Models and Methods for Verification and Diagnosis of SoC HDL-code
Vladimir Hahanov, Senior Member, IEEE , Wajeb Gharibi, Eugenia Litvinova, Member, IEEE,
Svetlana Chumachenko, Member, IEEE
Abstract — Xor-metrix for object relations in a vector logic space and a structural testing model are proposed. Assertion-based models and methods for the verification and diagnosis of HDL-code functional failures, which make possible to reduce considerably time-to-market of software and hardware, are developed. An architectural model of multimatrix reduced logical instruction set processor for embedded diagnosing is offered.
I. Introduction
Recent trends in creating new communications, computing and information services, useful to the human, are development of dedicated gadgets, which have important advantages over PCs and laptops: power consumption, compactness, weight, cost, functionality, and friendliness of interface. Practically the top ten dedicated products 2010 (Apple iPad, Samsung Galaxy S, Apple MacBook Air, Logitech Revue, Google Nexus One (HTC Desire), Apple iPhone 4, Apple TV, Toshiba Libretto W100, Microsoft Kinect, Nook Color) is realized as digital systems-on-chips. By 2012 the mobile and wireless communication market will move to 20 nm (results of the January 2011 Technology Forum of Common Platform Alliance). Further development of the technologies by year: 2014 - 14 nm, 2016 - 11 nm. In 2015 more than 55% of mobile phones will be smartphones, tablet PCs will replace laptops and netbooks. Superfones (Nexus-1, Google) will unite all devices and services. The transition from the computing platform to mobile devices with small size results in considerable reduction in power consumption worldwide. The next computerization wave, entitled "Internet of things", is being accelerated. It will lead to
Manuscript received December 3, 2010.
Vladimir Hahanov is with the Kharkov National University of Radioelectronics, Ukraine, 61166, Kharkov, Lenin Prosp., 14, room 321 (corresponding author to provide phone: (057)7021326; fax:
(057)7021326; e-mail: hahanov@ kture.kharkov.ua).
Wajeb Gharibi is with Jazan University, P. O. Box 4425 Arrawabi, Unit #1, Jazan 82822-6694, KSA. Mobile: +966 508 2232 64, E-mail: [email protected], [email protected]
Eugenia Litvinova is with the Kharkov National University of Radioelectronics, Ukraine, 61166, Kharkov, Lenin Prosp., 14, room 378 (phone: (057)7021326; fax: (057)7021326; e-mail: ri@ kture.kharkov.ua).
Chumachenko Svetlana is with the Kharkov National University of Radioelectronics, Ukraine, 61166, Kharkov, Lenin Prosp., 14, room 321 (phone: (057)7021326; fax: (057)7021326; e-mail: ri@ kture.kharkov.ua).
widespread sensor networks, including their integration into the human body. The world market of the above devices and gadgets today involves about 3 billion products. For their effective designing, manufacturing and exploitation the new technologies and Infrastructures IP are created. One of the possible steps in this direction is represented below in
the form of verification technology Tv : Mt is metrics and
model for testing, Hc is HDL-code of a design, G t is
f s
synthesis of software transaction graph, {M ,M } determine creating two verification models for HDL-code (functional failure table and software activation matrix),
{Dc,Dr,Dm} determine developing three methods for diagnosing the functional failures (for analyzing rows, columns and whole matrix), which use the assertion engine (assertion is a logical statement for detecting the semantic
errors in software), P m is architecture of multimatrix processor for parallel analyzing tabular data, R is implementation of models, methods and tools in the system Riviera, Aldec Inc.:
Tv = Mt ^ Hc ^ Gt ^<
Mf ^<D I Dr
Ms ^ Dr
Pm ^ R.
The objective of the research is to reduce time-to-market and improve the quality of digital systems-on-chips by developing the assertion-based infrastructure, models and methods for verification and diagnosis HDL-code. The information, needed for detecting failures at the functional blocks, is formed during simulation (execution) of software code. Design effectiveness for digital product is determined as the average and normalized in the range [0,1] integral criterion:
E = F(L, T, H) = min[3 (L + T + H)], Y = (1 - P)n;
L = 1 - Y(1-k) = 1 - (1 - P)n(1-k);
T = [(1-k)XHs]/(Hs + Ha); H = Ha/(Hs + Ha).
The criterion takes into account the following: the error level L, the verification time T, software-hardware redundancy, determined by the assertion engine and Infrastructure IP tools H. The parameter L, as a complement of the parameter Y (yield), depends on the testability k of a
36
R&I, 2010, N4
design, the probability P of existence of faulty components, and the quantity of undetected errors n. The time of verification is determined by the testability of a design k [3,4], multiplied by the structural complexity of hardware-software functionality, divided by the total complexity of a design in code lines. The software-hardware redundancy depends on the complexity of assertion code and other costs, divided by the total design complexity. At that software or hardware redundancy has to provide the specified diagnosis depth for functional errors and time-to-market, defined by customer.
The problems are: 1) Creation of a metrics and structural-analytical model for testing digital systems-on-chips. 2) Improvement of the models and methods for detecting functional failures, based on assertion engine, to increase the speed of HDL-code verification and diagnosis. 3) Development of the architectural model of multimatrix processor for diagnosing.
References are: 1. Models of the problems for technical diagnosis are presented in [1-6]. 2. Diagnosis and verification of digital systems-on-chips are described in [917, 22-15]. 3. Hardware and matrix processors for increasing the speed of testing are proposed in [18-21].
II. A MODEL FOR TESTING AND VERIFICATION
The effective process models and methods for diagnosing the functional failures in software and/or hardware are offered. The register or matrix (tabular) data structures, focused to parallel execution of logic operations, are used for detecting the faulty components.
The problem of synthesis or analysis of system components can be formulated in the form of interaction (symmetrical difference is an analog of xor-operation on the Boolean) of its model F, input stimuli T and responses L in a cybernetic space:
f(F,T,L) = 0 ^ FATAL = 0 .
A cyberspace is a set of information processes and occurrences, which use computer systems and networks as a carrier. Particularly, a space component is represented by k-dimensional (tuple) vector
a = (a1,a2,...,aj,...,ak), aj = {0,1} in a binary alphabet. Zero-vector is k-dimensional tuple, all coordinates of which are equal to zero: aj = 0, j = 1,k.
Metrics P of cybernetic (binary) space is defined by a single equality that forms zero-vector for xor-sum of the distances d i between nonzero and finite quantity of points, closed in a cycle:
n
P = © di = 0.
i =1
The Hamming distance between two objects (vectors) a and b is determined as derived vector: k
di = d(a,b) = aj © bj. Otherwise: the metrics P of a j=1
vector logic binary space is xor-sum of the distances (it is equal to zero) between finite quantity of graph points (nodes), closed in a cycle. The sum of n-dimensional binary vectors, specifying the coordinates of cycle points, is equal to zero-vector. This metrics definition uses relations that allow reducing the axiom system from three up to one and extending it on any constructions of n-dimensional cyberspace. The classical metrics definition for determining interaction of one, two and three points in vector logic space is a particular case of P -metrics when i = 1,2,3 respectively:
M = <!
d1 = 0 ^ a = b;
d1 © d2 = 0 d(a, b) = d(b, a);
d1 © d2 © d3 = 0 d(a,b) © d(b,c) = d(a,c).
The metrics P of cybernetic multiple-valued space, where each coordinate of vector (object) is determined in the alphabet that is the Boolean on universe of primitives by
the power p: aj = {a1,a2,...,ar,...,am}, m = 2p , is the
symmetric difference (it is equal to 0 -vector by all coordinates) of the distances between finite quantity of points, closed in a cycle:
n
P = A di =0. (1)
i=1
Equality empty vector the symmetric difference of coordinatewise set-theory interaction (1) emphasizes the equivalence of the components (distances), which form the equation with a single coordinate operation di j Adi+1 j,
used, for instance, in four-digit Cantor’s model. It is defined by the corresponding A -table:
a 0 1 x 0
a 10 0 x
The truth tables for other basic set-theory operations are represented in (2). A number of primitive symbols, formed closed alphabet relative to the set-theory coordinate operations, can be increased. At that the power of alphabet
(Boolean) is determined by the expression m = 2p , where p is a number of primitive symbols. This metrics is not only of theoretical interest, but has a practical focus on generalization and classification of technical diagnosis problems by creating a model for xor-relations on the set of four main components. The procedures of test synthesis, fault simulation and detection can be reduced to xor-relations on a full interaction graph (Fig. 1) for four nodes (functionality, unit, test, faults) G = {F,U, T, L}.
R&I, 2010, N4
37
Fig. 1. Graph of interaction between technical diagnosis components
The graph creates four basic triangles, which form 12 triads of relations for the problems of technical diagnosis:
T©F©L=0 T©L©U=0 T©F©U=0 F©L©U=0
1) T = F©L 2) F = T©L 3) L = T © F 4) T = L © U 5) L=T©U 6) U=T©L 7) T = F © U 8) F = T©U 9) U=T©F 10) F = L © U 11) L=F © U 12) U=F © L
Insertion of the node U in the graph of interaction between technical diagnosis components extends the functionality of the model; new properties of the resulting system appear. Introduction the new node in the structure has to have strong arguments of its advisability. Concerning the graph, represented in Fig. 1, all problems can be classified into groups as follows.
Group 1 involves the theoretical experiments (on the functionality model), without the device: 1) test synthesis by using the functionality model for a specified fault list; 2) development of the functionality model, based on a given test and fault list; 3) fault simulation for functionality by using given test.
Group 2 - real experiments (by device) without functionality model: 4) test synthesis by physical fault simulation in the device; 5) fault list generation for the device by means of diagnostic experiment; 6) test and faults verification by means of the experiment on a real device.
Group 3 - test experiments (verification) without faults: 7) test synthesis by means of comparing the model simulation results and real device; 8) functionality synthesis by using a real device and a given test; 9) verification of test and functionality model by using the real device with existing faults.
Group 4 - experiments during operation with real inputs: 10) check of correct behavior of a real device on the existing or specified faults; 11) test the device on the existing model in the operation; 12) verification of the functionality and fault list relative to the behavior of a real device.
The most popular problems of the above list are: 1, 3, 5, 8, 9. Another classification of the problem types can be introduced. It allows defining by the graph
G = (F, U, T, L) all the conceptual solutions of target problems: test synthesis, functionality model definition, fault model generation and designing of a device:
1) T = F © L; 4) F = T © L; 7) L = T © F; 10) U = T © L;
2) T = U © L; 5) F = U © L; 8) L = T © U; 11) U = T © F;
3) T = F© U; 6) F = T © U; 9) L = F© U; 12) U = F© L.
All constructions, used in a relationship, have the remarkable property of reversibility. Component, calculated using the other two, can be used as an argument to determine any of the two original ones. Thereby, transitive reversibility of each relation triad on complete graph is occur, when by using any two components it is always possible to restore or to determine the third one. At that the format for each component must be identical in structure and dimension (vectors, matrices). Fault diagnosis methods, based on the proposed metrics and testing models, are considered in more detail below.
III. Model for detecting functional failures in
SOFTWARE
The space equation f(F,T,L,U) = 0 ^ F © T © L © U = 0 is used. It is transformed to the form L = (T © F) © (T © U). Fault (functional failures) diagnosis is reduced to comparison of simulation (T © F) and full-scale (T © U)
results, which generates a functional failure list L, detected in the diagnosed unit. Model-formula for searching the functionally faulty block Fi is reduced to solving by determining xor-interaction between three components:
p
L = Fi ^ [(T © Fi) © (T © Ui)] = 0.
i=1
An analytic model for verification of HDL-code by using temporal assertion engine (additional observation lines) is focused to achievement the specified diagnosis depth and presented as follows:
M=f(F,A,B,S,T,L), F=(A*B)xS; S=f(T,B);
A = {A1,A2,...,Ai,...,An}; B = {Bl,B2,...,Bi,...,Bn}; (3)
S={S1,S2,...,Si,...,Sm}; Si={Si1,Si2,...,Sj,...,Sip}; (3)
T = {T1,T2,...,Ti,...,Tk}; L = {L1,L25...,Li5...,Ln}.
Here F = (A * B) x S is functionality, represented by Code-Flow Transaction Graph - CFTG (Fig. 2); S = {S1,S2,...,Si,...,Sm} are nodes or states of software when simulating test segments. Otherwise the graph can be considered as ABC-graph - Assertion Based Coverage Graph. Each state Si = {Si1,Si2,...,Sij,..., Sip} is
determined by the values of design essential variables (Boolean, register variables, memory). The oriented graph arcs are represented by a set of software blocks
B = ^b^ . ^iv. ^nX ^ Bi = B; ^ Bi =0,
i=1 i=1
where the assertion Ai e A = {A1, A2,..., Ai,..., An} can be put in correspondence to each of them. Each arc Bi - a
38
R&I, 2010, N4
sequence of code statements - determines the state of the node Si = f(T,Bi) depending on the test
T = {T[,T2,...,Ti,...,Tk}. The assertion monitor, uniting the assertions of node incoming arcs A(Si) = Ai1 V Ai2 v... v Ajj v... v Ain can be put in
correspondence to each node. A node can have more than one incoming (outcoming) arc. A set of functionally faulty blocks is represented by the list L = {Li,L2,...,Li,...,Ln}.
failures; 3) optimize test synthesis by means of solving the coverage problem by the minimum set of activated paths of all arcs (nodes). For instance, the minimum test for the above mentioned ABC-graph has six segments, which activate all existent paths:
T = S0S1S3S7S9 V S0S1S4S8S9 V S0S1S5S7S9 VSoS2S4S8S9 VSoS2S5S7S9 VSoS2S6S8S9.
V
Tests can be associated with the following program block activization matrix:
B = (B1B3B9 v (B2B7 v B1B5)B11)B13 v
V ((B1B4 V B2B6 )B10 V B2B8B12 )B14 =
= B1B3B9B13 v B2B7B11B13 v B1B5B11B13 v
V B1B4B10B14
V B2B6B10B14 V B2B8B12B14*
Fig. 2. Example of ABC-graph for HDL-code
The model for HDL-code, represented in the form of ABC-graph, describes not only software structure, but test slices of the functional coverage, generated by using software blocks, incoming to the given node. The last one defines the relation between achieved on the test variable space and potential one, which forms the functional coverage as the power of state i-th graph node
Q = cardCr/cardCp. In the aggregate all nodes have to
be full coverage of the state space of software variables, which determines the test quality, equal to 1 (100%):
m r m p
Q = card U Cr / card U Cp = 1. Furthermore, the
i=1 i i=1 i
assertion engine < A, C > that exists in the graph allows monitoring arcs (code-coverage)
A = {A1,A2,...,Ai,...,An} and nodes (functional
coverage) C = {C1,C2,...,Ci,...,Cm} . The assertions on arcs are designed for diagnosis of the functional failures in software blocks. The assertions on graph nodes carry information about the quality of test (assertion) for their improvement or complement. The Code-Flow Transaction Graph makes possible the following: 1) use the testability design to estimate the software quality; 2) estimate the costs for creating tests, diagnosing and correcting the functional
Bij B1 B2 B3 B4 B5 B6 B7 B8 B9 B10 B11 B12 B13 B14
T1 1 1 1 1
T2 1 1 1 1
T3 1 1 1 1
T4 1 1 1 1
T5 1 1 1 1
T6 1 1 1 1
The activization matrix shows the fact of indistinguishability of the functional failures on a test in the blocks 3 and 9, 8 and 12, which constitute two equivalence classes if there is one assertion (monitor) in the node 9. To resolve this indistinguishability it is necessary to create two additional monitors in the nodes 3 and 6. As a result, three assertions in the nodes A = (A3, A6, A9 ) allow
distinguishing all the blocks of software code. Thus, the graph enables not only to synthesize the optimal test, but also to determine the minimum number of assertion monitors in the nodes to search faulty blocks with a given diagnosis depth.
Increasing the number of assertion monitors leads to modification of an activization table. Otherwise, on a given test and the assertion engine it is necessary to solve uniquely the diagnosis problem for functional failures of the software code with the depth up to a software module. At that the number of assertions and test segments to be minimum acceptable for the code identification of all the blocks:
|T +1A > log2|B| = cardT + cardA > log2 cardB.
Initially, the number of monitors-assertions is equal to the number of test segments. The activization table for software modules makes it possible to identify code blocks with functional failures by the generalized output response vector (assertion monitoring)
V = (V1,V2,...,Vi,...,Vn),Vi = {0,1},Vi = Ti © Bj, Vj(Bij = 1)
The vector coordinate Vi = Ti © Bj = 1 identifies the
nonpassage of the test segment on a subset of activated modules. In accordance with the vector V, defined on the activization table subject to the above rule for calculating its coordinates:
R&I, 2010, N4
39
Bj B1 B2 B3 B4 B5 % B7 B8 B^ B10 Bl1 B12 B13 B14 V
T1 1 1 1 1 0
T2 1 1 1 1 1
T3 1 1 1 1 0
T4 1 1 1 1 1
T5 1 1 1 1 0
T6 1 1 1 1 1
a logical function of software functional failures can be constructed, which is simplified using the coordinates of the output response vector V:
B=(T vBj vB3 vB9 vBj3) л(T2 vBj vB4 vB10 vB14) л л (T3 v B1 v B5 v B11 v B13) л (T4 v B2 v B6 v B10 v B14) л л(T5 vB2 vB7 v B11 vB13) л(T6 vB2 vB8 vB12 v Д4); {V,T}=(01010)^
B=(0 v B1 v B4 v B10 v B14) л (0 v B2 v B6 v B10 v B14) л л (0 v B2 v B8 v B12 v B14) =
=(Д v B4 v B10 v B14) л (B2 v B6 v Д0 v Ц4) л
л (B2 v B8 v B12 v B14) —
=BB2 vB4B2 v ...vB3B6B2 v...vЦ4.
After transformation the conjunctive normal form (CNF) to disjunctive normal form the obtained terms include all possible solutions in the form of unit coordinate coverage for the output response vector by single or multiple software functional failures. Choosing the best solution is made by determining DNF term of the minimum length.
In this example, the optimal solution is a term containing a single block B — B14, which covers three units in the output response vector V — (010101). This fact is also evident from comparison of the last two columns of the activation matrix B.
IV. A METHOD FOR VECTOR LOGIC ANALYZING COLUMNS
Methods for detecting the functional failures (FF) in the statement blocks use previously generated functional failure table B — [Bjj ], where a row is relation between a test segment and subset of activated (on this segment) software blocks Ti «(Bi1,Bi2,...,Bij,...,Bin). A column forms the relation between software block and test segments Bj ' (T1j,T2j,.. ,Tij, . ,Tpj), which activate h.
Otherwise, a column is an assertion vector, detecting the functional failure in corresponding block. On simulation stage the response m — (m1,m2,...,mi,...,mp) of the
assertion engine on a test is identified by means of generating each bit
mi — (A1 v A2 v... v Ai v... v Ak), Ai — {0,1} as
response of assertions on the test segment Ti . Searching FF’s is based on the definition of xor-operation between the vector of assertion states and columns of the functional failure table m© (B1 v B2 v... vBj v... vBn). The
solution is determined by the vector B j with minimum
quantity of 1 coordinates, which determine the functionally faulty software blocks, checked by the test segments. Diagnosis by the functional failure table on the basis of the response m — (m1,m2,...,mi,...,mn),mi — {0,1} is reduced to the methods for vector logic analyzing columns or rows.
The first one is based on use vector xor-operation between m-response of the functionality on the test, formally considered as an input vector-column, and columns of the fault detection table m © (B1 v B2 v... v Bj v... v Bm) . To determine the
interaction quality of vectors Q j (m © B j) and to choose
the best solution the columns with minimal quantity of 1’s for resultant vector are identified. They forms the functionally faulty blocks, checked by test patterns. The analytic model for solving the diagnosis problem and obtaining the list of functionally faulty software blocks is represented in the following form: n k k
L — L v Bj ^ £ (Bjj © mi) — (0 v min). (4) j—1 i—1 i—1
Here an output response vector is input one for subsequent analyzing of the functional failure table
m — f(A, B) © f (A,B,L) . (5)
And it is a result of test experiment - comparison of the functional (output states) for model under test f (A, B) and *
unit under test f (A, B, L) with the faults L on the test
patterns A. In second case if a set of faults L > 1, it means existence of equivalent functional failures on given test and assertion engine.
A process model for searching the best solution with minimum quantity of 1 coordinates from 2 or more alternatives is shown in Fig. 3. It involves the following operations: 1) Initially, in all coordinates (the worst solution) of the vector Q, where the best solution is stored, 1 values are entered; and simultaneously left slc operation with compaction of 1’s is performed for given vector Qi. 2) Comparing of two vectors is performed: Q and the next estimation Qi from the solution list. 3) Vector operation And (Q л Qi) is performed. The result is compared with vector Q, which allows changing it, if the vector Qi has less quantity of 1 values. 4) The procedure for searching the best solution is repeated by n times.
40
R&I, 2010, N4
Fig. 3. Process-decision model
An advantage of the method for vector logic analyzing columns is the choice of the best solution from all possible single and multiple faults. Actually, such single functional failures are included in the fault list, which when logical multiplying them by output response vector give a result in the form of vector-column. Disjunction of all columns, generating a solution, is equal to the output response vector r
v (B j e B) = m .
j=1
An example for analyzing the functional failure table FFT of the module Row_buffer (Fig. 4) is represented
Fig. 4. Row_buffer transaction graph and table FFT
On the basis of the diagnosis procedure (4) and tables FFT (see Fig. 3) the faulty components can be determined by analysis of FFT columns. Here the vectors m1, m2 define the diagnosis results, performed by the procedure (5). The diagnosis result for single and multiple functional failures is following:
10
Ls(m1) = m1 л(v B.) = B9 ^ D2;
j=1 j 10
Lm(m2) = m2 л(vBj) = B1 vB2 ^ L1 vL2;
j=1
1 4 1
QK^) = 1; Q[m2,(L1 v L2)] = 3(13 + 3 +1) = 0,52.
In the first case, the diagnosis is defined as a single faulty module D2 that present in the transactional graph; the solution quality is equal to 1. In the second case, the diagnosis procedure detects two faulty modules L1 v L 2 , the quality estimation of which is not the optimal. Nevertheless, the solution is the best among all the possible, which is maximally approximate to the output response vector by the membership criterion Q[m2,(L v L2)]. The computational complexity of the method for analyzing columns is determined by the following dependence:
Zc = 3n2 + n2 = 4n2; Zr = 3n + n = 4n. Here, the first
estimate takes into account the implementation of coordinate operations on the matrix of the dimension n x n . The second estimate determines the computational complexity of the register parallel operations to compute quality criteria and process the matrix, respectively.
V. Method for vector logic analysis of rows
The method is designed for determination of fault or functional failure (FF) location in software code and consists of two procedures: 1) determining the logical product of the conjunction of lines, marked by unit values of the vector Ti (mi = 1) , by the negation of disjunction of zero rows Ti (mi = 0) for single faulty modules; 2) determining the logical product of disjunction of unit lines by the negation of the disjunction of zero rows for multiple faulty modules:
Ls = ( Л Ti) л ( v Ti);
Vm; =1 Vm; = 0
1 _i_______ (6)
Lm = ( v T;) л ( v T;);
Vmi =1 Vmi = 0
The formulas are interesting, because they are not related to the diagnosis quality criteria and operate only two components: FFT table and output response vector. Performing the diagnosis procedure by the formulae (4) for the output response vector m1 = (0101010010010), specified in the last table FFT, forms the result:
Ls(m1,T) = D2, which is not worse than previously obtained by the method for analyzing columns. For the output response vector m2 = (1110011100000) the
diagnosis result is: Lm(m2,T) = L1 v L2 . Computational complexity of the method for analyzing rows is determined
R&I, 2010, N4
41
c 2 r
by the following dependence: Z = n ; Z = n. The first estimate is designed to count the number of coordinate operations, the second one determines the computational complexity of processing, based on the register parallel operations. The proposed methods for diagnosing functional failures in software and hardware are the most important components of the Infrastructure IP.
Formulae (6) can be modified if the following designations are introduced:
a = (AT,);b = ( V Ti); c = ( V TJ;
Vm; =1 Vm: =0 Vm:=1
Ls = ab = a 0 ab = a(a 0 b) = a(b 01);
Lm = cb = c 0 cb = c(c 0 b) = c(b 01);
L lab = ab = a0 ab = a(a0 b) = a(b 0 1);
[cb = cb = c 0 cb = c(c 0 b) = c(b 0 1) ^ ab = 0
Any right side expression of the equations can be used to detect functional failure in the software or hardware. The difference lies in the presence or absence of inversion, which is replaced by xor-operation, more preferable for diagnosis and pattern recognition. In this case, the process model for diagnosing single (using a-component) or multiple (b-component) faults (functional failures) based on analyzing the table FFT has an effective vector-oriented computing technology:
L = (b 0 1)(a v c),
embedded Infrastructure IP of software/hardware. According to set theory, this means determining the result of set-theory subtraction L = (a v c) \ b = (a \ b) v (c \ b) in the algebra-logic vector space. For such operations the multimatrix processor is needed, which is strictly focused on the parallel execution of several logic operations on data matrices.
VI. Matrix method for detecting the functional
FAILURES IN SOFTWARE
Further to the software transaction graph (3) a method for diagnosing functional failures in software uses the triad of matrices of the same format:
M = B 0 A 0 L = 0,
L = B0 A^Lj= Bij 0 Ац^{Bij,Aij,Lij} = {0,1}; B = [Bij], A = [Aj], L = [Lij],
i = 1,n; j = 1,m; 0 = ab v ab.
Here matrices form: B - block activization on test segments during simulation; A - activity of assertions, corresponding to blocks, on test segments and during simulation; L - faulty blocks, obtained as result of xor-operation on two above matrices. coordinate-wise analyzing the matrices uses binary xor-operation, such as (see Table I).
Obtained result L = B 0 A in the form of L-matrix [Ljj ] = (T x B x {0,1}), all coordinated of which are equal
to zero, indicates absence functional failures in software relatively the proposed verification plan in the format (test -functional blocks - activization [Bij] = (Tx Bx {0,1}),
test - assertions - response [Aij] = (T x A x {0,1}). Another model experiment indicates presence the functional failures L = {Bj,B2,B3,B5,B6} in software code (see Table II).
Here are the results of vector operations on all rows of two tables v Li=11101100 and v Ai =11011111. Logical conjunction of them with the preliminary inversion of the first vector gives the coordinates of blocks with functional failures, marked by units. In this example, the vector forms only one block (00100000)&(11101100)=(00100000).
Tables I, II
Bij B1 B2 B3 B, B5 B6 B7 B8
Tj 1 1 1
T A2 1 1 1
T3 1 1 1
T, 1 1 1
T5 1 1 1
T6 1 1 1
T7 1 1 1
T8 1 1 1
Bij B1 B2 B3 B4 B5 B6 B7 B8
T, 1 1 1
T A2 1 1 1
T A3 1 1 1
T4 1 1 1
T5 1 1 1
T6 1 1 1
T7 1 1 1
T8 1 1 1
0
A„
A>
A2
A3
V Ai
A, A5 A6 a7 As Lij B1 B2 B3
1 1 T1
1 T 2
1 1 1 T3
1 = T,
1 1 T5
1 1 T6
1 1 T7
1 1 T8
a, A5 A6 A7 a8 Lij B1 B2 B3
1 1 T1
0 T2 1 1
1 1 1 T3
0 T4 1 1
1 1 T5
1 1 T6
1 1 T7
1 1 T8 1
1 1 1 1 1 V Li 1 1 1
0 110 0
B
B
B
B
B
T
1
T
1
T
T
T
T
T
T
A
A
A
A
B
B
B
B
B
7
4
T
T
0
0
1
T.
T
0
0
T
1
T
T
1
7
T
0
1
0
42
R&I, 2010, N4
What is the reason for the reduction of faulty blocks? If to assume that in compliance with the verification plan the verification of the first block has to detect faults on first and sixth test, which is not satisfied, so block 1 can be excluded from the fault list. Similarly, modules 2, 5, 6 can be excluded. Then the corrected result will have only one block with the functional failures: L = {B3}. The
procedure for refining the diagnosis result can also be formalized in the following form:
L = Bj ^ B j лLj = Bj,j = 1,m. If the comparison
result is negative Bj © Lj = 0, it means the code is
incorrect, assertion or test failed, including functional coverage. For the diagnosis code in accordance with the process model of the form
L(B,T) = (B© A) ^ L(B) = ( Ai) л ( Li),
i=1,n i=1,n
it is necessary to consider the following items:
1. Coverage is any metric for choosing test and determining its confidence. Code coverage is test metric, focused on the confirmation of execution of all code lines. Decomposition of software code into blocks is performed
B = {Bs,Bt} ^ Bs nBt =0,Bs иBt = B. Each block belongs to one of two types: the sequence of statements without a branch or time delay circuit st
Bi e {B ,B }. Location of assertion monitors is carried out for block activity on test at the beginning of the branch or in the first timer cycle of a time delay circuit. In the modeling process assertions form an activization matrix for software blocks on each test segment
Bjj = Ti © Bj e {0,1}. If the block is active (assertion
passed) on the test (testbench), matrix coordinate is equal to 1, otherwise - Bjj = 0. Testbench is input conditions for
testing the HDL-code and corresponding output responses, which define transformations of the device under test in the functional subspace.
2. Functional coverage is test metric that ensures the accessability of all essential states in the software variable and function definition space. Decomposition of software functionality in control and transaction graphs is performed:
F = {Fc,Ft} ^ Fc nFt = 0,Fc иFt = F. This makes it possible to considerably reduce the dimension of coverage problem that defines the domain for the control variable and data flow. Test generation and the subsequent coverage driven verification use the above mentioned graphs with constraints, taken from the specification. Synthesized test for the control graph allows activation of all logic and arithmetic variables involved in initiation of software transaction. Way of variable activation or test synthesis consists of pseudo-random or deterministic (algorithmic) generating test inputs, as well as hand-writing input stimuli. Forms of coverage definition are an
abbreviated truth table, Boolean equation, binary decision diagrams, the flowgraph. Test for the second graph handles data flows, which at the system level not always have to be checked because of the absence of faults, such as short circuits between the variables or constant faults in them. Transaction graph can be used to create a verification plan for essential interface parameters of software. To do this it is necessary to use interface assertions operating by global variables.
2. Assertion matrix for software blocks has a form similar to the structure of block activation A = [Ay ]. Here format
of assertion as logic statement, using the essential variables of software block f(X) = Ay = {0,1} , responses for
running the corresponding activated on the test module Bij = 1 . Several statements can be in the block, separated
to increase the diagnosis depth or united by function or. In last case assertion responses for correct functioning of the block. Assertion has two values: 1 - block operates fault-free, 0 - there are functional failures. Assertions are represented by two hierarchy levels: interface and block
ones A = {Ai, Ab} . The first ones are focused on testing the essential parameters of the specifications, which are common for the software and external for it. Second ones are built into software block, which don’t have branches. Power of commands or code lines - up to 20 - is determined by the number of statements to be placed on the screen. Such block can contain time or event delay statements.
VII. Implementation of models and methods in the
VERIFICATION SYSTEM
Practical implementation of models and verification methods is integrated into the simulation environment Riviera of Aldec Inc., Fig. 5. New assertion and diagnosis modules, added in the system, improved the existing verification process, which allowed 15% reduction the design time of digital product.
HDL Code of Design
’ 1
Testbench Design Interface Assertion Model
|==
1 r i 4 1 '
Functional Coverage Diagnosis Scoreboard
Simulation Environment Riviera L Correction
Fig. 5. Implementation of results in the system Riviera
Actually, application of assertions makes possible to decrease the length of test-bench code and considerably reduce (х3) the design time (Fig. 6), which is the most expensive. Assertion engine allows increasing the diagnosis
R&I, 2010, N4
43
depth of functional failures in software blocks up to level 10-20 HDL-code statements.
Time-to-market comparison
Design capacity (MGates)
Fig. 6. Comparative analysis of verification methods
Due to the interaction of simulation tools and assertion engine, automatically placed inside the HDL-code, an access of diagnosis tools to the values of all internal signals is appeared. This allows quickly identifying the location and type of the functional failure, as well as reducing the time of error detection in the evolution of product with top-down design. Application of assertion for 50 real-life designs (from 5 thousand up to 5 million gates) allowed obtaining hundreds of dedicated solutions, included in the verification template library VTL, which generalizes the most popular on the market EDA (Electronic Design Automation) temporal verification limitations for the broad class of digital products. Software implementation of the proposed system for analyzing assertions and diagnosing HDL-code is part of a multifunctional integrated environment Aldec Riviera for simulation and verification of HDL-models.
High performance and technological combination of assertion analysis system and HDL-simulator of Aldec company is largely achieved through integration with the internal simulator components, including HDL-language compilers. Processing the results of the assertion analysis system is provided by a set of visual tools of Riviera environment to facilitate the diagnosis and removal of functional failures. The assertion analysis model can also be implemented in hardware with certain constraints on a subset of the supported language structures. Products Riviera including the components of assertion temporal verification, which allow improving the design quality for 3-5%, currently, occupies a leading position in the world IT market with the number of installations of 5,000 a year in 200 companies and universities in more than 20 countries on the world.
VIII. Multimatrix processor of binary operations
AND VERIFICATION INFRASTRUCTURE
To implement effective computational processes by time and cost of associated with the diagnosis of functional failures it is necessary processor of the simple architecture with minimum instruction set, where the operands are not only Boolean variables, but also more complex structures
such as registers and matrices. Such processor should execute in parallel mode operations over all bits of the regular operands, not requiring special compilers for paralleling computing processes.
Multimatrix processor (MMP) is a minimum architecture of instruction primitives, where each of them focused on the parallel execution of only one operation (and, or, xor, slc) over the corresponding matrix (two-dimensional data array). The number of command-oriented matrix primitives creates a system - a heterogeneous multimatrix processor of binary operations with buffer M, Fig. 7.
Fig. 7. Multimatrix processor of binary operations
The standard blocks are shown here: data DM and program PM memory, control unit CU, interface I-face and infrastructure I-IP, as well as multimatrix processor, including 4 memory blocks with embedded operations (A -and, B - xor, C - or, D - slc - shift left crowding) and buffer memory M. Multimatrix processor (MMP) is focused on parallel execution one of four instructions (ISA -Instruction Set Architecture) for processing matrices of binary data of the same dimension M = M {and,or,xor,slc}{A,B,C,D} and saving the
result in the buffer M. Feature of MMP is that each instruction has data matrix for parallel processing (not matrix cell has instruction set of 4 operations) to simplify the control structure and device in whole. The complexity of MMP is focused on data structures, matrix memory has a single hardware embedded instruction that enables to implement primitive control system for parallel computing (SIMD - Single Instruction Multiple Data). Proposed MMP architecture is adapted to execution of logic instructions by the operands of register level. MMP prototype is integrated in the hardware acceleration board for simulation and verification HES™, Aldec Inc.
on the basis of multimatrix (register) processor an infrastructure for verification HDL-code (Fig. 8) is developed. It is modification of I-IP standard IEEE 1500 SECT [3, 4, 11, 14]. There are 4 process models: testing on the simulation stage, diagnosis of functional failures, diagnosis optimization, repairing.
1. Process model for testing involves HDL-model, assertion engine, testbench and coverage. Last one estimates test quality for all design states. In simulating the
44
R&I, 2010, N4
activization matrix B for software blocks and assertion response matrix A on test segments are generated. Matrix A can be transformed to assertion state vector m by application of the function Or to vector-columns of A-matrix.
B = (T © F);
mc m = v A j ^ A = (T © Ac).
j=1
mi = v Ajj =
j=1
T m Aj A1 a2 A3 a4 A5 A6 A7 A8
T1 T1
T2 1 T2 1 1 1
T3 T3
T4 1 = T4 1 1 1
T5 T5
T6 T6
T7 T7
T8 1 T8 1
Subsequent implementation of xor-operation between the assertion vector and activization matrix columns allows obtaining the best solution, which is determined by the minimum code distance
n n
L = L v Bj ^ ^ (By © mi) = (0 v min):
i=1 i=1
Bj B1 B2 B3 B4 B5 B6 B7 B8 T m Lj B1 B2 B3 B4 B5 B6 B7 B8
T1 1 1 1 Ti T1 1 1 1
T2 1 1 1 T2 1 T2 1 1 1 1 1
T3 1 1 1 T3 T3 1 1 1
T4 1 1 1 © T4 1 T4 1 1 1 1 1
T5 1 1 1 t5 t5 1 1 1
T6 1 1 1 T6 T6 1 1 1
T7 1 1 1 T7 T7 1 1 1
T8 1 1 1 T8 1 T8 1 1 1 1 1
d(A,Bj) 4 4 0 4 2 4 6 6
2. The last two components are used in the second process model for diagnosing blocks of HDL-code. Diagnosis is fault vector, which forms a subset of blocks md with functional failures. At that the errors can be in testbench and in assertion statements, which are designed for testing and monitoring software blocks. If exact identification of the block is absent when comparing the columns of activization matrix and assertion responses, triple diagnosis uncertainty D = {Bj,Ti,Aij} arises.
3. The third block solves the problem of minimizing the number of blocks, in which functional failures can be, up to one of them. At that a block activization matrix and the diagnosis md , obtained in the previous process model, are used.
4. Correction of functional failures is focused on manual searching errors in a software block, presented by the vector m b . Automated correcting errors in the block is possible, if there is a library of diversion software modules of the similar functionality in the verification infrastructure.
The proposed infrastructure is one of steps towards the creation of verification automaton for software blocks. An example of diagnosing the functional failure, based on using the activization matrix, is represented below. The vector of assertion responses is obtained from the matrix Ay = {1 ^ failed, 0 ^ passed} by disjunctive union of rows content:
Diagnosis is block 3 has functional failures, because three assertions are failed on the test segments 2,4 and 8, which in this combination activate only block number 3. If assertion matrix (not vector) is used for diagnosing, searching for faulty blocks is the following:
Diagnosis is similar to the previous one: block 3 has functional failures, because the code distance is equal to zero only for the column number 3.
IX. Conclusion
The following results are proposed in the paper:
1. A structural model for relations on the set of four main components of technical diagnosis (functionality, unit, test and faults), which is characterized by complete xor-interaction of all the graph nodes and transitive reversibility of each relation triad that allows defining and classifying the ways of solving practical problems, including test synthesis, fault simulation and fault detection.
2. A new model of software in the form of Code-Flow Transaction Graph, as well as a new matrix method for diagnosing functional failures, which are characterized by adaptability of data preparation when detecting faulty
В B1 в B3 B4 B; B6 b, B, a, A1 A2 a2 A4 A; a. A, A, L, B1 B2 B, B4 B; B6 B, E8
T1 1 1 1 T T1 1 1 1
T2 1 1 1 T2 1 1 1 T2
T3 1 1 1 T2 T2 1 1 1
T, 1 1 1 T| 1 1 1 T4
© =
t; 1 1 1 t; T; 1 1 1
t. 1 1 1 t. t. 1 1 1
T7 1 1 1 t, T7 1 1 1
T, 1 1 1 T, 1 T, 1 1
й(АЗ,) 2 2 0 3 2 2 3 3
R&I, 2010, N4
45
blocks, are proposed. They allow considerably reducing the design time of digital systems on chips.
3. Methods for searching functional failures, which differ in parallel execution of vector operations on the rows of a functional failure table, are improved. They allow substantially (x10) increasing the performance of computational procedures associated with diagnosis and repair of software and hardware.
4. The architecture of multimatrix processor, focused to increasing the speed of embedded diagnosis of functional failures in the software or hardware product, which differs using parallel logic vector operations and, or, xor, slc that enables to increase considerably (x10) the speed of diagnosing single and/or multiple faults (functional failures).
5. The infrastructure for verification and diagnosis of HDL-code for design digital systems-on-chips, which involves four process models for testing, diagnosing, optimization and correcting errors, closed in a cycle, that makes it possible to reduce the time of code debugging, when creating a design.
6. Practical implementation of models and verification methods is integrated into the simulating environment Riviera of Aldec Inc. New assertion and diagnosis modules improved the existing verification process, which allowed 15% reduction in overall design time of digital products.
References
[1] Technical diagnosis basics / Editor P.P. Parchomenko.- M.: Energy.-1976.- 460 p.
[2] Parchomenko P.P., Sogomonyan E.S. Technical diagnosis basics (Optimization of diagnosis algorithms, hardware tools) / Editor P.P. Parchomenko.- M.: Energy.- 1981.- 320 p.
[3] Infrastructure for brain-like computing / M.F. Bondaryenko, O.A. Guz, V.I. Hahanov, Yu.P. Shabanov-Kushnaryenko.- Kharkov: Novoye Slovo.- 2010.- 160 p.
[4] Design and Verification of digital systems on chips / V.I. Hahanov, I.V. Hahanova, E.I. Litvinova, О.А. Guz.- Kharkov: Novoye Slovo. -
2010. - 528 p.
[5] Semenets V.V., Hahanova I.V., Hahanov V.I. Design of digital systems by using VHDL language.- Kharkov: KHNURE.- 2003.- 492 p.
[6] Hahanov V.I., Hahanova I.V. VHDL+Verilog = synthesis for minutes. - Kharkov: KHNURE.- 2006.- 264 p.
[7] Hahanov V.I. Technical diagnosis of digital and microprocessor structures: Manual.- K.: ISIO, 1995.- 242 p.
[8] Skobtsov Yu.A. Logic simulating and testing digital devices / Yu.A. Skobtsov, V.Yu. Skobtsov. -Donetsk: IPMM NSA of Ukraine, DonNTU.-2005.- 436 p.
[9] IEEE Standard for Reduced-Pin and Enhanced-Functionality Test Access Port and Boundary-Scan Architecture IEEE Std 1149.7-2009. - 985 p-
[10] Da Silva F., McLaurin T., Waayers T. The Core Test Wrapper Handbook. Rationale and Application of IEEE Std. 1500™. -Springer.-2006.- XXIX.- 276 p.
[11] Marinissen E.J., Yervant Zorian. Guest Editors' Introduction: The Status of IEEE Std 1500.-IEEE Design & Test of Computers.- 2009.-No26(1).- P.6-7.
[12] IEEE Std 1800-2009 IEEE Standard for System Verilog-Unified Hardware Design, Specification, and Verification Language. http://ieeexplore.ieee.org/servlet/opac?punumber= 5354133
[13] Marinissen E.J. Testing TSV-based three-dimensional stacked ICs // DATE 2010.- 2010.- P.1689-1694.
[14] Benso A., Di Carlo S., Prinetto P., Zorian Y. IEEE Standard 1500 Compliance Verification for Embedded Cores // IEEE Trans. VLSI Syst.-
2008. - No 16(4).- P. 397-407.
[15] Ubar R., Kostin S., Raik J. Embedded diagnosis in digital systems // 26th International Conference “Microelectronics”, MIEL 2008. - 2008.- P. 421-424.
[16] Elm M., Wunderlich H.-J. Scan Chain Organization for Embedded Diagnosis // Design, Automation and Test in Europe, DATE '08.- 2008.-P. 468-473.
[17] Bulent I. Dervisoglu. A Unified DFT Architecture for Use with IEEE 1149.1 and VSIA/IEEE P1500 Compliant Test Access Controllers. Proceedings of the Design Automation Conference. - 2001. - P. 53-58.
[18] Chenlong Hu, Ping Yang, Ying Xiao, Shaoxiong Zhou. Hardware design and realization of matrix converter based on DSP & CPLD // 3rd International Conference Power Electronics Systems and Applications.-
2009. - P. 1-5.
[19] Dave N., Fleming K., Myron King, Pellauer M., Vijayaraghavan M. Hardware Acceleration of Matrix Multiplication on a Xilinx FPGA // 5th IEEE/ACM International Conference Formal Methods and Models for Codesign.- 2007.- P.97-100.
[20] Loucks W.M., Snelgrove M., Zaky S.G. A Vector Processor Based on One-BitMicroprocessors // IEEE Micro.-Volume 2, Issue 1.- 1982.- P. 53-62.
[21] Hilewitz Y., Lauradoux C., Lee R.B. Bit matrix multiplication in commodity processors // International Conference Application-Specific Systems, Architectures and Processors.- 2008.- P. 7-12.
[22] Soon, J.L.K.; Low Ching Ling; DEV. Design explorer for verification. Integrated Circuits, ISIC '09. Proceedings of the 2009 12th International Symposium: 2009, Page(s): 413 - 416.
[23] Rafe, V.; Rafeh, R.; Azizi, S.; Miralvand, M.R.Z.; Verification and Validation of Activity Diagrams Using Graph Transformation. Computer Technology and Development, 2009. ICCTD '09. 2009 , Page(s): 201-205.
[24] Xiaoxi Xu; Cheng-Chew Lim; Using Transfer-Resource Graph for Software-Based Verification of System-on-Chip. Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on Volume: 27, Issue: 7. 2008, Page(s): 1315 - 1328.
[25] Zhongjun Du; Zhengjun Dang; A New Algorithm Based Graph-Search for Workflow Verification. Information Engineering and Computer Science (ICIECS), 2010 2nd International Conference: 2010, Page(s): 1-3.
[26] Gorbatov V.A., Gorbatov A.V., Gorbatova M.V. Discrete mathematics.- М: High School, 2006.- 448 p.
46
R&I, 2010, N4