1. Roza Ghamari Bogazici University April 2009

2. Outline Introduction SystemC Language Formal Verification Techniques for SystemC Design and Verification of SystemC TLM Design Methodology Verification Methodology Experimental Results Summery References 2Total # of slides 37

3. Introduction What is SystemC? Wide range of modeling Levels from RTL to system level Built on C++ (Object Oriented) Consists of an event-driven simulator in the core Works with events and processes Represent structures by modules and ports Describe Communication with interfaces and channels Separate data types for hardware modeling and software programming Library-defined elementary channels 3Total # of slides 37

4. Introduction (Cont.) Formal Verification Techniques for SystemC I. Assertion-Based Validation 1. Writing properties in a formal language (e.g. PSL or SVA) 2. Monitoring these properties by Simulation engine Extendable to SystemC dynamic validation (Required other package integration e.g. BDD) Can be extended:: same assertions used for SystemC and RTL 4Total # of slides 37

5. Introduction (Cont.) II. Explicit-State Model Checking Keeping track of all nondeterministic choices (e.g. input values) Monitor the states visited (to find termination) Extendable to SystemC Limitation  State explosion problem (abstraction techniques) 5Total # of slides 37

6. Introduction (Cont.) III. Symbolic Simulation Execute program by abstract setting (symbols instead of concrete values) Symbolic simulation path  generate test cases, reasoning,… Hard for implementation on SystemC (aimed concurrent systems) Statically analyzing dynamic execution path 6Total # of slides 37

7. Introduction (Cont.) IV. Symbolic Model Checking Represented and searched by means of symbolic reasoning Needs formal semantics for description of transition relation in a SystemC design 7Total # of slides 37

8. Introduction (Cont.) V. Equivalence Verification Formal verifying the equivalence of SystemC and RTL models Similarly equivalence of RTL and Netlist models Modest goal :: Compatibility/Conformance/Compliance 8Total # of slides 37

9. Design and Verification of SystemC The problem of growth in complexity and size of systems. RTL level : effort : 1) design; 2) verify; 3) simulation. Pin-level SystemC : system level language. Transaction level modeling. 9Total # of slides 37

10. Design and Verification of SystemC (cont.) What are the problems? Verification of a SystemC model is a serious bottleneck in the design cycle. Requirement for verification Expressive languages for specifying assertions and behaviors of a complex system 10Total # of slides 37

11. Design and Verification of SystemC (cont.) 11Total # of slides 37

12. Property Specification Language An implementation independent language to define properties Properties are defined in a Hierarchical way Not enough to improve the design and verification flows Using UML to present PSL property. To embed PSL into design Model PSL semantics in AsmL  Enable reusing PSL properties with concrete SystemC level or as stand-alone module 12Total # of slides 37

13. Layers of PSL Boolean layer build expressions for the other layers, specifically the temporal layer (evaluated in one evaluation cycles) Temporal layer Describe properties of the design Describe simple general properties Describe properties that involve complex temporal relations (evaluated over a series of evaluation cycles) 13Total # of slides 37

14. Layers of PSL (cont.) Verification layer tell the verification tool what to do with the properties described by the temporal layer Modeling layer model behavior of design inputs for formal verification tools model auxiliary parts of the design that are needed for verification This layer is for VHDL and Verilog and not used in this design 14Total # of slides 37

15. UML Model of PSL Defining a modified sequence diagram to map PSL property Clocks: Clock that activate the current action Number of cycles: Mtd[5] says that the method Mtd is executed for exactly 5 consecutive cycles. Temporal operators: A mapping to PSL temporal operators always executed (A), eventually executed (E), Executed Until a condition is fulfilled (U) 15Total # of slides 37

16. UML Model of PSL (Cont.) Sequence operations: order of executing certain sequences (e.g., next, prev etc.) Text output: Failing report message for a case Method duration: Certain number of cycles for execution “()” operator: Set of argument of an action 16Total # of slides 37

17. UML Model of PSL (Cont.) 17Total # of slides 37

18. ASM Model of PSL Abstract State Machines (ASM) a formal specification method for software and hardware systems supports object-oriented modeling comparison to C++and Java. all the parameters of PSL properties are defined as objects AsmL tool (developed by Microsoft) can automatically compile code into a C# or.NET code 18Total # of slides 37

19. ASM Model of PSL (Cont.) PSL_SERE.Evaluate() Example checks if a sequence is true in a certain path activated according to an INIT signal (set by the property) 19Total # of slides 37

20. ASM Model of SystemC FSM generation algorithm(four input) Methods Domains Actions Variables Optional inputs: filters, action groups, properties Specific style of programming A precise configuration which generates the FSM Exploration: keeping track of the actions it performs and recording the states it visits 20Total # of slides 37

21. ASM Model of SystemC (Cont.) FSM Parts Actions :: Methods Transitions :: Method calls States :: Values of selected variables RULES 1. Initializing all of the model’s objects 2. Defining a set of preconditions for every action considered in the exploration process 3. Providing for every state variable an exploration domain. 21Total # of slides 37

22. ASM Model of SystemC (Cont.) Example 22Total # of slides 37

23. Translation to SystemC Purely syntactical based on 3 major rules R 1 C++ : Basic Types are mapped to their equivalent R 2 C++ : Class Translation R 2.1 C++ : Class members mapped into signals with same types R 2.2 C++ : Class methods Preconditions/Postconditions mapped to SystemC module’s constructor Method Send precondition require clk = true  “SC_THREAD(Send);sensitive << clk” Method itself integrated as it is in the SystemC module R 3 C++ : Global Modules mapped to man procedure sc_main 23Total # of slides 37

24. Verification Methodology Decomposed into two parts: 1. Model checking at the ASM level 2. Assertion-based verification at the SystemC (C++)/C# level 24Total # of slides 37

25. Model Checking A-Property = AsmL Property Step 1) Add all Boolean items to the sequences: Step 2) Create property: P := S1 OP S2 (OP e.g. implication (=>), equivalence (  ) ) Step 3) Define the verification unit as an A-Property, A, that includes the property P: A.Add(P) 25Total # of slides 37

26. Model Checking (Cont.) P is represented by two Boolean state variables P_eval and P_value Violated property P_eval = true and P_value = false  generation stops and problem identified based on generated portion 26Total # of slides 37

27. Assertion-Based Verification 1. Updating the SystemC design to interface to the assertion monitor 2. Generating the assertion as a C# code from its AsmL description 3. Integrating the assertion into the design. 27Total # of slides 37

28. Assertion-Based Verification (Cont.) Assertion Monitor: 1. Stop the simulation when the assertion is fired 2. Write a report about the assertion status and all its variables 3. Send a warning signal to other modules (if required). 28Total # of slides 37

29. Assertion’s Coverage Enhancement 1. Static analysis 2. Dependency check 3. Test Program generator 4. Initial DNA generator 5. DNA evaluation/update 29Total # of slides 37

30. Assertion’s Coverage Enhancement (Cont.) Static Code Analysis Generate the “inputs/assertions variables” dependency relation based on Abstract Interpretation approach Hypergraph 30Total # of slides 37

31. Assertion’s Coverage Enhancement (Cont.) Genetic Algorithm 1. evaluating the fitness of each candidate 2. selecting the fittest candidate solutions to act as parents of the next generation of candidate solutions 3. recombining and mutating selected parents to generate offsprings Candidate solutions: finite sequences of input ranges and probability weights Encoded by a chromosome (inputs/ranges/weighted probability) 31Total # of slides 37

32. Experimental Results Considered models: Peripheral Component Interconnect (PCI) bus SystemC Master/Slave bus Properties (e.g. liveness) must be verified using formal techniques 32Total # of slides 37

33. Experimental Results (Cont.) PCI Bus results 33Total # of slides 37

34. Experimental Results (Cont.) Master/Slave bus results 34Total # of slides 37

35. Experimental Results (Cont.) Assertions’ coverage analysis 35Total # of slides 37

36. Summery Methodology to Design and Verify SystemC TMs UML system specification and integrating an intermediate layer using AsmL Upgrade sequence diagram of UML to capture TR systems Model both design and properties in AsmL and preform model checking Reuse PSL properties to perform assertion-based verification Transform the AsmL m0del to SystemC Apply Static Code analysis and Genetic algorithm techniques to enhance efficiency 36Total # of slides 37

37. References Moshe Y. Vardi: Formal Techniques for SystemC Verification; Position Paper. DAC 2007:188-192 Moshe Y. VardiDAC 2007:188-192 Ali Habibi, Sofiène Tahar: Design and verification of SystemC transaction-level models. IEEE Trans. VLSI Syst. 14(1): 57-68 (2006)Sofiène TaharIEEE Trans. VLSI Syst. 14 Ali Habibi, Sofiène Tahar: Design for Verification of SystemC Transaction Level Models. DATE 2005: 560- 565Sofiène TaharDATE 2005 37Total # of slides 37