Model Checking on Higher-Level Design Descriptions

This chapter presents a model checking with abstraction method that mainly checks synchronization properties for concurrent processes. Synchronization properties are very important for ensuring that the concurrent computations, which are essential for HW/SW co-designs or high-level designs in general, are performed in the way that designers intend. By using synchronization verification methods for system-level designs, designers can make sure the behaviors on concurrent processes are within the behaviors that they intend. In the case of synchronization verification, the timing constraints can be formulated with equalities/inequalities that can be solved by integer linear programming (ILP) tools. This approach, along with abstractions of the design descriptions, can potentially deal with very large design descriptions, since no state traversals are required for the verification. The verification presented consists of two steps. First, the reachability of an error state in the absence of timing constraints is computed. Then, if a path to an error state exists, its feasibility is checked by using the ILP solver to evaluate the timing constraints along the path. This approach can drastically increase the size of the designs that can be verified. Abstraction and abstraction refinement techniques based on the Counterexample-Guided Abstraction Refinement (CEGAR) paradigm are applied so that entire synchronization verification processes can be automated. Methods to refine abstractions are presented with experimental results.

[1]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[2]  Daniel Kroening,et al.  Verification of SpecC using predicate abstraction , 2004, Proceedings. Second ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2004. MEMOCODE '04..

[3]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1988, SIGP.

[4]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[5]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[6]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[7]  Thomas W. Reps,et al.  Precise Interprocedural Dataflow Analysis with Applications to Constant Propagation , 1995, TAPSOFT.

[8]  Daniel Kroening,et al.  Predicate Abstraction of ANSI-C Programs Using SAT , 2004, Formal Methods Syst. Des..

[9]  Masahiro Fujita,et al.  Verification of Synchronization in SpecC Description with the Use of Difference Decision Diagrams , 2003, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[10]  Hiroshi Nakamura,et al.  The standard SpecC language , 2001, International Symposium on System Synthesis (IEEE Cat. No.01EX526).

[11]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[12]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[13]  Masahiro Fujita,et al.  Synchronization verification in system-level design with ILP solvers , 2005 .

[14]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[15]  Daniel Kroening,et al.  Hardware verification using ANSI-C programs as a reference , 2003, ASP-DAC '03.

[16]  Sriram K. Rajamani,et al.  Boolean Programs: A Model and Process for Software Analysis , 2000 .