finding bugs faster with assertion based verification (abv)

INV

EN

TIV

E

Kanwar Pal SinghCadence Design Systems

Finding Bugs Faster with Assertion Based Verification (ABV)

Agenda

• Assertion-Based Verification Introduction• Assertion Languages

– SVA and PSL– Language Standards

• ABV Tools and Methodology– What does each tool do?– How do these tools complement each other?– Overall methodology

• Conclusion

2

Traditional Verification

• Verification typically is focused on:– Providing stimulus to blocks or an entire design.– Watching for a response.– The stimulus is applied to top-level interfaces, the response is read back

from top-level interfaces.• This is a form of black-box

verification.

3

Verification Environment

HDL

Assertion-Based Solution

• Verification objects are added to “interesting” points inside the design.

• These verification objects transform a “black-box” verification, to a “white-box” scenario

• The effort needed to create the “white-box” scenario:– Makes verification more efficient– Allows you to use additional technology for verification

4


HDL

A

AA

AA

A A A

What is an Assertion?

• Assertions are verification objects that: – Watch for forbidden

behavior within a design block or on it’s interfaces

– Track expected behaviordocumented in the assertions

– Improvement upon $display, $monitor and assertstatements

5


HDL

A

AA

AA

A A A

Assertion Example

6

A description out of the spec “After interrupt is asserted, acknowledge must come”

intr

iack

0 1 2 3 4 5

always @(posedge intr)begin

repeat (3) @(posedge clk);fork: pos_pos

begin@(posedge iack)$display("Assertion Success",$time);

disable pos_pos;end

beginrepeat (4) @(posedge clk);$display("Assertion Failure",$time);disable pos_pos;

endjoin

end // alwaysPSL : // psl ackn_protocol : assert always

{ rose(intr)} |=> {[*2];iack }! @(posedge clk);SVA : ackn_protocol : assert property (@(posedge clk)

$rose(intr) |=> ##2 iack);

Functional Verification With Assertions

• Improved observability• Identifies errors where they

take place instead of at the outputs

• Monitors behavior for all vectors

• Improved controllability• Improved coverage• Verification starts sooner

7

LargeDesign

Interface Constraints and

Assertions

A A

AA

A

A AA A

AA

A A AA AA

RTL Assertions


Assertion-based VerificationWhat are the High level Benefits?

• Reduced TTM– Start verification sooner– Significantly improve the debug time (documented customer

cases have shown up to 50% time savings)• Facilitates verification reuse

– Preserve design knowledge within Assertions• Same assertions can be used for simulation, formal

analysis, and acceleration• Productivity gains – stable model reached quicker

– Coverage holes identified

8

What Are Assertions Used For?

• Assuring that the interface of the design is being exercised correctly• Finding errors deep within the design• Identifying hard-to-find corner cases• Improving simulation tests with coverage analysis

– Identify holes in the set of tests– Eliminate inefficient or redundant tests

9

What Aren’t Assertions Used For?

• Race conditions• Timing checks• Equivalence Checking• Checking data transformation• Code coverage

LintingStatic timing analysisFormal equivalence checkingSimulation/AccelerationCode coverage tool

10

Resources for Extracting Assertions

Domain Action to extract assertionSpecification Review specifications documents

and extract features

Port list Review functionality of all block ports and extract features

Flow diagrams and waveform Review data and control flow through block; extract features

Block functional characteristics Review block functional characteristics; extract features

Team reviews Conduct team reviews to extract additional features

11

Don’t worry about overlap, worry about holes

Agenda




• Conclusion

12

PSL vs SVA

• THERE IS NO BAD CHOICE TO MAKE– Besides some subtle differences, they are very similar

• Recommendations– Pick a language as there is no need to learn both– Have a verification environment that supports both

• It is quite likely that whatever you pick, you will run into IP containing assertions of the other language

13

Recommended PSL and SVA Subset

14

Operators PSL SVA Notes

Sequence Delimiters

Consecutive Repetition: zero or more cyclesConsecutive Repetition: one or more cycles

Consecutive RepetitionNon-Consecutive Repetition

Sequence Concatenation (non-overlapping)Signal Edge Detection

Previous Values of Signals

alwaysnever

Boolean Liveness

interrupt

{...}

[*][+]

[*count] [*range][=count] [=range]

;rose(), fell()prev(sig, n)

alwaysnever

eventually!

abort

not

disable iff

SVA is implicitly always by default

Boolean Overlapping Implication ->Boolean Non-Overlapping Implication -> next Avoid nested “-> next”

(...)

[*0:$][*1:$][*count] [*range][*=count] [*=range]

##1$rose(), $fell()$past(sig, n)

Sequence Strong Interpretation ! SVA only has a strong form

SVA only has sequence form

Sequence Non-Overlapping ImplicationSequence Overlapping Implication

|=>|->

|=>|->

80% of assertions can be written with 20% of language

onehot, onehot0 $onehot, $onehot0Built-in Functions

Latest Language Standards

• 1800-2009 – IEEE standard for System Verilog--Unified Hardware Design, Specification, and Verification Language– SVA is part of the standard and is covered in 2 chapters

• 1850-2010 – IEEE standard for Property Specification Language (PSL)

15

Agenda




• Conclusion

16

ABV Tools

17

Functional Coverage• Assertions and cover directives measure

functional coverage for each test.• Functional coverage from all tests is

combined into a report of the test suite’s total functional coverage.

Simulation (Dynamic ABV)• Assertions act as monitors during

simulation. • Assertions can be used for interactive

debugging during simulation.• Assertion activity indicates functional

coverage.

Assertion-Based Acceleration (ABA)• Assertions helps isolate the cause of

failures• Catch bugs that require long setup times• Accumulate additional coverage

information

Formal Analysis• Assertions define correct behavior and

legal inputs.• Exhaustive analysis of all possible states

without a testbench.• Improves productivity and quality.

Simulation + Assertions = Observability

• Once an Assertion is violated, a message appears in the console:– reports beginning: start time (when finished or failed is reported)– reports length in terms of cycle (when finished or failed is reported)– points to expression that was violated (when failed is reported)– prints the assertion statement portion (when failed is reported)

// psl example: assert always {e;f;g} |=> {g; d | e; c};

|ncsim: *E,ASRTST (./test.v,68): (time 500 NS) Assertion

test.inst1.example has failed (5 cycles, starting 440 NS)

• Assertions can generate transactions

18

Points out explicitly which expression in a sequence caused the failure

Static ABV + Assertions = Controllability

• Verification can start early without

a testbench

• Exhaustive verification with

counter example for failures

• Helps find corner case bugs

19

20

Simulation (Dynamic ABV)• Depends on quality of testbench• Follows specific paths• Limited controllability• Applicable later in design cycle

Formal Analysis (Static ABV)• No testbench needed – can use earlier• Few depths typically equivalent to

millions of simulation vectors• Limited by state space explosion• Explored Depth

– Uncovers local corner case bugs– Reports verification proof radius

ReachableState Space

x

x

x

x

x

x

x

x

x

x

Bugs triggered with simulation

StartingState Point

The Difference Between Dynamic and Static

• Exhaustive– Uncovers all possible bugs

x

x

xx

x

x

Assertion-based Acceleration (ABA)

• Assertion support in the acceleration adds observability with performance

– Enables exposing design problems quicker and reducing debug times

– Enables assertion firings from ‘long’ runs not viable in a simulation only

environment

• Supports same set of design files as simulation

• Executes long simulation runs much quicker

– Enables System level simulation with assertions

– Enables software bring-up with assertions

21

Functional Coverage

22

•Formal AnalysisAA

AA

AA

A

A

Module / Block

•Formal Analysis•Simulation

AA

AA

AA

A

AA AA A

AA

A AA

AA

AA

Integrated Blocks

•Simulation•HW Acceleration•Emulation A

AA

A

AA

A

A

AA

AA

AA

A

A

AA A

AA

A A

AA

AA

AA

AAA

A

A

A

A

A A

A

A

AA

Top-level Integrated Design

AggregatedCoverage

Total CoverageMetrics

Plan

ABV Methodology Recap

July 8, 2011 Cadence Confidential: Cadence Internal Use Only23

CoverageMetrics

Spec

Plan Unified Metrics AggregatedCoverage

& Checking

Leverage assertions as checks for feature validation throughout the entire verification process

VerificationEngineers

DesignersEngineers

Agenda




• Conclusion

24

Conclusion (1)

• An ABV methodology– Begins with planning– Spans the entire verification process from module to system– Includes formal, simulation, and emulation/acceleration– Is maximized by the integration of metrics from numerous

environments– Is independent of language

25

Conclusion (2)

• An ABV methodology provides– Productivity

• Removes duplication of effort between designer and verification engineer

• Encourages reuse– Quality

• Executable specification• Formal exhaustiveness• Methodology focused on

checking in addition to coverage

26

Traditional Flow

RTL RTL

Block / Module Cluster / Block Full Chip

RTL RTLRTLRTL

Simulation Simulation

HW-based

Simulation

TestbenchStimuli

Formal Analysis

Potential limited use

Con

fiden

ce

Time

95+%

Done

Sim & HW+ some formal

Limited sanity sim

IncisiveFormalVerifier


HW-based

Simulation

TestbenchStimuli

Targeted use

Simulation


New Done

TTM Gains

OriginalDone

Enhanced Flow

IncisiveUnified

Simulator

IncisiveUnified

Simulator

Assertion-BasedAcceleration

finding bugs faster with assertion based verification (abv)

Technology

verification abv

functional verification

verification reuse

verification objectstransform

posedge iack

ipcontaining assertions

arent assertions

psl vs sva