Loading in 2 Seconds...
Loading in 2 Seconds...
Paper presentation:Formal Compliance Verification of Interface Protocols 2011.07.21 - Presenter: PCLee VLSI Design, Automatic and Test, 2005. (VLSI-TSA-DAT).
Abstract • Verifying whether a building block conforms to certain interface protocol is one of the important steps while constructing an SOC. However, most existing methods have their own limitations. Simulation-based methods have the false positive problem while formal property checking method may suffer from memory explosion and excessive runtime. In this paper, we propose a novel branch-and-boundalgorithm for interface protocol compliance verification. The properties of the interface protocol are specified as a specification FSM, and the interface logic is formally verified at the higher FSM level. Using the FSM for property specification is relatively systematic than using other proprietary property languages, which greatly reduces the possibility of incomplete property identification. And it is shown theoretically and experimentally that the proposed algorithm can finish in reasonable time complexity.
Reference tree Virtual component interface standard On Compliance Test of On-Chip Bus for SOC  This paper
What’s the problem • Simulation-based method(dynamic): • Even the coverage can achieve 100%, but the compliance can not be assured. Because it may suffer from false positive problem. • It is hard to determine whether all properties are completely identified or not. • Formal method(static): • Formal verification can avoid false positive problem. • Properties are described in CTL language. The process of extracting properties form a specification document written by natural languages is complicated. • It may suffer from memory explosion and excessively long runtime may be further serious problems while the design size increases. • Assertion-based verification: • More easily understood than CTL. • But it also suffers from the same problems above.
FSM verification(1) • Specification FSM • Possible DUV behavior: • don’t care: The behavior is not defined since the input sequence is not supposed to appear. • Legal: The output sequence is allowed by the protocol under a valid input sequence. • Illegal: The output sequence is prohibited by the protocol under a valid input sequence. e1 dc e1: + e2: HSELHREADYin(HTRANS=NSEQ) e3: HSELHREADYin(HTRANS=SEQ) e4: HSELHREADYin(HTRANS=IDLE||BUSY) e5:HSELHREADY(HTRANS=IDLE||BUSY) (HRESP=OKAY) e6:HSELHREADY(HTRANS=SEQ||NSEQ) (HRESP=OKAY) e7:HREADY(HRESP=OKAY) e8:HREADY(HRESPOKAY) e9:+(HRESPOKAY) e10:(HRESPOKAY) e7 e3 orig e2 e4 e7 e5 e7 Idle/busy e5 Seq/nseq e6 e6 e9 vio e8 e6 e10 e8 wait e5 e10
FSM verification(2) • FSM of an AHB slave interface design eS/100(HREADY, HRESP, HRESP) eS/100 sleep eS: (HTRANS=IDLE||BUSY) eR: HSELHREADYin (HTRANS=NSEQ||SEQ) eW: HSELHWRITEHREADYin (HTRANS=NSEQ||SEQ) eS/100 eR/100 eW/100 eW/000 prep write eR/100 eW/100 eW/000 eR/000 read eW/100 eR/100
How to verify • There may have relation between two FSM for each states(state pair). • The orig and idle/busy state can corresponds to sleep state. • The seq/nseq state can corresponds to read and write state. • The DUV must be proved to be compliant if and only if all possible state pairs are examined and none of them includes the vio state. • Growing a tree to find all state pairs.
Tree-growing process • Consider e2 and eW/100. The intersection of two edges is non-zero, which infers there exists certain input along with the corresponding output that can drive both transitions. • HSEL=HWRITE=HREADYin=1, HTRANS=NSEQ can drive eW and e2. orig, sleep seq/nseq, prep seq/nseq, write orig, sleep idle/busy, sleep … … … xx
Branch-and-bound algorithm • It is impossible to finish the whole tree. The tree will have infinite depth. So we must have certain bounding condition to prune the tree to be finite and without losing any possible state pair. • We can stop one node growing child if this node has presented. Iteration count = N: recursive times n: n-th recursion Worst case: N= = = =>iteration count = =>time complexity = O() However, the graph is rarely a complete graph. Experimental results show that the iteration count is typically far lower than this upper bound.
Experimental result • The algorithm is implemented in C. • The result indicate that the actual iteration count is far less than the worst case. • Each verification run finishes within just 1 second.
conclusion • Since the verification is done at the higher FSM level and only the separated interface logic under verification, this paper’s approach can efficiently complete the verification even if it is a formal method indeed. • a novel branch-and-bound algorithm is then proposed to formally solve the FSM compliance problem in polynomial time complexity. • In comparison with static formal methods, our algorithm hardly suffers from memory explosion and excessive runtime issuses in practice.
My conclusion • FSM verification can verify the bus protocol correctly and systematically. And the verification is still efficient.
Research tree Efficient Automata-Based Assertion-Checker Synthesis of PSL properties Efficient Automata-Based Assertion-Checker Synthesis of SEREs for Hardware Emulation This paper Assertion Checkers – Enablers of Quality Design Assertion-based Formal method