Professional Documents
Culture Documents
1424 - Caveat AMBA - Exhaustive Formal Verification To Prevent Disaster
1424 - Caveat AMBA - Exhaustive Formal Verification To Prevent Disaster
IC Verification Solutions
Arm TechCon
October 2019
Today’s Agenda
Level Set: what is “Formal verification”
Formal Verification IP
Case Studies
DUT
Initial
states
Exhaustive
proof!
ack
ack
Formal
Domain A
AMBA
Bus
System Interconnect 0
Interface compliance
System Interconnect 1
Bridge DMA
μC
DMA
PHY
Ethernet
Data integrity Controller
SDRAM
SDRAM RAM RAM
Controller
Complex state logic
Arbitration logic
Formal Verification IP
Case Studies
Capabilities include:
— Comprehensive set of checks to cover the most complex protocol features
— “Inspection signals” to observe and extend internal behaviors
— Optimized specifically for formal analysis
SVA
Modeling Code
DUT
Properties
DUT Signals
Clocks
Resets
Annotation
Checker Signals
Signals
Annotate Context Event Inspect Interface Parameter Check
Counterexamples
Proven or witness traces
RTL Questa Properties
PropCheck
UCDB
Properties
Assertions, Assumes,
Constraints, Covers
Questa Formal
AMBA Library
Formal Verification IP
Case Studies
Methodology
— Use Questa Formal AMBA Verification IP with Questa PropCheck
to exhaustively verify interfaces met specs
— Also wrote assertions to formally prove external CPU cannot
access private registers
— Prove that accesses from multiple clients can be serviced concurrently
Results
— Formal found bugs very quickly that were being missed by constrained
random simulations
— Using the Formal Verification IP was easy, and really expedited the project
— Using external Verification IP allowed for more verification independence
— Will continue to use formal verification IP to verify standard interfaces
https://www.mentor.com/events/user2user
© 2019 Mentor, A Siemens Business
www.VerificationAcademy.com
© 2019 Mentor, A Siemens Business
Results can be easily integrated into the master progress tracking reports
Assumptions
— Properties that are assumed to be true while analyzing other properties
— Also known as “constraints”
Assertions
— The properties to be proved or disproved
— Typically elements of the design specification – roughly equivalent to “tests” in simulation
Covers
— Properties specifying nodes or behaviors in a design that the verification engineer wants to see exercised
— Effectively like “covergroups” in a simulation (and often the exact same code is used/referenced)
Safety Properties
— In all states and for all time, something bad can never happen
Liveness Properties
— A desired event or behavior will eventually happen