systemc semantics by actors and reduction techniques in model checking
DESCRIPTION
SystemC Semantics by Actors and Reduction Techniques in Model Checking. Marjan Sirjani Formal Methods Lab, ECE Dept. University of Tehran, Iran MoCC 2008 Eindhoven. Outline of the Talk. Motivation and Goal SystemC Actors and Rebeca Coordinating Actors Mapping SystemC to Actors - PowerPoint PPT PresentationTRANSCRIPT
SystemC Semantics by Actors and
Reduction Techniques in Model Checking
Marjan Sirjani Formal Methods Lab, ECE Dept.
University of Tehran, Iran
MoCC 2008Eindhoven 1
Outline of the Talk
Motivation and Goal SystemC Actors and Rebeca Coordinating Actors Mapping SystemC to Actors Model Checking SystemC Designs Conclusion
2
Motivation Integrating heterogeneous components Increasing complexity of microelectronic systems
Demand an appropriate increase in the level of abstraction in design =>
using SystemC and/or Actors
Sufficient verification/validation of complex designs High amount of effort for simulation
Demand a formal verification approach => mapping
3
Goal
A model for system-level design Modeling different levels of abstraction
Software TLM RTL
in a consistent manner.
Closer to the application domain
A tool for formal verification of system-level designs
4
Why SystemC?
A standard language for modeling embedded systems at system level
An object-oriented language supporting Modularity Concurrency Synchronization
5
Why Actor?
Actor-based design: high level of abstraction• Inherent Concurrency: provided by means
of concurrent actors• No threads• Actors: units of concurrency
• Event-driven computational model: message passing and event-driven execution of actors
6
Applications
Models: Actors
Programs: SystemC
Executables
Silicon Chips
7
SystemC
8
9
SystemC
A system-level design language
Design of the hardware and software components together at a high level of abstraction
Simulation kernel manages process interactions
9
SystemC Modularity: SC_MODULE
Contains: ports, signals, variables, constructor, functions, processes
Concurrency: Processes SC_Method: atomic execution SC_Thread: wait statements
Synchronization: Events Explicit: event of type SC_EVENT
Calling notify() method Implicit: change of the value of signals
10
11
SystemC Simulation Kernel
Each simulation cycle has two phases Evaluation
Execution of the ready to run processes Update
After delta time Signal Updates
Two dimension timing to implement concurrency Physical time Delta time
11
Actors and Rebeca
12
Traditional Actor
Agent-based model, introduced by Hewitt, 1970
Developed as a concurrent object-based language by Agha, 1980
Concurrent objects communicating with each other through asynchronous message passing
Actors know about the communicating partners Objects take messages from their queues and reacts
to them Do some computation Send messages to other objects
13
14
Rebeca Language
Reactive Objects Language Actor-based
A Rebeca model is Set of concurrently executing reactive objects Interacting by Asynchronous messages
Rebeca Language
Rebecs are instances of Reactive Classes Reactive Classes
A queue for messages Message servers State variables
Rebecs are running concurrently Take a message from the queue and execute the
related message server atomically
15
Rebeca
Actor-based Inherent concurrency Units of modeling = units of concurrency Event-driven
Built for verification purposes model checking support compositional verification
Formal semantics Firm basis for verification
1616
System Design Using Rebeca
System components are running concurrently
Considering a rebec for each component
Each component knows other components to which it interacts with and directly send messages to them
17
Rebec1
ComputationalActor 1
Rebec2
ComputationalActor 2
Rebec3
ComputationalActor 3
Rebec4
ComputationalActor 4
Rebec5
Computational Actor 5
18
Rebec1
ComputationalActor 1
Rebec2
ComputationalActor 2
Rebec3
ComputationalActor 3
Rebec4
ComputationalActor 4
Rebec5
Computational Actor 5
19
Rebec1
ComputationalActor 1
Rebec2
ComputationalActor 2
Rebec3
ComputationalActor 3
Rebec4
ComputationalActor 4
Rebec5
Computational Actor 5
20
Rebec1
ComputationalActor 1
Rebec2
ComputationalActor 2
Rebec3
ComputationalActor 3
Rebec4
ComputationalActor 4
Rebec5
Computational Actor 5
21
Rebec1
ComputationalActor 1
Rebec2
ComputationalActor 2
Rebec3
ComputationalActor 3
Rebec4
ComputationalActor 4
Rebec5
Computational Actor 5
22
Coordinating Actors
23
New Generation of Actors
Keeping Actors as simple as possible Actors do not know about the scenarios which
activate other actors Moving towards component-based designs Extracting coordination parts from computational
parts A coordinating Actor is responsible for activating
other actors
24
Rebec1
ComputationalActor 1
Rebec2
ComputationalActor 2
Rebec3
ComputationalActor 3
Rebec4
ComputationalActor 4
Rebec5
CoordinatingActor
25
Rebec1
ComputationalActor 1
Rebec2
ComputationalActor 2
Rebec3
ComputationalActor 3
Rebec4
ComputationalActor 4
Rebec5
CoordinatingActor
26
Rebec1
ComputationalActor 1
Rebec2
ComputationalActor 2
Rebec3
ComputationalActor 3
Rebec4
ComputationalActor 4
Rebec5
CoordinatingActor
27
Rebec1
ComputationalActor 1
Rebec2
ComputationalActor 2
Rebec3
ComputationalActor 3
Rebec4
ComputationalActor 4
Rebec5
CoordinatingActor
28
Rebec1
ComputationalActor 1
Rebec2
ComputationalActor 2
Rebec3
ComputationalActor 3
Rebec4
ComputationalActor 4
Rebec5
CoordinatingActor
29
Rebec1
ComputationalActor 1
Rebec2
ComputationalActor 2
Rebec3
ComputationalActor 3
Rebec4
ComputationalActor 4
Rebec5
CoordinatingActor
30
Actors with a Coordinator
Actors: concurrent components communicate through ports and interact according to a common pattern of interaction
System components -> Concurrent components
Interaction patterns -> Component composition
Component behavior and component composition are orthogonal
31
Mapping SystemC to Rebeca
32
Modules and Processes
SystemC Construct Rebeca Construct
Module Reactive Class
Process (method & thread) Message server
Module instance A group of rebecs
33
Signals, Ports and variable
SystemC Construct
Rebeca Construct
Signal Two global variables
Port A local copy of the variable representing the attached signal
Variable One global variables
34
Events, Wait and Notify
35
SystemC Construct
Rebeca Construct
Event a global variable of type Boolean
Wait Rebeca wait statement
Notify an assignment on the variable representing the event
SystemC Simulation Kernel
A specific reactive object is dedicated to handle the functionality of the simulation kernel
Becomes active when none of the other rebecs are active
Functionality: Checking sensitivity lists to find if any of the rebecs can be
activated Updating signal values Feeding new input to the system if all of the rebecs are still
inactive
36
Model Checking SystemC Designs
37
Rebeca Model Checkers
38
SystemC Model
LTL/CTLProperty
Sytra:Model andProperty
Transformer
(Including KasCPar as the compiler)
Rebeca ModelChecker
(Modere & SyMon)
Model CheckingResult
Rebeca Model
Modere Modere: Model checking Engine for Rebeca
Direct model checker of Rebeca
Generating state space based on the interleaving of all executable rebecs
Provides many abstraction and reduction techniques specific for Rebeca
Supports both LTL and CTL properties
39
SyMon SyMon: Systemc Model checking Engine A verification engine customized according to
the behavior of SystemC simulation kernel: Executes processes one by one, with a non-
preemptive scheduling policy, according to a pre-specified order
Generating only one path of execution
Provides a significant amount of reduction in the size of the generated state space
40
Reduction Techniques:Based on SystemC Semantics Delta Cycles
Generating state space based on the interleaving of all executable rebecs N ready to run => N! states for delta cycles
Generating only one path of execution, assuming an order for executing rebecs N ready to run => N states for delta cycles
41
Reduction Techniques:Based on Rebeca Semantics Compositional Verificationn:
Abstracting environment as external messages
42
43
Abstraction Techniques:
Bounded queues Abstracting external messages Queue length in model checking
Check overflow, supported by tool
Course grained interleaving Method execution as a transition (Atomic method execution)
Conventional data abstractions
44
Partial Order and Symmetry Reduction Techniques Partial order reduction
Diamond parts in the state space Symmetry reduction
Like in dining philosophers (Ring-like topologies) The permutation relation shall preserve both
rebec types and known-rebec relation.
Case studies
The approach is applied on a set of case studies D-flip flop Shifter Bus arbiter Latched ALU 2-by-4 decoder Full adder Fibonacci generator GCD calculator
45
A large case study: MIPS
Model SystemC
A processor supporting ALU, branch and memory operators 17 concurrent threads 96 signals, events and variables
Rebeca 18 rebec 136 global variable
Total number of states Modere: exploded SyMon: 345986
46
Work in Progress: Scheduling Using Time Automata and Task Automata to
verify schedulability of rebecs
47
Conclusion Define formal semantics of SystemC by means of
Rebeca
Model check SystemC designs According to the semantics of simulation kernel All interleavings
48