Title: Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction
1Formal Verification of Synchronization Issues of
SpecC Description with Automatic Abstraction
- Thanyapat Sakunkonchak
- Masahiro Fujita
- Department of Electronics Engineering
- University of Tokyo
2Overview
- Introduction
- Verification Flows
- Example
- Summary Outlooks
3Synchronization in SpecC
Ambiguous results on y causing from x 10
/st1/ x 20 /st3/
y 20 (always)
4Synchronization in SpecC (cont.)
- TasTbs, TaeTbe
- TasltT1sltT1eltT2sltT2eltTas
- TbsltT3sltT3eltTbe
- T2eltT3s
5Difference Decision Diagrams (DDD)
- Introduce by MFller, et al.
- Symbolic representation of non-boolean, such as
inequality less efficient if using BDD - DDD represents difference constraints (x-yc),
x,y are integers, c is constant
Represents graph for (x-zlt1)?(x-y0)?(y-z2)
6Overview
- Introduction
- Verification Flows
- Example
- Summary Outlooks
7Verification Flows
- Goals
- Check whether given SpecC codes (with par,
notify/wait) are properly synchronized - If checking fails, counter-examples should be
generated (trace to source of errors) - Based on
- Boolean SpecC, DDD, SVC, Program Slicing, ...
8(No Transcript)
9Overview
- Introduction
- Verification Flows
- Example
- Summary Outlooks
10Example
barber
- barber finished cutting-gtcall customer
- barber no customer-gtwait
- customer barber wait-gthas hair cut
- customer chairs occupied-gtcome again
- customer a chair empty-gtwait
customer
empty chair
barber chair
11Example
behavior barber (inout event call,
inout bool chairOccupied,
inout int numCustomer) void main()
while(1) if (numCustomer 0)
DayDreaming() else if
(chairOccupied true)
KeepCutting() chairOccupied false
else notify call
chairOccupied true
behavior customer (inout event call,
inout bool chairOccupied,
inout int numCustomer) void main()
while(1) if (numCustomer 3)
GoBack() else numCustomer
if (chairOccupied false) wait
call numCustomer--
12Example (verify)
- SpecC gt boolean SpecC build
- Control Flow Graph (CFG)
- Verify with DDDs if result is satisfied,
terminate, else go to next step - Use CFG to find related path and use SVC to
verify boolean variables and find the conditions
imply infeasibility - Use those conditions and modify boolean SpecC
- Go to 2
13Example
behavior barber (inout event call,
inout bool chairOccupied,
inout int numCustomer) void main()
while(1) if (numCustomer 0)
DayDreaming() else if
(chairOccupied true)
KeepCutting() chairOccupied false
else notify call
chairOccupied true
behavior customer (inout event call,
inout bool chairOccupied,
inout int numCustomer) void main()
while(1) if (numCustomer 3)
GoBack() else numCustomer
if (chairOccupied false) wait
call numCustomer--
Build boolean SpecC CFG
14Example (abstract)
behavior barber () void main()
while(a0) if (a1) ... else
if (a2) ...
... else
notify call ...
behavior customer () void main()
while(b0) if (b1) ... else
... if (b2)
wait call ...
Verify with DDDs
15CFG Construction
Entry barber
while
numCustomer
chairOccupied
call
if numCustomer 0
if numCustomer ! 0
DayDreaming
if chairOccupied T
if chairOccupied F
KeepCutting
chairOccupied F
notify call
chairOccupied T
Control flow (CF)
Date flow (DF)
16CFG Construction
Entry customer
while
newCustomer
numCustomer
call
chairOccupied
numCustomer newCustomer
newCustomer rand() 1
if numCustomer 5
if numCustomer ! 5
numCustomer
if chairOccupied T
GoBack
wait call
Control flow (CF)
numCustomer--
Date flow (DF)
17Example (refine)
behavior barber () void main()
while(a0) if (a1) //numCustomer
0 ... else if (a2)
//chairOccupied true ...
!a2 //chairOccupied false
else notify call a2
//chairOccupied true
behavior customer () void main()
while(b0) if (b1) //numCustomer
3 ... else ...
//numCustomer if (b2)
//chairOccupied false wait call
... //numCustomer--
Check predicates for validity (SVC)
Verify with DDDs
18Example (verification)
- The synchronization of even call is satisfied
- User-defined assertions can be used to verify for
some properties, e.g. to see whether numCustomer
is more than 3 - The refinement process is not automatically done.
Some efforts from users are needed to browse over
CFG and find the locations
numCustomer if (numCustomer gt 3)
assert(F) if (chairOccupied false)
19Overview
- Introduction
- Verification Flows
- Example
- Summary Outlooks
20Summary Outlook
- The verification of synchronization issues of
SpecC is described - The automatic abstraction is proposed
- Up to the current implementation
- The refinement process is not fully automatic
(CFG cooperation needs to be manually done) - Cannot handle complex SpecC construct
21Summary Outlook (2)
- Future plans
- Make the abstraction refinement to be
automatically operated - Expand capability to support more complex SpecC
structure, e.g. loop, functions, recursive