The complexity of multiprocessor architectures for mobile multimedia applications renders their validation challenging. In addition, to provide the necessary flexibility, a part of the functionality is realized by software. Thus, a formal model has to take into account both hardware and software. In this article we report on the use of the CADP toolbox for the formal modeling and analysis of the DTD (Dynamic Task Dispatcher), a complex hardware block of an industrial hardware architecture developed by STMicroelectronics. The formal LNT model developed by an industry engineer was appropriate to discuss implementation details with the architect and enabled model-checking temporal properties expressed in MCL, which discovered a possible problem. We investigated the existence of the problem in the architect’s C++ model using co-simulation of the C++ and the formal LNT models.
Highlights
► We formally model a hardware dynamic task dispatcher in LNT. ► We express correctness properties in MCL. ► We discover a problem under heavy load. ► We co-simulate the LNT model with the C++ model of the architect.
This work has been partly funded by the French Ministry of Economics and Industry and by the Conseil Général de l’Isère (Minalogic project Multival, see http://vasy.inria.fr/multival).