Vladimir Herdt

• University of Bremen

In this paper, we propose a Virtual Prototype (VP) driven verification methodology for Hardware (HW) peripherals. In particular, we combine two approaches that complement each other and use the VP as a readily available reference model: We use (A) Coverage-Guided Fuzzing (CGF) which enables comprehensive verification at the unit-level of the Regist...

IoT devices offer insufficient protections against exploitation of critical programming errors (such as buffer overflows) it is therefore paramount to sufficiently test IoT software before deployment. A central source of these errors are implementations of stateful network protocols used in the IoT (e.g. MQTT-SN). Unfortunately, comprehensive autom...

In diesem Kapitel wird ein quelloffener RISC-V virtueller Prototyp (VP) vorgestellt, der in SystemC TLM (Transaction Level Modeling) implementiert ist und das Ziel verfolgt, das RISC-V-Ökosystem zu erweitern. Der VP bietet einen 32/64-Bit-RISC-V-Kern mit einem wesentlichen Satz von Peripheriegeräten und Unterstützung für Multi-Core-Simulationen. Da...

In diesem Kapitel werden neuartige formale Verifikationsmethoden vorgestellt, die auf SystemC-basierte Entwürfe zugeschnitten sind, um den Verifikationsfluss von virtuellen Prototypen (VPs) zu verbessern. Formale Verifikationsmethoden können die Korrektheit eines SystemC-Entwurfs in Bezug auf eine Reihe von Eigenschaften beweisen. Die formale Verif...

Neben einem korrekten Funktionsverhalten ist eine hohe Leistung in Kombination mit einem geringen Stromverbrauch eine wichtige Anforderung für viele eingebettete Systeme. Power-Management-Strategien (PM) können einen großen Beitrag zur allgemeinen Energieeinsparung leisten, indem sie ungenutzte Komponenten in einen stromsparenden Zustand versetzen...

In den letzten Jahren hat die Komplexität von eingebetteten Geräten stetig zugenommen, wobei verschiedene gegensätzliche Anforderungen bestehen. Einerseits müssen IoT-Geräte intelligente Funktionen mit hoher Leistung bieten, einschließlich Echtzeit-Rechenleistung, Konnektivität und Fernzugriff, sowie Sicherheit und hohe Zuverlässigkeit. Gleichzeiti...

In diesem Kapitel werden effiziente, auf virtuellen Prototypen (VP) basierende Ansätze für die Verifikation von Software (SW) vorgestellt. Sie verbessern den bestehenden VP-basierten SW-Verifikationsablauf durch die Integration stärkerer Überdeckungsmetriken und die Bereitstellung automatischer Testfallgenerierungstechniken sowie die Nutzung formal...

In diesem Kapitel werden zwei Ansätze vorgestellt, die eine Korrespondenzanalyse zwischen TLM (Transaction Level Modeling) und RTL (Register-Transfer Level) durchführen, um die auf verschiedenen Abstraktionsebenen verfügbaren Informationen zu nutzen. Der erste Ansatz ermöglicht eine automatisierte TLM-zu-RTL-Eigenschaftsverfeinerung. Er ermöglicht...

Dieses Kapitel bietet Hintergrundinformationen zu relevanten und allgemeinen Themen für dieses Buch. Zunächst wird SystemC TLM (Transaction Level Modeling) vorgestellt, die Sprache der Wahl zur Erstellung von virtuellen Prototypen (VPs). Dann werden die Hauptkonzepte der RISC-V-Befehlssatzarchitektur (ISA) beschrieben. RISC-V wird in mehreren Evalu...

In diesem Kapitel werden fortgeschrittene abdeckungsorientierte Testverfahren vorgestellt, die auf Testfallgenerierung und Simulation beruhen, um formale Verifikationsmethoden zu ergänzen, die immer noch anfällig für eine Explosion des Zustandsraums sein können. Im Vergleich zum bestehenden simulationsbasierten Verifikationsablauf werden in diesem...

Concolic testing is a software testing technique which improves the scalability of symbolic execution by allowing efficient concretization of symbolic expressions. Concretization converts a symbolic expression to a concrete value, e.g. when the constraints of a symbolic expression become too complex for the utilized solver to handle. Unfortunately,...

Automatically generating test inputs for input handling routines which implement highly structured input formats is challenging. Existing input generation approaches (e.g. fuzzing) address this problem by requiring verification engineers to create input specifications based on which new inputs are generated. However, depending on the input format,...

RISC-V is a modern Instruction Set Architecture (ISA) that, by its open nature in combination with a clean and modular design, has enormous potential to become a game changer in the Internet of Things (IoT) era. Recently, SystemC-based Virtual Prototypes (VPs) have been introduced into the RISC-V ecosystem to lay the foundation for advanced industr...

Constrained Internet of Things (IoT) devices with limited computing resource are increasingly employed in security critical areas. Therefore, it is important for the firmware of these devices to be tested sufficiently. On non-constrained conventional devices, dynamic testing techniques (e.g. fuzzing, symbolic execution, or concolic testing) are suc...

Virtual prototypes (VPs) are crucial in today’s design flow. VPs are predominantly created in SystemC transaction-level modeling (TLM) and are leveraged for early software development and other system-level use cases. Recently, virtual prototyping has been introduced for the emerging RISC-V instruction set architecture (ISA) and become an important...

Recently, the critical compliance testing (CT) problem for reduced instruction set computer (RISC)-V has received significant attention. However, control and status registers (CSRs), which form the backbone of the RISC-V privileged architecture specification, have been mostly neglected in the CT effort so far. In this letter, we first analyze the R...

Recently, Virtual Prototypes (VPs) were introduced for the emerging RISC-V Instruction Set Architecture (ISA) and become an important part of the growing RISC-V ecosystem. A central component of the VP is the Instruction Set Simulator (ISS). VPs should provide a high simulation performance and at the same time yield accurate results, which are two...

This chapter presents two approaches that perform a correspondence analysis between TLM (Transaction Level Modeling) and RTL (Register-Transfer Level) to utilize information available at different levels of abstraction. The first approach enables an automated TLM-to-RTL property refinement. It enables to transform high-level TLM properties into RTL...

This chapter presents an open-source RISC-V Virtual Prototype (VP) implemented in SystemC TLM (Transaction Level Modeling) with the goal of expanding the RISC-V ecosystem. The VP provides a 32/64 bit RISC-V core with an essential set of peripherals and support for multi-core simulations. In addition, the VP also provides SW debug (through the Eclip...

In the last years the complexity of embedded devices has been increasing steadily with various conflicting requirements. On the one hand, IoT devices need to provide smart functions with a high performance including real-time computing capabilities, connectivity, and remote access as well as safety, security, and high reliability. At the same time...

This chapter presents efficient Virtual Prototype (VP) based approaches for Software (SW) verification. They improve the existing VP-based SW verification flow by integrating stronger coverage metrics and providing automated test-case generation techniques as well as leverage formal methods. Ensuring correct functional behavior is very important to...

This chapter presents novel formal verification methods tailored for SystemC-based designs to improve the Virtual Prototype (VP) verification flow. Formal verification methods can prove the correctness of a SystemC design with respect to a set of properties. However, formal verification of SystemC designs is very challenging as it has to consider a...

This chapter provides background information on relevant and common topics for this book. First, it introduces SystemC TLM (Transaction Level Modeling), which is the language of choice to create Virtual Prototypes (VPs). Then, the main concepts of the RISC-V Instruction Set Architecture (ISA) are described. RISC-V is used in several evaluations and...

This chapter presents advanced coverage-guided testing techniques that rely on test-case generation and simulation to complement formal verification methods, which may still be susceptible to state space explosion. Compared to the existing simulation-based verification flow this chapter investigates stronger coverage metrics as well as advanced aut...

Besides correct functional behavior, a high performance in combination with low-power consumption is a key requirement for many embedded systems. Power management (PM) strategies can contribute a great deal to the overall power saving by putting unused components into low-power states and waking them up properly in an intelligent manner. Due to its...

This book presents a comprehensive set of techniques that enhance all key aspects of a modern Virtual Prototype (VP)-based design flow. The authors emphasize automated formal verification methods, as well as advanced coverage-guided analysis and testing techniques, tailored for SystemC-based VPs and also the associated Software (SW). Coverage also...

These days, robotic agents are finding their way into the personal environment of many people. With robotic vacuum cleaners commercially available already, comprehensive cognition-enabled agents assisting around the house autonomously are a highly relevant research topic. To execute these kinds of tasks in constantly changing environments, complex...

We present RVX, a tool for concolic testing of embedded binaries targeting RISC-V platforms with peripherals. RVX integrates the Concolic Testing Engine (CTE) with an Instruction Set Simulator (ISS) supporting the RISC-V RV32IMC Instruction Set Architecture (ISA). Further, RVX provides a designated CTE-interface for additional extensions. It is an...

Internet-of-Things (IoT) opens a new world of possibilities for both personal and industrial applications. At the heart of an IoT device, the processor is the core component. Hence, as an open and free instruction set architecture RISC-V is gaining huge popularity for IoT. A large ecosystem is available around RISC-V, including various RTL implemen...

Internet-of-Things (IoT) opens a new world of possibilities for both personal and industrial applications. At the heart of an IoT device, the processor is the core component. Hence, as an open and free instruction set architecture RISC-V is gaining huge popularity for IoT. A large ecosystem is available around RISC-V, including various RTL implemen...

Sequentialization has been shown to be an effective symbolic verification technique for safety properties in multi-threaded C programs using POSIX threads. The tool Lazy-CSeq, which applies a lazy sequentialization scheme, demonstrated its efficiency by ranking top places within the concurrency division of the Competitions on Software Verification...

Extensive testing of IoT SW is very important to prevent errors and security vulnerabilities. In the SW domain the automated concolic testing technique has been shown very effective. In this paper we propose an approach for concolic testing of binaries targeting RISC-V systems with peripherals. Our approach works by integrating the Concolic Testing...

Virtual Prototypes (VPs) are becoming increasingly attractive for the early analysis of SoC power management, which is nowadays mostly implemented in firmware (FW). Power and timing constraints can be monitored and validated by executing a set of test-cases in a power-aware FW/VP co-simulation. In this context, cross coverage of power states is an...

Efficient power management is very important for modern System-on-Chip to satisfy the conflicting demands on high performance and low power consumption. Nowadays, global power management is mostly implemented in firmware (FW) due to the relative ease of development and its flexibility. Recent advances in system-level power modeling and estimation o...

Formal verification of high-level SystemC designs is an important and challenging problem. One has to deal with the full complexity of C++ to extract a suitable formal model (front-end problem) and then, with large cyclic state spaces defined by symbolic inputs and concurrent processes. This paper describes a scalable and efficient stateful symboli...

Electronic systems integrate an increasingly large number of components on a single chip. This leads to increased risk of faults, e.g., due to radiation, aging, etc. Such a fault can lead to an observable error and failure of the system. Therefore, an error effect simulation is important to ensure the robustness and safety of these systems. Error e...

Ensuring the correctness of SystemC virtual prototypes is indispensable. For such models, existing symbolic simulation approaches are based on interpreting their behavior. In this paper we propose a major enhancement called Compiled Symbolic Simulation (CSS). For more scalable state space exploration, CSS augments the DUV to integrate the symbolic...

We present the tool ParCoSS for verification of cooperative multithreading programs. Our tool is based on the recently proposed Compiled Symbolic Simulation (CSS) technique. Additionally, we employ parallelization to further speed-up the verification. The potential of our tool is shown by evaluation.

Sequentialization has been shown to be an effective symbolic verification technique for concurrent C programs using POSIX threads. Lazy-CSeq, a tool that applies a lazy sequentialization scheme, has won the Concurrency division of the last two editions of the Competition on Software Verification. The tool encodes all thread schedules up to a given...

Formal verification of high-level SystemC designs is an important and challenging problem. Recent works have proposed symbolic simulation in combination with Partial Order Reduction (POR) as a promising solution and experimentally demonstrated its potential. However, these symbolic simulation approaches have a fundamental limitation in handling cyc...

Formal verification of SystemC is challenging. Before dealing with symbolic inputs and the concurrency semantics, a front-end is required to translate the design to a formal model. The lack of such front-ends has hampered the development of efficient back-ends so far. In this paper, we propose an isolated approach by using an Intermediate Verificat...