290 likes | 454 Vues
Leveraging Assertion Based Verification by using Magellan. Michal Cayzer. Outline. Brief History Concept Familiarity Simulation vs. Formal analysis Introduction of Hybrid Formal Verification Introduction of a case study Environment definitions and their application by Magellan
E N D
Leveraging Assertion Based Verification by using Magellan Michal Cayzer
Outline • Brief History • Concept Familiarity • Simulation vs. Formal analysis • Introduction of Hybrid Formal Verification • Introduction of a case study • Environment definitions and their application by Magellan • Guidelines for using SVA • Finding Bugs and Proofs with Magellan • Summary: Superiority of Magellan Hybrid Bug Finder • A look to the Future
Magellan, Ferdinand • Born: c. 1480 • Birthplace: Villa Real, Portugal • Died: 27 April 1521 (Killed in battle) • Best Known as: The first person to sail around the Earth Magellan sailed in 1519 with the intention of reaching the Spice Islands by sailing west around South America. Though Magellan didn't complete the entire trip, as the expedition's leader he is usually credited with being the first man to circle the globe.
Magellan Hybrid RTL Formal Verification Magellan is a hybrid verification tool that allows engineers to find deep, corner-case bugs, quickly and effectively.
Validating Concepts Familiarity • Property: A declarative statement that defines the expected behavior of a design. For example: ab • Sequence: A property is composed of sequences. It is a chain of events. In our example “a”, “b” and are sequences. • Antecedent: Left hand side sequence of a property (“a”). • Consequent: Right hand side sequence of a property (“b”). • Assertion: Confirming that a design upholds a property for every time unit. • Coverage:Confirming that certain properties occur. • Assumption/Constraint: Values that should be maintained throughout the verification. Assumptions simplify the problem and make it more manageable by providing fewer things to consider and solve.
Verification Implementation: Holds true? Yes/No Specification:Anytime is pressed, music is played
Two ways of Testing… Simulation & Formal Verification
Simulation • Generate input sequences • Random sequences • Specific sequences to test certain functionality • Generate expected output sequences • Simulate the system with the input sequences • Verify that the expected output sequences are produced by the system
Formal Verification Implementation Specification • Intuitive definition: • Given a hardware design M and a property f, a formal verifier will automatically prove whether the design satisfies the property Mathematical proof of identity Identical Not Identical (Error trace)
Simulation vs. Formal VerificationPros and Cons • Formal Verification • Complete with regard to a specification • Corner cases are automatically taken care of • No need to generate expected behavior • Most of the methods are memory and compute intensive • Memory usage is strongly related to the size of systems to be verified • Simulation • Incomplete • Difficult to cover corner cases • Need to generate expected behavior • CPU intensive (has to run billions of cycles) • Can handle large systems
Magellan: Optimized Hybrid Formal Verification • Finds bugs by verifying that a given design satisfies a set of properties that define the intended behavior of the design • Magellan’s combination of the two approaches shortens the functional verification cycles and results in high-quality designs. Magellan’s unique hybrid architecture combines the strengths of new, advanced formal engines with the strengths of a built-in simulation engine to verify properties on large and complex designs. • The System Verilog Assertion (SVA) language subset is the standard for writing checkers for simulation, formal analysis and hybrid formal verification.
Macro Properties • We implicate assertions to improve Magellan's efficiency and correctness • Magellan supports the Macro property to ensure a safe modeling style without redundant typing. • Easy to reset
Synchronous Reset generate if (async_reset == 1) begin # for assertion property p__impl(a, c); @(posedge clk) disable iff (rst) a |-> c; endproperty # for coverage property p__cov(a, c); @(posedge clk) disable iff (rst) a ##0 c; endproperty end
Guidelines for Using SVA • Always use Implications: • A C X ~A/A&C • When using system function calls such as $rose, be careful not to look back into “negative” time. Write: 1##1$rose(a) • Keep it simple
Finding Bugs and Proofs with Magellan • Once the environment constraints are set, Magellan’s hybrid search engines are invoked: • Prove reach-ability for the checker antecedents, both by formal search and hybrid search • Prove the checker consequences by formal search • Bug hunt by giving counterexamples of the checker consequents using hybrid search. • The Magellan run is complete when the antecedent for each checker has been proven to be (un)reachable, and the consequent has been (dis)proved
Summary: Superiority of Magellan Hybrid Bug Finder • Bugs are found extremely fast: within minutes instead of several hours • Because counterexamples are produced quickly, the verification engineer has more turn-around time • The counterexamples produced by formal only tools may not be reachable in real simulation due to an under-constrained model • Larger designs can be produced and verified Better quality designs Result:
A look to the Future • The hybrid formal verification tool Magellan allows maximum benefit when using SVA checker modules. • SVA verification using tools like Magellan will be key components for verification flows of the future