Introducing Formal Validation in an Asynchronous Circuit Design Flow D. Borrione, M. Boubekeur, E. Dumitrescu (VDS) M. Renaudin, J.B. Rigaud, A. Sirianni (CIS) TIMA Laboratory 46 avenue Felix Viallet 38031 Grenoble Cedex France D. Borrione et al. 1
Contents H Asynchronous circuit design flow H Validation of specifications H On-going experiments D. Borrione et al. 2
TAST (Tool for Asynchronous circuits SynThesis) Global Design Flow CHP Specification Petri Net + DFG Validation by Asynchronous Simulation Synthesis Asynchronous Behavioral VHDL netlist VHDL Back-end Standard VHDL tools design tools Simulator D. Borrione et al. 3
TAST Compiler : Compiling Specifications CHP Code CHP Compiler Petri Net + DFG D. Borrione et al. 4
TAST Model Generator Validation by Simulation Petri Net + DFG Simulation Model Generator VHDL Custom Libraries Behavioral Asynchronous for Simulation VHDL Model D. Borrione et al. 5
TAST Synthesizer Asynchronous Synthesis DTL Compliance Checker Synthesizable PN + DFG QDI Flavor µP Flavor Synthesizer Synthesizer Custom Cell Libraries VHDL Gate Level Netlist Std Cell Libraries D. Borrione et al. 6
Characteristic Features of CHP component NAME Port (….) Declaration of local objects begin List of concurrent processes and interconnected component instances end NAME; Communications: ! (send) ? (receive) # (probe) Control structures: deterministic/non-deterministic selection and loop Asynchronous circuit specific types: signed/unsigned multi-rail D. Borrione et al. 7
Data encoding MR[b] : multi-rail « one-hot » encoding ⇒ represents values in the range 0..b-1 Example : MR[3] codes values in the range 0..2 MR[3] type variable 000: no data 001: "0" rail0 010: "1" rail1 100: "2" rail2 D. Borrione et al. 8
Data encoding : communication channels MR (multi-rail) encoding + additional acknowledge signal, to support handshaking communication protocols Example : dual rail channel 1 3 DR type channel rail0 rail0 rail1 rail1 ack ack 2 4 D. Borrione et al. 9
Data Flow Circuit Example Specified behavior (DI, one-hot) If ctrl = "001" then E is read and then written on S1. If ctrl = "010" then E is read and then written on S2. If ctrl = "100" then E is read and then written in parallel on S1 and S2. Selector C(2) C S1(1) C(1) S1 S1(0) C(0) S1_ack C_ack S2(1) S2 S2(0) E(1) E S2_ack E(0) E_ack D. Borrione et al. 10
CHP Circuit Specification Selector COMPONENT Selector PORT (E: IN DR; C(2) C C: IN MR[3][1]; S1(1) C(1) S1 S1, S2 : OUT DR ) S1(0) C(0) BEGIN S1_ack C_ack PROCESS main PORT (C: IN MR[3][1]; S2(1) S2 E: IN DR; S2(0) E(1) E S1, S2 : OUT DR ) S2_ack E(0) E_ack variable x: DR; variable ctrl: MR[3][1]; [ *[C?ctrl; [ ctrl = "0"[3] => E?x; S1!x @ ctrl = "1"[3] => E?x; S2!x @ ctrl = "2"[3] => E?x; S1!x, S2!x ] ] ] END Selector ; D. Borrione et al. 11
Petri Net of Selector T1 P0 C ?ctrl ; T0 P9 ctrl= ″ 0 ″ [ 3 ] ctrl = ″ 1 ″ [ 3 ] ctrl = ″ 2 ″ [ 3 ] T10 T14 T4 E ? x; P7 P5 E ? x; P2 E ? x; T13 T9 T3 S1 !x ; S2 !x ; P4 S1 !x ; P3 P8 P6 S2 !x ; T15 T5 T14 P1 T2 D. Borrione et al. 12
Asynchronous Synthesis C_ack C_2, C_1, C_0 C3r C3r S1_0 S1_ack S1_1 C3r E_0 E_ack E_1 S2_0 C3r S2_ack S2_1 C3r C2 C3r D. Borrione et al. 13
Formal Verification Flow Petri Net - DFG QDI Flavor PN with Expanded Synthesizer Communications Environment VHDL Gate Level Netlist Constraints Pseudo-synchronous VHDL Behavioral Model Model checking D. Borrione et al. 14
Translating Petri Net to Verifiable VHDL The Petri Net of the CHP specification gives the control flow actions are attached to places conditions are attached to transitions Places with communication are considered state holding Abstract communications have to be expanded, w.r.t. the data type of the interconnection signals the hand-shaking protocol Carefully select a target VHDL subset and style RTL, synthesizable, verifiable by commercial tools artificial clock added for making execution cycles visible D. Borrione et al. 15
Translation of communications : Read C ? Ctrl P CHP declaration ((C="001" Or C="010") C : IN MR [3][1]; Variable Ctrl : MR [3][1]; or C="100") Ctrl <= C ; P_1 P C ? ctrl C_ack <= ‘0’ ; C= ″ 000 ″ Signal C : IN bit_vector (2 downto 0); Signal C_ack : OUT bit; --Acknowledgement P_2 C_ack <= ‘1’ ; Signal Ctrl : Bit_vector (2 downto 0); D. Borrione et al. 16
Translation of communications : Write S ! X CHP declaration P S <= X ; S : OUT DR Variable X : DR; S_ack =’0’ P_1 S <= ’00’ ; P S ! x S_ack= ’1’ Signal S : out Bit_vector (1 downto 0); Signal S_ack : in bit; -- Acknowledgement P_2 Signal X : Bit_vector (1 downto 0); D. Borrione et al. 17
Constraints on the environment Environment C(2) C S1(1) C(1) S1 S1(0) C(0) S1_ack C_ack Selector S2(1) S2 S2(0) E(1) E E(0) S2_ack E_ack Input channel constraint C_Env1 After Ex11_Ent : P0 = True Eventually (Ex11_Ent : C = x "1" or Ex11_Ent : C = x "2" or Ex11_Ent : C = x "4") and Ex11_Ent : P0 = True Meaning : Each time place P0 is active, an incoming control request will eventually occur. D. Borrione et al. 18
Resulting Verifiable VHDL Model entity EX11_Ent is port ( C : in bit_vector(2 downto 0); C_a : out bit; S1, S2 : out bit_vector(1 downto 0); S1_a, S2_a : in bit; … clk, rst : in bit); end EX11_Ent; architecture EX11_a of EX11_Ent is signal Pi, P0, …: boolean; begin P7 E ? x; process(clk, rst) begin if (rst='0') then -- initialization at reset S1 <="00"; S2 <="00"; C_a <= '1'; E_a <= '1'; Pi <= true; … elsif clk'event and clk='1' then -- fictitious clock edge … if P7_1 then EX11_MAIN_X <= E; E_a <= '0'; end if; -- start of read action at place P7 if P7_2 then E_a <= '1'; end if; -- acknowledge hand-shake at expansion of P7 ... end if; end process; end EX11_a; D. Borrione et al. 19
Other Input Channel Constraints Each time request C is acknowledged (C_ack = 0), C will eventually return to zero. C_Env2 After : Ex11_Ent:C_ack = 0 Eventually : Ex11_Ent:C = x "0" A request is stable until it is acknowledged Stable_C After : Ex11_Ent:C = x "1" or EX11_Ent:C = x "2" or EX11_Ent:C = x "4" Always : Exp1_Ent:C = stable Unless : Exp1_Ent:C_ack = 0 D. Borrione et al. 20
Output Channel Constraints After a request on S (S1(1) = 1 or S1(0) = 1), an acknowledgement will eventually be received (S1_ack = 0). S1_Env1 After : Exp1_Ent:S1(1) = 1 or Exp1_Ent:S1(0) = 1 Eventually : Exp1_Ent:S1_ack = 0 After the write transaction on channel S is finished (S = x "0"), the acknowledgement will eventually be deactivated (S_ack = 1). S1_Env2 After : Exp1_Ent:S1 = x"0" Eventually : Exp1_Ent:S1_ack = 1 D. Borrione et al. 21
Some verified properties Accessibility of Petri Net places/path Meaning of property A1 : If place P01 is active and an incoming request C = x"1" arrives, then a write will eventually occur on S1. A1) After : EX11_Ent:P01 = True and EX11_Ent:C = x "1" Eventually : EX11_Ent:S1(1) = 1 or EX11_Ent:S1(0) = 1 A2) After : EX11_Ent:P01 = True and EX11_Ent:C = x "2" Eventually : EX11_Ent:S2(1) = 1 or EX11_Ent:S2(0) = 1 A3) After : EX11_Ent:P01 = True and EX11_Ent:C = x "4" Eventually : (EX11_Ent:S1(1) = 1 or EX11_Ent:S1(0) = 1) and (EX_Ent:S2(1) = 1 or EX11_Ent: S2(0) = 1) D. Borrione et al. 22
Refining the State Machine Model H Current Petri Net: ! One place marking combination = one FSM state . Combinational explosion ! Objective: distinguish between . Internal computation control . Synchronization from communication events D. Borrione et al. 23
Petri Net Transformations T C not C T S <= exp S <= exp2 S <= C ? exp1 : exp2 1 1 T S1 <= ex p1 T S1 <= ex p1 1 S2 < = ex p2 S2 < = ex p2 D. Borrione et al. 24
Current work H Develop validation strategies for classes of circuits H Verifying the asynchronous synthesis ! Component libraries compliance to verifiable VHDL ! Properties of the resulting asynchronous circuit . No equivalence . Stuttering simulation D. Borrione et al. 25
Recommend
More recommend