With the increasing emergence of mixed hardware/software systems, it is important to ensure the correctness of such a system formally, particularly for real-time and safety critical applications. We present a hierarchical approach to modeling and formally verifying an embedded system at higher levels of abstraction, using Multiway Decision Graphs (MDGs). We demonstrate our approach on the embedded software for a mouse controller application on a commercial microcontroller (PIC 16C71), using the MDG verification tools. Inconsistencies in the assembly code with respect to the specification, as published in the application notes of the manufacturer, were uncovered through our experiments.

Abstract: Software simulators that emulate equivalent behavior of physical microcontrollers play an important role in the process of software development for embedded systems from an early development stage (e.g. when no target hardware is available) to the final verification process (e.g. used in combination with formal methods). Thus, much reliance is put on the correctness of these simulators. This paper presents a practicable approach to test auto-generated and custom microcontroller simulators (both closed and open-source) against a physical device. We show how to set up a test oracle that allows to run the simulators in parallel, validate individual runs based on a comparison of their accumulated state-space, and – in case an error is found – finger-point to the root cause of the error, thus giving valuable support for fixing the discrepancies. A case study shows that the presented testing framework was able to reveal non-trivial bugs in several implementations. 1