workshop - november 2011 - toulouse. plan overview & safety requirements psl formalization &...

25
Workshop - November 2011 - Toulouse

Upload: brenden-maudlin

Post on 30-Mar-2015

213 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

Workshop - November 2011 - Toulouse

Page 2: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

PlanOverview & Safety Requirements

PSL formalization & ISIS Monitors

Safety Monitors Integration

Conclusion

Workshop - November 2011 2

Page 3: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

PlanOverview & Safety Requirements

PSL Standard & ISIS Tools

Safety Monitors Integration

Conclusion

Workshop - November 2011 3

Page 4: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

Req

uir

emen

t tr

acea

bili

ty

Socket Design Flow

18/11/2011

C/C++/ASM

System requirementsSystem requirements

Global SoC spec.Global SoC spec.

SW Performance validationSW Performance validationFunctionality

+timing

Instruction Set Simulator

Device executionDevice execution

Metrics Metrics

Co-simulation/Co-emulationCo-simulation/Co-emulation

SoCSoCArchitectureArchitecture

Functional validationFunctional validationFunctionality SoftwareSoftware

Header generation

Platform assembly

Page 5: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

18/11/2011

Global SoC spec.Global SoC spec.

SoCSoCArchitectureArchitecture

Functional validationFunctional validation

C/C++/ASM

Functionality

System requirementsSystem requirements

Platform assembly

SoftwareSoftware

Metrics

Header generation

SW Performance validationSW Performance validationFunctionality

+timing

Instruction Set Simulator

Metrics

Co-simulation/Co-emulationCo-simulation/Co-emulation

Device executionDevice executionR

equ

irem

ent

trac

eab

ility

Socket Design Flow

Page 6: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

Safety Requirements and Virtual Platform

18/11/2011

Check Req SDFCheck Req SDF

SystemC ModelSystemC Model

Spécification Spécification

Req Req SDF SDF PSLPSL

ISISISISISISISIS

TLM TLM SystemC SystemC

ModelModel

Hardware Virtual PlatformHardware Virtual Platform

Check Req SDFCheck Req SDF

SystemC ModelSystemC Model

Req Req SDF SDF PSLPSLReq Req SDFSDF

Page 7: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

Timed DMAs

Proc.

DSPMem.DATA

Mem. CODE

ANIANO

DSIDSO

MS MS

S S S

AHB

Safety requirements : Goals Identify and experiment methods and tools, in order to check if

platform design, respects functional safety requirement

Example : CoeffMem

Workshop - November 2011 7

F3 - DSP function

Flip,F

lop

Me

m

AN

I en

gine

AN

O e

ngin

eD

SIO

engin

e Di

Ai

D o

Coe

f Me

m D o

AHBS

AHBS

Do

Di

Ai

DSAIR Chain

ANO

DSI/DSO

Di

Ai

Di

Ai

RAM config ANI

RAM local

CoefMem memory => data needed to process analog inputs (ANI).

Those data represent digital filter coefficients and analog input calibration coefficients

Data are loaded from flash memory at reset

Safety: Data integrity checking Safety: Data integrity checking needed (SEU)needed (SEU)

Page 8: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

Safety requirements : CoeffMem

Workshop - November 2011 8

R1 : E_HRD_TS_IP_1441-NewCoefMem memory must be protected by a checksum monitoring.#EndText#Allocate HW

R2 : E_HRD_TS_IP_1442-NewCoefMem memory monitoring shall be implemented in cycle (cycle period less than 100ms).#EndText#Allocate HW#Allocate SW

R3 : E_HRD_TS_IP_1443-NewWhen an error is detected on content of CoefMem memory by checksum monitoring, the SoC shall be turned in SoC_FAULT state.#EndText#Allocate SW

Page 9: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

PlanOverview & Safety Requirements

PSL Standard & ISIS Tools

Safety Monitors Integration

Conclusion

Workshop - November 2011 9

Page 10: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

PSL formalizationIllustration on the third requirement:

R3: When a checksum error is detected, the DSP function must be deactivated (within LIMIT ms)

Disambiguation"Checksum error is detected" ?

The bit number 1 of the STATUS register of the DSP unit equals ‘1’

"DSP function is deactivated" ? A ‘0’ is written in bit number 0 of the COMMAND register of

the DSP unit

Workshop - November 2011 10

Page 11: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

PSL "Modeling layer"The bit number 1 of the STATUS register equals ‘1’

A ‘0’ is written in bit number 0 of the COMMAND register

Workshop - November 2011 11

if (tsiptarget.b_transport_END() && (dsptarget.b_transport.p1.is_read()) && (dsptarget.b_transport.p1.get_address() == address_STATUS) && (*(unsigned int *)(dsptarget.b_transport.p1.get_data_ptr()) & 0x2)) error = true; else error = false;

if (dsptarget.b_transport_CALL() && (dsptarget.b_transport.p1.is_write()) && (dsptarget.b_transport.p1.get_address() == address_COMMAND) && !(*(unsigned int *)(dsptarget.b_transport.p1.get_data_ptr()) & 0x1)) deactivation = true; else deactivation = false;

Page 12: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

PSL assertionEvery time error occurs, the next access to the

DSP must be a deactivation and less than LIMIT ms must have elapsed

Workshop - November 2011 12

always(error => next_event!(dsptarget.b_transport_CALL()) (deactivation && ((sc_time_stamp()- time) <= limit)))

updated on each error

Page 13: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

Complete assertion for ISIS

Workshop - November 2011 13

bool deactivactivation=false, error=false; sc_time limit(LIMIT, SC_MS);sc_time time(0, SC_MS);

if (dsptarget.b_transport_END() && (dsptarget.b_transport.p1.is_read()) && (dsptarget.b_transport.p1.get_address() == address_STATUS) && (*(unsigned int *)(dsptarget.b_transport.p1.get_data_ptr()) & 0x2)) error = true; else error = false;if (dsptarget.b_transport_CALL() && (dsptarget.b_transport.p1.is_write()) && (dsptarget.b_transport.p1.get_address() == address_COMMAND) && !(*(unsigned int *)(dsptarget.b_transport.p1.get_data_ptr()) & 0x1)) deactivation = true; else deactivation = false;if (error) time = sc_time_stamp();

assert always(error => next_event!(dsptarget.b_transport_CALL()) (deactivation && ((sc_time_stamp()-time) <= limit)));

Page 14: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

ISIS monitors

Workshop - November 2011 14

ISISSystemC platform

int sc_main(int argc, char *argv[]) { generic_noc generic_noc_inst_ memory memory_inst_0("mem eu_pool eu_pool_inst_0("eu_p eu eu_inst_0("eu_inst_0"); memory memory_inst_1("mem os_config os_config_inst_0("o

R1, R2, R3

PSLassertions

Simulation

Platform

Monitors +observation mechanism

SystemCinstrumented platformXML configuration

files

Page 15: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

ISIS observation mechanism

Workshop - November 2011 15

Timed DMAs

Proc.

DSPMem.DATA

Mem. CODE

ANIANO

DSIDSO

MS MS

S S S

AHB

Observation

Page 16: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

PlanOverview & Safety Requirements

PSL Standard & ISIS Tools

Safety Monitors Integration

Conclusion

Workshop - November 2011 16

Page 17: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

Experiment 1 (HW error)

Workshop - November 2011 17

Timed DMAs

Proc.

DSPMem.DATA

Mem. CODE

ANIANO

DSIDSO

MS MS

S S S

AHB

HW checksum computation period > 50 ms

Page 18: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

Experiment 1 (HW error)Monitors/checkers Statisics (end of log)

Performance : 3 monitors = + 1,2 % CPU time (Verbose mini)

Workshop - November 2011 18

Page 19: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

Experiment 2 (SW error)

Workshop - November 2011 19

Timed DMAs

Proc.

DSPMem.DATA

Mem. CODE

ANIANO

DSIDSO

MS MS

S S S

AHB

SW checksum error monitoring period > 100 ms

Page 20: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

Experiment 2 (SW error)Monitors/checkers Statisics (end of log)

Performance : 3 monitors = + 1,5 % CPU time (Verbose mini)

Workshop - November 2011 20

Page 21: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

Experiment 3 (SW error + GDB)

Workshop - November 2011 21

Timed DMAs

Proc.

DSPMem.DATA

Mem. CODE

ANIANO

DSIDSO

MS MS

S S S

AHB

Page 22: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

Experiment 3 (SW error + GDB)

Workshop - November 2011 22

Page 23: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

PlanOverview & Safety Requirements

PSL Standard & ISIS Tools

Safety Monitors Integration

Conclusion

Workshop - November 2011 23

Page 24: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

Experimental resultsAdvantages :

Use IEEE PSL Standard Useful to monitor/debug system level properties Easy platform integration Explicit log messages Light CPU time overhead, but need to be experimented with more than 3

monitors to be representative Safety verification improvement (ex : fault injection)

Improvement : Automatisation of the ISIS integration into Assembling Flow (IP-Xact

format) Enable/disable monitors at execution time No need to recompile platform to change verbose level

Workshop - November 2011 24

Page 25: Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop

Workshop - November 2011 25

Any Questions ?Any Questions ?