Mixing ATPG and Property Checking for Testing HW/SW Interfaces ∗ Alessandro Fin University of Verona Strada le Grazie, 2 37134 Verona, Italy ﬁn@sci.univr.it Franco Fummi University of Verona Strada le Grazie, 2 37134 Verona, Italy fummi@sci.univr.it Graziano Pravadelli University of Verona Strada le Grazie, 2 37134 Verona, Italy pravadelli@sci.univr.it ABSTRACT A critical part of the design of HW/SW systems concerns the deﬁnition of the HW/SW interface. Such interfaces do not directly map a functionality of the system description, but they are inferred by the characteristics of the selected programmable device (CPUs, DSPs, ASIPs, etc.). Their addition to the design can modify the behavior of the orig- inal system, thus their veriﬁcation is a hard task. The pro- posed veriﬁcation methodology joins functional veriﬁcation and property checking in order to avoid their respective lim- itations. The methodology is focused on SystemC descrip- tions that can be automatically synthesized. This is par- ticularly important since commercial model checking tools work on structural hardware descriptions, which can be ob- tained by performing rapid prototyping of both HW and SW parts of SystemC models. The proposed approach has been veriﬁed on the SystemC model that is the reference synthe- sis example of one of the most powerful SystemC synthesis environment. Categories and Subject Descriptors H.8.1 [Harware]: Testing General Terms Design, Veriﬁcation Keywords ATPG, Fault simulation, Model Cecking 1. INTRODUCTION Basic tasks of designing HW/SW systems concern their modeling and veriﬁcation. By adopting the SystemC phi- losophy, the modeling activity can be performed by using ∗ Research activity partially supported by the European Community IST-2001-34607 project: SYMBAD Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for proﬁt or commercial advantage and that copies bear this notice and the full citation on the ﬁrst page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior speciﬁc permission and/or a fee. GLSVLSI’03, April 28–29, 2003, Washington, DC, USA. Copyright 2003 ACM 1-58113-677-3/03/0006 ...$5.00. a unique description language (C++), which can represent both software and hardware modules [1]. Hardware HW / SW Interface Programmable Device M3 M4 M1 M2 M5 Functionaly Partitioned Design M3 M4 M2 M5 M1 Unpartitioned Design Functional partitioning Hw/Sw partitioning Hw/Sw Partitioned Design Static Design Specifications Performance Design Specifications & Profiling Informations Functional Equivalence Checking Functional Equivalence Checking Figure 1: Design ﬂow with HW/SW interface deﬁ- nition. Under this assumption, the design ﬂow becomes a continu- ous reﬁnement of an initial system description (see Figure 1). Such a description is partitioned, at ﬁrst, into components, which are then characterized as HW or SW parts by adopt- ing, for instance, performance estimation metrics [2]. This characterization (last step in Figure 1) introduces in the de- sign new parts so called as interfaces [3]. Veriﬁcation of interfaces is a particularly hard task [4], since they do not directly map a functionality of the system modeled by the initial description. This paper is focused on the deﬁnition of a veriﬁcation methodology able to validate the insertion of interfaces into a system description partitioned between HW and SW com- ponents. The aim of the proposed veriﬁcation methodol- 303