Paper presentation - National Sun Yat

Download Report

Transcript Paper presentation - National Sun Yat 

2011.07.21 - Presenter: PCLee
VLSI Design, Automatic and Test, 2005. (VLSI-TSA-DAT).

Verifying whether a building block conforms to certain interface
protocol is one of the important steps while constructing an
SOC. However, most existing methods have their own
limitations. Simulation-based methods have the false positive
problem while formal property checking method may suffer
from memory explosion and excessive runtime. In this paper,
we propose a novel branch-and-bound algorithm for interface
protocol compliance verification. The properties of the interface
protocol are specified as a specification FSM, and the interface
logic is formally verified at the higher FSM level. Using the
FSM for property specification is relatively systematic than
using other proprietary property languages, which greatly
reduces the possibility of incomplete property identification.
And it is shown theoretically and experimentally that the
proposed algorithm can finish in reasonable time complexity.
Virtual
component
interface
standard[1]
On Compliance
Test of On-Chip
Bus for SOC [8]
This paper

Simulation-based method(dynamic):



Formal method(static):




Even the coverage can achieve 100%, but the compliance can not be
assured. Because it may suffer from false positive problem.
It is hard to determine whether all properties are completely identified or
not.
Formal verification can avoid false positive problem.
Properties are described in CTL language. The process of extracting
properties form a specification document written by natural languages is
complicated.
It may suffer from memory explosion and excessively long runtime may
be further serious problems while the design size increases.
Assertion-based verification:


More easily understood than CTL.
But it also suffers from the same problems above.

Specification FSM

Possible DUV behavior:
1. don’t care: The behavior is not defined since the input sequence is not supposed to
appear.
2. Legal: The output sequence is allowed by the protocol under a valid input sequence.
3. Illegal: The output sequence is prohibited by the protocol under a valid input sequence.
e1
dc
e7
e3
e2
orig
e4
e5
e7
e7
Idle/
busy
e5
Seq/
nseq
e6
e9
e8
vio
e6
e6
e10
e8
wait
e5
e10
e1: 𝐻𝑆𝐸𝐿+HREADYin
e2: HSEL∙HREADYin∙(HTRANS=NSEQ)
e3: HSEL∙HREADYin∙(HTRANS=SEQ)
e4: HSEL∙HREADYin∙(HTRANS=IDLE||BUSY)
e5: HSEL∙HREADY∙(HTRANS=IDLE||BUSY)
∙(HRESP=OKAY)
e6: HSEL∙HREADY∙(HTRANS=SEQ||NSEQ)
∙(HRESP=OKAY)
e7: 𝐻𝑆𝐸𝐿 ∙HREADY∙(HRESP=OKAY)
e8:HREADY∙(HRESP≠OKAY)
e9:𝐻𝑅𝐸𝐴𝐷𝑌+(HRESP≠OKAY)
e10:𝐻𝑅𝐸𝐴𝐷𝑌 ∙(HRESP=OKAY)

FSM of an AHB slave interface design
eS/100(HREADY, HRESP[1], HRESP[0])
eS/100
sleep
eS/100
eR/100
eW/100
eW/000
eR/100
prep
write
eW/000
eR/000
eW/100
read
eR/100
eS: HSEL + HREADYin +
(HTRANS=IDLE||BUSY)
eR: HSEL∙ HWRITE ∙HREADYin∙
(HTRANS=NSEQ||SEQ)
eW: HSEL∙HWRITE∙HREADYin∙
(HTRANS=NSEQ||SEQ)
eW/100

There may have relation between two FSM for each
states(state pair).



The orig and idle/busy state can corresponds to sleep state.
The seq/nseq state can corresponds to read and write state.
The DUV must be proved to be compliant if and only
if all possible state pairs are examined and none of
them includes the vio state.

Growing a tree to find all state pairs.

Consider e2 and eW/100. The intersection of two edges is nonzero, which infers there exists certain input along with the
corresponding output that can drive both transitions.

HSEL=HWRITE=HREADYin=1, HTRANS=NSEQ can drive eW and e2.
orig, sleep
seq/nseq,
prep
seq/nseq,
write
…
…
xx
idle/busy,
sleep
…
orig, sleep

It is impossible to finish the whole tree. The tree will have infinite depth. So we must
have certain bounding condition to prune the tree to be finite and without losing any
possible state pair.

We can stop one node growing child if this node has presented.
Iteration count = 𝑁
𝑛=1( 𝑒𝑞𝑠,𝑛 × 𝑒𝑞𝑑,𝑛 )
N: recursive times
n: n-th recursion
Worst case:
N= 𝑄𝑠 × 𝑄𝑑
𝑒𝑞𝑠,𝑛 = 𝑄𝑠
𝑒𝑞𝑑,𝑛 = 𝑄𝑑
=>iteration count = ( 𝑄𝑠 × 𝑄𝑑 )2
=>time complexity = O(( 𝑄𝑠 × 𝑄𝑑 )2 )
However, the graph is rarely a complete
graph. Experimental results show that the
iteration count is typically far lower than
this upper bound.

The algorithm is implemented in C.

The result indicate that the actual iteration count is far less than
the worst case.

Each verification run finishes within just 1 second.

Since the verification is done at the higher FSM level and only
the separated interface logic under verification, this paper’s
approach can efficiently complete the verification even if it is a
formal method indeed.

a novel branch-and-bound algorithm is then proposed to
formally solve the FSM compliance problem in polynomial
time complexity.

In comparison with static formal methods, our algorithm hardly
suffers from memory explosion and excessive runtime issuses
in practice.

FSM verification can verify the bus protocol correctly and
systematically. And the verification is still efficient.
Efficient AutomataBased AssertionChecker Synthesis
of SEREs for
Hardware Emulation
Efficient
Automata-Based
Assertion-Checker
Synthesis of PSL
properties
This paper
Assertion Checkers –
Enablers of Quality
Design
Assertion-based
Formal method