By Topic

Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings. First ACM and IEEE International Conference on

Date 24-26 June 2003

Filter Results

Displaying Results 1 - 25 of 33
  • Proceedings First ACM and IEEE International Conference on Formal Methods and Models for Co-Design. MEMOCODE'03

    Save to Project icon | Request Permissions | PDF file iconPDF (280 KB)  
    Freely Available from IEEE
  • Executable computational logics: combining formal methods and programming language based system design

    Page(s): 3 - 9
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (285 KB) |  | HTML iconHTML  

    An executable computational logic can provide the desired bridge between formal system properties and formal methods to verify them on the one hand, and executable models of system designs based on programming languages on the other. However, not all such logics are equally well suited for the task. This paper gives some requirements that seem important for a computational logic to be suitable in practice, and discusses the experience with rewriting logic, its Maude language implementation, and its formal tool environment, concluding that they seem to meet well those requirements. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • MoDe: a method for system-level architecture evaluation

    Page(s): 13 - 23
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (359 KB) |  | HTML iconHTML  

    System-level design methodologies for embedded HW/SW systems face several challenges: In order to be susceptible to systematic formal analysis based on state-space exploration, a modeling notation with a simple formal semantics is desired. Architecture-level engineering practice demands notations, which concentrate on certain aspects of system functionality, while other aspects (such as communication and scheduling) are implicitly encoded in the language semantics, and realized using HW/SW components such as operating systems and protocol stacks. We describe a system-level design methodology targeted for automotive control applications. Models in a simple graphical component-based input language are compiled into complex system models incorporating abstractions for hardware, operating systems, and inter-processor communication. System models are based on the synchronous AutoFocus notation and are used as a basis for formal analysis such as systematic worst-case response time analysis. The paper describes a reference architecture for implementation, the MoDe design notation, and the translation to system models along with an outlook giving a perspective for analysis. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • From use cases to system implementation: statechart based co-design

    Page(s): 24 - 33
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (459 KB) |  | HTML iconHTML  

    This paper proposes a methodology for embedded systems co-design, based on statechart models. The process starts with grabbing the system functionalities through use cases. A set of procedures addressing the implementation of statechart models is presented. The main goal of this set of procedures is to lift the structuring mechanisms presented in statecharts to the top level. In this sense, the complexity of statechart implementation will be similar to the complexity of communicating concurrent state machines and the platforms selected to support implementation will not need to have specific capabilities to directly support the structuring mechanisms of Harel's statecharts. As a consequence, full direct implementation of statecharts is possible considering different types of implementation platforms, ranging from hardware-centric or software-centric to hardware-software partitioning through codesign techniques. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Petri net based interface analysis for fast IP-core integration

    Page(s): 34 - 42
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (506 KB) |  | HTML iconHTML  

    An interface process generation methodology, based on Petri nets, is described for fast integrating point-to-point communicating modules. Formal basis of this methodology ease behavioral property-checking and consistent execution of the generated interface process. The exposed technique allows fast incorporation of third-party cores into SoPC systems design where integration task is often a barrier for reusability. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Goal-oriented requirements analysis for process control systems design

    Page(s): 45 - 46
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (225 KB) |  | HTML iconHTML  

    During the last two decades, a lot of effort has been focused on automating the generation of software applications. The automation process can start early, after some manual stage(s) or following (a) previous automatic stage(s). Such automation tools should have the capability of generating executable programs, specifications, or formal requirements, as appropriate. The requirements gathering and checking is considered as the most important phase to eliminate bugs that appear later and may be removed during the design or implementation phases, but with higher cost and effort. The GOPCSD (goal-oriented process control systems design) tool is designed to gather and structure the requirements for process control systems. The tool achieves separation between the process system engineer's view and the software engineer's. The tool hides the mathematic details of B method from the system engineer; enabling him to focus only on the operation specifications while the software engineer within the B toolkit environment focuses on programming paradigms. Some adaptations have been applied to the method of KAOS in order to yield maximum benefit while minimizing both the required time and the effort to complete the gathering of application requirements for process control systems. After studying different process control case studies, six patterns have been identified: two (alternative and conjunction pattern) of them extending the existing patterns in the KAOS method and four (sequence, disjunction, simultaneous, and inheritance patterns) are new and can be extensively found within the process control systems. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analyzing concurrency in computational networks

    Page(s): 47 - 48
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (213 KB) |  | HTML iconHTML  

    We present a concurrency model that allows reasoning about concurrency in executable specifications. The model mainly focuses on data-flow and streaming applications and at task-level concurrency. The aim of the model is to provide insight in concurrency bottlenecks in an application and to provide support for performing implementation independent concurrency optimization. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Translating Fusion/UML to Object-Z

    Page(s): 49 - 50
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (231 KB) |  | HTML iconHTML  

    We present an extension of the development method Fusion/ UML that translates the results of analysis and design into the formal specification language Object-Z. The extended process establishes a consistency relationship between analysis and design. Furthermore, a formal specification for the implementation is produced. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Finding good counter-examples to aid design verification

    Page(s): 51 - 52
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (220 KB) |  | HTML iconHTML  

    Today up to 80% of the design costs for integrated circuits are due to verification. Verification tools guarantee completeness if equivalence of two designs or a property for a design is proven. In the other case, usually only one counter-example is produced. Then debugging has to be carried out to locate the design error. This paper investigates, how debugging can benefit from using more than one counter-example generated by the verification tool. The problem of finding useful counter-examples is theoretically analyzed and proven to be difficult. Heuristics are introduced and their quality is underlined by experimental results. Guidelines how to generate counter-examples are extracted from one of these heuristics. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • High level verification of control intensive systems using predicate abstraction

    Page(s): 55 - 64
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (311 KB) |  | HTML iconHTML  

    Predicate abstraction has been widely used for model checking hardware/software systems. However, for control intensive systems, existing predicate abstraction techniques can potentially result in a blowup of the size of the abstract model. We deal with this problem by retaining important control variables in the abstract model. By this method we avoid having to introduce an unreasonable number of predicates to simulate the behavior of the control variables. We also show how to improve predicate abstraction by extracting useful information from a high level representation of hardware/software systems. This technique works by first extracting relevant branch conditions. These branch conditions are used to invalidate spurious abstract counterexamples through a new counterexample-based lazy refinement algorithm. Experimental results are included to demonstrate the effectiveness of our methods. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal verification of an Intel XScale processor model with scoreboarding, specialized execution pipelines, and impress data-memory exceptions

    Page(s): 65 - 74
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (714 KB) |  | HTML iconHTML  

    We present the formal verification of an Intel Xscale processor model. The Xscale is a superpipelined RISC processor with 7-stage integer, 8-stage memory, and variable-latency multiply-and-accumulate execution pipelines. The processor uses scoreboarding to track data dependencies, and implements both precise and imprecise exceptions. Such set of features had not been modeled and formally verified previously. The formal verification was done with an automatic tool flow that consists of the term-level symbolic simulator TLSim, the decision procedure EVC, and an efficient SAT-checker. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Combining ACL2 and a /spl nu/-calculus model-checker to verify system-level designs

    Page(s): 75 - 84
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (353 KB) |  | HTML iconHTML  

    The purpose of this paper is the formal verification of temporal properties of system-level descriptions that include both a control part, which corresponds to a finite set of symbolic states, and a data path with numeric variables. Keeping these variables under their numeric form, without assuming any encoding, induces an infinite state space. We propose a combination of a model-checker for the modal /spl nu/-calculus with the theorem prover ACL2. Due to the induction mechanism of ACL2, this approach allows to consider the infinite state space without having to appeal to reduction techniques. Two simple but significant examples illustrate our results. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Engineering changes in field modifiable architectures

    Page(s): 87 - 94
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (329 KB) |  | HTML iconHTML  

    Because there is a need for engineering changes to fix design errors and satisfy design constraints even after chip fabrication, design flexibility and debuggability are extremely important to provide reliable designs and shorten time-to-market. In this paper, we propose a new VLSI architecture called field modifiable architecture (FMA) and its design method. Because of the nature of reprogrammability in FMAs, all of the engineering changes in designs are resolved at specification-level in terms of code recompilation. As a result, engineering changes even after chip fabrication are realized easily without wasting design time. In the experiment, two examples of engineering changes are demonstrated to investigate the efficiency of our proposed method. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Panel: hierarchical and incremental verification for system level design: challenges and accomplishments

    Page(s): 97 - 99
    Save to Project icon | Request Permissions | PDF file iconPDF (215 KB)  
    Freely Available from IEEE
  • How to compute the refinement relation for parameterized systems

    Page(s): 103 - 112
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (494 KB) |  | HTML iconHTML  

    In this paper, we present a refinement verification for a class of parameterized systems. These systems are composed of an arbitrary number of similar processes. As in (Abdulla et al., 199) we represent the states by regular languages and the transitions by transducers over regular languages. If we can compute a symbolic model by acceleration of the actions, then we can also verify a refinement relation R between the symbolic models. We show that, under some conditions, if R is verified between two symbolic models, then refinement is verified between concrete parameterized systems. Then, we can take advantage of the property (safety and PLTL properties) preservation by refinement for their verification. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using SSDE for USB2.0 conformance co-verification

    Page(s): 113 - 122
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (738 KB) |  | HTML iconHTML  

    Keeping up with the increase in system design complexity requires the deployment of extensive engineering re-use technologies, so-called platform-based design techniques (Chang et al., 1999). When creating derivatives of such a complex systems-on-chip (SOC) platform, verification represents 70% of the overall cost. In this process, functional verification has become a huge obstacle. Engineers are assumed to know how to ensure conformance to an ambiguous specification by developing a million test vectors, which may represent only 50 milliseconds of real-time operation underlines Bob Payne, CTO Philips Semiconductors US (Scott et al., 2001). Moreover, software is playing an increasing if not dominant role especially in this platform derivative game, resulting in a burning need for a software and hardware functional co-verification solution at the integrated SOC level but also in the early intellectual property (IP) development cycles. In this paper we illustrate the use of SSDE for USB2.0 conformance co-verification. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • From algorithm and architecture specifications to automatic generation of distributed real-time executives: a seamless flow of graphs transformations

    Page(s): 123 - 132
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (374 KB) |  | HTML iconHTML  

    This paper presents a seamless flow of transformations, which performs dedicated, distributed executive generation from a high level specification of a pair: algorithm, architecture. This work is based upon graph models and graph transformations and is part of the AAA methodology. We present an original architecture model, which allows to perform accurate sequencer modeling, memory allocation, and heterogeneous inter-processor communications for both modes shared memory and message passing. Then we present the flow of transformations that leads to the automatic generation of dedicated real-time distributed executives, which are deadlock free. This transformation flow has been implemented in a system level CAD software tool called SynDEx. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Methods for exploiting SAT solvers in unbounded model checking

    Page(s): 135 - 142
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (340 KB) |  | HTML iconHTML  

    Modern SAT solvers have proved highly successful in finding counterexamples to temporal properties of systems, using a method known as "bounded model checking". It is natural to ask whether these solvers can also be exploited for proving correctness. In fact, techniques do exist for proving properties using SAT solvers, but for the most part existing methods are either incomplete or have a low capacity relative to bounded model checking. In this paper we consider two new methods that exploit a SAT solver's ability to generate refutations in order to prove properties in an unbounded sense. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the use of a high-level fault model to check properties incompleteness

    Page(s): 145 - 152
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (326 KB) |  | HTML iconHTML  

    The use of model checking to validate descriptions of digital systems lacks a coverage metrics. The set of proven properties can be incomplete, thus not guaranteeing the behavioral checking completeness of the digital system implementation with respect to the specification. This paper proposes a coverage methodology based on a combination of model checking, high-level fault simulation and automatic test pattern generation, to estimate the incompleteness of a set of formal properties. The adopted high-level fault model allows to join dynamic and formal verification. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Exact runtime analysis using automata-based symbolic simulation

    Page(s): 153 - 162
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (366 KB) |  | HTML iconHTML  

    In this paper, we present a technique for determining tight bounds on the execution time of assembler programs. Thus, our method is independent of the design flow, but takes into account the target architecture to obtain accurate estimates. The key idea is to compute the maximal number of executed instructions by means of symbolic simulation. To this end, we utilize a slight extension of Presburger arithmetic that can be translated to finite automata. Finite automata are an efficient data structure for symbolically traversing the state space of a program. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Real-time property preservation in approximations of timed systems

    Page(s): 163 - 171
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (379 KB) |  | HTML iconHTML  

    Formal techniques have been widely applied in the design of real-time systems and have significantly helped detect design errors by checking real-time properties of the model. However, a model is only an approximation of its realization in terms of the issuing time of events. Therefore, a real-time property verified in the model can not always be directly transferred to the realization. In this paper, both the model and the realization are viewed as sets of timed state sequences. In this context, we first investigate the real-time property preservation between two neighboring timed state sequences (execution traces of timed systems), and then extend the results to two "neighboring" timed systems. The study of real-time property preservation gives insight in building a formal link between real-time properties satisfied in the model and those in the realization. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reliability evaluation for dependable embedded system specifications: an approach based on DSPN

    Page(s): 172 - 179
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (321 KB) |  | HTML iconHTML  

    The functioning of the computer as a control component within a larger overall application, as in the embedded systems, may affect the application's integrity as well as people and equipment involved by the application. A computer like any physical system is subject to failure with consequences ranging from inconvenience to catastrophe. This paper proposes high level models for fault tolerant mechanisms, in special TMR and recovery block, based on deterministic and stochastic Petri net (DSPN). By means of the proposed models it is possible to perform preliminary reliability analysis and the obtained results might be considered in a co-design methodology. The proposed approach allows the modeler to calculate the reliability of a fault tolerant embedded system as a function of the failure rate. In this paper this feature is extended to allow for the determination of the reliability combining a range of failure rates. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modular hierarchies of models for embedded systems

    Page(s): 183 - 195
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (661 KB) |  | HTML iconHTML  

    Today, in general, software is embedded, distributed onto networks and structured into logical components that interact asynchronously. We study fundamental models of composed software systems and their properties, identify and describe various basic views, and show how they are related. We concentrate on models of composed systems that interact by message exchange. We consider, in particular, models of data, states, interfaces, hierarchical composed systems, and processes. We study relationships by abstraction and refinement as well as forms of composition and modularity. In particular, we introduce a comprehensive mathematical model for composed systems, its views and their relationships. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verification of transaction-level SystemC models using RTL testbenches

    Page(s): 199 - 203
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (213 KB) |  | HTML iconHTML  

    System architects working on SoC design have traditionally been hampered by the lack of a coherent methodology for architecture evaluation and co-verification of hardware and software. SystemC 2.0 facilitates the development of transaction-level models (TLMs), which are models of the hardware system components at higher level of abstraction than RTL. Due to lower modeling effort yet higher simulation speed, TLMs are useful for architectural exploration, algorithmic evaluation, hardware-software partitioning and software development. The problems posed by SOC design methodologies require development of models at higher abstraction also for the earlier developed IP's. The development time of a TLM IP is already low, so if we can reduce the verification time by re-use of the earlier RTL test benches we can reduce the overall cost of such an IP TLM. This paper focuses on the methodology to use the RTL testbenches for verification of a SystemC model of the same IP at a higher abstraction level (transaction level), some tools available in the market to support this testbench reuse and the implementation challenges posed by the mentioned verification technique. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • LOTOS code generation for model checking of STBus based SoC: the STBus interconnection

    Page(s): 204 - 213
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (367 KB) |  | HTML iconHTML  

    In the design process of SoC (System on Chip), validation is one of the most critical and costly activity. The main problem for industrial companies like STMicroelectronics, stands in validation at the complete system level. At this level, the properties to verify concern the well behavior composed of the different processes interconnected around the system bus. In our work we consider the deadlock-free property. In this paper we present an approach for deadlock detection consisting in generating automatically a LOTOS description of the system. Then, by using CADP toolbox developed at INRIA by the VASY team, the LOTOS description can then be used for the evaluation of temporal logic formula, either on-the-fly or after the generation of a labeled transition system (LTS). The automatic LOTOS code generation is decomposed in two parts, the code generation of the processes behavior (work under progress) and the code generation for the interconnection of processes on a given SoC bus. This paper presents the principles of interconnect abstraction showing that deadlock detection has to take into account properties of the implemented communication channel, avoiding the possibility to build a general deadlock detection tool. The resulting principles are then applied on the STMicroelectronics proprietary SoC bus, the STBus, leading in the development of the LOTOS code generation software. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.