Leveraging Assertion Based Verification by using Magellan Michal Cayzer

2 Outline Brief History Concept Familiarity Simulation vs. Formal analysis Introduction of Hybrid Formal Verification Introduction of a case study Environment definitions and their application by Magellan Guidelines for using SVA Finding Bugs and Proofs with Magellan Summary: Superiority of Magellan Hybrid Bug Finder A look to the Future

3 Magellan, Ferdinand Born: c Birthplace: Villa Real, Portugal Died: 27 April 1521 (Killed in battle) Best Known as: The first person to sail around the Earth Magellan sailed in 1519 with the intention of reaching the Spice Islands by sailing west around South America. Though Magellan didn't complete the entire trip, as the expedition's leader he is usually credited with being the first man to circle the globe.

4 Magellan Hybrid RTL Formal Verification Magellan is a hybrid verification tool that allows engineers to find deep, corner-case bugs, quickly and effectively.

5 Validating Concepts Familiarity Property: A declarative statement that defines the expected behavior of a design. For example: a  b Sequence: A property is composed of sequences. It is a chain of events. In our example “a”, “b” and are sequences. Antecedent: Left hand side sequence of a property (“a”). Consequent: Right hand side sequence of a property (“b”). Assertion: Confirming that a design upholds a property for every time unit. Coverage: Confirming that certain properties occur. Assumption/Constraint: Values that should be maintained throughout the verification. Assumptions simplify the problem and make it more manageable by providing fewer things to consider and solve.

6 Verification Implementation: Specification: Anytime is pressed, music is played Holds true? Yes/No

7 Two ways of Testing… Simulation & Formal Verification

8 Simulation Generate input sequences  Random sequences  Specific sequences to test certain functionality Generate expected output sequences Simulate the system with the input sequences Verify that the expected output sequences are produced by the system

9 Formal Verification Intuitive definition:  Given a hardware design M and a property f, a formal verifier will automatically prove whether the design satisfies the property ImplementationSpecification Mathematical proof of identity Identical Not Identical (Error trace)

10 Imaging of Simulation Verification

11 Imaging of Formal Verification

12 Simulation vs. Formal Verification

13 Simulation vs. Formal Verification Pros and Cons Simulation  Incomplete  Difficult to cover corner cases  Need to generate expected behavior  CPU intensive (has to run billions of cycles) Can handle large systems Formal Verification Complete with regard to a specification Corner cases are automatically taken care of No need to generate expected behavior  Most of the methods are memory and compute intensive  Memory usage is strongly related to the size of systems to be verified

14 The Solution! Better the Two than the One!

15 Magellan: Optimized Hybrid Formal Verification Finds bugs by verifying that a given design satisfies a set of properties that define the intended behavior of the design Magellan’s combination of the two approaches shortens the functional verification cycles and results in high-quality designs. Magellan’s unique hybrid architecture combines the strengths of new, advanced formal engines with the strengths of a built-in simulation engine to verify properties on large and complex designs. The System Verilog Assertion (SVA) language subset is the standard for writing checkers for simulation, formal analysis and hybrid formal verification.

16 Magellan- Flow Of Control

17 Imaging of Hybrid Formal Verification

18 Case Study – WISHBONE Protocol

19 Naming Conventions

20 Master / Slave Port Specifications (Wishbone protocol)

21 Macro Properties We implicate assertions to improve Magellan's efficiency and correctness Magellan supports the Macro property to ensure a safe modeling style without redundant typing. Easy to reset

22 Synchronous Reset generate if (async_reset == 1) begin # for assertion property p__impl(a, clk) disable iff (rst) a |-> c; endproperty # for coverage property p__cov(a, clk) disable iff (rst) a ##0 c; endproperty end

23 Always use Implications: A C X ~A/A&C When using system function calls such as $rose, be careful not to look back into “negative” time. Write: 1##1$rose(a) Keep it simple Guidelines for Using SVA

24

25 Finding Bugs and Proofs with Magellan Once the environment constraints are set, Magellan’s hybrid search engines are invoked:  Prove reach-ability for the checker antecedents, both by formal search and hybrid search  Prove the checker consequences by formal search  Bug hunt by giving counterexamples of the checker consequents using hybrid search. The Magellan run is complete when the antecedent for each checker has been proven to be (un)reachable, and the consequent has been (dis)proved

26 Summary: Superiority of Magellan Hybrid Bug Finder Bugs are found extremely fast: within minutes instead of several hours Because counterexamples are produced quickly, the verification engineer has more turn-around time The counterexamples produced by formal only tools may not be reachable in real simulation due to an under-constrained model Larger designs can be produced and verified Better quality designs Result:

27 A look to the Future The hybrid formal verification tool Magellan allows maximum benefit when using SVA checker modules. SVA verification using tools like Magellan will be key components for verification flows of the future

28 מקווה שנהניתם

29 Thank You