rennes, november 04, 2005
DESCRIPTION
Compositional correctness of IP-based system design: Translating C/C++ Models into SIGNAL Processes. Rennes, November 04, 2005. Hamoudi Kalla and Jean-Pierre Talpin Espresso Team. Outline. Introduction Preliminaries Translating C/C++ Models into SIGNAL Processes Principles Example - PowerPoint PPT PresentationTRANSCRIPT
Compositional correctness of IP-based system design:
Translating C/C++ Models into SIGNAL Processes
Rennes, November 04, 2005
Hamoudi Kalla and Jean-Pierre Talpin
Espresso Team
2
Outline Introduction Preliminaries Translating C/C++ Models into SIGNAL Processes
Principles Example Implementation
Conclusion and Future works
3
Simulators and test tools
They may not cover all design errors
We need formal verification to ensure the quality of
system designs we need formal models
C/C++ System Design Validation
Introduction
4
System Design Validation Using Formal Models
Our Methodology
C/C++ ModelsC/C++ Models
Formal Models : SIGNAL processes
Formal Models : SIGNAL processes
automatictranslation
5
Control Data-Flow Graph (CDFG) Single Statement Assignment (SSA)
Preliminaries
6
Preliminaries
Represents a procedure or a program as a directed
graph G=(V, E), where the set V represents control flow
nodes and E represents jumps in the control flow
Control Flow nodes are Basic blocks, Test blocks, and
Join Blocks
Control Data Flow Graph
7
int example(int a, int b, int c)
{
int x, y, z, result;
y = a * b;
z = a * c;
if (y>z) x = y – z;
else x = z – y;
result = x * a;
return result;
}
Preliminaries
Control Data Flow Graph: Nodes
C/C++ program
CDFG
8
Basic Blocks (BB) are
instructions without any
jumps.
Test blocks (T) describe
conditional branching
expressions.
Join blocks (J) represent
the end of conditional
branches.
Preliminaries
Control Data Flow Graph: Nodes
CDFG
9
SSA is a form of Control Data Flow Graph that allows
optimizations to be done efficiently and easily
In SSA, every variable receives exactly one assignment
during its lifetime
Preliminaries
Single Statement Assignment (SSA) Form
…
x = a * b;
x = a * c;
…
…
x1 = a * b;
x2 = a * c;
…
SSA
10 Control Data Flow Graph
its associated Static Single Assignment form
Preliminaries
Single Statement Assignment (SSA) Form
New function
11
Translating C/C++ Models into SIGNAL Processes
C/C++ ModelsC/C++ Models
SIGNAL processesSIGNAL processes
SSA Form
GCC
?
12
Translating C/C++ Models into SIGNAL Processes
C/C++ ModelsC/C++ Models
SIGNAL processesSIGNAL processes
GCC
f1, …, fn
functions
f1 SSA1
fn SSAn SSA1 process1
SSAn processn
…
…
…?
13
Translating C/C++ Models into SIGNAL Processes
Function f(SSA)
Process f(SIGNAL)
Encode nodes, edges,
assignment statement,
conditional branching,
and Ф function
Principle
14
Encoding SSA Nodes (blocks)
Translating C/C++ Models into SIGNAL Processes
Boolean BB1, T2, BB2, BB3, J1, BB4;x
t1 t2 t3 t4 t5 …
BB1 true false false false false …
T2 false true false false false …
BB2 false false true false false …
BB3 false false false true false …
J1 false false false false true …
BB4 false false false false true …
t1 t2 t3 t4 t5 …
BB1 true false false false false …
T2 false true false false false …
BB2 false false true false false …
BB3 false false false true false …
J1 false false false false true …
BB4 false false false false true …
Instants
blocks
15
Translating C/C++ Models into SIGNAL Processes
B1
B2
| B2 : = true when pre_B1 default false
| pre_B1 : = B1$ init false
t1 t2 t3 t4 t5 …
B1 true false false false false …
pre_B1 false true false false false …
B2 false true false false false …
t1 t2 t3 t4 t5 …
B1 true false false false false …
pre_B1 false true false false false …
B2 false true false false false …
Encoding SSA Edges : for Basic and Test blocks
16
Translating C/C++ Models into SIGNAL Processes
Encoding SSA Edges : for Join blocks
J1
B1
| J1 : = true when pre_B1 default true when pre_B2 default false
t1 t2 t3 t4 t5 …
pre_B2 false true false false false …
pre_B1 false false false false false …
J1 false false true false false …
t1 t2 t3 t4 t5 …
pre_B2 false true false false false …
pre_B1 false false false false false …
J1 false false true false false …
B2
17
Translating C/C++ Models into SIGNAL Processes
Encoding Assignment Statement
t1 t2 t3 t4 t5 …
B1 false true false false false false …
Pre_B1 false false true false false false …
x1 0 5 5 5 5 5 …
y1 2 2 2 2 2 2 …
z1 3 3 3 3 3 3 …
t1 t2 t3 t4 t5 …
B1 false true false false false false …
Pre_B1 false false true false false false …
x1 0 5 5 5 5 5 …
y1 2 2 2 2 2 2 …
z1 3 3 3 3 3 3 …
X1 = y1 + z1X1 = y1 + z1
B1| x1 : = ( y1 + z1 ) when B1 default x1$
18
Translating C/C++ Models into SIGNAL Processes
Encoding Conditional Branching Statement
If (x>y) goto B1; else goto B2;If (x>y) goto B1; else goto B2;
T1
B1
| test1 : = (x>y) when T1default false
| pre_test1 : = test1$ init false
t1 t2 t3 t4 t5 …
T1 false true false false false …
pre_T1 false false true false false …
Test1 false true false false false …
pre_test1 false false true false false …
B1 false false true false false …
B2 false false false false false …
t1 t2 t3 t4 t5 …
T1 false true false false false …
pre_T1 false false true false false …
Test1 false true false false false …
pre_test1 false false true false false …
B1 false false true false false …
B2 false false false false false …
B2 | B1 : = true when pre_test1 when pre_T1 default false| B2 : = true when not pre_test1 when pre_T1 default false
19
Translating C/C++ Models into SIGNAL Processes
Encoding Ф Function
X3 = Ф(x1,x2) X3 = Ф(x1,x2)
J1
B1
| x3 : = x1 when pre_B1 default x2
X1 = …X1 = … X2 = …X2 = …
B2
Y = x3 + …Y = x3 + …
B3
20
Translating C/C++ Models into SIGNAL Processes
Encoding Loop Statement : Blocks
If (x>y) goto B1; else goto B2;If (x>y) goto B1; else goto B2;
T1
B2
| test1 : = (x>y) when T1default false
| pre_test1 : = test1$ init false
……
……
B1
……
B0
……
J1
| T1 : = true when pre_B0 default true when pre_B1 default false
| B1 : = true when pre_test1 when pre_T1 default false
| B2 : = true when not pre_test1 when pre_T1 default false
21
Translating C/C++ Models into SIGNAL Processes
Encoding Loop Statement : statements
If (i2<10) goto B1; else goto B2;If (i2<10) goto B1; else goto B2;
T1
B2
| i1 : = 1 when B0 default i1$
……
i3 := i2 + 1i3 := i2 + 1
B1
i1 := 1i1 := 1
B0
i2 := Ф(i1,i3)i2 := Ф(i1,i3)
J1
| i2 : = i1 when pre_B0 default i3
| i3 : = i2$ +1 when pre_B1 default i3$
22
Translating C/C++ Models into SIGNAL Processes
Encoding pointers (1)
x = 10;
if (T) p = &x ;
else p = &y ;
z = *p;
SSAIf (T) goto B1; else goto B2;If (T) goto B1; else goto B2;
T1
B1
p1 = &xp1 = &x p2 = &yp2 = &y
B2
X = 10X = 10
B0
p3 = Ф(p1,p2)p3 = Ф(p1,p2)
J1
z = *p3 z = *p3
B3
Signal
p = (p_tag,p_star)
p_tag = 0 p = &x
p_start = x
p_tag = 1 p = &y
p_start = y
23
Translating C/C++ Models into SIGNAL Processes
Encoding pointers (2)
If (T) goto B1; else goto B2;If (T) goto B1; else goto B2;
T1
B1
p1 = &xp1 = &x p2 = &yp2 = &y
B2
X = 10X = 10
B0
p3 = Ф(p1,p2)p3 = Ф(p1,p2)
J1
z = *p3 z = *p3
B3
p1 = (p1_tag,p1_star)
p1_tag = 0 p1 = &x
p1_star = x
p2 = (p2_tag,p2_star)
p2_tag = 1 p2 = &y
p2_star = y
p3 = (p3_tag,p3_star)
p3_tag = p1_tag U p2_tag
p3_star = Ф (p1_start,p2_star)
| z : = p3_start when B3
| p3_star : =
x when (p3_tag=0) default
y when (p3_tag=1)
24
Translating C/C++ Models into SIGNAL Processes
Implementation
25
A methodology to validate C/C++ system design :
Extend this work in order to:
• encode arrays, pointers and functions calls,
• remove global synchronisation,
• reduce the number of variables/signals.
• it automatically creates formal models from C/C++ system models,
• it is based on the internal representation SSA of GCC and uses the
synchronous language SIGNAL as a formal platform.
Conclusion and Future Works