sugar 2.0 formal specification language
DESCRIPTION
Sugar 2.0 Formal Specification Language. D ana F isman 1,2 Cindy Eisner 1 1 IBM Haifa Research Laboratory 2 Weizmann Institute of Science . Sugar2.0. Sugar 2.0 is a formalism to reason about behavior over time Uses of Sugar: - PowerPoint PPT PresentationTRANSCRIPT
Sugar 2.0Sugar 2.0Formal Specification LanguageFormal Specification Language
DDana ana FFismanisman1,21,2 Cindy EisnerCindy Eisner1 1
11IBM Haifa Research Laboratory IBM Haifa Research Laboratory
22Weizmann Institute of Science Weizmann Institute of Science
2
Dana FismanCindy Eisner
Sugar2.0
Sugar 2.0Sugar 2.0 is a formalism to is a formalism to reason about reason about behavior over timebehavior over timeUses of Sugar:
For documentation: easy to read, yet precise specificationInput to formal verification tools (model checker, theorem prover)Input to simulation tools (source of automatically generated monitors )
3
Dana FismanCindy Eisner
GoalsGoals (in designing the language)(in designing the language)
easyeasy to learn, read and writemathematically precisemathematically precise rigorously well defined formal syntax and semantics
sufficiently expressiveexpressive permitting the specification of a large class of “real” worlddesign properties
known efficient underlying algorithmsalgorithms in simulationin model checking (with reasonable complexity)
4
Dana FismanCindy Eisner
History1994
Syntactic sugaring of CTL for RuleBase model checker1995
Addition of regular expressions1997
Automatic generation of simulation monitors
2001Move to linear (LTL-based) semantics
2002Selected by Accellera for IEEE standardization
Sugar 1.0
Sugar 2.0
5
Dana FismanCindy Eisner
Track RecordTrack Record (Sugar 1.0)
IBM products:Main Frame line (S/390)Mid-range line (AS/400)Workstation line (RS/6000)PC line (Netfinity)Super Computers (ASCI)ASIC/OEM business
External licenseesUniversity program
6
Dana FismanCindy Eisner
Structure of SugarBoolean layerUsed to reason about statesstates of the design
Temporal layerUsed to reason about behaviorbehavior of the design over timetimeModeling layerUsed to model auxiliary auxiliary state variables and state machines Verification layerDirectivesDirectives to the verification tool:
7
Dana FismanCindy Eisner
Structure of SugarBoolean layerUsed to reason about statesstates of the design
Temporal layerUsed to reason about behaviorbehavior of the design over timetimeModeling layerUsed to model auxiliary auxiliary state variables and state machines Verification layerDirectivesDirectives to the verification tool:
Sugar comes in three flavors:
Verilog/VHDL/EDL
8
Dana FismanCindy Eisner
The Temporal LayerBoolean ExpressionsBoolean Expressionsexpressions evaluated over a single stateSugar Extended Regular Expressions (SERE) Sugar Extended Regular Expressions (SERE) expressions evaluated over a bounded sequence ofstatesSugar Foundation LanguageSugar Foundation Languageexpressions evaluated over finite or infinite sequenceof statesOptional Branching Extension (OBE)Optional Branching Extension (OBE)expression evaluated over infinite trees of states(relevant for formal verification only)
s
s1 s2 s3 s4
s1 s2 s3 s4 …s5 s6 s7
9
Dana FismanCindy Eisner
The Temporal LayerBoolean ExpressionsBoolean Expressions Sugar Extended Regular Expressions (SERE) Sugar Extended Regular Expressions (SERE) expressions evaluated over a bounded sequence ofstatesSugar Foundation LanguageSugar Foundation Languageexpressions evaluated over finite or infinite sequenceof statesOptional Branching Extension (OBE)Optional Branching Extension (OBE)expression evaluated over infinite trees of states(relevant for formal verification only)
s
s1 s2 s3 s4
s1 s2 s3 s4 …s5 s6 s7
10
Dana FismanCindy Eisner
The Temporal LayerBoolean ExpressionsBoolean Expressions Sugar Extended Regular Expressions (SERE)Sugar Extended Regular Expressions (SERE) expressions evaluated over a bounded sequence ofstatesSugar Foundation LanguageSugar Foundation Languageexpressions evaluated over finite or infinite sequenceof statesOptional Branching Extension (OBE)Optional Branching Extension (OBE)expression evaluated over infinite trees of states(relevant for formal verification only)
s
s1 s2 s3 s4
s1 s2 s3 s4 …s5 s6 s7
11
Dana FismanCindy Eisner
The Temporal LayerBoolean ExpressionsBoolean Expressions Sugar Extended Regular Expressions (SERE) Sugar Extended Regular Expressions (SERE) expressions evaluated over a bounded sequence ofstatesSugar Foundation LanguageSugar Foundation Languageexpressions evaluated over finite or infinite sequenceof statesOptional Branching Extension (OBE)Optional Branching Extension (OBE)expression evaluated over infinite trees of states(relevant for formal verification only)
s
s1 s2 s3 s4
s1 s2 s3 s4 …s5 s6 s7
……
… ……
12
Dana FismanCindy Eisner
The Temporal LayerBoolean ExpressionsBoolean Expressions
Sugar Extended Regular Expressions (SERE) Sugar Extended Regular Expressions (SERE)
Sugar Foundation LanguageSugar Foundation Language
Optional Branching Extension (OBE)Optional Branching Extension (OBE)
s
s1 s2 s3 s4
s1 s2 s3 s4 …s5 s6 s7
……
… ……
Build
ing
Bloc
ks
(ato
ms)
Prop
ertie
s
13
Dana FismanCindy Eisner
The Temporal LayerBoolean ExpressionsBoolean Expressions
Sugar Extended Regular Expressions (SERE) Sugar Extended Regular Expressions (SERE)
Sugar Foundation LanguageSugar Foundation LanguageTemporal formulas where the atoms are atoms are BooleansBooleansTemporal formulas where the atoms are atoms are SEREsSEREsTemporal formulas where the atoms are atoms are BooleansBooleans and/or and/or SEREsSEREs
Optional Branching Extension (OBE)Optional Branching Extension (OBE)
Build
ing
Bloc
ks
(ato
ms)
Prop
ertie
s
14
Dana FismanCindy Eisner
SEREs – Example1
A SERE describes a set of sequences of
states (which we represent using timing
diagrams)
This diagram is described by
the SERE
15
Dana FismanCindy Eisner
SEREs – Example1
This diagram is also described by the
SERE
16
Dana FismanCindy Eisner
SEREs – Example1
If we want to describe only this diagram we have to change the
SERE
17
Dana FismanCindy Eisner
2SEREs – Example
18
Dana FismanCindy Eisner
2SEREs – Example
signal holds 4
times
19
Dana FismanCindy Eisner
3SEREs – Example
signal holds any number of
times between 3 to 5
signal holds any number of
times
20
Dana FismanCindy Eisner
Examples
Until now we saw examples for SEREs, which are not properties on their own, but rather building blocks of propertiesWe will now see examples of properties composed from the SERE building blocks
21
Dana FismanCindy Eisner
Examples – Properties
The suffixsuffix implicationimplication operator
ifif the path starting nowstarting now matches thenthen its continuationcontinuation should match
22
Dana FismanCindy Eisner
Properties – Example1
if then
But the property makes a requirement only for that holds at the very first cycle
Add to the beginning of the first SERE
23
Dana FismanCindy Eisner
Properties – Example1
Now the property makes a requirement
for every no matter the cycles
where it holds
Note that the requirement is made
for more than one (the first) if then
24
Dana FismanCindy Eisner
Properties – Example1
if then
if then
Overlapping is also possible!
25
Dana FismanCindy Eisner
Properties – Example1
if then
if then
26
Dana FismanCindy Eisner
Properties – Example2
if then
But what if data does not
hold in contiguous
cycles?
Use instead of
27
Dana FismanCindy Eisner
Properties – Example2
if then
1 2 3 4 5 6 7 8
But what if the signals are only sampled when
holds?
Apply to the entire
property
28
Dana FismanCindy Eisner
Properties – Example2
if then
Now the property is
evaluated only on the cycles
where the holds
29
Dana FismanCindy Eisner
Properties – Example2
if then
30
Dana FismanCindy Eisner
1 3
Properties – Example2
if then
2
31
Dana FismanCindy Eisner
Expressiveness
TheoryTheoryAt least as expressive as At least as expressive as
LTL CTL regular expressions
PracticePracticeAll properties suggested by FVTC of Accellera areAll properties suggested by FVTC of Accellera areconcisely and intuitively expressible in Sugar concisely and intuitively expressible in Sugar
32
Dana FismanCindy Eisner
Implementation Sugar has a core of operators which determine its expressive powerOther operators are syntactic sugaring (abbreviations) of the core operatorsA tool needs to implement
Only the core operatorsMacro expansion of the syntactic sugaring operators
33
Dana FismanCindy Eisner
Implementation (of the core)
Any SugarSugar property can be reduced to an LTLLTL or CTLCTL property using auxiliary state state machinesmachines.CTLCTL and LTLLTL have known model checking algorithms.For simulation we consider the subset that can be verified on-the-flyon-the-fly. For this subset there are simple transformation rulessimple transformation rules that transform the formula to a state machinestate machine describing all possible counter examples.
34
Dana FismanCindy Eisner
Sugar Home PageMore information available on the sugar home page at:
Complete definitionTutorialSugar parserFormal syntax and semanticsMore …
www.haifa.il.ibm.com/projects/verification/sugar/index.html