Carlos Villarraga

Software in a hardware view: New models for HW-dependent software in SoC verification and test

In current practices of SoC design a trend can be observed to integrate more and more low-level software components into the hardware at different levels of granularity. The implementation of important control functions is frequently shifted from the SoCs hardware into its firmware. This calls for new methods for verification and test based on a joint analysis of hardware and software. While most techniques of software verification operate at a hardware-independent level, this paper elaborates on the possible merits of a hardware-dependent software view. It describes a model recently developed for formal HW/SW co-verification of embedded systems. New results are presented on how to model the interaction of hardware and software in a clock cycle-accurate way. The paper presents different application scenarios of the proposed models in SoC verification and outlines future perspectives in testing and the design of fault-resilient systems.

A computational model for SAT-based verification of hardware-dependent low-level embedded system software

This paper describes a method to generate a computational model for formal verification of hardware-dependent software in embedded systems. The computational model of the combined HW/SW system is a program netlist (PN) consisting of instruction cells connected in a directed acyclic graph that compactly represents all execution paths of the software. The model can be easily integrated into SAT-based verification environments such as those based on Bounded Model Checking (BMC). The proposed construction of the model, however, allows for an efficient reasoning of the SAT solver over entire execution paths. We demonstrate the efficiency of our approach by presenting experimental results from the formal verification of an industrial LIN (Local Interconnect Network) bus node, implemented as a software driver on a 32-bit RISC machine.

A property language for the specification of hardware-dependent embedded system software

This paper introduces a new property language for describing the behavior of low-level hardware-dependent software. The design of the language is motivated by the industrial success of property languages for hardware verification by simulation and formal techniques. The new language is constructed to concisely capture the timed behavior of the interactions between software and hardware by means of sequences. In this work we present how the proposed verification language can be used to perform formal verification based on a computational model called program netlist. We show how the sequence model of the language is synthesized and combined with the program netlist so that a unified formula for a decision procedure, e.g., a SAT solver, can be constructed. Furthermore, a method for coverage analysis of property sets is introduced. The coverage criterion we propose determines whether or not the property set completely describes the input/output functional behavior of a program. The paper presents a case study showing how to use the proposed property language in order to specify an industrial implementation of a LIN (Local Interconnect Network) bus driver.

A HW-dependent software model for cross-layer fault analysis in embedded systems

With the advent of new microelectronic fabrication technologies new hardware devices are emerging which suffer from an intrinsically higher susceptibility to faults than previous devices. This leads to a substantially lower degree of reliability and demands further improvements of error detection methods. However, any attempt to cover all errors for all theoretically possible scenarios that a system might be used in can easily lead to excessive costs. Instead, an application-dependent approach should be taken, i.e., strategies for test and error resilience must target only those errors that can actually have an effect in the situations in which the hardware is being used. In this paper, we propose a method to inject faults into hardware and to formally analyze their effects on the software behavior. We describe how this analysis can be implemented based on a recently proposed hardware-dependent software model called program netlist. We show how program netlists can be extended to formally model the behavior of a program in the event of one or more hardware faults. First experimental results are presented to demonstrate the feasibility of our approach.

A HW/SW Cross-Layer Approach for Determining Application-Redundant Hardware Faults in Embedded Systems

Hardware devices of recent technology nodes are intrinsically more susceptible to faults than previous devices. This demands further improvements of error detection methods. However, any attempt to cover all errors for all theoretically possible scenarios that a system might be used in can easily lead to excessive costs. Instead, an application-dependent approach should be taken, i.e., strategies for test and error resilience must target only those errors that can actually have an effect in the situations in which the hardware is being used. In this paper, we propose a method to inject faults into hardware (HW) and to formally analyze their effects on the software (SW) behavior. We describe how this analysis can be implemented based on a recently proposed HW-dependent software model called program netlist (PN). We show how program netlists can be extended to formally model the behavior of a program in the event of one or more hardware faults. Then, it is demonstrated how the results of the PN-based analysis can be exploited by a standard ATPG tool to determine hardware faults at the gate level that are “application-redundant”. Our experimental results show the feasibility of the proposed approach.

Software in a Hardware View

In current practices of SoC design a trend can be observed to integrate more and more low-level software components into the hardware at different levels of granularity. The implementation of important control functions is frequently shifted from the SoC’s hardware into its firmware. This calls for new methods for verification based on a joint analysis of hardware and software. While most techniques of software verification operate at a hardware-independent level, this chapter elaborates on the possible merits of a hardware-dependent software view. The chapter reviews a recently developed model for formal verification of low-level embedded system software called program netlist and details on its applications. In particular, applications for speed-independent and cycle-accurate hardware/software integration are reported. For each studied scenario, this chapter describes how the different challenges of modeling the hardware/software interface can be solved by exploiting the characteristics of the program netlist. For speed-independent hardware/software interaction the equivalence checking problem is studied and results of our proposed solution are presented. For the case of a cycle-accurate hardware/software integration, a model for hardware/software co-verification is developed and experimentally evaluated by applying it to property checking.

Cycle-accurate software modeling for RTL verification of embedded systems

Todays applications for HW/SW-systems, such as the Internet-of-Things, often demand SoC architectures where sophisticated firmware is running on fairly simple processors. Designers face the challenge of meeting high requirements for these systems regarding their efficiency and dependability under severe cost constraints. Targeting such applications this paper presents a new technique to generate a joint computational model for the hardware and its firmware. Generation of our computational model is interleaved with techniques from WCET analysis so that clock-cycle accuracy of the resulting model is achieved. As an application of our approach, we present how to generate a fast, cycle-accurate RTL simulation model that can replace the processor and its firmware in the RTL system description. Our experimental results show an acceleration by an order of magnitude when applying standard cycle-accurate RTL simulation to our modified design.

A computer-algebraic approach to formal verification of data-centric low-level software

Methods of Computer Algebra have shown to be useful when formally verifying data-centric hardware designs. This has been demonstrated especially for cases where complex arithmetic computations are tightly coupled with the systems control structures at the bit level. As a consequence of current design trends, however, more and more functionality that was traditionally implemented in hardware is now shifted into the low-level software of the system. Not only control functions but also more and more arithmetic operations and other data-centric functions are involved in this shift. Motivated by this observation, it is the goal of our work to extend the scope of computer-algebraic methods from hardware to low-level software. The paper develops how hardware-dependent software can be modeled algebraically so that efficient proof procedures are possible. Our results show that also in low-level software a computer-algebraic approach can have substantial advantages over state-of-the-art SMT solving.