real life experiences of psl
play

Real life experiences of PSL Magnus Bjrk Hardware Description and - PowerPoint PPT Presentation

Jan 09, 2023 •147 likes •685 views

Real life experiences of PSL Magnus Bjrk Hardware Description and Verificatoin 2009-03-26 Saab Space / RUAG Aerospace Was owned by SAAB group Sold to RUAG Aerospace, summer 2008 Most interesting division: Digital products

  1. Real life experiences of PSL Magnus Björk Hardware Description and Verificatoin 2009-03-26

  2. Saab Space / RUAG Aerospace � Was owned by SAAB group � Sold to RUAG Aerospace, summer 2008 � Most interesting division: Digital products � hardware systems � ASIC � software systems � Other products: antennas, frequency converters, separation systems

  3. Sentinel 1 satellite � To be launched by ESA in 2011 � Surveillance of: � Polar ice (thickness, coverage) � Continental drift, earthquakes � Pollution (oil leaks in oceans) � Forest fires � … � Synthetic Aperture Radar

  4. Sentinel 1 satellite

  5. RUAG’s formal verification approach � Want to save effort (money) on testbenches and debugging � Start by using FV on some small modules � Increase usage with experience

  6. Case studies � Old modules � One module under development (memory interface for Sentinel 1 Thermal Control Unit)

  7. PSL: harder than expected DMA Packet wire interface interface DmaAddr DmaReq PwtClock PWT DmaAck PwtValid DmaRdy PwtData DmaReadData PwtReady DmaErr BusClk Addr Control interface Reset Wr WrData � How to express that the PWT is in a certain state? � What is the minimal delay between packets currently set to?

  8. Clarification: Packet delays Minimal delay End of packet Start of next configurable (in packet nr of PwtClocks) PwtValid PwtData PwtClock BusClock PwtClock speed configurable (divisor of BusClock)

  9. Attempt in PSL impure function WritePwtRegV(register:integer, value:integer) return BOOLEAN … impure function SetClkMultiplier(mul:integer) return BOOLEAN... sequence initialize is {WritePwtRegV(PWT_CMDCLR, 1); -- no manual control WritePwtRegV(PWT_DELAY, DELAY); -- set minimal packet delay SetClkMultiplier(MULT)}; -- set transmission speed impure function deinit() return boolean is begin return WritePwtReg(PWT_DELAY) or WritePwtReg(PWT_CLK) or WritePwtReg(PWT_CMDSET); end function deinit; sequence deinit_seq is {{deinit()} within {[*MULT*(DELAY+1)]}}; prop_delay: assert always ({{initialize; not deinit()[*]} && {[*]; PwtValid; not PwtValid}} |-> {{not PwtValid[*MULT*(DELAY+1)]} |{deinit_seq}});

  10. VHDL observers � Implement an observer in VHDL which keeps track of specific properties � E.g. listen to writes to the register controlling minimal delays

  11. Adding an observer for packet delay DMA Packet wire interface interface DmaAddr DmaReq PwtClock PWT DmaAck PwtValid DmaRdy PwtData DmaReadData PwtReady DmaErr BusClk Addr Control interface Reset Wr WrData Trivial VHDL implementation CurrentDelay Delay observer (~10 lines)

  12. A new property prop_delay: assert always ({PwtValid; not PwtValid} |-> {not PwtValid[*CurrentDelay]}); Indexing over non- constants may not be supported by tool!

  13. Doing more in the observer DMA Packet wire interface interface DmaAddr DmaReq PwtClock PWT DmaAck PwtValid DmaRdy PwtData DmaReadData PwtReady DmaErr BusClk Addr Control interface Reset Wr WrData Simple VHDL implementation DelayOk Delay observer (~20 lines) prop_delay: assert always(DelayOk);

  14. VHDL in properties � Either 20 lines of advanced PSL � Or 20 lines of trivial VHDL � More general � No constants MULT and DELAY � Initialization not fixed � Easier to write � Easier for designers to understand � Easier for tools to handle

  15. Combining PSL and VHDL � VHDL can be embedded in PSL � PSL can be embedded in VHDL � You are supposed to mix them! � Mix them if it makes the verification clearer

  16. Bottom line � PSL is very powerful in many cases � In such cases, use PSL! � In other cases, VHDL is better suited � In such cases, use VHDL!

  17. A note on verification libraries � Open verification library (OVL) � Questa verification library (QVL) � Mentor’s extension of OVL, also open source � Open source verification libraries � Contains loads of ready observers � Ranging from simple and, prev, and fifo to advanced ones like USB 2.0 and AMBA .

  18. Designing with verification in mind DMA Serial Transmission logic interface interface Register bank Control interface Easy to verify is easier to use formally in properties Control interface

  19. Designing with verification in mind DMA Serial Transmission logic interface interface Register bank Control Spend less effort interface on full module

  20. Reactions from staff � Quick feedback to designers � Short counter examples easy to understand � Very intricate bugs found � Easy to use, once there infra structure exists � Expect to continue and increase formal verification usage

  21. Lessons learned � Different tools interpret PSL differently � Jasper: ”assume” statements are local to the respective vunit � Mentor: ”assume” statements are global In this case: Jasper correct according to IEEE-1850 � Different tools support different subsets of PSL

  22. More lessons learned � CTL and LTL are like assembly language � Low level, close to the underlying mechanism � PSL might be compared to C � Introduces convenient notation for common constructs � …but we really want the equivalent of high level languages like C++, Java, or Haskell � State machines, hierarchical structures (matching begin-end-constructs), consensus about interpretation � Future work!

  23. More on PSL some examples, some pitfalls Based on Mary Sheeran’s slides from 2008

  24. FSM start continue continue idle p1 p2 p3 cancel cancel done

  25. Low level assertions assert always ((state = idle and start) -> next (state = p1)); assert always ((state = idle and not start) -> next (state = idle)); assert always ((state = p1 and continue) -> next (state = p2)); and so on… one for each transition good, but very localised

  26. Low level assertions assert always ((state = idle and start) -> next (state = p1)); Bit-vector assert always ((state = idle and not start) -> next (state = idle)); assert always ((state = p1 and continue) -> next (state = p2)); and so on… one for each transition good, but very localised

  27. Low level assertions assert always ((state = idle and start) -> next (state = p1)); constant assert always ((state = idle and not start) -> next (state = idle)); assert always ((state = p1 and continue) -> next (state = p2)); and so on… one for each transition good, but very localised

  28. Low level assertions assert always ((state = idle and start) -> next (state = p1)); assert always ((state = idle and not start) -> next (state = idle)); Implicit self-loop assert always ((state = p1 and continue) -> next (state = p2)); and so on… one for each transition good, but very localised

  29. Higher level assertion assert always (not (state = idle) -> eventually! (state = idle) Note: not a safety property! Will also likely need to link the state machine to the system that it is controlling and check that the desired functionality is achieved Message: try to raise level of abstraction of properties (while keeping them short and simple)

  30. Example: simple bus interface spec (1) 1. 2 commands, read and write (with corresponding signals) 2. Command can be issued only after requesting the bus, indicated by a pulsed assertion of signal bus_req, and receiving a grant, indicated by the assertion of signal gnt one cycle after the assertion of bus_req 3. If the bus was not requested, it shouldn’t be granted 4. Command is issued the cycle following receipt of grant 5. Either a read or a write can be issued, not both simultaneously

  31. Example: simple bus interface spec (2) 6. Reads and writes come with an address, on addr[7 downto 0], that should be valid in the following cycle 7. Address validity is indicated by signal addr_valid 8. If a read is issued, then one pulse of data on data_in[63 downto 0] is expected the following cycle 9. If a write is issued, then one pulse of data on data_out[63 downto 0] is expected the following cycle 10. Valid read data is indicated by data_in_valid and valid write data by data_out_valid

  32. Example: simple bus interface low level checks 2, 4. assert always ((read or write) -> ended(bus_req; gnt; true)) Built in function Returns true when the SERE has just ended

  33. Example: simple bus interface low level checks 3. assert always (not bus_req -> next (not gnt))

  34. Example: simple bus interface low level checks 5. assert never (read and write)

  35. Example: simple bus interface low level checks part of 6,7. assert always ((read or write) -> next addr_valid) assert always (not (read or write) -> next (not addr_valid))

  36. Example: simple bus interface low level checks 10. assert always (read -> next data_in_valid) assert always (not read -> next (not data_in_valid)) assert always (write -> next data_out_valid) assert always (not write -> next (not data_out_valid))

  37. Example: simple bus interface low level checks Have checked the protocol but not mentioned the addr, data_in or data_out buses Need to think about overall functionality as well as low level details

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Real life experiences with the SharePoint Workflow #SPSUK Paolo Pialorsi Senior Consultant

Real life experiences with the SharePoint Workflow #SPSUK Paolo Pialorsi Senior Consultant

Real life experiences with the SharePoint Workflow #SPSUK Paolo Pialorsi Senior Consultant This session mainly targets PiaSys.com Developers and Workflow Designers @paolopia that use SPD2013 and VS2013 Thank You to Our Sponsors! About

900 views • 38 slides
Domain Modeling in a Functional World some real life experiences Monday 18 June 12 Debasish

Domain Modeling in a Functional World some real life experiences Monday 18 June 12 Debasish

Domain Modeling in a Functional World some real life experiences Monday 18 June 12 Debasish Ghosh @debasishg on Twitter code @ http://github.com/debasishg blog @ Ruminations of a Programmer http://debasishg.blogspot.com Monday 18 June 12

1.17k views • 88 slides
End-of-life decisions and end-of-life interventions the experiences of a clinician Lia van

End-of-life decisions and end-of-life interventions the experiences of a clinician Lia van

End-of-life decisions and end-of-life interventions the experiences of a clinician Lia van Zuylen, medical oncologist Content Palliative sedation The Dutch guideline Euthanasia The Dutch law Never too early to speak about

361 views • 16 slides
Life experiences of parents with a young adult son or daughter with intellectual disability who

Life experiences of parents with a young adult son or daughter with intellectual disability who

Murray Rieck Life Experiences of Parents 42nd Australasian ASSID Conference Life experiences of parents with a young adult son or daughter with intellectual disability who share the family home: Letting go of the pathogenic paradigm Murray

270 views • 16 slides
? s e g y n e i e a b r n n a a s m h u New Experiences + Someone to share it

? s e g y n e i e a b r n n a a s m h u New Experiences + Someone to share it

W h a t d o w ? s e g y n e i e a b r n n a a s m h u New Experiences + Someone to share it with We consistently look for new experiences and people to share our life experiences with. One fine day, a yacht

351 views • 15 slides
Real Students Real World Real Work Real Life: A Plan for a Holistic Approach to Supporting

Real Students Real World Real Work Real Life: A Plan for a Holistic Approach to Supporting

Real Students Real World Real Work Real Life: A Plan for a Holistic Approach to Supporting Students to and Through Market Value Asset Attainment 4th highest-ranked Strategic Plan Alignment Every student will demonstrate global

499 views • 24 slides
Near-Death Experiences: What if anything might they tell us about life after death? Walter L.

Near-Death Experiences: What if anything might they tell us about life after death? Walter L.

Near-Death Experiences: What if anything might they tell us about life after death? Walter L. Bradley, Ph.D., P.E. ASA Annual MeetingGordon College July 29, 2018 If you were to die tonight. Would you cease to exist? Would you no

647 views • 31 slides
Metadata Management for Data Integration in Medical Sciences - Experiences from the LIFE Study -

Metadata Management for Data Integration in Medical Sciences - Experiences from the LIFE Study -

Metadata Management for Data Integration in Medical Sciences - Experiences from the LIFE Study - Toralf Kirsten, Alexander Kiel, Mathias Rhle, Jonas Wagner LIFE Reserach Center for Civilization Diseases University of Leipzig BTW, Stuttgart,

537 views • 20 slides
Basic 2: Narrative Presentation Objective : To evaluate your ability to describe life experiences

Basic 2: Narrative Presentation Objective : To evaluate your ability to describe life experiences

Basic 2: Narrative Presentation Objective : To evaluate your ability to describe life experiences and narrate past events. You will give the audience a clear understanding of something meaningful that happened in your life. This will take the form

54 views • 3 slides
Real-world experiences of delivering advanced passenger informa5on

Real-world experiences of delivering advanced passenger informa5on

Real-world experiences of delivering advanced passenger informa5on in a mass transit environment Gary Umpleby BSc CEng MIET Hogia Transport Systems

316 views • 29 slides
I want to share my life experience, and give some insight into the experiences of other Aboriginal

I want to share my life experience, and give some insight into the experiences of other Aboriginal

I want to share my life experience, and give some insight into the experiences of other Aboriginal people in Residential Schools. Personal: Growing up with Cerebral Palsy had its challenges and advantages. I was born into a large First Nations

351 views • 7 slides
Insights in building real-time experiences with WebRTC @VictorSanchez victor@mashme.tv ? What

Insights in building real-time experiences with WebRTC @VictorSanchez victor@mashme.tv ? What

Insights in building real-time experiences with WebRTC @VictorSanchez victor@mashme.tv ? What is Social video-collaboration platform Based in the cloud Integrates many tools Startup spin-off from UPM 2 ? How big is 800.000+ users in 72

384 views • 25 slides
Real Time BoF LinuxCon Japan 2011 This session provides a forum to discuss Real Time Linux, share

Real Time BoF LinuxCon Japan 2011 This session provides a forum to discuss Real Time Linux, share

Real Time BoF LinuxCon Japan 2011 This session provides a forum to discuss Real Time Linux, share how you are using it, and learn from the experiences of others. Please come prepared to discuss your experiences with and hear about: - fields of

313 views • 18 slides
Heading Nearly 6000 babies are born each year in Croydon What a child experiences

Heading Nearly 6000 babies are born each year in Croydon What a child experiences

The importance of first 1000 days of life Heading Nearly 6000 babies are born each year in Croydon What a child experiences during the early years lays down a foundation for the whole of their life (Marmot 2010) The opportunity to

670 views • 20 slides
Real graduates, Real graduates, real transitions, real transitions, real stories: real

Real graduates, Real graduates, real transitions, real transitions, real stories: real

Real graduates, Real graduates, real transitions, real transitions, real stories: real stories: A real insight to A real insight to life life after college after college April Perry, PhD Candidate April Perry, PhD Candidate University

477 views • 32 slides
European Real Life Cases Truck Platooning, 2017-2019 1 From Challenge to Real Life Cases The

European Real Life Cases Truck Platooning, 2017-2019 1 From Challenge to Real Life Cases The

European Real Life Cases Truck Platooning, 2017-2019 1 From Challenge to Real Life Cases The European Truck Platooning Challenge (April 2016): proof and energy!! Use the moment and energy: truck platooning to a next phase of the innovation cycle .

299 views • 12 slides
Verifying Numerical Programs via Iterative Abstract Testing Banghu Yin 1 Liqian Chen 1 Jiangchao

Verifying Numerical Programs via Iterative Abstract Testing Banghu Yin 1 Liqian Chen 1 Jiangchao

Verifying Numerical Programs via Iterative Abstract Testing Banghu Yin 1 Liqian Chen 1 Jiangchao Liu 1 Ji Wang 1 Patrick Cousot 2 1 National University of Defense Technology, Changsha, China 2 New York University, New York, USA SAS 2019@Porto,

563 views • 29 slides
The Role of Trust Management in Distributed Systems Security (KeyNote) Darrell Hyatt

The Role of Trust Management in Distributed Systems Security (KeyNote) Darrell Hyatt

The Role of Trust Management in Distributed Systems Security (KeyNote) Darrell Hyatt Introduction For secure distributed systems, ACLs are inadequate Password-based protocols are insecure in a networked environment Centralized

252 views • 12 slides
Self Testing CSE1110 Software Testing & Quality Engineering Arie van Deursen June 7, 2019

Self Testing CSE1110 Software Testing & Quality Engineering Arie van Deursen June 7, 2019

Self Testing CSE1110 Software Testing & Quality Engineering Arie van Deursen June 7, 2019 1 Self Testing exercise System Test Suite observe Self-checks observe exercise Daily Use Operations 2 The Java (C, C++, Python, )

1.01k views • 65 slides
meta SMT http://www.informatik.uni-bremen.de/agra/eng/metasmt.php 1 Outline Motivation Initial

meta SMT http://www.informatik.uni-bremen.de/agra/eng/metasmt.php 1 Outline Motivation Initial

metaSMT: Focus On Your Application Not On Solver Integration Finn Haedicke , Stefan Frehse, Grschwin Fey, Daniel Groe, Rolf Drechsler Group of Computer Architecture, University of Bremen, Germany DIFTS 2011 meta SMT

807 views • 45 slides
Shared Variable Proof Methods, Hardware-Assisted Critical Sections Dr. Liam OConnor University

Shared Variable Proof Methods, Hardware-Assisted Critical Sections Dr. Liam OConnor University

Transition Diagrams Owicki-Gries Method Invariants and Machine Instructions Shared Variable Proof Methods, Hardware-Assisted Critical Sections Dr. Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Transition Diagrams

162 views • 12 slides
Assertions and Measurements for Mixed-Signal Simulation PhD Thesis Thomas Ferr` ere VERIMAG,

Assertions and Measurements for Mixed-Signal Simulation PhD Thesis Thomas Ferr` ere VERIMAG,

Assertions and Measurements for Mixed-Signal Simulation PhD Thesis Thomas Ferr` ere VERIMAG, University of Grenoble (directeur: Oded Maler) Mentor Graphics Corporation (co-encadrant: Ernst Christen) October 28, 2016 Cyber-Physical Systems

1.43k views • 92 slides
Advances in Programming Languages APL13: Assertions and Hoare Logic David Aspinall (most slides

Advances in Programming Languages APL13: Assertions and Hoare Logic David Aspinall (most slides

Advances in Programming Languages APL13: Assertions and Hoare Logic David Aspinall (most slides by Ian Stark) School of Informatics The University of Edinburgh Tuesday 9 November 2010 Semester 1 Week 8 N I V E U R S E I H T T Y

682 views • 24 slides
Run-Time Assertion Checking and Monitoring Java Programs Envisage Bertinoro Summer School June

Run-Time Assertion Checking and Monitoring Java Programs Envisage Bertinoro Summer School June

Run-Time Assertion Checking and Monitoring Java Programs Envisage Bertinoro Summer School June 2014 June 19, 2014 Your Lecturers Today Frank en Stijn What This Talk Is All About Formal Methods in Practice: Theorie ist, wenn man alles weiss

764 views • 40 slides

More recommend