510 likes | 711 Views
RAS. ISP. Summer School on Software Engineering and Verification (SSSEV) July 17-27, Moscow, Russia. Time Abstraction in Simulation-Based Hardware Verification. Alexander Kamkin kamkin@ispras.ru. Institute for System Programming of the Russian Academy of Sciences (ISPRAS)
E N D
RAS ISP Summer School on Software Engineering and Verification (SSSEV) July 17-27, Moscow, Russia Time Abstraction in Simulation-Based Hardware Verification Alexander Kamkin kamkin@ispras.ru Institute for System Programming of the Russian Academy of Sciences (ISPRAS) http://hardware.ispras.ru
Agenda • Introduction • Digital hardware design • Simulation-based verification • Time abstraction in hardware modeling • Main part • Time abstraction levels • Model-based reaction checking • Error diagnostics • Conclusion • C++TESK testing toolkit • Future work • Questions & answers Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Time • Time is a part of measuring system used to sequence events, to compare the durations of events and the intervals between them… Wikipedia • The only reason for time is so that everything doesn’t happen at once Albert Einstein Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Abstraction • Abstraction is the act of considering something as a general quality or characteristic, apart from concrete realities, specific objects, or actual instances Webster’s Dictionary • Abstraction captures only those details about an object that are relevant to the current perspective Wikipedia • Time abstraction is (1) generalization of events ordering relationship and (2) factorization of time intervals between them This Presentation Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Hardware design in a nutshell • Hardware is designed using hardware description languages (HDL), like VerilogandVHDL • The result is a software model that can be executed in an HDL simulator • The main approach to verify a design is to test the HDL model (simulation-based verification) • To automate simulation-based verification, reference models are used (C/C++) Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Clock Inputs, outputs, and system clock Clock Outputs Inputs Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Hardware description language (HDL) CLK input S; output R1, R2; void design() { while(true) { wait(S); delay(6); R1 = 1; delay(1); R1 = 0; delay(1); R2 = 1; delay(1); R2 = 0; V1 = 1; }} S R1 R2 6 cycles Concurrent assignments Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Simulation-based verification S2 Stimuli S1 S3 Reactions R3 Generation R2 R1 Checking Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Target Design Stimulus Generator Test Coverage Reaction Checker Simulation-based verification tasks • Stimuli generation • Reaction checking • Coverage tracking Stimulus Generator Reaction Checker Coverage Tracker Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Reaction checking Functionality • Number of reactions is correct • Each reaction is correct • Order of reactions is correct • Time intervals between reactions are correct Timing Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Design modifications Requirements are not time-accurate; design’s timing constantly changes Timing Interface Function Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Model abstraction + + + Abstract models are easier to develop and to maintain Abstract models are more stable (reusable) Abstract models are less error-prone Abstract models provide lower verification quality Abstract models are less deterministic and predictable Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
# # # # # R1 R1 R1 R1 R1 S S S S S # R2 R2 R2 R2 R2 R2 R1 S S R1 R2 R2 # # # Time abstraction S Stimulus Concrete event sequence S #6 R1 #2 R2 Abstract specification S #+ R1 #* R2 More abstract specifications S ((#+ R1 #* R2) | (#+ R2 #* R1)) S ((#+ R1) || (#+ R2)) R2 Events Reactions R1 Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Time abstraction in practice • Hardware design modeling • Development of reference models at different abstraction levels (specification of time properties) • Change of abstraction level (refinement of time properties) • Reference model adaptation • Adaptation of abstract (untimed) reference models for co-simulation in a time environment • Tuning time properties being checked without changing a reference model (reaction arbitration, etc.) Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
To be continued…Questions? Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Agenda • Introduction • Digital hardware design • Simulation-based verification • Time abstraction in hardware modeling • Main part • Time abstraction levels • Model-based reaction checking • Error diagnostics • Conclusion • C++TESK testing toolkit • Future work • Questions & answers Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Time abstraction levels • Time-accurate (cycle-accurate) models … • Time-inaccurate (time-approximate) models … • Untimed (functional) models Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Cycle-accurate models input bool val_in_data; input uint8_t in_data; output bool val_out_data; output uint8_t out_data; void store_word() { uint32_t data = 0; uint32_t temp = 0; for(int i = 0; i < 4; i++) { data |= in_data << (i << 3); delay(1); } temp = memory; delay(1); memory = data; delay(1); val_out_data = 1; for(int i = 0; i < 4; i++) { out_data = (temp >> (i << 3)) & 0xff; delay(1); } val_out_data = 0; } input bool val_in_data; input uint8_t in_data; output bool val_out_data; output uint8_t out_data; void store_word() { uint32_t data = 0; uint32_t temp = 0; while(true) { wait(val_in_data); for(int i = 0; i < 4; i++) { data |= in_data << (i << 3); delay(1); } temp = memory; delay(1); memory = data; delay(1); val_out_data = 1; for(int i = 0; i < 4; i++) { out_data = (temp >> (i << 3)) & 0xff; delay(1); } val_out_data = 0; }} Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Modeling concurrency Operation Operation Operation delay(1) delay(1) delay(1) delay(1) Operation delay(1) delay(1) delay(1) delay(1) delay(1) return delay(1) return Time return return Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Functional (untimed) models:time interval abstraction input in_iface<uint32_t>; output out_iface<uint32_t>; void store_word() { uint32_t temp = memory; memory = recv(in_iface); // delay([0,)) = #* send(out_iface, temp); } uint32_t store_word(uint32_t data) { uint32_t temp = memory; memory = data; return temp } Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Functional (untimed) models (cont.) input bool val_in_data[ ]; input uint8_t in_data[4]; output bool val_out_data[ ]; output uint8_t out_data[4]; void store_word() { uint32_t data = 0; uint32_t temp = 0; for(int i = 0; i < 4; i++) { data |= in_data[t1] << (i << 3); delay(1); } temp = memory; delay(1); memory = data; delay(1); val_out_data = 1; for(int i = 0; i < 4; i++) { out_data[t2] = (temp >> (i << 3)) & 0xff; delay(1); } val_out_data = 0; } input in_iface<uint32_t>; output out_iface<uint32_t>; void store_word() { uint32_t data = 0; uint32_t temp = 0; data = recv(in_iface); temp = memory; memory = data; send(out_iface, temp); } t1++ t2++ Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Functional (untimed) models:events ordering abstraction input in_iface <uint32_t>; output out_iface1<uint32_t>; output out_iface2<uint32_t>; void store_word() { uint32_t temp = memory; memory = recv(in_iface); // Order of events is undefined send(out_iface1, temp); send(out_iface2, memory); } Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Time-approximate models input in_iface<uint32_t>; output out_iface<uint32_t, FIFO>; // Reactions ordering void store_word() { uint32_t data = 0; uint32_t temp = 0; data = recv(in_iface, in_data); temp = memory; delay([0, 3]); // Delays are approximate memory = data; delay([1, 4]); // Delay=(0+1)=1, Timeout=(3-0)+(4-1)=6 send(out_iface, temp); } Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Package Data Data Data Data Transaction-level modeling (TLM) TLM is a hardware modeling approach that separates communication among design units from the functional description of those units TLM is data transmission encapsulation Wires/pins Channels/interfaces Discrete signals distributed in time Untimed data package (message) Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
25 Data Data Data Data Data Data Data Model interface adapters Input interface#1 Output interface#1 Target Design (HDL Model) input in_iface<uint32_t>; output out_iface<uint32_t>; void store_word() { uint32_t temp = memory; memory = recv(in_iface); ... send(out_iface, temp); } Input interface#N Output interface#M Reaction Checker Input Interface Adapters (Serializers) Output Interface Adapters (Deserializers) Reference Model (TLM) Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Problems caused by time abstraction • Design state uncontrollability • Design|Model is not deterministic Problems in stimulus generation & coverage tracking • Reaction order ambiguity • Order of reactions is unpredictable Problems in reaction checking Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Design state uncontrollability Design’s Inputs/Outputs S R1 R2 Design’s State Uncontrollable actions Model’s State PreImpl(S’)=false S’ PreImpl(S’)=true S’ Nondeterministic behavior Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Reaction order ambiguity Model Execution Trace recv(in_iface, S); ... Output Interface’s Queue send(out_iface, R1); Failed: R2 R1 ... R2 R1 Passed: R2 Queue send(out_iface, R2); Design’s Inputs/Outputs S R2 R1 Different order Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Agenda • Introduction • Digital hardware design • Simulation-based verification • Time abstraction in hardware modeling • Main part • Time abstraction levels • Model-based reaction checking • Error diagnostics • Conclusion • C++TESK testing toolkit • Future work • Questions & answers Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
To be continued…Questions? Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Reaction arbitration • Reaction arbiter finds a model reaction corresponding to a reaction received from the target design • Reaction checking accuracy depends not only on the model abstractness, but on reaction arbitration as well • Each output interface has its own reaction arbiter • Reaction arbiters encapsulates all reaction ordering aspects of the reaction checker Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Model-based reaction checker Target Design Reaction Checker Reference Model Model’s Reactions Reaction Arbiters Input Interface Adapters Output Interface Adapters Stimuli Reaction Comparators Design’s Reactions Verdict Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Reaction arbiter types • Deterministic model-based arbiters arbiter: 2Reaction Reaction {fail} • Adaptive arbiters arbiter: 2Reaction Feedback Reaction {fail} • Two-level arbiters arbiter(reactions) arbiter2(arbiter1(reactions), feedback) • Nondeterministic model-based arbiter arbiter1: 2Reaction 2Reaction : arbiter1(reactions) reactions • Adaptive arbiter arbiter2: 2Reaction Feedback Reaction {fail} Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
✕ Deterministic model-based arbiter S R Model’s Reactions send(R1); Order is defined ... R2 R1 Reaction Arbiter send(R2); FIFO Design’s Reactions R1 R2 R1 Comparison Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
✕ Adaptive arbiter S R Model’s Reactions send(R1); R1 Order is undefined ... Reaction Arbiter send(R2); R2 Get(R1) Design’s Reactions R1 R2 R1 Comparison Feedback Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
✕ Two-level arbiter S R Model’s Reactions send(R1); R1 Order is partially defined Candidates ... Arbiter #1 send(R2); R2 Arbiter #2 Get(R1) Design’s Reactions R1 R2 R1 Comparison Feedback Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Reaction checking algorithm On model reaction R on interface out: Reactionsout := Reactionsout {R} wind(TimerR) On model reaction’s time-out: return “Missing reaction” On design’s reaction R’ on interface out: Candidateout := Reactionsout if(|Candidateout| 2) { Candidateout := Arbiter1out(Reactionsout) if(|Cadidatesout| 2) Candidatesout := Arbiter2out(Reactionsout, R’); } assert(|Cadidatesout| < 2) if(Cadidatesout = ) return “Unexpected reaction” if(R’ get(Candidatesout))) return “Incorrect reaction” Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Simple error classification • “Missing reaction” The reference model generates a reaction, but the design’s reaction is not appeared in time • “Unexpected reaction” The target design produces a reaction, but it is not expected by the reference model • “Incorrect reaction” Both the reference model and the target design generate reactions, but those reactions are different Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Classification of abstraction levels • Cycle-accurate models G (out |Reactionsout| < 2) • Cycle-accurate models (Time(R) = 0) • Quasi cycle-accurate models (otherwise) • Order-accurate models G (out |Reactionsout| < 2 |Arbiter1out(Reactionsout)| < 2) • Order-accurate models (Arbiter1out = FIFO) • Quasi order-accurate models (otherwise) • Order-inaccurate models otherwise Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Error diagnosis problem 0xf953e8d83a9b9209 0x19c3827ab2920e58 0x19c3827ab2920e58 0xf953e8d83a9b9209 Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Error diagnosis approach ○,■ ○, ●,● □,□ ○,○ ,○ ○,○ ●,● ○, ●,● ,□ ●,■ ■,■ ●,○ □,○ ●,○ ○,● ○,● ●,○ □,□ ■,■ Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Control errors model • , = • ○,○ , • ○,● + ●,○ ○,○ + ●,● • ○,■ + ●,○ ○,○ + ●,■ • ○, + ,○ ○,○ + , • ○,● + ●, ○, + ●,● • ○,● + ,○ ,● + ○,○ Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Functional errors model • ○,□ ○,○ • ○,■ + ●,□ ○,□ + ●,■ • ○, + ,□ ○,□ + , • ○,■ + ●, ○, + ●,■ • ○,● + ,□ ,● + ○,□ Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Agenda • Introduction • Digital hardware design • Simulation-based verification • Time abstraction in hardware modeling • Main part • Time abstraction levels • Model-based reaction checking • Error diagnostics • Conclusion • C++TESK testing toolkit • Future work • Questions & answers Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
C++TESK testing toolkit • Development of hardware models at different abstraction levels and model adapters • Description of test coverage and test scenarios • Report generation (coverage and errors) • Automated test sequence generation based on state graph exploration • Test execution parallelization based on distributed state graph exploration Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
C++TESK testing toolkit (cont.) Web: http://forge.ispras.ru/projects/cpptesk-toolkit E-mail: cpptesk-support@ispras.ru Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Conclusion • Time abstraction hides control logic (timing) of a design (pipelining, arbitration, queuing, etc.) • Time-abstract models are easier to develop and sufficiently easier to maintain (timing is changeable) • Time-abstract models reduce verification efforts and allow creating reusable tests (quality is reduced also) • Verification quality can be increased by refining time properties of a model (events ordering, durations, etc.) Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Conclusion (cont.) • Interface transformation • serialization(S): S inputs • deserialization(R’): outputs R’ • Reaction queuing • send(R) is asynchronous: enqueue(R) • Reaction arbitration • arbiter1(queue) candidates • arbiter2(candidates, R’) R R, R’ • Reaction comparison • compare(R, R’) status • Error diagnosis • diagnose({Ri, Ri’}i=1,n) diagnosis Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
Contacts • Institute for System Programming of RAS (ISPRAS)http://www.ispras.ru • Hardware Verification R&D @ ISPRAShttp://hardware.ispras.ru • Alexander Kamkinkamkin@ispras.ru Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia
The EndThank you! Questions? Summer School on Software Engineering and Verification (SSSEV) - July 17-27, 2011 - Moscow, Russia