Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jasper Design Automation© 2005 1 PSL Property Specification Language Jasper Design Automation.

Published byHester Hardy Modified over 8 years ago

Similar presentations

Presentation on theme: "Jasper Design Automation© 2005 1 PSL Property Specification Language Jasper Design Automation."— Presentation transcript:

1 Jasper Design Automation© 2005 1 PSL Property Specification Language Jasper Design Automation

2 Jasper Design Automation© 2005 2 Introduction to PSL

3 Jasper Design Automation© 2005 3 Introduction  What is PSL? o A language for the formal specification of concurrent systems –Particularly applicable for the description of hardware designs –Describe properties (or assertions) that are required to hold on a DUV  Key characteristics of PSL include: o Mathematically precise well-defined formal semantics o Very expressive coving large class of real world design behaviors o Known efficient underlying verification algorithms o Intuitive and easy to learn, read, and write o PSL is a layered language, ideal for reuse, and supports multiple HDL flavors –Verilog, VHDL, SystemC, and SystemVerilog

4 Jasper Design Automation© 2005 4 Background Sugar created at IBM Haifa Research Labs 19941998 FVTC formed in Accellera (OVI) 2001 FVTC considers: Temporal e CBV ForSpec Sugar Linear-time semantics Added to Sugar Branching-time semantics plus regular expressions Syntactic sugaring of CTL PSL based on Sugar 2.0 2002 PSL 1.01 Approved 2003 PSL and SVA alignment 2004 PSL 1.1 Approved 2005 IEEE 1850 PSL PSL enhancements and clarifications

5 Jasper Design Automation© 2005 5 Elements of an assertion language  Logic, whose origins date back to the Greek philosophers, allows us to answer the question: Does a given model satisfy a given property? logic mode l property true/false

6 Jasper Design Automation© 2005 6 Elements of assertion languages  Classical logic deals with timeless statements. o “The moon is a satellite of the earth.” o “The moon is rising (now).”  However, in classical logic, we cannot express: o “The moon will rise again and again” logic universe The moon is rising true/false

7 Jasper Design Automation© 2005 7 Temporal Logic  Our interest – properties of reactive systems.  In reactive systems, processes maintain on-going interaction with their environment.  Interesting statements about reactive systems depend on time. o For example, A and B are mutually exclusive for all values of time  Temporal logic can describe the ordering of events in time without introducing time explicitly. o Without temporal logic, we would be forced to explicitly write equations involving time: –For example,  t.!(A(t) & B(t))

8 Jasper Design Automation© 2005 8 Temporal Logic  Pnueli 1977 – use of temporal logic for reasoning about reactive systems (LTL).  Clarke & Emerson 1981 – model checking (CTL).  Various temporal logics (LTL, CTL, CTL*,…).  The logics differ in o Syntax o Semantics – meaning of the formulas. o Expressiveness – which properties can be expressed. o Complexity – efficiency of evaluating a property. o Underlying model of time.

9 Jasper Design Automation© 2005 9 Temporal Logic  Model of time: o Finite computation (simulation) or infinite computation (model checking). o Linear or branching –Linear – each moment in time has a unique possible future. –Branching – each moment in time can split into various possible futures. 1 2 2 2 1 2 3 2 2 2 2 3 2 1 2 1 3 2 p q

10 Jasper Design Automation© 2005 10  Intuitive to engineers o Reason about expected behavior over linear sequences of states (computational paths) o Thinking is similar to reviewing a simulation trace  Properties evaluated over paths 021 2 0 p 1 q PSL Linear-Time Temporal Logic Infinite path

11 Jasper Design Automation© 2005 11 What We can Express in LTL  All Boolean logic properties. “Process 2 is in the critical section”  next p – p holds in the next state. “Process 2 will be in the critical section in the next state”  eventually! p – eventually p holds. “eventually process 2 will enter the critical section”

12 Jasper Design Automation© 2005 12 What We Cannot Express in LTL?  Counting example: “p is asserted in every even cycle” All the following traces satisfy this property !p,p,!p,p,… p,p,p,p,…. p,p,!p,p,p,p…  No linear-time temporal formula can express this property.

13 Jasper Design Automation© 2005 13 Extended Regular Expressions  Extended regular expressions overcome some of the limitations in linear-time temporal logic’s lack of expressiveness.  They are a convenient way to define a temporal pattern that can match (or more aptly put, specify) sequences of states.  Regular expressions let us describe design behavior that involves counting. o Such as modulo n type behavior, with the * operator.  For example, the PSL extended regular expression: {a ; b ; [*3] ; c ; [*2:3] ; d}

14 Jasper Design Automation© 2005 14 What Cannot be Express with Regular Expressions The property: “eventually p holds forever”  The following property cannot be expressed with regular expressions: o “Eventually, p holds forever”  Can be expressed in LTL. For example, in PSL: o eventually always p !p ppp

15 Jasper Design Automation© 2005 15 What We Can Express in LTL and CTL  “Always if req is received, then ack must be received sometime in the future” o LTL: G (req -> F ack) o CTL: AG(req -> AF ack)  Most useful properties are in the common fragment of LTL and CTL (Maidl, 2000).

16 Jasper Design Automation© 2005 16 PSL Layers

17 Jasper Design Automation© 2005 17 Boolean Temporal Verification Modeling PSL is a Layered Language

18 Jasper Design Automation© 2005 18  The Boolean layer is used to: o Specify logic expressions without specific timing information using a standard HDL syntax such as Verilog-HDL and VHDL Example (Verilog): // A and B are mutually exclusive ( !(A & B) ) Example (VHDL): -- A and B are mutually exclusive ( not (A and B) ) Boolean Layer

19 Jasper Design Automation© 2005 19  The temporal layer is used to: o Specify when the Boolean expression must be valid o Remove time ambiguities Example: // A and B are always mutually exclusive always ( !(A & B) )  There are many temporal operators: o always property o never property o next property Temporal Layer o until property o …

20 Jasper Design Automation© 2005 20  The verification layer is used to: o Specify how to use the property: –Assertion to be verified against the implementation –Assumption to be used as constraint during the verification –Or functional coverage metric to improve the overall verification coverage Example: // A and B must always be mutually exclusive assert always ( !(A & B) ) ; Verification Layer

21 Jasper Design Automation© 2005 21 Modeling Layer  The modeling layer is used to: o Write auxiliary HDL code required to specify complex properties  You can define HDL functions that are used in your properties, model complex FSMs or expressions Example: // If req is asserted, ack must be asserted the next cycle wire req; assign req = readA_req || readB_req; assert always (req -> next (ack && gnt)) ;

22 Jasper Design Automation© 2005 22 PSL Layers wire req; assign req = readA_req || readB_req; assert always (req -> next (ack && gnt)) ; Boolean layer Temporal layer Verification layer Modeling layer

23 Jasper Design Automation© 2005 23 PSL Sequences

24 Jasper Design Automation© 2005 24 PSL Sequences  PSL sequences enable us to: o Describe a sequence of Boolean expression (that is, states)  PSL sequences are marked by curly braces ‘{’ and ‘}’  Advancement of time occurs with each concatenation operator ‘;’ Example: { req; busy; gnt }

25 Jasper Design Automation© 2005 25 PSL Sequences Matching  A PSL sequence can have multiple matching diagrams Example: { req; busy; gnt }  To explicitly match the waveform, we would need to specify the following Example: { req && !busy && !gnt ; !req && busy && !gnt ; !req && !busy && gnt } This diagram represents one possible match req busy gnt req busy gnt This diagram represents another possible match req busy gnt

26 Jasper Design Automation© 2005 26 Temporal Operators for Sequences  PSL supports the following temporal operators for sequences: o Overlapping implication |-> o Non-overlapping implication |=> Example(s): sequence S1 = { req; ack } ; sequence S2 = { start; busy; end } ; // Event “start” occurs on the same clock cycle as “ack” property P1 = always S1 |-> S2 ; // Event “start” occurs on the next clock cycle after “ack” property P2 = always S1 |=> S2 ;

27 Jasper Design Automation© 2005 27 Operators for SERE  PSL supports the following operators for SERE: o Repetition in n consecutive clock cycles[ * n] o Repetition in n non-consecutive clock cycles [=n] o Repetition in n non-consecutive clock cycles [ -> n] o Repetition for 0 or any number of clock cycles [ * ] o Repetition for 1 or any number of clock cycles [+] o Repetition for n to m clock clock cycles [ * n:m]  The number of repetitions must be a positive integer  Keyword inf stands for an infinite number of clock cycles Example(s): sequence S1 = { rd[ * 5] } ; sequence S2 = { rd[->3] } |=> { wr } ; // {!rd[*]; rd; !rd[*]; rd; !rd[*]; rd} sequence S3 = { req} |=> { ack[=1]; done} ; // {!ack[*]; ack; !ack[*]} sequence S4 = { rd[ * ]; rd; wr }; sequence S5 = { rd[+]; wr } ; sequence S6 = { rd[ * 2:5] } |=> { wr } ;

28 Jasper Design Automation© 2005 28 property P1 = { req[+]; ack; wr[*4] } |=> { (wait && !req)[*]; done } ; assert always P1; Example write wait req ack done clock 0 or more 1 or more 0 or more

29 Jasper Design Automation© 2005 29 Receiving Data:  When the reception of data is complete, then an interrupt should occur: property done_rcving_implies_int = always rose(done_rcving) -> rose(int) ; assert done_rcving_implies_int ; Example Properties are Derived from Specification

30 Jasper Design Automation© 2005 30  If the signal that indicates a reception in progress is active, then it should remain active until the reception is complete: property rcving_until_done_rcving = always rose(rcving) -> (rcving until done_rcving) ; assert rcving_until_done_rcving ; Receiving Data: Example Properties are Derived from Specification

31 Jasper Design Automation© 2005 31 Example RTL Implementation Queue qFirst qLast qInsert qRemove qEmpty qFull qDataIn qDataOut 0 1 2 3 4 5 6 7 qError  Design intent o “If Queue is full, then an attempt to insert data is ignored.” (Overflow) o “If Queue is empty, then an attempt to remove data is ignored.” (Underflow)  RTL implementation fragment: function [3:0] qNext; input [3:0] p; qNext = ((p + 1) mod `qSize); endfunction; assign qFull = (qNext(qLast) == qFirst); assign qEmpty = (qLast == qFirst); …  PSL implementation assertions: assert always (qFull && qInsert -> next !qEmpty) abort ~rstN ; assert always (qEmpty && qRemove -> next !qFull) abort ~rstN; cntrl

32 Jasper Design Automation© 2005 32  Verification with PSL is based on using verification units vunit [( )] { }; Example: vunit my_unit (my_module) { default clock = posedge clk; assume never read & write; property P1 = never (full & write); assert P1; assert always (read -> ! empty); }; Verification Units for Grouping Properties and Directives RTL module vunit inputs outputs A vunit binds to a module or an instance Usually a separate file from RTL

33 Jasper Design Automation© 2005 33 High-level requirements End-to-end Black box Based on design intent Generally require modeling+assertions Design Behavior RTL implementation assertions Localized Implementation-specific Generally can be expressed using only assertions Design Intent RTL Implementation Data Integrity Packet Ordering FIFO Overflow Increment By 1 FIFO Overflow One Hot Types of Assertions and PSL Expressiveness

34 Jasper Design Automation© 2005 34 To learn more  www.eda.org/ieee-1850  Accellera v1.1 LRM available at www.accellera.orgwww.accellera.org  My email: harry@jasper-da.com

Download ppt "Jasper Design Automation© 2005 1 PSL Property Specification Language Jasper Design Automation."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.
Sugar 2.0 Formal Specification Language D ana F isman 1,2 Cindy Eisner 1 1 IBM Haifa Research Laboratory 1 IBM Haifa Research Laboratory 2 Weizmann Institute.

Sugar 2.0 Formal Specification Language D ana F isman 1,2 Cindy Eisner 1 1 IBM Haifa Research Laboratory 1 IBM Haifa Research Laboratory 2 Weizmann Institute.
The need for AMS assertions Verify the analog/digital interfaces at block and SoC levels –Check properties involving voltages and currents –Check complex.

The need for AMS assertions Verify the analog/digital interfaces at block and SoC levels –Check properties involving voltages and currents –Check complex.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Verilog Overview. University of Jordan Computer Engineering Department CPE 439: Computer Design Lab.

Verilog Overview. University of Jordan Computer Engineering Department CPE 439: Computer Design Lab.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.

Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.
 2012 Bert Molenkamp, Jan Kuper, University of Twente, PSL Introduction to Assertion Based Verification with PSL (VHDL flavor) Bert Molenkamp Jan Kuper.

 2012 Bert Molenkamp, Jan Kuper, University of Twente, PSL Introduction to Assertion Based Verification with PSL (VHDL flavor) Bert Molenkamp Jan Kuper.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.
Presenter: PCLee – 2011.03.02. This paper outlines the MBAC tool for the generation of assertion checkers in hardware. We begin with a high-level presentation.

Presenter: PCLee – This paper outlines the MBAC tool for the generation of assertion checkers in hardware. We begin with a high-level presentation.
Detailed Design Kenneth M. Anderson Lecture 21

Detailed Design Kenneth M. Anderson Lecture 21
3/20/20091 More State Machines. Multiple processes.

3/20/20091 More State Machines. Multiple processes.
1 Assertion Based Verification 2 The Design and Verification Gap  The number of transistors on a chip increases approximately 58% per year, according.

1 Assertion Based Verification 2 The Design and Verification Gap  The number of transistors on a chip increases approximately 58% per year, according.
Behavioral Design Outline –Design Specification –Behavioral Design –Behavioral Specification –Hardware Description Languages –Behavioral Simulation –Behavioral.

Behavioral Design Outline –Design Specification –Behavioral Design –Behavioral Specification –Hardware Description Languages –Behavioral Simulation –Behavioral.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

Similar presentations

Ads by Google