Compositional correctness of IP-based system design: Translating - - PowerPoint PPT Presentation

Compositional correctness of IP-based system design: Translating C/C++ Models into SIGNAL Processes

Rennes, November 04, 2005

Hamoudi Kalla and Jean-Pierre Talpin Espresso Team

2

Outline

Introduction Preliminaries Translating C/C++ Models into SIGNAL Processes

Principles Example Implementation

Conclusion and Future works

3

Simulators and test tools

They may not cover all design errors We need formal verification to ensure the quality of

system designs we need formal models C/C++ System Design Validation

Introduction

4

System Design Validation Using Formal Models

Our Methodology

C/C++ Models C/C++ Models Formal Models : SIGNAL processes Formal Models : SIGNAL processes

automatic translation

5

Control Data-Flow Graph (CDFG) Single Statement Assignment (SSA)

Preliminaries

6

Preliminaries

• Represents a procedure or a program as a directed

graph G=(V, E), where the set V represents control flow nodes and E represents jumps in the control flow

• Control Flow nodes are Basic blocks, Test blocks, and

Join Blocks Control Data Flow Graph

7

int example(int a, int b, int c) { int x, y, z, result; y = a * b; z = a * c; if (y>z) x = y – z; else x = z – y; result = x * a; return result; }

Preliminaries

Control Data Flow Graph: Nodes

C/C++ program CDFG

8

Basic Blocks (BB) are instructions without any jumps. Test blocks (T) describe conditional branching expressions. Join blocks (J) represent the end of conditional branches.

Preliminaries

Control Data Flow Graph: Nodes

CDFG

9

SSA is a form of Control Data Flow Graph that allows

• ptimizations to be done efficiently and easily

In SSA, every variable receives exactly one assignment during its lifetime

Preliminaries

Single Statement Assignment (SSA) Form

… x = a * b; x = a * c; … … x1 = a * b; x2 = a * c; …

SSA

10

Control Data Flow Graph its associated Static Single Assignment form

Preliminaries

Single Statement Assignment (SSA) Form

New function

11

Translating C/C++ Models into SIGNAL Processes

C/C++ Models C/C++ Models SIGNAL processes SIGNAL processes

SSA Form

GCC ?

12

Translating C/C++ Models into SIGNAL Processes

C/C++ Models C/C++ Models SIGNAL processes SIGNAL processes

GCC

f1, …, fn functions f1 SSA1 fn SSAn SSA1 process1 SSAn processn … … …

?

13

Translating C/C++ Models into SIGNAL Processes

Function f (SSA) Process f (SIGNAL)

Encode nodes, edges, assignment statement, conditional branching, and Ф function

Principle

14

Encoding SSA Nodes (blocks)

Translating C/C++ Models into SIGNAL Processes

Boolean BB1, T2, BB2, BB3, J1, BB4;

x

t1 t2 t3 t4 t5 … BB1 true false false false false … T2 false true false false false … BB2 false false true false false … BB3 false false false true false … J1 false false false false true … BB4 false false false false true … t1 t2 t3 t4 t5 … BB1 true false false false false … T2 false true false false false … BB2 false false true false false … BB3 false false false true false … J1 false false false false true … BB4 false false false false true …

Instants blocks

15

Translating C/C++ Models into SIGNAL Processes

B1 B2

| B2 : = true when pre_B1 default false | pre_B1 : = B1$ init false

t1 t2 t3 t4 t5 … B1 true false false false false … pre_B1 false true false false false … B2 false true false false false … t1 t2 t3 t4 t5 … B1 true false false false false … pre_B1 false true false false false … B2 false true false false false …

Encoding SSA Edges : for Basic and Test blocks

16

Translating C/C++ Models into SIGNAL Processes

Encoding SSA Edges : for Join blocks

J1 B1

| J1 : = true when pre_B1 default true when pre_B2 default false

t1 t2 t3 t4 t5 … pre_B2 false true false false false … pre_B1 false false false false false … J1 false false true false false … t1 t2 t3 t4 t5 … pre_B2 false true false false false … pre_B1 false false false false false … J1 false false true false false … B2

17

Translating C/C++ Models into SIGNAL Processes

Encoding Assignment Statement

t1 t2 t3 t4 t5 … B1 false true false false false false … Pre_B1 false false true false false false … x1 0 5 5 5 5 5 … y1 2 2 2 2 2 2 … z1 3 3 3 3 3 3 … t1 t2 t3 t4 t5 … B1 false true false false false false … Pre_B1 false false true false false false … x1 0 5 5 5 5 5 … y1 2 2 2 2 2 2 … z1 3 3 3 3 3 3 …

X1 = y1 + z1 X1 = y1 + z1

B1

| x1 : = ( y1 + z1 ) when B1 default x1$

18

Translating C/C++ Models into SIGNAL Processes

Encoding Conditional Branching Statement

If (x>y) goto B1; else goto B2; If (x>y) goto B1; else goto B2;

T1 B1

| test1 : = (x>y) when T1default false | pre_test1 : = test1$ init false

t1 t2 t3 t4 t5 … T1 false true false false false … pre_T1 false false true false false … Test1 false true false false false … pre_test1 false false true false false … B1 false false true false false … B2 false false false false false … t1 t2 t3 t4 t5 … T1 false true false false false … pre_T1 false false true false false … Test1 false true false false false … pre_test1 false false true false false … B1 false false true false false … B2 false false false false false … B2

| B1 : = true when pre_test1 when pre_T1 default false | B2 : = true when not pre_test1 when pre_T1 default false

19

Translating C/C++ Models into SIGNAL Processes

Encoding Ф Function

X3 = Ф(x1,x2) X3 = Ф(x1,x2)

J1 B1

| x3 : = x1 when pre_B1 default x2

X1 = … X1 = … X2 = … X2 = …

B2

Y = x3 + … Y = x3 + …

B3

20

Translating C/C++ Models into SIGNAL Processes

Encoding Loop Statement : Blocks

If (x>y) goto B1; else goto B2; If (x>y) goto B1; else goto B2; T1 B2

| test1 : = (x>y) when T1default false | pre_test1 : = test1$ init false

… … … … B1 … … B0 … … J1

| T1 : = true when pre_B0 default true when pre_B1 default false | B1 : = true when pre_test1 when pre_T1 default false | B2 : = true when not pre_test1 when pre_T1 default false

21

Translating C/C++ Models into SIGNAL Processes

Encoding Loop Statement : statements

If (i2<10) goto B1; else goto B2; If (i2<10) goto B1; else goto B2; T1 B2

| i1 : = 1 when B0 default i1$

… … i3 := i2 + 1 i3 := i2 + 1 B1 i1 := 1 i1 := 1 B0 i2 := Ф(i1,i3) i2 := Ф(i1,i3) J1

| i2 : = i1 when pre_B0 default i3 | i3 : = i2$ +1 when pre_B1 default i3$

22

Translating C/C++ Models into SIGNAL Processes

Encoding pointers (1)

x = 10; if (T) p = &x ; else p = &y ; z = *p;

SSA

If (T) goto B1; else goto B2; If (T) goto B1; else goto B2;

T1 B1

p1 = &x p1 = &x p2 = &y p2 = &y

B2

X = 10 X = 10

B0

p3 = Ф(p1,p2) p3 = Ф(p1,p2)

J1

z = *p3 z = *p3

B3 Signal

p = (p_tag,p_star) p_tag = 0 p = &x p_start = x p_tag = 1 p = &y p_start = y

23

Translating C/C++ Models into SIGNAL Processes

Encoding pointers (2)

If (T) goto B1; else goto B2; If (T) goto B1; else goto B2;

T1 B1

p1 = &x p1 = &x p2 = &y p2 = &y

B2

X = 10 X = 10

B0

p3 = Ф(p1,p2) p3 = Ф(p1,p2)

J1

z = *p3 z = *p3

B3

p1 = (p1_tag,p1_star) p1_tag = 0 p1 = &x p1_star = x p2 = (p2_tag,p2_star) p2_tag = 1 p2 = &y p2_star = y p3 = (p3_tag,p3_star) p3_tag = p1_tag U p2_tag p3_star = Ф (p1_start,p2_star) | z : = p3_start when B3 | p3_star : = x when (p3_tag=0) default y when (p3_tag=1)

24

Translating C/C++ Models into SIGNAL Processes

Implementation

25

• A methodology to validate C/C++ system design :
• Extend this work in order to:
• encode arrays, pointers and functions calls,
• remove global synchronisation,
• reduce the number of variables/signals.
• it automatically creates formal models from C/C++ system models,
• it is based on the internal representation SSA of GCC and uses the

synchronous language SIGNAL as a formal platform.

Conclusion and Future Works