combining model checking and testing in a continuous hw
play

Combining Model Checking and Testing in a Continuous HW/SW - PowerPoint PPT Presentation

Feb 08, 2023 •502 likes •748 views

Combining Model Checking and Testing in a Continuous HW/SW Co-Verification Process Paula Herber, Florian Friedemann, and Sabine Glesner Berlin Institute of Technology Software Engineering for Embedded Systems Group TAP - Tests and Proofs

  1. Combining Model Checking and Testing in a Continuous HW/SW Co-Verification Process Paula Herber, Florian Friedemann, and Sabine Glesner Berlin Institute of Technology Software Engineering for Embedded Systems Group TAP - Tests and Proofs Zurich, July 2009

  2. SystemC and Uppaal Model Checking Test Generation Results Conclusions Motivation HW/SW Co-Design • modeling and simulation with system level design languages • stepwise refinement from abstract design to implementation • SystemC • designs are executable on different abstraction levels • validation and verification by co-simulation Problems � impossible to cover all possible input scenarios ( incomplete ) � � consistency between abstraction levels hard to ensure � � limited degree of automatization ( manual evaluation ) � TAP 2009 - Paula Herber 2/18

  3. SystemC and Uppaal Model Checking Test Generation Results Conclusions Motivation HW/SW Co-Design • modeling and simulation with system level design languages • stepwise refinement from abstract design to implementation • SystemC • designs are executable on different abstraction levels • validation and verification by co-simulation Problems � impossible to cover all possible input scenarios ( incomplete ) � � consistency between abstraction levels hard to ensure � � limited degree of automatization ( manual evaluation ) � How can we assure quality in a more systematic way? TAP 2009 - Paula Herber 2/18

  4. SystemC and Uppaal Model Checking Test Generation Results Conclusions Continuous HW/SW Co-Verification Approach 1 verify requirements on abstract design via model checking 2 generate conformance tests for each refined design Requirements Specification R Abstract Model satisfied conformance Design Checking not satisfied S relation conformance evaluation Test Refined Conformance Specification TS Design I Testing yes no TAP 2009 - Paula Herber 3/18

  5. SystemC and Uppaal Model Checking Test Generation Results Conclusions Continuous HW/SW Co-Verification Approach 1 verify requirements on abstract design via model checking 2 generate conformance tests for each refined design Requirements Specification R Abstract Model satisfied conformance Design S Checking not satisfied relation conformance evaluation Test Refined Conformance Specification TS Design I Testing yes no � but : semantics of SystemC is only informally defined � ➠ map SystemC to Uppaal timed automata [CODES+ISSS 2008] ➠ use the ❯♣♣❛❛❧ model to generate conformance tests! TAP 2009 - Paula Herber 3/18

  6. SystemC and Uppaal Model Checking Test Generation Results Conclusions 1 SystemC and Uppaal 2 Model Checking of SystemC Designs 3 Conformance Test Generation 4 Experimental Results 5 Conclusions TAP 2009 - Paula Herber 4/18

  7. SystemC and Uppaal Model Checking Test Generation Results Conclusions SystemC • introduced by the Open SystemC Initiative (OSCI) 1999 • semantics is (informally) defined in IEEE Std. 1666-2005 SystemC as system level design language • description of both hardware and software on different levels of abstraction • extends C ++ by concurrency, time, hardware data types, reactivity, hierarchy, and abstract communication SystemC as framework for HW/SW co-simulation • light-weight simulation kernel executes SystemC designs in a discrete-event simulation TAP 2009 - Paula Herber 5/18

  8. SystemC and Uppaal Model Checking Test Generation Results Conclusions Uppaal • modeling, simulation, and verification of timed automata • jointly developed by the Universities of Upp sala and Aal borg Timed automata • finite-state machines extended by clock variables • clock constraints model time-dependent behavior • Networks of timed automata model concurrent processes Extensions in Uppaal • parameterized timed automata templates x <= maxtime request? • data variables with bounded domains x = 0 ack! x >= mintime • binary and broadcast channels • urgent and committed locations value = f(t) TAP 2009 - Paula Herber 6/18

  9. SystemC and Uppaal Model Checking Test Generation Results Conclusions 1 SystemC and Uppaal 2 Model Checking of SystemC Designs 3 Conformance Test Generation 4 Experimental Results 5 Conclusions TAP 2009 - Paula Herber 7/18

  10. SystemC and Uppaal Model Checking Test Generation Results Conclusions Model Checking of SystemC Designs [Herber, Fellmuth, Glesner, CODES+ISSS 2008] 1 transform SystemC designs into Uppaal timed automata 2 use the Uppaal model checker to prove safety, liveness, and timing properties Requirements Specification (temporal properties) Abstract Transformation Uppaal satisfied Uppaal SystemC Tool Model Model not satisfied Checker Design (STATE) TAP 2009 - Paula Herber 8/18

  11. SystemC and Uppaal Model Checking Test Generation Results Conclusions HW/SW Co-Verification Framework Requirements Specification (temporal properties) Abstract Transformation Uppaal satisfied Uppaal SystemC Tool Model Model not satisfied Checker Design (STATE) manual Conformance Coverage refinement Criteria Test Generation Refined SystemC Test Bench SystemC Design Test Benches Executor or Implementation yes/no/inconclusive TAP 2009 - Paula Herber 9/18

  12. SystemC and Uppaal Model Checking Test Generation Results Conclusions 1 SystemC and Uppaal 2 Model Checking of SystemC Designs 3 Conformance Test Generation 4 Experimental Results 5 Conclusions TAP 2009 - Paula Herber 10/18

  13. SystemC and Uppaal Model Checking Test Generation Results Conclusions Test Model • embedded systems interact closely with their environment • simulation requires generation of inputs and consumption of outputs, this is provided by • a test bench in SystemC • an explicit environment or test model in Uppaal SystemC test bench translation to Uppaal 1 input generator: → test automaton  test provides an input trace  model 2 output monitor: → generic tester  accepts all possible outputs TAP 2009 - Paula Herber 11/18

  14. SystemC and Uppaal Model Checking Test Generation Results Conclusions Conformance Test Generation Goal: • compute all possible outputs of a given Uppaal model Approach: test model • execute test model inputs abstract test generic system together with abstract outputs model automaton tester system model manual conformance conformance refinement relation test generation • record traces in the test bench refined inputs generic tester model outputs test checker or impl. • construct a checker automaton automaton automaton from that TAP 2009 - Paula Herber 12/18

  15. SystemC and Uppaal Model Checking Test Generation Results Conclusions Conformance Test Generation Goal: • compute all possible outputs of a given Uppaal model Approach: test model • execute test model inputs abstract test generic system together with abstract outputs model automaton tester system model manual conformance conformance refinement relation test generation • record traces in the test bench refined inputs generic tester model outputs test checker or impl. • construct a checker automaton automaton automaton from that ➠ requires symbolic execution of the Uppaal model TAP 2009 - Paula Herber 12/18

  16. SystemC and Uppaal Model Checking Test Generation Results Conclusions Symbolic Execution Symbolic Semantics of Uppaal: • uses clock zones to abstract from time points • symbolic state: location vector, clock zone, variable valuations Symbolic Execution: 1 start with the initial symbolic state 2 compute all possible symbolic successor states Challenge: • compute outputs offline for non-deterministic specifications ➠ restrict to finite input traces ➠ identify and aggregate semantically equivalent symbolic states ➠ limit the number of internal computation steps TAP 2009 - Paula Herber 13/18

  17. SystemC and Uppaal Model Checking Test Generation Results Conclusions Checker Automaton • result of symbolic execution: all possible output traces Construction of a checker automaton 1 merge end nodes into a pass node 2 mark nodes with inconclusive if computation step limit exceeded 3 each unexpected trace leads to the test verdict fail init fail inconclusive pass TAP 2009 - Paula Herber 14/18

  18. SystemC and Uppaal Model Checking Test Generation Results Conclusions Checker Automaton • result of symbolic execution: all possible output traces Construction of a checker automaton 1 merge end nodes into a pass node 2 mark nodes with inconclusive if computation step limit exceeded 3 each unexpected trace leads to the test verdict fail init fail inconclusive pass ➠ from checker automata, SystemC test benches for automatic conformance evaluation can be generated automatically ( tbd ) TAP 2009 - Paula Herber 14/18

  19. SystemC and Uppaal Model Checking Test Generation Results Conclusions 1 SystemC and Uppaal 2 Model Checking of SystemC Designs 3 Conformance Test Generation 4 Experimental Results 5 Conclusions TAP 2009 - Paula Herber 15/18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and Verification Group RWTH Aachen University associated to University of Twente, Formal Methods and Tools Lecture at Quantitative Model Checking School, March

638 views • 45 slides
Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and Verification Group RWTH Aachen University associated to University of Twente, Formal Methods and Tools Lecture at Quantitative Model Checking School, March

672 views • 66 slides
Combining Partial Order Reduction with Bounded Model Checking CPA 2009 Jos e Vander Meulen

Combining Partial Order Reduction with Bounded Model Checking CPA 2009 Jos e Vander Meulen

Combining Partial Order Reduction with Bounded Model Checking CPA 2009 Jos e Vander Meulen and Charles Pecheur UC Louvain p. 1 A Concurrent System Set of asynchronous and interacting processes Producer 1 Consumer 1 Producer 2

510 views • 22 slides
Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking Checking Checking for Timed Automata Timed Automata Coll C l C ll b llabora orators: t ors: Peter Bulychev, Alexandre David Axel Legay, Marius

725 views • 59 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Continuous Verification of Large Embedded Software using SMT-Based Bounded Model Checking Lucas

Continuous Verification of Large Embedded Software using SMT-Based Bounded Model Checking Lucas

Continuous Verification of Large Embedded Software using SMT-Based Bounded Model Checking Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva lcc08r@ecs.soton.ac.uk

639 views • 37 slides
Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and Verification Group RWTH Aachen University associated to University of Twente, Formal Methods and Tools Lecture at MOVEP Summerschool, July 1, 2010 c

1.69k views • 137 slides
Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model checking historically not the first symbolic model checking approach scales better than original BDD based techniques mostly incomplete in

521 views • 28 slides
CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms for ( U ) Counter Examples and witnesses Symbolic Model Checking (Thursday) Binary Decision Trees

740 views • 40 slides
Random Testing and Model Checking: Building a Common Framework for Nondeterministic Exploration

Random Testing and Model Checking: Building a Common Framework for Nondeterministic Exploration

Random Testing and Model Checking: Building a Common Framework for Nondeterministic Exploration Jet Propulsion Laboratory, California Institute of Technology Alex Groce and Rajeev Joshi WODA 2008 July 21, 2008 1 Background &amp;

562 views • 32 slides
Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of

Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of

Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of compiling one into the other? Both have very different models of time How do they compare? We have seen two widely used temporal logics Relative

510 views • 10 slides
Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL Other interesting books: Model Checking by Clarke, Grumberg, and Peled Principles of Model Checking by Baier and Katoen 3 Course

636 views • 11 slides
How Time Variability of Testing the Model Current Map with 8 . . . Testing the Model . . .

How Time Variability of Testing the Model Current Map with 8 . . . Testing the Model . . .

How Temperatures . . . A Model (cont-d) Model: Final Formulas How Time Variability of Testing the Model Current Map with 8 . . . Testing the Model . . . Temperature Depends on a Testing the Model: . . . Testing the Model: . . . Spatial

493 views • 9 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

628 views • 34 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

301 views • 8 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

777 views • 31 slides
Some experiences with alien plant mapping in Slovenia Mario Lenik Faculty of Agriculture and

Some experiences with alien plant mapping in Slovenia Mario Lenik Faculty of Agriculture and

Some experiences with alien plant mapping in Slovenia Mario Lenik Faculty of Agriculture and Life Sciences University of Maribor, Slovenia Mapping is one of the middle steps in process of ivasive plant management Both types of activities

729 views • 47 slides
Domain Precinct Urban Renewal Initiatives Paul Little Planning &amp; Property Partners Pty Ltd

Domain Precinct Urban Renewal Initiatives Paul Little Planning &amp; Property Partners Pty Ltd

Domain Precinct Urban Renewal Initiatives Paul Little Planning &amp; Property Partners Pty Ltd Metro Tunnel Completed by 2025 Cranbourne, Pakenham and Sunbury lines exclusively through new tunnel (out of Cityloop) New high

468 views • 24 slides
Sylvia Earle An American marine biologist, explorer, explorer, author, and lecturer Who is she?

Sylvia Earle An American marine biologist, explorer, explorer, author, and lecturer Who is she?

Sylvia Earle An American marine biologist, explorer, explorer, author, and lecturer Who is she? Since 1988 Dr. Sylvia Alice Earle has been a National Geographic explorer-in-residence. Earle was the first female chief scientist of the U.S

203 views • 8 slides
National Autonomous of Nicaragua Len UNAN - Len NICARAGUA 130, 000 km2 5.9 million

National Autonomous of Nicaragua Len UNAN - Len NICARAGUA 130, 000 km2 5.9 million

National Autonomous of Nicaragua Len UNAN - Len NICARAGUA 130, 000 km2 5.9 million in habitants 1.0 million in the USA and Costa Rica GDP per capita U$ 1,140 Young people over the age of hihger Education 800,000

943 views • 31 slides
America is focused on and passionate about giving every Scout the opportunity to experience the

America is focused on and passionate about giving every Scout the opportunity to experience the

MISSION STATEMENT The Pacific Harbors Council of the Boy Scouts of America is focused on and passionate about giving every Scout the opportunity to experience the full potential of the Scouting movement. In doing so, every Scout has the

318 views • 14 slides
2017-19 Budget Development Information POP &amp; Program Priorities Oregon Fish and Wildlife

2017-19 Budget Development Information POP &amp; Program Priorities Oregon Fish and Wildlife

2017-19 Budget Development Information POP &amp; Program Priorities Oregon Fish and Wildlife Commission May 13, 2016 Oregon Department of Fish and Wildlife 1 17-19 Budget Development Current Service Level Calculated using current

688 views • 43 slides
BUCK DRIVE MASTER PLAN &amp; ZONING MAP AMENDMENT Project Request Request to amend the

BUCK DRIVE MASTER PLAN &amp; ZONING MAP AMENDMENT Project Request Request to amend the

Joint Planning Commission Meeting BUCK DRIVE MASTER PLAN &amp; ZONING MAP AMENDMENT Project Request Request to amend the Reno-Stead Corridor Joint Plan A Master Plan Amendment from Medium Density Suburban/Suburban Residential (1-3

446 views • 10 slides
Preparing for Your Transfer Summer Orientation Experience Welcome to Cal State Fullerton Day 2015

Preparing for Your Transfer Summer Orientation Experience Welcome to Cal State Fullerton Day 2015

Preparing for TSO 4/16/2015 Preparing for Your Transfer Summer Orientation Experience Welcome to Cal State Fullerton Day 2015 April 11 th , 2015 Ashley Mendoza Assistant Coordinator, New Student Programs Ove rvie w o f T ra nsfe r Orie nta

526 views • 8 slides

More recommend