Formal Verification of SystemC by Automatic Hardware/Software Partitioning Daniel Kroening Computer Systems Institute ETH Z¨ urich Natasha Sharygina Carnegie Mellon University Software Engineering Institute Abstract Variants of general-purpose programming languages, like SystemC, are increasingly used to specify system designs that have both hardware and software parts. The system-level languages allow a flexible partition- ing in the design of the hardware and software. More- over, many properties depend on the combination of hardware and software and cannot be verified on either part alone. Existing tools either apply non-formal ap- proaches or handle only the low-level parts of the lan- guage. This papers presents a new technique that handles both hardware and software parts of a system descrip- tion. This is done by automatically partitioning the uniform system description into synchronous (hard- ware) and asynchronous (software) parts. This tech- nique has been implemented and applied to system level descriptions of several industrial examples. The hard- ware/software partitioning improves the performance of the verification compared to the monolithic approach. 1 Introduction System designs have both hardware and software parts. Traditionally, the software component of a sys- tem design is written in a programming language like C or C++, while the hardware part is written in a hard- ware description language such as Verilog or VHDL. This approach has several disadvantages. First of all, the designer is forced to learn and understand sev- eral languages. Second, at the beginning of the design process, it is often unclear which parts of the function- ality are to be implemented in hardware or in software. If the partitioning of the design into hardware and soft- ware is to be changed later on, expensive and time con- suming re-design becomes necessary. Furthermore, two different design languages usually break the verification tool flow. Many properties of the design only hold on the combination of particular software and hardware parts, and cannot be verified on either part alone. This motivates the idea of using uniform system- level design languages. These languages offer various levels of abstraction, down from netlists up to highly abstract descriptions which hide low-level implemen- tation details. As part of this process, an abundance of C-like system design languages has emerged. They promise to allow joint modeling of both the hardware and software components of a system using a language that is well-known to engineers. Several different projects have undertaken the task of extending the C language to support hardware spec- ification. The earliest C-like hardware description lan- guage is HardwareC [29] from Stanford University, which is aimed at a rather low hardware-level, resem- bling synthesizable RTL. The SpecC language [1], de- veloped at the University of California, Irvine, is based on ANSI-C and adds constructs for state machines, concurrency (pipelines in particular), and arbitrary- length bit-vectors. It also provides a way to modu- larize the design by a construct that resembles classes as offered by C++. Channels are used for synchroniza- tion and communication between modules. Handel-C [34], developed at Oxford University, is very similar to SpecC, including the syntax for most of the exten- sions. As SpecC, it offers concurrency, arbitrary-length bit-vectors, and channels. The languages mentioned above are all based on ANSI-C and share most of their features. All of them start with a high level of abstraction and bridge the gap to the lower levels by adding constructs like bit-vectors. SystemC In contrast to these languages, the Sys- temC [37] language has a different approach. Histor- ically, the SystemC language was used for low-level modeling of circuits only. For this low level, it has 0-7803-9227-2/05/$20.00 ©2005 IEEE 3