Towards Diagrammability and Efficiency in EventSequence Languages

1
Towards Diagrammability and Efficiency in
Event-Sequence Languages

• Kathi Fisler
• WPI Dept of Computer Science

2
Model Checking Today

• Foundations well established
• Model designs with state machines
• Capture properties with temporal logic
• Challenges well known
• Scalability/performance
• Usability

3
Improving Usability

• Better interfaces on tools
• manage multiple properties
• map errors back to source
• Better integration with rest of design flow
• Better property specification languages

4
The Trouble with Temporal Logic

• Consider a handshake between req and ack

(!req X req) g Xreq U (!ack X ack
Xack U (req X !req
X (!req U (ack X !ack))))

• Temporal logic too low-level
• Needs sugaring
• Needs support for common constructs

5
Evidence

• Several proposed property-specification languages
• Sugar/PSL (IBM/Accellera)
• Open Vera assertions (Synopsys)
• ForSpec (Intel)
• All share common goal of describing relationships
  between sequences of events for verification

Will refer to these as event sequence languages
6
Two Paths Diverged
Specification Languages
Challenges for Model Checking
Data structures and Algorithms

• Languages affect algorithms (scalability)
• Languages affect usability

Good specification language design accounts for
both
7
Designing a Spec Language

• A common approach
• Start with existing (less usable) language
• Add constructs to language for usability
• Figure out how to implement efficiently

• An alternative
• Start with usable and efficient language
• Try to extend without violating either goal

8
Timing Diagrams A Starting Point

• Usability comes from practice!
• Designers use regardless of tool support
• Efficiency comes from mapping into weak automata
  Fisler 2000
• Verification more efficient than for Buchi

9
Project Goal

• Use timing diagrams to inspire a specification
  language that is
• usable
• efficient

(diagrammable)
(maps to weak automata)
Timing Diagrams
Textual Event Sequence Language
10
Why a Textual Language?

• Studying what makes an event sequence language
  diagrammable
• Leaves choice of diagram flexible
• View this as an intermediate language
• Could help identify diagrammable subsets of other
  spec languages

11
Dissecting Timing Diagrams

• Events ah, ai, a, !a (and conjunctions of these)

12
Dissecting Timing Diagrams
ordering between events

• Events ah, ai, a, !a (and conjunctions of
  these)
• Event orderings ltah ch ai bigt

13
Dissecting Timing Diagrams
and non-ordering between events

• Events ah, ai, a, !a (and conjunctions of
  these)
• Event orderings ltah ch ai bigt

14
Mixing Ordering and Non-Ordering
and non-ordering between events

• Could view as separate sequences in parallel
• ltah ch ai bigt bh

15
Mixing Ordering and Non-Ordering
and non-ordering between events

• Could nest parallel within another ordering
• ltltah ch aigt bh bi gt

16
Observation Regions of Events

• Diagrams partition into ordered regions where all
  events in one region must precede all those in
  the next

Call events in each region a cluster
17
Observation Regions of Events

• This example yields two clusters
• ah, ch, ai, bh bi

18
Observation Regions of Events

• This example yields two clusters
• ltah, ch, ai, bh bi gt

Events in a cluster are unordered by default, but
clusters are ordered
19
Ordering Individual Events

• Use external constraints to capturing ordering
• ltah, ch, ai, bh bi gt
• with
• lt ah, ch, 2, 5gt , lt ch, ai, 1, infgt , lt ai, bi,
  3, 9gt

20
The Textual Language So Far

• Events conjunctions over ah, ai, a, !a
• Clusters sets of events -- ah, ch, ai, bh
• Linear order over clusters ltC1 C2gt
• Timing Constraints order events
  
• lt ah, ch, 2, 5gt
• But timing diagrams need more in practice

21
Semantics Assume/Guarantee
3,9
a
2,5
b
c

• When should a timing diagram be satisfied?
• at every state?
• or when some portion of the diagram occurs?

22
Semantics Escape Conditions
3,9
a
2,5
b
c

• Allow some events to not occur. This supports
• assume/guarantee reasoning
• modeling events from environment in diagram

23
Semantics Holding Patterns
3,9
a
2,5
b
c

• May wish to constrain a to stay false after it
  falls

Specify signal constraints relative to clusters
bi requires !a
24
The Enhanced Language

• Events conjunctions over ah, ai, a, !a
• Clusters sets of events -- ah, ch, ai, bh
• Linear order over clusters ltC1 C2gt
• Timing Constraints lt ah, ch, 2, 5gt
• Holding Patterns C1 requires !a
• Escape Conditions
• accept if dont complete C
• accept/reject if see event e in C

25
The Generalized Language

• Events conjunctions over ah, ai, a, !a
• Clusters
• events
• unordered set or ordered sequence of clusters
• repeated cluster C, C, C3
• Timing Constraints lt ah, ch, 2, 5, clkgt
• Holding Patterns C1 requires !a
• Escape Conditions
• accept if dont complete C
• accept/reject if see event e in C

26
Beyond Timing Diagrams

• Hierarchical nesting and repetition move the
  language beyond standard timing diagrams

ltah bh, cigt
ltah bhgt , lt ci ahgt
27
Not quite Regular Expressions/LTL

• Negation only at level of individual signals
• Disjunction limited to ordering, not existence
• Both artifacts of diagrammatic foundation
  diagrams tend to be positive and conjunctive

ltah bh, cigt
ltah bhgt , lt ci ahgt
28
Semantics and Automata
Semantics based on language of infinite words
29
Correspondence to Weak Automata

• Weak automaton each strongly connected component
  has all or no states fair Muller et al. 86

Symbolic cycle detection effectively linear for
weak automata Bernholtz et al. 94, Bloem et al.
CAV 99
Flip accepting states to complement deterministic
30
Correspondence to Weak Automata

• Fairness in our language arises from finishing
  the sequence and escape conditions

accept if dont complete C1
31
Correspondence to Weak Automata

• Theorem yield weak automaton if no escape
  cluster nested within a repeated cluster

accept if dont complete C1
32
Relating the Theorem to LTL

• (p U q) U r

ltltp qgt rgt

• p U (G(q U r))

33
Corollary

• Weakness characterization extends class of timing
  diagrams known to map to deterministic weak
  automata
• Previously timing diagrams with total event
  ordering and assumptions as prefix Fisler 2000
• Now timing diagrams with unordered events,
  multiple assumption regions, and event clocks

34
What About Diagrammability?

• Want a similar characterization of which event
  sequences can be drawn as diagrams
• Single timing diagrams (extended notations?)
• Regular expressions over timing diagrams Amla et
  al. FORTE 2002
• Other classes of design diagrams
• Topic of ongoing and future work

35
Summary

• Used timing diagrams to inspire an event sequence
  language
• retained diagrammatic characteristics regarding
  negation, disjunction, event relationships
• relaxed nesting and repetition constraints
• Characterized which event sequences map to weak
  automata
• mapping is sound but not complete

36
Perspective

• Usability is hard to quantify
• Diagrammability approximates usability and can
  be formalized
• e.g. topology dictates drawable Venn diagrams
• Diagrams have different expressive power than
  textual notations
• can lead to more efficient algorithms

Understanding diagrams may improve spec languages