The document describes a formal modeling approach called Heterogeneous Protocol Automata (HPA) for verifying Network-on-Chip (NoC) systems. HPA can model NoC components like routers, switches, and communication interfaces, as well as properties like routing algorithms, arbitration schemes, and buffer management. The document outlines an HPA model of a sample NoC and discusses verifying properties of the model like functional correctness and absence of deadlocks through translation to the SPIN model checker.
Application of formal methods for system level verification of final
1. Vinitha A Palaniveloo Arcot Sowmya
The University of New South Wales
Sydney,
Australia
Application of formal methods for
system-level verification of
Network-on-Chip (NoC)
5/7/2011 The University of New South Wales 1
2. Outline
• Introduction
• Early Investigation & Results
• Our Formalism: Heterogeneous Protocol
Automata (HPA)
• HPA model of NoC
• Verifying HPA model of NoC
• Conclusion and Work In Progress
5/7/2011 The University of New South Wales 2
3. Network on Chip (NoC)
R R
R
R R
IP BLOCK 1
IP BLOCK 2 IP BLOCK 5
IP BLOCK 3
IP BLOCK 4
NIU
SW
NIU
SW
NIU
SW
NIU
SW
NIU
SW
RouterRNIU SWNetwork Interface Unit Switch
5/7/2011 The University of New South Wales 3
4. NoC Communication Scheme
IP BLOCK
NIU
SW SW SW SW
IP BLOCK
NIU
SOURCE DESTINATION
APPLICATION LAYER
TRANSPORT LAYER
NETWORK & DATA LAYER
PHYSICAL LAYER
5/7/2011 The University of New South Wales 4
5. Existing NoC Verification Techniques
• Theorem prover
– Routing and scheduling (e.g. PVS, ACL2)
• Model checking
– Verify functional correctness of a specific block
(e.g. LOTOS+CHP)
• Simulation
– Traffic analysis
– Performance evaluation
– Power consumption (e.g.ATLAS)
5/7/2011 The University of New South Wales 5
6. Motivation
5/7/2011 The University of New South Wales 6
Related Work Types of properties
Functional
Correctness
Performance
Evaluation
Communication
Correctness
Basic
properties
PVS [Van 2005] Deadlock
ACL2 [Sch 2005] Message
Ordering
CHP and LOTOS
[Bor 2006]
Message
correctness
Deadlock
ASC [Koch 2007]
SDL [Hols 2003] Packet
dropping &
traffic
analysis
FSP and LTSA
[Ank 2006]
Deadlock &
concurrency
System level
verification
model
7. Outline
• Introduction
• Early Investigation & Results
• Our Formalism: Heterogeneous Protocol
Automata (HPA)
• HPA model of NoC
• Verifying HPA model of NoC
• Conclusion and Work In Progress
5/7/2011 The University of New South Wales 7
8. Hermes
(0,0) (1,0) (2,0)
(0,1) (1,1) (2,1)
(0,2) (1,2) (2,2)
• Routing Algorithm
– XY routing algorithm
• Arbitration Scheme
– Priority based Round robin
• Switching technique
– Store and Forward
SOUTH
EAST WEST
NORTH
NODE
NIU
ROUTER
5/7/2011 The University of New South Wales 8
9. Verification of XY-Routing algorithm
using SPIN
(0,0) (1,0)
(0,1) (1,1) (2,1)
(0,2) (1,2) (2,2)
(2,0)
Destination address: (Dx ,Dy )
Current router address: (Cx ,Cy )
• If Cx < Dx -> Route(East)
• If Cx > Dx -> Route(West)
• If Cx == Dx -> Compare(Dy, Cy)
• If Cy < Dy -> Route(North)
• If Cy > Dy -> Route(South)
• If Cy == Dy -> Current
router is the final
destination.Example:
• (0 ,0) to (2,2)
5/7/2011 The University of New South Wales 9
10. SPIN Model & Initial Result
• Number of Process: 18
• Lines of code (LOC): 585
SPIN Model : 4x 4 NoC Properties of Interest
• Routing Correctness:
– Packets sent are received
– Packets follow a valid path
• Server: CHRP, IBM 8203-E4A
• Speed: 4204MHz
• Memory: 64 GB
System specification
• Number of packets: 256
• State vector: 104
• Time taken: ~ 700 minutes
• Memory required: ~ 5.6 MB
Verification
5/7/2011 The University of New South Wales 10
11. SPIN Model & Initial Result
• Single packet is always sent and received correctly
• Packets are LOST when there are packets with overlapping path
Result
Analysis
(0,0) (1,0)
(0,1) (1,1) (2,1)
(0,2) (1,2) (2,2)
(2,0)
Overlapping Packets:
• (0,0) to (1,2)
• (0,1) to (2,2)
Solution:
• Arbitration
5/7/2011 The University of New South Wales 11
12. Hermes
(0,0) (1,0) (2,0)
(0,1) (1,1) (2,1)
(0,2) (1,2) (2,2)
• Routing Algorithm
– XY routing algorithm
• Arbitration Scheme
– Priority based Round robin
• Switching technique
– Store and Forward
SOUTH
EAST WEST
NORTH
NODE
NIU
ROUTER
5/7/2011 The University of New South Wales 12
13. Distributed vs Centralized Arbitration
(0,0) (1,0) (2,0)
(0,1) (1,1) (2,1)
(0,2) (1,2) (2,2)
• PACKET 1: (0,0) to (1,2)
• PACKET 2: (0,1) to (2,2)
• PACKET 3: (1,1) to (1,2)
Distributed arbitration
• Every router resolves
contention
• Arbitration is at port level
• Low latency due to
Concurrent arbitration
Centralized Scheduling
• Arbitration is done at the
router level
• Overlapping packets are
be delayed
5/7/2011 The University of New South Wales 13
14. Modeling Distributed Arbitration
Scheme
• Model the actual packet
• Model buffers at the input ports to store and
forward packets
• Model protocols at communication interface
• Model arbitration unit
• Model clocks
Need for a Formal language to model NoC closer to actual
implementation
5/7/2011 The University of New South Wales 14
15. Outline
• Introduction
• Early Investigation & Results
• Our Formalism: Heterogeneous Protocol
Automata (HPA)
• HPA model of NoC
• Verifying HPA model of NoC
• Conclusion and Work In Progress
5/7/2011 The University of New South Wales 15
16. Contribution
• Q is a set of protocol states
• q0 is the initial state and qf the final state
Heterogeneous Protocol Automata (HPA)
A = ( Q , clk , C , D , V , T , q0 , qf )
5/7/2011 The University of New South Wales 16
17. Definition of HPA
• C is a set of input and output control channels (CI U CO)
• D is a set of input and output data channels (DI U DO)
• V is a set of counters associated with a data channel or
automaton A.
Heterogeneous Protocol Automata (HPA)
A = ( Q , clk , C , D , V , T , q0 , qf )
5/7/2011 The University of New South Wales 17
18. Definition of HPA
For t t: = s ՜
𝑙
𝑠′
T
• T Q × A(C) × A(D) × A(Dc) × Q
l B1; C ; B2
,
B1 – Pre-guard
C – Communication action
B2 – Post-guard
Heterogeneous Protocol Automata (HPA)
A = ( Q , clk , C , D , V , T , q0 , qf )
• Clk defines if the automaton works on clock ticks or not
5/7/2011 The University of New South Wales 18
19. Definition of HPA
– A(C)= {a!, #a!, #a, a?, a??, #a??, asuspend , $a} for
aC, A(C) is set of actions on the control channels
– A(D)= {d!, d?} for d D , A(D) is set of actions on
the data channels
– A(Dc)= {(v++), (v−−), len(v)} for v V, A(Dc) is set of
actions on the counter
Heterogeneous Protocol Automata (HPA)
A = ( Q , clk , C , D , V , T , q0 , qf )
• T Q × A(C) × A(D) × A(Dc) × Q
5/7/2011 The University of New South Wales 19
20. Outline
• Introduction
• Early Investigation & Results
• Our Formalism: Heterogeneous Protocol
Automata (HPA)
• HPA model of NoC
• Verifying HPA model of NoC
• Conclusion and Work In Progress
5/7/2011 The University of New South Wales 20
22. HPA Model of
Communication
Interface
q0
q1
q2
Len(v_rx_east_router0_list) =
capacity(v_rx_east_router0_list)
East_buffer_ready = false
Len(v_rx_east_router0_list) <
capacity(v_rx_east_router0_list)
send_rx_east_router0?
Data_rx_east_router0?
v_rx_east_router0_list++
#ack_rx_east_router0!
#send_rx_east_router0
ack_rx_east_router0!
s0
s1
s2
Len(v_rx_east_router0_list) = 0
East_buffer_ready = true
Len(v_rx_east_router0_list) > 0
rx_data_east_router0?
Dest_addr_east_router0!
#rx_data_east_router0
v_rx_east_router0_list=0
s3
rx_data_east_router0?
NOF_addr_east_router0!
rx_data_east_router0?
payload_addr_east_router0!
5/7/2011 The University of New South Wales 22
Write Process
Read Process
23. Model of Switch
The University of New South Wales 23
South
In_Port
West
In_Port
North
In_Port
Node
GALS
In_Port
South
Switch
Node
Switch
West
Switch
North
Switch
East
Switch
Node
Packet
Generator
North_East_Req
North_East_Ack
West_East_Req
West_East_Ack
Node_East_Req
Node_East_Ack
South_East_Req
South_East_Ack
East_East_Req
East_East_Ack
busy
stall
East_Data
NODE
NORTH
SOUTH
WEST
East
Out_Port
NODE
NORTH
SOUTH
WEST
East
Arbitration
Unit
East
In_Port
buff_ready
5/7/2011 The University of New South Wales 23
NORTH_DEST_ADD
WEST_DEST_ADD
NODE_DEST_ADD
SOUTH_DEST_ADD
EAST_DEST_ADD
25. Model of Arbitration
The University of New South Wales 25
South
In_Port
West
In_Port
North
In_Port
Node
GALS
In_Port
South
Switch
Node
Switch
West
Switch
North
Switch
East
Switch
Node
Packet
Generator
North_East_Req
North_East_Ack
West_East_Req
West_East_Ack
Node_East_Req
Node_East_Ack
South_East_Req
South_East_Ack
East_East_Req
East_East_Ack
WEST_DEST_ADD
busy
stall
NODE_DEST_ADD
NORTH_DEST_ADD
SOUTH_DEST_ADD
EAST_DEST_ADD
NODE
NORTH
SOUTH
WEST
East
Out_Port
NODE
NORTH
SOUTH
WEST
East
Arbitration
Unit
East
In_Port
buff_ready
• If BOP == true -> Busy = true
else -> Busy = false
• If Buff_Ready == true -> Stall = false
else -> Stall = true
Arbitration Logic: Round robin or priority based
– Priority: East > West > North> South > Node
5/7/2011 The University of New South Wales 25
26. HPA Model of
Arbitration
p3
p0
p1
p2
req_sche_east_east_router0?
east_roundrobin_token == 0
#busy_east_router0
#stall_east
ack_sche_east_east_router0!
#req_sche_east_east_router0
east_roundrobin_token = 1
req_sche_west_east_router0?
#busywest_router0
#stall_west
ack_sche_west_east_router0!
p4
p10
#req_sche_west_east_router0
east_roundrobin_token==1
#req_sche_node0_east_router0
east_roundrobin_token=0
• If East_East_Req == true &&
Busy_East == false &&
Stall_East == false ->
East_round_robin = 0;
East_East_ Ack = true
• If East_East_Req == false ->
East_round_robin = 1;
East_East_Ack = false
5/7/2011 The University of New South Wales 26
#req_sche_west_east_router0
#req_sche_west_east_router1
east_roundrobin_token==2
27. Outline
• Introduction
• Early Investigation & Results
• Our Formalism: Heterogeneous Protocol
Automata (HPA)
• HPA model of NoC
• Verifying HPA model of NoC
• Conclusion and Work In Progress
5/7/2011 The University of New South Wales 27
28. Verification strategy
• Manual translation to SPIN
Example
If
d_step{(BOF_east_router0[s] == false
&& ack_sche_node0_east_router0[s] == true) ->
BOP_east_router0[s] = true; tx_data_east_router0[s] Dest_addr_node0_router0_x[s];
BOF_east_router0[s] = true; }
gotonode0_router0_switch_state2;
fi;
w5
w4
ack_sche_node0_east_router0?
BOP_east_router0!
tx_data_east_router0!Dest_addr_node0_router0
5/7/2011 The University of New South Wales 28
29. Properties verified in HPA model mapped
to SPIN
Functional Correctness
• Low priority ports are not
starved for access to the
output port
• Absence of data loss is
verified by checking for
absence of FIFO overflow
and underflow
Communication Correctness
• Packets with overlapping
paths reach their
destination correctly
• Packets always flow through
a valid path.
5/7/2011 The University of New South Wales 29
30. Verification Results
• Code size for 3X3 NoC:
• Number of process: 226
• LOC: 3337
• Depth of Verification: 4999999
• Result: No property violations were found
• Sanity Check:
– Captured following errors
» Found flow control error
» Change fifo size and verified fifo overflow
5/7/2011 The University of New South Wales 30
31. Outline
• Introduction
• Early Investigation & Results
• Our Formalism: Heterogeneous Protocol
Automata (HPA)
• HPA model of NoC
• Verifying HPA model of NoC
• Conclusion and Work In Progress
5/7/2011 The University of New South Wales 31
32. Work In Progress
• Addressing Scalability
• HPA as a NoC modeling language
• Tool for verifying HPA models
• HPA to HDL translation for performance
analysis
5/7/2011 The University of New South Wales 32