Formal Specification Using Sugar 2 0 Cindy Eisner

Overview §Declarative language for specification of hardware H §Concise, intuitive formalism to reason about

History § 1994 H §Syntactic sugaring of CTL for Rule. Base model checker R

Track Record (Sugar 1. 0) §IBM products: H §Main Frame line (S/390) §RMidrange line

Sugar 2. 0 - The Language H R L Modeling Verification Temporal Boolean Sugar

The Temporal Layer H R L Modeling Verification Temporal Boolean Sugar 2. 0

Simple Invariants §If data_en is de-asserted, then data_out must be de. H asserted as

Relations Over Time §If req is asserted, then ack must be asserted the following

Relations Over Time, cont. §Whenever a high priority request is received, the next H

Regular Expressions §If req is asserted, then eventually we must see an ack that

Regular Expressions, cont. §A sequence of req followed by ack should be followed by

Hardware clocks §Consider only cycles in which the clock ticks H R always L

Hardware clocks, cont. §Support for multiply-clocked designs H R always L (p -> next

Hardware resets §Synchronous reset H R always L ({req; ack} |-> {start; data[*8]; end}

Standardization: Status §Endorsed publicly by many EDA vendors, including: H §RCadence §LMentor Graphics §Co-Design

Tool Support Company H IBMR L Consulting No. Bug Trans. EDA Cadence Avery TNI/Valiosys

Sugar home page §More information available on the Sugar home page at: H R

Slides: 18

Download presentation

Formal Specification Using Sugar 2. 0 Cindy Eisner September 2002 Verification Technologies IBM Haifa Labs

Overview §Declarative language for specification of hardware H §Concise, intuitive formalism to reason about behavior Rover time L §Combines §temporal logic and §regular expressions §under a convenient layer of user-friendly syntactic sugar §Sugar is used as: §easy-to-read but precise specification §input to formal verification §source of automatically generated checkers for simulation Sugar 2. 0

History § 1994 H §Syntactic sugaring of CTL for Rule. Base model checker R § 1995 L §Addition of regular expressions § 1997 §Automatic generation of simulation monitors Sugar 1. 0 ________________________________________________ Sugar 2. 0 § 2001 §Move to linear (LTL-based) semantics § 2002 §Selected by Accellera for IEEE standardization Sugar 2. 0

Track Record (Sugar 1. 0) §IBM products: H §Main Frame line (S/390) §RMidrange line (AS/400) §LWorkstation line (RS/6000) §PC line (Netfinity) §Super Computers (ASCI) §ASIC/OEM business §External licensees §University program Sugar 2. 0

Sugar 2. 0 - The Language H R L Modeling Verification Temporal Boolean Sugar 2. 0

The Temporal Layer H R L Modeling Verification Temporal Boolean Sugar 2. 0

Simple Invariants §If data_en is de-asserted, then data_out must be de. H asserted as well. R L always (!data_en -> !data_out) §Signals ena and enb are never asserted simultaneously. never (ena & enb) Sugar 2. 0

Relations Over Time §If req is asserted, then ack must be asserted the following H cycle. R L always (req -> next ack) §If req is asserted, ack must be asserted four cycles later. always (req -> next[4] ack) §If req is asserted, ack must be asserted some time in the future. always (req -> eventually! ack) Sugar 2. 0

Relations Over Time, cont. §Whenever a high priority request is received, the next H grant should be to a high priority requester. R L always (hi_pri_req -> next_event(grant)(dst=hi_pri)) §Whenever a request is issued, signal last_ready must be asserted on the fourth assertion of signal ready. always (req -> next_event(ready)[4](last_ready)) Sugar 2. 0

Regular Expressions §If req is asserted, then eventually we must see an ack that is. Hnot aborted. R L always (req -> eventually! {ack ; !abortin}) re q ac k aborti n Sugar 2. 0

Regular Expressions, cont. §A sequence of req followed by ack should be followed by a H data transaction: an assertion of start_trans, followed full by. R eight consecutive data transfers, followed by the L assertion of end_trans. always {req; ack} |=> {start_trans; data[*8]; end_trans} re q ac k starttran s dat a endtran s Sugar 2. 0

Regular Expressions, cont. §A sequence of req followed by ack should be followed by a H data transaction: an assertion of start_trans, followed full by. R eight (not necessarily consecutive) data transfers, L followed by the assertion of end_trans. always {req; ack} |=> {start_trans; data[=8]; end_trans} req ack starttrans data endtrans Sugar 2. 0

Hardware clocks §Consider only cycles in which the clock ticks H R always L (req -> next[4] ack) @ (clk) clk re q ac k Sugar 2. 0

Hardware clocks, cont. §Support for multiply-clocked designs H R always L (p -> next (q@clkq))@clkp i p clkp q clkq Sugar 2. 0

Hardware resets §Synchronous reset H R always L ({req; ack} |-> {start; data[*8]; end} abort reset) @ (clk) §Asynchronous reset always (({req; ack} |-> {start; data[*8]; end}) @ (clk)) abort reset) Sugar 2. 0

Standardization: Status §Endorsed publicly by many EDA vendors, including: H §RCadence §LMentor Graphics §Co-Design Automation § 0 -In Design Automation §Novas Software §Real Intent §Trans. EDA §Verplex §Veritable §Structured Design Verification §Accellera recommendation will be submitted to IEEE by year end 2002 Sugar 2. 0

Tool Support Company H IBMR L Consulting No. Bug Trans. EDA Cadence Avery TNI/Valiosys Esterel @HDL 0 -In Tool Function Rule. Base Fo. Cs S 2 E VN-Property DX Verification Cockpit Test. Wizard im. PROVE-HDL Esterel Suite @Verifier Checker. Ware Model Checker Generator of Simulation Monitors Specification Compiler Dynamic Property Checker Dynamic + Static Property Checking Testbench Automation Tool Model Checker Full-flow solution for design & verification Model Checker Library of Protocol Checkers Sugar 2. 0

Sugar home page §More information available on the Sugar home page at: H R www. haifa. il. ibm. com/projects/verification/sugar/index. html L §Complete definition §Tutorial §Sugar parser §more Sugar 2. 0