Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction...
-
Upload
poppy-carroll -
Category
Documents
-
view
220 -
download
0
Transcript of Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction...
![Page 1: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/1.jpg)
Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction
Thanyapat SakunkonchakMasahiro Fujita
Department of Electronics EngineeringUniversity of Tokyo
![Page 2: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/2.jpg)
Overview Introduction Verification Flows Example Summary & Outlooks
![Page 3: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/3.jpg)
main() { par{ a.main(); b.main(); }} behavior a { main() { x=10; /*st1*/ y=x+10; /*st2*/ }} behavior b { main() { x=20; /*st3*/ }}
time
a.main()
b.main()
St1 St2
St3
Tas T1s T1e T2s T2e Tae
Tbs T3s T3e Tbe
main() { par{ a.main(); b.main(); }} behavior a { main() { x=10; /*st1*/ y=x+10; /*st2*/ notify e; /*New*/}} behavior b { main() { wait e; /*New*/ x=20; /*st3*/ }}
time
a.main()
b.main()
St1 St2
St3
Tas T1s T1e T2s T2e Tae
Tbs T3s T3e Tbe
Synchronization by Notify/wait
Synchronization in SpecC
Ambiguous results on y causing from x = 10; /*st1*/x = 20; /*st3*/
y = 20 (always)
![Page 4: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/4.jpg)
Difference Decision Diagrams (DDD)
Introduce by MΦller, et al.
Symbolic representation of ‘non-boolean’, such as inequality: less efficient if using BDD
DDD represents difference constraints (x-y≤c), x,y are integers, c is constant
Represents graph for¬(x−z<1)Λ(x−y≤0)Λ(y−z≤2)
![Page 5: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/5.jpg)
Overview Introduction Verification Flows Example Summary & Outlooks
![Page 6: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/6.jpg)
Verification Flows Goals:
Check whether given SpecC codes (with ‘par’, ‘notify/wait’) are properly synchronized
If checking fails, counter-examples should be generated (trace to source of errors)
Based on: Boolean SpecC, DDD, SVC, Program
Slicing, ...
![Page 7: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/7.jpg)
Pass
Fail
Fail
Pass
SpecC
Boolean SpecC
Linear eq/ineq Solver (DDD)
Satisfy
Program Slicing +
Validity/Satisfiability Checker
(e.g. SVC, CHAFF)
Trace to the SpecC source that correspond to the variables in Ci (C0=>x>1),(C1=>y>3) Then check for the validity/satisfiability.
behavior A() { void main(){ if (C0) { notify e ... } if (C1) { . .
Unsatisfy with
Counter Example
Refine relationship
among Ci’s
Abort No conclusion results
Automatic refinement will be done at this step
1
2
Synchronization or other properties to be checked
Verify
3
behavior A(out event e, inout int x, inout int y) { void main(){ if (x > 1) { notify e; y = x - 1; } if (y > 3) { . .
Additional constraints/conditions
4
![Page 8: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/8.jpg)
Overview Introduction Verification Flows Example Summary & Outlooks
![Page 9: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/9.jpg)
Example Sleeping barber problem
barbercustomerempty chair
barber chair
• barber: finished cutting->call customer• barber: no customer->wait• customer: barber wait->has hair cut• customer: chairs occupied->come again• customer: a chair empty->wait
![Page 10: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/10.jpg)
Examplebehavior barber (inout event call, inout bool chairOccupied,
inout int numCustomer) {
void main() {
while(1) {
if (numCustomer == 0)
DayDreaming();
else {
if (chairOccupied == true) {
KeepCutting();
chairOccupied = false;
}
else {
notify call;
chairOccupied = true;
}
}
}
}
};
behavior customer (inout event call, inout bool chairOccupied,
inout int numCustomer) {
void main() {
while(1) {
if (numCustomer == 3)
GoBack();
else {
numCustomer++;
if (chairOccupied == false) {
wait call;
numCustomer--;
}
}
}
}
};
![Page 11: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/11.jpg)
Example (verify)1. SpecC => boolean SpecC & build
Control Flow Graph (CFG)2. Verify with DDDs if result is satisfied,
terminate, else go to next step3. Use CFG to find related path and use SVC
to verify boolean variables and find the conditions imply infeasibility
4. Use those conditions and modify boolean SpecC
5. Go to 2
![Page 12: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/12.jpg)
Examplebehavior barber (inout event call, inout bool chairOccupied,
inout int numCustomer) {
void main() {
while(1) {
if (numCustomer == 0)
DayDreaming();
else {
if (chairOccupied == true) {
KeepCutting();
chairOccupied = false;
}
else {
notify call;
chairOccupied = true;
}
}
}
}
};
behavior customer (inout event call, inout bool chairOccupied,
inout int numCustomer) {
void main() {
while(1) {
if (numCustomer == 3)
GoBack();
else {
numCustomer++;
if (chairOccupied == false) {
wait call;
numCustomer--;
}
}
}
}
};
Build boolean SpecC & CFG
![Page 13: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/13.jpg)
Example (abstract)behavior barber () {
void main() {
while(a0) {
if (a1)
...
else {
if (a2) {
...
...
}
else {
notify call;
...
}
}
}
}
};
behavior customer () {
void main() {
while(b0) {
if (b1)
...
else {
...
if (b2) {
wait call;
...
}
}
}
}
};
Verify with DDDs
![Page 14: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/14.jpg)
Example (refine)behavior barber () {
void main() {
while(a0) {
if (a1) //numCustomer == 0
...
else {
if (a2) { //chairOccupied == true
...
!a2 //chairOccupied == false
}
else {
notify call;
a2 //chairOccupied == true
}
}
}
}
};
behavior customer () {
void main() {
while(b0) {
if (b1) //numCustomer == 3
...
else {
... //numCustomer++
if (b2) { //chairOccupied == false
wait call;
... //numCustomer--
}
}
}
}
};
Check predicates for validity (SVC) Verify with DDDs
![Page 15: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/15.jpg)
Example (verification) The synchronization of even ‘call’ is satisfied User-defined assertions can be used to verify
for some properties, e.g. to see whether numCustomer is more than 3
The refinement process is not automatically done. Some efforts from users are needed to browse over CFG and find the locations
numCustomer++; if (numCustomer > 3) assert(F); if (chairOccupied == false) {
![Page 16: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/16.jpg)
Overview Introduction Verification Flows Example Summary & Outlooks
![Page 17: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/17.jpg)
Summary & Outlook The verification of synchronization
issues of SpecC is described The automatic abstraction is proposed Up to the current implementation:
The refinement process is not fully automatic (CFG cooperation needs to be manually done)
Cannot handle complex SpecC construct
![Page 18: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.](https://reader030.fdocuments.net/reader030/viewer/2022013101/5697bf9e1a28abf838c94820/html5/thumbnails/18.jpg)
Summary & Outlook (2) Future plans
Make the “abstraction refinement” to be automatically operated
Expand capability to support more complex SpecC structure, e.g. loop, functions, recursive