280 likes | 443 Vues
Verification of Local Design Refinements in a System Design Methodology. Tarvo Raudvere. Today’s complex systems. Outline. Introduction into System Design Authors Contribution Gradual design verification Polynomial Abstraction Conclusion Future Work. Trends in System Design.
E N D
Verification of Local Design Refinements in a System Design Methodology Tarvo Raudvere
Outline • Introduction into System Design • Authors Contribution • Gradual design verification • Polynomial Abstraction • Conclusion • Future Work
Trends in System Design • Increasing complexity • System design starts at a higher abstraction level • Simulation alone is not efficient for verification • Formal techniques have to be complementary applied
Specification Model DesignConstraints Functional Domain Design Refinement Verification Transf. Library Implement. Model Implementation Mapping Implementation Domain HW Description Interface Description SW Description The ForSyDe Design Flow
Semantic PreservingTransformation Do not change the meaning of the model Used mainly for process merging and splitting M1 Mn ImplementationModel T1 T2 Tn The specification model (M0) is stepwise refined by the use of well defined design transformation (Ti) into an implementation model (Mn) Refinement of the Specification Model Specification Model M0 • Design DecisionTransformation • Change the meaning of the model • Introduce a design decision • Examples are refinement of data types, constraining buffer sizes
Simulation Equivalence checking Model checking Model checking Theorem proving Strategy Tool Abstraction DATE’04 CODES+ISSS’03 Gradual design verification Translation from ForSyDe into SMV Polynomial abstraction Thesis contribution Choose a verification technique
Specification model Trans- formation library Input stimuli gen. Property library Design Constraints B1 B2 B3 T B1 B’2 B3 Input stimuli Block B’2 Property checker Implementation model Verification Gradual design verification
Assumptions for gradual verification • The specification model is correct • Only the local correctness of the system is verified • The designer is aware of the constraints for every design block • Design blocks are small enough, that existing verification tools manage the tasks in reasonable time
Verification Details • For every design transformation there is a set of predefined properties • There are SMV templates to assist the user to model the design environment for design blocks • Abstraction has to be done by the user • Translation from ForSyDe into SMV is straight forward • The Cadence version of SMV (Symbolic Model Verifier) is used for verification
Refinement of the Equalizer System Model Button Control Dist. Control HoldLevel LevelControl Distort.Control CheckLow Freq Buttons PowerSpectrum FIR1 Amplifier Audio Filter FFT AudioIn FIR2 Amplifier Sum GroupSamples FIR5 Amplifier Audio Analyzer AudioOut
V Button Control Audio Filter Transformation: ChannelToHandshake V Receive V Send Button Control Finite FIFO Audio Filter Refinement into a Handshake Protocol • The handshake protocol introduces a delay between Send and Receive • The FIFO buffer stores the input data if the channel is busy with the previous arrival • The FIFO size must correspond to the load on the channel
Verified properties Reliability: The only data loss is caused by overflow. (1 sec.) Latency: It takes a fixed number of clock cycles to transport data through the channel. (0.2 sec.) Bandwidth: An input stream with a certain data rate causes no FIFO overflow. (0.2 sec.) Order: Present values on the channel output preserves the same order they have on the input. (400 sec.)
Requirements • For every new design transformation a set of properties has to be defined, which are obligatory to verify • In order to avoid state space explosion, abstraction has to be applied. • The proper abstraction technique should be selected according to: • specific design transformation • the properties that we verify
Polynomial Abstraction • Verification of sequentially implemented combinational functions • Applicable at a high abstraction level • Target: clock domain refinements in the ForSyDe methodology
x f y f(x,y,z) x z DATA PATH f(x,y,z) y z + × x + + + CONTROLLER y f(x,y,z) × × × z Clock Domain Refinement
D D D d1 d2 d3 d4 c1 c2 c3 c4 × × × × + + + Refinement of a FIR-filter Combinational Specification f=c1d1+…+c4d4 ( g ≡ f ) ??? d1 0 reg g × + mux mux d4 c1 Sequential Implementation mux c4 ready FSM start
Theoretical background • ”The Fundamental Theorem of Algebra”: Two degree k uni-variable polynomials are equivalent, if they evaluate pairwise the same values for k+1 input assignments. • Example • S(x)=4x2+3x+7 • R(x)= 5x2+2x+6 • Degree of S(x) and R(x) is 2 • S(x)=R(x), if they calculate pairwise the same value for 3 arbitrary chosen input assignments • If S(x)=R(x) for 3 input assignments, then they are equal for any input assignment.
D D D d1 d2 d3 d4 c1 c2 c3 c4 × × × × f + + + d1 g 0 reg d4 × + mux mux c1 c4 mux ready FSM start Strategy • Find degrees of c1, c2, c3, c4, d1, d2, d3, d4 in f and g. • According to the degrees declare domains of input values. • The equivalence check of f and g can be performed by a model checker. • It is possible to reduce domains of these input signals, which do not determine the control flow of the FSM.
Methodology Sequential design Signal type? • Signal type classification • Degree calculation • Abstraction, model checking Symbolic execution Data 1. 2. Control Output polynomials 3. Degree calculation Domain declaration Model checking Abstract model
Model Checking • Control inputs may get values from all the range of their input domains. • The data signal s gets assignments from 0 to n, if the degree of s is n. • Specification - S(x), Implementation - I(x) the model checker verifies the property: “always S(x)=I(x), if the signal ready is high”.
5 order 4 FIR-filters 29 Integer inputs 210 seconds 13M BBD-nodes Case Study: Verification of the Audio Filter Button Control Audio Filter FIR-filter1 Lowest Pass Amplifier FIR-filter2 Lowest Pass Amplifier + FIR-filter5 Lowest Pass Amplifier
Conclusion • Integration of formal verification into ForSyDe • Gradual design verification • Translation from ForSyDe into SMV • Polynomial Abstraction
Future Work • Extend the transformation library and the respective property library • Create a tool for translation from ForSyDe into SMV • Create a tool for polynomial abstraction • Extend the polynomial abstraction • Modulo calculation - fix-point arithmetic • Saturation arithmetic • Predicate calculation on input signals
Theoretical Background • The fundamental theorem of algebra: A uni-variable polynomial of degree n has exactly n complex roots, unless all of its coefficients are zero. • If R(x)=a2x2+a1x+a0 has at least three roots then all ai=0 • Specification S(x)=c2x2+c1x+c0 • Implementation I(x)=d2x2+d1x+d0 • R(x)=I(x)-S(x)=(d2-c2)x2+(d1-c1)x+(d0-c0)
Specification: Combinational function, expressed as a polynomial Implementation: Data path contains operations +,-,×,/ Feedback loops – State Machine Description Computation takes one execution cycle Target Designs Data Path Real numbers Boolean Integers Controller Enumerated
Author’s Papers • T.Raudvere, I.Sander, A.K.Singh, A.Jantsch. Verification of design decisions in ForSyDe. Codes+ISSS’03. • Gradual design verification • Translation from ForSyDe into SMV • T.Raudvere, A.K.Singh, I.Sander, A.Jantsch. Polynomial abstraction for verification of sequentially implemented combinational circuits. DATE’04. • Polynomial Abstraction