Roza Ghamari
Bogazici University
April 2009
Outline
 Introduction
 SystemC Language
 Formal Verification Techniques for SystemC
 Design and Verification of SystemC TLM
 Design Methodology
 Verification Methodology
 Experimental Results
 Summery
 References
Total # of slides 37
2
Introduction
 What is SystemC?
 Wide range of modeling Levels from RTL to system level
 Built on C++ (Object Oriented)
 Consists of an event-driven simulator in the core
 Works with events and processes
 Represent structures by modules and ports
 Describe Communication with interfaces and channels
 Separate data types for hardware modeling and software
programming
 Library-defined elementary channels
Total # of slides 37
3
Introduction (Cont.)
 Formal Verification Techniques for SystemC
Assertion-Based Validation
I.
Writing properties in a formal language (e.g. PSL or
SVA)
2. Monitoring these properties by Simulation engine
 Extendable to SystemC dynamic validation (Required
other package integration e.g. BDD)
 Can be extended:: same assertions used for SystemC
and RTL
1.
Total # of slides 37
4
Introduction (Cont.)
II. Explicit-State Model Checking

Keeping track of all nondeterministic choices
(e.g. input values)

Monitor the states visited (to find termination)

Extendable to SystemC

Limitation  State explosion problem (abstraction
techniques)
Total # of slides 37
5
Introduction (Cont.)
III. Symbolic Simulation

Execute program by abstract setting (symbols instead
of concrete values)

Symbolic simulation path  generate test cases,
reasoning ,…

Hard for implementation on SystemC (aimed
concurrent systems)

Statically analyzing dynamic execution path
Total # of slides 37
6
Introduction (Cont.)
IV. Symbolic Model Checking

Represented and searched by means of symbolic
reasoning

Needs formal semantics for description of transition
relation in a SystemC design
Total # of slides 37
7
Introduction (Cont.)
V. Equivalence Verification

Formal verifying the equivalence of SystemC and RTL
models

Similarly equivalence of RTL and Netlist models

Modest goal ::
Compatibility/Conformance/Compliance
Total # of slides 37
8
Design and Verification of SystemC
 The problem of growth in complexity and size of
systems.
 RTL level :


effort : 1) design; 2) verify; 3) simulation.
Pin-level
 SystemC :


system level language.
Transaction level modeling.
Total # of slides 37
9
Design and Verification of SystemC (cont.)
 What are the problems?
 Verification of a SystemC model is a serious bottleneck
in the design cycle.
 Requirement for verification

Expressive languages for specifying assertions and behaviors
of a complex system
Total # of slides 37
10
Design and Verification of SystemC (cont.)
Total # of slides 37
11
Property Specification Language
 An implementation independent language to define
properties
 Properties are defined in a Hierarchical way
 Not enough to improve the design and verification
flows
 Using UML to present PSL property.
 To embed PSL into design
 Model PSL semantics in AsmL
  Enable reusing PSL properties with concrete SystemC
level or as stand-alone module
Total # of slides 37
12
Layers of PSL
 Boolean layer
 build expressions for the other layers, specifically the
temporal layer (evaluated in one evaluation cycles)
 Temporal layer
 Describe properties of the design
 Describe simple general properties
 Describe properties that involve complex temporal
relations (evaluated over a series of evaluation cycles)
Total # of slides 37
13
Layers of PSL (cont.)
 Verification layer
 tell the verification tool what to do with the properties
described by the temporal layer
 Modeling layer
 model behavior of design inputs for formal verification
tools
 model auxiliary parts of the design that are needed for
verification
 This layer is for VHDL and Verilog and not used in this
design
Total # of slides 37
14
UML Model of PSL
 Defining a modified sequence diagram to map PSL
property
 Clocks: Clock that activate the current action
 Number of cycles:
Mtd[5] says that the method Mtd is executed for
exactly 5 consecutive cycles.
 Temporal operators: A mapping to PSL temporal
operators
 always executed (A),
 eventually executed (E),
 Executed Until a condition is fulfilled (U)

Total # of slides 37
15
UML Model of PSL (Cont.)
 Sequence operations:

order of executing certain sequences (e.g., next, prev etc.)
 Text output:

Failing report message for a case
 Method duration:

Certain number of cycles for execution
 “()” operator:
 Set of argument of an action
Total # of slides 37
16
UML Model of PSL (Cont.)
Total # of slides 37
17
ASM Model of PSL
 Abstract State Machines (ASM)
 a formal specification method for software and
hardware systems
 supports object-oriented modeling

comparison to C++and Java.
 all the parameters of PSL properties are defined as
objects
 AsmL tool (developed by Microsoft) can automatically
compile code into a C# or .NET code
Total # of slides 37
18
ASM Model of PSL (Cont.)
 PSL_SERE.Evaluate() Example
 checks if a sequence is true in a certain path
 activated according to an INIT signal (set by the
property)
Total # of slides 37
19
ASM Model of SystemC
 FSM generation algorithm(four input)
 Methods
 Domains
 Actions
 Variables
 Optional inputs: filters, action groups, properties
 Specific style of programming
 A precise configuration which generates the FSM
 Exploration: keeping track of the actions it performs and
recording the states it visits
Total # of slides 37
20
ASM Model of SystemC (Cont.)
 FSM Parts
 Actions :: Methods
 Transitions :: Method calls
 States :: Values of selected variables
 RULES
1. Initializing all of the model’s objects
2. Defining a set of preconditions for every action
considered in the exploration process
3. Providing for every state variable an exploration
domain.
Total # of slides 37
21
ASM Model of SystemC (Cont.)
 Example
Total # of slides 37
22
Translation to SystemC
 Purely syntactical based on 3 major rules
 R1C++ : Basic Types are mapped to their equivalent
 R2C++ : Class Translation



R2.1C++ : Class members mapped into signals with same types
R2.2C++ : Class methods
 Preconditions/Postconditions mapped to SystemC module’s
constructor
 Method Send precondition require clk = true 
“SC_THREAD(Send);sensitive << clk”
 Method itself integrated as it is in the SystemC module
R3C++ : Global Modules mapped to man procedure sc_main
Total # of slides 37
23
Verification Methodology
 Decomposed into two parts:
1. Model checking at the ASM level
2. Assertion-based verification at the SystemC (C++)/C#
level
Total # of slides 37
24
Model Checking
 A-Property = AsmL Property
Step 1) Add all Boolean items to the sequences:
Step 2) Create property: P := S1 OP S2
(OP e.g. implication (=>), equivalence () )
Step 3) Define the verification unit as an A-Property, A,
that includes the property P: A.Add(P)
Total # of slides 37
25
Model Checking (Cont.)
 P is represented by two Boolean state variables
 P_eval and P_value
 Violated property
 P_eval = true and P_value = false
  generation stops and problem identified based on
generated portion
Total # of slides 37
26
Assertion-Based Verification
Updating the SystemC design to interface to the assertion
monitor
2. Generating the assertion as a C# code from its AsmL
description
3. Integrating the assertion into the design.
1.
Total # of slides 37
27
Assertion-Based Verification (Cont.)
 Assertion Monitor:
1. Stop the simulation when the assertion is fired
2. Write a report about the assertion status and all its
variables
3. Send a warning signal to other modules (if required).
Total # of slides 37
28
Assertion’s Coverage Enhancement
1. Static analysis
2. Dependency check
3. Test Program generator
4. Initial DNA generator
5. DNA evaluation/update
Total # of slides 37
29
Assertion’s Coverage Enhancement
(Cont.)
 Static Code Analysis
 Generate the “inputs/assertions variables” dependency
relation based on Abstract Interpretation approach
 Hypergraph
Total # of slides 37
30
Assertion’s Coverage Enhancement
(Cont.)
 Genetic Algorithm
1. evaluating the fitness of each candidate
2. selecting the fittest candidate solutions to act as
parents of the next generation of candidate solutions
3. recombining and mutating selected parents to
generate offsprings
 Candidate solutions: finite sequences of input ranges
and probability weights
 Encoded by a chromosome (inputs/ranges/weighted
probability)
Total # of slides 37
31
Experimental Results
 Considered models:
 Peripheral Component Interconnect (PCI) bus
 SystemC Master/Slave bus
 Properties (e.g. liveness) must be verified using formal
techniques
Total # of slides 37
32
Experimental Results
(Cont.)
 PCI Bus results
Total # of slides 37
33
Experimental Results
(Cont.)
 Master/Slave bus results
Total # of slides 37
34
Experimental Results
(Cont.)
 Assertions’ coverage analysis
Total # of slides 37
35
Summery
 Methodology to Design and Verify SystemC TMs
 UML system specification and integrating an intermediate
layer using AsmL
 Upgrade sequence diagram of UML to capture TR systems
 Model both design and properties in AsmL and preform
model checking
 Reuse PSL properties to perform assertion-based verification
 Transform the AsmL m0del to SystemC
 Apply Static Code analysis and Genetic algorithm techniques
to enhance efficiency
Total # of slides 37
36
References
 Moshe Y. Vardi: Formal Techniques for SystemC
Verification; Position Paper. DAC 2007:188-192
 Ali Habibi, Sofiène Tahar: Design and verification of
SystemC transaction-level models. IEEE Trans. VLSI
Syst. 14(1): 57-68 (2006)
 Ali Habibi, Sofiène Tahar: Design for Verification of
SystemC Transaction Level Models. DATE 2005: 560565
Total # of slides 37
37