Similar documents
UML TUTORIALS THE COMPONENT MODEL

UML TUTORIALS THE USE CASE MODEL

Hardware and Software

Real-TimeVericationofStatemateDesigns. applicationsraisesthedemandforprovingtheircorrectness.becauseverication


Automatic Assessment of Programming assignment

Embedded Software development Process and Tools: Lesson-3 Host and Target Machines

Topics covered. An Introduction to Software Engineering. FAQs about software engineering Professional and ethical responsibility

PAN Virtual Machine User Guide for Software Submissions

CS423 Spring 2015 MP4: Dynamic Load Balancer Due April 27 th at 9:00 am 2015

Software Testing & Verification 2013/2014 Universiteit Utrecht

Rigorous Software Development CSCI-GA

Addressing The problem. When & Where do we encounter Data? The concept of addressing data' in computations. The implications for our machine design(s)

The Temporal Firewall--A Standardized Interface in the Time-Triggered Architecture

Active Directory (AD) Self-Service

Sofware Requirements Engineeing

Introduction to Software Engineering. Adopted from Software Engineering, by Ian Sommerville

Lecture 8 February 4

AdminToys Suite. Installation & Setup Guide

RN-131-PICTAIL & RN-171-PICTAIL Web-Server Demo Application

Installing NICE Windows under Parallels for Mac

Computer organization

STUDENT TAKE HOME EXAMINATION SYSTEM (THES) INSTRUCTIONS.

Advances in Programming Languages

Binary Multiplication

Area 3: Analog and Digital Electronics. D.A. Johns

Learning about money doesn t have to be boring. Instead, it can be a crazy, wild, exciting adventure!

1. Component#2 File Management System

T Safety Critical Systems Case Study 2: B Method - Basic Concepts

ENEE 244 (01**). Spring Homework 5. Due back in class on Friday, April 28.

/ Rev. 0 / Quick Guide for FDT Basic-Tool and Backup-Tool P40-SERIES

4.4 What is a Requirement? 4.5 Types of Requirements. Functional Requirements

Introduction. Getting started with software engineering. Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 1 Slide 1

WESTMORELAND COUNTY PUBLIC SCHOOLS Integrated Instructional Pacing Guide and Checklist Computer Math

An Introduction to Software Engineering

An Introduction to Software Engineering. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 1 Slide 1

Capacity Planning for NightWatchman Management Center

Management Accounting Fundamentals

Unit testing using Python nose

Terminal Server Software and Hardware Requirements. Terminal Server. Software and Hardware Requirements. Datacolor Match Pigment Datacolor Tools

7.1 Our Current Model

Welcome! Upgrade Paths and Requirements for v13.0 & v13.1 3/22/2014. McKesson Corporation. All rights reserved, 1

Capacity Plan. Template. Version X.x October 11, 2012

COISTE GAIRMOIDEACHAIS CHATHAIR CHORCAI CITY OF CORK VOCATIONAL EDUCATION COMMITTEE

Amplicon Core i5/i7 Ventrix and Impact-R new Systems

XXXXXXX CHANGE PLAN JANUARY 2012-MARCH 2013

PRI (T1/E1) Call Recorder User Manual Rev 1.0 (December 2013)


In this section, we will consider techniques for solving problems of this type.

What do we mean by web hosting?

Decimal Number (base 10) Binary Number (base 2)

Aims and Objectives. E 3.05 Digital System Design. Course Syllabus. Course Syllabus (1) Programmable Logic

Technical Writing - A Practical Case Study on ehl 2004r3 Scalability testing

OfficeMaster SBA (Survivable Branch Appliance)

Module 3: Floyd, Digital Fundamental

Compliance ow - managing the compliance of dynamic and complex processes

Kirsten Sinclair SyntheSys Systems Engineers

Software Engineering. What is SE, Anyway? Based on Software Engineering, 7 th Edition by Ian Sommerville

Unit A451: Computer systems and programming. Section 2: Computing Hardware 1/5: Central Processing Unit

I T Consult ing Services. Kell Consulting Limited

An Introduction to Software Engineering

Configuration Notes 290

Prerequisites Guide. Version 4.0, Rev. 1

Check or Update Browser Settings as shown in the table below:

Business and Economics Applications

Coefficient of Determination

Footswitch Controller OPERATING INSTRUCTIONS

ASTRI - Astrofisica con Specchi a Tecnologia Replicante Italiana

COMMMONITOR SOFTWARE MANUAL

Software testing. Objectives

SSI-USB. Flexible Embedded Platform. Brief English Version

Credit (Commonwealth Bank Home Loan Exemption) Order 1996

Section 3.2 Polynomial Functions and Their Graphs


Remote Control Invitations Invite Someone to Control your Computer

Complete System Solutions For Personnel and Time Management

Week 1 out-of-class notes, discussions and sample problems

What's Wrong With Formal Programming Methods? Eric C.R. Hehner

Fujitsu s Platforms Business Strategy

How To Understand Gate

The Greatest Common Factor; Factoring by Grouping

7 OUT1 8 OUT2 9 OUT3 10 OUT4 11 OUT5 12 OUT6 13 OUT7 14 OUT8 15 OUT9 16 OUT10 17 OUT11 18 OUT12 19 OUT13 20 OUT14 21 OUT15 22 OUT16 OUT17 23 OUT18

Networking Basics for Automation Engineers

Division of Administration (DOA) Desktop Support

USB Card Reader Interface User Manual

Software Development Phases

MonitorKey USB Driver Installation Instructions

ETRX2 and ETRX357 Wireless Mesh Networking Modules. Application Note Accessing Modules over the Internet

How to make your system mobile with Paragon Drive Copy 10 and Microsoft Windows Virtual PC

CSCE 465 Computer & Network Security

Automatic Device Driver Synthesis with Termite

Printed in China. Issue 1.2 AT&T 03/07. Advanced American Telephones. AT&T and the AT&T logo are trademarks of AT&T Knowledge Ventures, licensed to

How to Install Microsoft Windows Server 2008 R2 in VMware ESXi

The benefits of Cloud Computing

Communicating with devices

OUTILS DE DÉMONSTRATION

GOA UNIVERSITY. Scheme of Instruction Hrs/Week

FN:PCMCSET-M1.DOC. PCMCSET SOFTWARE for ATS Master Clocks System Clocks and Displays

Consult protocol, Nissan Technical egroup, Issue 6

Wire-speed Packet Capture and Transmission

Transcription:

ProgramVerificationandHardwareSynthesis 1 ProgramVerication HardwareSynthesis and Acommonapproachtohardwaredesignisto writeaprograminahardwaredescription languageandthencompileittoastatemachine usingasynthesissystem.somecorrectness programminglevelandestablishedbyprogram propertiesarenaturallyexpressedatthe intermsofthestatetransitionsofthesynthesised vericationmethods,butothersarebestspecied properties,andthendiscusshowtheycanbecan machine.iwillgiveexamplesofbothkindsof beveriedusingatheorem-prover. Thistalkisintendedforageneralaudience. MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 2 (FromKurtKeutzer'spaperinFMCAD'96) SynthesisDesignFlow MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 3 RegisterTransferLevel CurrentlyRTListhe`workhorse'level {lowerlevelsforeeexperts TwoviewsofRTL: {higherlevelsstillexperimental {programming(hdl) Specicationandvericationneededwith {statemachine(structure) respecttobothviews {programvericationforsomeproperties {statespaceanalysisforothers MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 4 Verication Traditionalvericationusessimulation {eventsimulation Formalvericationusesautomatedproof {cyclesimulation {booleanequivalencechecking usesobddsetc {modelchecking nowstandard checkspropertiesofstatemachines {theoremproving currentlyusedbyintel,ti,hpetc usespowerfulundecidablelogics longtermpromise Reasonsforformalverication stillaresearcharea {commercial:betterdebugging {safetycritical:savelives {securitycritical:ensureprivacy/secrecy MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 5 RestofTalk MainlyRTLVerication Combine: {ideasrelevanttobehaviouralleveltoo {programverication HDLsemantics {statemachineanalysis Discussionofneededtheoremproversupport {basedonsimplehardwaresynthesis SomerelatedcurrentresearchatCambridge {methodology,notdetails MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 6 ProgramSpecication Hoaretriples: fpreconditiongprogramfpostconditiong Semantics(totalcorrectness): {ifthepreconditionholds {thentheprogramterminates Example:asimpledivisionprogram {inastateinwhichthepostconditionholds (XdividedbyYgivesquotientQ&remainderR) fy>0g beginr=x;q=0; while(y<r) (precondition) begin end Q=Q+1; R=R-Y; fx=r+yq^r<yg end (postcondition) MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 7 ProgramLogic MuchknowledgeaboutverifyingHoaretriples {establishinginvariants {terminationvia`variants' Standard {weakestpreconditions {taughttoundergraduates Nicetomechanise {textbooks {vericationconditions MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 8 HardwareversusProgram Continuouslyrunning Calculationsmayspreadoverseveralcycles { always<statement> Needinput/outputprotocol, { @CLOCK<statement> variouspossibilities: {tri-statebus {handshake,e.g: tostartassertstart=1 deviceavailablewhenbusy=0 resultsonqandrwhennextbusy=0 MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 9 DivisionProgram+I/O always@clock if(start) begin R=X;Q=0; BUSY=1; X=In1;Y=In2; while(y<r) begin R=R-Y; Q=Q+1; @CLOCK end BUSY=0; end Start,Inp1,Inp2controlledbyenvironment X,Y,Q,R,BUSYcontrolledbyprogram deviceavailablewhenbusy=0 (initially0) tostartcomputationassertstart=1 resultsonqandrwhennextbusy=0 MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 10 Control+Data HDLprogramspeciesamachine: MDIV def =always@clock if(start) begin BUSY=1; X=In1;Y=In2; SDIV end BUSY=0; thatcontainsanembeddedprogram: SDIV def = while(y<r) R=X;Q=0; begin @CLOCK end R=R-Y; Q=Q+1; MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 11 SpecifyingPropertiesofMachines Machinesdeterminesequencesofstates EnvironmentprovidesvaluesforIn1,In2 {oneforeachcycle Readinputs&updatestateeveryclocktick Variablesrangeoversequencesofvalues (RTLbehaviour) propertiesofsequences Temporaloperatorsspecify 2(Y>0) 3(X=R+(YQ)) valueofyalwaysgreaterthan0 sometimexwillequalr+(yq) ifbusy=1thensometimelaterbusy=0 2(BUSY=1) 3(BUSY=0)) MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 12 CorrectnessofHDLDivider Needtoshow: IfStartisassertedwhenBUSY=0then: {Inp1andInp2readduringthatcycle {eventuallybusybecomes0again Cansplittheseinto: { X=R+YQ^R<YwhennextBUSY=0 { programcorrectness(hoarelogic) fy>0g fx=r+yq^r<yg SDIV {controlcorrectness(temporallogic): BUSY=1,controlinsideSDIV and 2(BUSY=1) 3(BUSY=0)) MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 13 MakingCyclesExplicit WithrespecttoanHDLprogram: always@clock if(start) begin BUSY=1; X=In1;Y=In2; SDIV end BUSY=0; HowdoweinterpretHoaretriples: fy>0gsdivfx=r+yq^r<yg andtemporalformulas 2(BUSY=1) BUSY=1,controlinsideSDIV 3(BUSY=0)) Answer: converthdltoastatemachine MikeGordon theninterpretw.r.t.input/statesequences www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 14 SynthesisSemantics HDLsemantics=translationtomachine Denitionalsynthesis {notoptimisedimplementation! {c.f.denitionalinterpretersfor Doesn'trevealIPofproprietarytools programminglanguages {approachbeingusedtodenesemanticsof {i.e.`synopsyssubset' synthesisableverilog Engineerfriendly (Synopsysarehelping) MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 15 CompilingtoStateMachines Introducea`programcounter'pc {intialisedto0 {encodescontrolstate Symbolicallyexecute {onestateforeach@clock {fromeach@clock Example {tonext@clock always@clock begin X=Inp; (State0) end @CLOCK X=X+1; (State1) compilesto(usingverilog-likenotation) case(pc) endcase 0: 1: pc=1kx=inp pc=0kx=x+1(parallelassignment) MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 16 AnotherSequencingExample always@clock begin X=Inp1;Y=X+Inp2; (State0) end @CLOCK OUT=X+Y; (State1) compilesto case(pc) 0: X =1 1: Y OUT=OUT pc =Inp1+Inp2 X =X =0 endcase k OUT=X+Y Y =Y MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 17 ConditionalExample always@clock begin if(choose)x=in1;elsex=in2; (State0) end OUT=X+1; @CLOCK (State1) compilesto case(pc) 0: =Choose?In1:In2 =1 1: X OUT=OUT pc =0 endcase k OUT=X+1 MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 18 WhileExample:divider always@clock if(start) beginx=in1;y=in2;busy=1; (State0) while(y<r) R=X;Q=0; begin @CLOCK R=R-Y;Q=Q+1; (State1) end compilesto end BUSY=0; case(pc) 0: pc=start?in2<in1?1:0:0 X=Start?In1:X Y=Start?In2:Y R=Start?In1:R 1: pc=y<(r-y)?1:0 BUSY=Start?In2<In1?1:0:BUSY Q=Start?0:Q X=X Y=Y R=R-Y endcase k Q=Q+1 BUSY=Y<(R-Y)?BUSY:0 BUSY=1,controlinsideSDIV cannowbeinterpretedas MikeGordon 2(BUSY=1, pc=1) www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 19 Divider+morestates always@clock if(start) beginx=in1;y=in2; (State0) BUSY=1; @CLOCK R=X;Q=0; (State1) while(y<r) begin (State2) @CLOCK R=R-Y; (State3) end Q=Q+1; (State4) end BUSY=0; Allocatingoperationstostatesis Functionalspecicationunchangedby behaviouralsynthesis additionalstates MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 20 CorrespondingMachine case(pc) 0: X=Start?In1:X Y=Start?In2:Y pc=start?1:0 1: R=RkQ=Q pc=2 X=XkY=Y BUSY=Start?1:BUSY R=X 2: Q=0 X=XkY=YkR=RkQ=Q pc=y<r?3:0 BUSY=BUSY 3: BUSY=Y<R?BUSY:0 pc=4 X=XkY=Y R=R-Y 4: Q=Q X=XkY=YkR=R pc=y<r?3:0 BUSY=BUSY endcase k Q=Q+1 BUSY=Y<R?BUSY:0 BUSY=1,controlinsideSDIV cannowbeinterpretedas 2(BUSY=1, pc2f1;2;3;4g) MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 21 ProgramProof+StateExploration Dataprocessingvericationvia ordinaryprogramlogic {mayrequirehumanguidedreasoning Controlcorrectnessviastatespaceof (e.g.guessinginvariants) synthesisedmachine {oftenautomatic(c.f.modelchecking) verication design = verication program + analysis machine MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 22 HoareLogicasTemporalLogic Hoaretriplescanbeinterpretedonmachine behaviours {roughly fpgsfqg is: Hoare-stylereasoningprinciplesderivable 2(P^pc2S)pc2SUntilQ^:pc2S) {forideas(appliedtoreal-time)see: M.J.C.Gordon,AmechanizedHoare Mind,FestschriftforProfessorC.A.R. logicofstatetransitions,inaclassical HoareeditedbyRoscoe,W., {forrtlhardwareseelecturenotesonweb Prentice-Hall,1994,pp.143-159. http://www.cl.cam.ac.uk/users/mjcg/ MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 23 TowerofSemanticAbstraction Everythingcanbereducedtopurelogic HoareTriple fpgsfqg 2(P^pc2S)pc2SUntilQ^:pc2S) TemporalLogic 8t:P(t)^pc(t)2S) RawLogic 9t0:t0>t^Q(t0)^:pc(t0)2S^ (8t00:t<t00^t00<t0)pc(t00)2S) PUntilQ meansqwilleventuallyholdtrue anduntilitdoespholds MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 24 HandlingMultipleDescriptions Needtorepresent {Hoaretriples {temporalformulas&statemachines {vericationconditions (couldinvolvecomplexarithmetic Needageneralpurposeformalism orevenrealanalysis{e.g.fp,dsp) {suitablefor`arbitrarymathematics' Severalgeneralsystemsexist {mechanizable {settheory {classicalhigherorderlogic (Isabelle/ZF,HOL-ST) {constructivetypetheory (PVS,HOL,Isabelle/HOL,IMPS) (Nuprl,Lego,Coq,Alf) MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 25 PragmaticRequirements Combinegeneralframeworkwith`best Manydecisionproceduresknown practice'specialisedtools (hotresearcharea:cavetc.) {tautologies {lineararithmetic Partialdecisionprocedurescanoftenhandle {temporalproperties simplevericationconditions(cade) {inductiveproofs(boyer-moore,clam) {tableaumethods MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 26 ExistingApproachestoIntegration Add`trusted'externaloraclestogeneral proofsystem {OBDDandmodelcheckersforPVS {arithmeticdecisionprocedurestoisabelle Features: {LTLinHOL(Karlsruhe) {getstate-of-the-arteciency {onlyassoundastheoracle Ecientderivedrules {lowintegrationwithothertools {tableauproversinisabelle&hol Features: {lineararithmeticinhol {guaranteedsound {inecient(notasbadassomesay) {highintegrationwithothertools MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 27 (PROSPER) NewProject Attempttohaveourcakeandeatit {generalpurposesystem {cleanintegrationwithexternaloracles {supportforspecicapplications Approach {theoremprovenancetracking {startby`deconstructing'hol98 theorydatabase rewritingengine {deviseprotocolforexternaltools decisionproceduresandprovers interactiveshell Experiments: (maybeusexmltospecifydataformats) {linktosmvmodelchecker {linktonpprovertautologychecker Vapourware! {supportverilogandvhdl {butstrongteam::: (Cambridge,Glasgow,Karlsruhe,IFAD,NP) MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 28 GrandLong-TermGoals Useindustry-standardsyntax Developdierentsemanticviews {Verilog,VHDL,::: {familiartoengineers {compatiblewithstandarddesign& {mutuallyconsistent vericationows Providesemanticallycompatibletools {compilers,simulators,veriersetc. MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 29 OngoingResearchatCambridge SemanticsofsynthesisableVerilog (withabhijitghoshofsynopsys) {industrialstrengthsubset {simulation(event)semantics {state-machine(cycle)semantics {analysisofsyntacticconditionsfor {semanticsbasedtools eventandcyclesemanticstoagree SimulationcoreforVHDLandVerilog {commonsimulationcycle {rigorouslyspeciedandanalysed {applicationtoomi Hardwarecompilationworkbench {juststarted(darylstewart'sphd) {basedaroundianpage'shandellanguage {implementdesignmanipulationtools {comparehandel,verilogdesignows {postdoc:myravaninwegen MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 30 Conclusion Needdiversekindsofspecications Needdiversevericationtools {fordierentabstractionlevels {specialisedalgorithms Canembedspecicationsinpowerfullogics {generaltheorem-proving {givesuniedframework Softwarevericationmethodsusefulfor {buthardtopreserveeciency hardware {hardwareandsoftwaretheoriesmerging MikeGordon www.cl.cam.ac.uk/users/mjcg

ProgramVerificationandHardwareSynthesis 31 THE END MikeGordon www.cl.cam.ac.uk/users/mjcg

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information