8. Assertion Based Design and 8.1 Assertion-based design Assertion - PowerPoint PPT Presentation

Fachgebiet Rechnersysteme Technische Universität Verification Technology Darmstadt 8. Assertion-Based Design and Assertion Languages 1 8. Assertion-Based Design and Assertion Languages 3 Fachgebiet Rechnersysteme 8. Assertion Based Design and 8.1 Assertion-based design Assertion Languages Assertions  Verification Technology Content Type yp Time-points p Examples p Proof procedure Proof procedure referenced 8.1 Assertion-Based Design 8.2 Introduction to ITL State-based 1 Software Simulation/ assertions Model-checking 8.3 Introduction to SVA Appendix: Regular expressions Finite-window 1-20 (200) Timing Bounded diagrams g model-checking model checking Infinite-window all Temporal Model- logic checking formulas 8. Assertion-Based Design and Assertion Languages 2 8. Assertion-Based Design and Assertion Languages 4 8.1 Assertion-based design 8.1 Assertion-Based Design Example of property-based verification (Winkelmann,  Infineon) Assertions, properties  Software:  UMTS base-band station chip, 1024 parallel processes,  configuration changes every 10 ms, Pipelining, 100 fi ti h 10 Pi li i 100  Mainly state-based MHz, 2M gates, 70k lines of VHDL  Only one time-point involved HDL assertions  ~ 40k lines of assertions (properties) (560)   VHDL  Regression run 2 – 80 h Temporal Logic Assertions   200 bugs found, 50 likely to escape simulation  May involve many (all) time-points  Safety/liveness properties  Safety/liveness properties  CTL (state-formulas)  LTL (path-formulas) Verification Languages   PSL (Property Specification Language)  SystemVerilog Assertions (SVA)

Fachgebiet Rechnersysteme Technische Universität Verification Technology Darmstadt 8. Assertion-Based Design and Assertion Languages 5 8. Assertion-Based Design and Assertion Languages 7 8.1 Assertion-based design 8.1 Assertion-based design 4 types of applications of assertions (2 soft, 2 hard) Assertion-(Property)-Based Design    Generation of hardware run-time monitors and Assertions in VHDL  integration on-chip, e.g., FPGA  Assertions are checked during simulation g  Violated assertions lead to messages Monitor- Assertions circuits  Syntax: assert CONDITION report "TEXT" severity LEVEL; System Circuit Description  TEXT appears if CONDITION=false Hardware  Severity: note, warning, error, failure – Example: E l  Synthesis of hardware assert (S(1) and S(2)) /= ´1´ report "state 11" severity note; HDL if state 11 is reached then the message Circuit Assertions "state 11" is reported 8. Assertion-Based Design and Assertion Languages 6 8. Assertion-Based Design and Assertion Languages 8 8.1 Assertion-based design 8.1 Assertion-based design Monitors 4 types of applications of assertions (2 soft, 2 hard)    Transform assertions into executable VHDL  Cosimulation after translation into HDL ("monitors")  Co-simulate assertions and monitor truth-value – e.g., FOCS tool (IBM) for complex assertions g , ( ) p or: Assertions  Generate hardware-monitors + integrate on FPGA Simulator – Commercial solutions available System Description  Formal verification – e.g., (Bounded) Model-checker (B d d) M d l h k Assertions Formal Verification System Tool Description

Fachgebiet Rechnersysteme Technische Universität Verification Technology Darmstadt 8. Assertion-Based Design and Assertion Languages 9 8. Assertion-Based Design and Assertion Languages 11 8.1 Assertion-based design 8.2 Introduction to ITL Hardware run-time monitors:  Properties are specified as propertys with an assume-part  (the assumption) and a prove-part (the commitment)  Generate hardware monitors and integrate on, e.g., FPGA property myproperty is assume: <assumptions>; prove: <commitments>; f4 f2 end property; i f1 A hardware f3 f3 f5 f5 monitor monitor  1 f1 t  f4 t+2 f1' f1'' 8. Assertion-Based Design and Assertion Languages 10 8. Assertion-Based Design and Assertion Languages 12 8.2 Introduction to ITL 8.2 Introduction to ITL Each of the assumptions/commitments states a number of  signal-values at some time-points by means of references to the time-variable t ITL: Interval Temporal Logic  – Example: E l  Proprietary temporal language of the MV360 formal f f property checker of OneSpin Solutions property myproperty is  Specifically tailored to the needs of incomplete BMC assume:  Provides only references in a finite time-window at t: x = '0'; at t+2: y = '1'; prove: p at t+4: enable = '1'; at t+7: ack = y; end property;  The time-intervals of assumption and commitment may overlap !

Fachgebiet Rechnersysteme Technische Universität Verification Technology Darmstadt 8. Assertion-Based Design and Assertion Languages 13 8. Assertion-Based Design and Assertion Languages 15 8.2 Introduction to ITL 8.2 Introduction to ITL VHDL or Verilog syntax is allowed for signals, constants, The freeze construct introduces a new alias for the value   and functions of a signal at a certain time-point; the alias can be referenced arbitrarily NEXT and PREV are used to refer to next or previous time-  points, respectively i t ti l – Example: E l  The default values are 1 – Example: property myproperty is freeze: y_t = y@t; property myproperty is assume: assume: at t: x = '0'; at t: x = '0'; t t '0' prove: prove: within[t+1,t+4]: y = y_t; at t+2: NEXT(y) = PREV(x); end property; at t+3: y = PREV(x,2); end property; 8. Assertion-Based Design and Assertion Languages 14 8. Assertion-Based Design and Assertion Languages 16 8.2 Introduction to ITL 8.2 Introduction to ITL during and within specify relationships that have to hold ITL provides much more constructs like macros, index   for all time-points or for at least one time-point in a loops, etc. reference time-interval, respectively Semantics: "Implications between observed and expected  – Example: E l b h behaviors at arbitrarily selectable time-points in a finite i t bit il l t bl ti i t i fi it time-window" property myproperty is assume: at t: x = '0'; prove: p during[t+1,t+4]: enable = PREV(y,2); end property;

Fachgebiet Rechnersysteme Technische Universität Verification Technology Darmstadt 8. Assertion-Based Design and Assertion Languages 17 8. Assertion-Based Design and Assertion Languages 19 8.3 Introduction to SVA 8.3 Introduction to SVA Example 1:  req ##1 ack ##1 ~halt |-> grant ##1 grant SVA: SystemVerilog Assertions   Rich and expressive property language  "After the sequence req=1; ack=1; halt=0, grant should b be 1 for two time steps": 1 f t ti t "  Compatible with SystemVerilog  Part of SystemVerilog IEEE Standard 1800  "Similar" approaches: – OVL: Open Verification Library – Property Specification Language (PSL) Common idea: have a common and standardized  0 1 2 3 4 language to express properties of a design language to express properties of a design req 1 1 - - - - SVA resources:  - 1 - - - ack  1800-2009 IEEE Standard for SystemVerilog— halt - - 0 - - Unified Hardware Design, Specification, and grant - - 1 1 - Verification Language  Foster/Krolnik/Lacey: Assertion-Based Design, Kluwer 2003 (also for OVL and PSL) req ##1 ack ##1 ~halt grant ##1 grant 8. Assertion-Based Design and Assertion Languages 18 8. Assertion-Based Design and Assertion Languages 20 8.3 Introduction to SVA 8.3 Introduction to SVA SVA is an assertion language based on SystemVerilog Example 2:    Developed at Accellera as verification extension of  The ack-signal must occur within 2 cycles after a SystemVerilog (IEEE1800-2005) req-signal (including reaction at the same step as req) )  Used for formal verification as well as for the generation of simulation checkers (monitors) req |-> ##[*0:2] ack