André Sülflow

WoLFram- A Word Level Framework for Formal Verification

Due to high computational costs of formal verification on pure Boolean level, proof techniques on the word level, like Satisfiability Modulo Theories (SMT), were proposed. Verification methods originally based on Boolean satisfiability (SAT) can directly benefit from this progress. In this work we present the word level framework WoLFram that enables the development of applications for formal verification of systems independent of the underlying proof technique. The framework is partitioned into an application layer, a core engine and a back-end layer. A wide range of applications is implemented, e.g.~equivalence and property checking including algorithms for coverage/property analysis, debugging and robustness checking. The back-end supports Boolean as well as word level techniques, like SMT and Constraint Solving (CSP). This makes WoLFram a stable backbone for the development and quick evaluation of emerging verification techniques.

Increasing the accuracy of SAT-based debugging

Equivalence checking and property checking are powerful techniques to detect error traces. Debugging these traces is a time consuming design task where automation provides help. In particular, debugging based on Boolean Satisfiability (SAT) has been shown to be quite efficient. Given some error traces, the algorithm returns fault candidates. But using random error traces cannot ensure that a fault candidate is sufficient to explain all erroneous behaviors. Our approach provides a more accurate diagnosis by iterating the generation of counterexamples and debugging. This increases the accuracy of the debugging result and yields more valuable counterexamples. As a consequence less time consuming manual iterations between verification and debugging are required - thus the debugging productivity increases.

Computing bounds for fault tolerance using formal techniques

Continuously shrinking feature sizes result in an increasing susceptibility of circuits to transient faults, e.g. due to environmental radiation. Approaches to implement fault tolerance are known. But assessing the fault tolerance of a given circuit is a tough problem. Here, we propose the use of formal methods to assess the robustness of a digital circuit with respect to transient faults. Our formal model uses a fixed bound in time to cope with the complexity of the underlying sequential equivalence check. The result is a lower and an upper bound on the robustness. The underlying algorithm and techniques to improve the efficiency are presented. In experiments the method is evaluated on circuits with different fault detection mechanisms.

Automated Design Debugging in a Testbench-Based Verification Environment

Debugging is one of the major bottlenecks in the current VLSI design process as design size and complexity increase. Efficient automation of debugging procedures helps to reduce debugging time and to increase diagnosis accuracy. This work proposes an approach for automating the design debugging procedures by integrating SAT-based debugging with test bench based verification. The diagnosis accuracy increases by iterating debugging and counterexample generation, i.e., the total number of fault candidates decreases. The experimental results show that our approach is as accurate as exact formal debugging in 71% of the experiments.

Effective Robustness Analysis Using Bounded Model Checking Techniques

Continuously shrinking feature sizes result in an increasing susceptibility of circuits to transient faults, e.g., due to environmental radiation. Approaches to implement fault tolerance are known. But assessing the fault tolerance of a given implementation is a hard verification problem. Here, we propose the use of formal methods to assess the robustness of a digital circuit with respect to transient faults. Our formal model uses a fixed bound in time and exploits fault detection circuitry to cope with the complexity of the underlying sequential equivalence check. As a result, a lower and an upper bound on the robustness are returned together with vulnerable components. The underlying algorithm and techniques to improve the efficiency are presented. In experiments, we evaluate the method on circuits with different fault detection mechanisms.

Using QBF to increase accuracy of SAT-based debugging

Debugging significantly slows down the design process of complex systems. Only limited tool support is available and often fixing one problem leads to finding the next one. Here, we propose an approach that integrates formal verification with diagnosis. The approach is based on Quantified Boolean Formulas (QBF) and ensures, that counterexamples of high quality are returned. Moreover, the diagnosis algorithm only returns fault candidates that can fix all counterexamples. By this, the total number of fault candidates decreases and less iterations between verification and debugging are required.

Evaluation of Cardinality Constraints on SMT-Based Debugging

For formal verification of hardware Satisfiability Modulo Theory (SMT) solvers are increasingly applied. Todays state-of-the-art SMT solvers use different techniques like term-rewriting, abstraction, or bit-blasting. The performance does not only depend on the underlying decision problem but also on the encoding of the original problem into an SMT instance. In this work, encodings for cardinality constraints in SMT are investigated. Three different encodings are considered: an adder network, an encoding with multiplexors, and a newly proposed encoding with shifters. The encodings are analyzed with respect to size and complexity. The experimental evaluation on debugging instances that contain cardinality constraints shows the strong influence of the encoding on the resulting run-times.

Automatic Fault Localization for Programmable Logic Controllers

Programmable Logic Controllers (PLCs) are widely applied to control safety critical systems. Efficient formal and nonformal methods to detect faulty behavior have been developed, but finding the cause of the buggy behavior is often still a manual process. Automatic fault localization for PLCs is studied in this paper. Methods for automated debugging are analyzed and compared with respect to accuracy and run time. The experimental results on industrial models show a high accuracy at low run time costs.

FoREnSiC: an automatic debugging environment for C programs

We present FoREnSiC, an open source environment for automatic error detection, localization and correction in C programs. The framework implements different automated debugging methods in a unified way covering the whole design flow from ESL to RTL. Currently, a scalable simulation-based back-end, a back-end based on symbolic execution, and a formal back-end exploiting functional equivalences between a C program and a hardware design are available. FoREnSiC is designed as an extensible framework. Its infrastructure, including a powerful front-end and interfaces to logic problem solvers, can be reused for implementing new program analysis or debugging methods. In addition to the infrastructure, the back-ends, and a few experimental results, we present an illustrative application scenario that shows FoREnSiC in use.

Towards Unifying Localization and Explanation for Automated Debugging

Today, there exist powerful algorithms for automated debugging. Some of the debugging algorithms focus on fault localization while others try to explain the faulty behavior by providing, e.g., correct traces that are similar to a failure trace. SAT-based debugging locates faults, but does not explain the faulty behavior, e.g., some temporal properties of fault candidates are not fully explored. In this work, we study the resolution of SAT-based debugging with respect to its capability to locate faults and to explain faults. A strategy is presented that increases the diagnostic resolution of SAT-based debugging by combining fault localization and fault explanation in one algorithm. The experimental results confirm the strength of the approach and give directions for further research.