CN114924992B - Formalized FPGA software security verification method and verification system - Google Patents

Formalized FPGA software security verification method and verification system Download PDF

Info

Publication number
CN114924992B
CN114924992B CN202210851736.4A CN202210851736A CN114924992B CN 114924992 B CN114924992 B CN 114924992B CN 202210851736 A CN202210851736 A CN 202210851736A CN 114924992 B CN114924992 B CN 114924992B
Authority
CN
China
Prior art keywords
sva
design
assertion
information
sva assertion
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210851736.4A
Other languages
Chinese (zh)
Other versions
CN114924992A (en
Inventor
路云峰
贾杨
王世海
刘斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN202210851736.4A priority Critical patent/CN114924992B/en
Publication of CN114924992A publication Critical patent/CN114924992A/en
Application granted granted Critical
Publication of CN114924992B publication Critical patent/CN114924992B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3692Test management for test results analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a formalized FPGA software security verification method and a verification platform, and belongs to the technical field of programmable logic device software testing. Acquiring general safety design requirement information of FPGA software, and generating an SVA assertion template according to the general design requirement information of the FPGA software; extracting safety design criteria to be verified and FPGA software information to be tested, and extracting signal information to be tested from the FPGA software to be tested; mapping the safety design criterion to be verified with an SVA assertion template, selecting a target SVA assertion from the SVA assertion template, and generating an SVA assertion to be executed; and inputting the SVA assertion to be executed and the source code of the FPGA software to be tested into a formal verification tool to complete formal verification and output a security verification report. The method and the verification platform for executing the method solve the problems and the defects of long development period, low generalization degree and the like caused by manually compiling test cases and carrying out simulation verification.

Description

Formalized FPGA software security verification method and verification system
Technical Field
The invention relates to the technical field of programmable logic device software testing, in particular to a method and a platform for verifying the safety of FPGA software based on formalization.
Background
The programmable logic device has the advantages of repeatable programming, high reliability, high integration level, low power consumption, small volume, low cost, easy maintenance and the like, so that the application of the programmable logic device in various fields of aviation, aerospace, electronics, ships and the like is improved year by year in recent years, and the design mode of adopting the programmable logic device to replace the original ASIC and DSP is gradually accepted by designers. The scale of hardware RTL codes is continuously increased, the FPGA design is more and more complex, great challenges are brought to the logic verification of the RTL codes, according to annual report statistics of various large business companies, 70% of time and manpower in the life cycle of the whole project are used in the FPGA software code verification stage, but the verification is still difficult to converge, and the product realized by adopting a programmable logic device still has no safety problem.
In the traditional FPGA software verification, after a designer completes a specific function code, a tester writes a directional test case according to the function so as to generate a stimulus for verifying the function, then the stimulus is infused to a DUT (module to be tested), then an EDA tool is used for simulation to obtain the level jump condition of a digital signal after the directional test stimulus enters the DUT, whether an actual result is consistent with an expected result or not is judged by observing a waveform diagram, and if the actual result is consistent with the expected result, the function of FPGA code design meets the requirements of the designer. Most of the traditional verification modes only depend on partial description of functions in a software development document, the verification process of the safety design requirement of FPGA software is often ignored, and the obvious defects that the test cases compiled manually are poor in universality, the development period of the test cases is long, a large amount of manual maintenance is needed for the complicated test cases, the test results are possibly misjudged manually through EDA oscillograms in interpretation, and the like exist.
Therefore, how to get rid of manually writing a test case based on a design document to perform the security verification of the FPGA software and improve the security verification efficiency of the FPGA software is to provide a generalized security verification method and verification platform for the FPGA software, which is a problem that needs to be solved by those skilled in the art.
Disclosure of Invention
The invention provides a formal FPGA software security verification method and a verification platform, aiming at the fact that the traditional FPGA software testing method adopts manual writing of test cases and sends the test cases into a simulation tool to verify the functions and the performance of FPGA software and lacks of design universalization and automatic verification means aiming at the security of the FPGA software.
In order to achieve the purpose, the invention adopts the following technical scheme:
the invention discloses a formalized FPGA software security verification method on the one hand, which comprises the following steps:
s1, acquiring general safety design requirement information of FPGA software, and generating an SVA assertion template according to the general safety design requirement information of the FPGA software;
s2, extracting a safety design rule to be verified, and extracting signal information to be tested from FPGA software to be tested according to the safety design rule to be verified;
s3, mapping the safety design criterion to be verified extracted in the S2 and the SVA assertion template generated in the S1, selecting a target SVA assertion from the SVA assertion template, replacing signal information in the target SVA assertion with the to-be-detected signal information extracted in the S2, and generating the to-be-executed SVA assertion;
and S4, inputting the SVA assertion to be executed and the source code of the FPGA software to be tested into a formal verification tool for verification and outputting a security verification report.
Preferably, the step S1 specifically includes the following steps:
s11, classifying and analyzing the design and implementation requirement information in the GB/T37691-2019 programmable logic device software safety design guide one by one;
s12, extracting general safety design criteria of FPGA software capable of performing safety verification in an SVA (singular value application) assertion mode from each piece of design and implementation requirement information, and constructing an SVA assertion template according to the extracted general safety design criteria;
and S13, extracting signal information and constraint conditions which are required to be replaced by executing SVA assertion in the SVA assertion template, wherein the signal information comprises clock signal names and register signal names.
Preferably, the step S2 of extracting the safety design criterion to be verified and the FPGA software information to be tested specifically includes the following steps:
s21, selecting a safety design criterion to be verified according to the application field and application scene of a product to which the FPGA software to be tested belongs and a related software technical document;
s22, carrying out duplicate removal treatment on the selected safety design criterion to be verified according to the signal name in the safety design criterion;
s23, extracting initial signal information from FPGA software to be tested according to the safety design criterion to be verified after the duplication removal;
s24, judging whether the signal name, the signal quantity and the clock domain relation in the initial signal information meet the requirements of an SVA assertion template;
and S25, reserving initial signal information meeting the requirements of the SVA assertion template, namely signal information to be detected, wherein the signal information to be detected comprises a clock signal name to be detected and a register signal name to be detected.
Preferably, step S23 further includes:
judging whether the current de-duplicated safety design criterion to be verified contains a cross-clock-domain design requirement, and dividing the signal names according to a clock-domain relation when the cross-clock-domain design requirement exists.
Preferably, step S3 specifically includes the following steps:
s31, completing the mapping relation of the SVA assertion template according to a safety design rule to be verified, and selecting a target SVA assertion from the SVA assertion template;
and S32, replacing the clock signal name and the register signal name in the target SVA assertion item by item with the clock signal name and the register signal name to be detected, generating an SVA assertion to be executed, and storing the SVA assertion to be executed into an SVA assertion file to be executed.
Preferably, step S4 specifically includes the following steps:
s41, sending the SVA assertion file to be executed and the FPGA software source code to be detected into a Formal verification tool supporting SVA assertion verification together for Formal verification, wherein the Formal verification tool supporting SVA assertion verification comprises AveMC, jaspergold and VC _ Formal;
s42, judging an assertion coverage rate result output after performing formal verification, and when the assertion coverage rate result does not meet a set threshold, re-extracting the safety design rule to be verified and the FPGA software information to be tested and updating the SVA assertion to be executed;
s43, repeating the steps S41 to S42 until the coverage rate result meets the set threshold value;
and S44, analyzing the SVA assertion passing condition given by the formal verification tool, judging the reason why the SVA assertion fails, and outputting an FPGA software security verification report.
The invention discloses a formalized FPGA software security verification platform on the other hand, which comprises: the system comprises an SVA assertion module, an information extraction module, an SVA assertion generation module, a formal verification tool and a result analysis module;
the SVA assertion module is used for generating an SVA assertion template according to the general safety design requirement information of the FPGA software; the information extraction module is used for extracting safety design criteria to be verified and information of the signal to be tested; the SVA assertion generating module is used for reading an SVA assertion template generated in the SVA assertion module, and the to-be-verified safety design criterion and the to-be-tested signal information extracted by the information extracting module to generate to-be-executed SVA assertion; the formal verification tool is used for performing formal verification on the generated SVA assertion to be executed; the result analysis module is used for analyzing and judging the verification result given by the formal verification tool and generating a safety verification report.
Preferably, the generating of the SVA assertion template by the SVA assertion module specifically includes:
the SVA assertion module inputs design and implementation requirement information in a GB/T37691-2019 programmable logic device software security design guide, and classifies and analyzes the design and reality requirement information one by one;
and extracting the general security design rule of the FPGA software capable of performing security verification by adopting an SVA (singular value analysis) assertion mode from each piece of design and implementation requirement information, and constructing an SVA assertion template according to the extracted general security design rule.
Preferably, the information extraction module extracts the safety design criterion to be verified and the signal information to be tested, and specifically includes:
the information extraction module imports FPGA software to be tested and an FPGA constraint file, and selects a safety design criterion to be verified according to the application field and the application scene of a product to which the FPGA software to be tested belongs and a related software technical document;
carrying out duplicate removal processing on the selected safety design criterion to be verified according to the signal name in the safety design criterion to be verified;
extracting initial signal information from FPGA software to be tested according to the safety design rule to be verified after the duplication removal;
judging whether the current de-duplicated safety design criterion to be verified contains a cross-clock-domain design requirement, and dividing the signal names according to a clock-domain relation when the cross-clock-domain design requirement exists;
judging whether the signal name, the signal number and the clock domain relation in the initial signal information meet the requirements of an SVA assertion template, and sending prompt information when the requirements of the assertion template are not met;
and reserving initial signal information meeting the requirements of the SVA assertion template, namely the signal information to be tested, wherein the signal information to be tested comprises a clock signal name to be tested and a register signal name to be tested.
Preferably, the generating of the to-be-executed SVA assertion by the SVA assertion generating module includes the following steps:
the SVA assertion generating module reads an SVA assertion template generated in the security-based SVA assertion template module, and the to-be-verified security design criterion and the to-be-tested signal information extracted by the information extracting module, maps the to-be-verified security design criterion with the SVA assertion template, and selects a target SVA assertion from the SVA assertion template;
and replacing the clock signal name and the register signal name in the target SVA assertion by the clock signal name and the register signal name to be detected item by item, generating the SVA assertion to be executed, and storing the SVA assertion to be executed into an SVA assertion file to be executed.
According to the technical scheme, compared with the prior art, the invention discloses and provides a security verification method and a verification platform based on formalized FPGA software, a general security verification method and a verification platform of the FPGA software are constructed in a formalized mode, a SVA assertion template is verified by generating the general FPGA software, and SVA assertion, namely automatic generation of a test case is completed by utilizing a selected security criterion and relevant information extracted from the FPGA software to be tested; the safety automatic verification process of the FPGA software can be completed without manually compiling a test case in the whole verification process, and a relevant verification report is generated, so that the problems that the traditional FPGA software testing method is low in testing efficiency, limited in testing quality by testers and lack of a generalized FPGA software safety verification method are effectively solved, and the method has a wide application prospect in the field of programmable logic device software testing.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of the steps of the method for verifying the safety of the software based on the formalized FPGA;
FIG. 2 is a block diagram of the structure of the security verification platform based on the formalized FPGA software of the present invention;
FIG. 3 is a schematic diagram of an SVA predicate template generation scheme in the SVA predicate module according to the present invention;
FIG. 4 is a flow chart of the information extraction steps in the information extraction module of the present invention;
FIG. 5 is a flow chart of the automatic generation of SVA assertions in the SVA assertion generation module of the present invention;
FIG. 6 is a flow chart of the formal verification tool performing formal verification and result analysis according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, the present invention discloses a method for verifying security of FPGA software based on formalization, which comprises the following steps:
s1, acquiring general safety design requirement information of FPGA software, generating an SVA assertion template according to the general safety design requirement information of the FPGA software, and determining signal information and constraint conditions to be replaced;
s2, extracting safety design criteria to be verified and FPGA software information to be tested;
s3, mapping the FPGA software information to be tested and the SVA assertion template generated in S1, calling the SVA assertion template according to a safety design rule to be verified, and generating SVA assertion to be verified;
and S4, inputting the FPGA software source code to be tested and the SVA assertion to be verified into a formal verification tool to complete formal verification and output a security verification report.
Specifically, the step S1 may adopt the following steps:
s11, analyzing the design and implementation requirement information in the GB/T37691-2019 programmable logic device software safety design guide one by one;
s12, extracting general design requirements capable of performing FPGA software security verification by adopting an SVA assertion mode from the design and implementation requirement information, and constructing an SVA assertion template according to the general design requirements;
and S13, explicitly executing signal information and constraint conditions which need to be replaced by the SVA assertion in the SVA assertion template, wherein the signal information comprises clock signal names and register signal names, so that whether the information input meets the replacement requirement of the SVA assertion template or not is judged when the signal information is replaced.
Step S2 may employ the following steps:
s21, selecting a safety design criterion to be verified according to the application field and application scene of a product to which the FPGA software to be tested belongs and a related software technical document;
s22, carrying out duplicate removal treatment on the selected safety design criterion to be verified according to the signal name in the safety design criterion;
s23, extracting initial signal information from FPGA software to be tested according to the safety design criterion to be verified after the duplication removal;
s24, judging whether the signal name, the signal quantity and the clock domain relation in the initial signal information meet the requirements of an SVA (singular value analysis) assertion template;
and S25, reserving initial signal information meeting the requirements of the SVA assertion template, namely signal information to be detected, wherein the signal information to be detected comprises a clock signal name to be detected and a register signal name to be detected.
Step S23 further includes:
judging whether the current de-duplicated safety design criterion to be verified contains a cross-clock-domain design requirement, and dividing the signal names according to the clock-domain relation when the cross-clock-domain design requirement exists.
Step S3 may specifically include the following steps:
s31, completing the mapping relation of the SVA assertion template according to a safety design rule to be verified, and selecting a target SVA assertion from the SVA assertion template;
and S32, replacing the clock signal name and the register signal name in the target SVA assertion by the clock signal name and the register signal name to be detected item by item, generating a to-be-executed SVA assertion, and storing the to-be-executed SVA assertion into a to-be-executed SVA assertion file.
Step S4 may specifically include the following steps:
s41, sending the SVA assertion file to be executed and the FPGA software source code to be tested into a Formal verification tool supporting SVA assertion verification together for Formal verification, wherein the Formal verification tool supporting SVA assertion verification comprises AveMC, jaspergold and VC _ Formal;
s42, judging an assertion coverage rate result output after formal verification is executed, and when the assertion coverage rate result does not meet a set threshold value, re-extracting the safety design rule to be verified and the FPGA software information to be tested and updating the SVA assertion to be executed;
s43, repeating the steps S41 to S42 until the coverage rate result meets the set threshold value;
and S44, analyzing the SVA assertion passing condition given by the formal verification tool, judging the reason why the SVA assertion fails, and outputting an FPGA software security verification report.
As shown in fig. 2, another aspect of the present invention discloses a security verification platform based on a formalized FPGA software, including: the system comprises an SVA assertion module, an information extraction module, an SVA assertion generation module, a formal verification tool and a result analysis module;
the SVA assertion module is used for generating an SVA assertion template according to the general safety design requirement information of the FPGA software; the information extraction module is used for extracting safety design criteria to be verified and information of the signal to be tested; the SVA assertion generating module is used for reading an SVA assertion template generated in the SVA assertion module based on safety, and the to-be-verified safety design criterion and the to-be-tested signal information extracted by the information extracting module to generate to-be-executed SVA assertion; the formal verification tool is used for performing formal verification on the generated SVA assertion to be executed; the result analysis module is used for analyzing and judging the verification result given by the formal verification tool and generating a safety verification report.
The details of each module of the FPGA software security verification platform are described below.
The SVA assertion module can generate an SVA assertion template according to the general safety design requirement information of the FPGA software and generate an SVA assertion template file;
as shown in fig. 3, in a specific embodiment, general security design requirement information of FPGA software can be obtained from a security design guide of GB/T37691-2019 programmable logic device software, first, an SVA assertion module needs to design and implement relevant information about security design requirements of FPGA software according to the safety design guide of GB/T37691-2019 programmable logic device software, and the relevant information is classified into 13 types of security criteria of a to M according to system design, cross-clock domain design, redundancy design, margin design, coding, clock design, interface and communication design, matching with relevant design of a memory, reset design, state machine design, use of an IP core, comprehensive design and pin constraint; then, each type of security criterion is decomposed to form a security criterion A _1, a security criterion A _2, \8230;, a security criterion M _ N; then, a verification model of each security design criterion is established according to an SVA assertion mode, the SVA assertion template comprises attributes and assertion type declarations (passing conditions and coverage rate conditions) which need to be verified, after the SVA assertion template is written, information and constraint information which need to be extracted for automatically generating the SVA assertion can be clearly generated according to the designed assertion codes, so that the information and constraint information which need to be extracted are formed, the information and constraint information which need to be extracted are A _1, the information and constraint information which need to be extracted are A _2, 8230, the information and constraint information which need to be extracted are M _ N, and finally, the SVA assertion template based on security is formed for related file storage management and is stored in an SVA assertion template library of an SVA assertion module.
The information extraction module can extract FPGA software safety design criteria which can be subjected to formal verification for selection.
As shown in fig. 4, the information extraction flow of the information extraction module is mainly divided into the following steps:
step 4.1, importing the source code of the FPGA software to be tested and the FPGA constraint file into an information extraction module;
the FPGA constraint file in the embodiment of the invention is a file capable of constraining FPGA design, mainly relates to constraints which can include clock constraints, group constraints, logic pin constraints and physical attribute constraints, and can realize the editing and formulation of the constraint information of the FPGA by editing a user constraint file in specific application.
4.2, checking the safety design criterion verification items according to the application field and the application scene of the product to which the FPGA software to be tested belongs and the related software technical documents;
step 4.3, performing deduplication processing on the content input in the safety design rule of the selected FPGA software, wherein repeated parts in the extraction process avoid repeated input of information in the information extraction process;
step 4.4, judging whether the currently selected safety design criterion contains a cross-clock domain design requirement, if the currently selected safety design criterion contains the cross-clock domain design requirement, dividing the signal names according to the clock domain affiliation relation;
step 4.5, when the design requirement of crossing clock domains exists, signal names are required to be divided according to the clock domain relation, when a plurality of clock domains are divided, the clock domain 1, the clock domain 2, the clock domain 8230, the clock domain N and the clock domain N are determined according to the clock signal names, and the related clock signal names and the signal names driven by the clock are prompted to be input in sequence;
step 4.6, prompting to input other signal names to be extracted;
step 4.7, sequentially judging whether the input signal name, the signal quantity and the clock domain relation meet the requirements of the SVA assertion template according to the selected safety design criterion SVA assertion template, and giving related prompt information when the requirements are not met;
step 4.8, searching whether all input signal names exist in the imported file in the FPGA software source code to be tested and the FPGA constraint file, and giving out related prompt information when the condition that the requirements are not met exists;
step 4.9, repeating the processes of the step 3.5 to the step 3.8 until the information extraction requirement is met;
and 4.10, classifying according to the selected safety standard file, and constructing a signal information file required by generating assertion by combining the input clock signal name, the register signal name and the like.
In a specific embodiment, the information extraction module can generate dialog box popup prompts according to the selected safety design criteria, input required signal names in sequence, automatically complete related information checking work, and output signal information required by assertion generation to the SVA assertion generation module when checking is passed.
The SVA assertion generating module is used for reading the security-based SVA assertion template file, selecting a security design criterion in the information extracting module and the signal information of the software to be tested to automatically generate SVA assertion, sending the SVA assertion into a formal verification tool, and performing formal verification on the input FPGA software code to be tested and the SVA assertion by the formal verification tool;
as shown in fig. 5, the SVA assertion generating module mainly includes the following steps:
step 5.1, reading information data generated in the information extraction module, and analyzing a selected safety design rule result and an extracted related signal name of the FPGA software to be tested from the information data;
step 5.2, reading the SVA assertion template file based on the safety from the SVA assertion module;
step 5.3, completing the mapping relation of the SVA assertion templates of the safety according to the safety design criteria selected in the information extraction module, and selecting the SVA assertion template to be subjected to signal name replacement;
and 5.4, replacing the clock signal name, the register signal name and the like in the mapped SVA assertion template file item by item to generate an SVA assertion file 1, an SVA assertion file 2, \8230 \ 8230;, and an SVA assertion file N is used for a formal verification tool to read and execute formal verification operation.
The Formal verification tool is used for performing Formal verification on the generated SVA assertion to be executed, and the Formal verification tool supporting SVA assertion verification can comprise AveMC, jaspergold and VC _ Formal.
The result analysis module can analyze and judge according to a verification result given by the formal verification tool and generate a safety verification report, when the assertion coverage rate does not meet the set requirement, the coverage rate sent into the information extraction module meets the condition to generate prompt information and analyze the prompt information, and if the safety design requirement which is not suitable for the FPGA software to be tested exists, the safety design rule of the FPGA software to be tested can be reselected for verification.
The formal verification and result analysis process shown in fig. 6 mainly includes the following steps:
step 6.1, importing the FPGA software source code file to be tested and the automatically generated file such as the SVA assertion to be executed into a formal verification tool, comprehensively considering and setting the requirement of the assertion coverage rate according to the actual use scene of the tested equipment, the safety requirement of the FPGA software, the testing workload and other factors, wherein the default requirement of the assertion coverage rate is 100%;
step 6.2, using an FPGA software Formal verification tool to construct a test environment, wherein the test environment comprises reading an imported source code file and an SVA assertion file to be executed, specifying clock constraints (specifying all clock signal frequencies in a design to be executed), establishing reset (specifying a top layer reset signal in the design and constraining reset effective levels), initializing parameters (giving an initial value to an input signal in the top layer to avoid the influence of an unsteady state on an assertion judgment result), using the tool to execute Formal verification and read an SVA assertion pass/fail result output by the tool after the test environment is constructed, and forming test result data according to SVA assertion coverage conditions, wherein the verification tool comprises general SVA assertion Formal verification tools such as AveMC, jaspergold, VC _ Formal and the like;
step 6.3, judging whether the assertion coverage rate result meets the preset verification requirement set in the step 5.1;
step 6.4, when the coverage rate result of the assertion does not meet the requirement, the safety design criterion corresponding to the uncovered assertion can be judged one by one, and whether the safety design criterion is suitable for the FPGA software to be tested is re-analyzed according to the actual use scene of the FPGA software resident equipment to be tested and the like;
step 6.5, if the safety verification of the uncovered test criterion is still needed, the related signal information input by the information extraction module is needed to be updated, the SVA assertion to be executed is regenerated and sent to a formal verification tool, and otherwise, the passing result of the safety design criterion which is not needed to be verified is deleted from the test result data;
and 6.6, generating a corresponding safety design rule verification result according to the SVA assertion pass/fail result in the test result data, and giving an FPGA software safety verification report in the forms of a table, a text document and an XML file.
In the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (6)

1. A formalized FPGA software security verification method is characterized by comprising the following steps:
s1, acquiring general safety design requirement information of FPGA software, and generating an SVA assertion template according to the general safety design requirement information of the FPGA software;
the method specifically comprises the following steps:
s11, classifying and analyzing the design and implementation requirement information item by item;
the design and implementation requirement information comprises system design, clock domain crossing design, redundancy design, margin design, coding, clock design, interface and communication design, related design of a matched memory, reset design, state machine design, IP core use, comprehensive design and pin constraint;
s12, extracting general safety design criteria of FPGA software capable of performing safety verification in an SVA (singular value analysis) assertion mode from each piece of design and implementation requirement information, and constructing an SVA assertion template according to the extracted general safety design criteria;
s13, extracting signal information and constraint conditions which are required to be replaced by executing SVA assertion in an SVA assertion template, wherein the signal information comprises clock signal names and register signal names;
s2, extracting a safety design rule to be verified, and extracting signal information to be tested from FPGA software to be tested according to the safety design rule to be verified;
s2 specifically comprises the following steps:
s21, selecting a safety design criterion to be verified according to the application field and application scene of a product to which the FPGA software to be tested belongs and a related software technical document;
s22, carrying out duplicate removal treatment on the selected safety design criterion to be verified according to the signal name in the safety design criterion;
s23, extracting initial signal information from FPGA software to be tested according to the safety design criterion to be verified after the duplication removal;
s24, judging whether the signal name, the signal quantity and the clock domain relation in the initial signal information meet the requirements of an SVA assertion template;
s25, reserving initial signal information meeting the requirements of the SVA assertion template as signal information to be tested, wherein the signal information to be tested comprises a clock signal name to be tested and a register signal name to be tested;
s3, mapping the safety design criterion to be verified extracted in S2 and the SVA assertion template generated in S1, selecting a target SVA assertion from the SVA assertion template, replacing signal information in the target SVA assertion with signal information to be tested extracted in S2, and generating the SVA assertion to be executed;
and S4, inputting the SVA assertion to be executed and the source code of the FPGA software to be tested into a formal verification tool for verification and outputting a security verification report.
2. The formalized FPGA software security verification method according to claim 1, further comprising in step S23:
judging whether the current de-duplicated safety design criterion to be verified contains a cross-clock-domain design requirement, and dividing the signal names according to the clock-domain relation when the cross-clock-domain design requirement exists.
3. The formalized FPGA software security verification method according to claim 1, wherein the step S3 specifically comprises:
s31, completing the mapping relation of the SVA assertion template according to the safety design criterion to be verified, and selecting a target SVA assertion from the SVA assertion template;
and S32, replacing the clock signal name and the register signal name in the target SVA assertion item by item with the clock signal name and the register signal name to be detected, generating an SVA assertion to be executed, and storing the SVA assertion to be executed into an SVA assertion file to be executed.
4. The formalized FPGA-based software security verification method according to claim 3, wherein the step 4 specifically comprises the following steps:
s41, sending the SVA assertion file to be executed and the FPGA software source code to be tested into a Formal verification tool supporting SVA assertion verification together for Formal verification, wherein the Formal verification tool supporting SVA assertion verification comprises AveMC, jaspergold and VC _ Formal;
s42, judging an assertion coverage rate result output after formal verification is executed, and when the assertion coverage rate result does not meet a set threshold value, re-extracting the safety design rule to be verified and the FPGA software information to be tested and updating the SVA assertion to be executed;
s43, repeating the steps S41 to S42 until the coverage rate result meets the set threshold value;
and S44, analyzing the SVA assertion passing condition given by the formal verification tool, judging the reason why the SVA assertion fails, and outputting an FPGA software security verification report.
5. A formalized FPGA software security verification system is characterized by comprising: the system comprises an SVA assertion module, an information extraction module, an SVA assertion generation module, a formal verification tool and a result analysis module;
the SVA assertion module is used for generating an SVA assertion template according to the general safety design requirement information of the FPGA software; the information extraction module is used for extracting safety design criteria to be verified and signal information to be tested; the SVA assertion generating module is used for reading an SVA assertion template generated in the SVA assertion module, and the safety design criterion to be verified and the signal information to be tested, which are extracted by the information extracting module, and generating SVA assertion to be executed; the formal verification tool is used for performing formal verification on the generated SVA assertion to be executed; the result analysis module is used for analyzing and judging the verification result given by the formal verification tool and generating a safety verification report;
the generating of the SVA assertion template by the SVA assertion module specifically includes:
the SVA assertion module inputs design and implementation requirement information, and classifies and analyzes the design and implementation requirement information item by item;
the design and implementation requirement information comprises system design, clock domain crossing design, redundancy design, margin design, coding, clock design, interface and communication design, related design of a matched memory, reset design, state machine design, IP core use, comprehensive design and pin constraint;
extracting general security design criteria of FPGA software capable of performing security verification by adopting an SVA (singular value analysis) assertion mode from each piece of design and implementation requirement information, and constructing an SVA assertion template according to the extracted general security design criteria;
the information extraction module extracts the safety design rule to be verified and the signal information to be tested, and specifically comprises the following steps:
the information extraction module imports FPGA software to be tested and an FPGA constraint file, and selects a safety design criterion to be verified according to the application field and the application scene of a product to which the FPGA software to be tested belongs and a related software technical document;
carrying out duplicate removal processing on the selected safety design criterion to be verified according to the signal name in the safety design criterion to be verified;
extracting initial signal information from FPGA software to be tested according to the safety design rule to be verified after the duplication removal;
judging whether the current de-duplicated safety design criterion to be verified contains a cross-clock-domain design requirement, and dividing the signal names according to a clock-domain relation when the cross-clock-domain design requirement exists;
judging whether the signal name, the signal number and the clock domain relation in the initial signal information meet the requirements of an SVA assertion template, and sending prompt information when the requirements of the assertion template are not met;
and reserving initial signal information meeting the requirements of the SVA assertion template, namely the signal information to be tested, wherein the signal information to be tested comprises the name of a clock signal to be tested and the name of a register signal to be tested.
6. The formalization-based FPGA software security verification system of claim 5, wherein the SVA assertion generating module generating the SVA assertion to be executed comprises the following steps:
the SVA assertion generating module reads an SVA assertion template generated in the security-based SVA assertion template module, and the to-be-verified security design criterion and the to-be-tested signal information extracted by the information extracting module, maps the to-be-verified security design criterion with the SVA assertion template, and selects a target SVA assertion from the SVA assertion template;
and replacing the clock signal name and the register signal name in the target SVA assertion by the clock signal name and the register signal name to be detected item by item, generating the SVA assertion to be executed, and storing the SVA assertion to be executed into an SVA assertion file to be executed.
CN202210851736.4A 2022-07-20 2022-07-20 Formalized FPGA software security verification method and verification system Active CN114924992B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210851736.4A CN114924992B (en) 2022-07-20 2022-07-20 Formalized FPGA software security verification method and verification system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210851736.4A CN114924992B (en) 2022-07-20 2022-07-20 Formalized FPGA software security verification method and verification system

Publications (2)

Publication Number Publication Date
CN114924992A CN114924992A (en) 2022-08-19
CN114924992B true CN114924992B (en) 2022-11-15

Family

ID=82815864

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210851736.4A Active CN114924992B (en) 2022-07-20 2022-07-20 Formalized FPGA software security verification method and verification system

Country Status (1)

Country Link
CN (1) CN114924992B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103020396A (en) * 2012-12-31 2013-04-03 青岛中星微电子有限公司 Method and device for automatic generating assertion

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100088257A1 (en) * 2006-02-09 2010-04-08 Yuan Lu Systems and Methods for Generating Predicates and Assertions

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103020396A (en) * 2012-12-31 2013-04-03 青岛中星微电子有限公司 Method and device for automatic generating assertion

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
基于SVA的FPGA接口时序验证方法研究;颜丽;《萍乡高等专科学校学报》;20140630;第31卷(第3期);第50-54页 *
机载复杂电子硬件跨时钟域同步电路验证方法研究;刘万和;《CNKI中国知网》;20170315(第03期);第1.3节、第3.2.1节 *
核电厂仪控***中FPGA的形式验证方法及V&V技术;朱夕辉;《工业控制计算机》;20171025;第30卷(第10期);第84-85、87页 *

Also Published As

Publication number Publication date
CN114924992A (en) 2022-08-19

Similar Documents

Publication Publication Date Title
Mingsong et al. Automatic test case generation for UML activity diagrams
CN109739766A (en) A kind of system and method for fast construction FPGA digital simulation model
CN104408264B (en) It is a kind of that system and method is verified based on the Embedded Storage Controller asserted
CN106445795A (en) Method and device for detecting efficiency of database SQL
US9594543B2 (en) Activity diagram model-based system behavior simulation method
US7895575B2 (en) Apparatus and method for generating test driver
CN110389896A (en) Code automated analysis and test method, device and computer readable storage medium
CN104793171A (en) Fault simulation based smart meter fault detection method
CN108984393A (en) A kind of unit testing code automatic generation method and device
US20200074040A1 (en) Hierarchical expression coverage clustering for design verification
CN109491922A (en) One kind being based on model-driven test method and apparatus
CN111158656A (en) Method and device for generating test codes based on fruit tree method
CN109828750A (en) Auto-configuration data buries method, apparatus, electronic equipment and storage medium a little
CN109101414B (en) Massive UI test generation method and device based on buried point data
CN103885341A (en) Performance analysis system and method based on automobile performance simulator
CN114924992B (en) Formalized FPGA software security verification method and verification system
Villalobos-Arias et al. Evaluation of a model‐based testing platform for Java applications
CN113485940B (en) Combined test case generation method based on parameter abstract modeling
CN113434390B (en) FPGA logic comprehensive tool fuzzy test method based on variation
CN114661615A (en) FPGA software testing method and device
Buffoni et al. Traceability and impact analysis in requirement verification
CN112329124B (en) CAE model error checking method, apparatus, computer device and storage medium
Nikiforova et al. Towards a Business Process Model-based Testing of Information Systems Functionality.
CN109374038B (en) Change test method of nuclear security level instrument control product based on application prototype
CN108363567B (en) Database-based verification platform exciter automatic generation method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant