176 research outputs found
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Recommended from our members
HDL slicing for verification and test
textThe semiconductor industry has been increasingly relying on computer-aided design (CAD) tools in order to meet its demand for high performance and stringent time-to-market requirements. However, practical application of state-of-the-art CAD tools is severely limited by the sheer size of the design sizes. Therefore,
an appropriate methodology that exploits the inherent modular structure within the
complex designs, is desired. This dissertation proposes such a methodology that
is useful with a variety of CAD tools in design verification and manufacturing test
generation.
Functional test generation using sequential automatic test pattern generation
(ATPG) tools is extremely computation intensive and produces acceptable results
only on relatively small designs. Therefore, hierarchical approaches are necessary
to reduce the ATPG complexity. A promising approach was previously proposed
in which individual modules in a design are targeted one at a time, using an ad-hoc
abstraction for the reminder of the design derived from its register-transfer level (RTL) model. Based on this approach, an elegant and a systematic approach based
on “program slicing”, that allows it to be scalable for large designs, is developed.
The theoretical basis for applying program slicing on hardware description languages (HDLs) is established, and a tool called FACTOR has been implemented to
automate the approach for test generation and testability analysis.
Design verification requires exploring the complete design space to ensure
the correctness of the design. A proof-by-contradiction approach called bounded
model checking (BMC) has been proposed, which utilizes satisfiability (SAT) capabilities to find counterexamples for temporal properties within a specified number of
time steps. The proposed scheme harnesses the power of sequential-ATPG tools to
use structural information of a hardware design, to perform BMC more efficiently.
This approach has been further augmented by the HDL slicing methodology for test
generation, to accelerate the verification methodology.
Symbolic simulation uses symbols rather than actual values for simulating
a hardware design, so that the responses to a class of values can be computed and
checked for correctness in a single run. The effectiveness of this approach has been
incorporated into a powerful verification methodology, called symbolic trajectory
evaluation (STE), to verify properties of bounded state sequences, intermixed with
properties of invariant behavior. Assertions are described in a limited form of temporal logic and are symbolically validated against the design under verification. The
HDL slicing tool, FACTOR, has been appropriately applied to speed up the verification of the floating point adder-subtractor unit of the Pentium 4 design in Intel’s
Forte verification framework.Electrical and Computer Engineerin
Recommended from our members
Scalable algorithms for software based self test using formal methods
textTransistor scaling has kept up with Moore's law with a doubling of the number of transistors on a chip. More logic on a chip means more opportunities for manufacturing defects to slip in. This, in turn, has made processor testing after manufacturing a significant challenge. At-speed functional testing, being completely non-intrusive, has been seen as the ideal way of testing chips. However for processor testing, generating instruction level tests for covering all faults is a challenge given the issue of scalability. Data-path faults are relatively easier to control and observe compared to control-path faults. In this research we present a novel method to generate instruction level tests for hard to detect control-path faults in a processor. We initially map the gate level stuck-at fault to the Register Transfer Level (RTL) and build an equivalent faulty RTL model. The fault activation and propagation constraints are captured using Control and Data Flow Graphs of the RTL as a Liner Temporal Logic (LTL) property. This LTL property is then negated and given to a Bounded Model Checker based on a Bit-Vector Satisfiability Module Theories (SMT) solver. From the counter-example to the property we can extract a sequence of instructions that activates the gate level fault and propagates the fault effect to one of the observable points in the design. Other than the user supplying instruction constraints, this approach is completely automatic and does not require any manual intervention. Not all the design behaviors are required to generate a test for a fault. We use this insight to scale our previous methodology further. Underapproximations are design abstractions that only capture a subset of the original design behaviors. The use of RTL for test generation affords us two types of under-approximations: bit-width reduction and operator approximation. These are abstractions that perform reductions based on semantics of the RTL design. We also explore structural reductions of the RTL, called path based search, where we search through error propagation paths incrementally. This approach increases the size of the test generation problem step by step. In this way the SMT solver searches through the state space piecewise rather than doing the entire search at once. Experimental results show that our methods are robust and scalable for generating functional tests for hard to detect faults.Electrical and Computer Engineerin
VeriSFQ - A Semi-formal Verification Framework and Benchmark for Single Flux Quantum Technology
In this paper, we propose a semi-formal verification framework for
single-flux quantum (SFQ) circuits called VeriSFQ, using the Universal
Verification Methodology (UVM) standard. The considered SFQ technology is
superconducting digital electronic devices that operate at cryogenic
temperatures with active circuit elements called the Josephson junction, which
operate at high switching speeds and low switching energy - allowing SFQ
circuits to operate at frequencies over 300 gigahertz. Due to key differences
between SFQ and CMOS logic, verification techniques for the former are not as
advanced as the latter. Thus, it is crucial to develop efficient verification
techniques as the complexity of SFQ circuits scales. The VeriSFQ framework
focuses on verifying the key circuit and gate-level properties of SFQ logic:
fanout, gate-level pipeline, path balancing, and input-to-output latency. The
combinational circuits considered in analyzing the performance of VeriSFQ are:
Kogge-Stone adders (KSA), array multipliers, integer dividers, and select
ISCAS'85 combinational benchmark circuits. Methods of introducing bugs into SFQ
circuit designs for verification detection were experimented with - including
stuck-at faults, fanout errors, unbalanced paths, and functional bugs like
incorrect logic gates. In addition, we propose an SFQ verification benchmark
consisting of combinational SFQ circuits that exemplify SFQ logic properties
and present the performance of the VeriSFQ framework on these benchmark
circuits. The portability and reusability of the UVM standard allows the
VeriSFQ framework to serve as a foundation for future SFQ semi-formal
verification techniques.Comment: 7 pages, 6 figures, 4 tables; submitted, accepted, and presented at
ISQED 2019 (20th International Symposium on Quality Electronic Design) on
March 7th, 2019 in Santa Clara, CA, US
Quality and Quantity in Robustness-Checking Using Formal Techniques
Fault tolerance is one of the main challenges for future technology scaling to tolerate transient faults. Various techniques at design level are available to catch and handle transient faults, e.g., Triple Modular Redundancy. An important but missing step is to verify the implementation of those techniques since the implementation might be buggy itself. The thesis is focusing on formally verifying digital circuits with respect to fault-tolerant aspects. It considers transient faults and basically checks whether these faults can influence the output behavior of sequential circuits for any kind of scenarios. As a result the designer is pin-pointed directly to critical parts of the design and gets a prove about the absence of faulty behavior for non-critical parts. The focus of the verification is completeness with respect to the analysis. Three issues need to be adequately addressed: 1) cover all input stimuli, 2) all possible transient faults, and, 3) all possibly exponential long (wrt. to number of state bits) propagation paths. All three issues are addressed in different engines. A tool called RobuCheck has been implemented and evaluated on different academic benchmarks from ITC'99 and industrial benchmarks from IBM
Test Generation Based on CLP
Functional ATPGs based on simulation are fast,
but generally, they are unable to cover corner cases, and
they cannot prove untestability. On the contrary, functional
ATPGs exploiting formal methods, being exhaustive,
cover corner cases, but they tend to suffer of the state
explosion problem when adopted for verifying large designs.
In this context, we have defined a functional ATPG
that relies on the joint use of pseudo-deterministic simulation
and Constraint Logic Programming (CLP), to
generate high-quality test sequences for solving complex
problems. Thus, the advantages of both simulation-based
and static-based verification techniques are preserved, while
their respective drawbacks are limited. In particular, CLP,
a form of constraint programming in which logic programming
is extended to include concepts from constraint satisfaction,
is well-suited to be jointly used with simulation. In
fact, information learned during design exploration by simulation
can be effectively exploited for guiding the search of
a CLP solver towards DUV areas not covered yet. The test
generation procedure relies on constraint logic programming
(CLP) techniques in different phases of the test generation
procedure.
The ATPG framework is composed of three functional
ATPG engines working on three different models of the
same DUV: the hardware description language (HDL)
model of the DUV, a set of concurrent EFSMs extracted
from the HDL description, and a set of logic constraints
modeling the EFSMs. The EFSM paradigm has been selected
since it allows a compact representation of the DUV
state space that limits the state explosion problem typical
of more traditional FSMs. The first engine is randombased,
the second is transition-oriented, while the last is
fault-oriented.
The test generation is guided by means of transition coverage and fault coverage. In particular, 100% transition
coverage is desired as a necessary condition for fault
detection, while the bit coverage functional fault model
is used to evaluate the effectiveness of the generated test
patterns by measuring the related fault coverage.
A random engine is first used to explore the DUV state
space by performing a simulation-based random walk. This
allows us to quickly fire easy-to-traverse (ETT) transitions
and, consequently, to quickly cover easy-to-detect (ETD)
faults. However, the majority of hard-to-traverse (HTT)
transitions remain, generally, uncovered.
Thus, a transition-oriented engine is applied to
cover the remaining HTT transitions by exploiting a
learning/backjumping-based strategy.
The ATPG works on a special kind of EFSM, called
SSEFSM, whose transitions present the most uniformly
distributed probability of being activated and can be effectively
integrated to CLP, since it allows the ATPG to invoke
the constraint solver when moving between EFSM states.
A constraint logic programming-based (CLP) strategy is
adopted to deterministically generate test vectors that satisfy
the guard of the EFSM transitions selected to be traversed. Given a transition of the SSEFSM, the solver
is required to generate opportune values for PIs that enable
the SSEFSM to move across such a transition.
Moreover, backjumping, also known as nonchronological
backtracking, is a special kind of backtracking
strategy which rollbacks from an unsuccessful
situation directly to the cause of the failure. Thus,
the transition-oriented engine deterministically backjumps
to the source of failure when a transition, whose guard
depends on previously set registers, cannot be traversed.
Next it modifies the EFSM configuration to satisfy the
condition on registers and successfully comes back to the
target state to activate the transition.
The transition-oriented engine generally allows us to
achieve 100% transition coverage. However, 100% transition
coverage does not guarantee to explore all DUV corner
cases, thus some hard-to-detect (HTD) faults can escape
detection preventing the achievement of 100% fault coverage.
Therefore, the CLP-based fault-oriented engine is finally
applied to focus on the remaining HTD faults.
The CLP solver is used to deterministically search for
sequences that propagate the HTD faults observed, but not
detected, by the random and the transition-oriented engine.
The fault-oriented engine needs a CLP-based representation
of the DUV, and some searching functions to generate
test sequences. The CLP-based representation is automatically
derived from the S2EFSM models according to the
defined rules, which follow the syntax of the ECLiPSe CLP
solver. This is not a trivial task, since modeling the
evolution in time of an EFSM by using logic constraints
is really different with respect to model the same behavior
by means of a traditional HW description language. At
first, the concept of time steps is introduced, required to
model the SSEFSM evolution through the time via CLP.
Then, this study deals with modeling of logical variables
and constraints to represent enabling functions and update
functions of the SSEFSM.
Formal tools that exhaustively search for a solution frequently
run out of resources when the state space to be analyzed
is too large. The same happens for the CLP solver,
when it is asked to find a propagation sequence on large sequential
designs. Therefore we have defined a set of strategies
that allow to prune the search space and to manage the
complexity problem for the solver
UA2TPG: An untestability analyzer and test pattern generator for SEUs in the configuration memory of SRAM-based FPGAs
This paper presents UA2TPG, a static analysis tool for the untestability proof and automatic test pattern generation for SEUs in the configuration memory of SRAM-based FPGA systems. The tool is based on the model-checking verification technique. An accurate fault model for both logic components and routing structures is adopted. Experimental results show that many circuits have a significant number of untestable faults, and their detection enables more efficient test pattern generation and on-line testing. The tool is mainly intended to support on-line testing of critical components in FPGA fault-tolerant systems
- …