Aritra Hazra

Formal Verification of Architectural Power Intent

This paper presents a verification framework that attempts to bridge the disconnect between high-level properties capturing the architectural power management strategy and the implementation of the power management control logic using low-level per-domain control signals. The novelty of the proposed framework is in demonstrating that the architectural power intent properties developed using high-level artifacts can be automatically translated into properties over low-level control sequences gleaned from UPF specifications of power domains, and that the resulting properties can be used to formally verify the global on-chip power management logic. The proposed translation uses a considerable amount of domain knowledge and is also not purely syntactic, because it requires formal extraction of timing information for the low-level control sequences. We present a tool, called POWER-TRUCTOR which enables the proposed framework, and several test cases of significant complexity to demonstrate the feasibility of the proposed framework.

Leveraging UPF-extracted assertions for modeling and formal verification of architectural power intent

Recent research has indicated ways of using UPF specifications for extracting valid low-level control sequences to express the transitions between the power states of individual domains. Today there is a disconnect between the high-level architectural power management strategy which relates multiple power domains and these low-level assertions for controlling individual power domains. In this paper we attempt to bridge this disconnect by leveraging the low-level per-domain assertions for translating architectural power intent properties into global assertions over low-level signals. We show that the inter-domain properties created in this manner can be formally verified over the global power management logic.

Synthesis of sampling modes for adaptive control

Recent studies have shown that adaptively regulating the sampling rate results in significant reduction in the computational resources of embedded software based control. Selecting a uniform sampling rate for a control loop is robust, but pessimistic for sharing processors among multiple control loops. Fine-grained regulation of periodicity achieves better resource utilization, but is hard to implement online in a robust way. However, an offline control theoretic analysis of the system illustrates the benefits of proper period selection for different modes. Such analysis reveals the necessity to automatically derive a multi-mode scheduler and converge on suitable periods for each mode. This paper proposes a methodology to automatically generate such a scheduler for an embedded real-time control system leveraging its design attributes. The proposed method provides significant gains in computational efficiency without trading off the performance.

POWER-TRUCTOR: An Integrated Tool Flow for Formal Verification and Coverage of Architectural Power Intent

With the growing complexity and gradually shrinking power requirements in the system-on-chip designs, sophisticated global power management policies (which orchestrate the switching between power states of multiple power domains) are commonplace. Recent research has paved some novel ways to verify the sophisticated on-chip architectural power management decisions and analyze the verification coverage. However, one of the primary challenges in verifying such power management architectures stems from the mixed implementation of such strategies, where the local power controllers are in hardware and the global power management is implemented in software/firmware. There has been lack of effort to build a unified and automated framework for power intent verification and coverage analysis for generic power management logics. This paper tries to develop an end-to-end automated framework enabled by a tool named POWER-TRUCTOR for power intent validation.

Formal Methods for Early Analysis of Functional Reliability in Component-Based Embedded Applications

We present formal methods for determining whether a set of components with given reliability certificates for specific functional properties are adequate to guarantee desired end-to-end properties with specified reliability requirements. We introduce a formal notion for the reliability gap in component-based designs and demonstrate the proposed approach for analyzing this gap using a case study developed around an Elevator Control System.

Cohesive Coverage Management for Simulation and Formal Property Verification

Relating formal verification coverage and simulation coverage is a challenge in pre-silicon validation. In this paper we propose the use of a test plan language as a formal basis for unifying the coverage goals for simulation and formal property verification. We present methods for computing the coverage of test points individually through simulation and formal property verification and for using the coverage due to one to ease the verification effort on the other. We demonstrate the efficiency of our approach through a study of the ARM AMBA pre-silicon verification plan.

Reliability Guarantees in Automata-Based Scheduling for Embedded Control Software

Automata-based scheduling is a recent technique for online scheduling of software control components in embedded systems. This letter studies one important aspect of automata-based scheduling that has not been studied in the past, namely resilience to faults. The goal of the proposed technique is to create an automaton that recommends the scheduling patterns that are admissible with respect to control performance requirements, when the state of the system has been mutated by faults. The problem has been formulated as a game between the scheduler and the (possibly faulty) system, where a winning strategy of the scheduler prevents the system from reaching bad states forever. We present a method for analyzing the structure of the game and extracting an automaton that captures the winning strategies of the scheduler, namely the automaton to be used for automata-based scheduling.

XFC: A Framework for eXploitable Fault Characterization in Block Ciphers

Fault attacks recover secret keys by exploiting faults injected during the execution of a block cipher. However, not all faults are exploitable and every exploitable fault is associated with an offline complexity to determine the key. The ideal fault attack would recover maximum key bits with minimum offine effort. Finding the ideal fault attack for a block cipher is a laborious manual task, which can take several months to years before such an attack is discovered. In this paper, we present a framework that would analyze block ciphers for their vulnerabilities to faults and automatically predict whether a differential fault attack would be successful. The framework, which we call XFC, uses colors to analyze the fault propagation and exploitability in the cipher. XFC would be able to (a) predict the key bits that can be derived by the fault attack and (b) estimate the offline complexity. It can thus be used to identify the ideal fault attack for a block cipher. As a proof of concept, we have applied XFC to the block ciphers AES, CLEFIA and SMS4 and were able to automatically derive fault attacks that correspond to the best known till date in the single fault model.

Formal assessment of reliability specifications in embedded cyber-physical systems

Reliability has become an integral component of the design intent of embedded cyber-physical systems. Safety-critical embedded systems are designed with specific reliability targets, and design practices include the appropriate allocation of both spatial and temporal redundancies in the implementation to meet such requirements. With increasing complexity of such systems and considering the large number of components in such systems, redundancy allocation requires a formal scientific basis. In this work, we profess the analysis of the redundancy requirement upfront with the objective of making it an integral part of the specification. The underlying problem is one of synthesizing a formal specification with built-in redundancy artifacts, from the formal properties of the error-free system, the error probabilities of the control components, and the reliability target. We believe that upfront formal analysis of redundancy requirements is important in budgeting the resource requirements from a cost versus reliability perspective. Several case-studies from the automotive domain highlight the efficacy of our proposal.

Formal methods for coverage analysis of architectural power states in power-managed designs

The architectural power intent of a design defines the intended global power states of a power-managed integrated circuit. Verification of the implementation of power management logic involves the task of checking whether only the intended power states are reached. Typically, the number of global power states reachable by the global power management strategy is significantly lesser than the possible number of global power states. In this paper, we present a formal method for determining the set of reachable global power states in a power-managed design. Our approach demonstrates how this task can be further constrained as required by the verification engineer. We highlight the efficacy of the proposed methods over several test-cases.