Katell Morin-Allory

Proven correct monitors from PSL specifications

We developed an original method to synthesize monitors from declarative specifications written in the PSL standard. Monitors observe sequences of values on their input signals, and check their conformance to a specified temporal expression. Our method implements both the weak and strong versions of PSL FL operators, and has been proven correct using the PVS theorem proven This paper discusses the salient aspects of the proof of our prototype implementation for on-line design verification

On-line assertion-based verification with proven correct monitors

In the context of embedded systems design, the authors developed an original method for generating hardware that monitors signals whose behavior is specified by logical and temporal properties written in PSL. The method is based on a library of primitive digital components, and a technique to interconnect them, both formally proven correct with respect to the mathematical semantics of PSL. The resulting digital module can be properly connected to the signals of the design under scrutiny. Monitoring runs concurrently with the observed signals, and notifies its environment whether the property checking is terminated or is still pending. A prototype implementation on a FPGA platform provides enough execution efficiency to allow the verification of a system on a chip running its own software. In this method, on-line monitoring imposes a circuit overhead that increases gracefully with the number of nested PSL operators, and the upper bound of the temporal observation window after property triggering

High-level symbolic simulation for automatic model extraction

This paper describes VSYML, a symbolic simulator that extracts formal models from VHDL descriptions. The generated models are adequate to formal reasoning in various frameworks. VSYML is a reimplementation of its ancestor Theosim; it brings various improvements e.g., with regard to arrays and other complex data types.

Asynchronous On-Line Monitoring of Logical and Temporal Assertions

PSL is a standard formal language to specify logical and temporal properties under the form of assertions. This paper presents the synthesis of PSL assertions into asynchronous hardware monitors that can be linked to the circuit under monitoring. The checker synthesis is based on a systematic interconnection of asynchronous primitive monitors corresponding to PSL operators. The asynchronous monitors are implemented with quasi delay insensitive logic which gives reliable and robust monitors in the case of truly asynchronous events, temperature or voltage variations. These monitors are applicable to a wider range of verification tasks such as the communications among globally asynchronous modules or in safe or secure applications.

SyntHorus: Highly efficient automatic synthesis from PSL to HDL

We propose a linear complexity approach to achieve automatic synthesis of designs from temporal specifications. Each property is turned into a component combining monitor and generator features: the extended-generator. We connect them with specific components to obtain a design that is correct by construction. It shortens the design flow by removing implementation and functional verification steps. Our approach synthesizes circuits specified by hundreds of temporal properties in a few seconds. Complex examples (i.e. CONMAX-IP and GenBuf) show the efficiency of the approach.

Assertion-Based Design with Horus

The Horus tool, based on formally proven correct methods, provides a unified support to assertion-based design, between the specification and the test phases. Given a set of logical and temporal properties written in PSL, Horus automatically constructs a test environment for the design. This construction is fast, correct, and produces efficient monitors and generators. The size of the instrumented design is determined by the number of distinct properties needed to specify the behavior and by the number of repetitions of each property over duplicated blocks that play symmetric roles. We have seen in the case of a wishbone switch that the number of repetitions may be quadratic in the number of nodes that compete for a resource, times the number of resources. The main advantages of our tool is to cover the whole PSL simple subset, and the whole verification flow: from the simulation to the online testing. When synthesized on FPGA, the instrumented design under test can execute at full speed.

Verification of safety properties for parameterized regular systems

We propose a combination of heuristic methods to prove properties of control signals for regular systems defined by means of affine recurrence equations (AREs). We benefit from the intrinsic regularity of the underlying polyhedral model to handle parameterized systems in a symbolic way. Our techniques apply to safety properties. The general proof process consists in an iteration that alternates two heuristics. We are able to identify the cases when this iteration will stop in a finite number of steps. These techniques have been implemented in a high level synthesis environment based on the polyhedral model.

Delay Insensitivity Does Not Mean Slope Insensitivity

Asynchronous circuits are well known for their intrinsic robustness to process, voltage and temperature variations. Nevertheless, in some extreme cases, it appears that their robustness is not sufficient to guarantee a correct circuit behavior. This limitation, which is caused by an analog phenomenon, appears when the transition slopes in input of C-elements become very slow. This paper describes in details this phenomenon and studies the robustness of different C-element topologies. The simulations, which have been performed in 130, 65 and 45 nm CMOS technologies, show an overview of the C-element behavior in presence of these slow ramps. This gives a comprehensive understanding of the phenomenon and suggests an appropriate approach for choosing the well-suited C-element topology for everybody facing these difficulties.

Property-Based Dynamic Verification and Test

Property-Based Verification has become a main stream part of industrial design flows, supported by a mature technology for the development of production quality design tools. For large systems that defeat formal verification methods, dynamic verification is called on designs directly connected to test generators and signal observers that are compiled from the properties. The quality of tests and debug efficiency are greatly improved. This chapter exposes the principles on which this verification approach is implemented in the Horus verification system. Temporal properties, written in a standard (PSL or SVA) language, are automatically translated into synthesizable IP’s, using an efficient and proven correct method. Resulting monitors (for observing asserted properties) and generators (for generating constrained test vectors) are automatically connected to the design under verification by Horus, providing an instrumented design that can be simulated, emulated or synthesized. The method is illustrated on a realistic design: the conmax_ip controller.

Formal Verification of C-element Circuits

It is well known that the correct behavior of asynchronous circuits is not guaranteed when the inputs switch too slowly. The erroneous behavior is generally difficult to be spotted by simulation based methods. We applied formal methods to study the analog switching behavior of a full-buffer circuit composed of C-elements. We used our reach ability analysis tool COHO to compute all reachable states of two C-element designs and verified several analog properties. Based on these properties, we identified a sufficient condition under which the full-buffer circuit always supports the designed handshaking protocol. We also improved the COHO tool to automate the verification process, reduce error and improve performance.