Compositional correctness of IP-based system design: Translating C/C Models into SIGNAL Processes

1
Compositional correctness of IP-based system
designTranslating C/C Models into SIGNAL
Processes
Rennes, November 04, 2005
Hamoudi Kalla and Jean-Pierre Talpin Espresso Team
2
Outline

• Introduction
• Preliminaries
• Translating C/C Models into SIGNAL Processes
• Principles
• Example
• Implementation
• Conclusion and Future works

3
Introduction
C/C System Design Validation

• Simulators and test tools
• They may not cover all design errors
• We need formal verification to ensure the
  quality of system designs ? we need formal
  models

4
System Design Validation Using Formal Models
Our Methodology
C/C Models
automatic translation
Formal Models SIGNAL processes
5
Preliminaries

• Control Data-Flow Graph (CDFG)
• Single Statement Assignment (SSA)

6
Preliminaries
Control Data Flow Graph

• Represents a procedure or a program as a
  directed graph G(V, E), where the set V
  represents control flow nodes and E represents
  jumps in the control flow

• Control Flow nodes are Basic blocks, Test
  blocks, and Join Blocks

7
Preliminaries
Control Data Flow Graph Nodes
int example(int a, int b, int c) int x, y,
z, result y a b z a c if
(ygtz) x y z else x z y result x
a return result
C/C program
CDFG
8
Preliminaries
Control Data Flow Graph Nodes

• Basic Blocks (BB) are instructions without any
  jumps.
• Test blocks (T) describe conditional branching
  expressions.
• Join blocks (J) represent the end of conditional
  branches.

CDFG
9
Preliminaries
Single Statement Assignment (SSA) Form

• SSA is a form of Control Data Flow Graph that
  allows optimizations to be done efficiently and
  easily

• In SSA, every variable receives exactly one
  assignment during its lifetime

x a b x a c
x1 a b x2 a c
SSA
10
Preliminaries
Single Statement Assignment (SSA) Form
its associated Static Single Assignment form
Control Data Flow Graph
11
Translating C/C Models into SIGNAL Processes
C/C Models
GCC
?
SIGNAL processes
12
Translating C/C Models into SIGNAL Processes
C/C Models
functions
f1, , fn
f1 ? SSA1
GCC

?
fn ? SSAn
SSA1? process1


SSAn? processn
SIGNAL processes
13
Translating C/C Models into SIGNAL Processes
Principle
Encode nodes, edges, assignment statement,
conditional branching, and ? function
Function f(SSA)
Process f(SIGNAL)
14
Translating C/C Models into SIGNAL Processes
Encoding SSA Nodes (blocks)
Boolean BB1, T2, BB2, BB3, J1, BB4
x
Instants
t1 t2
t3 t4 t5 BB1
true false false
false false T2
false true false false
false BB2 false
false true false false
BB3 false false
false true false J1
false false false
false true BB4
false false false false true

blocks
15
Translating C/C Models into SIGNAL Processes
Encoding SSA Edges for Basic and Test blocks
B1
B2 true when pre_B1 default false
pre_B1 B1 init false
B2
t1 t2
t3 t4 t5 B1
true false false false
false pre_B1 false true
false false false B2
false true false false
false
16
Translating C/C Models into SIGNAL Processes
Encoding SSA Edges for Join blocks
B1
B2
J1 true when pre_B1 default
true when pre_B2 default false
J1
t1 t2
t3 t4 t5 pre_B2
false true false false
false pre_B1 false false
false false false J1
false false true false
false
17
Translating C/C Models into SIGNAL Processes
Encoding Assignment Statement
B1
x1 ( y1 z1 ) when B1 default x1

X1 y1 z1
t1 t2
t3 t4 t5 B1
false true false
false false false Pre_B1
false false true
false false false x1
0 5 5
5 5 5 y1
2 2 2
2 2 2 z1
3 3
3 3 3 3
18
Translating C/C Models into SIGNAL Processes
Encoding Conditional Branching Statement
T1
test1 (xgty) when T1default false
pre_test1 test1 init false
If (xgty) goto B1 else goto B2
B1 true when pre_test1
when pre_T1 default false B2 true
when not pre_test1 when
pre_T1 default false
B1
B2
t1 t2
t3 t4 t5 T1
false true false false
false pre_T1 false
false true false false
Test1 false true false
false false pre_test1
false false true false false
B1 false false
true false false B2
false false false false
false
19
Translating C/C Models into SIGNAL Processes
Encoding ? Function
B1
B2
X2
X1
x3 x1 when pre_B1 default x2
J1
X3 ?(x1,x2)
B3
Y x3
20
Translating C/C Models into SIGNAL Processes
Encoding Loop Statement Blocks
B0

test1 (xgty) when T1default false
pre_test1 test1 init false
J1

T1
T1 true when pre_B0 default
true when pre_B1 default false
If (xgty) goto B1 else goto B2
B1 true when pre_test1
when pre_T1 default false
B1

B2
B2 true when not pre_test1
when pre_T1 default false

21
Translating C/C Models into SIGNAL Processes
Encoding Loop Statement statements
B0
i1 1 when B0 default i1
i1 1
J1
i2 i1 when pre_B0 default i3
i2 ?(i1,i3)
T1
If (i2lt10) goto B1 else goto B2
B1
i3 i2 1 when pre_B1 default i3
i3 i2 1
B2

22
Translating C/C Models into SIGNAL Processes
Encoding pointers (1)
B0
X 10
T1
x 10 if (T) p x else p
y z p
SSA
If (T) goto B1 else goto B2
B1
B2
p1 x
p2 y
J1
p3 ?(p1,p2)
B3
z p3
23
Translating C/C Models into SIGNAL Processes
Encoding pointers (2)
p1 (p1_tag,p1_star) p1_tag 0 ? p1
x p1_star x
B0
X 10
T1
p2 (p2_tag,p2_star) p2_tag 1 ? p2
y p2_star y
If (T) goto B1 else goto B2
B1
B2
p3 (p3_tag,p3_star) p3_tag p1_tag U p2_tag
p1 x
p2 y
J1
p3_star ? (p1_start,p2_star)
p3 ?(p1,p2)
p3_star x when (p3_tag0)
default y when (p3_tag1)
B3
z p3
z p3_start when B3
24
Translating C/C Models into SIGNAL Processes
Implementation
25
Conclusion and Future Works

• A methodology to validate C/C system design

• it automatically creates formal models from C/C
  system models,
• it is based on the internal representation SSA of
  GCC and uses the synchronous language SIGNAL as a
  formal platform.

• Extend this work in order to
• encode arrays, pointers and functions calls,
• remove global synchronisation,
• reduce the number of variables/signals.