Formal verification: assertions
Could be
applied in
checking
properties...
Digitaalsüsteemide verifitseerimise kursus
1
Simulation-based verification:
assertions
… but also
during
simulation
Digitaalsüsteemide verifitseerimise kursus
2
Assertion
• Set of expressions that check the validity of
certain conditions for variables over a
period of time
• If a condition is violated then an error
message will be displayed that will report
the location of the error
• Assertions could be used during simulation
or in checking properties formally
Digitaalsüsteemide verifitseerimise kursus
3
Assertion
• Allows observing internal signals:
– Before they propagate to outputs
– Can observe errors before they propagate to
primary outputs
• Applied in HW and SW debugging for long
• Only recently standardized
Digitaalsüsteemide verifitseerimise kursus
4
How to create assertions
Two opposite strategies:
1. Find from spec properties that should
hold in the implementation (liveness)
2. Find from spec properties that should
not occur in the implementation (safety)
+ fairness properties
Digitaalsüsteemide verifitseerimise kursus
5
Combinational and Sequential
Assertions
• Assertions not depending on time combinational:
. (A != 0 ) && ( A & (A-1))
• Assertions depending on previous (following)
clock cycles - sequential:
. (A-1 != A) -> (A == A+1)
• The interval between the 1st and last clockcycles: time-window
Digitaalsüsteemide verifitseerimise kursus
6
Hierarchy of assertions
• As specs can be represented at
different abstraction levels so can
assertions:
–
–
–
–
Behavioral level
RTL
Logic level
etc...
Digitaalsüsteemide verifitseerimise kursus
7
Assertion components
•
1.
2.
3.
4.
Assertion consists of 4 components:
Activating condition
Signal register
Assertion statement
Reaction
Digitaalsüsteemide verifitseerimise kursus
8
Assertion components
Digitaalsüsteemide verifitseerimise kursus
9
Sequential assertions
• Cyclic list:
Digitaalsüsteemide verifitseerimise kursus
10
Assertions on signal change pattern
Sequence
Description
Assertion
Coding
Gray code
Exactly one bit changes
S^S-1 is one-hot
Hamming code,
H
H bits change
S^S-1 has H ones
Increment/decre- A signal increments/
ment
decrements by a step size N
S-S-1 = N / S-1-S = N
Change delta
A signal’s change in a range R
|(S-S-1)| ≤ R
Transition
sequence
A signal’s transition follows a
certain value pattern
Signal membership
check
Cause and effect Signal A asserting at time T
causes B to assert at T+N
A-N –> B
11
More assertions
• Check if a signal changed within a timewindow
• Check causality (change of one signal
causes change in another) within a timewindow
Digitaalsüsteemide verifitseerimise kursus
12
Container Assertions
• Check correctness after additional processing
Digitaalsüsteemide verifitseerimise kursus
13
SystemVerilog Assertions
• Although any HDL (VHDL, Verilog, etc.)
will do, it may need a lot of coding …
• …and the assertions can not be reused.
• SystemVerilog (IEEE std 1364) offers
standard assertions
Digitaalsüsteemide verifitseerimise kursus
14
SystemVerilog Assertions
•
Two types of assertions in SVA:
1. Procedural assertions
2. Declarative assertions
Digitaalsüsteemide verifitseerimise kursus
15
SVA: procedural assertions
• Written to the code to be simulated –
applied in simulation-based verification.
• Example:
assert (WR == 1'b1 && CS == 1'b0)
$display ("INFO: memory ready"); // pass clause
else $display ("ERROR: cannot write"); // fail clause
Digitaalsüsteemide verifitseerimise kursus
16
SVA: declarative assertions
• Declarative assertions (similar to modules) –
applied in property checking.
• Syntax:
assert property (property_definition_or_instance) action
action ::= [statement] | [statement] else statement
Digitaalsüsteemide verifitseerimise kursus
17
SVA: declarative assertions,
sequences
• Declarative assertions describe temporal
behavior
• Main concept is a sequence:
• Sequence = {(Bi,Ti),i V},
• Bi is Boolean expression at time step Ti,
and V is a set of integers (e.g. clock cycle
index)
Digitaalsüsteemide verifitseerimise kursus
18
SVA: sequences and waveforms
• SVA sequence constructor: ##N, where N is
the delay
• x ##4 z is equivalent to (x,t),(z,t+4)
• Ranges can be described
• E.g. x ##[1,3] z stands for
x ##1 z or x ##2 z or x ##3 z
• Many waveforms generally corresponding to a
sequence!
Digitaalsüsteemide verifitseerimise kursus
19
SVA: sequences and waveforms
x1 is true here
x2 is true here
Matching
region
20
Analogy with Boolean functions
Digitaalsüsteemide verifitseerimise kursus
21
SVA. Sequence Operators: AND
• s1 AND s2 is true if s1 and s2 have both
become true:
Digitaalsüsteemide verifitseerimise kursus
22
SVA. Sequence Operators : OR
• s1 OR s2 is true if s1 or s2 has become true:
OR
true
Digitaalsüsteemide verifitseerimise kursus
true
23
SVA. Sequence Operators:
intersect
• Similar to AND, but requires that the
sequences begin and end at the same time:
Digitaalsüsteemide verifitseerimise kursus
24
SVA. Sequence Operators:
first_match
• Is true when a sequence becomes true the
first time:
Digitaalsüsteemide verifitseerimise kursus
25
SVA. Operations: implication
• S1  S2, i.e. ¬S1 + S1·S2
• If S1 becomes true at time t then start evaluating
S2, whose result determines the result of the
implication.
• If S1 is false, then the implication is true.
Digitaalsüsteemide verifitseerimise kursus
26
SVA. Sequence Operators:
throughout
• S = {(Bi,Ti),i V}
• E throughout S is{(E · Bi,Ti),i V}
• E.g. (x1 + x2) throughout (##1 x3 ##2 x4) is
equivalent to:
(##1 (x1 + x2)x3 ##2 (x1 + x2)x4)
Digitaalsüsteemide verifitseerimise kursus
27
SVA. Sequence operators: within
• s1 within s2 checks whether s1 is found
in s2 and whether both sequences are
true
• s1 must begin after s2 begins and end
after the end of s2!
Digitaalsüsteemide verifitseerimise kursus
28
Assertion-based Verification
 ABV benefits:
 Dynamic – better observability
detecting bugs earlier and closer to their origin
 Static – better controllability
direct verification to the area of interest
PSL Assertions based Verification with HLDD Tools
29
Assertion-based Verification
 Completeness problem
 Who/what and when should specify assertions?
 When is it enough?
 In practice design engineer writes them for
VHS (Verification Hot Spots). Such spot:
 contains a great number of sequential states;
 deeply hidden in the design, making it difficult to
control from the inputs
 has many interactions with other state machines
and external agents
 has a combination of these properties
PSL Assertions based Verification with HLDD Tools
30
What assertions are?
• Assertion is an asserted (=directive shows what to do)
property (=a part of the DUT’ functional behavior)
– speed-up
• find out if anything went wrong
earlier
– improve quality (corner cases)
– functional coverage
• formal and dynamic verification
• + assume, cover, expect, restrict…
31
What assertions are?
Languages
• PSL
– next slide
• SystemVerilog Assertions (SVA) – IEEE 1800
– a group of extensions to the Verilog HDL
true[*0:$] ##1 !SOT ##1 SOT ##1 !ads1[*0:$] ##1 ads2
• OVL
– Open Verification Library assertions
• include PSL and VHDL checkers
– A part of OVM/UVM from Mentor & Cadence
– Synopsys: Open Vera Language assertions (OVA)
• HDLs
– assert statement s to print messages at the simulation console
• severity levels
• System C assertions, e, etc.
32
What assertions are?
Label
When to check
PSL
reqack: assert always (req -> next ack);
Verification
directive
Property to be
checked
• Property Specification Language IEEE-1850 (2005)
– Originated from Sugar (IBM), Accellera
• Foundation Language (FL)
– LTL, SERE
– PSL Simple Subset for simulation
• Time advances monotonically, it is finite, (operands restrictions)
• Optional Branching Extension
– CTL (for formal verification)
33
What assertions are?
• Flavors:
PSL (cont.)
– SystemVerilog, Verilog , VHDL, SystemC, (GDL ?)
• 4 layers
– Boolean layer –Boolean expressions in HLD: (a&&(b||c))
• Boolean operators: AND, OR, ->
– Temporal later – sequences of Boolean expressions over
multiple clock cycles
• Temporal operators (e.g. next_e, until, next_event)
– invariance operators: always, never
• SERE: ({A[*3];B}|->{C}) Sequential Extended Regular Expressions
– Verification layer - directives for verification tool telling
what to do with specified properties
• assert, assume, cover, restrict
– Modeling layer – models environment
34
What assertions are?
LTL
• Linear-Time (temporal) Logic (first introduced in 1981)
• No branches, time is a path
35
What assertions are?
CTL
• Computational Tree Logic (first introduced in 1977)
– branching-time logic, meaning that its model of time is a treelike structure
– there are different paths in the future, any one of which might
be an actual path that is realized
A[φUψ] == ( E[(ψ)U(φψ)] EG(ψ) )
• temporal operators:
–
–
–
–
–
–
–
A φ - φ has to hold on all paths (starting from the current state)
E φ - there exists at least one path (-”-) where φ holds.
X φ - φ has to hold at the next state
G φ - Globally: φ has to hold on the entire subsequent path
F φ - Finally: φ eventually has to hold
φ U ψ - φ has to hold until at some position ψ holds
φ W ψ - Weak until: φ has to hold until ψ holds (= "unless".)
36
What assertions are?
Vacuity
• Vacuity is a philosophical concept (not specific to PSL)
• Vacuous pass occurs if a passing property contains
Boolean expression that, in frames of the given
simulation trace, has no effect on the property
evaluation.
req
req
ack
ack
PASSED
req
ack
FAILED
NOT ACTIVATED
vacuous pass
37
Assertion-based Verification
PSL Assertions based Verification with HLDD Tools
38