Conventional tools for formal hardware/software co-verification use bounded model checking techniques to construct a single monolithic propositional formula. Formulas generated in this way are extremely complex and contain a great deal of irrelevant logic, hence are difficult to solve even by the state-of-the-art Satis ability (SAT) solvers. In a typical hardware/software co-design the firmware only exercises a fraction of the hardware state-space, and we can use this observation to generate simpler and more concise formulas. In this paper, we present a novel verification algorithm for hardware/software co-designs that identify partitions of the firmware and the hardware logic pertaining to the feasible execution paths by means of path-based symbolic simulation with custom path-pruning, property-guided slicing and incremental SAT solving. We have implemented this approach in our tool COVERIF. We have experimentally compared COVERIF with HW-CBMC, a monolithic BMC based co-verification tool, and observed an average speed-up of 5X over HW-CBMC for proving safety properties as well as detecting critical co-design bugs in an open-source Universal Asynchronous Receiver Transmitter design and a large SoC design.

中文翻译：

---

使用基于路径的符号执行的硬件/软件协同验证

用于正式硬件/软件协同验证的传统工具使用有界模型检查技术来构建单个整体命题公式。以这种方式生成的公式极其复杂，并且包含大量不相关的逻辑，因此即使是最先进的 Satisability (SAT) 求解器也难以求解。在典型的硬件/软件协同设计中，固件只使用硬件状态空间的一小部分，我们可以使用这种观察来生成更简单、更简洁的公式。在本文中，我们提出了一种新的硬件/软件协同设计验证算法，该算法通过基于路径的符号模拟和自定义路径修剪、属性引导来识别固件分区和与可行执行路径相关的硬件逻辑。切片和增量 SAT 求解。我们已经在我们的工具 COVERIF 中实现了这种方法。我们通过实验将 COVERIF 与 HW-CBMC（一种基于整体 BMC 的协同验证工具）进行了比较，并观察到比 HW-CBMC 平均加速 5 倍，用于证明安全特性以及检测开源中的关键协同设计错误通用异步接收器发射器设计和大型 SoC 设计。