CN103761387A - Formal verification method for sequencing specification of FPGA (field programmable gate array) combinatorial logic system - Google Patents
Formal verification method for sequencing specification of FPGA (field programmable gate array) combinatorial logic system Download PDFInfo
- Publication number
- CN103761387A CN103761387A CN201410024696.1A CN201410024696A CN103761387A CN 103761387 A CN103761387 A CN 103761387A CN 201410024696 A CN201410024696 A CN 201410024696A CN 103761387 A CN103761387 A CN 103761387A
- Authority
- CN
- China
- Prior art keywords
- state
- transition
- gate circuit
- input
- excite
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Logic Circuits (AREA)
- Design And Manufacture Of Integrated Circuits (AREA)
Abstract
The invention discloses a formal verification method for a sequencing specification of an FPGA (field programmable gate array) combinatorial logic system. The formal verification method comprises the following steps of (1) obtaining a VHDL (very-high-speed integrated circuit hardware description language) procedure according to an operation sequencing specification of the FPGA combinatorial logic system; (2) establishing a Petri net model according to the VHDL procedure; (3) establishing a reachability graph according to the Petri net model; (4) pitching on all stable gate circuit output states in the reachability graph; (5) generating a control specification comprising a logical formula for calculating tree tense according to the operation sequencing specification of the FPGA combinatory logic system; and (6) detecting whether the stable gate circuit output states in the reachability graph meet the control specification or not, determining that the states are mistaken if the stable gate circuit output states in the reachability graph do not meet the control specification, positioning mistaken statements in the VHDL procedure according to excitable changes generating the mistaken states, and determining that the VHDL procedure meets the design requirements if all the states meet the control specification. The formal verification method for the sequencing specification of the FPGA combinatorial logic system is rigorous and complete in logicality and low in complexity.
Description
Technical field
The present invention relates to a kind of verification method of FPGA combinational logic system order standard, particularly a kind of formalization verification method of FPGA combinational logic system order standard.
Background technology
Field programmable gate array (FPGA Field-Programmable Gate Array) is the product further developing on the basis of the programming devices such as PAL, GAL, CPLD, and its appearance brings far-reaching influence to Design of Digital System.Because FPGA has, travelling speed is fast, power consumption is less, dirigibility is strong and facilitate the advantages such as secondary is revised, capability of sequential control is strong, the construction cycle is short, front-end investment risk is little, launch speed is fast, so FPGA is widely used in the key areas such as communication, military affairs, medical treatment, automotive electronics, Industry Control, consumer products.
The FPGA design of current trend is to describe as hardware input using VHDL or Verilog language, by synthesizer, comprehensively make hardware description language be mapped on logical circuit again, and then the instrument that adopts FPGA business men to provide carries out distributing, by the logical circuit fast writing comprehensively producing to FPGA.Such design cycle, distributing work comprehensively and is below all based on hardware description language, so the quality that hardware language is described has directly affected circuit function.But along with FPGA Design of Digital System scale constantly increases, the importance of test and checking is also day by day obvious.In order successfully to design a complex digital system, each stage will be carried out verification of correctness, is not only the checking of program syntax semanteme, also comprises the checking of system logic function, to guarantee the wrong early detection in design and to remove, improve the safety and reliability of system.
The main verification method of digital circuit is simulation and emulation.Simplation verification is traditional, and remains at present the verification method of main flow.Simplation verification is that pumping signal is put on to design, calculates and observe Output rusults, and judges that whether this result is consistent with expection.The major defect of simplation verification is non-completeness, can only prove wrong and can not prove error-free.Therefore, simulation is generally used for finding a large amount of significantly design mistakes at the checking initial stage, and is difficult to find complicated delicate logic error.Simplation verification also depends critically upon choosing of test vector, and rationally chooses fully test vector, and reaching high coverage rate itself is exactly a very difficult task.Deviser can not predict institute's vicious possibility pattern, so not yet find certain best coverage rate tolerance.Even if selected certain coverage rate tolerance, the proving time is also a bottle diameter.
Simulating, verifying is similar with simplation verification in principle, just three major parts of simplation verification are encouraged generation, monitor and coverage rate tolerance to integrate, form test benchmark (testbench), with realizations such as some programming devices or microprocessors.Emulation is more faster than the verifying speed of simulation, and its shortcoming is to cost dearly, very flexible.
Checking difficulty is often from the following aspects at present:
(1) the continuous increase of system complexity.The IC manufacturing technology of always following Moore law makes deviser integrated more IP kernel, internal memory, bus etc. on one single chip, forms very complicated system.Stark contrast therewith, the development of verification technique lags behind IC manufacturing capacity.This makes the more and more not competent checking demand of existing verification tool.
(2) the continuous shortening of Time To Market.Having reflected soon the constantly market competition requirement of shortening of design cycle of the update of electronic product at present.The spent time of proof procedure generally accounts for 2/3rds of the overall design cycle, even reaches more than 80%.Therefore to the reasonable request of checking, be exactly: raising speed is to dissolve in design cycle as far as possible.Especially early stage in design, in high-level discovery design mistake, can greatly reduce the cost that design is done over again.
(3), for the digital display circuit being applied in Safety-Critical System field (as the railway system, Aero-Space, energy generating etc.), the logic error of program is not allow to occur.Once there is logic error in program, will cause immeasurable loss to country and society, as 1994, there is mistake in Pentium processor while being found in certain specific floating-point operation of execution; Areia's Na five type rockets of European Space Agency in 1996 development after transmitting less than 40 seconds explosive incidents etc.
In order to propose more perfect verification technique, the method for Formal Verification has been proposed from academia and the increasing people of industry member.Formal verification be exactly from mathematics imperfectly proof system whether realized deviser's intention.This means first by the mathematical model of certain language and logical construct system, then use strict mathematical reasoning to prove the correctness of design.The major advantage of formal verification is completeness, can conclude the correctness of design completely.And Formal Languages---the Petri net being proposed first in automat for its PhD dissertation < < is communicated by letter > > in 1962 by Germany scientist Carl.Adam.Petri is widely used in analysis of Discrete Event Systems in recent years.Petri net, take figure and mathematics as basis, is a kind of formalization verification method Study system character of FPGA combinational logic system order standard and the Formal Languages of behavior.Analysis asynchronous, concurrent system that Petri net is applicable to, has very strong analog capability, has again rigorous mathematic(al) representation, has the characteristics such as directly perceived, understandable.
Each state of FPGA system can be corresponding to a sign of Petri net system, the behavior that the dynamic behaviour of Petri net has comprised FPGA system, portray the logical relation between each variable and the change procedure of output variable in the FPGA combinational logic system course of work, therefore utilized reachability graph's analytic approach of Petri net can analyze well and the operation of simulator program.What but Petri net was described is a concurrent system more complicated than FPGA system, in theory as long as transition meet shooting conditions and just can be excited, owing to exciting, there is no sequencing, easily cause endless loop, when carrying out gate circuit logical operation generator gate circuit output state, possible input quantity is also in continuous transition, therefore can generate much due to Petri net nature cause and with the irrelevant intermediateness of real system, so just cause the problem of State space explosion, brought very large difficulty also can to next step program verification.
It should be noted that, CTL (calculating tree temporal logic) is a kind of branching time logic, selects the tense logic language that number of times is maximum at present in model detects, and its time model is a tree structure, and be wherein uncertain future.Have different paths future, wherein any one may be all real " reality " path.
CTL formula is comprised of atomic proposition, logical connector, path measure word and temporal operator four parts:
(1) atomic proposition: describe the fundamental element of a system state, only have " true (TRUE) " or " false (FALSE) " two states;
(2) logical connector: for representing junction symbols some or certain several atomic proposition state.Conventional logical connector and " ∧ " or " ∨ ", non-
contain " → ";
(3) path measure word: for representing the branched structure of dendrogram.There is All Paths measure word A (All): all paths that expression starts from designated state; There is path measure word E (Exist); Expression is from the designated state a certain paths that comes into existence;
(4) temporal operator: for representing a certain individual path of dendrogram, the time attribute of some designated states, i.e. relation between it and front and back state.Comprise G (Global): so be illustrated on certain individual path, from designated state, start and its state in the future; F (Future): be illustrated on certain individual path and start following some states from designated state; X (Next): be illustrated in the next state starting from designated state on certain individual path; U (Until): be illustrated on certain individual path and start until some states from designated state.
By Backus-Naur normal form definition by induction CTL formula, be
Wherein ": :=" be the meaning of " being defined as ", " | " is illustrated in optional one of its left and right, is equivalent to the meaning of "or", and Φ is CTL formula.Symbol X, F, G and U can not occur separately in the situation that there is no A or E above.Similarly, each A or E must be accompanied by X, F, and one of G or U occur.Monobasic conjunction (comprises
with tense conjunction AG, EG, AF, EF, AX and EX) have the most closely and bind; Next is ∧ and ∨; Be then →, AU and EU.
If FPGA combinational logic system reachability graph is G
fPGAin one paths exist status switch be m
0, m
1, m
2m
i, and to each i>=0, have m
i→ m
i+1, have path m
0→ m
1→ ... in a possible future of expression system, system is before this at state m
0, then at state m
1, the like.Suppose |=refer to meet relation, CTL semanteme is:
(1)
and if only if G, m| ≠ Φ.
(2) G, m|=Φ
1∧ Φ
2: and if only if G, m|=Φ
1and G, m|=Φ
2.
(3) G, m|=Φ
1∨ Φ
2: and if only if G, m|=Φ
1or G, m|=Φ
2.
(4) G, m|=Φ
1→ Φ
2: and if only if G, m|=Φ
1there is G, m|=Φ
2.
(5) G, m|=AX Φ: all calculating paths that start with m, make next state meet Φ.
(6) G, m|=EX Φ: have a calculating path starting with m, make next state meet Φ.
(7) G, m|=AG Φ: to all calculating paths that start with m, the character Φ overall situation is set up.
(8) G, m|=EG Φ: have a calculating path starting with m, make along this path, the character Φ overall situation is set up.
(9) G, m|=AF Φ: all calculating paths that start with m, exist certain to-be that Φ is set up.
(10) G, m|=EF Φ: have a calculating path starting with m, Φ is set up under certain to-be.
(11) G, m|=A[Φ
1u Φ
2]: all calculating paths that start with m meet Φ
1, until Φ
2set up thereon.
(12) G, m|=E[Φ
1u Φ
2]: exist a calculating path starting with m to meet Φ
1, until Φ
2set up thereon.
Suppose to use Q
1and Q
2represent respectively two output variables, and Q
2must be at Q
1after carrying out, could carry out.Sequential control standard Φ between them can be write as AG (Q so
1) → AF (Q
2), at variable Q
1be true before, variable Q
2be false, as variable Q always
1for very rear variable Q
2become at last true.
Summary of the invention
The object of the invention is to overcome the deficiency of prior art, a kind of formalization verification method of FPGA combinational logic system order standard is provided, by utilizing the performance analysis performance of Petri net, and for netting, Petri sets the sequencing that transition excite, generate FPGA system reachability graph, delete the intermediateness generating due to the character of Petri net itself in reachability graph, and utilize a class specification normative language---calculate tree temporal logic CTL the property of system is described, by each state in traversal verification system reachability graph, find out the state of controlling standard of violating, thereby the source program of location logic function mistake, logic is rigorous, verify complete, complexity is low.
The technical solution adopted for the present invention to solve the technical problems is: a kind of formalization verification method of FPGA combinational logic system order standard, comprises the steps:
1), according to the sequence of operation standard of FPGA combinational logic system, obtain a VHDL program of describing described FPGA combinational logic system; Wherein, described VHDL program comprises input quantity, the output quantity of setting described FPGA combinational logic system, and the logical relation between described input quantity and output quantity, and described input quantity and output quantity are Boolean variable;
2) for input quantity, the output quantity of described VHDL program, and the logical relation between described input quantity and output quantity, Petri pessimistic concurrency control set up; Wherein, described Petri pessimistic concurrency control comprises the transition between state, each state of each variable in described VHDL program, and the shooting conditions of each transition;
3) according to the transition between state, each state of each variable in described Petri pessimistic concurrency control, and the shooting conditions of each transition, the sequencing simultaneously exciting by setting transition, the reachability graph who sets up described FPGA combinational logic system; Wherein, described reachability graph comprises input state node, gate circuit output state node, and the annexation between each node;
4) choose all single stable gate circuit output states that produced by single stable input quantity in described reachability graph; Wherein, described stable gate circuit output state is represented by a upper gate circuit output state node of all input state nodes in described reachability graph;
5), according to the sequence of operation standard of described FPGA combinational logic system, directly draw the gate circuit output state of described FPGA combinational logic system, and produce the control standard that comprises calculating tree temporal logic formula; Wherein, described calculating tree temporal logic formula represents that the state of described FPGA combinational logic system exists the path that arrives appointment gate circuit output state;
6) verify described VHDL program: whether the each stable gate circuit output state detecting in described reachability graph meets the calculating tree temporal logic formula in described control standard; If one of them state does not meet, this state subsistence logic mistake, by finding the excited transition that produce this error condition, thereby locates the wrong statement in described VHDL program; If all states all meet, described VHDL program meets designing requirement.
Step 2) in, described Petri pessimistic concurrency control is two tuples (N, a m
0), wherein N=(P, T, F), P be storehouse finite aggregate, T is the finite aggregate of transition,
represent the set of link library institute and transition directed arc, m
0it is the original state of Petri net; T=T in addition
in∪ T
out, T
inrepresent input quantity transition set, T
outrepresent gate circuit output transition set, T
e, inthe input quantity transition set that can excite, T
e, outthe gate circuit output transition set that can excite, and
wherein input quantity transition are for generation of the state conversion of input quantity, and gate circuit output transition are for generation of the state conversion of output quantity, T
e, incomprise the condition that input quantity transition are excited, T
e, outcomprise the condition that gate circuit output transition are excited.
The method for building up of described Petri pessimistic concurrency control comprises the steps:
A1, with the paired p of storehouse institute
1, p
2represent the two states of each variable in described VHDL program, be expressed as the p to storehouse institute with two circles
1, p
2, with the point in described circle, represent that holder agree, and with described Tuo Ken at the paired storehouse p of institute
1, p
2in positional representation described in variable in which kind of state;
A2, at the paired storehouse p of institute
1, p
2between add two transition t
1, t
2, construct four directed arcs respectively by p
1point to t
1, t
1point to p
2, p
2point to t
2, t
2point to p
1;
A3, according to described VHDL program, obtain the logical expression about input quantity and output quantity, be called V2P formula; According to Boolean calculation rule, described V2P formula is deformed into transition formula; Wherein, described transition formula comprises mutual transition between the two states of output quantity and the relation of input quantity;
A4, according to described transition formula, input quantity state corresponding with described transition the transition of output quantity is connected with two-way arc.
In steps A 3, setting input quantity in VHDL program is X
1, X
2..., X
n(n ∈ N
+), output quantity is Y
1, Y
2y
m(m ∈ N
+), output quantity Y
i(1≤i≤m) and input quantity X
j(the logical function expression formula of 1≤j≤n) is Y
i=f
i(X
1, X
2..., X
n) (1≤i≤m) (0.4)
Input quantity X in formula (1.1)
1, X
2..., X
n(n ∈ N
+) between be carry out with or, non-three kinds of basic logic operations; Easy in order to narrate, below only with a logic output expression formula with formula Y
1=f
1(X
1, X
2..., X
n) (0.5) describe;
By equation or map Karnaugh, formula (1.2) is carried out to abbreviation, can obtain:
Logical expression Φ (X in formula (1.3)
1, X
2..., X
n) represent between some input quantity and computing, or input quantity contrary again with, and have the individual different logical formula Φ of G
g(X
1, X
2..., X
n) (1≤g≤G) mutually or;
By formula (1.3) and upper (Y
1+ Y
1') obtain:
Formula (1.4) is obtained by the computing of assignment of logical rule:
Logic NOT computing is carried out in formula (1.3) both sides simultaneously to be obtained:
Utilize equation or Karnaugh map to carry out abbreviation to formula (1.6), obtain:
Logical expression ψ (X in formula (1.7)
1, X
2..., X
n) represent equally between some input quantity and computing, or input quantity contrary again with, and have the individual different logical formula ψ of L
l(X
1, X
2..., X
n) (1≤l≤L) mutually or;
By formula (1.7) and upper (Y
1+ Y
1'), and carry out logical operation and obtain respectively:
Formula (1.5) and formula (1.8) are described transition formula.
In steps A 4, the connected mode of described two-way arc is:
First, according to
formula, draws: Y
1from current state value " 0 ", become next state value " 1 " needs
there are G transition
with two-way arc every Φ
g(X
1, X
2..., X
n) state and corresponding transition of related input quantity in (1≤g≤G)
be connected;
Next, according to
formula, draws: Y
1from current state value " 1 ", become next state value " 0 " needs
there are L transition
with two-way arc every ψ
l(X
1, X
2..., X
n) in (1≤l≤L) state of related input quantity with corresponding
connect.
Step 3) in, the reachability graph of described FPGA combinational logic system is a tlv triple G
fPGA=<M, E, W>, M=M
in∪ M
out, E=E
in∪ E
out; Wherein, the each state in set M is corresponding to a node in system reachability graph, M
inand M
outrepresent respectively input state set and the set of gate circuit output state, in reachability graph, input state node represents by solid circles, and gate circuit output state node represents with dotted line circle; E is the set that a node points to the directed edge of another node, and W is the set of the transition mark of described directed edge, and the element in set W is the mapping of E to T; The set of the state that does not complete gate circuit logical operation of described FPGA combinational logic system is designated as to M
new, and the set of the state that completes gate circuit logical operation of described FPGA combinational logic system is designated as to M
old.
Step 3) in, the method for setting up described reachability graph comprises the steps:
B1, order
B2, by the original state m of FPGA combinational logic system in described Petri pessimistic concurrency control
0add set M to
newin, be about to { m
0} → M
new;
If B3
turn to step B4, otherwise algorithm finishes, output FPGA combinational logic system reachability graph G
fPGA=<M, E, W>;
B4, from M
newin appoint and get a state m;
If existence m in B4.1 reachability graph, directly turns to step B4.2, otherwise draw a solid line circle in described reachability graph, represent state m;
If B4.2 gathers M
oldin existence m, by state m from set M
newmiddle deletion, i.e. M
new=M
new-m}, and jump to step B3; Otherwise, if under state m, do not have the input transition that can excite and and the gate circuit output transition that can excite, by state m from M
newmiddle deletion, and add set M to
oldin, i.e. M
new=M
new-{ m} and M
old=M
old{ m}, then turns to step B3 to ∪;
If B4.3 not only exists the input transition that can excite but also have the gate circuit output transition that can excite under state m, exist
and
jump to step B5; If only there are the input transition that can excite under state m, have and only have
jump to step B6;
If not only there are the input transition that can excite but also have the gate circuit output transition that can excite in B5 under state m, preferentially excite all gate circuit output transition that excite, generate gate circuit output state;
The gate circuit output transition set T of B5.1 from exciting
e, outin appoint and get a transition t
out, excite this transition, generate gate circuit output state m '
out, and by these transition from set T
e, outmiddle deletion, i.e. T
e, out=T
e, out-{ t
out;
If existence m ' not in B5.2 reachability graph
out, incite somebody to action m '
out} → M
out, be about to state m '
outadd set M to
outin, and in reachability graph, draw a dashed circle and represent gate circuit output state m '
out;
B5.3 is from state m to gate circuit output state m '
outbetween draw an oriented dotted line limit, and on this dotted line limit mark gate circuit output transition t
out, be illustrated under state m by exciting transition t
outcan generate output state m '
out, described directed edge set E=E+{<m, m '
out>}, and W (<m, m ' in the transition tag set of described directed edge
out>)=t
out; Meanwhile, by m '
outadd M to
newin;
B5.4 judges the gate circuit output transition set T that can excite
e, outwhether be empty set, if
still there are the output transition that can excite, return to step B5.1; If the gate circuit that can excite output transition set
there is no the output transition that can excite, continue following operation;
If lower of B6 state m exists the input transition that can excite, there is and only has the input quantity transition set that can excite
excite all input transition that excite, change input quantity state;
The input transition set T of B6.1 from exciting
e, inas in appoint and get an input quantity transition t
in, excite this transition, generate gate circuit input state m '
in; And by these transition from set T
e, inmiddle deletion, i.e. T
e, in=T
e, in-{ t
in;
If existence m ' not in B6.2 reachability graph
in, incite somebody to action m '
in} → M
in, be about to state m '
inadd set M to
inin, and in reachability graph, draw a solid line circle and represent input state m '
in;
B6.3 is from state m to m '
inbetween draw an oriented solid line limit, and on this solid line limit mark input quantity transition t
in, be illustrated under state m by exciting transition t
incan generate input state m '
in; Described directed edge set is E=E+{<m, m '
in>}, and W (<m, m ' in the transition tag set of described directed edge
in>)=t
in; Meanwhile, by m '
inadd M to
newin;
B6.4 decision gate circuit input state m '
inunder the input quantity transition set T exciting
e, inwhether be empty set, if the input quantity transition set that can excite
still have the input transition that can excite, return to so step B6.1; If the input quantity transition set that can excite
there is no the input transition that can excite, continue following operation;
B7, by state m from M
newmiddle deletion, and add set M to
oldin, i.e. M
new=M
new-{ m} and M
old=M
old{ then m} turns to step B3 to ∪.
Step 4) in, described in choose the upper gate circuit output state node of all input state nodes in reachability graph, specifically comprise set M
olddescribed in the corresponding state of gate circuit output state node chosen choose, and add set M to
newin.
Setting described control standard is Φ, and the FPGA combinational logic system reachability graph after checking is G
v=<M
v, E
v, W
v>, wherein M
v=M
r∪ M
f, E
v=E
r∪ E
f, W
v=W
r∪ W
f; Wherein, M
rbe the set that after checking, state meets Φ, comprise logically true input state or gate circuit output state; M
fthe set that after checking, state does not meet Φ, the input state that comprises logic error or gate circuit output state; E
rrepresent to meet the directed edge set between the state of Φ, E
fit is the directed edge set not meeting between the state of Φ; W
rrepresent E
ron transition tag set, W
frepresent E
fon transition tag set; Step 6) in, the verification method of described VHDL program comprises the steps:
C1, from set M
newin appoint and get a state m to be verified
0, verify whether this state meets Φ, if state m
0meet Φ, added to set M
r; If state m
0do not meet Φ, added to set M
f, at set M
oldin find state m
0a upper input state m ', and by m ' and m
0between all directed edges add to set E
fin, the transition mark of described directed edge is added to set W simultaneously
fin;
If C2 state m
0do not meet Φ, according to Φ, obtain state m
0the correct status m of equal value that answers
r; According to Petri pessimistic concurrency control, the m ' that must do well arrive state m
rcorrect transition set; By W
fmiddle m ' and m
0between all transition and described correct transition set compare, obtain concrete wrong transition, according to the shooting conditions of described wrong transition, locate the wrong statement in described VHDL program;
C3, repeating step C1, C2, until each state of system was verified, work as M
newduring for empty set, turn to step C4;
If C4 set is M
fempty set, described VHDL program meets designing requirement.
From the above-mentioned description of this invention, compared with prior art, the present invention has following beneficial effect:
1. the present invention adopts Petri net to carry out modeling to FPGA combinational logic system, the behavior that the dynamic behaviour of Petri net has comprised FPGA system, has portrayed the logical relation between each variable and the change procedure of output variable in the FPGA combinational logic system course of work; Utilize afterwards the performance analysis performance of Petri net, and set for Petri net the sequencing that transition excite, generate FPGA system reachability graph; Afterwards, utilize a class specification normative language---calculate tree temporal logic CTL the property of system is described, by each state in traversal verification system reachability graph, find out the state of controlling standard of violating, thus the source program of location logic function mistake.Whole proof procedure is a kind of Formal Verification mode, is to carry out on the model that original design is carried out obtaining after mathematical abstractions, is mainly that system logic function is verified, for judging that whether design meets deviser's requirement, has completeness.
2. the present invention is by setting for Petri net the sequencing that transition excite, and solved traditional concurrent characteristic (being that exciting of transition do not have sequencing) due to Petri net and make the problem of the reachability graph's existence Space Explosion generating; After adopting which generation reachability graph, again according in reachability graph, still exist much due to the character of Petri net itself cause and intermediateness (same input state along different paths arrive intermediateness that same gate circuit output state produce) this phenomenon irrelevant from real system, only choose stable gate circuit output state in reachability graph as identifying object, thereby greatly reduce validation difficulty and complexity.
3. the present invention is by utilizing a class specification normative language---and calculate tree temporal logic CTL the property of system is described, by each state in traversal verification system reachability graph, find out and violate the state of controlling standard, can locate rapidly and accurately the source program statement of logic function mistake.
Accompanying drawing explanation
Fig. 1 is the exemplary plot of FPGA combinational logic system in the embodiment of the present invention---certain industrial chemicals is produced schematic diagram;
Fig. 2 is valve V in the FPGA combinational logic system example of Fig. 1
1petri net unit model;
Fig. 3 is the Petri pessimistic concurrency control of the embodiment of the present invention;
Fig. 4 is the reachability graph of the embodiment of the present invention.
Embodiment
The formalization verification method that the invention provides a kind of FPGA combinational logic system order standard, comprises the steps:
1), according to the sequence of operation standard of FPGA combinational logic system, obtain a VHDL program of describing described FPGA combinational logic system; Wherein, described VHDL program comprises input quantity, the output quantity of setting described FPGA combinational logic system, and the logical relation between described input quantity and output quantity, and described input quantity and output quantity are Boolean variable;
2) for input quantity, the output quantity of described VHDL program, and the logical relation between described input quantity and output quantity, Petri pessimistic concurrency control set up; Wherein, described Petri pessimistic concurrency control comprises the transition between state, each state of each variable in described VHDL program, and the shooting conditions of each transition;
3) according to the transition between state, each state of each variable in described Petri pessimistic concurrency control, and the shooting conditions of each transition, the sequencing simultaneously exciting by setting transition, the reachability graph who sets up described FPGA combinational logic system; Wherein, described reachability graph comprises input state node, gate circuit output state node, and the annexation between each node;
4) choose all single stable gate circuit output states that produced by single stable input quantity in described reachability graph; Wherein, described stable gate circuit output state is represented by a upper gate circuit output state node of all input state nodes in described reachability graph;
5), according to the sequence of operation standard of described FPGA combinational logic system, directly draw the gate circuit output state of described FPGA combinational logic system, and produce the control standard that comprises calculating tree temporal logic formula; Wherein, described calculating tree temporal logic formula represents that the state of described FPGA combinational logic system exists the path that arrives appointment gate circuit output state;
6) verify described VHDL program: whether the each stable gate circuit output state detecting in described reachability graph meets the calculating tree temporal logic formula in described control standard; If one of them state does not meet, this state subsistence logic mistake, by finding the excited transition that produce this error condition, thereby locates the wrong statement in described VHDL program; If all states all meet, described VHDL program meets designing requirement.
Step 2) in, described Petri pessimistic concurrency control is two tuples (N, a m
0), wherein N=(P, T, F), P be storehouse finite aggregate, T is the finite aggregate of transition,
represent the set of link library institute and transition directed arc, m
0it is the original state of Petri net; T=T in addition
in∪ T
out, T
inrepresent input quantity transition set, T
outrepresent gate circuit output transition set, T
e, inthe input quantity transition set that can excite, T
e, outthe gate circuit output transition set that can excite, and
wherein input quantity transition are for generation of the state conversion of input quantity, and gate circuit output transition are for generation of the state conversion of output quantity, T
e, incomprise the condition that input quantity transition are excited, T
e, outcomprise the condition that gate circuit output transition are excited.
The method for building up of described Petri pessimistic concurrency control comprises the steps:
A1, with the paired p of storehouse institute
1, p
2represent the two states of each variable in described VHDL program, be expressed as the p to storehouse institute with two circles
1, p
2, with the point in described circle, represent that holder agree, and with described Tuo Ken at the paired storehouse p of institute
1, p
2in positional representation described in variable in which kind of state;
A2, at the paired storehouse p of institute
1, p
2between add two transition t
1, t
2, construct four directed arcs respectively by p
1point to t
1, t
1point to p
2, p
2point to t
2, t
2point to p
1;
A3, according to described VHDL program, obtain the logical expression about input quantity and output quantity, be called V2P formula; According to Boolean calculation rule, described V2P formula is deformed into transition formula; Wherein, described transition formula comprises mutual transition between the two states of output quantity and the relation of input quantity;
A4, according to described transition formula, input quantity state corresponding with described transition the transition of output quantity is connected with two-way arc.
In steps A 3, setting input quantity in VHDL program is X
1, X
2..., X
n(n ∈ N
+), output quantity is Y
1, Y
2y
m(m ∈ N
+), output quantity Y
i(1≤i≤m) and input quantity X
j(the logical function expression formula of 1≤j≤n) is
Y
i=f
i(X
1,X
2,……,X
n)(1≤i≤m) (0.7)
Input quantity X in formula (1.1)
1, X
2..., X
n(n ∈ N
+) between be carry out with or, non-three kinds of basic logic operations; Easy in order to narrate, below only with a logic output expression formula with formula
Y
1=f
1(X
1, X
2..., X
n) (0.8) describe;
By equation or map Karnaugh, formula (1.2) is carried out to abbreviation, can obtain:
Logical expression Φ (X in formula (1.3)
1, X
2..., X
n) represent between some input quantity and computing, or input quantity contrary again with, and have the individual different logical formula Φ of G
g(X
1, X
2..., X
n) (1≤g≤G) mutually or;
By formula (1.3) and upper (Y
1+ Y
1') obtain:
Formula (1.4) is obtained by the computing of assignment of logical rule:
Logic NOT computing is carried out in formula (1.3) both sides simultaneously to be obtained:
Utilize equation or Karnaugh map to carry out abbreviation to formula (1.6), obtain:
Logical expression ψ (X in formula (1.7)
1, X
2..., X
n) represent equally between some input quantity and computing, or input quantity contrary again with, and have the individual different logical formula ψ of L
l(X
1, X
2..., X
n) (1≤l≤L) mutually or;
By formula (1.7) and upper (Y
1+ Y
1'), and carry out logical operation and obtain respectively:
Formula (1.5) and formula (1.8) are described transition formula.
In steps A 4, the connected mode of described two-way arc is:
First, according to
formula, considers Y
1from current state value " 0 ", become next state value " 1 ", due to current Y
1=0, Y
1'=1, so formula
and to make Y
1next output quantity be 1, want
because there be G different logical formula Φ
g(X
1, X
2..., X
n) (1≤g≤G) mutually or, so there are G transition
the exciting of any transition in them, all can make Y
1from current state value " 0 ", become next state value " 1 ", therefore use two-way arc every Φ
g(X
1, X
2..., X
n) state and corresponding transition of related input quantity in (1≤g≤G)
be connected;
Next, according to
formula, considers Y
1from current state value " 1 ", become next state value " 0 ", because current Y
1'=0, Y
1=1, so formula
and to make Y
1' next state value be 1, namely Y
1next state value be 0, want
because there be L different logical formula ψ
l(X
1, X
2..., X
n) (1≤l≤L) mutually or, there are L transition
the exciting of any transition in them, all can make Y
1from current state value " 1 ", become next state value " 0 ", therefore use two-way arc every ψ
l(X
1, X
2..., X
n) in (1≤l≤L) state of related input quantity with corresponding
connect.
Step 3) in, the reachability graph of described FPGA combinational logic system is a tlv triple G
fPGA=<M, E, W>, M=M
in∪ M
out, E=E
in∪ E
out; Wherein, the each state in set M is corresponding to a node in system reachability graph, M
inand M
outrepresent respectively input state set and the set of gate circuit output state, in reachability graph, input state node represents by solid circles, and gate circuit output state node represents with dotted line circle; E is the set that a node points to the directed edge of another node, and W is the set of the transition mark of described directed edge, and the element in set W is the mapping of E to T; The set of the state that does not complete gate circuit logical operation of described FPGA combinational logic system is designated as to M
new, and the set that oneself of described FPGA combinational logic system completes the state of gate circuit logical operation is designated as to M
old.
Step 3) in, the method for setting up described reachability graph comprises the steps:
B1, order
B2, by the original state m of FPGA combinational logic system in described Petri pessimistic concurrency control
0add set M to
newin, be about to { m
0} → M
new;
If B3
turn to step B4, otherwise algorithm finishes, output FPGA combinational logic system reachability graph G
fPGA=<M, E, W>;
B4, from M
newin appoint and get a state m;
If existence m in B4.1 reachability graph, directly turns to step B4.2, otherwise draw a solid line circle in described reachability graph, represent state m;
If B4.2 gathers M
oldin existence m, by state m from set M
newmiddle deletion, i.e. M
new=M
new-m}, and jump to step B3; Otherwise, if under state m, do not have the input transition that can excite and and the gate circuit output transition that can excite, by state m from M
newmiddle deletion, and add set M to
oldin, i.e. M
new=M
new-{ m} and M
old=M
old{ m}, then turns to step B3 to ∪;
If B4.3 not only exists the input transition that can excite but also have the gate circuit output transition that can excite under state m, exist
and
jump to step B5; If only there are the input transition that can excite under state m, have and only have
jump to step B6;
If not only there are the input transition that can excite but also have the gate circuit output transition that can excite in B5 under state m, preferentially excite all gate circuit output transition that excite, generate gate circuit output state;
The gate circuit output transition set T of B5.1 from exciting
e, outin appoint and get a transition t
out, excite this transition, generate gate circuit output state m '
out, and by these transition from set T
e, outmiddle deletion, i.e. T
e, out=T
e, out-{ t
out;
If existence m ' not in B5.2 reachability graph
out, incite somebody to action m '
out} → M
out, be about to state m '
outadd set M to
outin, and in reachability graph, draw a dashed circle and represent gate circuit output state m '
out;
B5.3 is from state m to gate circuit output state m '
outbetween draw an oriented dotted line limit, and on this dotted line limit mark gate circuit output transition t
out, be illustrated under state m by exciting transition t
outcan generate output state m '
out, described directed edge set E=E+{<m, m '
out>}, and W (<m, m ' in the transition tag set of described directed edge
out>)=t
out; Meanwhile, by m '
outadd M to
newin;
B5.4 judges the gate circuit output transition set T that can excite
e, outwhether be empty set, if
still there are the output transition that can excite, return to step B5.1; If the gate circuit that can excite output transition set
there is no the output transition that can excite, continue following operation;
If lower of B6 state m exists the input transition that can excite, there is and only has the input quantity transition set that can excite
excite all input transition that excite, change input quantity state;
The input transition set T of B6.1 from exciting
e, inas in appoint and get an input quantity transition t
in, excite this transition, generate gate circuit input state m '
in; And by these transition from set T
e, inmiddle deletion, i.e. T
e, in=T
e, in-{ t
in;
If existence m ' not in B6.2 reachability graph
in, incite somebody to action m '
in} → M
in, be about to state m '
inadd set M to
inin, and in reachability graph, draw a solid line circle and represent input state m '
in;
B6.3 is from state m to m '
inbetween draw an oriented solid line limit, and on this solid line limit mark input quantity transition t
in, be illustrated under state m by exciting transition t
incan generate input state m '
in; Described directed edge set is E=E+{<m, m '
in>}, and W (<m, m ' in the transition tag set of described directed edge
in>)=t
in; Meanwhile, by m '
inadd M to
newin;
B6.4 decision gate circuit input state m '
inunder the input quantity transition set T exciting
e, inwhether be empty set, if the input quantity transition set that can excite
still have the input transition that can excite, return to so step B6.1; If the input quantity transition set that can excite
there is no the input transition that can excite, continue following operation;
B7, by state m from M
newmiddle deletion, and add set M to
oldin, i.e. M
new=M
new-{ m} and M
old=M
old{ then m} turns to step B3 to ∪.
Step 4) in, described in choose the upper gate circuit output state node of all input state nodes in reachability graph, specifically comprise set M
olddescribed in the corresponding state of gate circuit output state node chosen choose, and add set M to
newin.
Setting described control standard is Φ, and the FPGA combinational logic system reachability graph after checking is G
v=<M
v, E
v, W
v>, wherein M
v=M
r∪ M
f, E
v=E
r∪ E
f, W
v=W
r∪ W
f; Wherein, M
rbe the set that after checking, state meets Φ, comprise logically true input state or gate circuit output state; M
fthe set that after checking, state does not meet Φ, the input state that comprises logic error or gate circuit output state; E
rrepresent to meet the directed edge set between the state of Φ, E
fit is the directed edge set not meeting between the state of Φ; W
rrepresent E
ron transition tag set, W
frepresent E
fon transition tag set; Step 6) in, the verification method of described VHDL program comprises the steps:
C1, from set M
newin appoint and get a state m to be verified
0, verify whether this state meets Φ, if state m
0meet Φ, added to set M
r; If state m
0do not meet Φ, added to set M
f, at set M
oldin find state m
0a upper input state m ', and by m ' and m
0between all directed edges add to set E
fin, the transition mark of described directed edge is added to set W simultaneously
fin;
If C2 state m
0do not meet Φ, according to Φ, obtain state m
0the correct status m of equal value that answers
r; According to Petri pessimistic concurrency control, the m ' that must do well arrive state m
rcorrect transition set; By W
fmiddle m ' and m
0between all transition and described correct transition set compare, obtain concrete wrong transition, according to the shooting conditions of described wrong transition, locate the wrong statement in described VHDL program;
C3, repeating step C1, C2, until each state of system was verified, work as M
newduring for empty set, turn to step C4;
If C4 set is M
fempty set, described VHDL program meets designing requirement.
Below by specific embodiment, the present invention will be further described.
Figure 1 shows that certain industrial chemicals production schematic diagram.Its brief description of the process: V
1and V
2respectively the inlet valve of raw material A and B, V
3it is product discharge valve.S
1and S
2be two liquid level sensors, whether the liquid level that is used for monitoring in container reaches desired value, S
3be temperature sensor, whether the temperature that detects liquid in tank reaches desired value.M is well heater, and L is external definition switch.After system starts, when liquid level is lower than S
1time, V
1valve is opened, and raw material A is injected container; When liquid level arrives S
1, i.e. S
1sensor while having signal, V
1valve cuts out, simultaneously V
2valve is opened, and raw material B injects container; When liquid level arrives S
2time, V
2valve cuts out, and well heater M starts heating; When temperature reaches desired value, i.e. S
3while having signal, M stops heating, simultaneously V
3valve is opened, and external definition switch L starts timing; When after a period of time, L closes, V
3valve cuts out, and system is got back to initial conditions.
Tu1Zhong topworks comprises: inlet valve, outlet valve, well heater, timer and sensor.From the logic level of system operation, each topworks can abstractly be all operation and resting state, and between switches all the time, and this switching has the two class event-driven of opening and closing, and this two classes event is carried out by the computing machine such as programmable logic controller (PLC).Timer in this system also has startup and cuts out two states, and its startup is artificial unlatching, and close, is arrive the time setting and automatically close from body controller.Therefore, above system is a kind of FPGA combinational logic system.
, according to scheme provided by the present invention, the formalization verification method of the FPGA combinational logic system shown in Fig. 1 comprises:
Wherein, input quantity is S
1, S
2, S
3, L is buffer memory variable (being input quantity and output quantity), output quantity is V
1, V
2, V
3, M.
Table 1 has been listed the corresponding circuit state of each node in the FPGA combinational logic system reachability graph of Fig. 4, and each state representation form is:
The represented state of node in table 1 Fig. 4
Step 4, by the system reachability graph of Fig. 4, can be found out, due to Petri net performance analysis behavior, as long as the transition that excite can excite, so under a stable input quantity, concurrent transition in Petri net finally can reach a stable gate circuit output state by different excitation path (excitating sequence), this character due to Petri net itself can generate a lot of intermediatenesses, the state that causes system reachability graph's reached at amount will study than us is how a lot, has also strengthened the difficulty of checking.Because the present invention only relates to the logic function relation between combinational logic circuit input quantity and gate leve output, in order to simplify as far as possible system reachability graph, also for the relation that meets between faster verification system state and control standard, we are necessary these intermediatenesses to remove.
Respectively the Last status of the input state node representing by solid circles is picked out one by one, these states are all the output state nodes representing with dotted line circle, are system corresponding stable gate circuit output states under a stable input quantity.As shown in Figure 4, remove intermediateness after select system state be respectively: m
1, m
3, m
11, m
19and m
23.
Step 5, according to the sequence of operation standard of above FPGA combinational logic system, valve V
1at water level, reach S
1in open mode, water level arrives S before
1time V
1will close; Valve V
2at water level, arrive S
1in time, opens, when water level arrives S
2time, V
2will close; Well heater M arrives S at water level
2shi Qidong heating, when water temperature arrives S
3time, stop heating; Valve V
3in water temperature, arrive S
3in time, opens, V
3when stopping, timer closes.Suppose to use s
0, s
1, s
2, s
3, s
4the stable output state that represents respectively this system, should have:
s
0=(1,0,1,0,1,0, 0,1,1,0,1,0,1,0,1,0)
T
s
1=(0,1,1,0,1,0, 1,0,0,1,1,0,1,0,1,0)
T
s
2=(0,1,0,1,1,0, 1,0,1,0,0,1,1,0,1,0)
T
s
3=(0,1,0,1,0,1, 1,0,1,0,1,0,0,1,0,1)
T
s
4=(0,1,0,1,1,0, 1,0,1,0,1,0,1,0,1,0)
T
Because state s
0, s
1, s
2, s
3, s
4be the output state producing according to the sequence of operation standard of above FPGA combinational logic system, so certainly exist these output states on certain paths of this routine FPGA combinational logic system reachability graph, the control modular formula of describing with CTL is as follows: G, m
0|=EF (s
0), G represents reachability graph herein
G,m
0|=EF(s
1)
G,m
0|=EF(s
2)
G,m
0|=EF(s
3)
G,m
0|=EF(s
4)
In addition, according to the sequence of operation standard of above FPGA combinational logic system, output state s
1will be at state s
0could occur afterwards, in system reachability graph with s
0on all paths that start, it must have state s in the future
1at s
0occur afterwards.Same state s
2will be at s
1could there is afterwards state s
3will be at s
2could there is afterwards state s
4will be at s
3could occur afterwards, the control modular formula of describing with CTL is as follows:
G,m
0|=AG(s
0)→AF(s
1)
G,m
0|=AG(s
1)→AF(s
2)
G,m
0|=AG(s
2)→AF(s
3)
G,m
0|=AG(s
3)→AF(s
4)
Step 6, by after the controlled modular formula of step 5, the system state of removing after intermediateness in FPGA combinational logic system reachability graph is verified one by one, i.e. proofing state m
1, m
3, m
11, m
19and m
23whether meet above-mentioned CTL formula, draw to draw a conclusion:
(1) in system reachability graph with m
0all states on all paths that start do not exist and meet s
1state, i.e. G, m
0| ≠ EF (s
1).
(2) because do not exist, meet s
1state, make states all in reachability graph not meet s
0and s
1, s
1and s
2between logical order relation, i.e. G, m
0| ≠ AG (s
0) → AF (s
1) and G, m
0| ≠ AG (s
1) → AF (s
2).
From output state s
1=(0,1,1,0,1,0,1,0,0,1,1,0,1,0,1,0)
tcan find out sensor S
1in running order, sensor S
2and S
3in closed condition, so current input quantity is (0,1,1,0,1,0)
t; Valve V
2in open mode, and valve V
1and V
3and well heater M and external definition switch L are all in closed condition, so current output quantity is (1,0,0,1,1,0,1,0,1,0)
t; Be state s
1the operation of descriptive system is to arrive S when water level
1time, valve V
1from open mode before, become closed condition, and valve V
2from closed condition before, become open mode.By checking, can find m
3=(0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0)
tbe the state that should not exist, the operation of its descriptive system is to arrive S when water level
1time, valve V
1with valve V
2all in open mode.M
3state description obviously do not meet s
1control code requirement, so m
3be a state that has logic error, violated the sequence of operation standard of system.
In the system reachability graph of Fig. 4, find wrong state m
3, knownly stablizing input state m
2under by exciting transition
obtain m
3, known by above-mentioned analysis, at input state m
2under not only to excite transition
also to excite transition
just can be met s
1=(0,1,1,0,1,0,1,0,0,1,1,0,1,0,1,0)
tcontrol the output state of code requirement.Get back in the Petri pessimistic concurrency control of Fig. 3 and can find at input state m
2under, transition
can not excite, and transition in this Petri pessimistic concurrency control
shooting conditions be storehouse institute
in to have Tuo Ken, thereby reflect valve V
1the condition of closing be water level arrive S
2, the sequence of operation standard of this and system is disagreed.
From wrong gate circuit output state m
3find out shooting conditions in Petri pessimistic concurrency control and have wrong transition
because the shooting conditions of transition all represents a specific logical expression, corresponding with the statement in VHDL program, so statement " V in program
1<=not S
2" certainly exist logic error.This has just completed the Formal Verification to FPGA combinational logic system, and object is to find out the program statement of subsistence logic mistake.
Above-described embodiment is only used for further illustrating the formalization verification method of a kind of FPGA combinational logic system order standard of the present invention; but the present invention is not limited to embodiment; any simple modification, equivalent variations and modification that every foundation technical spirit of the present invention is done above embodiment, all fall in the protection domain of technical solution of the present invention.
Claims (9)
1. a formalization verification method for FPGA combinational logic system order standard, is characterized in that, comprises the steps:
1), according to the sequence of operation standard of FPGA combinational logic system, obtain a VHDL program of describing described FPGA combinational logic system; Wherein, described VHDL program comprises input quantity, the output quantity of setting described FPGA combinational logic system, and the logical relation between described input quantity and output quantity, and described input quantity and output quantity are Boolean variable;
2) for input quantity, the output quantity of described VHDL program, and the logical relation between described input quantity and output quantity, Petri pessimistic concurrency control set up; Wherein, described Petri pessimistic concurrency control comprises the transition between state, each state of each variable in described VHDL program, and the shooting conditions of each transition;
3) according to the transition between state, each state of each variable in described Petri pessimistic concurrency control, and the shooting conditions of each transition, the sequencing simultaneously exciting by setting transition, the reachability graph who sets up described FPGA combinational logic system; Wherein, described reachability graph comprises input state node, gate circuit output state node, and the annexation between each node;
4) choose all single stable gate circuit output states that produced by single stable input quantity in described reachability graph; Wherein, described stable gate circuit output state is represented by a upper gate circuit output state node of all input state nodes in described reachability graph;
5), according to the sequence of operation standard of described FPGA combinational logic system, directly draw the gate circuit output state of described FPGA combinational logic system, and produce the control standard that comprises calculating tree temporal logic formula;
6) verify described VHDL program: whether the each stable gate circuit output state detecting in described reachability graph meets the calculating tree temporal logic formula in described control standard; If one of them state does not meet, this state subsistence logic mistake, by finding the excited transition that produce this error condition, thereby locates the wrong statement in described VHDL program; If all states all meet, described VHDL program meets designing requirement.
2. the formalization verification method of a kind of FPGA combinational logic system order standard as claimed in claim 1, is characterized in that step 2) in, described Petri pessimistic concurrency control is two tuples (N, a m
0), wherein N=(P, T, F), P be storehouse finite aggregate, T is the finite aggregate of transition,
represent the set of link library institute and transition directed arc, m
0it is the original state of Petri net; T=T in addition
in∪ T
out, T
inrepresent input quantity transition set, T
outrepresent gate circuit output transition set, T
e, inthe input quantity transition set that can excite, T
e, outthe gate circuit output transition set that can excite, and
wherein input quantity transition are for generation of the state conversion of input quantity, and gate circuit output transition are for generation of the state conversion of output quantity, T
e, incomprise the condition that input quantity transition are excited, T
e, outcomprise the condition that gate circuit output transition are excited.
3. the formalization verification method of a kind of FPGA combinational logic system order standard as claimed in claim 1 or 2, is characterized in that, the method for building up of described Petri pessimistic concurrency control comprises the steps:
A1, with the paired p of storehouse institute
1, p
2represent the two states of each variable in described VHDL program, be expressed as the p to storehouse institute with two circles
1, p
2, with the point in described circle, represent that holder agree, and with described Tuo Ken at the paired storehouse p of institute
1, p
2in positional representation described in variable in which kind of state;
A2, at the paired storehouse p of institute
1, p
2between add two transition t
1, t
2, construct four directed arcs respectively by p
1point to t
1, t
1point to p
2, p
2point to t
2, t
2point to p
1;
A3, according to described VHDL program, obtain the logical expression about input quantity and output quantity, be called V2P formula; According to Boolean calculation rule, described V2P formula is deformed into transition formula; Wherein, described transition formula comprises mutual transition between the two states of output quantity and the relation of input quantity;
A4, according to described transition formula, input quantity state corresponding with described transition the transition of output quantity is connected with two-way arc.
4. the formalization verification method of a kind of FPGA combinational logic system order standard as claimed in claim 3, is characterized in that, in steps A 3, setting input quantity in VHDL program is X
1, X
2..., X
n(n ∈ N
+), output quantity is Y
1, Y
2y
m(m ∈ N
+), output quantity Y
i(1≤i≤m) and input quantity X
j(the logical function expression formula of 1≤j≤n) is
Y
i=f
i(X
1,X
2,……,X
n)(1≤i≤m) (0.1)
Input quantity X in formula (1.1)
1, X
2..., X
n(n ∈ N
+) between be carry out with or, non-three kinds of basic logic operations; Easy in order to narrate, below only with a logic output expression formula with formula
Y
1=f
1(X
1,X
2,……,X
n) (0.2)
Describe;
By equation or map Karnaugh, formula (1.2) is carried out to abbreviation, can obtain:
Logical expression Φ (X in formula (1.3)
1, X
2..., X
n) represent between some input quantity and computing, or input quantity contrary again with, and have the individual different logical formula Φ of G
g(X
1, X
2..., X
n) (1≤g≤G) mutually or;
By formula (1.3) and upper (Y
1+ Y
1') obtain:
Formula (1.4) is obtained by the computing of assignment of logical rule:
Logic NOT computing is carried out in formula (1.3) both sides simultaneously to be obtained:
Utilize equation or Karnaugh map to carry out abbreviation to formula (1.6), obtain:
Logical expression ψ (X in formula (1.7)
1, X
2..., X
n) represent equally between some input quantity and computing, or input quantity contrary again with, and have the individual different logical formula ψ of L
l(X
1, X
2..., X
n) (1≤l≤L) mutually or;
By formula (1.7) and upper (Y
1+ Y
1'), and carry out logical operation and obtain respectively:
Formula (1.5) and formula (1.8) are described transition formula.
5. the formalization verification method of a kind of FPGA combinational logic system order standard as claimed in claim 4, is characterized in that, in steps A 4, the connected mode of described two-way arc is:
First, according to
formula, draws: Y
1from current state value " 0 ", become next state value " 1 " needs
there are G transition
with two-way arc every Φ
g(X
1, X
2..., X
n) state and corresponding transition of related input quantity in (1≤g≤G)
be connected;
Next, according to
formula, draws: Y
1from current state value " 1 ", become next state value " 0 " needs
there are L transition
with two-way arc every ψ
l(X
1, X
2..., X
n) in (1≤l≤L) state of related input quantity with corresponding
connect.
6. the formalization verification method of a kind of FPGA combinational logic system order standard as claimed in claim 2, is characterized in that step 3) in, the reachability graph of described FPGA combinational logic system is a tlv triple G
fPGA=<M, E, W>, M=M
in∪ M
out, E=E
in∪ E
out; Wherein, the each state in set M is corresponding to a node in system reachability graph, M
inand M
outrepresent respectively input state set and the set of gate circuit output state, in reachability graph, input state node represents by solid circles, and gate circuit output state node represents with dotted line circle; E is the set that a node points to the directed edge of another node, and W is the set of the transition mark of described directed edge, and the element in set W is the mapping of E to T; The set of the state that does not complete gate circuit logical operation of described FPGA combinational logic system is designated as to M
new, and the set of the state that completes gate circuit logical operation of described FPGA combinational logic system is designated as to M
old.
7. the formalization verification method of a kind of FPGA combinational logic system order standard as claimed in claim 6, is characterized in that step 3) in, the method for setting up described reachability graph comprises the steps:
B1, the present
B2, by the original state m of FPGA combinational logic system in described Petri pessimistic concurrency control
0add set M to
newin;
If B3
turn to step B4, otherwise algorithm finishes, output FPGA combinational logic system reachability graph G
fPGA=<M, E, W>;
B4, from M
newin appoint and get a state m;
If existence m in B4.1 reachability graph, directly turns to step B4.2, otherwise draw a solid line circle in described reachability graph, represent state m;
If B4.2 gathers M
oldin existence m, by state m from set M
newmiddle deletion, and jump to step B3; Otherwise, if under state m, there is no the input transition that can excite and the gate circuit that can excite output transition, by state m from M
newmiddle deletion, and add set M to
oldin, then turn to step B3;
If B4.3 not only exists the input transition that can excite but also have the gate circuit output transition that can excite under state m, exist
and
jump to step B5; If only there are the input transition that can excite under state m, have and only have
jump to step B6;
If not only there are the input transition that can excite but also have the gate circuit output transition that can excite in B5 under state m, preferentially excite all gate circuit output transition that excite, generate gate circuit output state;
The gate circuit output transition set T of B5.1 from exciting
e, outin appoint and get a transition t
out, excite this transition, generate gate circuit output state m '
out, and by these transition from set T
e, outmiddle deletion;
If existence m ' not in B5.2 reachability graph
out, by state m '
outadd set M to
outin, and in reachability graph, draw a dashed circle and represent gate circuit output state m '
out;
B5.3 is from state m to gate circuit output state m '
outbetween draw an oriented dotted line limit, and on this dotted line limit mark gate circuit output transition t
out, for being illustrated under state m by exciting transition t
outcan generate output state m '
out, described directed edge set E=E+{<m, m '
out>}, and W (<m, m ' in the transition tag set of described directed edge
out>)=t
out; Meanwhile, by m '
outadd M to
newin;
B5.4 judges the gate circuit output transition set T that can excite
e, outwhether be empty set, if
still there are the output transition that can excite, return to step B5.1; If the gate circuit that can excite output transition set
there is no the output transition that can excite, continue following operation;
If lower of B6 state m exists the input transition that can excite, there is and only has the input quantity transition set that can excite
excite all input transition that excite, change input quantity state;
The input transition set T of B6.1 from exciting
e, inin appoint and get an input quantity transition t
in, excite this transition, generate gate circuit input state m '
in; And by these transition from set T
e, inmiddle deletion;
If existence m ' not in B6.2 reachability graph
in, by state m '
inadd set M to
inin, and in reachability graph, draw a solid line circle and represent input state m '
in;
B6.3 is from state m to m '
inbetween draw an oriented solid line limit, and on this solid line limit mark input quantity transition t
in, for being illustrated under state m by exciting transition t
incan generate input state m '
in; Described directed edge set is E=E+{<m, m '
in>}, and W (<m, m ' in the transition tag set of described directed edge
in>)=t
in; Meanwhile, by m '
inadd M to
newin;
B6.4 decision gate circuit input state m '
inunder the input quantity transition set T exciting
e, inwhether be empty set, if the input quantity transition set that can excite
still have the input transition that can excite, return to so step B6.1; If the input quantity transition set that can excite
there is no the input transition that can excite, continue following operation;
B7, by state m from M
newmiddle deletion, and add set M to
oldin, then turn to step B3.
8. the formalization verification method of a kind of FPGA combinational logic system order standard as claimed in claim 6, it is characterized in that, step 4) in, described in choose the upper gate circuit output state node of all input state nodes in reachability graph, specifically comprise set M
olddescribed in the corresponding state of gate circuit output state node chosen choose, and add set M to
newin.
9. the formalization verification method of a kind of FPGA combinational logic system order standard as claimed in claim 8, is characterized in that, setting described control standard is Φ, and the FPGA combinational logic system reachability graph after checking is G
v=<M
v, E
v, W
v>, wherein M
v=M
r∪ M
f, E
v=E
r∪ E
f, W
v=W
r∪ W
f; Wherein, M
rbe the set that after checking, state meets Φ, comprise logically true input state or gate circuit output state; M
fthe set that after checking, state does not meet Φ, the input state that comprises logic error or gate circuit output state; E
rrepresent to meet the directed edge set between the state of Φ, E
fit is the directed edge set not meeting between the state of Φ; W
rrepresent E
ron transition tag set, W
frepresent E
fon transition tag set; Step 6) in, the verification method of described VHDL program comprises the steps:
C1, from set M
newin appoint and get a state m to be verified
0, verify whether this state meets Φ, if state m
0meet Φ, added to set M
r; If state m
0do not meet Φ, added to set M
f, at set M
oldin find state m
0a upper input state m ', and by m ' and m
0between all directed edges add to set E
fin, the transition mark of described directed edge is added to set W simultaneously
fin;
If C2 state m
0do not meet Φ, according to Φ, obtain state m
0the correct status m of equal value that answers
r; According to Petri pessimistic concurrency control, the m ' that must do well arrive state m
rcorrect transition set; By W
fmiddle m ' and m
0between all transition and described correct transition set compare, obtain concrete wrong transition, according to the shooting conditions of described wrong transition, locate the wrong statement in described VHDL program;
C3, repeating step C1, C2, until that each state of system is verified is out-of-date, turn to step C4;
If C4 set is M
fempty set, described VHDL program meets designing requirement.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410024696.1A CN103761387B (en) | 2014-01-20 | 2014-01-20 | Formal verification method for sequencing specification of FPGA (field programmable gate array) combinatorial logic system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410024696.1A CN103761387B (en) | 2014-01-20 | 2014-01-20 | Formal verification method for sequencing specification of FPGA (field programmable gate array) combinatorial logic system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103761387A true CN103761387A (en) | 2014-04-30 |
| CN103761387B CN103761387B (en) | 2017-01-18 |
Family
ID=50528623
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410024696.1A Expired - Fee Related CN103761387B (en) | 2014-01-20 | 2014-01-20 | Formal verification method for sequencing specification of FPGA (field programmable gate array) combinatorial logic system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103761387B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108681503A (en) * | 2018-03-23 | 2018-10-19 | 杭州电子科技大学 | Safety detection method, device and the equipment of programmable controller program |
| CN109002601A (en) * | 2018-07-06 | 2018-12-14 | 西安电子科技大学 | A kind of verifying model modelling approach of the FPGA system based on Petri network |
| CN109308300A (en) * | 2018-09-27 | 2019-02-05 | 上海达梦数据库有限公司 | A kind of processing method of logical operation, device, conversion plug-in unit and storage medium |
| CN110033125A (en) * | 2019-03-14 | 2019-07-19 | 山东科技大学 | A kind of business process analysis method based on fuzzy logic Petri network |
| CN110865586A (en) * | 2019-07-26 | 2020-03-06 | 华侨大学 | Petri network-based brushless direct current motor DSP logic control program design method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030144826A1 (en) * | 2002-01-29 | 2003-07-31 | Mandell Michael I. | Register repositioning method for functional verification systems |
| CN101377794A (en) * | 2008-09-22 | 2009-03-04 | 浪潮电子信息产业股份有限公司 | Financial tax control SOC chip logic checking system |
| CN103093046A (en) * | 2013-01-11 | 2013-05-08 | 华侨大学 | Method for converting field programmable gate array (FPGA) Vhsic hardware description language (VHDL) to ordinary Petri network |
-
2014
- 2014-01-20 CN CN201410024696.1A patent/CN103761387B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030144826A1 (en) * | 2002-01-29 | 2003-07-31 | Mandell Michael I. | Register repositioning method for functional verification systems |
| CN101377794A (en) * | 2008-09-22 | 2009-03-04 | 浪潮电子信息产业股份有限公司 | Financial tax control SOC chip logic checking system |
| CN103093046A (en) * | 2013-01-11 | 2013-05-08 | 华侨大学 | Method for converting field programmable gate array (FPGA) Vhsic hardware description language (VHDL) to ordinary Petri network |
Non-Patent Citations (1)
| Title |
|---|
| JILIANG LUO ET AL.: "Approach for Transforming Linear Constraints on Petri Nets", 《IEEE TRANSACTIONS ON AUTOMATIC CONTROL》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108681503A (en) * | 2018-03-23 | 2018-10-19 | 杭州电子科技大学 | Safety detection method, device and the equipment of programmable controller program |
| CN109002601A (en) * | 2018-07-06 | 2018-12-14 | 西安电子科技大学 | A kind of verifying model modelling approach of the FPGA system based on Petri network |
| CN109002601B (en) * | 2018-07-06 | 2020-09-08 | 西安电子科技大学 | FPGA system verification model modeling method based on Petri network |
| CN109308300A (en) * | 2018-09-27 | 2019-02-05 | 上海达梦数据库有限公司 | A kind of processing method of logical operation, device, conversion plug-in unit and storage medium |
| CN110033125A (en) * | 2019-03-14 | 2019-07-19 | 山东科技大学 | A kind of business process analysis method based on fuzzy logic Petri network |
| CN110033125B (en) * | 2019-03-14 | 2023-04-18 | 山东科技大学 | Service flow analysis method based on fuzzy logic Petri network |
| CN110865586A (en) * | 2019-07-26 | 2020-03-06 | 华侨大学 | Petri network-based brushless direct current motor DSP logic control program design method |
| CN110865586B (en) * | 2019-07-26 | 2022-06-07 | 华侨大学 | Petri network-based brushless direct current motor DSP logic control program design method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103761387B (en) | 2017-01-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Cardell-Oliver et al. | A practical and complete algorithm for testing real-time systems | |
| Hermanns et al. | The how and why of interactive Markov chains | |
| CN103761387A (en) | Formal verification method for sequencing specification of FPGA (field programmable gate array) combinatorial logic system | |
| CN103488568B (en) | A kind of embedded software credible attribute modeling and verification method | |
| Galpin et al. | HYPE: Hybrid modelling by composition of flows | |
| CN106411635A (en) | Formal analysis and verification method for real-time protocol | |
| Ábrahám | Modeling and analysis of hybrid systems | |
| Colvin et al. | Timed behavior trees for failure mode and effects analysis of time-critical systems | |
| CN103699730A (en) | Petri-net-based combined logic FPGA (Field Programmable Gate Array) system reachability graph generation method | |
| Boroday et al. | Can a model checker generate tests for non-deterministic systems? | |
| Scheibler | Applying cdcl to verification and test: when laziness pays off | |
| Ubar et al. | Diagnostic modeling of digital systems with multi-level decision diagrams | |
| Ring et al. | Better late than never: Verification of embedded systems after deployment | |
| Göthel et al. | An approach for machine-assisted verification of Timed CSP specifications | |
| Xie et al. | Unified property specification for hardware/software co-verification | |
| Monti | Stochastic automata for fault tolerant concurrent systems | |
| Cortés | A Petri net based modeling and verification technique for real-time embedded systems | |
| Bauer et al. | A uniform approach to three-valued semantics for μ-calculus on abstractions of hybrid automata | |
| Dang et al. | Past pushdown timed automata and safety verification | |
| Jang et al. | Formal Specification and Verification of System of Systems Using UPPAAL: A Case Study of a Defensive Missile Systems. | |
| Tóth et al. | K-induction based verification of real-time safety critical systems | |
| Li et al. | Verification condition generation for hybrid systems | |
| Vilas et al. | Extending timed automaton and real-time logic to many-valued reasoning | |
| Geilen et al. | Applying verification methods to non-exhaustive verification of software/hardware systems | |
| Šimková et al. | Analysis and comparison of functional verification and ATPG for testing design reliability |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170118 Termination date: 20220120 |