Presentation is loading. Please wait.

Presentation is loading. Please wait.

Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop.

Similar presentations


Presentation on theme: "Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop."— Presentation transcript:

1 Workshop - November Toulouse

2 Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop - November 20112

3 Plan Overview & Safety Requirements PSL Standard & ISIS Tools Safety Monitors Integration Conclusion Workshop - November 20113

4 Requirement traceability Socket Design Flow 18/11/2011 C/C++/ASM System requirements Global SoC spec. SW Performance validation Functionality + timing Instruction Set Simulator Device execution Metrics Co-simulation/Co-emulation SoC Architecture Functional validation Functionality SoftwareSoftware Header generation Platform assembly

5 18/11/2011 Global SoC spec. SoC Architecture Functional validation C/C++/ASM Functionality System requirements Platform assembly SoftwareSoftware Metrics Header generation SW Performance validation Functionality + timing Instruction Set Simulator MetricsCo-simulation/Co-emulation Device execution Requirement traceability Socket Design Flow

6 Safety Requirements and Virtual Platform 18/11/2011 Check Req SDF SystemC Model Check Req SDF SystemC Model SpécificationSpécification Req SDF PSL ISISISIS TLM SystemC Model Hardware Virtual Platform Check Req SDF SystemC Model Check Req SDF SystemC Model Req SDF PSL Req SDF

7 Timed DMAs Timed DMAs Proc. DSP Mem. DATA Mem. DATA Mem. CODE Mem. CODE ANI ANO DSI DSO MS SSS AHB Safety requirements : Goals Identify and experiment methods and tools, in order to check if platform design, respects functional safety requirement Example : CoeffMem Workshop - November F3 - DSP function F l i p, F l o p M e m A N I e n g i n e A N O e n g i n e D S I O e n g i n e D i Ai D o C o e f M e m D o A H B S A H B S Do Di Ai DSAIR Chain ANO DSI/DSO Di Ai Di Ai RAM config ANI RAM local CoefMem memory => data needed to process analog inputs (ANI). Those data represent digital filter coefficients and analog input calibration coefficients Data are loaded from flash memory at reset Safety: Data integrity checking needed (SEU) Safety: Data integrity checking needed (SEU) CoefMem memory => data needed to process analog inputs (ANI). Those data represent digital filter coefficients and analog input calibration coefficients Data are loaded from flash memory at reset Safety: Data integrity checking needed (SEU) Safety: Data integrity checking needed (SEU)

8 Safety requirements : CoeffMem Workshop - November R1 : E_HRD_TS_IP_1441-New CoefMem memory must be protected by a checksum monitoring. #EndText #Allocate HW R2 : E_HRD_TS_IP_1442-New CoefMem memory monitoring shall be implemented in cycle (cycle period less than 100ms). #EndText #Allocate HW #Allocate SW R3 : E_HRD_TS_IP_1443-New When an error is detected on content of CoefMem memory by checksum monitoring, the SoC shall be turned in SoC_FAULT state. #EndText #Allocate SW

9 Plan Overview & Safety Requirements PSL Standard & ISIS Tools Safety Monitors Integration Conclusion Workshop - November 20119

10 PSL formalization Illustration on the third requirement: R3: When a checksum error is detected, the DSP function must be deactivated (within LIMIT ms) Disambiguation "Checksum error is detected" ? The bit number 1 of the STATUS register of the DSP unit equals 1 "DSP function is deactivated" ? A 0 is written in bit number 0 of the COMMAND register of the DSP unit Workshop - November

11 PSL "Modeling layer" The bit number 1 of the STATUS register equals 1 A 0 is written in bit number 0 of the COMMAND register Workshop - November if (tsiptarget.b_transport_END() && (dsptarget.b_transport.p1.is_read()) && (dsptarget.b_transport.p1.get_address() == address_STATUS) && (*(unsigned int *)(dsptarget.b_transport.p1.get_data_ptr()) & 0x2)) error = true; else error = false; if (dsptarget.b_transport_CALL() && (dsptarget.b_transport.p1.is_write()) && (dsptarget.b_transport.p1.get_address() == address_COMMAND) && !(*(unsigned int *)(dsptarget.b_transport.p1.get_data_ptr()) & 0x1)) deactivation = true; else deactivation = false;

12 PSL assertion Every time error occurs, the next access to the DSP must be a deactivation and less than LIMIT ms must have elapsed Workshop - November always(error => next_event!(dsptarget.b_transport_CALL()) (deactivation && ((sc_time_stamp()- time) <= limit))) updated on each error

13 Complete assertion for ISIS Workshop - November bool deactivactivation=false, error=false; sc_time limit(LIMIT, SC_MS); sc_time time(0, SC_MS); if (dsptarget.b_transport_END() && (dsptarget.b_transport.p1.is_read()) && (dsptarget.b_transport.p1.get_address() == address_STATUS) && (*(unsigned int *)(dsptarget.b_transport.p1.get_data_ptr()) & 0x2)) error = true; else error = false; if (dsptarget.b_transport_CALL() && (dsptarget.b_transport.p1.is_write()) && (dsptarget.b_transport.p1.get_address() == address_COMMAND) && !(*(unsigned int *)(dsptarget.b_transport.p1.get_data_ptr()) & 0x1)) deactivation = true; else deactivation = false; if (error) time = sc_time_stamp(); assert always(error => next_event!(dsptarget.b_transport_CALL()) (deactivation && ((sc_time_stamp()-time) <= limit)));

14 ISIS monitors Workshop - November ISIS SystemC platform int sc_main(int argc, char *argv[]) { generic_noc generic_noc_inst_ memory memory_inst_0("mem eu_pool eu_pool_inst_0("eu_p eu eu_inst_0("eu_inst_0"); memory memory_inst_1("mem os_config os_config_inst_0("o R1, R2, R3 PSL assertions Simulation Platform Monitors + observation mechanism SystemC instrumented platform XML configuration files

15 ISIS observation mechanism Workshop - November Timed DMAs Timed DMAs Proc. DSP Mem. DATA Mem. DATA Mem. CODE Mem. CODE ANI ANO DSI DSO MS SSS AHB Observation

16 Plan Overview & Safety Requirements PSL Standard & ISIS Tools Safety Monitors Integration Conclusion Workshop - November

17 Experiment 1 (HW error) Workshop - November Timed DMAs Timed DMAs Proc. DSP Mem. DATA Mem. DATA Mem. CODE Mem. CODE ANI ANO DSI DSO MS SSS AHB HW checksum computation period > 50 ms

18 Experiment 1 (HW error) Monitors/checkers Statisics (end of log) Performance : 3 monitors = + 1,2 % CPU time (Verbose mini) Workshop - November

19 Experiment 2 (SW error) Workshop - November Timed DMAs Timed DMAs Proc. DSP Mem. DATA Mem. DATA Mem. CODE Mem. CODE ANI ANO DSI DSO MS SSS AHB SW checksum error monitoring period > 100 ms

20 Experiment 2 (SW error) Monitors/checkers Statisics (end of log) Performance : 3 monitors = + 1,5 % CPU time (Verbose mini) Workshop - November

21 Experiment 3 (SW error + GDB) Workshop - November Timed DMAs Timed DMAs Proc. DSP Mem. DATA Mem. DATA Mem. CODE Mem. CODE ANI ANO DSI DSO MS SSS AHB GDBGDB Platform Logs

22 Experiment 3 (SW error + GDB) Workshop - November

23 Plan Overview & Safety Requirements PSL Standard & ISIS Tools Safety Monitors Integration Conclusion Workshop - November

24 Experimental results Advantages : Use IEEE PSL Standard Useful to monitor/debug system level properties Easy platform integration Explicit log messages Light CPU time overhead, but need to be experimented with more than 3 monitors to be representative Safety verification improvement (ex : fault injection) Improvement : Automatisation of the ISIS integration into Assembling Flow (IP-Xact format) Enable/disable monitors at execution time No need to recompile platform to change verbose level Workshop - November

25 Workshop - November Any Questions ?


Download ppt "Workshop - November 2011 - Toulouse. Plan Overview & Safety Requirements PSL formalization & ISIS Monitors Safety Monitors Integration Conclusion Workshop."

Similar presentations


Ads by Google