Skip to main content
SpringerLink
Log in

Embedded Software Verification Using Symbolic Execution and Uninterpreted Functions

  • Published:
International Journal of Parallel Programming Aims and scope Submit manuscript

Abstract

Symbolic simulation and uninterpreted functions have long been staple techniques for formal hardware verification. In recent years, we have adapted these techniques for the automatic, formal verification of low-level embedded software—specifically, checking the equivalence of different versions of assembly language programs. Our approach, though limited in scalability, has proven particularly promising for the intricate code optimizations and complex architectures typical of high-performance embedded software, such as for DSPs and VLIW processors. Indeed, one of our key findings was how easy it was to create or retarget our verification tools to different, even very complex, machines. The resulting tools automatically verified or found previously unknown bugs in several small sequences of industrial and published example code. This paper provides an introduction to these techniques and a review of our results.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. R. E. Bryant, A Methodology for Hardware Verification Based on Logic Simulation, J. ACM, 38(2):299–328 (April 1991).

  2. R. E. Bryant, Graph-Based Algorithms for Boolean Function Manipulation, IEEE Trans. Computers, C-35(8):677–691 (August 1986).

  3. R. E. Bryant, On the Complexity of VLSI Implementations and Graph Representations of Boolean Functions with Application to Integer Multiplication, IEEE Trans. Computers, 40(2):205–213 (February 1991).

  4. J. Joyce, G. Birtwistle, and M. Gordon, Proving a Computer Correct in Higher Order Logic, Technical Report UCAM-CL-TR-100, University of Cambridge Computer Laboratory (December 1986).

  5. J. R. Burch and D. L. Dill, Automatic Verification of Pipelined Microprocessor Control, Computer-Aided Verification: Sixth International Conference, Lecture Notes in Computer Science, Vol. 818, pp. 68–80, Springer (1994).

  6. D. Cyrluk and P. Narendran, Ground Temporal Logic: A Logic for Hardware Verification, Computer-Aided Verification: Sixth International Conference, Lecture Notes in Computer Science, Vol. 818, pp. 247–259, Springer (1994).

  7. R. E. Bryant, S. K. Lahiri, and S. A. Seshia, Modeling and Verifying Systems Using a Logic of Counter Arithmetic with Lambda Expressions and Uninterpreted Functions, Computer-Aided Verification: 14th International Conference, Lecture Notes in Computer Science, Vol. 2404, pp. 78–92, Springer (2002).

  8. W. Ackermann, Solvable Cases of the Decision Problem, North-Holland (1954).

  9. M. Davis and H. Putnam, A Computing Procedure for Quantification Theory, J. ACM, 7(3):201–215 (July 1960).

  10. M. Davis, G. Logemann, and D. Loveland, A Machine Program for Theorem Proving, Commun. ACM, 5(7):394–397 (July 1962).

  11. J. P. Marques Silva and K. A. Sakallah, GRASP—A New Search Algorithm for Satisfiability, International Conference on Computer-Aided Design, pp. 220–227, IEEE/ACM (1996).

  12. H. Zhang, SATO: An Efficient Propositional Prover, 14th Conference on Automated Deduction, Lecture Notes in Artificial Intelligence, Vol. 1249, pp. 272–275, Springer (1997).

  13. M. W. Moskewicz, C. F. Madigan, Y. Zhao, L. Zhang, and S. Malik, Chaff: Engineering an Efficient SAT Solver, 38th Design Automation Conference, pp. 530–535, ACM/IEEE (2001).

  14. Nelson G., Oppen D.C. (1980). Fast Decision Procedures Based on Congruence Closure. J. ACM 27(2):356–364

    Article  MATH  MathSciNet  Google Scholar 

  15. R. E. Bryant, S. German, and M. N. Velev, Exploiting Positive Equality in a Logic of Equality with Uninterpreted Functions, Computer-Aided Verification: 11th International Conference, Lecture Notes in Computer Science, Vol. 1633, pp. 470–482, Springer (1999).

  16. R. E. Shostak, Deciding Combinations of Theories, J. ACM, 31(1):1–12 (January 1984).

  17. D. Cyrluk, P. Lincoln, and N. Shankar, On Shostak’s Decision Procedure for Combinations of Theories, in M. A. McRobbie and J. K. Slaney (eds.), Automated Deduction—CADE-13, number 1104 in Lecture Notes in Artificial Intelligence, pp. 463–477, Springer-Verlag, New Brunswick, NJ (July/August 1996).

  18. C. Barrett, D. Dill, and J. Levitt, Validity Checking for Combinations of Theories with Equality, Formal Methods In Computer-Aided Design: First International Conference, Lecture Notes in Computer Science, Vol. 1166, pp. 187–201, Springer (1996), currently, software is available at http://chicory.stanford.edu/SVC.

  19. J.-C. Filliâtre, S. Owre, H. Rue  and N. Shankar, ICS: Integrated Canonizer and Solver, Computer-Aided Verification: 13th International Conference, Lecture Notes in Computer Science, Vol. 2102, pp. 246–249, Springer (2001).

  20. A. Stump, C. W. Barrett, and D. L. Dill, CVC: A Cooperating Validity Checker, Computer-Aided Verification: 14th International Conference, Lecture Notes in Computer Science, Vol. 2404, pp. 500–504, Springer (2002).

  21. D. Detlefs, G. Nelson, and J. B. Saxe, Simplify: A Theorem Prover for Program Checking , Technical Report HPL-2003-148, HP Labs (2003).

  22. C. Barrett and S. Berezin, CVC Lite: A New Implementation of the Cooperating Validity Checker, Computer-Aided Verification: 16th International Conference, Lecture Notes in Computer Science, Vol. 3114, pp. 515–518, Springer (2004).

  23. L. de Moura and H. Rue  An Experimental Evaluation of Ground Decision Procedures, Computer-Aided Verification: 16th International Conference, Lecture Notes in Computer Science, Vol. 3114, pp. 162–174, Springer (2004).

  24. C. Blank, H. Eveking, J. Levihn, and G. Ritter, Symbolic Simulation Techniques—State-of-the-Art and Applications, International Workshop on High-Level Design, Validation, and Test, pp. 45–50, IEEE (2001).

  25. D. W. Currie, A Tool for Formal Verification of DSP Assembly Language Programs, Master’s thesis, University of British Columbia (August 1999).

  26. D. W. Currie, A. J. Hu, S. Rajan, and M. Fujita, Automatic Formal Verification of DSP Software, 37th Design Automation Conference, pp. 130–135, ACM/IEEE (2000).

  27. A. Sudarsanam, S. Malik, S. Rajan, and M. Fujita, Development of a High-Quality Compiler for a Fujitsu Fixed-Point Digital Signal Processor, Proceedings of the Seventh International Workshop on Hardware/Software Codesign, pp. 2–7, ACM SIGDA, Rome (May 1999).

  28. X. Feng and A. J. Hu, Automatic Formal Verification for Scheduled VLIW Code, Joint Conference on Languages, Compilers, and Tools for Embedded Systems, and Software and Compilers for Embedded Systems, pp. 85–92, ACM SIGPLAN (2002).

  29. X. Feng, Automatic Formal Verification for Scheduled VLIW Code, Master’s thesis, University of British Columbia (August 2002).

  30. Texas Instruments, TMS320C6000 CPU and Instruction Set Reference Guide (October 2000), literature Number SPRU189F.

  31. W.-M. W. Hwu, R. E. Hank, D. M. Gallagher, S. A. Mahlke, D. M. Lavery, G. E. Haab, J. C. Gyllenhaal, and D. I. August, Compiler Technology for Future Microprocessors, Proc. IEEE, 83(12):1625–1640 (December 1995).

  32. R. Oshana, Optimization Techniques for High-Performance DSPs, Embedded Systems Programming (March 1999), we accessed the on-line article at http://www.embedded.com/1999/9903/9903osha.htm.

  33. M. S. Lam, Software Pipelining: An Effective Scheduling Technique for VLIW Machines, Conference on Programming Language Design and Implementation, pp. 318–328, ACM SIGPLAN (1988).

  34. B. Huber, private communication, 27 August 2002.

  35. T. Sukemura, FR500 VLIW-architecture High-Performance Embedded Microprocessor, Fujitsu Scientific Technical J., 36(1):31–38 (June 2000).

  36. T. Ball and S. K. Rajamani, The SLAM Toolkit, Computer-Aided Verification: 13th International Conference, number 2102 in Lecture Notes in Computer Science, pp. 260–264, Springer (2001).

  37. W. Visser, K. Havelund, G. Brat, S. Park, and F. Lerda, Model Checking Programs, Automated Software Engineering, 10(2):203–232 (April 2003).

  38. M. Musuvathi, D. Y. W. Park, A. Chou, D. R. Engler, and D. L. Dill, CMC: A Pragmatic Approach to Model Checking Real Code, Symposium on Operating Systems Design and Implementation, pp. 75–88, ACM SIGOPS (2002).

  39. E. Clarke, D. Kroening, and F. Lerda, A Tool for Checking ANSI-C Programs, Tools and Algorithms for the Construction and Analysis of Systems, Lecture Notes in Computer Science, Vol. 2988, pp. 168–176, Springer (2004).

  40. O. Thiry and L. Claesen, A formal verification technique for embedded software, IEEE International Conference on Computer Design, pp. 352–357, IEEE Computer Society Press, New York, USA (1996).

  41. Balakrishnan S., Tahar S. (1997). On the Formal Verification of Embedded Systems Using Multiway Decision Graphs, Technical Report TR-402, Concordia University, Montreal, Canada

    Google Scholar 

  42. K. Hamaguchi, H. Urushihara, and T. Kashiwabara, Symbolic Checking of Signal-Transition Consistency for Verifying High-Level Designs, Formal Methods in Computer-Aided Design: Third International Conference, Lecture Notes in Computer Science, Vol. 1954, pp. 455–469, Springer (2000).

  43. K. Hamaguchi, Symbolic Simulation Heuristics for High-Level Design Descriptions with Uninterpreted Functions, International Workshop on High-Level Design, Validation, and Test, pp. 25–30, IEEE (2001).

  44. G. C. Necula, Translation Validation for an Optimizing Compiler, Conference on Programming Language Design and Implementation, pp. 83–94, ACM SIGPLAN (2000).

  45. K. C. Shashidhar, M. Bruynooghe, F. Catthoor, and G. Janssens, Automatic Functional Verification of Memory Oriented Global Source Code Transformations, International Workshop on High-Level Design, Validation, and Test, pp. 31–36, IEEE (2003).

Download references

Author information

Authors and Affiliations

  1. Synopsys, Inc., Marlbaro, MA, USA

    David Currie

  2. Department of Computer Science, University of British Columbia, 2366 Main Mall, Vancouver, BC, V6T 1Z4, Canada

    Xiushan Feng & Alan J. Hu

  3. University of Tokyo, Tokyo, Japan

    Masahiro Fujita

  4. Stanford University, Stanford, CA, USA

    Mark Kwan

  5. Fujitsu Laboratories of America, Sunnyvale, CA, USA

    Sreeranga Rajan

Authors
  1. David Currie
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiushan Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Masahiro Fujita
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alan J. Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mark Kwan
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Sreeranga Rajan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alan J. Hu.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Currie, D., Feng, X., Fujita, M. et al. Embedded Software Verification Using Symbolic Execution and Uninterpreted Functions. Int J Parallel Prog 34, 61–91 (2006). https://doi.org/10.1007/s10766-005-0004-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10766-005-0004-8

Keywords

Search

Navigation