Formal Verification and Compliance Checkers

by

Dr. Saurabh Joshi

Dr. Ramakrishna Upadrasta

Department of CSE, IIT Hyderabad

Indian Institute of Technology Hyderabad

Example

• Can the assertion fail?
• 1 million tests says NO
• Undefined behaviour as per C programming language standard if signed integer arithmetic results in an overflow/underflow
• Probability that a uniformly randomly generated test would find  the bug is         > 2.1Billion

Example

• What's wrong with this code?

A small software bug can cause a disaster!

• Ariane 5 : 64-bit FP to 16-bit int
• Mariner 1: Omission of a hyphen
• Pentium FDIV bug : $400M+ loss
• Therac 25 fatal radiation: Race condition
• and many more...

Testing

• It can scale to a very large system
• Well understood by developers
• Explores a small subset of all possible system behaviour

Err

Start

Formal Verification

• Can be applied for small modules
• System represented as a system of equation
• Exhaustively explores system behaviours
• Provides functional safety guarantees with respect to the specification
• Advancement in user-friendly model-checkers

Err

Start

Example

Need for code compliance checker

• Can easily be missed in a code review
• More than 200 rules in MISRA
• Impossible for a programmer or code reviewer to remember them all
• Coding standards are important for various application domains (MISRA for automotive )
• Toyota unintended acceleration bug: 80000+ violation of MISRA (https://www.edn.com/toyotas-killer-firmware-bad-design-and-its-consequences/)