Formalni postupci u oblikovanju računalnih sustava(2008)

Auditorne_1: 03.03.2008., 14:00 – 16:00, D1

Pred. (Logika) 07.03.2006., 09:15 – 11:00 B4

Auditorne_2: 10.03.2008., 08:00-10:00 D1

Test sustava: 10.03.2008., 14:00 – 16:30 A 102

Prvi lab otvoren: 10.03.2008., 16:30 – 18:00 A 102

Pred. (CTL) 14.03.2008., 09:15 – 11:00 B4

Auditorne_3: 17.03.2008. 08:00 – 10:00 D1

Prvi lab kolokvij: 17.03.2008., 14:00 – 16:30 A 102, 101

Za raspored po grupama vidi Web stranicu labosa

Formal verification

I = Implementation (model of the system to be verified)

S = Specification (behavior)

Expressed in temporal logic

Verifier

YES

NO (error trace)

I S1. How to model I ?

2. What is

3. How to model S ?

A 1) Verifikacija sklopovlja

Primjer: Arbitar sabirnice

Opis implementacije (I): Verilog (HDL)

Opis specifikacije (S): CTL

Sustav za verifikaciju: VIS

A 2) Verifikacija dijelova programskih produkata

Primjeri: Međ. isključ. proc.

Opis implementacije (I): SMV

Opis specifikacije (S): CTL

Sustav za verifikaciju: SMV

A 1) Laboratorijske vježbe iz verifikacije sklopovlja:

Arbitar sabirnice (engl. Bus Arbiter)

Opis implementacije ( I ): VerilogOpis specifikacije ( S ): CTL vremenska logikaSustav za verifikaciju: VIS

Verification SynthesisSimulation

CTL Fairness

Blif-mv

VHDL Verilog SMV

SIS

Move around View hierarchy

VIS: http://www-cad.eecs.berkeley.edu/~vis

PASS FAIL (error trace)

S = bar.ctl

I = foo.v

F = go.fair

VIS internal representation

After BLIF-MV description is read into VIS:- extracted (by vl2mv) sets of finite state machines (FSMs)

that preserve the behavior of the Verilog source program- hierarchy tree (modules, sub-modules), models and

models instances- the module-submodule relations are represented by

tables, which implement output functions in terms of sub-module inputs

- traversing by pwd, cd, ls- at any node: simulation, verification and synthesis- print… shows hierarchy

Flattening the hierarchical description into network:- functionality given by network of gates and latches (no

optimization)- primitives: variables, tables, wires, latches (on wires)- creates the network of gates and latches (netlist) on that

hierarchy level- print… shows network

Na stranicama lab. vježbi VIS dokumentacija

Za implementaciju I:

1.VIS User Manual2.Verilog – kratki opis3.Verilog – pregled naredbi

Za specifikaciju S:

1.VIS CTL Manual

VERILOG

• Jezik za opis sklopovlja (HDL), sintaktički posudio mnogo od C-a.

• Opis na više razina apstrakcije.

• IEEE standard #1364 - 1995.

• Verilog datoteke se mogu verificirati, simulirati i sintetizirati.

Ref.:

1. Donald E. Thomas and Philip R. Moorby

The Verilog Hardware Description Language, 4th Ed.

Kluwer, 1998.

(Carnagie Melon University)

2. http://www.ovi.org (VERILOG i VHDL)

g1

g2

f1

f2

nsel

!!!!!

Second: temp store before assign

addition(Logical OR = II)

(anything can be accessed, bad style)

same as a.e

since no local e

This e is different (it is top e)

00 01 11 1000 1 0 1 101 0 0 1 011 0 0 1 110 1 1 1 1

module binaryToESeg(eSeg, A, B, C, D);output eSeg;input A, B, C, D;reg eSeg;

always @(A or B or C or D) begineSeg = 1; // initial set = onif(~A & D) // if ~A&D then off

eSeg = 0;if(~A & B & ~C)

eSeg = 0;if(~B & ~C & D)

eSeg = 0;end

endmodule

e

e logic only

Inputs: A B C D

Ex. 1 1 0 1

= char. “d”

e = 1 (ON)

CD

AB

module fsm(out, in, clock, reset);output out;input in, clock, reset;reg out;reg [1:0] currentState, nextState;

// combination portion

* * *

// sequential portion

* * *

endmodule

Output

State

Input

neg. edge

clock

pos. edge

00/0

01/1

11/0

1

01

0

0

1

reset

// combination portionalways @(in or currentState) begin

out = ~currentState[1] & currentState[0];// out = 1 only for state 01nextState = 0; if (currentState == 0)

if(in) nextState = 1; //else stay in 0if (currentState == 1)

if (in) nextState = 3; //else go to 0if (currentState == 3)begin

if (in) nextState = 3;else nextState = 1;end

end// the sequential portionalways @(posedge clock or negedge reset) begin if (~reset)

currentState <= 0; // as long as res=0 else

currentState <= nextState; // as D type bistableend

Bit select = 01

Non blocking

Verilog extensions (in VIS environment)

Enumerated types ( similar to C )

typedef enum {IDLE, READY, BUSY} controller_state;

/* contr._state is an enum type */

controller_state reg state;

/* state is a register variable of the type “controller_state” */

Non-determinismThere exist state-input pair for which the next state and output are not unique.

$ND construct • creates a nondeterministic signal source • should only be used in an assign statement

wire r; /* def of a wire variable */assign r=$ND(GO, NOGO); /* nondeterminism */..always@(posedge clk) begin..state = r;/* the state is nondeterm. GO or NOGO */..end

clientA clientB clientC

Example: Arbiter

module main(clk); … // typedef

… // input, output, wire, reg...

controller controllerA(clk, reqA, ackA, sel, pass_tokenA, A); controller controllerB(clk, reqB, ackB, sel, pass_tokenB, B); controller controllerC(clk, reqC, ackC, sel, pass_tokenC, C); arbiter arbiter(clk, sel, active); client clientA(clk, reqA, ackA); client clientB(clk, reqB, ackB); client clientC(clk, reqC, ackC);endmodule

module controller(clk, req, ack, sel, pass_token, id);input clk, req, sel, id;output ack, pass_token;….

endmodule

module arbiter(clk, sel, active);input clk, active;output sel;...

endmodule

module client(clk, req, ack);input clk, ack;output req;...

endmodule

A 2) Laboratorijske vježbe iz verifikacije programskih dijelova:

Algoritmi međusobnog isključivanja procesa(mutex)

Opis implementacije ( I ): SMVOpis specifikacije ( S ): CTL vremenska logikaSustav za verifikaciju: SMV

SMV - Symbolic model verifier

Ken McMillan, CMU, Ph.D. thesis, 1992.

Formalni model (/) - SMV sintaksa

Formalna specifikacija (S) - CTL formule

SMV sustav za

verifikaciju

S

I Da / Ne (+ error trace)foo.smv

Implementacija ( I ):

stroj s konačnim brojem stanja (FSM) u SMV kodu

req = 0

st.=ready

req = 1

st.=ready

req = 1

st.=busy

req = 0

st.=busy

request = {0, 1}

(npr. 1=True, 0=False)

status = {ready, busy}

MODULE main // foo.smv file

VAR

request: boolean // type boolean

status: {ready, busy} // type sclr {ready, busy}

ASSIGN

init (status) := ready; // init status value

next (status) := case // next status value

request : busy;

// if st=rdy req=1 in crnt state, then next st=bsy

1 : {ready, busy};

// else not det.

esac;

SPEC

AG(request -> AF status = busy) // CTL spec.

MODULE main // ring of 3 inverters, each with diff. speed

VAR

gate1 : process inverter(gate3.output);

gate2 : process inverter(gate1.output);

gate3 : process inverter(gate2.output);

// SMV chooses and runs any process module nondeterminist.

// useful to describe parallel processes, e.g comm. protocols

SPEC

(AG AF gate1.out) & (AG AF !gate1.out)

MODULE inverter(input)

VAR

output : boolean;

ASSIGN

init(output) := 0;

next(ouput) := !input;// output inverts input with type chk