Verification Methodology Based on Algorithmic State Machines and Cycle-Accurate Contract Specifications Sergey Frenkel 1 and Alexander Kamkin 2 1 Institute of Informatics Problems of the Russian Academy of Sciences 2 Institute for System Programming of the Russian Academy of Sciences

2 Design Steps Architectural and RTL Design Input: architectural (behavioral) description in HDL (Verilog, VHDL) or system-level language (SystemC, SystemVerilog) Output: RTL description of the design: data path (interconnection of adders, multipliers, etc.) control logic (FSM model of a control unit) Logic Synthesis Input: RTL description of the design Output: gate-level description of the design Physical Design Out of our consideration

3 General Scheme of Design Verification

4 Challenges of Design Verification 50-80% of ASIC / IP / SoC design effort goes to verification, what has effects on Schedule, Cost, Quality computational complexity of formal verification is prohibited for many real-life designs simulation is slow, requires billions of vectors for large designs, and exhaustive simulation is infeasible the verification tools and methods need to scale well, and be able to support efficient debugging, have to allow for ongoing changes in the specification and the design the methodology must be flexible enough to permit new design features, such as soft error detection, including fault latency and self-healing analysis

5 Total Design Cost Reducing A work of a designer is resulted in two or three activities and human/equipment resources which have been spent for one of them should be kept back in another

6 Two Ways of Design Verification (RTL) Verification Formal Verification Verification via Simulation Formal Verification Verification Via Simulation

7 Possible Combination of the Verification Approaches a mechanical combination of the verification techniques: part of design is verified by simulation, while another by a formal method by using of formal specification for simulation verification by using a semi-formal specification

8 Semi-Formal Verification Informal Specification Formal Specification Formal Verification Verification via Simulation Verdict: Pass or Fail

9 Cycle-Accurate Contract Specifications Operations Contracts of stages Contracts of operations A1A1 … ANAN … A1A1 … ANAN … Operation Contracts of stages Contract of operation A1A1 … ANAN pre(A, 1) post(A, 1) pre(A, N) post(A, N) … pre(A)

10 Idea of the Method post(A, 2) post(B, 1) Operation A Operation B A1A1 A2A2 …ANAN B1B1 B2B2 …BNBN Time Test Oracle 123 …

11 A B C Branching and Other Features stage branch fork join

12 Algorithmic State Machine (ASM) An Algorithmic State Machine (ASM) is the directed connected graph containing an initial vertex (Begin), a final vertex (End) and a finite set of operators and conditional vertices. The operators and conditional vertices have only one input, the initial vertex has no input. Initial and operator vertices have only one output, a conditional vertex has two outputs marked by 1 and 0. A final vertex has no outputs. Each operator include some body in a pseudo-code, and its execution takes a clock of the target system time The following are the major steps in the ASM methodology: Describe the target system algorithm by ASM chart (using a pseudo-code) Design the data path based on the ASM chart Design the control logic based on the detailed ASM chart

13 ASM Example Let us an operator Y b be implemented. The sequence of the actions after Yb can be represented by ASM as following: The operator Y 3 is executed after Y b when x 1 x 4 x 3 =1,Y 1 is executed afterY b when x 1 x 3 =1, Y 5 is excuted after Y b when x 1 x 4 x 3 =1 or x 1 =1, that is: Y b x 1 x 4 x 3 Y 3 + x 1 x 4 x' 3 Y 5 + x 1 x' 4 Y 1 + x' 1 Y 5

14 System/Logic Design by Abelite (Prof. Samary Baranov, Holon Institute of Technology, Israel) ASM-description FSM Micro operations RTL (VHDL) Design Tools (SYNOPSIS,CADENCE) I2I2 Joint ASM Flow Chart I1I1 InIn

15 About ASM Formalities A possibility to use some ASM-based formalized verification is due to some formal rules, used for ASM flowchart construction. Namely, to provide this unique correspondence between the ASM flowchart and a target data path and control unit it is enough that a synthesis algorithm would obey the following rules: State boxes should contain only register statements, control signals in parentheses All operations within a state box should be concurrently executable in one clock cycle If the operations in two consecutive state boxes can be executed in the same clock cycle, then these two state boxes can be combined into one state box For each register-transfer statement, there must be a path between the source and destination registers The description contains the ordering of microoperations, namely, each of rectangle take one clock for its execution

16 Suggested Design Verification Methodology

17 Design Verification Methodology (cont.) Formal Verification Temporal properties of the system to verify Behavioral Description in a verification language (SMV) RUN

18 Temporal Logic (CTL) Temporal logic expresses the ordering of events in time by means of operators that specify properties E existential path quantifier A universal path quantifier Xnext time F eventually G globally U until

19 Verification via Model Checking FINITE-STATE SYSTEM PROPERTY TO VERIFY MODEL CHECKING PROGRAM PROPERTY IS TRUE OR A COUNTER EXAMPLE propagates sets of states, not individual trajectories

20 A Fragment of ASM Operation Hierarchical Description

21 ASM-Specified Model Checking (3-bit counter) a1 a10 1 y7y8y9y10y11y12 Micro Instructions: a2 a3 1 y2y3Y1 = y1 a3 a1 1 y4Y2 = y2 y3 a4 a2 1 y1Y3 = y4 a5 a4 1 y4Y4 = y5 y3 a6 a7 1 y4Y5 = y6 y3 a7 a8 1 y1Y6 = y7 y8 y9 y10 y11 y12 a8 a5 1 y5y3 a9 a6 1 y6y3 a10 a9 1 y1Micro Operations: y1 : v:=(v+c_in)mod 2 y3 : c_out:=v&c_in y4 : c_in:=c_out y5 : b1:=v y6 : b0:=v y7 : b0:=0 y8 : b1:=0 y9 : b2:=0 y10 : c_in:=1 y11 : c_out:=0 y12 : v:=0

22 Model Checking (cont.) Conditions of Natural Ordering of Counting SPEC AG (((bit0=0)&(bit1=1) &(bit2=0)) ->AX((bit0=1)&(bit1=1)&(bit2=0))) SPEC AG (((bit0=0)&(bit1=1) &(bit2=0)) ->AX((bit0=1)&(bit1=1)&(bit2=1)))

23 Conclusion An approach that is a combination of ASM-based and contract- based approaches to hardware designs semi-formal verification is introduced The approach allows to unify benefits of both formal and simulation- based methods for complex digital hardware designs verification at early designing stages Presently there are some examples of this approach application to verification tests designing for one of unit of MIPS64-compatible microprocessor The approach allows to describe complex digital hardware with pipelining, interlocks, branching, etc.

24 Thank You!