Sugar 2.0 Formal Specification Language D ana F isman 1,2 Cindy Eisner 1 1 IBM Haifa Research...

Sugar 2.0Sugar 2.0

Formal Specification LanguageFormal Specification Language

Sugar 2.0Sugar 2.0

Formal Specification LanguageFormal Specification Language

DDana ana FFismanisman1,21,2 Cindy EisnerCindy Eisner1 1

11IBM Haifa Research Laboratory IBM Haifa Research Laboratory

22Weizmann Institute of Science Weizmann Institute of Science

2Dana FismanCindy Eisner

Sugar2.0

Sugar 2.0Sugar 2.0 is a formalism to is a formalism to reason about reason about behavior over timebehavior over timeUses of Sugar:

For documentation: easy to read, yet precise specificationInput to formal verification tools (model checker, theorem prover)Input to simulation tools (source of automatically generated monitors )


GoalsGoals (in designing the language)(in designing the language)

easyeasy to learn, read and write

mathematically precisemathematically precise rigorously well defined formal syntax and semantics

sufficiently expressiveexpressive permitting the specification of a large class of “real” worlddesign properties

known efficient underlying algorithmsalgorithms in simulationin model checking (with reasonable complexity)


History1994

Syntactic sugaring of CTL for RuleBase model checker1995

Addition of regular expressions1997

Automatic generation of simulation monitors

2001Move to linear (LTL-based) semantics

2002Selected by Accellera for IEEE standardization

Sugar 1.0

Sugar 2.0


Track RecordTrack Record (Sugar 1.0)

IBM products:Main Frame line (S/390)Mid-range line (AS/400)Workstation line (RS/6000)PC line (Netfinity)Super Computers (ASCI)ASIC/OEM business

External licenseesUniversity program


Structure of Sugar

Boolean layerUsed to reason about statesstates of the design

Temporal layerUsed to reason about behaviorbehavior of the design over timetime

Modeling layerUsed to model auxiliary auxiliary state variables and state machines

Verification layerDirectivesDirectives to the verification tool:


Structure of Sugar

Boolean layerUsed to reason about statesstates of the design

Temporal layerUsed to reason about behaviorbehavior of the design over timetime

Modeling layerUsed to model auxiliary auxiliary state variables and state machines

Verification layerDirectivesDirectives to the verification tool:

Sugar comes in three flavors:

Verilog/VHDL/EDL


The Temporal Layer

Boolean ExpressionsBoolean Expressionsexpressions evaluated over a single state

Sugar Extended Regular Expressions (SERE) Sugar Extended Regular Expressions (SERE) expressions evaluated over a bounded sequence ofstates

Sugar Foundation LanguageSugar Foundation Languageexpressions evaluated over finite or infinite sequenceof states

Optional Branching Extension (OBE)Optional Branching Extension (OBE)expression evaluated over infinite trees of states(relevant for formal verification only)

s

s1 s2 s3 s4

s1 s2 s3 s4 …s5 s6 s7


The Temporal Layer

Boolean ExpressionsBoolean Expressions




s

s1 s2 s3 s4

s1 s2 s3 s4 …s5 s6 s7


The Temporal Layer


Sugar Extended Regular Expressions (SERE)Sugar Extended Regular Expressions (SERE) expressions evaluated over a bounded sequence ofstates



s

s1 s2 s3 s4

s1 s2 s3 s4 …s5 s6 s7


The Temporal Layer





s

s1 s2 s3 s4

s1 s2 s3 s4 …s5 s6 s7

……

… …

…


The Temporal Layer


Sugar Extended Regular Expressions (SERE) Sugar Extended Regular Expressions (SERE)

Sugar Foundation LanguageSugar Foundation Language

Optional Branching Extension (OBE)Optional Branching Extension (OBE)

s

s1 s2 s3 s4

s1 s2 s3 s4 …s5 s6 s7

……

… …

…

Build

ing B

lock

s (a

tom

s)Pro

pert

ies


The Temporal Layer


Sugar Extended Regular Expressions (SERE) Sugar Extended Regular Expressions (SERE)

Sugar Foundation LanguageSugar Foundation LanguageTemporal formulas where the atoms are atoms are BooleansBooleansTemporal formulas where the atoms are atoms are SEREsSEREsTemporal formulas where the atoms are atoms are BooleansBooleans and/or and/or SEREsSEREs

Optional Branching Extension (OBE)Optional Branching Extension (OBE)

Build

ing B

lock

s (a

tom

s)Pro

pert

ies


SEREs – Example1

A SERE describes a set of sequences of

states (which we represent using timing

diagrams)

This diagram is described by

the SERE


SEREs – Example1

This diagram is also described by the

SERE


SEREs – Example1

If we want to describe only this diagram we have to change the

SERE


2SEREs – Example


2SEREs – Example

signal holds 4

times


3SEREs – Example

signal holds any number of

times between

3 to 5

signal holds any number of

times


Examples

Until now we saw examples for SEREs, which are not properties on their own, but rather building blocks of propertiesWe will now see examples of properties composed from the SERE building blocks


Examples – Properties

The suffixsuffix implicationimplication operator

ifif the path starting nowstarting now matches

thenthen its continuationcontinuation should match


Properties – Example1

if then

But the property makes a requirement only for that holds at the very first cycle

Add to the beginning of the first SERE



Now the property makes a requirement

for every no matter the cycles

where it holds

Note that the requirement is made

for more than one (the first)

if then



if then

if then

Overlapping is also possible!



if then

ifthen



if then

But what if data does not

hold in contiguous

cycles?

Use instead of



if then

1 2 3 4 5 6 7 8

But what if the signals are only sampled when

holds?

Apply to the entire

property



ifthen

Now the property is

evaluated only on the cycles

where the holds



ifthen


1 3


ifthen

2


Expressiveness

TheoryTheory

At least as expressive as At least as expressive as LTL CTL regular expressions

PracticePracticeAll properties suggested by FVTC of Accellera areAll properties suggested by FVTC of Accellera are

concisely and intuitively expressible in Sugar concisely and intuitively expressible in Sugar


Implementation

Sugar has a core of operators which determine its expressive powerOther operators are syntactic sugaring (abbreviations) of the core operatorsA tool needs to implement

Only the core operatorsMacro expansion of the syntactic sugaring operators


Implementation (of the core)

Any SugarSugar property can be reduced to an LTLLTL or CTLCTL property using auxiliary state state machinesmachines.CTLCTL and LTLLTL have known model checking algorithms.For simulation we consider the subset that can be verified on-the-flyon-the-fly. For this subset there are simple transformation rulessimple transformation rules that transform the formula to a state machinestate machine describing all possible counter examples.


Sugar Home Page

More information available on the sugar home page at:

Complete definitionTutorialSugar parserFormal syntax and semanticsMore …

www.haifa.il.ibm.com/projects/verification/sugar/index.html

Date post:	26-Mar-2015
Category:	Documents
Upload:	anthony-emery
View:	224 times
Download:	3 times

Sugar 2.0 Formal Specification Language D ana F isman 1,2 Cindy Eisner 1 1 IBM Haifa Research...

Documents