Formal guarantees for localized bug fixes

Abstract

Bug traces produced in simulation serve as the basis for patching the RTL code in order to fix a bug. It is important to prove that the patch covers all instances of the bug scenario; otherwise, the bug may return with a different valuation of the variables involved in the bug scenario. For large circuits, formal methods do not scale well enough to comprehensively eliminate the bug, and achieving adequate coverage in simulation and regression testing becomes expensive. This paper proposes formal methods for analyzing the control trace leading to the observed manifestation of the bug and verifying the robustness of the bug fix with respect to that control trace. We propose a classification of the bug fix based on the guarantee that our analysis can provide about the quality of the bug fix. Our method also prescribes the types of tests that are recommended to validate the bug fix on other types of scenarios. Since our methods are more scalable by orders of magnitude than model checking the entire design, we believe that the proposed formal methods hold immense promise in analyzing bug fixes in practice.