Leveraging Assertion
Based Verification by
using Magellan
Michal Cayzer
Outline










Brief History
Concept Familiarity
Simulation vs. Formal analysis
Introduction of Hybrid Formal Verification
Introduction of a case study
Environment definitions and their application by Magellan
Guidelines for using SVA
Finding Bugs and Proofs with Magellan
Summary: Superiority of Magellan Hybrid Bug Finder
A look to the Future
2
Magellan, Ferdinand




Born: c. 1480
Birthplace: Villa Real, Portugal
Died: 27 April 1521 (Killed in battle)
Best Known as: The first person to sail around the Earth
Magellan sailed in 1519 with the intention
of reaching the Spice Islands by sailing
west around South America.
Though Magellan didn't complete the
entire trip, as the expedition's leader he
is usually credited with being the first
man to circle the globe.
3
Magellan Hybrid RTL Formal Verification
Magellan is a hybrid verification tool that allows engineers
to find deep, corner-case bugs, quickly and effectively.
4
Validating Concepts Familiarity

Property: A declarative statement that defines the expected behavior of a
design. For example: ab

Sequence: A property is composed of sequences. It is a chain of events.
In our example “a”, “b” and are sequences.

Antecedent: Left hand side sequence of a property (“a”).

Consequent: Right hand side sequence of a property (“b”).

Assertion: Confirming that a design upholds a property for every time unit.

Coverage: Confirming that certain properties occur.

Assumption/Constraint: Values that should be maintained throughout
the verification. Assumptions simplify the problem and make it more
manageable by providing fewer things to consider and solve.
5
Verification
Implementation:
Holds true?
Yes/No
Specification:
Anytime
is
pressed, music
is played
6
Two ways of Testing…
Simulation & Formal Verification
7
Simulation

Generate input sequences

Random sequences
 Specific sequences to test certain functionality



Generate expected output sequences
Simulate the system with the input sequences
Verify that the expected output sequences are produced by the system
Simulator
Vector
generator
1
0
1
0
0
Implementation
0
1
1
1
0
0
1
1
1
0
?
=
0
1
1
1
0
checker
8
Formal Verification
Implementation
Specification
Mathematical proof
of identity
Identical

Not Identical
(Error trace)
Intuitive definition:

Given a hardware design M and a property f, a formal verifier will
automatically prove whether the design satisfies the property
9
Imaging of Simulation Verification
Initial
State
10
Imaging of Formal Verification
Initial
State
Formal
Analysis
11
Simulation vs. Formal Verification
Implementation
Logic
Simulation
Partial Coverage
Formal
Analysis
Complete Coverage
12
Simulation vs. Formal Verification
Pros and Cons

Simulation
 Incomplete
 Difficult to cover corner
cases
 Need to generate expected
behavior
 CPU intensive (has to run
billions of cycles)
 Can handle large systems

Formal Verification
 Complete with regard to a
specification
 Corner cases are
automatically taken care of
 No need to generate
expected behavior
 Most of the methods are
memory and compute
intensive
 Memory usage is strongly
related to the size of
systems to be verified
13
The Solution! Better the Two than the One!
14
Magellan: Optimized Hybrid Formal Verification

Finds bugs by verifying that a given design satisfies a set of
properties that define the intended behavior of the design

Magellan’s combination of the two approaches shortens the
functional verification cycles and results in high-quality designs.
Magellan’s unique hybrid architecture combines the strengths of
new, advanced formal engines with the strengths of a built-in
simulation engine to verify properties on large and complex designs.

The System Verilog Assertion (SVA) language subset is the
standard for writing checkers for simulation, formal analysis and
hybrid formal verification.
15
Magellan- Flow Of Control
16
Imaging of Hybrid Formal Verification
Formal
Analysis
Initial
State
Formal
Analysis
Formal
Analysis
17
Case Study – WISHBONE Protocol
CYC, STB
ACK, RTY, ERR
MASTER
SLAVE
ADR, SEL, WE, DAT_O
DAT_I
18
Naming Conventions
19
Master / Slave Port Specifications
(Wishbone protocol)
20
Macro Properties
We implicate assertions to improve
Magellan's efficiency and correctness
 Magellan supports the Macro property to
ensure a safe modeling style without
redundant typing.
 Easy to reset

21
Synchronous Reset
generate if (async_reset == 1) begin
# for assertion
property p__impl(a, c);
@(posedge clk) disable iff (rst) a |-> c;
endproperty
# for coverage
property p__cov(a, c);
@(posedge clk) disable iff (rst) a ##0 c;
endproperty
end
22
Guidelines for Using SVA

Always use Implications:
A
C
X ~A/A&C

When using system function calls such as $rose, be
careful not to look back into “negative” time. Write:
1##1$rose(a)

Keep it simple
23
24
Finding Bugs and Proofs with Magellan

Once the environment constraints are set, Magellan’s
hybrid search engines are invoked:




Prove reach-ability for the checker antecedents, both by formal
search and hybrid search
Prove the checker consequences by formal search
Bug hunt by giving counterexamples of the checker consequents
using hybrid search.
The Magellan run is complete when the antecedent for
each checker has been proven to be (un)reachable, and
the consequent has been (dis)proved
25
Summary: Superiority of Magellan Hybrid Bug Finder




Bugs are found extremely fast: within minutes
instead of several hours
Because counterexamples are produced quickly, the
verification engineer has more turn-around time
The counterexamples produced by formal only tools
may not be reachable in real simulation due to an
under-constrained model
Larger designs can be produced and verified
Result:
Better quality designs
26
A look to the Future

The hybrid formal verification tool
Magellan allows maximum benefit when
using SVA checker modules.

SVA verification using tools like Magellan
will be key components for verification
flows of the future
27
‫מקווה שנהניתם‬
‫‪28‬‬
Thank You
29