Formalni postupci u oblikovanju računalnih sustava(2008)
description
Transcript of Formalni postupci u oblikovanju računalnih sustava(2008)
Formalni postupci u oblikovanju računalnih sustava(2008)
Auditorne_1: 03.03.2008., 14:00 – 16:00, D1
Pred. (Logika) 07.03.2006., 09:15 – 11:00 B4
Auditorne_2: 10.03.2008., 08:00-10:00 D1
Test sustava: 10.03.2008., 14:00 – 16:30 A 102
Prvi lab otvoren: 10.03.2008., 16:30 – 18:00 A 102
Pred. (CTL) 14.03.2008., 09:15 – 11:00 B4
Auditorne_3: 17.03.2008. 08:00 – 10:00 D1
Prvi lab kolokvij: 17.03.2008., 14:00 – 16:30 A 102, 101
Za raspored po grupama vidi Web stranicu labosa
Formal verification
I = Implementation (model of the system to be verified)
S = Specification (behavior)
Expressed in temporal logic
Verifier
YES
NO (error trace)
I S1. How to model I ?
2. What is
3. How to model S ?
A 1) Verifikacija sklopovlja
Primjer: Arbitar sabirnice
Opis implementacije (I): Verilog (HDL)
Opis specifikacije (S): CTL
Sustav za verifikaciju: VIS
A 2) Verifikacija dijelova programskih produkata
Primjeri: Međ. isključ. proc.
Opis implementacije (I): SMV
Opis specifikacije (S): CTL
Sustav za verifikaciju: SMV
A 1) Laboratorijske vježbe iz verifikacije sklopovlja:
Arbitar sabirnice (engl. Bus Arbiter)
Opis implementacije ( I ): VerilogOpis specifikacije ( S ): CTL vremenska logikaSustav za verifikaciju: VIS
Verification SynthesisSimulation
CTL Fairness
Blif-mv
VHDL Verilog SMV
SIS
Move around View hierarchy
VIS: http://www-cad.eecs.berkeley.edu/~vis
PASS FAIL (error trace)
S = bar.ctl
I = foo.v
F = go.fair
VIS internal representation
After BLIF-MV description is read into VIS:- extracted (by vl2mv) sets of finite state machines (FSMs)
that preserve the behavior of the Verilog source program- hierarchy tree (modules, sub-modules), models and
models instances- the module-submodule relations are represented by
tables, which implement output functions in terms of sub-module inputs
- traversing by pwd, cd, ls- at any node: simulation, verification and synthesis- print… shows hierarchy
Flattening the hierarchical description into network:- functionality given by network of gates and latches (no
optimization)- primitives: variables, tables, wires, latches (on wires)- creates the network of gates and latches (netlist) on that
hierarchy level- print… shows network
Na stranicama lab. vježbi VIS dokumentacija
Za implementaciju I:
1.VIS User Manual2.Verilog – kratki opis3.Verilog – pregled naredbi
Za specifikaciju S:
1.VIS CTL Manual
VERILOG
• Jezik za opis sklopovlja (HDL), sintaktički posudio mnogo od C-a.
• Opis na više razina apstrakcije.
• IEEE standard #1364 - 1995.
• Verilog datoteke se mogu verificirati, simulirati i sintetizirati.
Ref.:
1. Donald E. Thomas and Philip R. Moorby
The Verilog Hardware Description Language, 4th Ed.
Kluwer, 1998.
(Carnagie Melon University)
2. http://www.ovi.org (VERILOG i VHDL)
g1
g2
f1
f2
nsel
!!!!!
Second: temp store before assign
addition(Logical OR = II)
(anything can be accessed, bad style)
same as a.e
since no local e
This e is different (it is top e)
00 01 11 1000 1 0 1 101 0 0 1 011 0 0 1 110 1 1 1 1
module binaryToESeg(eSeg, A, B, C, D);output eSeg;input A, B, C, D;reg eSeg;
always @(A or B or C or D) begineSeg = 1; // initial set = onif(~A & D) // if ~A&D then off
eSeg = 0;if(~A & B & ~C)
eSeg = 0;if(~B & ~C & D)
eSeg = 0;end
endmodule
e
e logic only
Inputs: A B C D
Ex. 1 1 0 1
= char. “d”
e = 1 (ON)
CD
AB
module fsm(out, in, clock, reset);output out;input in, clock, reset;reg out;reg [1:0] currentState, nextState;
// combination portion
* * *
// sequential portion
* * *
endmodule
Output
State
Input
neg. edge
clock
pos. edge
00/0
01/1
11/0
1
01
0
0
1
reset
// combination portionalways @(in or currentState) begin
out = ~currentState[1] & currentState[0];// out = 1 only for state 01nextState = 0; if (currentState == 0)
if(in) nextState = 1; //else stay in 0if (currentState == 1)
if (in) nextState = 3; //else go to 0if (currentState == 3)begin
if (in) nextState = 3;else nextState = 1;end
end// the sequential portionalways @(posedge clock or negedge reset) begin if (~reset)
currentState <= 0; // as long as res=0 else
currentState <= nextState; // as D type bistableend
Bit select = 01
Non blocking
Verilog extensions (in VIS environment)
Enumerated types ( similar to C )
typedef enum {IDLE, READY, BUSY} controller_state;
/* contr._state is an enum type */
controller_state reg state;
/* state is a register variable of the type “controller_state” */
Non-determinismThere exist state-input pair for which the next state and output are not unique.
$ND construct • creates a nondeterministic signal source • should only be used in an assign statement
wire r; /* def of a wire variable */assign r=$ND(GO, NOGO); /* nondeterminism */..always@(posedge clk) begin..state = r;/* the state is nondeterm. GO or NOGO */..end
clientA clientB clientC
Example: Arbiter
module main(clk); … // typedef
… // input, output, wire, reg...
controller controllerA(clk, reqA, ackA, sel, pass_tokenA, A); controller controllerB(clk, reqB, ackB, sel, pass_tokenB, B); controller controllerC(clk, reqC, ackC, sel, pass_tokenC, C); arbiter arbiter(clk, sel, active); client clientA(clk, reqA, ackA); client clientB(clk, reqB, ackB); client clientC(clk, reqC, ackC);endmodule
module controller(clk, req, ack, sel, pass_token, id);input clk, req, sel, id;output ack, pass_token;….
endmodule
module arbiter(clk, sel, active);input clk, active;output sel;...
endmodule
module client(clk, req, ack);input clk, ack;output req;...
endmodule
A 2) Laboratorijske vježbe iz verifikacije programskih dijelova:
Algoritmi međusobnog isključivanja procesa(mutex)
Opis implementacije ( I ): SMVOpis specifikacije ( S ): CTL vremenska logikaSustav za verifikaciju: SMV
SMV - Symbolic model verifier
Ken McMillan, CMU, Ph.D. thesis, 1992.
Formalni model (/) - SMV sintaksa
Formalna specifikacija (S) - CTL formule
SMV sustav za
verifikaciju
S
I Da / Ne (+ error trace)foo.smv
Implementacija ( I ):
stroj s konačnim brojem stanja (FSM) u SMV kodu
req = 0
st.=ready
req = 1
st.=ready
req = 1
st.=busy
req = 0
st.=busy
request = {0, 1}
(npr. 1=True, 0=False)
status = {ready, busy}
MODULE main // foo.smv file
VAR
request: boolean // type boolean
status: {ready, busy} // type sclr {ready, busy}
ASSIGN
init (status) := ready; // init status value
next (status) := case // next status value
request : busy;
// if st=rdy req=1 in crnt state, then next st=bsy
1 : {ready, busy};
// else not det.
esac;
SPEC
AG(request -> AF status = busy) // CTL spec.
MODULE main // ring of 3 inverters, each with diff. speed
VAR
gate1 : process inverter(gate3.output);
gate2 : process inverter(gate1.output);
gate3 : process inverter(gate2.output);
// SMV chooses and runs any process module nondeterminist.
// useful to describe parallel processes, e.g comm. protocols
SPEC
(AG AF gate1.out) & (AG AF !gate1.out)
MODULE inverter(input)
VAR
output : boolean;
ASSIGN
init(output) := 0;
next(ouput) := !input;// output inverts input with type chk