Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, t he Energy Efficient Solutions logo, mobilegt, PowerQUICC, QorIQ, StarCore and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMAROS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. 2011 Freescale Semiconductor, Inc.
Assertions: compact, mathematically precise property Portable across verification environments Reusable Reduce debug time Digital assertions have limitations Time is aligned to sampling events (clocks) Time is discrete and often can t be referenced directly Continuous quantities (voltage, current) can t be accessed directly What can be done in practice? Use Verilog-AMS and/or SystemVerilog to imitate/approximate true AMS assertions 2 Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMAROS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
Analog blocks are designed and verified [designer] Abstract HDL model is created for the block [designer/modeler] Written for use in SoC verification Performance is key Captures high-level functionality Abstract HDL model verified vs. spec [designer/modeler/verifier] Assertions added and checked here Abstract HDL model verified vs. schematic [designer/modeler/verifier] Pin names and directions match High-level behavior matches Timing may differ and low-level behavior will be missing Abstract HDL model is used in SoC-level verification [verifier] Assertions are carried along with the block and checked at this level 3 Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMAROS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
Properties that are difficult to model but easy to check Interface assumptions Illegal input combinations, sequences, or configurations An experimental feature is never enabled Analog inputs are isolated during digital test modes Power mode transitions Check for conditions that result in floating nodes/leakage paths Block is never enabled without all expected power supplies present Level shifter is properly isolated when one supply goes down Timing relationships Check setup times for analog blocks Circuit must be functional within the specified time after start-up Output is stable within the specified time after being enabled 4 Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMAROS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
Current language approximations are not ideal There are two primary paths forward Introduce unclocked LTL operators Define semantics over discrete time Definitions are well studied and more or less present in SVA/PSL Efficient implementation is a major hurdle Dense (real) time logic extension to SVA/PSL Semantics have been defined for realtime sequences Extension is a superset of the current SVA Allows a free intermingling of clocked and realtime operators Difficulty defining synchronizer between clocked and realtime properties Efficient implementation is a major hurdle 5 Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMAROS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
For example: p -> F[5:10n] q By definition a new evaluation of the property would need to begin at every time tick If p is false no checking of q is required for the next 10 ns If p is true then q must be checked over the next 5-10 ns Can the checking be done using only events and timers? Can this be applied in a systematic way? 6 Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMAROS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
Developed a realtime semantics framework for sequences based on continuous intervals Proved the equivalence between the new realtime semantics and the existing SVA semantics for the SVA sequence forms Introduced two new primitive realtime sequence forms: b: realtime (i.e., unclocked) Boolean b[*d1:d2]: Boolean smear, i.e., Boolean holds continuously for a specified delay range Introduced several new derived realtime sequence forms: r without @(c): sequence without an event r #[d1:d2] s: realtime concatenation r #0 s: realtime fusion b[~>1]: realtime goto 7 Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMAROS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
Developed realtime semantics for most SVA property operators Nonoverlapped implication ( =>) is the problematic operator In SVA, the => operator serves to synchronize between clocks If there is no clock change it is syntactic sugar for -> nexttime In realtime it should be used to synchronize between clocked and realtime sequences Not well defined between two realtime sequences (nexttime isn t well defined for unclocked/realtime sequences) Found a definition that requires the antecedent to be right-closed Still looking for something that allows right-open and right-closed matches of the antecedent Concerns over the efficiency of implementing b[*d1:d2] 8 Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMAROS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
Assertions should affect simulator time step Efficiency is a concern (particularly among the SoC guys) Digital simulator Discrete, event-based restriction will require some approximation Assertion checking engines are already present Limits assertions to time domain checks for digital centric users Analog simulator Continuous time simulation is accurate but expensive Frequency domain properties can be considered Expectation: It will be useful in both simulators who leads? Can assertions be effectively translated between simulators? 9 Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMAROS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
Requests for improved AMS verification are increasing Analog designers have given me a list of checks to for their block Embedded checks in behavioral models have caught bugs in several Freescale SoCs Gaining enough traction that an AMS check failure causes a regression failure Need to increase automated checking at the AMS block level True AMS assertions need additional refinements Efficiency concerns are the biggest hurdle SystemVerilog-Assertions Committee is open to additional operators if they are proven to work efficiently 10 Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMAROS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
Still a largely ad hoc process Automated block-level regression suites rarely exist General verification rigor we have come to expect with digital verification is often absent Immature verification plans Little or no random stimulus Coverage is not collected Disconnect between system-level and block-level Minimal sharing of checkers/monitors If automatic checkers/monitors exist at all Testing focuses on local behaviors not interaction with the system 12 Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMAROS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
SystemVerilog Powerful SystemVerilog Assertions (SVAs) are available Can t access continuous quantities Tend to use carefully timed clocks and multiclocked properties Verilog-AMS Can t write actual assertions Have full access to continuous quantities Use modeling code to approximate assertions SystemVerilog/Verilog-AMS Digitize continuous signals using Verilog-AMS monitors Pass digitized signals into the SystemVerilog module Write assertions using digitized signals, digital signals, and carefully timed clocks 13 Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMAROS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
Property: To avoid floating nodes ensure that when vdd1 is powered down either isolate is high or vdd2 is powered down. For the purpose of determining if a supply is powered up/down we will ignore droops of less than 25 ns. Verilog-AMS checker //inertial delays squash short droops //Note: initialization is ignored here //because it is nontrivial assign #25 vdd1_down =!vdd1_gt_5; assign #25 vdd2_down =!vdd2_gt_5; always @(vdd1_down,isolate,vdd2_down) if(vdd1_down &!(isolate vdd2_down)) $error( ERROR: Floating node! ); Verilog-AMS monitors @(cross(v(vdd1)-5.0,+1)) vdd1_gt_5 <= 1 b1; @(cross(v(vdd1)-5.0,-1)) vdd1_gt_5 <= 1 b0; @(cross(v(vdd2)-5.0,+1)) vdd2_gt_5 <= 1 b1; @(cross(v(vdd2)-5.0,-1)) vdd2_gt_5 <= 1 b0; 14 Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMAROS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.