Verification of Mixed-Signal Systems with Affine Arithmetic Assertions

Radojicic, Carna; Grimm, Christoph; Schupfer, Florian; Rathmair, Michael

doi:https://doi.org/10.1155/2013/239064

VLSI Design

On this page

Abstract Introduction Related Work Conclusion References Copyright Related Articles

Research Article | Open Access

Volume 2013 | Article ID 239064 | https://doi.org/10.1155/2013/239064

Verification of Mixed-Signal Systems with Affine Arithmetic Assertions

Carna Radojicic,¹Christoph Grimm,¹Florian Schupfer,²and Michael Rathmair²

Academic Editor: Chang-Ho Lee

Received03 Jan 2013

Revised26 Mar 2013

Accepted28 Mar 2013

Published28 Apr 2013

Abstract

Embedded systems include an increasing share of analog/mixed-signal components that are tightly interwoven with functionality of digital HW/SW systems. A challenge for verification is that even small deviations in analog components can lead to significant changes in system properties. In this paper we propose the combination of range-based, semisymbolic simulation with assertion checking. We show that this approach combines advantages, but as well some limitations, of multirun simulations with formal techniques. The efficiency of the proposed method is demonstrated by several examples.

1. Introduction

Analog/mixed-signal (AMS) systems are a crucial part of today’s embedded systems. Typical AMS components such as sensors, transceivers, and signal conditioning enable interaction of embedded HW/SW systems with its physical environment. In today’s embedded systems, the functionality of the analog components is tightly interwoven with the digital HW/SW system. A particular challenge of AMS systems is that parameters cannot be assumed to be fixed to a deterministic value like in a digital system.

Behavior of AMS systems cannot be assumed to be fixed for the following reasons: variations of parameters due to variations in the manufacturing process, but as well during operation (e.g., different temperatures, aging, and supply voltage) introduce deviations compared to an ideal reference. (Modeling) uncertainties are introduced by the fact that all models represent more or less accurate abstractions of physical reality. No model can be assumed to be absolutely accurate. Furthermore, computation with fixed-point arithmetic in the digital domain can contribute significantly to deviation from expected ideal behavior (rounding errors, quantization). In the following we refer to such deviations of a simulation run from possible real behavior in general as “deviations.”

A communication system with typical variations and deviations is shown in Figure 1 as an example. Variations of gain, offset, or due to temperature (Figure 1, left) are compensated in software. This is done at lower layers of the software by controlling variable gain amplifier (VGA), voltage controlled oscillator (VCO). Higher layers of the software stack introduce further error correction mechanisms in software. Dependability of the overall system is defined by complex interaction of AMS parts with the software stack. While known statistical methods (e.g., Monte Carlo simulation) allow us computing other statistic properties like Bit or Packet Error Rates (BER, PER), open issues are questions such as(i)how can we guarantee some system properties, for example, for safety relevant systems?(ii)can we get information from the analysis that assists us in design and debug, such as counter examples?

This paper proposes a new methodology that for the first time combines high verification coverage of formal verification on one hand with the general applicability of simulation-based approaches on the other hand. To achieve this goal, we combine assertion checking with symbolic simulation:(1)assertions specify required properties of a system;(2)in an overall system model, deviations and variations are represented by symbols that capture size and correlations of the deviations, variations, respectively;(3)for verification of “worst case” behavior, a range-based simulation using Affine Arithmetic shows that for given ranges of inputs and deviations the required properties are valid, and that no “forbidden state” is reached.

We mostly focus on level of block diagrams, but the methodology is as well applicable on circuit simulation. We implemented it based on SystemC and its AMS extensions. Section 2 gives a review of state of the art and related work. In Section 3 Affine Arithmetic is described, and some modeling examples are given. Section 4 describes semisymbolic simulation and the verification method proposed in this work. The applicability of the verification technology is demonstrated by examples given in Section 5. Section 6 concludes the paper and identifies future work.

When verifying AMS systems with parameter deviations, application of multirun simulation techniques (Monte-Carlo, worst-case analysis) can be considered as state-of-the art. Monte Carlo simulation [1] is a statistical technique. However, statistical techniques do not provide dependable “worst case” results. While the number of simulation runs can be reduced by importance sampling [2], the number of simulation runs required may still be prohibitive for analysis of complex systems. Corner case analysis [3] is a more appropriate means for finding worst case performances of AMS systems. Unfortunately, the number of simulation runs grows exponentially with the number of parameters considered. However, even if all corner cases are considered, the dependability of the result cannot be guaranteed since corner cases are not necessarily worst cases. Design of Experiments [4] allows reducing the number of simulation runs significantly and finding worst case performances more accurately.

Even with high number of simulation runs, there is no guarantee that worst case performances are found. A drawback of multi-run simulation methods is that the dependable operation of AMS systems cannot be guaranteed under all circumstances. For safety-critical systems, for example, in aviation or automotive systems this is a major drawback and motivation for further research.

In order to find counter examples, rapidly exploring random trees [5, 6] and robust test case generation have been proposed in [7–9]. Further, the simulation techniques proposed in [10, 11] guarantee that a system is “safe” if a set of trajectories lie within certain regions defined by previously found conditions. In contrast to these approaches the techniques proposed in [12, 13] compute an overapproximation of the set of states reached by all trajectories. While these methods support debugging and introduce coverage metrics, they are not able to deal with the increased complexity of systems that with deviations and variations. An approach that enables safety verification of hybrid systems with uncertain parameters is the use of barrier certificates proposed in [14]. Those methods can verify if a set of system trajectories crosses a barrier previously defined by a barrier certificate. Finding a proper barrier certificate is not easy and makes this approach difficult for system verification.

To cope with the drawbacks of simulation-based techniques, formal verification methods were proposed. The idea of formal methods is to use the formal checkers which automatically explore all possible states and transitions in the system model to check if the desired output behaviour is met or not. Hence, in contrast to simulation-based methods which can verify only one behaviour (for only one input stimuli) per operation, the formal methods deal with the set of behaviours at a time. Approaches for formal verification were firstly applied on digital systems [15–17], and due to their efficiency they found a good way in industrial applications. Approaches that also cover analog/mixed-signal or hybrid systems are rare and still in infancy.

In [18–20] hybrid systems with linear and nonlinear dynamics are approximated by timed automata in order to simplify their analysis. Reference [21] describes a model checking tool which requires discrete and (for continuous parts) linear system descriptions. For nonlinear continuous behavior, such approximations are too simple. Linear phase-portrait approximation [22] is a general technique, because its approximation does not depend on the order of the differential equation to be approximated. There is no standard method for partitioning the state space, and therefore it seems to be complicated to find proper discrete models for strongly nonlinear models. In [23–25] focus is on nonlinear analog behavior for which discretized models in the state space are used for verification. The efficiency of these approaches seems to be limited to smaller analog systems. With increasing complexity, the number of states in the discretized model grows which leads to the state explosion problem and high run time of verification algorithms applied on this model.

Due to limitation of formal methods for analog/continuous systems to small systems, simulation-based techniques are still the only way for verification of more complex analog/continuous and AMS systems. To formalize verification of AMS systems, assertions that describe typical properties of analog systems are the focus of recent research. In [26] mixed-signal assertions (MSA) were proposed to check properties of mixed-signal systems during simulation. These assertions were implemented in a separate SCAC (SystemC AMS Temporal Checker) library. This library is easily integrated in SystemC AMS simulation environment, due to its C++ based nature. In contrast to this approach, [27] features AMT, an offline tool for monitoring temporal properties of mixed-signal systems for verification. Both verification methodologies simulate and evaluate a nominal system model without taking into account any deviations caused by variations in design process.

A particular challenge in design of complex analog/mixed-signal systems is parameter variations. In any physical system, values are not implemented in an accurate way and change in a partially unpredictable way over time (e.g., due to temperature, aging, etc.). Such deviations form an ideal model change system behavior and can potentially cause malfunctions. For conventional simulation, multi-run methods as described in the first paragraph do not provide the result dependability and require a high number of simulation runs to explore the system behaviour while considering process variations. For formal approaches, such issues are still in infancy, because its applicability simply does not yet allow handling complex and heterogeneous systems such as AMS systems.

A first approach to cover deviation effects in AMS systems and compute the guaranteed worst case results at the same time was introduced in [28–31]. Deviations are modeled as ranges, superimposed on the nominal system model, and modified during system simulation to obtain the formally guaranteed range-based system quantities. For this purpose, Affine Arithmetic was applied. Using this approach the variations in parameter values are represented with deviated symbols which are traced to the system output. Hence, the contribution of all variations in the system is contained in the system response which simplifies analysis of the system robustness.

In [32] it is proposed that how Affine Arithmetic approach can be used to analyze worst case behavior of electrical circuits. Further, in [33] this methodology found its application in sizing of analog circuits. Using Affine Arithmetic the bounds on the worst case circuit behavior are calculated and the global minimum of sizing problem is determined due to inclusion isotonicity. Beside analog domain, Affine Arithmetic models can also be used in Digital Signal Processing (DSP) applications to represent errors introduced by calculations in floating-point arithmetic [34, 35].

Within this work, semisymbolic simulation based on Affine Arithmetic is combined with the assertion-based technology. Concretely, assertions based on Affine Arithmetic (AAF+A) are introduced to include range-based system quantities and allow specification and automatic verification of typical time and frequency-domain properties of systems considering variations in their parameter values.

Using the proposed verification method system verification is done during simulation.(i)The desired output behaviour is described with assertion which is embedded into simulation process.(ii)The assertion is verified automatically. In the case where the design requirement is not met the simulation process is stopped reporting the user about the assertion violation.

Table 1 summarizes the advantages and disadvantages of previously described verification techniques.

The verification method proposed in this work copes with the disadvantages of previous verification methods. Concretely, combining the assertion-based technology with semisymbolic simulation, which generates the dependable guaranteed result in which all output values for the considered parameter set are contained, 100% coverage can be obtained.

3. Affine Arithmetic and Its Use for Modeling Deviations

3.1. Affine Arithmetic

Affine Arithmetic (AA) is a range arithmetic that overcomes the error explosion problem of Interval Arithmetic (IA) [36]. AA keeps track of correlations between quantities represented as ranges. This in particular enables application for simulation of control systems. A feedback loop, for instance, can be simulated keeping the correlation of identical ranges. A subtraction of related ranges therefore results in a reduced range avoiding the overapproximation inherent to Interval Arithmetic [29].

An affine expression can be represented as where a sum of deviation terms models the impact of independent deviations from the ideal system behavior described with the nominal value . The values of deviation symbols lie in the range which is scaled by the numerical value . Linear mathematical operations in Affine Arithmetic allow accurate symbolic computations and are defined as follows: where defines a set of natural numbers identifying all deviation terms in symbol . In contrast to linear operations, nonlinear operations introduce an overapproximation of the exact solution, for example, multiplication as follows: where is equal to and represents the total deviation of . Although the multiplication operation results in an overapproximation, deviations in the result of this operation are traced to deviations contained in the quantities and . The overapproximation is contained in residual term.

3.2. Modeling Examples with Affine Arithmetic

In the following we show how to model different deviations. We focus on block-diagram like representations with transfer functions as common in control theory, because this model of computation is generally applicable to a vast set of different domains, including communication systems and electronic circuits. We focus on giving some mathematical background that can be applied in C-language (as in the examples in later sections), but as well, for example, in Matlab/Simulink.

(a) Simple Example—Modeling Gain Variation. To model a gain variation of a block (e.g., a low noise amplifier (LNA)) we assume that the exact gain value is not known but lies in interval . The range for can be modeled using Affine Arithmetic as follows: where and correspond to the center value of the range and the maximum absolute deviation from the center value, respectively. To model the gain variation in the SystemC AMS (used as a simulation environment in this work) that extended with an abstract data type AAF and some constructors for typical deviations, it is only necessary to call the constructor of the amplifier module with and as the second and the third argument. The first argument is always the name of the module. Therefore, the amplifier can be instantiated by the following line of code:

amp amp_(“amp_”, Knom, Kdev).

(b) Modeling (Parameter) Uncertainties. Modeling uncertainties are due to lack of capturing absolute accurate models of “real” behavior. In order to describe simple modeling uncertainties, a more general model is assumed in which the “real” behavior can be included by parameter variations. As simple example, the following transfer function of a system block will be supposed: Further, it will be supposed that the exact value of the parameter is not known, but it is known that it lies in interval . The range for parameter can be modeled using Affine Arithmetic as where represents the midpoint of the range and the maximum absolute deviation from the midpoint. Now the transfer function can be expressed as where represents the nominal model with the parameter value as follows: and is the deviation function modeled as . The system block model with parameter deviation can be represented with the block diagram shown in Figure 2.

(c) Variation of Time Delay, Jitter. Time delays are often varying, even in digital systems (“jitter”). A time delay can be modeled by the following transfer function: where models an ideal behavior of a block (without time delay) and represents a time delay for which it is supposed that its exact value is not known, but it is known that it lies in interval . The time delay causes deviation of the block from its ideal behavior . This deviation will be modeled using Affine Arithmetic. In order to do this the exponential function will be approximated using the first-order Taylor polynomial: where represents time delay in ideal conditions whose value is zero. The symbol represents the maximum absolute deviation of time delay from its nominal value, and is a real number whose value lies in interval . Substituting in the previous equation we get Since the approximation of the exponential function with the first-order Taylor polynomial represents the linearization of around , this polynomial is actually tangent line on the function at point , as it can be seen in Figure 3. Replacing in (9) with this approximation the transfer function can be approximated with where models the block ideal behavior and models the deviation from the ideal behavior. The block diagram corresponding to this model is shown in Figure 4.

3.3. Abstraction of Accurate Model with Affine Arithmetic

For verification of accurate system models in the presence of parameter deviations, a high number of simulation runs is required to achieve a sufficient verification coverage. To deal with this drawback “semisymbolic” approach based on Affine Arithmetic is introduced. Using this method an abstract system model is created in which the accurate system behavior is included. Concretely, abstraction of system model gets an overapproximation of accurate models and therefore gives a guaranty that if the abstract model satisfies desired specifications, the accurate model will also meet them.

To create the abstract model it will be supposed that there is a small change of the input voltage signal around DC operating point (, ) (see Figure 5(b)). This change will be modeled using Affine Arithmetic as follows: The accurate model of a diode can be described with the following equation: To get the abstract model of a diode which is more simple for analysis, the accurate model will be approximated linearizing the nonlinear equation around DC operating point (, ). This linearization will be performed using the first-order Taylor’s series as follows: where the symbol lin_error assigns linearization error which is added to enclose the accurate model in the abstracted one. The absolute value of this error represents the maximum absolute value of the Lagrange remainder: where can take any value from . To include the accurate model, linearization error will be represented as

(a) Accurate diode model

(b) Approximation of accurate model

Figure 5(b) shows approximation of nonlinear diode (from Figure 5(a)) at the operating point.

3.4. Time-Domain Properties Modeled with Affine Arithmetic

To analyze system behavior it is necessary to specify values of its properties. In the following there will be given a list of properties in time, but also in frequency domain whose specified values can be modeled using Affine Arithmetic approach.

3.4.1. Settling Time Property

This time is defined as the maximum time necessary for the output signal to settle within the error band, usually symmetrical around the value of the output signal asymptote, from the time at which an ideal step input is applied. The specified values for the settling time and the error band can be modeled with Affine Arithmetic as follows: where represents an allowed tolerance from the asymptote .

(d) Operational Range Specification. This property defines allowed swinging in the output voltage, which does not cause a system make distortions on its output. This range will be represented with Affine Arithmetic as where represents the nominal value of range defining the swing property and the allowed deviation from the nominal value.

3.5. Frequency-Domain Properties Modeled with Affine Arithmetic

The properties determining system behavior in frequency domain, whose specified values can be modeled with Affine Arithmetic, refer to low pass filter design specifications.

3.5.1. The Allowed Ripple in the Pass Band

This property defines maximum allowed deviation from the DC filter gain (0). Using Affine Arithmetic this requirement can be represented as where , is a DC gain in the pass band, is the maximum allowed deviation from the DC gain, and is the pass band edge frequency.

3.5.2. The Allowed Ripple in the Stop Band

This design specification defines the minimum allowed attenuation in the stop band and can be modeled in the similar way as where , represents the minimum attenuation, and represents the stop band edge frequency.

4. Semisymbolic Simulation and Assertion-Based Verification

In order to reduce high number of simulation runs required for simulation of systems with parameter variations, semisymbolic simulation is introduced. The idea of this approach is to model parameter deviations using Affine Arithmetic and simulate systems including these deviations. The simulation result is range-based system response which can be obtained in only one simulation run. Semisymbolic simulation can be performed on two levels: system level and circuit level.

4.1. Semisymbolic Simulation on System and Circuit Level

For semisymbolic simulations on system level SystemC AMS environment is used. Affine Arithmetic is implemented in a separate library which is due to SystemC AMS C++ based nature very easily integrated.

Beside system level analog circuits can also be simulated on lower level like transistor level. For this purpose, a semisymbolic circuit simulator has been developed [37]. Circuit simulation is performed in two steps.(1) A netlist of a simulated system is converted into the according system of differential algebraic equations (DAE) using the Modified-Node-Analysis (MNA): where the vector represents the vector of time dependable state variables and represents the vector of time dependable circuit parameters.(2) The equation system is passed through a numerical equation solver which performs DC, AC, and Transient Analysis [37]. The solver uses numerical methods as forward, backward Euler or trapezoidal methods to solve the equations.

Since at transistor level analog circuits are usually described with nonlinear differential algebraic equations the numerical solving is followed by linearization of equation system in the operating point with respect to variables and parameters. To deal with affine terms the algorithm [37] with the following steps is applied in the simulator.

In the first step the nominal solution is computed using Newton-Raphson method. In the second step the equation system is linearized in the operating point. Result of linearization is the linear dependency of variables according to the parameter deviations. In the case of linear system with constant parameters and variable inputs the result of linearized equation system is exact affine solution and algorithm ends. As the equation system usually contains nonlinear expressions, the affine solution of the linearized system is usually an underestimation of the exact solution, and therefore it has to be extended to include the exact area. This is done in the third step of algorithm.

4.2. Assertion-Based Verification with Affine Arithmetic

The verification technology proposed in this work is based on assertions which use Affine Arithmetic to model specified values of system properties as ranges. As simulation and verification environment SystemC AMS is used. The assertions representing specifications are verified within simulation run. In the case where the specification is violated the specification violation is reported and simulation run is stopped. To describe specifications with AAF+A, the set of operators defining the syntax of these assertions is used. Table 2 summarizes available operators whose meaning will be briefly described in the following.

The label AAF in the table assigns the set of affine terms. The set of assertions based on Affine Arithmetic (AAF+A) is comprised of two sets. The first set defines Boolean formulas checking validation of properties in time-domain TBF and the second one in frequency domain FBF. The operators from Table 2, comprising, respectively, the sets TBF and FBF, are given in Table 3.

In order to simplify the description of the FBF set, the new set of frequency formulas FF is introduced. This set is determined with where , , is an affine signal, and is an integer number representing the length of Fast Fourier Transform (FFT). Note that for the operators , the frequency interval or the frequency does not need to be specified. In that case default values for and are Hz and ( represents a sampling frequency), respectively.

The sets TBF and FBF comprise the smallest set of AAF+A as follows: , , .

The following table (Table 4) gives a brief description of operators given in Table 2. If and represent the ranges modeled with Affine Arithmetic, then the operator in Table 4 assigns that the first range lies in the second range (). If is a real value, then this operator assigns that the upper bound of is lower or equal to the real variable .

5. Demonstration Examples

Within this work the applicability of the proposed verification method will be shown through several examples. The examples are chosen to demonstrate ability to handle typical challenges for symbolic simulation like feedback, nonlinearities, and discontinuities. Note that complexity itself is not a challenge by itself. As the first example a closed loop control system composed of a PID controller and a plant is chosen. Its block diagram is shown in Figure 6. Further, as the second example also a feedback system, which needs to set a room temperature to a certain value considering variation in the external temperature, is chosen. The third example through which the performance of the method will be illustrated is a PLL (Phase-Locked Loop) circuit containing the loop and nonlinear elements like a phase detector or a voltage controlled oscillator.

5.1. A Control System including a Parameter Uncertainty of a Plant

For the control system from Figure 6 a plant with the following transfer function will be considered: where for the parameter it will be supposed that it lies in the interval . This range is modeled using Affine Arithmetic as where .

Substituting the affine form of the parameter , can be rewritten as where and . For a PID controller model it is supposed that a noise filter for the derivative term is included, yielding to the following controller structure: where the proportional gain is 1.8, the integral time s, and the derivative time s. Between the integral and derivative times the ratio of 4 () is chosen. In [38] it is shown that this ratio is appropriate for many industrial processes.

In order to behave appropriately whether in time or frequency domain, it is required for a control system to satisfy the certain number of specifications. One of the most important specifications on control systems is the stability of the closed loop system. The gain and phase margin of the closed loop system are typical stability criteria. The gain margin is the maximum amount of the gain which is allowed to increase in the loop before a closed loop system becomes unstable, and the phase margin tells how much the phase lag must increase to make the system unstable. Since it is necessary to specify both margins to ensure appropriate behavior of a system, they can be replaced by a single parameter named the stability margin . This parameter is defined as the shortest distance between the Nyqvist curve of the loop transfer function and the critical point −1. This distance is actually the inverse of the maximum sensitivity. The loop transfer function is determined with where and are the controller transfer function and the plant transfer function, respectively. Mathematically, the stability margin can be expressed as where is the sensitivity function. In particular, the sensitivity function represents the disturbances amplification at the output of the plant by the closed loop system. Recommended values for the stability margin lie in the range of [38].

Within this paper it will be verified if the control system meets the stability margin specification. In order to satisfy the stability margin specification the system stability margin must lie in the recommended range. This range representing the specification for will be modeled with Affine Arithmetic: where represents the center value of the specified range and represents the maximum absolute distance from the center value. Concretely, since the specified range is [0.5, 0.75], is equal to Including the parameter uncertainty in the plant, the stability margin can be rewritten as This equation expresses that for every frequency it is necessary to determine the shortest distance of the loop transfer function from the critical point −1. It is very easy to be seen that the shortest distance will be obtained for , which corresponds to the lower bound of range .

A control system including uncertainties meets the stability margin specification if its stability margin lies in the range . Since is crucial to verify the control system against the given specification, the proposed verification method will use the system given in Figure 7 to calculate the stability margin .

Using the proposed verification method the specification to be verified will be described with AAF+A assertion which will be verified during simulation run. In order to calculate the stability margin following Expression 4 the minimum value of with respect to frequency will be determined. This value can be found using AAF+A frequency operator min. One has where represents the response of the system with transfer function (Figure 7) on Dirac impulse. The operator FFT assigns the Fast Fourier Transform, and is the number of points for which the Fourier is calculated. In this work will be set to 2048.

It is important to note that the values calculated by FFT operator are range-based values, because the uncertainty of the plant model is modeled with Affine Arithmetic. The infimum with respect to frequency can be determined as the minimum of all FFT frequency components . The stability margin corresponds to the lower bound of the range representing () (Expression 4). As it is said, in order to meet design specification, it is required from the control system that its lies in the specified range . Using the proposed method this requirement can be written as AAF+A assertion which will be verified during simulation as follows:

This assertion expresses that infimum with respect to frequency determined with must always (assigned with operator ) lie in the range modeling the stability margin specification () during simulation.

5.2. A Room Heating Control System

As the second demonstration example a system which controls a room temperature is chosen. The block diagram of the system is shown in Figure 8.

For room modeling the model including the thermal resistance of the wall between the room and the ambient , and the thermal capacitance of the room is used. One part of heat, brought into the room, leaves the room through the resistor with and the other part is stored in the capacitor with thermal capacity . This mathematical model can be described with the following equation:

Using Laplase transformation the equation can be transformed into where is the heat bringing into the system, is the temperature of the room, and is the external temperature. To determine the value of the thermal capacitance , the certain number of factors needs to be considered (the heat capacity of the stuff in the room, the air in the room…). Within this work the value is chosen (Appendix in [39]). For the thermal resistance the value of .

The controller used for this system is a PID controller with the following coefficients:

According to (34) the room temperature can be calculated as

For the external temperature it will be supposed that its value varies and lies in the range . This range will be modeled using Affine Arithmetic as

Considering the variation in the external temperature it will be verified(1)if the room temperature within 5 seconds reaches the value varying within of the final value,(2)if the final value is reached.

These two requirements will be described using Affine Arithmetic Assertions (AAF+A) and verified during simulation. The final value of the temperature is supposed to be . The assertion corresponding to the first requirement can be written as where is 5 s, is , and and . The second requirement can be described with the following assertion:

The simulation results are given in Table 5 in Section 5.4.

5.3. A PLL Circuit including Parameter Uncertainties

As the second demonstration example a phased-locked loop (PLL) circuit is chosen. Due to high number of applications phased-locked loops found their place in analog-mixed-signal (AMS) systems. Some of these applications are listed in the following:(i)in radio transmitters it is used to synthesize frequencies, which are a multiple of a reference frequency;(ii)clock generators which multiply a low-frequency reference clock to higher operating frequencies of microprocessors;(iii)in communication systems for coherent demodulation and demodulation of frequency and phase modulated signals.

In this paper a PLL circuit as a frequency synthesizer is considered. Its block diagram is shown in Figure 9. This PLL model models the behavior of the system in ideal conditions. In reality certain numbers of deviations influence the behavior of the PLL causing design specifications to violate from their values previously defined by design. Since the PLL is often the part of more complex AMS systems (e.g., in the role as a frequency synthesizer it is embedded into communication systems to generate carrier frequencies) it is of a great importance to verify if the desired output behaviour in the presence of parameter deviations is still met. Within this work a time delay of the filter from Figure 9 will be considered and added to the PLL model.

As it can be seen from the figure the PLL model is comprised of a frequency detector, a filter, and a voltage controlled oscillator (VCO). The filter with the following transfer function is used: where is the filter gain, and within this work it will be supposed that its value is one. For parameters and the values and are supposed, respectively. The parameter represents time delay of the filter, and for this example it will be supposed that its value lies in the range . In Section 3.2 it is shown that time delay causes deviation from the nominal filter behavior approximating the filter transfer function with where represents the filter transfer function in ideal conditions (time delay is zero). Substituting the values for parameters , , and , can be rewritten to

The parameter represents the maximum value of time delay which is for this example . The block diagram of the PLL model considering the filter time delay is shown in Figure 10.

For this PLL model it will be verified if the lock time of the PLL to switch from one frequency to within 5 kHz of another frequency is not greater than 1 ms. The PLL parameters such as , the minimum obtained value of the output frequency and the maximum obtained value of the output frequency , are supposed to be 100 KHz, 2 MHz, and 3 MHz, respectively. The detector gain and the gain of the voltage controlled oscillator are supposed to be

The loop gain of the system from Figure 10 is equal to From this formula it can be seen that for the maximum ratio of a programmable counter the loop gain will have the minimum value causing maximum lock time. Thus, only this ratio value will be considered. For considered PLL circuit this value is equal to

Using the verification method proposed in this work the specification to be verified will be described with AAF+A assertion. This assertion will be verified during simulation as follows: where the values of and lie in the range . The operator in the assertion assigns that the output frequency must eventually within the settling time enter the error band around the value of the steady state and stay there (assigned with operator ).

We consider only the maximum ratio of the programmable counter, and therefore the frequency value in the steady state is . The other parameters are according to desired specification equal to

Substituting these values in the previous assertion we have

5.4. Experimental Results

The SystemC AMS is used as simulation and verification environment. The control system considering the filter parameter uncertainty was simulated and verified for s with the sampling rate s. The specification (Assertion 6) passed and the stability margin calculated for the control system is shown in Figure 11. The symbol in the figure assigns the frequency component of Fast Fourier Transform which was used to determine the stability margin with respect to frequency.

(a)

(b)

Using the sampling period the heating control system was simulated for . The system met desired requirements and both assertions (Assertions 8 and 9) passed. The signal representing the room temperature is shown in Figure 11.

The PLL circuit was simulated and verified for s with the sampling period . It was verified if the lock time of the PLL to switch from 2.9 MHz to within 5 kHz of 3 MHz is less than 1 ms. The Assertion 10 failed, and simulation run was stopped reporting the information about the specification violation. The fact that the PLL output frequency did not (within ) set to the desired value within the specified tolerance does not imply that it will not do so after some time. To prove this the PLL simulation result is given in Figure 12.

Since the assertion failed and the simulation run was stopped, the PLL response from Figure 12 is the result of simulation in the case where the assertion is omitted. From the figure it can be concluded that the output frequency converges to its final value and deviated terms converge to zero. This fact is one of the main advantages of the Affine Arithmetic approach. Its ability to identify the correlation between system quantities reaches its maximum in the systems with feedback loops like the case with our demonstration examples.

Hence, even in the case where the loop contains the nonlinear elements the additional terms (which are the result of overapproximation introduced by nonlinear operations) will have negligible values, and the output will converge to its finite value. To free the memory of unnecessary variables, the authors in [28] propose the (cleanup) method. Concretely, all terms under some user specified value are replaced with only two symbols, the one representing the sum of all terms with a positive and the other with a negative sign. In this way the safe inclusion of the result is kept, and the number of terms is drastically decreased.

Table 5 summarizes the simulation times necessary for all designs in the case where AAF+A assertions were included into design simulation and when they were omitted. It can be noted that in the case where the assertions were satisfied, the proposed verification method generated additional simulation time, but the overhead was not high.

The simulation time of the PLL in the case where the assertion was embedded into simulation was omitted. The reason lies in the fact that the assertion failed stopping the simulation process, and hence the time required for simulation was much lower than for the case in which the assertion was not included.

6. Conclusion and Future Work

This work introduces a methodology that enables verification of analog/mixed-signal systems including deviations. The verification method is combined with symbolic simulation which generates the worst case dependable response adding deviations to a system model and modeling them as ranges. Since the generated output behaviour contains all possible traces for the considered parameter set the proposed assertion-based technology can provide formal verification result using simulation-based techniques. The assertions use Affine Arithmetic to model allowed or forbidden areas of typical system properties as ranges. The specified ranges are further combined with Boolean logic, frequency operators, and temporal logic which allows us to verify the system behaviour in time, but also in the frequency domain. The assertions are embedded into simulation, and as soon as the assertion violation is detected, the simulation run is stopped, and information about the assertion harm is reported.

Overapproximation is a challenge that can become a problem for strongly nonlinear systems. The first step to deal with this problem was proposed in [28] and found its applicability in the systems containing the loops. The further step towards the problem solution is to modify Affine Arithmetic in the way that we keep the second order terms in symbolic representation and in this way that we reduce overapproximation.

Furthermore, the AAF+A assertions (Table 2) will be extended from rather formal operators to libraries of application-specific properties that are close to requirement specifications found in various application domains. Also, the method up to now verifies the system against the specifications for which time and frequency requirements must be known in advanced. One interesting direction in the future would be to extend the method to extract the information about lower and upper bounds of time or frequency for which the system behaviour is still desirable under the considered set of deviated parameters.

Acknowledgment

This work has been funded by the Vienna Science and Technology Fund (WWTF) through Project ICT08_012.

References

R. Y. Rubinstein, Simulation and the Monte Carlo Method, John Wiley & Sons, New York, NY, USA, 1981.
D. E. Hocevar, M. R. Lightner, and T. N. Trick, “Study of variance reduction techniques for estimating circuit yields,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 2, no. 3, pp. 180–192, 1983.
View at: Google Scholar
K. Antreich, H. Gräb, and C. Wieser, “Practical methods for worst-case and yield analysis of analog integrated circuits,” International Journal of High Speed Electronics and Systems, vol. 4, no. 3, pp. 261–282, 1993.
View at: Google Scholar
M. Rafaila, C. Grimm, C. Decker, and G. Pelz, “Sequential design of experiments for effective model-based validation of electronic control units,” e&i Elektrotechnik Und Informationstechnik, vol. 127, pp. 164–170, 2010.
View at: Publisher Site | Google Scholar
M. S. Branicky, M. M. Curtiss, J. A. Levine, and S. B. Morgan, “RRTs for nonlinear, discrete, and hybrid planning and control,” in Proceedings of the 42nd IEEE Conference on Decision and Control, pp. 657–663, December 2003.
View at: Google Scholar
A. Bhatia and E. Frazzoli, “Incremental search methods for reachability analysis of continuous and hybrid systems,” in Proceedings of the International Workshop Hybrid Systems: Computation and Control (HSCC '04), vol. 2993 of Lecture Notes in Computer Science, pp. 142–156, Springer, 2004.
View at: Google Scholar
A. Julius, G. Fainekos, M. Anand, I. Lee, and G. Pappas, “Robust test generation and coverage for hybrid systems,” in Proceedings of the International Workshop Hybrid Systems: Computation and Control (HSCC '07), vol. 4416 of Lecture Notes in Computer Science, pp. 329–342, Springer, 2007.
View at: Google Scholar
J. M. Esposito, “Randomized test case generation for hybrid systems: metric selection,” in Proceedings of the 36th Southeastern Symposium on System Theory, pp. 236–240, 2004.
View at: Google Scholar
Q. Zhao, B. H. Krogh, and P. Hubbard, “Generating test inputs for embedded control systems,” IEEE Control Systems Magazine, vol. 23, no. 4, pp. 49–57, 2003.
View at: Publisher Site | Google Scholar
J. Kapinski, B. H. Krogh, O. Maler, and O. Stursberg, “On Systematic simulation of open continuous systems,” in Proceedings of the International Workshop Hybrid Systems: Computation and Control (HSCC '03), vol. 2623 of Lecture Notes in Computer Science, pp. 283–297, Springer, 2003.
View at: Google Scholar
A. Girard and G. Pappas, “Verification using simulation,” in Proceedings of the International Workshop Hybrid Systems: Computation and Control (HSCC '06), vol. 3927 of Lecture Notes in Computer Science, pp. 272–286, Springer, 2006.
View at: Google Scholar
A. Chutinan and B. H. Krogh, “Computing polyhedral approximations to flow pipes for dynamic systems,” in Proceedings of the 37th IEEE Conference on Decision and Control (CDC '98), pp. 2089–2094, December 1998.
View at: Google Scholar
A. B. Kurzhanski and P. Varaiya, “Ellipsoidal techniques for reachibility analysis,” in Proceedings of the International Workshop Hybrid Systems: Computation and Control (HSCC '00), vol. 1790 of Lecture Notes in Computer Science, pp. 202–214, Springer, 2000.
View at: Google Scholar
S. Prajna and A. Jadbabaie, “Safety verification of hybrid systems using barrier certificates,” in Proceedings of the International Workshop Hybrid Systems: Computation and Control (HSCC '04), vol. 2993 of Lecture Notes in Computer Science, pp. 477–492, Springer, 2004.
View at: Google Scholar
E. M. Clarke, O. Grumberg, and D. A. Peled, Model Checking, The MIT Press, 1999.
J. R. Burch, E. M. Clarke, K. L. McMillan, D. L. Dill, and L. J. Hwang, “Symbolic model checking: 1020 states and beyond,” Information and Computation, vol. 98, no. 2, pp. 142–170, 1992.
View at: Publisher Site | Google Scholar
E. Clarke, O. Grumberg, and D. Long, “Verification tools for finite-state concurrent systems,” in Proceedings of the Decade of Concurrency, Reflections and Perspectives, vol. 803 of Lecture Notes in Computer Science, pp. 124–175, Springer, 1994.
View at: Google Scholar
O. Maler and G. Batt, “Approximating continuous systems by timed automata,” in Proceedings of the 1st international workshop on Formal Methods in Systems Biology (FMSB '08), vol. 5054 of Lecture Notes in Computer Science, Springer, 2008.
View at: Google Scholar
O. Stursberg, S. Kowalewski, and S. Engell, “On the generation of timed discrete approximations for continuous systems,” Mathematical and Computer Modelling of Dynamical Systems, vol. 6, no. 1, pp. 51–70, 2000.
View at: Google Scholar
O. Stursberg, S. Kowalewski, and S. Engell, “Timed approximations of hybrid processes for controller verification,” in Proceedings of the 1st IFAC Conference on Analysis and Design of Hybrid Systems, pp. 289–295, 2003.
View at: Google Scholar
R. Alur, T. A. Henzinger, G. Lafferriere, and G. J. Pappas, “Discrete abstractions of hybrid systems,” Proceedings of the IEEE, vol. 88, no. 7, pp. 971–984, 2000.
View at: Google Scholar
T. Henzinger and H. Wong-Toi, “Linear phase-portrait approximations for nonlinear hybrid systems,” in Proceedings of the Hybrid Systems III: Verification and Control, vol. 1066 of Lecture Notes in Computer Science, pp. 377–388, Springer, 1996.
View at: Google Scholar
W. Hartong, L. Hedrich, and E. Barke, “Model checking algorithms for analog verification,” in Proceedings of the 39th Annual Design Automation Conference (DAC '02), pp. 542–547, June 2002.
View at: Google Scholar
D. Grabowski, D. Platte, L. Hedrich, and E. Barke, “Time constrained verification of analog circuits using model-checking algorithms,” Electronic Notes in Theoretical Computer Science, vol. 153, no. 3, pp. 37–52, 2006.
View at: Publisher Site | Google Scholar
W. Hartong, L. Hedrich, and E. Barke, “On discrete modelling and model checking of nonlinear analog systems,” in Proceedings of the 14th International Conference on Computer Aided Verification (CAV ’02), pp. 401–413, 2002.
View at: Google Scholar
S. Lämmermann, A. Jesser, M. Rathgeber et al., “Checking heterogeneous signal characteristics applying assertion-based verification,” in Proceedings of the Frontiers in Analog Circuit Verification (FAC '09), Grenoble, France, 2009.
View at: Google Scholar
A. Pnueli and O. Maler, “Extending PSL for analog circuits,” Tech. Rep., 2005, PROSYD Deliverable D 1.3/1.
View at: Google Scholar
W. Heupke, C. Grimm, and K. Waldschmidt, “Semi-symbolic simulation of nonlinear systems,” in Proceedings of the Forum on Specification and Design Languages (FDL '05), ECSI, Lausanne, Switzerland, September 2005.
View at: Google Scholar
C. Grimm, W. Heupke, and K. Waldschmidt, “Refinement of mixed-signal systems with affine arithmetic,” in Proceedings of the Design, Automation and Test in Europe Conference and Exhibition (DATE '04), pp. 372–377, IEEE Press, February 2004.
View at: Publisher Site | Google Scholar
C. Grimm, W. Heupke, and K. Waldschmidt, “Analysis of mixed-signal systems with affine arithmetic,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 24, no. 1, pp. 118–123, 2005.
View at: Publisher Site | Google Scholar
D. Grabowski, M. Olbrich, C. Grimm, and E. Barke, “Range arithmetics to speed up reachability analysis of analog systems,” in Proceedings of the Forum on Specification, Verification and Design Languages (FDL '07), Barcelona, Spain, 2007.
View at: Google Scholar
N. Femia and G. Spagnuolo, “True worst-case circuit tolerance analysis using genetic algorithms and affine arithmetic,” IEEE Transactions on Circuits and Systems, vol. 47, no. 9, pp. 1285–1296, 2000.
View at: Publisher Site | Google Scholar
A. Lemke, L. Hedrich, and E. Barke, “Analog circuit sizing based on formal methods using affine arithmetic,” in Proceedings of the IEEE/ACM International Conference on Computer Aided Design (ICCAD '02), pp. 486–489, November 2002.
View at: Publisher Site | Google Scholar
C. F. Fang, R. A. Rutenbar, M. Püschel, and T. Chen, “Toward efficient static analysis of finite-precision effects in DSP applications via affine arithmetic modeling,” in Proceedings of the 40th Design Automation Conference (DAC '03), pp. 496–501, June 2003.
View at: Google Scholar
C. F. Fang, T. Chen, and R. A. Rutenbar, “Floating-point error analysis based on affine arithmetic,” in Proceedings of IEEE International Conference on Accoustics, Speech, and Signal Processing (ICASSP ’03), vol. 2, pp. 561–564, April 2003.
View at: Google Scholar
R. E. Moore, Interval Analysis, Prentice-Hall, Englewood Cliffs, NJ, USA, 1966.
D. Grabowski, M. Olbrich, and E. Barke, “Analog circuit simulation using range arithmetics,” in Proceedings of the Asia and South Pacific Design Automation Conference (ASP-DAC '08), pp. 762–767, IEEE Computer Society Press, Seoul, Korea, March 2008.
View at: Publisher Site | Google Scholar
K. J. Åström and T. Hägglund, PID Controllers: Theory, Design and Tuning, Instrument Society of America, 2nd edition, 1995.
D. Ryder-Cook, “Thermal modelling of buildings,” Tech. Rep., University of Cambridge, 2009.
View at: Google Scholar

Copyright

Copyright © 2013 Carna Radojicic et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1538

Downloads

904

Citations

VLSI Design

Verification of Mixed-Signal Systems with Affine Arithmetic Assertions

Abstract

1. Introduction

2. State of Art and Related Work

3. Affine Arithmetic and Its Use for Modeling Deviations

3.1. Affine Arithmetic

3.2. Modeling Examples with Affine Arithmetic

3.3. Abstraction of Accurate Model with Affine Arithmetic

3.4. Time-Domain Properties Modeled with Affine Arithmetic

3.4.1. Settling Time Property

3.5. Frequency-Domain Properties Modeled with Affine Arithmetic

3.5.1. The Allowed Ripple in the Pass Band

3.5.2. The Allowed Ripple in the Stop Band

4. Semisymbolic Simulation and Assertion-Based Verification

4.1. Semisymbolic Simulation on System and Circuit Level

4.2. Assertion-Based Verification with Affine Arithmetic

5. Demonstration Examples

5.1. A Control System including a Parameter Uncertainty of a Plant

5.2. A Room Heating Control System

5.3. A PLL Circuit including Parameter Uncertainties

5.4. Experimental Results

6. Conclusion and Future Work

Acknowledgment

References

Copyright