Abstract
Virtual prototypes (VPs) are crucial in today’s design flow. VPs are predominantly created in SystemC transaction-level modeling (TLM) and are leveraged for early software development and other system-level use cases. Recently, virtual prototyping has been introduced for the emerging RISC-V instruction set architecture (ISA) and become an important piece of the growing RISC-V ecosystem. In this paper, we present enhanced virtual prototyping solutions tailored for RISC-V. The foundation is an advanced open source RISC-V VP implemented in SystemC TLM and designed as a configurable and extensible platform. It scales from small bare-metal systems to large multi-core systems that run applications on top of the Linux operating system. Based on the RISC-V VP, this paper also discusses advanced VP-based verification approaches and open challenges. In combination, we provide for the first time an integrated and unified overview and perspective on advanced virtual prototyping for RISC-V.
References
Waterman A, Asanović K. The RISC-V Instruction Set Manual; Volume I: Unprivileged ISA. 2019
Waterman A, Asanović K. The RISC-V Instruction Set Manual; Volume II: Privileged Architecture. 2019
Herdt V, Große D, Drechsler R. Enhanced Virtual Prototyping: Featuring RISC-V Case Studies. Cham: Springer, 2020
de Schutter T. Better Software. Faster!: Best Practices in Virtual Prototyping. Mountain View: Synopsys Press, 2014
IEEE Std. 1666. IEEE Standard for Standard SystemC Language Reference Manual, 2012
Große D, Drechsler R. Quality-Driven SystemC Design. Berlin: Springer, 2010
Streubühr M, Rosales R, Hasholzner R, et al. ESL power and performance estimation for heterogeneous MPSOCS using SystemC. In: Proceedings of Forum for Specification and Design Languages (FDL), 2011. 1–8
Grüttner K, Görgen R, Schreiner S, et al. CONTREX: design of embedded mixed-criticality control systems under consideration of extra-functional properties. Microprocessors Microsyst, 2017, 51: 39–55
Onnebrink G, Leupers R, Ascheid G, et al. Black box ESL power estimation for loosely-timed TLM models. In: Proceedings of International Conference on Embedded Computer Systems: Architectures, Modeling and Simulation (SAMOS), 2016. 366–371
Herdt V, Le H M, Große D, et al. On the application of formal fault localization to automated RTL-to-TLM fault correspondence analysis for fast and accurate VP-based error effect simulation — a case study. In: Proceedings of Forum on Specification and Design Languages (FDL), 2016. 1–8
Herdt V, Le H M, Große D, et al. Towards early validation of firmware-based power management using virtual prototypes: a constrained random approach. In: Proceedings of Forum on Specification and Design Languages (FDL), 2017. 1–-8
Herdt V, Le H M, Große D, et al. Maximizing power state cross coverage in firmware-based power management. In: Proceedings of the 24th Asia and South Pacific Design Automation Conference, 2019. 335–340
Herdt V, Große D, Pieper P, et al. RISC-V based virtual prototype: an extensible and configurable platform for the system-level. J Syst Architecture, 2020, 109: 101756
Herdt V, Große D, Drechsler R. RVX — a tool for concolic testing of embedded binaries targeting RISC-V platforms. In: Proceedings of Automated Technology for Verification and Analysis, 2020
Herdt V, Große D, Le H M, et al. Early concolic testing of embedded binaries with virtual prototypes: a RISC-V case study. In: Proceedings of the 56th ACM/IEEE Design Automation Conference (DAC), 2019. 1–6
Herdt V, Große D, Wloka J, et al. Verification of embedded binaries using coverage-guided fuzzing with SystemC-based virtual prototypes. In: Proceedings of the Great Lakes Symposium on VLSI, 2020. 101–106
Pieper P, Herdt V, Große D, et al. Dynamic information flow tracking for embedded binaries using SystemC-based virtual prototypes. In: Proceedings of the 57th ACM/IEEE Design Automation Conference (DAC), 2020
Herdt V, Große D, Le H M, et al. Extensible and configurable RISC-V based virtual prototype. In: Proceedings of Forum on Specification and Design Languages, 2018. 5–16
Herdt V, Große D, Jentzsch E, et al. Efficient cross-level testing for processor verification: a RISC-V case-study. In: Proceedings of Forum for Specification and Design Languages (FDL), 2020
Herdt V, Große D, Drechsler R. Closing the RISC-V compliance gap: looking from the negative testing side. In: Proceedings of the 57th ACM/IEEE Design Automation Conference (DAC), 2020
Herdt V, Große D, Drechsler R. Towards specification and testing of RISC-V ISA compliance. In: Proceedings of the 23rd Conference on Design, Automation and Test in Europe, 2020. 995–998
Herdt V, Große D, Le H M, et al. Verifying instruction set simulators using coverage-guided fuzzing. In: Proceedings of Design, Automation and Test in Europe Conference & Exhibition, 2019
Herdt V, Le H M, Grobe D, et al. Verifying SystemC using intermediate verification language and stateful symbolic simulation. IEEE Trans Comput-Aided Des Integr Circ Syst, 2019, 38: 1359–1372
Herdt V, Drechsler R. Efficient techniques to strongly enhance the virtual prototype based design flow. In: Proceedings of IEEE Computer Society Annual Symposium on VLSI (ISVLSI), 2020
Binkert N, Beckmann B, Black G, et al. The GEM5 simulator. SIGARCH Comput Archit News, 2011, 39: 1–7
Mueller-Gritschneder D, Dittrich M, Greim M, et al. The extendable translating instruction set simulator (ETISS) interlinked with an MDA framework for fast RISC prototyping. In: Proceedings of International Symposium on Rapid System Prototyping (RSP), 2017. 79–84
Devarajegowda K, Fadiheh M R, Singh E, et al. Gap-free processor verification by S2QED and property generation. In: Proceedings of Design, Automation Test in Europe Conference & Exhibition (DATE), 2020. 526–531
Fadiheh M R, Muüller J, Brinkmann R, et al. A formal approach for detecting vulnerabilities to transient execution attacks in out-of-order processors. In: Proceedings of the 57th ACM/IEEE Design Automation Conference (DAC), 2020
Adir A, Almog E, Fournier L, et al. Genesys-pro: innovations in test program generation for functional processor verification. IEEE Des Test Comput, 2004, 21: 84–93
Campbell B, Stark I. Randomised testing of a microprocessor model using SMT-solver state generation. In: Proceedings of Formal Methods for Industrial Critical Systems, 2014. 185–199
Katz Y, Rimon M, Ziv A. Generating instruction streams using abstract CSP. In: Proceedings of Design, Automation & Test in Europe Conference & Exhibition (DATE), 2012. 15–20
Chupilko M, Kamkin A, Kotsynyak A, et al. MicroTESK: specification-based tool for constructing test program generators. In: Proceedings of the 13th International Haifa Verification Conference, 2017
Fine S, Ziv A. Coverage directed test generation for functional verification using bayesian networks. In: Proceedings of Design Automation Conference, 2003. 286–291
Ioannides C, Barrett G, Eder K. Feedback-based coverage directed test generation: an industrial evaluation. In: Proceedings of the 6th International Haifa Verification Conference, 2011
Martignoni L, Paleari R, Roglia G F, et al. Testing CPU emulators. In: Proceedings of the 18th International Symposium on Software Testing and Analysis, 2009. 261–272
Bombieri N, Fummi F, Pravadelli G. Incremental ABV for functional validation of TL-to-RTL design refinement. In: Proceedings of Design, Automation & Test in Europe Conference & Exhibition, 2007. 882–887
Ecker W, Esen V, Hull M. Implementation of a transaction level assertion framework in SystemC. In: Proceedings of the 10th Design, Automation and Test in Europe Conference and Exhibition, 2007. 1–6
Ferro L, Pierre L. ISIS: runtime verification of TLM platforms. In: Proceedings of Forum on Specification & Design Languages (FDL), 2009. 1–6
Tabakov D, Vardi M Y. Monitoring temporal SystemC properties. In: Proceedings of the 8th ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE 2010), 2010. 123–132
Godefroid P. Partial-Order Methods for the Verification of Concurrent Systems: An Approach to the State-Explosion Problem. Berlin: Springer, 1996
Flanagan C, Godefroid P. Dynamic partial-order reduction for model checking software. In: Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2005. 110–121
Kundu S, Ganai M, Gupta R. Partial order reduction for scalable testing of SystemC TLM designs. In: Proceedings of the 45th Annual Design Automation Conference, 2008. 936–941
Blanc N, Kroening D. Race analysis for SystemC using model checking. ACM Trans Des Autom Electron Syst, 2010, 15: 1–32
Moy M, Maraninchi F, Maillet-Contoz L. LusSy: an open tool for the analysis of systems-on-a-chip at the transaction level. Des Autom Embed Syst, 2005, 10: 73–104
Karlsson D, Eles P, Peng Z. Formal verification of SystemC designs using a petri-net based representation. In: Proceedings of the Conference on Design, Automation and Test in Europe, 2006. 1228–1233
Traulsen C, Cornet J, Moy M, et al. A SystemC/TLM semantics in Promela and its possible applications. In: Proceedings of International SPIN Workshop on Model Checking of Software, 2007. 204–222
Herber P, Fellmuth J, Glesner S. Model checking SystemC designs using timed automata. In: Proceedings of the 6th IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis, 2008. 131–136
Kroening D, Sharygina N. Formal verification of SystemC by automatic hardware/software partitioning. In: Proceedings of the 2nd ACM/IEEE International Conference on Formal Methods and Models for Co-Design, 2005. 101–110
Cimatti A, Narasamdya I, Roveri M. Software model checking SystemC. IEEE Trans Comput-Aided Des Integr Circ Syst, 2013, 32: 774–787
Große D, Le H M, Drechsler R. Proving transaction and system-level properties of untimed SystemC TLM designs. In: Proceedings of the 8th ACM/IEEE International Conference on Formal Methods and Models for Co-Design (MEM-OCODE 2010), 2010. 113–122
Chou C N, Ho Y S, Hsieh C, et al. Symbolic model checking on SystemC designs. In: Proceedings of the 49th Annual Design Automation Conference, 2012. 327–333
Chou C N, Chu C K, Huang C Y R. Conquering the scheduling alternative explosion problem of SystemC symbolic simulation. In: Proceedings of IEEE/ACM International Conference on Computer-Aided Design, Digest of Technical Papers, 2013. 685–690
Herber P, Pockrandt M, Glesner S. State — a systemc to timed automata transformation engine. In: Proceedings of the 17th International Conference on High Performance Computing and Communications (HPCC), IEEE 7th International Symposium on Cyberspace Safety and Security (CSS) and IEEE 12th International Conference on Embedded Software and Systems (ICESS), 2015. 1074–1077
Lin B, Cong K, Yang Z, et al. Concolic testing of systemc designs. In: Proceedings of the 19th International Symposium on Quality Electronic Design (ISQED), 2018. 1–7
Lin B, Xie F. A systematic investigation of state-of-the-art SystemC verification. J Circuit Syst Comp, 2020, 29: 2030013
Cadar C, Dunbar D, Engler D R. KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, 2008. 209–224
Godefroid P, Levin M Y, Molnar D A. Automated whitebox fuzz testing. In: Proceedings of the Network and Distributed System Security Symposium, 2008
Chipounov V, Kuznetsov V, Candea G. S2E: a platform for in-vivo multi-path analysis of software systems. SIGARCH Comput Archit News, 2011, 39: 265–278
Cha S K, Avgerinos T, Rebert A, et al. Unleashing mayhem on binary code. In: Proceedings of IEEE Symposium on Security and Privacy, 2012. 380–394
Shoshitaishvili Y, Wang R, Salls C, et al. SOK: (state of) the art of war: offensive techniques in binary analysis. In: Proceedings of IEEE Symposium on Security and Privacy, 2016. 138–157
Herdt V, Le H M, Große D, et al. Combining sequentialization-based verification of multi-threaded C programs with symbolic partial order reduction. Int J Softw Tools Technol Transfer, 2019, 21: 545–565
Regehr J, Cooprider N. Interrupt verification via thread verification. Electron Notes Theor Comput Sci, 2007, 174: 139–150
Horn A, Tautschnig M, Val C G, et al. Formal co-validation of low-level hardware/software interfaces. In: Proceedings of Formal Methods in Computer-Aided Design, 2013. 121–128
Ahn S, Malik S. Automated firmware testing using firmware-hardware interaction patterns. In: Proceedings of International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS), 2014. 1–10
Mukherjee R, Purandare M, Polig R, et al. Formal techniques for effective co-verification of hardware/software co-designs. In: Proceedings of the 54th Annual Design Automation Conference, 2017. 1–6
Davidson D, Moench B, Ristenpart T, et al. FIE on firmware: finding vulnerabilities in embedded systems using symbolic execution. In: Proceedings of USENIX Security, 2013. 463–478
Zaddach J, Bruno L, Francillon A, et al. AVATAR: a framework to support dynamic security analysis of embedded systems’ firmwares. In: Proceedings of Network and Distributed System Security Symposium, 2014
Lee H, Choi K, Chung K, et al. Fuzzing can packets into automobiles. In: Proceedings of IEEE 29th International Conference on Advanced Information Networking and Applications, 2015. 817–821
Alimi V, Vernois S, Rosenberger C. Analysis of embedded applications by evolutionary fuzzing. In: Proceedings of International Conference on High Performance Computing & Simulation (HPCS), 2014. 551–557
van den Broek F, Hond B, Torres A C. Security testing of GSM implementations. In: Proceedings of International Symposium on Engineering Secure Software and Systems, 2014. 179–195
Muench M, Stijohann J, Kargl F, et al. What you corrupt is not what you crash: challenges in fuzzing embedded devices. In: Proceedings of Network and Distributed System Security Symposium, 2018
OSCI. OSCI TLM-2.0 Language Reference Manual, 2009
Herdt V, Große D, Drechsler R. Fast and accurate performance evaluation for RISC-V using virtual prototypes. In: Proceedings of Design, Automation & Test in Europe Conference & Exhibition (DATE), 2020. 618–621
Herdt V, Große D, Tempel S, et al. Adaptive simulation with virtual prototypes in an open-source RISC-V evaluation platform. J Syst Architecture, 2021, 116: 102135
Vardi M Y. Formal techniques for SystemC verification. In: Proceedings of the 44th Annual Design Automation Conference, 2007. 188–192
Le H M, Große D, Herdt V, et al. Verifying SystemC using an intermediate verification language and symbolic simulation. In: Proceedings of the 50th Annual Design Automation Conference, 2013. 1–6
Le H M, Herdt V, Große D, et al. Towards formal verification of real-world SystemC TLM peripheral models — a case study. In: Proceedings of Design, Automation & Test in Europe Conference & Exhibition, 2016. 1160–1163
Herdt V. Complete Symbolic Simulation of SystemC Models: Efficient Formal Verification of Finite Non-Terminating Programs. Berlin: Springer, 2016
Herdt V, Le H M, Große D, et al. Compiled symbolic simulation for SystemC. In: Proceedings of the 35th International Conference on Computer-Aided Design, 2016. 1–8
Herdt V, Le H M, Große D, et al. ParCoSS: efficient parallelized compiled symbolic simulation. In: Proceedings of International Conference on Computer Aided Verification, 2016. 177–183
Miller B P, Fredriksen L, So B. An empirical study of the reliability of UNIX utilities. Commun ACM, 1990, 33: 32–44
Suh G E, Lee J W, Zhang D, et al. Secure program execution via dynamic information flow tracking. In: Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, 2004. 85–96
Hedin D, Sabelfeld A. A perspective on information-flow control. In: Proceedings of Software Safety and Security — Tools for Analysis and Verification, 2012. 319–347
Denning D E R. Cryptography and Data Security. Boston: Addison-Wesley Longman Publishing Co., Inc., 1982
Herdt V, Tempel S, Große D, et al. Mutation-based compliance testing for RISC-V. In: Proceedings of the 26th Asia and South Pacific Design Automation Conference, 2021. 55–60
Hassan M, Herdt V, Le H M, et al. Data flow testing for virtual prototypes. In: Proceedings of Design, Automation & Test in Europe Conference & Exhibition, 2017. 380–385
Bringmann O, Ecker W, Gerstlauer A, et al. The next generation of virtual prototyping: ultra-fast yet accurate simulation of HW/SW systems. In: Proceedings of Design, Automation & Test in Europe Conference & Exhibition, 2015. 1698–1707
Cornaglia A, Hasan M S, Viehl A, et al. JIT-based context-sensitive timing simulation for efficient platform exploration. In: Proceedings of the 25th Asia and South Pacific Design Automation Conference, 2020. 369–374
Büohm I, Franke B, Topham N. Cycle-accurate performance modelling in an ultra-fast just-in-time dynamic binary translation instruction set simulator. In: Proceedings of International Conference on Embedded Computer Systems: Architectures, Modeling and Simulation, 2010. 1–10
Charif A, Busnot G, Mameesh R, et al. Fast virtual prototyping for embedded computing systems design and exploration. In: Proceedings of the Rapid Simulation and Performance Evaluation: Methods and Tools, 2019. 1–8
Topham N, Franke B, Jones D, et al. Adaptive High-Speed Processor Simulation. Berlin: Springer, 2010. 145–159
Beltrame G, Sciuto D, Silvano C. Multi-accuracy power and performance transaction-level modeling. IEEE Trans Comput-Aided Des Integr Circ Syst, 2007, 26: 1830–1842
Herdt V, Le H M, Große D, et al. On the application of formal fault localization to automated RTL-to-TLM fault correspondence analysis for fast and accurate VP-based error effect simulation — a case study. In: Proceedings of Forum on Specification and Design Languages (FDL), 2016. 1–8
Mueller-Gritschneder D, Sharif U, Schlichtmann U. Performance and accuracy in soft-error resilience evaluation using the multi-level processor simulator ETISS-ML. In: Proceedings of the International Conference on Computer-Aided Design, 2018. 1–8
Herdt V, Le H M, Große D, et al. Towards fully automated TLM-to-RTL property refinement. In: Proceedings of Design, Automation & Test in Europe Conference & Exhibition, 2018. 1508–1511
Clemens J. Learning device models with recurrent neural networks. In: Proceedings of International Joint Conference on Neural Networks (IJCNN), 2018. 1–8
Vörtler T, Einwich K, Hassan M, et al. Using constraints for SystemC AMS design and verification. In: Proceedings of Design and Verification Conference & Exhibition Europe, 2018
Hassan M, Große D, Vörtler T, et al. Functional coverage-driven characterization of RF amplifiers. In: Proceedings of Forum for Specification and Design Languages (FDL), 2019. 1–8
Acknowledgements
This work was supported in part by the German Federal Ministry of Education and Research (BMBF) within the project VerSys (Grant No. 01IW19001), within the project Scale4Edge (Grant No. 16ME0127), and within the project SATiSFy (Grant No. 16KIS0821K), and the German Research Foundation (DFG), as part of Collaborative Research Center (Sonderforschungsbereich) 1320 EASE — Everyday Activity Science and Engineering, University of Bremen (http://www.ease-crc.org/; the research was conducted in subproject P04). Finally, we would like to thank Daniel Große for extensive helpful discussions and Sören Tempel as well as Pascal Pieper for their help in implementing extensions to our RISC-V VP platform.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Open access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Herdt, V., Drechsler, R. Advanced virtual prototyping for cyber-physical systems using RISC-V: implementation, verification and challenges. Sci. China Inf. Sci. 65, 110201 (2022). https://doi.org/10.1007/s11432-020-3308-4
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-020-3308-4
Keywords
- virtual prototyping
- RISC-V
- SystemC TLM
- verification