Application of formal methods for system level verification of final

Vinitha A Palaniveloo Arcot Sowmya
The University of New South Wales
Sydney,
Australia
Application of formal methods for
system-level verification of
Network-on-Chip (NoC)
5/7/2011 The University of New South Wales 1

Outline
• Introduction
• Early Investigation & Results
• Our Formalism: Heterogeneous Protocol
Automata (HPA)
• HPA model of NoC
• Verifying HPA model of NoC
• Conclusion and Work In Progress

Network on Chip (NoC)
R R
R
R R
IP BLOCK 1
IP BLOCK 2 IP BLOCK 5
IP BLOCK 3
IP BLOCK 4
NIU
SW
NIU
SW
NIU
SW
NIU
SW
NIU
SW
RouterRNIU SWNetwork Interface Unit Switch

NoC Communication Scheme
IP BLOCK
NIU
SW SW SW SW
IP BLOCK
NIU
SOURCE DESTINATION
APPLICATION LAYER
TRANSPORT LAYER
NETWORK & DATA LAYER
PHYSICAL LAYER

Existing NoC Verification Techniques
• Theorem prover
– Routing and scheduling (e.g. PVS, ACL2)
• Model checking
– Verify functional correctness of a specific block
(e.g. LOTOS+CHP)
• Simulation
– Traffic analysis
– Performance evaluation
– Power consumption (e.g.ATLAS)

Motivation
Related Work Types of properties
Functional
Correctness
Performance
Evaluation
Communication
Correctness
Basic
properties
PVS [Van 2005] Deadlock
ACL2 [Sch 2005] Message
Ordering
CHP and LOTOS
[Bor 2006]
Message
correctness
Deadlock
ASC [Koch 2007]
SDL [Hols 2003] Packet
dropping &
traffic
analysis
FSP and LTSA
[Ank 2006]
Deadlock &
concurrency
System level
verification
model

Outline
• Introduction
Automata (HPA)

Hermes
(0,0) (1,0) (2,0)
(0,1) (1,1) (2,1)
(0,2) (1,2) (2,2)
• Routing Algorithm
– XY routing algorithm
• Arbitration Scheme
– Priority based Round robin
• Switching technique
– Store and Forward
SOUTH
EAST WEST
NORTH
NODE
NIU
ROUTER

Verification of XY-Routing algorithm
using SPIN
(0,0) (1,0)
(0,1) (1,1) (2,1)
(0,2) (1,2) (2,2)
(2,0)
Destination address: (Dx ,Dy )
Current router address: (Cx ,Cy )
• If Cx < Dx -> Route(East)
• If Cx > Dx -> Route(West)
• If Cx == Dx -> Compare(Dy, Cy)
• If Cy < Dy -> Route(North)
• If Cy > Dy -> Route(South)
• If Cy == Dy -> Current
router is the final
destination.Example:
• (0 ,0) to (2,2)

SPIN Model & Initial Result
• Number of Process: 18
• Lines of code (LOC): 585
SPIN Model : 4x 4 NoC Properties of Interest
• Routing Correctness:
– Packets sent are received
– Packets follow a valid path
• Server: CHRP, IBM 8203-E4A
• Speed: 4204MHz
• Memory: 64 GB
System specification
• Number of packets: 256
• State vector: 104
• Time taken: ~ 700 minutes
• Memory required: ~ 5.6 MB
Verification

SPIN Model & Initial Result
• Single packet is always sent and received correctly
• Packets are LOST when there are packets with overlapping path
Result
Analysis
(0,0) (1,0)
(0,1) (1,1) (2,1)
(0,2) (1,2) (2,2)
(2,0)
Overlapping Packets:
• (0,0) to (1,2)
• (0,1) to (2,2)
Solution:
• Arbitration

Hermes
(0,0) (1,0) (2,0)
(0,1) (1,1) (2,1)
(0,2) (1,2) (2,2)
• Routing Algorithm
– XY routing algorithm
• Arbitration Scheme
– Priority based Round robin
• Switching technique
– Store and Forward
SOUTH
EAST WEST
NORTH
NODE
NIU
ROUTER

Distributed vs Centralized Arbitration
(0,0) (1,0) (2,0)
(0,1) (1,1) (2,1)
(0,2) (1,2) (2,2)
• PACKET 1: (0,0) to (1,2)
• PACKET 2: (0,1) to (2,2)
• PACKET 3: (1,1) to (1,2)
Distributed arbitration
• Every router resolves
contention
• Arbitration is at port level
• Low latency due to
Concurrent arbitration
Centralized Scheduling
• Arbitration is done at the
router level
• Overlapping packets are
be delayed

Modeling Distributed Arbitration
Scheme
• Model the actual packet
• Model buffers at the input ports to store and
forward packets
• Model protocols at communication interface
• Model arbitration unit
• Model clocks
Need for a Formal language to model NoC closer to actual
implementation

Outline
• Introduction
Automata (HPA)

Contribution
• Q is a set of protocol states
• q0 is the initial state and qf the final state
Heterogeneous Protocol Automata (HPA)
A = ( Q , clk , C , D , V , T , q0 , qf )

Definition of HPA
• C is a set of input and output control channels (CI U CO)
• D is a set of input and output data channels (DI U DO)
• V is a set of counters associated with a data channel or
automaton A.
A = ( Q , clk , C , D , V , T , q0 , qf )

Definition of HPA
For t  t: = s ՜
𝑙
𝑠′
T
• T  Q × A(C) × A(D) × A(Dc) × Q
l  B1; C ; B2
,
B1 – Pre-guard
C – Communication action
B2 – Post-guard
A = ( Q , clk , C , D , V , T , q0 , qf )
• Clk defines if the automaton works on clock ticks or not

Definition of HPA
– A(C)= {a!, #a!, #a, a?, a??, #a??, asuspend , $a} for
aC, A(C) is set of actions on the control channels
– A(D)= {d!, d?} for d  D , A(D) is set of actions on
the data channels
– A(Dc)= {(v++), (v−−), len(v)} for v  V, A(Dc) is set of
actions on the counter
A = ( Q , clk , C , D , V , T , q0 , qf )
• T  Q × A(C) × A(D) × A(Dc) × Q

Outline
• Introduction
Automata (HPA)

South
In_Port
West
In_Port
North
In_Port
Node
GALS
In_Port
South
Switch
Node
Switch
West
Switch
North
Switch
East
Switch
Node
Packet
Generator
North_East_Req
North_East_Ack
West_East_Req
West_East_Ack
Node_East_Req
Node_East_Ack
South_East_Req
South_East_Ack
East_East_Req
East_East_Ack
WEST_DEST_ADD
busy
stall
NODE_DEST_ADD
NORTH_DEST_ADD
SOUTH_DEST_ADD
EAST_DEST_ADD
NODE
NORTH
SOUTH
WEST
East
Out_Port
NODE
NORTH
SOUTH
WEST
East
Arbitration
Unit
East
In_Portbuff_ready
Model of Router Interface
rclk
wclk

HPA Model of
Communication
Interface
q0
q1
q2
Len(v_rx_east_router0_list) =
capacity(v_rx_east_router0_list)
East_buffer_ready = false
Len(v_rx_east_router0_list) <
capacity(v_rx_east_router0_list)
send_rx_east_router0?
Data_rx_east_router0?
v_rx_east_router0_list++
#ack_rx_east_router0!
#send_rx_east_router0
ack_rx_east_router0!
s0
s1
s2
Len(v_rx_east_router0_list) = 0
East_buffer_ready = true
Len(v_rx_east_router0_list) > 0
rx_data_east_router0?
Dest_addr_east_router0!
#rx_data_east_router0
v_rx_east_router0_list=0
s3
NOF_addr_east_router0!
payload_addr_east_router0!
Write Process
Read Process

Model of Switch
The University of New South Wales 23
South
In_Port
West
In_Port
North
In_Port
Node
GALS
In_Port
South
Switch
Node
Switch
West
Switch
North
Switch
East
Switch
Node
Packet
Generator
North_East_Req
North_East_Ack
West_East_Req
West_East_Ack
Node_East_Req
Node_East_Ack
South_East_Req
South_East_Ack
East_East_Req
East_East_Ack
busy
stall
East_Data
NODE
NORTH
SOUTH
WEST
East
Out_Port
NODE
NORTH
SOUTH
WEST
East
Arbitration
Unit
East
In_Port
buff_ready
NORTH_DEST_ADD
WEST_DEST_ADD
NODE_DEST_ADD
SOUTH_DEST_ADD
EAST_DEST_ADD

HPA Model of
Switch
w12
w5
w4
w6
#ack_sche_node0_east_router0
Req_sche_node0_east_router0!
ack_sche_node0_east_router0?
BOP_east_router0!
tx_data_east_router0!Dest_addr_noe0_router0
NOF_node0_router0?x
tx_data_east_router0!NOF_addr_noe0_router0
Count_node0_east_router0 = x
payload_node0_router0
tx_data_east_router0!payload_addr_noe0_router0
Count_node0_east_router0 --
Count_node0_east_router0 == 0
#BOP_node0_router0!
w0
w1 w3w2
w10
w11 w13
Dest_addr_node0_router0?
Dest_addr_node0_router0.X
> router0_address.X
< router0_address.X
== router0_address.X
Dest_addr_node0_router0.Y
== router0_address.Y

Model of Arbitration
The University of New South Wales 25
South
In_Port
West
In_Port
North
In_Port
Node
GALS
In_Port
South
Switch
Node
Switch
West
Switch
North
Switch
East
Switch
Node
Packet
Generator
North_East_Req
North_East_Ack
West_East_Req
West_East_Ack
Node_East_Req
Node_East_Ack
South_East_Req
South_East_Ack
East_East_Req
East_East_Ack
WEST_DEST_ADD
busy
stall
NODE_DEST_ADD
NORTH_DEST_ADD
SOUTH_DEST_ADD
EAST_DEST_ADD
NODE
NORTH
SOUTH
WEST
East
Out_Port
NODE
NORTH
SOUTH
WEST
East
Arbitration
Unit
East
In_Port
buff_ready
• If BOP == true -> Busy = true
else -> Busy = false
• If Buff_Ready == true -> Stall = false
else -> Stall = true
Arbitration Logic: Round robin or priority based
– Priority: East > West > North> South > Node

HPA Model of
Arbitration
p3
p0
p1
p2
req_sche_east_east_router0?
east_roundrobin_token == 0
#busy_east_router0
#stall_east
ack_sche_east_east_router0!
#req_sche_east_east_router0
east_roundrobin_token = 1
req_sche_west_east_router0?
#busywest_router0
#stall_west
ack_sche_west_east_router0!
p4
p10
#req_sche_west_east_router0
east_roundrobin_token==1
#req_sche_node0_east_router0
east_roundrobin_token=0
• If East_East_Req == true &&
Busy_East == false &&
Stall_East == false ->
East_round_robin = 0;
East_East_ Ack = true
• If East_East_Req == false ->
East_round_robin = 1;
East_East_Ack = false
east_roundrobin_token==2

Outline
• Introduction
Automata (HPA)

Verification strategy
• Manual translation to SPIN
Example
If
d_step{(BOF_east_router0[s] == false
&& ack_sche_node0_east_router0[s] == true) ->
BOP_east_router0[s] = true; tx_data_east_router0[s] Dest_addr_node0_router0_x[s];
BOF_east_router0[s] = true; }
gotonode0_router0_switch_state2;
fi;
w5
w4
ack_sche_node0_east_router0?
BOP_east_router0!
tx_data_east_router0!Dest_addr_node0_router0

Properties verified in HPA model mapped
to SPIN
Functional Correctness
• Low priority ports are not
starved for access to the
output port
• Absence of data loss is
verified by checking for
absence of FIFO overflow
and underflow
Communication Correctness
• Packets with overlapping
paths reach their
destination correctly
• Packets always flow through
a valid path.

Verification Results
• Code size for 3X3 NoC:
• Number of process: 226
• LOC: 3337
• Depth of Verification: 4999999
• Result: No property violations were found
• Sanity Check:
– Captured following errors
» Found flow control error
» Change fifo size and verified fifo overflow

Outline
• Introduction
Automata (HPA)

Work In Progress
• Addressing Scalability
• HPA as a NoC modeling language
• Tool for verifying HPA models
• HPA to HDL translation for performance
analysis

Thank You!

Application of formal methods for system level verification of final

Recommended

Recommended

More Related Content

Similar to Application of formal methods for system level verification of final

Similar to Application of formal methods for system level verification of final (20)

Recently uploaded

Recently uploaded (20)

Application of formal methods for system level verification of final