T IMING M ODEL D ERIVATION Static Analysis of Hardware Description Languages Marc Schlickling AbsInt Angewandte Informatik GmbH December 17, 2012 saarland university computer science
saarland Outline university computer science Motivation 1 Timing Model Derivation 2 3 Analysis Framework 4 Usability Conclusion 5 Marc Schlickling T IMING M ODEL D ERIVATION December 17, 2012 1 / 20
saarland Motivation university computer science Embedded systems supporting our daily life Safety-critical systems often have to fulfill strict timing constraints to ensure a proper functioning Guaranteeing the timeliness of these systems is of crucial importance (and also required by Certification Authorities) Marc Schlickling T IMING M ODEL D ERIVATION December 17, 2012 2 / 20
saarland The Timing Problem university computer science probability BCET WCET execution time Runtime of a task varies between ◮ different inputs ◮ and different runs Measuring the WCET of a task is impossible on complex architectures Static methods derive upper bounds on the WCET independently from concrete inputs Marc Schlickling T IMING M ODEL D ERIVATION December 17, 2012 3 / 20
saarland The Timing Problem university computer science probability WCET minimal observed maximal observed execution time execution time execution underestimation time Runtime of a task varies between ◮ different inputs ◮ and different runs Measuring the WCET of a task is impossible on complex architectures Static methods derive upper bounds on the WCET independently from concrete inputs Marc Schlickling T IMING M ODEL D ERIVATION December 17, 2012 3 / 20
saarland The Timing Problem university computer science probability WCET safe upper bounds execution time Runtime of a task varies between ◮ different inputs ◮ and different runs Measuring the WCET of a task is impossible on complex architectures Static methods derive upper bounds on the WCET independently from concrete inputs Marc Schlickling T IMING M ODEL D ERIVATION December 17, 2012 3 / 20
saarland Static WCET Analysis Framework university computer science Executable Program Call- and Annotations CFG-Builder Loop Bounds Loop- Implemented in the aiT tool Transformation Based on reconstructed control flow Control-flow Annotated Graph CFG Cache/pipeline analysis models instruction flow through the processor Static Analyses Path Analysis Loop-Bound ◮ Relies on timing model of underlying Analysis ILP-Generator processor Value Analysis ILP-Solver ◮ Abstract simulation of task execution Cache/Pipeline Evaluation Analysis WCET Marc Schlickling T IMING M ODEL D ERIVATION December 17, 2012 4 / 20
saarland Modern Processor Development university computer science Modern processors are highly configurable and offer advanced features like ◮ Caches and deep pipelines ◮ Out-of-order execution ◮ Speculation and branch prediction Timing models must reflect timing behavior of the hardware Processors designed using formal hardware description languages (HDLs) HDLs are explicitly designed to support ◮ Design ◮ Simulation and ◮ Verification ◮ Timing behavior already part of the specification Marc Schlickling T IMING M ODEL D ERIVATION December 17, 2012 5 / 20
saarland Timing Model Derivation Methodology university computer science Model preprocessing eliminates parts not relevant for the timing behavior VHDL Model Processor state abstraction approximates Environmental Timing Dead Data Path Assumption parts of the model Code Elimination Elimination Refinement Model Preprocessing Static analysis techniques useful to support Preprocessed VHDL ◮ Model preprocessing, and ◮ Model understanding Processor State Abstractions Semantics of HDLs special compared to “normal” programming languages Timing Model ◮ Abstract semantics that enables use of program analyses Marc Schlickling T IMING M ODEL D ERIVATION December 17, 2012 6 / 20
saarland VHDL Semantics university computer science Process execution 1 ◮ Sequential, imperative semantics entity counter is port(clk: in std_logic; ◮ Assignments to variables rst: in std_logic; val: out std_logic_vector(2 downto 0)); immediately take effect end entity; ◮ Assignments to signals are delayed architecture rtl of counter is ◮ Executes, until suspended signal cnt: std_logic_vector(2 downto 0); begin Process reactivation 2 P1: process (clk, rst) is begin ◮ After all processes have suspended if (rst = ’1’) then cnt <= "000"; ◮ Check if restart of processes is elsif (rising_edge (clk)) then if (cnt < "111") then necessary cnt <= cnt + ’1’; ⋆ Yes: restart these processes else cnt <= "000"; (delta cycle) end if; ⋆ No: wait for timeout/external end if; end process; signal change P2: process (cnt) is begin val <= cnt; end process; VHDL model ≡ set of processes p l , end; with p l = ( ζ l , Π l , ω l ) , and l ∈ IL Marc Schlickling T IMING M ODEL D ERIVATION December 17, 2012 7 / 20
saarland Transformed Semantics university computer science Ordering of process execution is not important ◮ Variables are process-local ◮ Signal assignments take effect only at synchronization point Transform two-level semantics to one level ◮ Signal assignments can be viewed as assignments to new variable ⋆ Assignment s < = V : Θ [ s ← V ] ⋆ At sync: ∀ s ∈ Signals : Θ [ s ← Θ ( s ) , s ← Θ ( s )] ◮ Always execute all processes in fixed ordered loop ◮ Add guard controlling the reexecution of process p l ⋆ Guard true, iff Θ ⊢ � s ∈ ω l ( s � = s ) ◮ Level-reduction transforms data dependency between processes into control dependency Marc Schlickling T IMING M ODEL D ERIVATION December 17, 2012 8 / 20
saarland Abstract Semantics university computer science Processes directly mapped to control-flow graph simul s ◮ Statements map to single nodes guard ( p 1 ) ◮ Cof-constructs form basic block structure call ( p 1 ) Effect of executing process modeled by call statement call ( p l )( Θ ) = Θ ′ , with ( Θ , start ( Π l ) , Π l ) ⇀ ∗ seq ( Θ ′ , ζ sus , Π l ) guard ( p 2 ) Reactivation of process “controlled” by guard call ( p 2 ) Repeated execution controlled via disjunction of process guards synchronize () � l ∈ IL ( guard ( p l )) ◮ Mapping of model to cfg enables use of data-flow x analyses on HDLs Marc Schlickling T IMING M ODEL D ERIVATION December 17, 2012 9 / 20
saarland Modeling Simulation Time university computer science clock s State transitions and simulation time of utmost importance for timing analysis rising _ clock ( clk ) In synchronous designs, state changes scheduled on call ( simul ) rising/falling edge of a global clock signal ◮ Signals must reside stable ( 0 or 1 ) on a clock event falling _ clock ( clk ) call ( simul ) Introduce special clock routine ◮ Models the effect of rising and falling events on Θ ◮ Self-recursion allows analyzers to separate clock cycles call ( clock ) ◮ Explicit modeling of clock allows analysis of synchronous x designs and adds support for multiple clock domains Marc Schlickling T IMING M ODEL D ERIVATION December 17, 2012 10 / 20
saarland Analysis of Open Designs university computer science simul guard ( p 2 ) Introduce environment routine call ( p 2 ) ◮ Allows modeling of transactions on input signals Unguarded execution within the simulation routine call ( environment ) Cfg extended by attributes expressing properties of synchronize () HDL constructs and the framework � l ∈ IL ( guard ( p l )) ◮ E.g., classification of edges and assignments, prefix notation of expressions, definition/use classification x environment ◮ Analyzers building on this framework are aware of s concrete semantics of HDLs environment x Marc Schlickling T IMING M ODEL D ERIVATION December 17, 2012 11 / 20
saarland Usability w.r.t. Timing Model Derivation university computer science VHDL Model Reset analysis 1 Environmental Timing Dead Data Path Assumption Code Elimination Elimination ◮ Determines signal values at the initial state Refinement Model Preprocessing ◮ Initial state apparently not visible in Preprocessed specification VHDL ◮ Constant propagation on extended environment Processor State Assumption-based model refinement 2 Abstractions Static backward slicing 3 Timing Model Marc Schlickling T IMING M ODEL D ERIVATION December 17, 2012 12 / 20
saarland Assumption-based Model Refinement university computer science Goal Incorporate knowledge on specific usage of processor into model Identify timing-dead parts and new stable signals Data-flow analysis Compute safe approximation on the range of values for each identifier Based on interval domain { f | f : identifier → V Int } ∪ {⊥ , ⊤} , with V Int ≡ ( Value × Value ) ∪ {⊥ , ⊤} At control-flow join: form interval hull of incoming data for all identifiers Marc Schlickling T IMING M ODEL D ERIVATION December 17, 2012 13 / 20
saarland Assumption-based Model Refinement (cont.) university computer science Transfer functions for VHDL model nodes m ∈ V VHDL W.l.o.g, l ⊢ eval ( expr ( m )) = U At variable assignment v : = expr : l [ v ← U ] At signal assignment s < = expr : l [ s ← U ] At true/false edges e = ( m , n ) : if U = ⊤ ∨ U = cat ( e ) , l expr m: l ′ = ⊥ if U � = cat ( e ) , l otherwise. ... ... Marc Schlickling T IMING M ODEL D ERIVATION December 17, 2012 14 / 20
Recommend
More recommend
