends Resources.
Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.

Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
1 Regression-Verification Benny Godlin Ofer Strichman Technion.

1 Regression-Verification Benny Godlin Ofer Strichman Technion.
What are Formal Verification Methods Mathematically based languages, techniques and tools for specifying and verifying systems Language – Clear unambiguous.

What are Formal Verification Methods Mathematically based languages, techniques and tools for specifying and verifying systems Language – Clear unambiguous.
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
SYMBOLIC MODEL CHECKING: 10 20 STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.

SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.
6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.

6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (www.dcs.warwick.ac.uk/~doron/notes.html)

Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.

Similar presentations

Ads by Google