Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210105
P. Wodey, Geoffrey Camarroque, Fabrice Baray, R. Hersemeule, Jean-Philippe Cousin
In the design process of SoC (System on Chip), validation is one of the most critical and costly activity. The main problem for industrial companies like STMicroelectronics, stands in validation at the complete system level. At this level, the properties to verify concern the well behavior composed of the different processes interconnected around the system bus. In our work we consider the deadlock-free property. In this paper we present an approach for deadlock detection consisting in generating automatically a LOTOS description of the system. Then, by using CADP toolbox developed at INRIA by the VASY team, the LOTOS description can then be used for the evaluation of temporal logic formula, either on-the-fly or after the generation of a labeled transition system (LTS). The automatic LOTOS code generation is decomposed in two parts, the code generation of the processes behavior (work under progress) and the code generation for the interconnection of processes on a given SoC bus. This paper presents the principles of interconnect abstraction showing that deadlock detection has to take into account properties of the implemented communication channel, avoiding the possibility to build a general deadlock detection tool. The resulting principles are then applied on the STMicroelectronics proprietary SoC bus, the STBus, leading in the development of the LOTOS code generation software.
{"title":"LOTOS code generation for model checking of STBus based SoC: the STBus interconnection","authors":"P. Wodey, Geoffrey Camarroque, Fabrice Baray, R. Hersemeule, Jean-Philippe Cousin","doi":"10.1109/MEMCOD.2003.1210105","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210105","url":null,"abstract":"In the design process of SoC (System on Chip), validation is one of the most critical and costly activity. The main problem for industrial companies like STMicroelectronics, stands in validation at the complete system level. At this level, the properties to verify concern the well behavior composed of the different processes interconnected around the system bus. In our work we consider the deadlock-free property. In this paper we present an approach for deadlock detection consisting in generating automatically a LOTOS description of the system. Then, by using CADP toolbox developed at INRIA by the VASY team, the LOTOS description can then be used for the evaluation of temporal logic formula, either on-the-fly or after the generation of a labeled transition system (LTS). The automatic LOTOS code generation is decomposed in two parts, the code generation of the processes behavior (work under progress) and the code generation for the interconnection of processes on a given SoC bus. This paper presents the principles of interconnect abstraction showing that deadlock detection has to take into account properties of the implemented communication channel, avoiding the possibility to build a general deadlock detection tool. The resulting principles are then applied on the STMicroelectronics proprietary SoC bus, the STBus, leading in the development of the LOTOS code generation software.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117234240","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210090
S. Srinivasan, M. Velev
We present the formal verification of an Intel Xscale processor model. The Xscale is a superpipelined RISC processor with 7-stage integer, 8-stage memory, and variable-latency multiply-and-accumulate execution pipelines. The processor uses scoreboarding to track data dependencies, and implements both precise and imprecise exceptions. Such set of features had not been modeled and formally verified previously. The formal verification was done with an automatic tool flow that consists of the term-level symbolic simulator TLSim, the decision procedure EVC, and an efficient SAT-checker.
{"title":"Formal verification of an Intel XScale processor model with scoreboarding, specialized execution pipelines, and impress data-memory exceptions","authors":"S. Srinivasan, M. Velev","doi":"10.1109/MEMCOD.2003.1210090","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210090","url":null,"abstract":"We present the formal verification of an Intel Xscale processor model. The Xscale is a superpipelined RISC processor with 7-stage integer, 8-stage memory, and variable-latency multiply-and-accumulate execution pipelines. The processor uses scoreboarding to track data dependencies, and implements both precise and imprecise exceptions. Such set of features had not been modeled and formally verified previously. The formal verification was done with an automatic tool flow that consists of the term-level symbolic simulator TLSim, the decision procedure EVC, and an efficient SAT-checker.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"112 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115224328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210084
Julio A. de Oliveira Filho, M. Lima, P. Maciel
An interface process generation methodology, based on Petri nets, is described for fast integrating point-to-point communicating modules. Formal basis of this methodology ease behavioral property-checking and consistent execution of the generated interface process. The exposed technique allows fast incorporation of third-party cores into SoPC systems design where integration task is often a barrier for reusability.
{"title":"Petri net based interface analysis for fast IP-core integration","authors":"Julio A. de Oliveira Filho, M. Lima, P. Maciel","doi":"10.1109/MEMCOD.2003.1210084","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210084","url":null,"abstract":"An interface process generation methodology, based on Petri nets, is described for fast integrating point-to-point communicating modules. Formal basis of this methodology ease behavioral property-checking and consistent execution of the generated interface process. The exposed technique allows fast incorporation of third-party cores into SoPC systems design where integration task is often a barrier for reusability.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114394298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210098
K. McMillan
Modern SAT solvers have proved highly successful in finding counterexamples to temporal properties of systems, using a method known as "bounded model checking". It is natural to ask whether these solvers can also be exploited for proving correctness. In fact, techniques do exist for proving properties using SAT solvers, but for the most part existing methods are either incomplete or have a low capacity relative to bounded model checking. In this paper we consider two new methods that exploit a SAT solver's ability to generate refutations in order to prove properties in an unbounded sense.
{"title":"Methods for exploiting SAT solvers in unbounded model checking","authors":"K. McMillan","doi":"10.1109/MEMCOD.2003.1210098","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210098","url":null,"abstract":"Modern SAT solvers have proved highly successful in finding counterexamples to temporal properties of systems, using a method known as \"bounded model checking\". It is natural to ask whether these solvers can also be exploited for proving correctness. In fact, techniques do exist for proving properties using SAT solvers, but for the most part existing methods are either incomplete or have a low capacity relative to bounded model checking. In this paper we consider two new methods that exploit a SAT solver's ability to generate refutations in order to prove properties in an unbounded sense.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116843629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210088
G. Fey, R. Drechsler
Today up to 80% of the design costs for integrated circuits are due to verification. Verification tools guarantee completeness if equivalence of two designs or a property for a design is proven. In the other case, usually only one counter-example is produced. Then debugging has to be carried out to locate the design error. This paper investigates, how debugging can benefit from using more than one counter-example generated by the verification tool. The problem of finding useful counter-examples is theoretically analyzed and proven to be difficult. Heuristics are introduced and their quality is underlined by experimental results. Guidelines how to generate counter-examples are extracted from one of these heuristics.
{"title":"Finding good counter-examples to aid design verification","authors":"G. Fey, R. Drechsler","doi":"10.1109/MEMCOD.2003.1210088","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210088","url":null,"abstract":"Today up to 80% of the design costs for integrated circuits are due to verification. Verification tools guarantee completeness if equivalence of two designs or a property for a design is proven. In the other case, usually only one counter-example is produced. Then debugging has to be carried out to locate the design error. This paper investigates, how debugging can benefit from using more than one counter-example generated by the verification tool. The problem of finding useful counter-examples is theoretically analyzed and proven to be difficult. Heuristics are introduced and their quality is underlined by experimental results. Guidelines how to generate counter-examples are extracted from one of these heuristics.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115474677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210097
T. Grandpierre, Y. Sorel
This paper presents a seamless flow of transformations, which performs dedicated, distributed executive generation from a high level specification of a pair: algorithm, architecture. This work is based upon graph models and graph transformations and is part of the AAA methodology. We present an original architecture model, which allows to perform accurate sequencer modeling, memory allocation, and heterogeneous inter-processor communications for both modes shared memory and message passing. Then we present the flow of transformations that leads to the automatic generation of dedicated real-time distributed executives, which are deadlock free. This transformation flow has been implemented in a system level CAD software tool called SynDEx.
{"title":"From algorithm and architecture specifications to automatic generation of distributed real-time executives: a seamless flow of graphs transformations","authors":"T. Grandpierre, Y. Sorel","doi":"10.1109/MEMCOD.2003.1210097","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210097","url":null,"abstract":"This paper presents a seamless flow of transformations, which performs dedicated, distributed executive generation from a high level specification of a pair: algorithm, architecture. This work is based upon graph models and graph transformations and is part of the AAA methodology. We present an original architecture model, which allows to perform accurate sequencer modeling, memory allocation, and heterogeneous inter-processor communications for both modes shared memory and message passing. Then we present the flow of transformations that leads to the automatic generation of dedicated real-time distributed executives, which are deadlock free. This transformation flow has been implemented in a system level CAD software tool called SynDEx.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122323929","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210110
C. Sprenger, K. Worytkiewicz
The verification methodology studied in this paper stems from investigations on respectively deduction-based model checking and semantics of concurrency. Specifically, we consider imperative programs with CSP-like communication and use a categorical semantics as foundation to extract from a program a control graph labeled by transition predicates. This logical content acts as system description for a deduction-based model checker of LTL properties. We illustrate the methodology with a concrete realization in form of the Mc5 verification tool written in Ocaml and using the theorem prover PVS as back-end.
{"title":"A verification methodology for infinite-state message passing systems","authors":"C. Sprenger, K. Worytkiewicz","doi":"10.1109/MEMCOD.2003.1210110","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210110","url":null,"abstract":"The verification methodology studied in this paper stems from investigations on respectively deduction-based model checking and semantics of concurrency. Specifically, we consider imperative programs with CSP-like communication and use a categorical semantics as foundation to extract from a program a control graph labeled by transition predicates. This logical content acts as system description for a deduction-based model checker of LTL properties. We illustrate the methodology with a concrete realization in form of the Mc5 verification tool written in Ocaml and using the theorem prover PVS as back-end.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"163 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134097048","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210101
Jinfeng Huang, J. Voeten, M. Geilen
Formal techniques have been widely applied in the design of real-time systems and have significantly helped detect design errors by checking real-time properties of the model. However, a model is only an approximation of its realization in terms of the issuing time of events. Therefore, a real-time property verified in the model can not always be directly transferred to the realization. In this paper, both the model and the realization are viewed as sets of timed state sequences. In this context, we first investigate the real-time property preservation between two neighboring timed state sequences (execution traces of timed systems), and then extend the results to two "neighboring" timed systems. The study of real-time property preservation gives insight in building a formal link between real-time properties satisfied in the model and those in the realization.
{"title":"Real-time property preservation in approximations of timed systems","authors":"Jinfeng Huang, J. Voeten, M. Geilen","doi":"10.1109/MEMCOD.2003.1210101","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210101","url":null,"abstract":"Formal techniques have been widely applied in the design of real-time systems and have significantly helped detect design errors by checking real-time properties of the model. However, a model is only an approximation of its realization in terms of the issuing time of events. Therefore, a real-time property verified in the model can not always be directly transferred to the realization. In this paper, both the model and the realization are viewed as sets of timed state sequences. In this context, we first investigate the real-time property preservation between two neighboring timed state sequences (execution traces of timed systems), and then extend the results to two \"neighboring\" timed systems. The study of real-time property preservation gives insight in building a formal link between real-time properties satisfied in the model and those in the realization.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"155 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131959615","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210083
L. Gomes, Anikó Costa
This paper proposes a methodology for embedded systems co-design, based on statechart models. The process starts with grabbing the system functionalities through use cases. A set of procedures addressing the implementation of statechart models is presented. The main goal of this set of procedures is to lift the structuring mechanisms presented in statecharts to the top level. In this sense, the complexity of statechart implementation will be similar to the complexity of communicating concurrent state machines and the platforms selected to support implementation will not need to have specific capabilities to directly support the structuring mechanisms of Harel's statecharts. As a consequence, full direct implementation of statecharts is possible considering different types of implementation platforms, ranging from hardware-centric or software-centric to hardware-software partitioning through codesign techniques.
{"title":"From use cases to system implementation: statechart based co-design","authors":"L. Gomes, Anikó Costa","doi":"10.1109/MEMCOD.2003.1210083","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210083","url":null,"abstract":"This paper proposes a methodology for embedded systems co-design, based on statechart models. The process starts with grabbing the system functionalities through use cases. A set of procedures addressing the implementation of statechart models is presented. The main goal of this set of procedures is to lift the structuring mechanisms presented in statecharts to the top level. In this sense, the complexity of statechart implementation will be similar to the complexity of communicating concurrent state machines and the platforms selected to support implementation will not need to have specific capabilities to directly support the structuring mechanisms of Harel's statecharts. As a consequence, full direct implementation of statecharts is possible considering different types of implementation platforms, ranging from hardware-centric or software-centric to hardware-software partitioning through codesign techniques.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132136396","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210104
R. Jindal, K. Jain
System architects working on SoC design have traditionally been hampered by the lack of a coherent methodology for architecture evaluation and co-verification of hardware and software. SystemC 2.0 facilitates the development of transaction-level models (TLMs), which are models of the hardware system components at higher level of abstraction than RTL. Due to lower modeling effort yet higher simulation speed, TLMs are useful for architectural exploration, algorithmic evaluation, hardware-software partitioning and software development. The problems posed by SOC design methodologies require development of models at higher abstraction also for the earlier developed IP's. The development time of a TLM IP is already low, so if we can reduce the verification time by re-use of the earlier RTL test benches we can reduce the overall cost of such an IP TLM. This paper focuses on the methodology to use the RTL testbenches for verification of a SystemC model of the same IP at a higher abstraction level (transaction level), some tools available in the market to support this testbench reuse and the implementation challenges posed by the mentioned verification technique.
{"title":"Verification of transaction-level SystemC models using RTL testbenches","authors":"R. Jindal, K. Jain","doi":"10.1109/MEMCOD.2003.1210104","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210104","url":null,"abstract":"System architects working on SoC design have traditionally been hampered by the lack of a coherent methodology for architecture evaluation and co-verification of hardware and software. SystemC 2.0 facilitates the development of transaction-level models (TLMs), which are models of the hardware system components at higher level of abstraction than RTL. Due to lower modeling effort yet higher simulation speed, TLMs are useful for architectural exploration, algorithmic evaluation, hardware-software partitioning and software development. The problems posed by SOC design methodologies require development of models at higher abstraction also for the earlier developed IP's. The development time of a TLM IP is already low, so if we can reduce the verification time by re-use of the earlier RTL test benches we can reduce the overall cost of such an IP TLM. This paper focuses on the methodology to use the RTL testbenches for verification of a SystemC model of the same IP at a higher abstraction level (transaction level), some tools available in the market to support this testbench reuse and the implementation challenges posed by the mentioned verification technique.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129373408","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: