The ESTEREL synchronous programming language: design, semantics, implementation
Science of Computer Programming
Virtual memory mapped network interface for the SHRIMP multicomputer
ISCA '94 Proceedings of the 21st annual international symposium on Computer architecture
Teapot: language support for writing memory coherence protocols
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
Generating efficient protocol code from an abstract specification
Conference proceedings on Applications, technologies, architectures, and protocols for computer communications
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Model checking for programming languages using VeriSoft
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Eraser: a dynamic data race detector for multithreaded programs
ACM Transactions on Computer Systems (TOCS)
Automatically closing open reactive programs
PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
A practical method for verifying event-driven software
Proceedings of the 21st international conference on Software engineering
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
Communicating sequential processes
Communications of the ACM
Enforcing high-level protocols in low-level software
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Automatic predicate abstraction of C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
ESP: a language for programmable devices
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Using meta-level compilation to check FLASH protocol code
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
A simple method for extracting models for protocol code
ISCA '01 Proceedings of the 28th annual international symposium on Computer architecture
Dynamic memory management for programmable devices
Proceedings of the 3rd international symposium on Memory management
Protocol Verification as a Hardware Design Aid
ICCD '92 Proceedings of the 1991 IEEE International Conference on Computer Design on VLSI in Computer & Processors
Bebop: A Symbolic Model Checker for Boolean Programs
Proceedings of the 7th International SPIN Workshop on SPIN Model Checking and Software Verification
Modelization and verification of a multiprocessor realtime OS kernel
Proceedings of the 7th IFIP WG6.1 International Conference on Formal Description Techniques VII
An improvement in formal verification
Proceedings of the 7th IFIP WG6.1 International Conference on Formal Description Techniques VII
Formal Methods: A Practical Tool for OS Implementors
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
| Hi-index | 0.00 |
Device firmware is a piece of concurrent software that achieves high performance at the cost of software complexity. They contain subtle race conditions that make them difficult to debug using traditional debugging techniques. The problem is further compounded by the lack of debugging support on the devices. This is a serious problem because the device firmware is trusted by the operating system.Model checkers are designed to systematically verify properties of concurrent systems. Therefore, model checking is a promising approach to debugging device firmware. However, model checking involves an exponential search. Consequently, the models have to be small to allow effective model checking.This paper describes the abstraction techniques used by the ESP compiler to extract abstract models from device firmware written in ESP. The abstract models are small because they discard some of the details in the firmware that is irrelevant to the particular property being verified. The programmer is required to specify the abstractions to be performed. The ESP compiler uses the abstraction specification to extract models conservatively. Therefore, every bug in the original program will be present in the extracted model.This paper also presents our experience with using Spin model checker to develop and debug VMMC firmware for the Myrinet network interfaces. An earlier version of the ESP compiler yielded models that were too large to check for system-wide properties like absence of deadlocks. The new version of the compiler generated abstract models that were used to identify several subtle bugs in the firmware. So far, we have not encountered any bugs that were not caught by Spin.