Chaining Test Cases for Reactive System Testing (extended version)

Testing of synchronous reactive systems is challenging because long input sequences are often needed to drive them into a state at which a desired feature can be tested. This is particularly problematic in on-target testing, where a system is tested in its real-life application environment and the time required for resetting is high. This paper presents an approach to discovering a test case chain---a single software execution that covers a group of test goals and minimises overall test execution time. Our technique targets the scenario in which test goals for the requirements are given as safety properties. We give conditions for the existence and minimality of a single test case chain and minimise the number of test chains if a single test chain is infeasible. We report experimental results with a prototype tool for C code generated from Simulink models and compare it to state-of-the-art test suite generators.Comment: extended version of paper published at ICTSS'1

Strong Induction in Hardware Model Checking

Symbolic Model checking is a widely used technique for automated verification of both hardware and software systems. Unbounded SAT-based Symbolic Model Checking (SMC) algorithms are very popular in hardware verification. The principle of strong induction is one of the first techniques for SMC. While elegant and simple to apply, properties as such can rarely be proven using strong induction and when they can be strengthened, there is no effective strategy to guess the depth of induction. It has been mostly displaced by techniques that compute inductive strengthenings based on interpolation and property directed reachability (PDR). In this thesis, we prove that strong induction is more concise than induction. We then present kAvy, an SMC algorithm that effectively uses strong induction to guide interpolation and PDR-style incremental inductive invariant construction. Unlike pure strong induction, kAvy uses PDR-style generalization to compute and strengthen an inductive trace. Unlike pure PDR, kAvy uses relative strong induction to construct an inductive invariant. The depth of induction is adjusted dynamically by minimizing a proof of unsatisfiability. We have implemented kAvy within the Avy Model Checker and evaluated it on HWMCC instances. Our results show that kAvy is more effective than both Avy and PDR, and that using strong induction leads to faster running time and solving more instances. Further, on a class of benchmarks, called shift, kAvy is orders of magnitude faster than Avy, PDR and pure strong induction

Exploiting Satisfiability Solvers for Efficient Logic Synthesis

Logic synthesis is an important part of electronic design automation (EDA) flows, which enable the implementation of digital systems. As the design size and complexity increase, the data structures and algorithms for logic synthesis must adapt and improve in order to keep pace and to maintain acceptable runtime and high-quality results. Large circuits were often represented using binary decision diagrams (BDDs) that were rapidly adopted by logic synthesis tools beginning in the 1980s. Nowadays, BDD-based algorithms are still enhanced, but the possibilities for improvement are somewhat saturated after some 35 years of research. Alternatively, the first EDA applications that exploit Boolean satisfiability (SAT) were developed in the 1990s. Despite the worst-case exponential runtime of SAT solvers, rapid progress in their performance enabled the creation of efficient SAT-based algorithms. Yet, logic synthesis started using SAT solvers more diffusely only in the last decade. Therefore, thorough research is still required both for exploiting SAT solvers and for encoding logic synthesis problems into SAT. Our main goal in this thesis is to facilitate and promote the further integration of SAT solvers into EDA by proposing and evaluating novel SAT-based algorithms that can be used as building blocks in logic synthesis tools. First, we propose a rapid algorithm for LEXSAT, which generates satisfying assignments in lexicographic order. We show that LEXSAT can bring canonicity, which guarantees the generation of unique results, when using SAT solvers in EDA applications. Next, we present a new SAT-based algorithm that progressively generates irredundant sums of products (SOPs), which still play a crucial role in many logic synthesis tools. Using LEXSAT, for the first time, we can generate canonical SAT-based SOPs that, much like BDD-based SOPs, are unique for a given function and variable order but could relax canonicity in order to improve speed and scalability. Unlike BDDs, due to its progressive nature, our algorithm can generate partial SOPs for applications that can work with incomplete circuit functionality. It is noteworthy that both LEXSAT and the SAT-based SOPs are applicable beyond logic synthesis and EDA. Finally, we focus on resubstitution, which reimplements a given Boolean function as a new function that depends on a set of existing functions called divisors. We propose the carving interpolation algorithm that, unlike the traditional Craig interpolation, forces the use of a specific divisor as an input of the new function. This is particularly useful for global circuit restructuring and for some synthesis-based engineering change order (ECO) algorithms. Furthermore, we compare two existing SAT-based methodologies for resubstitution, which are used for post-mapping logic optimisation. The first methodology combines SAT-based functional dependency checking and Craig interpolation that are also used for our carving interpolation; the second methodology is based on cube enumeration and is similar to the SAT-based SOP generation. The initial implementations of our novel SAT-based algorithms offer either better performance or new features, or both, compared to their state-of-the-art versions. As the results indicate, a further thorough development of SAT-based algorithms for logic synthesis, like the one performed for BDDs in the past, can help overcome existing limitations and keep up with growing designs and design complexity

Proceedings of Formal Methods in Computer Aided Design, FMCAD 2010

Table of Contents: Copyright -- Conference Organization -- Tutorials -- Dimensions in Program Synthesis / by Sumit Gulwani, Microsoft (p. 1) -- Verifying VIA Nano Microprocessor Components / by Warren Hunt, Centaur Technology (p. 3) -- Session 1. Invited Talk -- Embedded Systems Design - Scientific Challenges and Work Directions / by Joseph Sifakis, Verimag (p. 11) -- Session 2. Industrial Track - Case Studies -- Formal Verification of an ASIC Ethernet Switch Block / by B.A. Krishna and Anamaya Sullerey, Chelsio Communications; and Alok Jain, Cadence Design Systems (p. 13) -- Formal Verification of Arbiters using Property Strengthening and Underapproximations / by Gadiel Auerbach and Fady Copty, IBM Haifa; and Viresh Paruthi, IBM Systems & Technology Group (p. 21) -- SAT-Based Semiformal Verification of Hardware / by Sabih Agbaria, Dan Carmi, Orly Cohen, Dmitry Korchemny, Michael Lifshits, and Alexander Nadel, Intel (p. 25) -- DFT Logic Verification through Property Based Formal Methods - SOC to IP / by Lopamudra Sen, Amit Roy, Supriya Bhattacharjee, and Bijitendra Mittra, Interra Systems India; and Subir K. Roy, Texas Instruments India (p. 33) -- Session 3. Software Verification -- SLAM2: Static Driver Verification with Under 4% False Alarms / by Thomas Ball, Ella Bounimova, Rahul Kumar, and Vladimir Levin, Microsoft (p. 35) -- Precise Static Analysis of Untrusted Driver Binaries / by Johannes Kinder, Technische Universität Darmstadt; and Helmut Veith, Technische Universität Wien (p. 43) -- Verifying SystemC: A Software Model Checking Approach / by Alessandro Cimatti, Andrea Micheli, Iman Narasamdya, and Marco Roveri, FBK-irst (p. 51) -- Session 4. Decision Procedures -- Coping with Moore’s Law (and More): Supporting Arrays in State-of-the-Art Model Checkers / by Jason Baumgartner, Michael Case, and Hari Mony, IBM Systems & Technology Group (p. 61) -- CalCS: SMT Solving for Non-Linear Convex Constraints / by Pierluigi Nuzzo, Alberto Puggelli, Sanjit A. Seshia, and Alberto Sangiovanni-Vincentelli, University of California Berkeley (p. 71) -- Integrating ICP and LRA Solvers for Deciding Nonlinear Real Arithmetic Problems / by Sicun Gao, NEC Labs America and Carnegie Mellon University; Malay Ganai, NEC Labs America; Franjo Ivančić, NEC Labs America; Aarti Gupta, NEC Labs America; Sriram Sankaranarayanan, University of Colorado at Boulder; and Edmund M. Clarke, Carnegie Mellon University (p. 81) -- Session 5. Synthesis -- A Halting Algorithm to Determine the Existence of Decoder / by Sheng Yu Shen, Ying Qin, JianMin Zhang, and SiKun Li, National University of Defense Technology (p. 91) -- Synthesis for Regular Specifications over Unbounded Domains / by Jad Hamza, ENS Cachan; Barbara Jobstmann, CNRS/Verimag; and Viktor Kuncak, EPFL (p. 101) -- Automatic Inference of Memory Fences / by Michael Kuperstein, Technion; Martin Vechev, IBM Research; and Eran Yahav, IBM Research & Technion (p. 111) -- Session 6. Industrial Track -- Applying SMT in Symbolic Execution of Microcode / by Anders Franzén, FBK-irst and DISI-University of Trento; Alessandro Cimatti, FBK-irst; Alexander Nadel, Intel Israel; Roberto Sebastiani, DISI-University of Trento; and Jonathan Shalev, Intel Israel (p. 121) -- Automated Formal Verification of Processors Based on Architectural Models / by Ulrich Kühne, ENS Cachan; Sven Beyer, OneSpin Solutions; Jörg Bormann, Abstract RT Solutions; and John Barstow, Infineon Technologies (p. 129) -- Encoding Industrial Hardware Verification Problems into Effectively Propositional Logic / by Moshe Emmer and Zurab Khasidashvili, Intel Israel; Konstantin Korovin and Andrei Voronkov, University of Manchester (p. 137) -- Session 7. Hardware and Protocol Verification -- Combinatorial Techniques for Sequential Equivalence Checking / by Hamid Savoj and David Berthelot, Envis Corporation; Alan Mishchenko and Robert Brayton, University of California Berkeley (p. 145) -- Automatic Verification of Estimate Functions with Polynomials of Bounded Functions / by Jun Sawada, IBM Austin (p. 151) -- A Framework for Incremental Modelling and Verification of On-Chip Protocols / by Peter Böhm, Oxford University (p. 159) -- Modular Specification and Verification of Interprocess Communication / by Eyad Alkassar, Saarland University; Ernie Cohen and Mark Hillebrand, European Microsoft Innovation Center; and Hristo Pentchev, Saarland University (p. 167) -- Session 8. Invited Talk -- Large-Scale Application of Formal Verification from Fiction to Fact / by Viresh Paruthi, IBM Systems & Technology Group (p. 175) -- Session 9. Abstraction -- A Single-Instance Incremental SAT Formulation of Proof- and Counterexample-Based Abstraction / by Niklas Een and Alan Mishchenko, University of California Berkeley; and Nina Amla, Cadence Research Laboratory (p. 181) -- Predicate Abstraction with Adjustable-Block Encoding / by Dirk Beyer and M. Erkan Keremoglu, Simon Fraser University; and Philipp Wendler, University of Passau (p. 189) -- Modular Bug Detection with Inertial Refinement / by Nishant Sinha, NEC Research Labs (p. 199) -- Path Predicate Abstraction by Complete Interval Property Checking / by Joakim Urdahl, Dominik Stoffel, Jörg Bormann, Markus Wedler, and Wolfgang Kunz, University of Kaiserslautern (p. 207) -- Session 10. SAT and QBF -- Relieving Capacity Limits on FPGA-Based SAT-Solvers / by Leopold Haller, Oxford University; and Satnam Singh, Microsoft Research (p. 217) -- Boosting Minimal Unsatisfiable Core Extraction / by Alexander Nadel, Intel Israel (p. 221) -- Propelling SAT and SAT-Based BMC using Careset / by Malay K. Ganai, NEC Laboratories America (p. 231) -- Efficiently Solving Quantified Bit-Vector Formulas / by Christoph M. Wintersteiger, ETH Zurich; Youssef Hamadi, Microsoft Research; and Leonardo de Moura, Microsoft Research (p. 239) -- Session 11. Verification of Concurrent Systems -- Boosting Multi-Core Reachability Performance with Shared Hash Tables / by Alfons Laarman, Jaco van de Pol, Michael Weber, University of Twente (p. 247) -- Incremental Component-Based Construction and Verification using Invariants / by Saddek Bensalem and Marius Bozga, Verimag Laboratory; Axel Legay, INRIA/IRISA; Thanh-Hung Nguyen, Joseph Sifakis, and Rongjie Yan, Verimag Laboratory (p. 257) -- Verifying Shadow Page Table Algorithms / by Eyad Alkassar, Saarland University; Ernie Cohen and Mark Hillebrand, European Microsoft Innovation Center; Mikhail Kovalev and Wolfgang J. Paul, Saarland University (p. 267) -- Exhibition -- Impacting Verification Closure Using Formal Analysis / by Massimo Roselli (p. 271) -- Scalable and Precise Program Analysis at NEC / by Gogul Balakrishnan, Malay K. Ganai, Aarti Gupta, Franjo Ivančić, Vineet Kahlon, Weihong Li, Naoto Maeda, Nadia Papakonstantinou, Sriram Sankaranarayanan (University of Colorado at Boulder), Nishant Sinha, and Chao Wang, NEC Laboratories America (p. 273) -- Achieving Earlier Verification Closure Using Advanced Formal Verification / by Michael Siegel, OneSpin Solutions (p. 275) -- PINCETTE - Validating Changes and Upgrades in Networked Software / by Hana Chockler, IBM Israel (p. 277) -- Author Index20-23 October, 2010 in Lugano, Switzerlandhttp://www.cs.utexas.edu/users/hunt/FMCAD/Computer Science

Proceedings of Formal Methods in Computer Aided Design, FMCAD 2010

Table of Contents: Copyright -- Conference Organization -- Tutorials -- Dimensions in Program Synthesis / by Sumit Gulwani, Microsoft (p. 1) -- Verifying VIA Nano Microprocessor Components / by Warren Hunt, Centaur Technology (p. 3) -- Session 1. Invited Talk -- Embedded Systems Design - Scientific Challenges and Work Directions / by Joseph Sifakis, Verimag (p. 11) -- Session 2. Industrial Track - Case Studies -- Formal Verification of an ASIC Ethernet Switch Block / by B.A. Krishna and Anamaya Sullerey, Chelsio Communications; and Alok Jain, Cadence Design Systems (p. 13) -- Formal Verification of Arbiters using Property Strengthening and Underapproximations / by Gadiel Auerbach and Fady Copty, IBM Haifa; and Viresh Paruthi, IBM Systems & Technology Group (p. 21) -- SAT-Based Semiformal Verification of Hardware / by Sabih Agbaria, Dan Carmi, Orly Cohen, Dmitry Korchemny, Michael Lifshits, and Alexander Nadel, Intel (p. 25) -- DFT Logic Verification through Property Based Formal Methods - SOC to IP / by Lopamudra Sen, Amit Roy, Supriya Bhattacharjee, and Bijitendra Mittra, Interra Systems India; and Subir K. Roy, Texas Instruments India (p. 33) -- Session 3. Software Verification -- SLAM2: Static Driver Verification with Under 4% False Alarms / by Thomas Ball, Ella Bounimova, Rahul Kumar, and Vladimir Levin, Microsoft (p. 35) -- Precise Static Analysis of Untrusted Driver Binaries / by Johannes Kinder, Technische Universität Darmstadt; and Helmut Veith, Technische Universität Wien (p. 43) -- Verifying SystemC: A Software Model Checking Approach / by Alessandro Cimatti, Andrea Micheli, Iman Narasamdya, and Marco Roveri, FBK-irst (p. 51) -- Session 4. Decision Procedures -- Coping with Moore’s Law (and More): Supporting Arrays in State-of-the-Art Model Checkers / by Jason Baumgartner, Michael Case, and Hari Mony, IBM Systems & Technology Group (p. 61) -- CalCS: SMT Solving for Non-Linear Convex Constraints / by Pierluigi Nuzzo, Alberto Puggelli, Sanjit A. Seshia, and Alberto Sangiovanni-Vincentelli, University of California Berkeley (p. 71) -- Integrating ICP and LRA Solvers for Deciding Nonlinear Real Arithmetic Problems / by Sicun Gao, NEC Labs America and Carnegie Mellon University; Malay Ganai, NEC Labs America; Franjo Ivančić, NEC Labs America; Aarti Gupta, NEC Labs America; Sriram Sankaranarayanan, University of Colorado at Boulder; and Edmund M. Clarke, Carnegie Mellon University (p. 81) -- Session 5. Synthesis -- A Halting Algorithm to Determine the Existence of Decoder / by Sheng Yu Shen, Ying Qin, JianMin Zhang, and SiKun Li, National University of Defense Technology (p. 91) -- Synthesis for Regular Specifications over Unbounded Domains / by Jad Hamza, ENS Cachan; Barbara Jobstmann, CNRS/Verimag; and Viktor Kuncak, EPFL (p. 101) -- Automatic Inference of Memory Fences / by Michael Kuperstein, Technion; Martin Vechev, IBM Research; and Eran Yahav, IBM Research & Technion (p. 111) -- Session 6. Industrial Track -- Applying SMT in Symbolic Execution of Microcode / by Anders Franzén, FBK-irst and DISI-University of Trento; Alessandro Cimatti, FBK-irst; Alexander Nadel, Intel Israel; Roberto Sebastiani, DISI-University of Trento; and Jonathan Shalev, Intel Israel (p. 121) -- Automated Formal Verification of Processors Based on Architectural Models / by Ulrich Kühne, ENS Cachan; Sven Beyer, OneSpin Solutions; Jörg Bormann, Abstract RT Solutions; and John Barstow, Infineon Technologies (p. 129) -- Encoding Industrial Hardware Verification Problems into Effectively Propositional Logic / by Moshe Emmer and Zurab Khasidashvili, Intel Israel; Konstantin Korovin and Andrei Voronkov, University of Manchester (p. 137) -- Session 7. Hardware and Protocol Verification -- Combinatorial Techniques for Sequential Equivalence Checking / by Hamid Savoj and David Berthelot, Envis Corporation; Alan Mishchenko and Robert Brayton, University of California Berkeley (p. 145) -- Automatic Verification of Estimate Functions with Polynomials of Bounded Functions / by Jun Sawada, IBM Austin (p. 151) -- A Framework for Incremental Modelling and Verification of On-Chip Protocols / by Peter Böhm, Oxford University (p. 159) -- Modular Specification and Verification of Interprocess Communication / by Eyad Alkassar, Saarland University; Ernie Cohen and Mark Hillebrand, European Microsoft Innovation Center; and Hristo Pentchev, Saarland University (p. 167) -- Session 8. Invited Talk -- Large-Scale Application of Formal Verification from Fiction to Fact / by Viresh Paruthi, IBM Systems & Technology Group (p. 175) -- Session 9. Abstraction -- A Single-Instance Incremental SAT Formulation of Proof- and Counterexample-Based Abstraction / by Niklas Een and Alan Mishchenko, University of California Berkeley; and Nina Amla, Cadence Research Laboratory (p. 181) -- Predicate Abstraction with Adjustable-Block Encoding / by Dirk Beyer and M. Erkan Keremoglu, Simon Fraser University; and Philipp Wendler, University of Passau (p. 189) -- Modular Bug Detection with Inertial Refinement / by Nishant Sinha, NEC Research Labs (p. 199) -- Path Predicate Abstraction by Complete Interval Property Checking / by Joakim Urdahl, Dominik Stoffel, Jörg Bormann, Markus Wedler, and Wolfgang Kunz, University of Kaiserslautern (p. 207) -- Session 10. SAT and QBF -- Relieving Capacity Limits on FPGA-Based SAT-Solvers / by Leopold Haller, Oxford University; and Satnam Singh, Microsoft Research (p. 217) -- Boosting Minimal Unsatisfiable Core Extraction / by Alexander Nadel, Intel Israel (p. 221) -- Propelling SAT and SAT-Based BMC using Careset / by Malay K. Ganai, NEC Laboratories America (p. 231) -- Efficiently Solving Quantified Bit-Vector Formulas / by Christoph M. Wintersteiger, ETH Zurich; Youssef Hamadi, Microsoft Research; and Leonardo de Moura, Microsoft Research (p. 239) -- Session 11. Verification of Concurrent Systems -- Boosting Multi-Core Reachability Performance with Shared Hash Tables / by Alfons Laarman, Jaco van de Pol, Michael Weber, University of Twente (p. 247) -- Incremental Component-Based Construction and Verification using Invariants / by Saddek Bensalem and Marius Bozga, Verimag Laboratory; Axel Legay, INRIA/IRISA; Thanh-Hung Nguyen, Joseph Sifakis, and Rongjie Yan, Verimag Laboratory (p. 257) -- Verifying Shadow Page Table Algorithms / by Eyad Alkassar, Saarland University; Ernie Cohen and Mark Hillebrand, European Microsoft Innovation Center; Mikhail Kovalev and Wolfgang J. Paul, Saarland University (p. 267) -- Exhibition -- Impacting Verification Closure Using Formal Analysis / by Massimo Roselli (p. 271) -- Scalable and Precise Program Analysis at NEC / by Gogul Balakrishnan, Malay K. Ganai, Aarti Gupta, Franjo Ivančić, Vineet Kahlon, Weihong Li, Naoto Maeda, Nadia Papakonstantinou, Sriram Sankaranarayanan (University of Colorado at Boulder), Nishant Sinha, and Chao Wang, NEC Laboratories America (p. 273) -- Achieving Earlier Verification Closure Using Advanced Formal Verification / by Michael Siegel, OneSpin Solutions (p. 275) -- PINCETTE - Validating Changes and Upgrades in Networked Software / by Hana Chockler, IBM Israel (p. 277) -- Author Index20-23 October, 2010 in Lugano, Switzerlandhttp://www.cs.utexas.edu/users/hunt/FMCAD/Computer Science