Meta-functional languages for hardware design and verification

The approach of embedding hardware description languages in general-purpose languages has been widely explored in the literature and has been shown to aid hardware design and verification. In this paper we explore the use of a meta-functional language reFLect as a host language for a hardware description language. We show how this approach aids the development, analysis and manipulation of embedded objects, whilst at the same time we keep meta-programming features largely invisible to the hardware designer. We illustrate the use of these techniques in supporting circuit placement techniques and automatic model checking of hardware compiler invariants.peer-reviewe

Natural Interpretation of UML/MARTE Diagrams for System Requirements Specification

International audienceTo verify embedded systems early in the design stages, we need formal ways to requirements specification which can be as close as possible to natural language interpretation, away from the lower ESL/RTL levels. This paper proposes to contribute to the FSL (Formal Specification Level) by specifying natural language requirements graphically in the form of temporal patterns. Standard modeling artifacts like UML and MARTE are used to provide formal semantics of these graphical models allowing to eliminate ambiguity in specifications and automatic design verification at different abstraction levels using these patterns

R2U2: Tool Overview

R2U2 (Realizable, Responsive, Unobtrusive Unit) is an extensible framework for runtime System HealthManagement (SHM) of cyber-physical systems. R2U2 can be run in hardware (e.g., FPGAs), or software; can monitorhardware, software, or a combination of the two; and can analyze a range of different types of system requirementsduring runtime. An R2U2 requirement is specified utilizing a hierarchical combination of building blocks: temporal formula runtime observers (in LTL or MTL), Bayesian networks, sensor filters, and Boolean testers. Importantly, the framework is extensible; it is designed to enable definitions of new building blocks in combination with the core structure. Originally deployed on Unmanned Aerial Systems (UAS), R2U2 is designed to run on a wide range of embedded platforms, from autonomous systems like rovers, satellites, and robots, to human-assistive ground systems and cockpits. R2U2 is named after the requirements it satisfies; while the exact requirements vary by platform and mission, the ability to formally reason about realizability, responsiveness, and unobtrusiveness is necessary for flight certifiability, safety-critical system assurance, and achievement of technology readiness levels for target systems. Realizability ensures that R2U2 is suficiently expressive to encapsulate meaningful runtime requirements while maintaining adaptability to run on different platforms, transition between different mission stages, and update quickly between missions. Responsiveness entails continuously monitoring the system under test, real-time reasoning, reporting intermediate status, and as-early-as-possible requirements evaluations. Unobtrusiveness ensures compliance with the crucial properties of the target architecture: functionality, certifiability, timing, tolerances, cost, or other constraints

Verification of clock constraints: CCSL Observers in Esterel

The Clock Constraint Specification Language (CCSL) has been informally introduced in the specifications of the UML Profile for Modeling and Analysis of Real-Time and Embedded systems (MARTE). In a previous report entitled ``Syntax and Semantics of the Clock Constraint Specification Language'', we equipped a kernel of CCSL with an operational semantics. In the present report we pursue this clarification effort by giving a mathematical characterization to each CCSL constructs. We also propose a systematic approach to the formal verification of CCSL constraints with dedicated Observers. A comprehensive library of Esterel modules, which supports this approach, is provided

UML/MARTE pour la spécicationd'exigences systèmes (version étendue)

To verify embedded systems early in the design stages, we need formal ways to requirements specification which can be as close as possible to natural language interpretation, away from the lower ESL/RTL levels. This paper proposes to contribute to the FSL (Formal Specification Level) by specifying natural language requirements graphically in the form of temporal patterns. Standard modeling artifacts like UML and MARTE are used to provide formal semantics of these graphical models allowing to eliminate ambiguity in specifications and automatic design verification at different abstraction levels using these patterns.Pour vérifier des systèmes embarqués tôt dans le cycle de conception, il est nécessaire de disposerde langages d'exigences aussi proche que possible de l'expression des besoins en langage naturel. Ce papier s'inscrit dans l'initiative FSL (Formal Specification Level) et propose un langage graphique, s'appuyant sur UML pour décrire des exigences formelles basées sur un ensemble de patrons temporels. Il réutilise très largement des constructions UML et MARTE et s'appuie sur la sémantique du langage CCSL pour éliminer les ambiguïtés dans les spécifications, exécuterles modèles et permettre la vérification de ces modèles au niveau système

Multi-View Power Modeling based on UML MARTE and SysML

The development of SoC involves different activities, usually driven by specialists. These specialists use specific languages and tools to manipulate their specific concepts. The problem is that the multiple views of the system are split into different tools with redundant information. It makes it difficult to ensure consistency as well as to change from one tool to another. We propose a multi-view model where each view represents the specialist concepts in a tool-agnostic manner. The model can be kept consistent by using explicit associations instead of redundancy and tool transformation can be performed to analysis-specific tools. The approach is based on UML and two of its extensions: MARTE and SysML. It is illustrated by adding specific views to specify power management techniques. The resulting model is then transformed into a tool-specific model; \ie a model for Docea Aceplorer, a power analysis tool

A Framework to Specify System Requirements using Natural interpretation of UML/MARTE diagrams

International audienceThe ever-increasing design complexity of embedded systems is constantly pressing the demand for more abstract design levels and possible methods for automatic verification and synthesis. Transforming a text-based user requirements document into semantically sound models is always difficult and error-prone as mostly these requirements are vague and improperly documented. This paper presents a framework to specify textual requirements graphically in standard modeling formalisms like uml and marte in the form of temporal and logical patterns. The underlying formal semantics of these graphical models allow to eliminate ambiguity in specifications and automatic design verification at different abstraction levels using these patterns. The semantics of these operators/patterns are presented formally as state automatons and a comparison is made to the existing ccsl relational operators. To reap the benefits of mde, a software plugin TemLoPAC is presented as part of the framework to transform the graphical patterns into ccsl and Verilog-based observers

Congruent Weak Conformance

This research addresses the problem of verifying implementations against specifications through an innovative logic approach. Congruent weak conformance, a formal relationship between agents and specifications, has been developed and proven to be a congruent partial order. This property arises from a set of relations called weak conformations. The largest, called weak conformance, is analogous to Milner\u27s observational equivalence. Weak conformance is not an equivalence, however, but rather an ordering relation among processes. Weak conformance allows behaviors in the implementation that are unreachable in the specification. Furthermore, it exploits output concurrencies and allows interleaving of extraneous output actions in the implementation. Finally, reasonable restrictions in CCS syntax strengthen weak conformance to a congruence, called congruent weak conformance. At present, congruent weak conformance is the best known formal relation for verifying implementations against specifications. This precongruence derives maximal flexibility and embodies all weaknesses in input, output, and no-connect signals while retaining a fully replaceable conformance to the specification. Congruent weak conformance has additional utility in verifying transformations between systems of incompatible semantics. This dissertation describes a hypothetical translator from the informal simulation semantics of VHDL to the bisimulation semantics of CCS. A second translator is described from VHDL to a broadcast-communication version of CCS. By showing that they preserve congruent weak conformance, both translators are verified