Model checking of reconfigurable FPGA modules specified by Petri nets
Introduction
Control systems are undoubtedly applied not only in the industry [1], [2], [3], but recently also in everyday life, which is connected with the growing popularity of the Internet of Things systems (IoT) [4]. The usage of FPGA (Field Programmable Gate Array) devices enables the easy and efficient implementation of control processes. Additionally, the possibility of dynamic partial reconfiguration in FPGA devices [5], [6], [7], [8], [9], [10], [11] allows to exchange the modules during the runtime of the control system. So, the functionality can be changed without the necessity to stop the device. Despite the primary under-exploitation in the industrial control systems [12], the dynamic partial reconfiguration can now be found in the field of aero-space [5], [7], [13], automotive industry [8] or even medicine [9]. The reliability and high quality of the final product is here an essential aspect, as users usually fully rely on the control systems. Thus, it is important to avoid any errors and ambiguities yet at the beginning of their development, that is in the design phase [14], [15]. Model checking is an established formal verification method [16], [17] that can validate the specification against some user-defined requirements. If any of the requirements cannot be satisfied, appropriate counterexamples are generated helping to localise the possible error sources. Various specification techniques can be used to describe the designed control process [18], including Petri nets [19], [20], [21], [22] and UML (Unified Modelling Language) diagrams [23], [24], [25], [26], in particular activity diagrams and state machines diagrams.
In the paper, we propose a novel formal verification method of concurrent controllers specified by interpreted Petri nets and oriented on dynamic partial reconfiguration, based on the model checking technique. The presented idea is a significant enhancement of the previous works, especially [27] where the double model-checking method was proposed to validate the specification before and after the decomposition process, and [28] where the whole prototyping flow for logic controllers oriented on static partial reconfiguration was proposed. Here we concentrate on dynamically reconfigurable concurrent logic controllers specified by means of interpreted Petri nets, and especially on the multi-stages formal verification of specification using the abstract rule-based logical model. Not only the initial and the decomposed specification is formally verified, but also each version of a reconfigurable module is validated to avoid formal errors. Additionally, the use of the rule-based logical model simplifies the whole verification process, as both the verifiable model and synthesizable VHDL (Very High Speed Integrated Circuits Hardware Description Language) codes are generated automatically.
The rest of the paper is structured as follows. Section 2 presents shortly the state of the art. Section 3 introduces necessary definitions used in this paper. Section 4 describes the proposed multi-stages formal verification method, based on the rule-based logical model and the model checking technique. Section 5 illustrates shortly the presented approach using a simple case study. Finally, Section 6 shows some experimental results and Section 7 concludes the article.
Section snippets
Related work
A review of literature reveals that there are various approaches regarding dynamic reconfigurable systems, the usage of Petri nets in the design of logic controllers, the implementation in FPGA devices or formal verification methods. Let us briefly describe the most interesting ideas.
The implementation method of the control system specified as a Petri net in FPGA is presented in [29]. Basic properties of the net are analysed, nevertheless the behavioural requirements are not considered there.
Main definitions
Petri nets [19], [50] are a modelling formalism that naturally reflect the concurrency relations. They consist of places and transitions, connected alternately with each other. Its graphical representation is easily understandable—places are represented by circles, while transitions by bars. The current marking of the net is indicated by a token (represented as a dot) inside a place. The most important advantage of Petri nets is a wide support provided by verification and analysis methods [20],
Multiple-stages formal verification
In general, formal verification allows finding some divergences between the formal model and the requirements of the customer or user. Moreover, formal methods increase the quality of the final product [14]. Formal hardware verification [52] can be applied to various phases of system development. One of the most established formal methods is model checking [16], [17], where the system model is verified against some predefined requirements. After that a feedback is given, whether the model
The case-study example
Let us illustrate the proposed multiple-stages formal verification using a real-life example of a milling process, shown in Fig. 4 (initially proposed in [57] and modified in [28]). Required shapes are cut off from a wooden plank. The process is driven by a concurrent control system and specified by a control interpreted Petri net consisting of 26 places and 21 transitions, with 16 input signals and 16 output signals. The initial specification of the designed logic controller is formally
Experimental results
The proposed multiple-stages model checking method was verified experimentally. Since the proposed multiple formal verification method is used in the standard design flow of reconfigurable logic controllers, examples were implemented as a digital system and tested with the use of the FPGA devices, e.g. XC5VLX50 (Virtex-5 family, a part of the board ML501 Evaluation and Development Platform). This confirmes that the received functionality indeed reflects the specification and there has been no
Conclusions
The paper proposes a new multi-stages formal verification method dedicated for dynamically reconfigurable logic controllers implemented in FPGA devices and based on the rule-based logical model. Dynamic partial reconfiguration allows to exchange some part of the control process without having to stop the whole device. The typical prototyping flow is more hardware-focused than user-focused. In the presented approach the specification is multiple times formally verified against user-defined
Declarations of interest
None.
Acknowledgement
I would like to thank dr Remigiusz Wiśniewski for working together on the case study development.
Iwona Grobelna, is an Assistant Professor in the Institute of Electrical Engineering at the University of Zielona Góra, Poland. She received her PhD in Computer Science from the same university in 2012. Her research interests include design, specification and verification of embedded digital systems, especially considering the human aspect. She is an author of 3 books and over 50 technical papers in peer-reviewed journals and conferences.
References (58)
- et al.
Efficient architectures for 3D HWT using dynamic partial reconfiguration
J. Syst. Architect.
(2010) - et al.
Model Checking
(1999) - et al.
Targeting reconfigurable FPGA based SoCs using the UML MARTE profile: from high abstraction levels to code generation
Int. J. Embedded Syst.
(2010) - et al.
Formal verification of robotic surgery tasks by reachability analysis
Microprocess. Microsyst.
(2015) - et al.
An integrated framework of formal methods for interaction behaviors among industrial equipments
Microprocess. Microsyst.
(2015) - et al.
Modeling and formal verification of embedded systems based on a Petri net representation
J. Syst. Architect.
(2003) - et al.
Formal verification of safety analysis models of repairable and reconfigurable systems
IFAC-PapersOnLine
(2017) - et al.
A model-based framework for software portability and verification in embedded power management systems
J. Syst. Architect.
(2018) - et al.
An aspect-oriented, model-driven approach to functional hardware verification
J. Syst. Architect.
(2012) Embedded software verification in hardware—software codesign
J. Syst. Architect.
(2000)
Model-based platform-specific co-design methodology for dynamically partially reconfigurable systems with hardware virtualization and preemption
J. Syst. Architect.
Modeling dynamically reconfigurable systems for simulation-based functional verification
Supervisor design to enforce production ratio and absence of deadlock in automated manufacturing systems
IEEE Trans. Systems Man Cybern.
Model checking of a cash machine system
Petri nets and industrial applications: a tutorial
IEEE Trans. Ind. Electron.
Reconfigurable FPGAs for real time image processing in space
Prototyping of Concurrent Control Systems Implemented in FPGA Devices. Advances in Industrial Control
Dynamic partial reconfiguration in space applications
Reconfigurable computing in next-generation automotive networks
IEEE Embedded Syst. Lett.
A high-speed dynamic partial reconfiguration controller using direct memory access through a multiport memory controller and overclocking with active feedback
FPGA design methodology for industrial control systems—a review
IEEE Trans. Ind. Electron.
Dynamic partial FPGA reconfiguration in space applications
Formal methods: practice and experience
ACM Comp. Surv.
Spacecraft early design validation using formal methods
Reliab. Eng. Syst. Saf.
The beginning of model checking: a personal perspective
The beginning of model checking: a personal perspective
25 Years of Model Checking: History, Achievements, Perspectives
Modeling Formalisms for Embedded System Design, Embedded Systems Handbook
Discrete, Continuous, and Hybrid Petri Nets
Cited by (13)
Verifying parallel dataflow transformations with model checking and its application to FPGAs
2019, Journal of Systems ArchitectureCitation Excerpt :Related work that combines dataflow models with model checking includes determining minimum dataflow buffer sizes [12], and enabling compile-time scheduling of multirate static actors [13]. On the hardware side, related work uses model checking to verify that two Verilog/VHDL modules satisfy the same global requirements [14] and hence enabling one to replace another with dynamic partial reconfiguration. None of these approaches consider the parallelisation of hardware designs or the verification of dataflow graph transformations.
Decomposition of distributed edge systems based on the Petri nets and linear algebra technique
2019, Journal of Systems ArchitectureCitation Excerpt :They are applicable in the field of cyber-physical systems (CPS) [27–32], including the IoT and manufacturing systems [33–36]. Important to note is that Petri nets are supported by validation, verification and analysis methods [37–45]. Moreover, the designer is also able to analyze the reliability and robustness of the system [46–51].
A MODIFIED GENETIC METHOD FOR AUTOMATIC SCHEDULING
2023, ARPN Journal of Engineering and Applied SciencesAdvancing Road Safety: Precision Driver Detection System with Integrated Overspeed, Alcohol Detection, and Tracking Capabilities
2023, International Journal of Advanced Computer Science and ApplicationsA Survey on Formal Verification of Separation Kernels
2022, Recent Advances in Computer Science and CommunicationsAnalysing Product Lines of Concurrent Systems with Coloured Petri Nets
2022, Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE
Iwona Grobelna, is an Assistant Professor in the Institute of Electrical Engineering at the University of Zielona Góra, Poland. She received her PhD in Computer Science from the same university in 2012. Her research interests include design, specification and verification of embedded digital systems, especially considering the human aspect. She is an author of 3 books and over 50 technical papers in peer-reviewed journals and conferences.