Using Cycle-Accurate Contract Specifications for Testing Hardware Models Alexander Kamkin Institute for System Programming of RAS [email protected].

Using Cycle-Accurate Contract Specifications for Testing Hardware Models

Alexander KamkinInstitute for System Programming of RAS

[email protected]

Microsoft Research & Institute for System Programming of RAS Joint Workshop 2 of 2420 June, 2009

Problem Domain

Hardware is designed using special-purpose languages, like Verilog and VHDL

Testing of hardware models (simulation-based verification) is the main approach to hardware verification

To automate simulation-based verification, formal specifications are needed

What kind of specifications are good for testing of hardware models?

Microsoft Research & Institute for System Programming of RAS Joint Workshop 3 of 2420 June, 2009

Levels of Testing

lui s1, 0x2779

ori s1, s1, 0xc8b9

lui s3, 0x4ee

ori s3, s3, 0xf798

add v0, a0, a2

sub t1, t3, t5

add t7, s1, s3

Core-Level TestingUnit-Level Testing

Model of a microprocessor is tested as a whole

with the help of test programs

Model of a particular unit is tested

via inputs and outputs signals

Microsoft Research & Institute for System Programming of RAS Joint Workshop 4 of 2420 June, 2009

Synchronous Designs

Time

Clock Pulse

Other Signals

…

… Cyc

le 1

Cyc

le 2

Cyc

le 3

Microsoft Research & Institute for System Programming of RAS Joint Workshop 5 of 2420 June, 2009

Pipelined Designs Overlapping

Operation A

Time

Clock Pulse

Execution of A Stage A1 Stage A2

Operation B

Execution of B Stage B2 Stage B1

…

Microsoft Research & Institute for System Programming of RAS Joint Workshop 6 of 2420 June, 2009

Classical Contract Specifications

pre(input)

output = operation(input)

post(intput, output)

If an environment meets the precondition, then the component must guarantee the postcondition

Microsoft Research & Institute for System Programming of RAS Joint Workshop 7 of 2420 June, 2009

Cycle-Accurate Contract Specifications Operations Contracts of stages Contracts of

operations

A1

…

AN

…

A1

…

AN

…

Operation Contracts of stages Contract of

operation

A1

…

AN

pre(A, 1)post(A, 1)

pre(A, N)post(A, N)

…

pre(A)

Microsoft Research & Institute for System Programming of RAS Joint Workshop 8 of 2420 June, 2009

Idea of the Method

post(A, 2) post(B, 1)

Operation A

Operation B

A1 A2 … AN

B1 B2 … BN

Time

Test Oracle

1 2 3 …

Microsoft Research & Institute for System Programming of RAS Joint Workshop 9 of 2420 June, 2009

FSM Model of Pipeline

{(x, 1)} (1)

State’ = {(xi, si) | pre(xi, si) = false} (2)

{(xi, si + 1) | pre(xi, si) = true  si < L(xi)} (3)

State

{(xi, si)}State’

?

Stimulus

x

Microsoft Research & Institute for System Programming of RAS Joint Workshop 10 of 2420 June, 2009

FSM Transition

A1 A2 … AL(A)

B1 B2 … BL(B)

C1 C2 … CL(C)

……D

D1 D2 … DL(D)

E

Stimulus

State

Microsoft Research & Institute for System Programming of RAS Joint Workshop 11 of 2420 June, 2009

Checking Correctness

Test Oracle = { post(xi, si) | pre(xi, si) = true }

✕

Passed or failed?

State

{(xi, si)}State’

?

Stimulus

Microsoft Research & Institute for System Programming of RAS Joint Workshop 12 of 2420 June, 2009

Test Oracle

A1 A2 … AL(A)

B1 B2 … BL(B)

C1 C2 … CL(C)

……D

D1 D2 … DL(D)

E

Stimulus

State

Test Oracle

Microsoft Research & Institute for System Programming of RAS Joint Workshop 13 of 2420 June, 2009

A

B

C

Branching and Other Features

— stage

— branch

— fork

— join

Microsoft Research & Institute for System Programming of RAS Joint Workshop 14 of 2420 June, 2009

Test Coverage Definition

Test situations Interesting situations for individual operations

Branches of functionalityExceptions

Dependencies Usage of shared resources

Register dependencies Address dependencies

Microsoft Research & Institute for System Programming of RAS Joint Workshop 15 of 2420 June, 2009

FSM with Coverage Information

x [Situation, Dependencies]

Test situation

Set of dependencies

State{(xi[Si, Di], si)}

State’{…}

Microsoft Research & Institute for System Programming of RAS Joint Workshop 16 of 2420 June, 2009

Test Sequence Generation

Irredundant algorithms of FSM traversal

FSM is deterministic Dependencies determine pipeline interlocks

FSM has strongly connected state graph There are no deadlocks between operations

Microsoft Research & Institute for System Programming of RAS Joint Workshop 17 of 2420 June, 2009

Irredundant Algorithms

PreState

B

C

D

?CurrentState

Known sub-FSM

Known sub-FSM

A

E

F

?G

H

Microsoft Research & Institute for System Programming of RAS Joint Workshop 18 of 2420 June, 2009

Tool Support

The approach is integrated into the CTESK tool from the UniTESK toolkit

To simplify creation of specifications and tests for pipelined units using CTESK, library PIPE is developed

http://www.unitesk.com

Microsoft Research & Institute for System Programming of RAS Joint Workshop 19 of 2420 June, 2009

Case Studies

MIPS64-compatible microprocessor

TLB (translation lookaside buffer)L2 cache (directed-mapped memory cache)

Microsoft Research & Institute for System Programming of RAS Joint Workshop 20 of 2420 June, 2009

Case Studies Summary

Characteristic TLB L2

Size of implementation,

lines of code3500 3000

Number of operations 5 6

Labor costs, man-months 2.5 4

Size of specifications and tests, lines of code 3500 4700

Number of found bugs 10 4

Microsoft Research & Institute for System Programming of RAS Joint Workshop 21 of 2420 June, 2009

Future Directions

SystemC and SystemVerilog languages

OVM (Open Verification Methodology)

http://www.ovmworld.org

Microsoft Research & Institute for System Programming of RAS Joint Workshop 22 of 2420 June, 2009

Conclusion

The contract-based approach to testing of hardware designs is introduced

The approach allows to describe complex digital hardware with pipelining, interlocks, branching, etc.

The approach has been successfully applied to several units of MIPS64-compatible microprocessor

Microsoft Research & Institute for System Programming of RAS Joint Workshop 23 of 2420 June, 2009

Contacts

Institute for System Programming of RAS (ISPRAS)http://www.ispras.ru

Hardware Verification R&D @ ISPRAShttp://hardware.ispras.ru

Alexander [email protected]

Microsoft Research & Institute for System Programming of RAS Joint Workshop 24 of 2420 June, 2009

Thank You!Questions?