A New Assertion Property Language for Analog/Mixed-Signal Circuits

Transcription

1 A New Assertion Property Language for Analog/Mixed-Signal Circuits Dhanashree Kulkarni, Andrew N. Fisher, Chris J. Myers Electrical and Computer Engineering Department University of Utah Frontiers in Analog CAD February 15, 2013

2 Motivation Analog/mixed-signal (AMS) verification uses detailed transistor-level (SPICE) simulations. SPICE simulation of a PLL can take weeks or even months. Long simulation time makes system-level simulation difficult. Functional bugs can be missed resulting in catastrophic failures. Model checking uses non-determinism and state exploration to formally verify designs over all possible behaviors. Has had tremendous success for verifying of both digital hardware and software systems (now routinely used at Intel, IBM, Microsoft, etc.). For AMS circuits, it is a promising mechanism to validate designs in the face of noise and uncertain parameters and initial conditions.

3 LEMA: LPN Embedded Mixed-Signal Analyzer Transistor Level Design SPICE Traditional Analog Circuit Verification Simulation Traces Model Generator SystemVerilog Model

4 LEMA: LPN Embedded Mixed-Signal Analyzer Transistor Level Design SPICE Traditional Analog Circuit Verification Simulation Traces Model Generator SystemVerilog Model Simulation Engine

5 LEMA: LPN Embedded Mixed-Signal Analyzer Transistor Level Design SPICE Traditional Analog Circuit Verification Verification Property Simulation Traces Model Generator SystemVerilog Model Simulation Engine Assertion Pass/Fail

6 LEMA: LPN Embedded Mixed-Signal Analyzer Transistor Level Design SPICE Traditional Analog Circuit Verification Verification Property Simulation Traces Model Generator Labeled Petri Net (LPN) SystemVerilog Model Model Checker Simulation Engine Pass or Fail + Error Trace Assertion Pass/Fail

7 Phase Interpolator Vdd Vdd Vbp omega omegab ctl[i] ctlb[i] phi. phib psi. psib Vbn 16 similar blocks for i =

8 Phase Interpolator Simulation

9 Phase Interpolator (Property LPN) tclk {(phi 0)} pclk pcheckmin pcheckmax... {(ctl = 1)} {(ctl = 2)} {(ctl = 3)}... tfailmin tmin1 tmin2 tmin3 tmax1 tmax2 tmax3 (omega 2.2)} {(ctl = 1)} {(ctl = 2)} {(ctl = 3)} [1375] [1315] [1255] [1385] [1325] [1265] treset { (phi 0)} pcheck tcheck {(omega 2.2)} preset

10 Phase Interpolator (Property LPN) tclk {(phi 0)} pclk pcheckmin pcheckmax... {(ctl = 1)} {(ctl = 2)} {(ctl = 3)}... tfailmin tmin1 tmin2 tmin3 tmax1 tmax2 tmax3 (omega 2.2)} {(ctl = 1)} {(ctl = 2)} {(ctl = 3)} [1375] [1315] [1255] [1385] [1325] [1265] treset { (phi 0)} pcheck tcheck {(omega 2.2)} preset

11 Phase Interpolator (Property LPN) tclk {(phi 0)} pclk pcheckmin pcheckmax... {(ctl = 1)} {(ctl = 2)} {(ctl = 3)}... tfailmin tmin1 tmin2 tmin3 tmax1 tmax2 tmax3 (omega 2.2)} {(ctl = 1)} {(ctl = 2)} {(ctl = 3)} [1375] [1315] [1255] [1385] [1325] [1265] treset { (phi 0)} pcheck tcheck {(omega 2.2)} preset

12 Phase Interpolator (Property LPN) tclk {(phi 0)} pclk pcheckmin pcheckmax... {(ctl = 1)} {(ctl = 2)} {(ctl = 3)}... tfailmin tmin1 tmin2 tmin3 tmax1 tmax2 tmax3 (omega 2.2)} {(ctl = 1)} {(ctl = 2)} {(ctl = 3)} [1375] [1315] [1255] [1385] [1325] [1265] treset { (phi 0)} pcheck tcheck {(omega 2.2)} preset

13 Phase Interpolator (Property LPN) tclk {(phi 0)} pclk pcheckmin pcheckmax... {(ctl = 1)} {(ctl = 2)} {(ctl = 3)}... tfailmin tmin1 tmin2 tmin3 tmax1 tmax2 tmax3 (omega 2.2)} {(ctl = 1)} {(ctl = 2)} {(ctl = 3)} [1375] [1315] [1255] [1385] [1325] [1265] treset { (phi 0)} pcheck tcheck {(omega 2.2)} preset

14 Property Language Translator Building property net is a tedious process. Requires user to have considerable familiarity with the tool. A new simple, intuitive property language is needed.

15 SystemVerilog Assertions (SVA) assert (A == B); assert property Clock) Req ## [10:20] Ack);

16 Real-time SVA R R ##1 R R ##0 R R or R R intersect R R[*0] R[+] b b[*α [ + ] : β [ - ]] ( (phi 0)[ > 1] ##1 (((ctl == 1) &&!(omega 2.2))[ 1375 : 1385] ##1 (omega 2.2)) or (((ctl == 2) &&!(omega 2.2))[ 1315 : 1325] ##1 (omega 2.2)) or ) (((ctl == 3) &&!(omega 2.2))[ 1255 : 1265] ##1 (omega 2.2)) ##1!(phi 0)[ > 1] where b[ > 1]!b[ 0.0 : $] ##1 b.

17 Our New Property Language wait(b) - wait until boolean expression, b, becomes true. wait(b,d) - wait at most d time units for b to become true. assert(b,d) - ensure that b remains true for d time units. assertuntil(b1,b2) - ensure that b1 remains true until b2 is true. waitposedge(b) - wait for a positive edge on b. always and if-else constructs for control flow.

18 Property Language: wait(b) RT-SVA: b[ > 1] LPN: p0 t0 {b} p1

19 Property Language: wait(b, d) RT-SVA:!b[ 0 : d] ##1 b LPN: p0 tfail0 { (b)} [d] t0 {b} p1

20 Property Language: assert(b, d) RT-SVA: b[ d : d] LPN: p0 tfail0 { b} t0 {b} [d] p1

21 Property Language: assertuntil(b1, b2) RT-SVA: ((b1 &&!b2)[ 0 : $] ##1 b2) or b2 LPN: p0 tfail0 { (b1)& (b2)} t0 {b2} p1

22 Property Language: waitposedge(b) RT-SVA:!b[ > 1] ##1 b[ > 1] LPN: p0 t0 { (b)} p1 t1 {b} p2

23 Function: if (b1) { R1 } else if (b2) { R2 } else { R3 } RT-SVA : b1 ##0 R1 or (b2 &&!b1) ##0 R2 or (!b1 &&!b2) ##0 R3 Property Language: if else

24 Property LPN: if else pstart0 t3 { (b1)&(b2)} t0 {b1} t6 { (b1)& (b2)} R2 R1 R3 pend0

25 Example 1: Property Language Whenever a goes from zero to one, b remains low for at least 5ms. property Example1 { boolean a; boolean b; always{ waitposedge (a); assert(!b, 5); } }

26 Example 1: Conversion to RT-SVA and LPN!a[ > 1] ##1 a[ > 1] ##1!b[ 5 : 5] t3 p0 t0 { (a)} p1 t1 {a} p2 tfail0 {b} t2 { b} [5] p3

27 Example 2: Property Language After a goes high, b and c must be true simultaneously within 25ns. property Example2{ boolean a; boolean b; boolean c; always{ waitposedge (a); wait(b&c, 25); } }

28 Example 2: Conversion to RT-SVA and LPN!a[ > 1] ##1 a[ > 1] ##1!(b && c)[ 0 : 25] ##1 (b && c) t3 p0 t0 { (a)} p1 t1 {a} p2 tfail0 { (b&c)} [25] t2 {b&c} p3

29 Example 3: Property Language The delay between the second rising crossing of a at 2.5V and the first falling crossing of b at 4.5V is 250.0ns with a tolerance of 2.5ns. property Example3 { real b; real a; always{ assertuntil(b > 45, a >= 25); assertuntil(b > 45, a < 25); assertuntil(b > 45, a >= 25); assert(b > 45, 2475); wait(b <= 45, 50); } }

30 Example 3: Conversion to RT-SVA (((b > 45) &&!(a 25))[ 0 : $] ##1 (a 25)) ##1 (((b > 45) &&!(a < 25))[ 0 : $] ##1 (a < 25)) ##1 (((b > 45) &&!(a 25))[ 0 : $] ##1 (a 25)) ##1 ((b > 45)[ 2475 : 2475]) ##1 (!(b 45)[ 0 : 50] ##1 (b 45))

31 Example 3: Conversion to LPN p0 tfail0 { (b > 45)& (a 25)} t0 {a 25} t5 p1 p5 t1 {a < 25} tfail1 { (b > 45)& (a < 25)} t4 {b 45} p2 p4 t2 {a 25} tfail2 { (b > 45)& (a 25)} tfail4 { (b 45)} [50] p3 tfail3 { b > 45} t3 {b > 45} [2475]

32 Phase Interpolator Property Using Property Language property PhaseInterpolator { real ctl; real omega; real phi; always{ wait(phi >= 0); if(ctl=1){ assert(!(omega >= 22), 1375); wait(omega >= 22,10); } continued...

33 Phase Interpolator Property Using Property Language } } else if(ctl=2){ assert(!(omega >= 22), 1315); wait(omega >= 22,10); } else if(ctl=3){ assert(!(omega >= 22), 1255); wait(omega >= 22,10); } else { } wait(phi < 0);

34 Phase Interpolator Using Real-Time SVA (phi 0)[ > 1] ##1 ( ((ctl == 1) ##0 (!(omega 22)[ 1375, 1375] ##1!(omega 22)[ 0 : 10] ##1 (omega 22)) ) ( or ((ctl == 2) &&!(ctl == 1)) ##0 (!(omega 22)[ 1315, 1315] ##1!(omega 22)[ 0 : 10] ##1 (omega 22)) ) ( or ((ctl == 3) &&!(ctl == 2) &&!(ctl == 1)) ##0 (!(omega 22)[ 1255, 1255] ##1!(omega 22)[ 0 : 10] ##1 (omega 22)) ) or ) (!(ctl == 3) &&!(ctl == 2) &&!(ctl == 1)) ##1 (phi < 0)[ > 1]

35 Property Language Using Property LPN pstart0 t1 t2 {ctl = 1} t10 { (ctl = 1)& (ctl = 2)&(ctl = 3)} t6 { (ctl = 1)&(ctl = 2)& (ctl = 3)} t14 p1 { (ctl = 1)& (ctl = 2)& (ctl = 3)} p2 p8 p5 t0 tfail0 t3 t11 tfail4 tfail2 t7 {phi 0} { omega < 22} {omega < 22} {omega < 22} { omega < 22} { omega < 22} {omega < 22} [1375] [1255] [1315] p0 p3 p9 p6 t17 tfail1 { (omega 22)} [10] t4 {omega 22} t12 {omega 22} tfail5 { (omega 22)} [10] t8 {omega 22} tfail3 { (omega 22)} [10] p12 p4 p10 p7 t16 {phi < 0} t5 t13 t9 p11 pend0 t15

36 Future Work Prove the equivalence of RT-SVA automata and property LPNs. Determine to what extent LPNs can express RT-SVA. Expand the property language to include more constructs.

37 Acknowledgements Dhanashree Kulkarni Chris J. Myers U. of Utah U. of Utah This work has been supported by the National Science Foundation, the Semiconductor Research Corporation, and Intel Corporation.