Functional verification on PIL mode with IAR Embedded Workbench

Similar documents
Teaching embedded software design with radsuite

Hardware Design and Simulation for Verification

Introduction to the ThreadX Debugger Plugin for the IAR Embedded Workbench C-SPYDebugger

Testing. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?

IAR Embedded Workbench for 8051 Version 7.30A

IDE for medical device software development. Hyun-Do Lee, Field Application Engineer

FOUR INDEPENDENT TOOLS TO MANAGE COMPLEXITY INHERENT TO DEVELOPING STATE OF THE ART SYSTEMS. DEVELOPER SPECIFIER TESTER

7.3.3 Same Inputs in Antecedent and Consequent

International Journal of Current Research and Modern Education (IJCRME) ISSN (Online): ( Volume I, Issue II, 2016

mbed Hello World! Introduction to mbed

A Seamless Tool Access Architecture from ESL to End Product

Semantics-Based Integration of Embedded Systems Models

embos Real-Time Operating System embos plug-in for IAR C-Spy Debugger Document: UM01025 Software Version: 3.1 Revision: 0 Date: May 3, 2018

A Design Methodology for the Exploitation of High Level Communication Synthesis

SOFTWARE QUALITY ASSURANCE TOOLS & TECHNOLOGY PROFESSIONAL SERVICES ACADEMY. Feature Brief. Wrapping

Mentor Graphics Solutions Enable Fast, Efficient Designs for Altera s FPGAs. Fall 2004

Optimizing Emulator Utilization by Russ Klein, Program Director, Mentor Graphics

Multi-core microcontroller design with Cortex-M processors and CoreSight SoC

NordiaSoft SCA Architect 2016

ISO compliant verification of functional requirements in the model-based software development process

embos Real-Time Operating System embos plug-in for IAR C-Spy Debugger Document: UM01025 Software Version: 3.0 Revision: 0 Date: September 18, 2017

3.4 Data-Centric workflow

Ch 1: The Architecture Business Cycle

7.3 Case Study - FV of a traffic light controller

EEM870 Embedded System and Experiment Lecture 4: SoC Design Flow and Tools

The requirements engineering process

Part 5. Verification and Validation

A Model-Based Reference Workflow for the Development of Safety-Related Software

Automatic Code Generation Technology Adoption Lessons Learned from Commercial Vehicle Case Studies

Design of a Flexible Integration Interface for PIL Tests

Model-Based Design for Safety-Critical and Mission-Critical Applications Bill Potter Technical Marketing April 17, 2008

μez Software Quickstart Guide

Design Process. Design : specify and enter the design intent. Verify: Implement: verify the correctness of design and implementation

AXI4-Stream Verification IP v1.0

Test and Verification Solutions. ARM Based SOC Design and Verification

FARMBOT SMALLSCALE, LOW COST FARMING AUTOMATION SYSTEM

The ThreadX C-SPY plugin

Software Processes. Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 4 Slide 1

A Deterministic Flow Combining Virtual Platforms, Emulation, and Hardware Prototypes

For a long time, programming languages such as FORTRAN, PASCAL, and C Were being used to describe computer programs that were

Testing! Prof. Leon Osterweil! CS 520/620! Spring 2013!

The PISA Project A Model Driven Development case study

Combining the Power of DAVE and SIMULINK

Chapter 1 GETTING STARTED. SYS-ED/ Computer Education Techniques, Inc.

Testing and Validation of Simulink Models with Reactis

The Eclipse Parallel Tools Platform Project

Qualification of Verification Environments Using Formal Techniques

Xilinx Vivado/SDK Tutorial

Software Architectures

BASICS OF THE RENESAS SYNERGY TM

Administrivia. ECE/CS 5780/6780: Embedded System Design. Acknowledgements. What is verification?

Functional Safety Design Packages for STM32 & STM8 MCUs

ISO Compliant Automatic Requirements-Based Testing for TargetLink

Leveraging Formal Verification Throughout the Entire Design Cycle

Hands-On Workshop: ARM mbed : From Rapid Prototyping to Production

By Matthew Noonan, Project Manager, Resource Group s Embedded Systems & Solutions

Getting Started Guide: TMS-FET470A256 IAR Kickstart Development Kit

Getting started with the FP-SNS-ALLMEMS1 Bluetooth low energy and sensors software expansion for STM32Cube

BASICS OF THE RENESAS SYNERGY PLATFORM

IAR Embedded Workbench

μez Software Quickstart Guide

Subject : Computer Science. Paper : Software Quality Management. Module : CASE Tools

P17 System Testing Monday, September 24, 2007

IAR C-SPY Hardware Debugger Systems User Guide

CS/ECE 5780/6780: Embedded System Design

Introducing the FPGA-Based Prototyping Methodology Manual (FPMM) Best Practices in Design-for-Prototyping

CAMERA User s Guide. They are most easily launched from the main menu application. To do this, all the class files must reside in the same directory.

Visual Profiler. User Guide

Kinetis SDK Release Notes for the TWR-K24F120M Tower System Module

Contemporary Design. Traditional Hardware Design. Traditional Hardware Design. HDL Based Hardware Design User Inputs. Requirements.

Integrated Workflow to Implement Embedded Software and FPGA Designs on the Xilinx Zynq Platform Puneet Kumar Senior Team Lead - SPC

Oracle Developer Studio 12.6

Objectives. Chapter 19. Verification vs. validation. Topics covered. Static and dynamic verification. The V&V process

Next-generation Power Aware CDC Verification What have we learned?

GAIO. Solution. Corporate Profile / Product Catalog. Contact Information

Requirements and Design Overview

Debugging Abstract State Machine Specifications: An Extension of CoreASM

Verification of Power Management Protocols through Abstract Functional Modeling

Jackson Marusarz Software Technical Consulting Engineer

Getting Started with Kinetis SDK (KSDK) v.1.2

System Level Design with IBM PowerPC Models

PragmaDev. change request. Emmanuel Gaudin. PragmaDev ITU-T SG17 change request Grimstad June 24,

Building a Bridge: from Pre-Silicon Verification to Post-Silicon Validation

Using Mentor Questa for Pre-silicon Validation of IEEE based Silicon Instruments by CJ Clark & Craig Stephan, Intellitech Corporation

An Evaluation of the Advantages of Moving from a VHDL to a UVM Testbench by Shaela Rahman, Baker Hughes

Extending the Message Flow Debugger for MQSI

Embedded automotive applications are just a few clicks away. Philippe NOEL - STMicroelectronics

An Eclipse Plug-in for Model Checking

UML Checker A Toolset for Conformance Testing against UML Sequence Diagrams

WAY OF WORKING TRANSFORMATION TO INTEGRATED MODEL DRIVEN DEVELOPMENT (MDD) AND MODEL- BASED TESTING (MBT)

JazzScheme: Evolution of a Lisp-Based Development System. Guillaume Cartier Louis-Julien Guillemette SFP 2010

Eliminate Threading Errors to Improve Program Stability

Getting Started with MCUXpresso SDK CMSIS Packs

Frequently Asked Questions about Real-Time

SUPPORT FOR DISTRIBUTED PROGRAMMING IN EXTREME STYLE

Virtual Hardware ECU How to Significantly Increase Your Testing Throughput!

JIVE: Dynamic Analysis for Java

Installation and Quick Start of isystem s winidea Open in DAVE. Tutorial Version 1.0, May, 2014

UM QN908x Quick Start. Document information. QN908x, Quick Start, Development Kit, QN9080 DK, QN9080 Development Kit

Introduction to Formal Methods

Transcription:

by Cristina Marconcini, STM CASE s.r.l. Functional verification on PIL mode with IAR Embedded Workbench The increase of complexity of embedded system components combined with time-to-market constraints push toward the adoption of more efficient techniques for computer-aided modeling, simulation and verification of industrial Embedded Software (ESW) applications. In particular, ESW verification is becoming a more critical activity in the production process in terms of required costs and quality. Nowadays, the most common tools and solutions available on the market for verifying ESW are based on structural code analysis and concentrate on checking that all structural items, e.g., executable statements, branches, and paths, within the ESW application have been exercised. A much more important and expensive task consists of checking if the software respects what is specified by its requirements. Functional verification is the process of proving that the software behaves exactly as defined by specifications and is inherently concerned with behavioral or functional aspects that are orthogonal to the structural code analysis. Functional verification is currently the most expensive task of the testing phase; while coverage-based testing approaches are fully automated, functional verification is still a human-based process. This article presents an overview of a new solution for performing functional verification of ESW in an industrial domain. State-of-art techniques for functional verification are implemented in a tool chain that automatizes their application to a real design. The verification sessions are performed in a well-known debugging environment provided by IAR Systems C-SPY Debugger that allows performing verification with Processor-In-the-Loop (PIL) mode. In order to guarantee the maximum portability of the proposed solution, we have also defined a well-structured architecture, which allows automatically integrating with different IAR Systems debugging suites and to immediately run PIL verification on different HW target. This solution allows verifying if the implemented software behaves correctly on its destination hardware and if the requirements provided are satisfied. Functional verification of Embedded SW Nowadays, the de-facto approach to guarantee the correct behavior of ESW is monitoring the system simulation: company verification teams are responsible for putting the system into appropriate states by manually generating the required input stimuli, judging when stimuli should be executed, manually simulating environment and user interactions, and analyzing the results to identify unexpected behaviors. In this context, dynamic Assertion based Verification (ABV) provides verification engineers with a way for formally capturing the intended specifications and runtime check their compliance with the actual design. In ABV, specifications are expressed by means of temporal assertions. To overcome the ambiguity of natural languages, they are defined according to formal assertion languages, like the Property Specification Language (PSL). PSL assertions can be verified by model checking (static ABV) or by simulation (dynamic ABV). However, dynamic ABV is preferred in case of large designs due to its scalability. In particular, in the hardware domain, dynamic ABV is affirming as a leading strategy in industry to guarantee fast and high-quality verification of hardware components. In dynamic ABV, assertions defined in formal languages are compiled into modules that capture assertion meaning and monitor if they hold during application simulation. radcheck is comprehensive suite that integrates dynamic ABV earlier in the ESW design flow also before the final source-code and target platform are available. radcheck guides the requirements formalization for automatic generations of assertions and stimuli. Assertions turn design specifications into verification objects to automatically control that the right things do happen during simulation. The user needs to verify if the whole design meets the defined assertions. Then, radcheck performs the automatic conversion of the assertions into C++ modules (i.e., checkers) that can be simulated or executed into a real-time environment. This allows moving from the static verification of formal properties to the dynamic verification of the corresponding checkers, making the verification process

Page 2 feasible and faster also for complex systems. Another important feature is the automatic generation of test cases to simulate the design and automatize its execution. Figure 1 presents an overview of the workflow performed by radcheck. Figure 1: Functional verification workflow However, simulation techniques do not consider requirements and restrictions imposed by the hardware, e.g. timing constrains, drivers and API impact on ESW, etc. Very often the release of the final software version running on target requires adjustments that can involve significant difference from the original code. Dynamic ABV implemented in radcheck can be particularly powerful when moving from PC-based simulation to run verification on the application running on the actual hardware. Processor-in-the-loop (PIL) is a technique useful for testing and validating the controller algorithm on the processor. It is also a very effective but cheap solution with respect to Hardware-In-the-Loop as it provides an intermediate stage between simulation and deployment and does not require any particular hardware stubs further to the final target board. The guided formalization of functional specifications, the model-driven design of the ESW, the automatic stimuli generation, and the accurate simulation in a PIL environment permits to early identify design flaws before moving to real-world test of the physical plant. In order to provide a solution for application fields that traditionally do not adopt functional verification due to its complexity, we analyzed IAR Embedded Workbench and defined a feasible and profitable solution for integrating PIL with ABV verification performed in radcheck.

Page 3 Solution for PIL ABV with the C-SPY Debugger We defined a combination of Model driven Design (MDD) and dynamic ABV as an effective solution for ESW verification, that combined with the IAR Embedded Workbench platform allows dynamically verifying the complete system before moving to real-world tests. This solution has been successfully implemented integrating 3 off-the-shelf tools: MDD with radcase, a rapid-application-development environment that covers the complete modeling and synthesis process of ESW; dynamic ABV, performed with radcheck that guides to requirements formalization for automatic checker and effective stimuli generation; IAR Embedded Workbench, a powerful and complete framework for the development and debugging of ESW, which with the C-SPY Debugger provides a platform for running the test stimuli and checkers to accomplish PIL verification. An important characteristic of the implemented solution is a well-defined abstraction layer and architecture that guarantee the portability to any ARM Cortex-based microcontroller supported by IAR Embedded Workbench. As a case of study we have used IAR KickStart Kit for LPC1788 with an ARM Cortex-M3 microcontroller from NXP, which is shown in Figure 2. Figure 2: IAR KickStart Kit for LPC1788 Starting from the informal specifications and requirements, the designer, with the model editor of radcase, defines the ESW model using an UML-based approach. radcase generates the application C code that is compiled and downloaded on the target using IAR Embedded Workbench. To guarantee the portability (of the radcase application) on all IAR Embedded Workbench families, we have created a well-defined abstraction layer. To perform this task we have exploited the Hardware- Abstraction Layer provided by radcase working up to the data elements and implemented the architecture depicted in Figure 3. This architecture provides an interface mechanism and isolates the target-specific instructions in order to reduce modifications when using different version of IAR Embedded Workbench. We used mainly two design patters to implements the integration between radcase and IAR Embedded Workbench: a bridge that provides an interface that must be implemented for each target (all targetdependent files are isolated in a separated directory), and an adapter that wraps high-level functions (called by the radcase generated code) and invokes the functions defined in the bridge interface.

Page 4 Figure 3: Solution architecture The Api package is the most important module, as it separates the application logic of radcase components and the target components. By using the bridge design patters we have completely segregated these two parts: only the functions implementation in the board directory have to be modified/adapted if the hardware changes. Therefore, a radcase project can be compiled on IAR Embedded Workbench for different targets with only few simple modifications to a call interface (a C file). This approach provides an effective solution for monitoring and debugging of ESW. While the application is executed on the hardware target, the user can exploit the debugging suite of IAR Embedded Workbench and the monitoring environment of radcase to check his application. Figure 4 shows an application example compiled and debugged with IAR Embedded Workbench (on the left side) and monitored with radcase environment (on the right). Figure 4. PIL with IAR Embedded Workbench and radcase monitoring environment Concurrently, with the property editor of radcheck the user defines a set of PSL assertions that the application must fulfill. As introduced before, radcheck automatically generate executable checkers from the defined PSL assertions. Checkers are executable components that monitor the evolution of the ESW during dynamic ABV. The dynamic ABV is guided by stimuli automatically generated by the Test Pattern Generator. The checkers are executed in parallel with the ESW and monitor if the state of the application causes an assertion to falsify.

Page 5 Figure 5 presents a snapshot of a verification phase executed in radcheck with the ESW simulator provided by radcase. The properties that are not satisfied are highlighted in red and reported with the corresponding processed sequence (a test case is composed by test sequences and each sequence contains a list of test vectors) whose simulation lead to the failure. The designer can use the resulting information, i.e., failed requirements, for refining the UML specifications incrementally and in an iterative fashion. Figure 5: Functional verification with radcheck Thanks to the portability of this approach, the verification phase can be performed on top of an ESW simulator or on the application running on the target hardware. The same test cases and checkers can be exploited for performing PIL verification with C-SPY, to verify if the EWS behaves correctly also when it is executed on the hardware. C-SPY provides a wide set of functionalities for code inspections that allows accessing all system variables when the application is executed on the target hardware; this feature combined with the HAL structure provided by radcase-generated code allows accessing all elements that should be monitored by the checkers or stimulated by the test case generator. Figure 6: Workflow solution for PIL verification Figure 6 shows an overview of the integration workflow between C-SPY and radcheck for performing PIL verification. The plug-in is the core mechanism that is implemented with the C-SPY SDK. The radcheck plug-in is executed when the user starts the debug of the application in C-SPY. It loads all debugging stubs automatically provided by radcheck: the data map of radcase elements which is used in C-SPY for read (in checker evaluation) or write (for providing the input stimuli) operations, the test cases database and the checkers C functions, which are compiled in a dll and dynamically linked to the radcheck plug-in.

Page 6 main() do_stuff(); do_perm(); do_perm() initperm(); iarhookinit(); for(;;) executeperm(); iarhookverify(); DkBreakpoint DkExecuteRequest FunctionBreakpoint::HandleBreak() switch(mtype) case BreakpointType::init: init_environment(); break; case BreakpointType::verify: evaluate_checkers(); run_test_vector(); break; default: return kdkgo; return kdkgo; Figure 7: C-SPY plug-in scheduler for PIL verification An overview of the implemented mechanism is presented in Figure 7. A radcase application has a main function that is invoked by main(). This function (named do_perm()) contains an initialization phase and a loop to cyclically execute the functionality. At startup, the application is initialized and the plugin resets all checkers and reads all the application elements with their default value (physical inputs, outputs, parameters, internal variables). The verification step is composed by two components that work on the main loop function of the application: one to inject the input values and one to evaluate checkers. The radcheck plug-in exploits the breakpoints mechanism provided by the SDK to manage the target and the verification operations in a synchronized way. Inside the application main function (do_perm()) we call two empty functions, respectively iarhookinit() for synchronizing on the initialization phase and IarHookVerify() for managing the breakpoint on verification steps. After initialization of the environment, the plug-in registers two breakpoints used to keep the target and the verification operations synchronized. When the execution starts, these breakpoints are hit and an event triggered by the C-SPY Debugger wakes up the breakpoint handler that executes the corresponding functions for initializing the verification environment (init_environment()) and run verification steps (valuate_checkers() and run_test_vector()). Then the breakpoints handler returns the execution to the target. These functions exploit the API provided by the C-SPY Kernel API for accessing addressable memory in the target system (read and write functions of DKLocation class). In particular, the function valuate_checkers() reads data value from target memory and call the corresponding functions of checker.dll for checker evaluation and run_test_vector() injects test vectors by writing the data value on the target. The plug-in also provides a GUI that shows the verification results: for each property that fails, the plugin GUI shows the corresponding test sequence and test vector that caused the violation. It shows the verification results in the violations list that is automatically updated each time that an input sequence is processed. The verification results can also be loaded in radcheck for checking the corresponding properties. Figure 8 presents the radcheck plugin after the execution in the C-SPY environment of a PIL verification session with the achieved violations list.

Page 7 Figure 8: Functional verification with C-SPY Benefits This paper presents a solution for drastically reducing time-to-market and cost of industrial applications with product quality enhancement. The combined application of PIL with ABV allows performing rapid prototyping and verification of designs according to specifications. The proposed methodology allows verifying the actual ESW running on its final hardware and not only its model or debugging version. The presented approach shows how these methodologies are no more limited to the academic world, but represent a powerful solution for industrial applications: we show how to quickly perform a thorough functional verification by using an affordable PIL methodology with off-the-shelf instruments. The automatic generation of test cases and checkers allows everyone developing embedded controllers to automatically perform functional verification. In particular, application fields that traditionally do not adopt specification conformance due to its complexity can achieve great benefits. Indeed, the guided formalization of functional specifications permits to early identify design issues, measure and certify results. Contact Cristina Marconcini Product Manager STM Products S.r.l. Via Morgagni, 14-37135 - Verona Italy Phone: +39 045 585700 Fax: +39 045 585730 Web: http://www.radcase-ux.com http://www.verificationsuite.com E-mail: cristina.marconcini@stm-products.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback