Integration and verification of parameterized register interfaces

Abstract. This thesis takes an in-depth look on parameterized register models, their generation and use. The aim is to discover improvements to the current method of generating parameterized register models. The thesis is divided into two halves: a practical section that consists of a study on the generation of parameterized register models, and a theory section that supports the topics gone over in the practical section. The practical section studied the generation flow and tools currently used at Nordic Semiconductor. The flow was analyzed to discover changes that would enable the generation of more flexible parameterized register models. The suggested changes were then used to generate a dynamic register model for a highly configurable intellectual property (IP) core. The register model was validated using a register test sequence and functional tests. Finally, the functionality of the generated register model was compared to a manually implemented model. In the end, the test sequences and functional tests passed without errors. The generated register model could be configured directly from the testbench without editing the model manually. This also meant that the applied configurations would not be lost even if the register model were to be regenerated. The resulting register model was significantly more flexible than the previous generated models.Parametrisoitujen rekisterirajapintojen integrointi ja verifiointi. Tiivistelmä. Tässä opinnäytetyössä tutustutaan parametrisoituihin rekisterimalleihin, niiden generointiin, ja niiden käyttöön. Tavoitteena on löytää parannuksia nykyiseen parametrisoitujen rekisterimallien generointitapaan. Opinnäytetyö on jaettu kahteen puoliskoon: käytännön osuuteen, joka koostuu parametrisoitujen rekisterimallien tutkimuksesta, ja teoreettisesta osuudesta, joka tukee käytännön osuudessa käsiteltyjä aiheita. Käytännön osuus tutki Nordic Semiconductorilla tällä hetkellä rekisterimallin generointiin käytettyjä prosesseja ja työkaluja. Niitä analysoimalla pyrittiin löytämään muutoksia, joiden avulla voisi generoida joustavampia parametrisoituja rekisterimalleja. Kyseisten muutosten avulla generoitiin sitten dynaaminen rekisterimalli IP lohkolle, joka sisältää paljon konfiguroitavia parametrejä. Generoitu malli varmennettiin rekisterien testisekvenssillä ja toiminnallisilla testeillä. Lopuksi rekisterimallin toiminnallisuutta verrattiin käsin kirjoitetun rekisterimallin toiminnallisuuteen. Testisekvenssi ja toiminnalliset testit läpäistiin simuloinnissa lopulta ilman virheitä. Generoitu rekisterimalli oli konfiguroitavissa suoraan testipenkistä, eikä sitä tarvinnut muokata manuaalisesti. Tämä tarkoitti myös sitä, että testipenkissä asetettuja konfiguraatioita ei menetetä, jos rekisterimalli generoidaan uudelleen. Lopullinen rekisterimalli oli merkittävästi joustavampi kuin aikaisemmat generoidut mallit

Procedure-modular specification and verification of temporal safety properties

This paper describes ProMoVer, a tool for fully automated procedure-modular verification of Java programs equipped with method-local and global assertions that specify safety properties of sequences of method invocations. Modularity at the procedure-level is a natural instantiation of the modular verification paradigm, where correctness of global properties is relativized on the local properties of the methods rather than on their implementations. Here, it is based on the construction of maximal models for a program model that abstracts away from program data. This approach allows global properties to be verified in the presence of code evolution, multiple method implementations (as arising from software product lines), or even unknown method implementations (as in mobile code for open platforms). ProMoVer automates a typical verification scenario for a previously developed tool set for compositional verification of control flow safety properties, and provides appropriate pre- and post-processing. Both linear-time temporal logic and finite automata are supported as formalisms for expressing local and global safety properties, allowing the user to choose a suitable format for the property at hand. Modularity is exploited by a mechanism for proof reuse that detects and minimizes the verification tasks resulting from changes in the code and the specifications. The verification task is relatively light-weight due to support for abstraction from private methods and automatic extraction of candidate specifications from method implementations. We evaluate the tool on a number of applications from the domains of Java Card and web-based application

Behavioral types in programming languages

A recent trend in programming language research is to use behav- ioral type theory to ensure various correctness properties of large- scale, communication-intensive systems. Behavioral types encompass concepts such as interfaces, communication protocols, contracts, and choreography. The successful application of behavioral types requires a solid understanding of several practical aspects, from their represen- tation in a concrete programming language, to their integration with other programming constructs such as methods and functions, to de- sign and monitoring methodologies that take behaviors into account. This survey provides an overview of the state of the art of these aspects, which we summarize as the pragmatics of behavioral types

Analyzing UVM reuse

Abstract. This thesis investigates Universal Verification Methodology’s (UVM) reuse possibilities. Initally, the object-oriented features of the UVM’s programming language SystemVerilog (SV), are introduced. Those features are one enabling factor in UVM reuse. The work also provides a brief overview to the development history of UVM and presents its properties. The structure of a conventional UVM testbench is also demonstrated. Finally, the features that make the UVM testbench more reusable are briefly introduced. In the practical part of the study, a UVM testbench is made for Nordic Semiconductor’s Introproject. The testbench was created with extensive comments so that beginners would get the most out of it. The methods that make the testbench reusable are also applied to the testbench. At the end of the practical part, the reuse possibilities of the testbench were tested by changing the Design Under Test (DUT). Modifications were made to the testbench in order to match the new features of the DUT.UVM uudelleenkäytön analysointi. Tiivistelmä. Tämä diplomityö tutkii Universaalin varmennusmenetelmän (UVM) uudelleenkäyttömahdollisuuksia. Aluksi UVM:n ohjelmointikielen, SystemVerilogin olio-ohjelmointipohjaisia ominaisuuksia käydään läpi. Nämä ominaisuudet ovat yksi mahdollistava tekijä UVM uudelleenkäytössä. Työssä tehdään lisäksi lyhyt katsaus UVM:n kehityshistoriaan ja esitellään myös sen ominaisuudet sekä tavanomaisen UVM-testipenkin rakenne. Lopuksi esitellään lyhyesti ominaisuuksia, jolla saa tehtyä UVM testipenkistä paremmin uudelleenkäytettävän. Työn käytännön osuudessa tehdään UVM-testipenkki Nordic Semiconductorin Introprojektiin. Testipenkki tehtiin laajasti kommentoimalla, jotta aloitteleva testipenkin tekijä saa siitä mahdollisimman paljon irti. Testipenkin tekemisessä käytettiin myös menetelmiä, joita esiteltiin aiemmassa teoriakappaleessa. Käytännön osuuden lopuksi testattiin testipenkin uudelleenkäyttöä muuttamalla testissä olevaa komponenttia. Testipenkkiin tehtiin muutokset, jolla se saatiin taas vastaamaan komponentin tarpeita

Safety analysis of software product lines using state-based modeling and compositional model checking

Software product lines are widely used due to their advantageous reuse of shared features while still allowing optional and alternative features in the individual products. In high-integrity product lines such as pacemakers, flight control systems, and medical imaging systems, ensuring that common and variable safety requirements hold as each new product is built or existing products are evolved is key to the safe operations of those systems. However, this goal is currently hampered by the complexity of identifying the interactions among common and variable features that may undermine system safety. This is largely due to (1) the fact that the available safety analysis techniques lack sufficient support for analyzing the combined effects of different features, and (2) existing techniques for identifying feature interactions do not adequately accommodate the presence of common features and results in repeated checking across different products. The work described here addresses the first problem by systematically exploring the relationships between behavioral variations and potential hazardous states through scenario guided executions of the state model over the variations. It contributes to a solution to the second problem by generating formal obligations at the interfaces between features, so that sequentially composed features can be verified in a way that allows reuse for subsequent products. The main contributions of this work are an approach to perform safety analysis on the variations in a product line using state-based modeling, a tool-supported technique that guides and manages the generation of model-checkable properties from product-line requirements, and a formal framework for model checking product-line features that removes restrictions on how the features can be sequentially composed. The techniques and their implementations are demonstrated in the context of a medical-device product line

Serfs: Dynamically-Bound Parameterized Components

Parameterization is an effective technique for decoupling design decisions in software. Several languages such as C++ and Ada (and Java and C# more recently) offer language constructs for building parameterized software. Using template or generic constructs, one can postpone committing to specific design choices until the software system is ready for deployment. However, in cases where such choices are influenced by the execution environment, deployment time may not be late enough. Moreover, in the context of software systems that have to satisfy high availability constraints, or are long-running, changes in design choices may be warranted even after deployment. In this paper, we present a design pattern-based methodology for building parameterized components that support dynamic binding of parameters. Moreover, the methodology also supports dynamic re-binding of parameters in the event that such online change is required