A New Assertion Property Language for Analog/Mixed-Signal Circuits

A New Assertion Property Language for Analog/Mixed-Signal Circuits Dhanashree Kulkarni, Andrew N. Fisher, Chris J. Myers Electrical and Computer Engineering Department University of Utah Frontiers in Analog CAD February 15, 2013

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Motivation

Analog/mixed-signal (AMS) verification uses detailed transistor-level (SPICE) simulations. SPICE simulation of a PLL can take weeks or even months. Long simulation time makes system-level simulation difficult. Functional bugs can be missed resulting in catastrophic failures. Model checking uses non-determinism and state exploration to formally verify designs over all possible behaviors. Has had tremendous success for verifying of both digital hardware and software systems (now routinely used at Intel, IBM, Microsoft, etc.). For AMS circuits, it is a promising mechanism to validate designs in the face of noise and uncertain parameters and initial conditions.

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

LEMA: LPN Embedded Mixed-Signal Analyzer

Transistor Level Design

SPICE

Traditional Analog Circuit Verification

Simulation Traces

Model Generator

SystemVerilog Model

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

LEMA: LPN Embedded Mixed-Signal Analyzer

Transistor Level Design

SPICE

Traditional Analog Circuit Verification

Simulation Traces

Model Generator

SystemVerilog Model

Simulation Engine

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

LEMA: LPN Embedded Mixed-Signal Analyzer Transistor Level Design

SPICE

Verification Property

Traditional Analog Circuit Verification

Simulation Traces

Model Generator

SystemVerilog Model

Simulation Engine

Assertion Pass/Fail

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

LEMA: LPN Embedded Mixed-Signal Analyzer Transistor Level Design

SPICE

Verification Property

Traditional Analog Circuit Verification

Simulation Traces

Model Generator

Andrew N. Fisher (U. of Utah)

Labeled Petri Net (LPN)

SystemVerilog Model

Model Checker

Simulation Engine

Pass or Fail + Error Trace

Assertion Pass/Fail

AMS Property Language

FAC 2013 / Feb. 15, 2013

Phase Interpolator Vdd

Vdd Vbp

.

.. .

.

.. .

.

omega omegab

ctlb[i]

ctl[i]

phib

phi

.

. Vbn

Andrew N. Fisher (U. of Utah)

psib

psi

16 similar blocks for i = 0...15

AMS Property Language

FAC 2013 / Feb. 15, 2013

Phase Interpolator Simulation

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Phase Interpolator (Property LPN)

tClk {(phi ≥ 0)} [0]

pCheckMin

tFailMin tMin1 tMin2 tMin3 {(omega ≥ 2.2)}{(ctl = 1)} {(ctl = 2)} {(ctl = 3)} [1315] [1255] [1375] [0]

pCheckMax

...

tMax1 tMax2 tMax3 {(ctl = 1)} {(ctl = 2)} {(ctl = 3)} [1265] [1325] [1385]

... tCheck {(omega ≥ 2.2)} [0]

pCheck

Andrew N. Fisher (U. of Utah)

pClk

AMS Property Language

tReset {¬(phi ≥ 0)} [0]

pReset

FAC 2013 / Feb. 15, 2013

Phase Interpolator (Property LPN)

tClk {(phi ≥ 0)} [0]

pCheckMin

tFailMin tMin1 tMin2 tMin3 {(omega ≥ 2.2)}{(ctl = 1)} {(ctl = 2)} {(ctl = 3)} [1315] [1255] [1375] [0]

pCheckMax

...

tMax1 tMax2 tMax3 {(ctl = 1)} {(ctl = 2)} {(ctl = 3)} [1265] [1325] [1385]

... tCheck {(omega ≥ 2.2)} [0]

pCheck

Andrew N. Fisher (U. of Utah)

pClk

AMS Property Language

tReset {¬(phi ≥ 0)} [0]

pReset

FAC 2013 / Feb. 15, 2013

Phase Interpolator (Property LPN)

tClk {(phi ≥ 0)} [0]

pCheckMin

tFailMin tMin1 tMin2 tMin3 {(omega ≥ 2.2)}{(ctl = 1)} {(ctl = 2)} {(ctl = 3)} [1315] [1255] [1375] [0]

pCheckMax

...

tMax1 tMax2 tMax3 {(ctl = 1)} {(ctl = 2)} {(ctl = 3)} [1265] [1325] [1385]

... tCheck {(omega ≥ 2.2)} [0]

pCheck

Andrew N. Fisher (U. of Utah)

pClk

AMS Property Language

tReset {¬(phi ≥ 0)} [0]

pReset

FAC 2013 / Feb. 15, 2013

Phase Interpolator (Property LPN)

tClk {(phi ≥ 0)} [0]

pCheckMin

tFailMin tMin1 tMin2 tMin3 {(omega ≥ 2.2)}{(ctl = 1)} {(ctl = 2)} {(ctl = 3)} [1315] [1255] [1375] [0]

pCheckMax

...

tMax1 tMax2 tMax3 {(ctl = 1)} {(ctl = 2)} {(ctl = 3)} [1265] [1325] [1385]

... tCheck {(omega ≥ 2.2)} [0]

pCheck

Andrew N. Fisher (U. of Utah)

pClk

AMS Property Language

tReset {¬(phi ≥ 0)} [0]

pReset

FAC 2013 / Feb. 15, 2013

Phase Interpolator (Property LPN)

tClk {(phi ≥ 0)} [0]

pCheckMin

tFailMin tMin1 tMin2 tMin3 {(omega ≥ 2.2)}{(ctl = 1)} {(ctl = 2)} {(ctl = 3)} [1315] [1255] [1375] [0]

pCheckMax

...

tMax1 tMax2 tMax3 {(ctl = 1)} {(ctl = 2)} {(ctl = 3)} [1265] [1325] [1385]

... tCheck {(omega ≥ 2.2)} [0]

pCheck

Andrew N. Fisher (U. of Utah)

pClk

AMS Property Language

tReset {¬(phi ≥ 0)} [0]

pReset

FAC 2013 / Feb. 15, 2013

Property Language Translator

Building property net is a tedious process. Requires user to have considerable familiarity with the tool. A new simple, intuitive property language is needed.

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

SystemVerilog Assertions (SVA)

assert (A == B); assert property (@(posedge Clock) Req 7→ ## [10:20] Ack);

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Real-time SVA R ::= @(κ)(b) | R ##1 R’ | R ##0 R’ | R or R’ | R intersect R’ | R[*0] | R[+] | b | b[*α [ + ] : β [ - ]] (phi ≥ 0)[∼> 1] ##1  (((ctl == 1) && !(omega ≥ 2.2))[∗1375 : 1385] ##1 (omega ≥ 2.2)) or (((ctl == 2) && !(omega ≥ 2.2))[∗1315 : 1325] ##1 (omega ≥ 2.2)) or  (((ctl == 3) && !(omega ≥ 2.2))[∗1255 : 1265] ##1 (omega ≥ 2.2)) ##1 !(phi ≥ 0)[∼> 1] where b[∼> 1] ≡ !b[∗0.0 : $] ##1 b.

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Our New Property Language

wait(b) - wait until boolean expression, b, becomes true. wait(b,d) - wait at most d time units for b to become true. assert(b,d) - ensure that b remains true for d time units. assertUntil(b1,b2) - ensure that b1 remains true until b2 is true. waitPosedge(b) - wait for a positive edge on b. always and if-else constructs for control flow.

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Property Language: wait(b) RT-SVA: b[∼> 1] LPN:

p0

t0 {b} [0]

p1

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Property Language: wait(b, d) RT-SVA: !b[∗0 : d] ##1 b LPN: p0

tFail0 {¬(b)} [d]

t0 {b} [0]

p1

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Property Language: assert(b, d) RT-SVA: b[∗d : d] LPN: p0

tFail0 {¬b} [0]

t0 {b} [d]

p1

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Property Language: assertUntil(b1, b2) RT-SVA: ((b1 && !b2)[∗0 : $] ##1 b2) or b2 LPN: p0

tFail0 {¬(b1)&¬(b2)} [0]

t0 {b2} [0]

p1

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Property Language: waitPosedge(b) RT-SVA: !b[∼> 1] ##1 b[∼> 1] LPN: p0

t0 {¬(b)} [0]

p1

t1 {b} [0]

p2

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Property Language: if − else Function: if (b1) { R1 } else if (b2) { R2 } else { R3 } RT-SVA : b1 ##0 R1 or (b2 && !b1) ##0 R2 or (!b1 && !b2) ##0 R3 Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Property LPN: if − else

pStart0

t3 {¬(b1)&(b2)} [0]

R2

t0 {b1} [0]

R1

t6 {¬(b1)&¬(b2)} [0]

R3

pEnd0

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Example 1: Property Language

Whenever a goes from zero to one, b remains low for at least 5ms. property Example1 { boolean a; boolean b; always{ waitPosedge (a); assert(!b, 5); } }

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Example 1: Conversion to RT-SVA and LPN !a[∼> 1] ##1 a[∼> 1] ##1 !b[∗5 : 5] t3 [0]

p0

t0 {¬(a)} [0]

p1

t1 {a} [0]

p2

tFail0 {b}

[0]

t2 {¬b} [5]

p3

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Example 2: Property Language

After a goes high, b and c must be true simultaneously within 25ns. property Example2{ boolean a; boolean b; boolean c; always{ waitPosedge (a); wait(b&c, 25); } }

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Example 2: Conversion to RT-SVA and LPN !a[∼> 1] ##1 a[∼> 1] ##1 !(b && c)[∗0 : 25] ##1 (b && c) t3 [0]

p0

t0 {¬(a)} [0]

p1

t1 {a} [0]

p2

tFail0 {¬(b&c)} [25]

t2 {b&c} [0]

p3

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Example 3: Property Language The delay between the second rising crossing of a at 2.5V and the first falling crossing of b at 4.5V is 250.0ns with a tolerance of 2.5ns. property Example3 { real b; real a; always{ assertUntil(b > 45, a >= 25); assertUntil(b > 45, a < 25); assertUntil(b > 45, a >= 25); assert(b > 45, 2475); wait(b 45) && !(a ≥ 25))[∗0 : $] ##1 (a ≥ 25)) ##1 (((b > 45) && !(a < 25))[∗0 : $] ##1 (a < 25)) ##1 (((b > 45) && !(a ≥ 25))[∗0 : $] ##1 (a ≥ 25)) ##1 ((b > 45)[∗2475 : 2475]) ##1 (!(b ≤ 45)[∗0 : 50] ##1 (b ≤ 45))

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Example 3: Conversion to LPN p0

tFail0 {¬(b > 45)&¬(a ≥ 25)} [0]

t0 {a ≥ 25} [0]

p1

t1 {a < 25} [0]

tFail1 {¬(b > 45)&¬(a < 25)} [0]

t5 [0]

p5

t4 {b ≤ 45} [0]

p2

p4

t2 {a ≥ 25} [0]

tFail2 {¬(b > 45)&¬(a ≥ 25)} [0]

tFail4 {¬(b ≤ 45)} [50]

p3

tFail3 {¬b > 45} [0]

Andrew N. Fisher (U. of Utah)

t3 {b > 45} [2475]

AMS Property Language

FAC 2013 / Feb. 15, 2013

Phase Interpolator Property Using Property Language

property PhaseInterpolator { real ctl; real omega; real phi; always{ wait(phi >= 0); if(ctl=1){ assert(!(omega >= 22), 1375); wait(omega >= 22,10); } continued......

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Phase Interpolator Property Using Property Language else if(ctl=2){ assert(!(omega >= 22), 1315); wait(omega >= 22,10); } else if(ctl=3){ assert(!(omega >= 22), 1255); wait(omega >= 22,10); } else { } wait(phi < 0); } }

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Phase Interpolator Using Real-Time SVA (phi  ≥ 0)[∼> 1] ##1 (ctl == 1) ##0 (!(omega ≥ 22)[∗1375, 1375] ##1
!(omega ≥ 22)[∗0 : 10] ##1 (omega ≥ 22)) or ((ctl == 2) && !(ctl == 1)) ##0 (!(omega ≥ 22)[∗1315, 1315] ##1
!(omega ≥ 22)[∗0 : 10] ##1 (omega ≥ 22)) or ((ctl == 3) && !(ctl == 2) && !(ctl == 1)) ##0 (!(omega ≥ 22)[∗1255, 1255] ##1
!(omega ≥ 22)[∗0 : 10] ##1 (omega ≥ 22)) or  (!(ctl == 3) && !(ctl == 2) && !(ctl == 1)) ##1 (phi < 0)[∼> 1] Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Property Language Using Property LPN pStart0

t2 {ctl = 1} [0]

t1 [0]

p1

t14 {¬(ctl = 1)&¬(ctl = 2)&¬(ctl = 3)} [0]

tFail0 {¬omega < 22} [0]

t0 {phi ≥ 0} [0]

p0

tFail1 {¬(omega ≥ 22)} [10]

t17 [0]

t3 {omega < 22} [1375]

t11 {omega < 22} [1255]

p3

p9

t4 {omega ≥ 22} [0]

t12 {omega ≥ 22} [0]

p4

t16 {phi < 0} [0]

t5 [0]

t6 {¬(ctl = 1)&(ctl = 2)&¬(ctl = 3)} [0]

p5

p8

p2

p12

p11

t10 {¬(ctl = 1)&¬(ctl = 2)&(ctl = 3)} [0]

tFail4 {¬omega < 22} [0]

tFail2 {¬omega < 22} [0]

t7 {omega < 22} [1315]

p6

tFail5 {¬(omega ≥ 22)} [10]

tFail3 {¬(omega ≥ 22)} [10]

p7

p10

t13 [0]

t8 {omega ≥ 22} [0]

t9 [0]

pEnd0

t15 [0]

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Future Work

Prove the equivalence of RT-SVA automata and property LPNs. Determine to what extent LPNs can express RT-SVA. Expand the property language to include more constructs.

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013

Acknowledgements

Dhanashree Kulkarni U. of Utah

Chris J. Myers U. of Utah

This work has been supported by the National Science Foundation, the Semiconductor Research Corporation, and Intel Corporation.

Andrew N. Fisher (U. of Utah)

AMS Property Language

FAC 2013 / Feb. 15, 2013