Rich Counter-Examples for Temporal-Epistemic Logic Model Checking

Model checking verifies that a model of a system satisfies a given property, and otherwise produces a counter-example explaining the violation. The verified properties are formally expressed in temporal logics. Some temporal logics, such as CTL, are branching: they allow to express facts about the whole computation tree of the model, rather than on each single linear computation. This branching aspect is even more critical when dealing with multi-modal logics, i.e. logics expressing facts about systems with several transition relations. A prominent example is CTLK, a logic that reasons about temporal and epistemic properties of multi-agent systems. In general, model checkers produce linear counter-examples for failed properties, composed of a single computation path of the model. But some branching properties are only poorly and partially explained by a linear counter-example. This paper proposes richer counter-example structures called tree-like annotated counter-examples (TLACEs), for properties in Action-Restricted CTL (ARCTL), an extension of CTL quantifying paths restricted in terms of actions labeling transitions of the model. These counter-examples have a branching structure that supports more complete description of property violations. Elements of these counter-examples are annotated with parts of the property to give a better understanding of their structure. Visualization and browsing of these richer counter-examples become a critical issue, as the number of branches and states can grow exponentially for deeply-nested properties. This paper formally defines the structure of TLACEs, characterizes adequate counter-examples w.r.t. models and failed properties, and gives a generation algorithm for ARCTL properties. It also illustrates the approach with examples in CTLK, using a reduction of CTLK to ARCTL. The proposed approach has been implemented, first by extending the NuSMV model checker to generate and export branching counter-examples, secondly by providing an interactive graphical interface to visualize and browse them.Comment: In Proceedings IWIGP 2012, arXiv:1202.422

Formal Requirements Elicitation with FRET

FRET is a tool for writing, understanding, formalizing and analyzing requirements. Users write requirements in an intuitive, restricted natural language, called FRETISH, with precise, unambiguous meaning. For a FRETISH requirement, FRET: 1) produces natural language and diagrammatic explanations of its exact meaning, 2) formalizes the requirement in logics, and 3) supports interactive simulation of produced logic formulas to ensure that they capture user intentions. FRET connects to analysis tools by facilitating the mapping between requirements and models/code, and by generating verification code. FRET is available open source at https://github.com/NASA-SW-VnV/fret; a video can be accessed at : https://tinyurl.com/fretForREFSQ

Evaluation of wide-area distributed services by SDN-FIT system

A wide area distributed application is affected by network failure due to natural disasters because the servers on which the application operates are distributed geographically in a wide area. Failure Injection Testing (FIT) is a method for verifying fault tolerance of widely distributed applications. In this paper, by limiting network failures to the connection line, whole FIT scenarios are generated and exhaustive evaluation of fault tolerance is performed. Authors evaluate the visualization method of performance data obtained from this evaluation and the reduction of the fault tolerance evaluation cost by the proposed method

High-level verification flow for a high-level synthesis-based digital logic design

Abstract. High-level synthesis (HLS) is a method for generating register-transfer level (RTL) hardware description of digital logic designs from high-level languages, such as C/C++/SystemC or MATLAB. The performance and productivity benefits of HLS stem from the untimed, high abstraction level input languages. Another advantage is that the design and verification can focus on the features and high-level architecture, instead of the low-level implementation details. The goal of this thesis was to define and implement a high-level verification (HLV) flow for an HLS design written in C++. The HLV flow takes advantage of the performance and productivity of C++ as opposed to hardware description languages (HDL) and minimises the required RTL verification work. The HLV flow was implemented in the case study of the thesis. The HLS design was verified in a C++ verification environment, and Catapult Coverage was used for pre-HLS coverage closure. Post-HLS verification and coverage closure were done in Universal Verification Methodology (UVM) environment. C++ tests used in the pre-HLS coverage closure were reimplemented in UVM, to get a high initial RTL coverage without manual RTL code analysis. The pre-HLS C++ design was implemented as a predictor into the UVM testbench to verify the equivalence of C++ versus RTL and to speed up post-HLS coverage closure. Results of the case study show that the HLV flow is feasible to implement in practice. The flow shows significant performance and productivity gains of verification in the C++ domain when compared to UVM. The UVM implementation of a somewhat incomplete set of pre-HLS tests and formal exclusions resulted in an initial post-HLS coverage of 96.90%. The C++ predictor implementation was a valuable tool in post-HLS coverage closure. A total of four weeks of coverage work in pre- and post-HLS phases was required to reach 99% RTL coverage. The total time does not include the time required to build both C++ and UVM verification environments.Korkean tason verifiointivuo korkean tason synteesiin perustuvalle digitaalilogiikkasuunnitelmalle. Tiivistelmä. Korkean tason synteesi (HLS) on menetelmä, jolla generoidaan rekisterisiirtotason (RTL) laitteistokuvausta digitaalisille logiikkasuunnitelmille käyttäen korkean tason ohjelmointikieliä, kuten C-pohjaisia kieliä tai MATLAB:ia. HLS:n suorituskykyyn ja tuottavuuteen liittyvät hyödyt perustuvat ohjelmointikielien tarjoamaan korkeampaan abstraktiotasoon. HLS:ää käyttäen suunnittelu- ja varmennustyö voi keskittyä ominaisuuksiin ja korkean tason arkkitehtuuriin matalan tason yksityiskohtien sijaan. Tämän diplomityön tavoite oli määritellä ja implementoida korkean tason verifiointivuo (HLV-vuo) C++:lla kirjoitetulle HLS-suunnitelmalle. HLV-vuo hyödyntää ohjelmointikielien tarjoamaa suorituskykyä ja korkeampaa abstraktion tasoa kovonkuvauskielien sijaan ja siten minimoi RTL:n varmennukseen vaadittavaa työtä. HLV vuo implementoitiin tapaustutkimuksessa. HLS-suunnitelma varmennettiin C++ -verifiointiympäristössä, ja Catapult Coveragea käytettiin kattavuuden analysointiin. RTL-kattavuutta mitattiin universaalilla verifiointimetodologialla (UVM) tehdyssä ympäristössä. C++ varmennuksessa käytetyt testivektorit implementoitiin uudelleen UVM-ympäristössä, jotta RTL-kattavuuden lähtötaso olisi korkea ilman manuaalista RTL-analyysiä. C++-suunnitelma implementoitiin prediktorina (referenssimallina) UVM-testipenkkiin koodikattavuuden parantamiseksi. Tapaustutkimuksen tulokset osoittavat, että määritelty HLV-vuo on toteutettavissa käytännössä. Vuota käyttämällä saavutetaan merkittäviä suorituskyky- ja tuottavuusetuja C++ -testiympäristössä verrattuna UVM-ympäristöön. 90.60% koodikattavuuden saavuttavien C++ testivektoreiden uudelleenimplementoiti UVM-ympäristössä tuotti 96.90% RTL-kattavuuden. C++-predictorin implementointi oli merkittävä työkalu RTL-kattavuustavoitteen saavuttamisessa

High-Level verification methodology for UVMF-based C++ reference model testbench implementation

Abstract. This thesis was completed for Nokia and in cooperation with Siemens EDA. In this thesis a UVM Predictor component, which wraps a C++ reference model, was generated with UVM Framework (UVMF) and implemented. The Predictor was generated and implemented to Universal Verification Methodology (UVM) testbench that had HLS generated Design Under Test (DUT). First, the UVMF generated Predictor was implemented for the UVM testbench with a small HLS-generated design to learn the verification flow. After the first trial run, the UVMF-generated Predictor was implemented into an existing UVM testbench with a bigger subsystem as a DUT. The subsystem contained two manually written RTLs and one HLS-generated RTL. First, this thesis presents the UVM theory and the UVM technologies that are used in the thesis work. The third chapter introduces code coverage, different coverage metrics, and the coverage metrics used in this thesis. After theory, practical work is presented. Chapter four explains the devices under test, UVM components, testbench connections with a UVM Predictor, Predictor generation, functionality testing, and simulation. Measured coverage metrics, tools, and technologies are also presented. Finally, coverage results from thesis work with testing strategies are presented. The results of coverage closure are discussed in chapter 6, and the thesis is summarized in chapter 7. Applying a UVMF-generated Predictor to the UVM testbench for verification flow showed promising results for obtaining a faster verification process as well as produced the possibility of using various versatile verification techniques with the Predictor, such as stimulus generation with constrained random (CR).Korkeatason verifiointi metodologian testipenkki-implementaatio UVM Framework pohjautuvalla C++ referenssi mallilla. Tiivistelmä. Tämä diplomityö on tehty Nokialle yhteistyössä Siemens EDA:n kanssa. Tässä diplomityössä UVM Framework työkalulla generoitiin ja toteutettiin UVM-prediktori komponentti, joka sisältää C++ referenssimallin. Generoitu prediktori integroitiin universaalin varmennusmenetelmän testipenkkiin, joka sisälsi HLS:llä luodun testattavan suunnitelman. Ensiksi UVMF:llä generoitu prediktori implementoitiin UVM-testipenkkiin pienellä HLS generoidulla alilohkolla, jotta verifiointivuo saatiin opeteltua. Ensimmäisen testivedoksen jälkeen, UVMF generoitu prediktori implementoitiin olemassa olevaan UVM-testipenkkiin, jossa varmennettavan suunnitelmana oli suurempi osajärjestelmä. Osajärjestelmä sisälsi kolme alilohkoa, joista kaksi oli manuaalisesti kirjoitettua RTL:ää ja yksi HLS generoitu RTL. Ensiksi tässä työssä käydään läpi UVM:n teoriaa, sekä käytettävät UVM teknologiat, joita sovelletaan diplomityössä. Kolmas kappale esittelee koodin kattavuutta ja erilaisia kattavuus parametreja. Teoriaosuuden jälkeen esitellään käytännön työn asiat. Kappale 4 esittelee varmennettavat suunnitelmat, UVM komponentit, testipenkkikytkennät prediktorin kanssa, sekä prediktorin generoinnin, testauksen ja simuloinnin. Myös työssä mitattavat kattavuusparametrit, sekä käytettävät työkalut ja teknologiat esitellään. Lopuksi esitellään diplomityössä saavutetut kattavuustulokset, sekä suunnitelmien varmennusstrategiat. Diplomityössä saavutetut tulokset käydään läpi seuraavassa kappaleessa, minkä jälkeen kappaleessa 7 tiivistetään koko diplomityö. UVMF generoidun prediktorin ottaminen mukaan osaksi UVM testipenkin verifiointivuota antoi lupaavia tuloksia verifiointiprosessin nopeuttamiseksi, ja mahdollisuuden käyttää erilaisia monipuolisia verifiointitekniikoita kuten testiherätteiden luontia rajoitetun satunnaisuuden menetelmällä

Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach

The adoption of blockchain-based distributed computation platforms is growing fast. Some of these platforms, such as Ethereum, provide support for implementing smart contracts, which are envisioned to have novel applications in a broad range of areas, including finance and Internet-of-Things. However, a significant number of smart contracts deployed in practice suffer from security vulnerabilities, which enable malicious users to steal assets from a contract or to cause damage. Vulnerabilities present a serious issue since contracts may handle financial assets of considerable value, and contract bugs are non-fixable by design. To help developers create more secure smart contracts, we introduce FSolidM, a framework rooted in rigorous semantics for designing con- tracts as Finite State Machines (FSM). We present a tool for creating FSM on an easy-to-use graphical interface and for automatically generating Ethereum contracts. Further, we introduce a set of design patterns, which we implement as plugins that developers can easily add to their contracts to enhance security and functionality

A visual inspector for Boogie programs

Design-by-Contract is an approach that allows a program- mer to specify the expected behavior of a component by means of pre- conditions, postconditions and invariants. These annotations (or logical assertions that complement the code) can be seen as a form of enriched software documentation and they can be used to verify that a program is correct with respect to its contracts. Boogie is an intermediate verification language that is being used by more and more software verification tools as a target language. Actually, sev- eral annotation languages are nowadays translated to Boogie language. Despite of its efficiency and popularity, Boogie, that is also a program verifier, does not contain visual information for the user. So, understand- ing how it works is a difficult task. In this paper, we will discuss a visual tool that we developed to help in comprehending Boogie programs.Fundação para a Ciência e a Tecnologia (FCT

Declarative Process Mining on the Cloud

Antud magistritöö annab ülevaate deklaratiivse keele ja deklaratiivse protsessikaeve algoritmide kohta. Sellele järgneb deklaratiivse protsessikaeve tarvis kasutatavate vahendite kirjeldus. Töö tagab eelnevalt käsitletud vahendite kättesaadavust pilvplatvormil ning tutvustab kaks uut vahendit, mis pakuvad sündmuse seirevõimekust ja deklaratiivse mudeli suulise esitluse genereerimist. Kõik kirjeldatud protsessikaeve vahendid on rakendatud kimpudena pilvplatvormil RuM. Samuti on kirjeldatud uus kasutajaliides ja vahendite funktsioonid. Töö hindamisosas olid esitatud pilvel olevad kaevevahendid ja otsesündmuste seirevahendi võimed.This thesis provides an overview of the Declare language and declarative process mining algorithms, followed by the description of currently available tools for a declarative process mining. This thesis provides the availability of all the discussed tools on a cloud platform and introduces two new tools. One provides the event monitoring capabilities and and the other one generates a verbal representation of a Declare model. All the described process mining tools are implemented as bundles of the cloud platform RuM. Afterwards, the new user interface and functionalities of the tools are described. The evaluation part of the thesis presents, the mining tools on the cloud and the capabilities of the live event monitoring tool