Automatic Generation of Compact Formal Properties for Effective Error Detection

Several approaches exist in literature for automatic extrac- tion of model behaviours represented in the form of formal properties. Some of them rely on static analysis of the source code, others dynamically mine specifications by analysing simulation traces. In both cases, most of them work at bit level and generate properties in the form of combinational or temporal relationships among Boolean expressions. Such techniques are suited only for gate-level or RTL HW mod- els. There are also approaches working on system-level de- scriptions and SW programs, but they generate properties to express only the sequential ordering of communication function calls and events, while the functional part of the implementation is ignored.To fill in the gap, this paper presents a dynamic method- ology that works on gate-level, RTL and system-level HW descriptions as well as embedded SW, independently from the design model and the abstraction level. The generated properties are in the form of temporal relationships among arithmetic and logic expressions involving traditional HW description language data types (i.e., bit and logic vectors) as well as data types typically adopted in system-level mod- els and SW programs (i.e., integer, double and string). A ranking function is also defined to classify the mined proper- ties according to their capability of capturing meaningful de- sign behaviours. Experimental results have shown that the approach allows generating compact properties really useful to effectively detect errors in the design implementation

System-level functional and extra-functional characterization of SoCs through assertion mining

Virtual prototyping is today an essential technology for modeling, verification, and re-design of full HW/SW platforms. This allows a fast prototyping of platforms with a higher and higher complexity, which precludes traditional verification approaches based on the static analysis of the source code. Consequently, several technologies based on the analysis of simulation traces have proposed to efficiently validate the entire system from both the functional and extra-functional point of view. From the functional point of view, different approaches based on invariant and assertion mining have been proposed in literature to validate the functionality of a system under verification (SUV). Dynamic mining of invariants is a class of approaches to extract logic formulas with the purpose of expressing stable conditions in the behavior of the SUV. The mined formulas represent likely invariants for the SUV, which certainly hold on the considered traces. A large set of representative execution traces must be analyzed to increase the probability that mined invariants are generally true. However, this is extremely time-consuming for current sequential approaches when long execution traces and large set of SUV's variables are considered. Dynamic mining of assertions is instead a class of approaches to extract temporal logic formulas with the purpose of expressing temporal relations among the variables of a SUV. However, in most cases, existing tools can only mine assertions compliant with a limited set of pre-defined templates. Furthermore, they tend to generate a huge amount of assertions, while they still lack an effective way to measure their coverage in terms of design behaviors. Moreover, the security vulnerability of a firmware running on a HW/SW platforms is becoming ever more critical in the functional verification of a SUV. Current approaches in literature focus only on raising an error as soon as an assertion monitoring the SUV fails. No approach was proposed to investigate the issue that this set of assertions could be incomplete and that different, unusual behaviors could remain not investigated. From the extra-functional point of view of a SUV, several approaches based on power state machines (PSMs) have been proposed for modeling and simulating the power consumption of an IP at system-level. However, while they focus on the use of PSMs as the underlying formalism for implementing dynamic power management techniques of a SoC, they generally do not deal with the basic problem of how to generate a PSM. In this context, the thesis aims at exploiting dynamic assertion mining to improve the current approaches for the characterization of functional and extra-functional properties of a SoC with the final goal of providing an efficient and effective system-level virtual prototyping environment. In detail, the presented methodologies focus on: efficient extraction of invariants from execution traces by exploiting GP-GPU architectures; extraction of human-readable temporal assertions by combining user-defined assertion templates, data mining and coverage analysis; generation of assertions pinpointing the unlike execution paths of a firmware to guide the analysis of the security vulnerabilities of a SoC; and last but not least, automatic generation of PSMs for the extra-functional characterization of the SoC