1. No category

6_jasper_PSL

PSL
Property Specification Language
Jasper Design Automation
Jasper Design Automation© 2005
1
Introduction to PSL
Jasper Design Automation© 2005
2
Introduction

What is PSL?
o
A language for the formal specification of concurrent systems
– Particularly applicable for the description of hardware designs
– Describe properties (or assertions) that are required to hold on a DUV

Key characteristics of PSL include:
o
Mathematically precise well-defined formal semantics
o
Very expressive coving large class of real world design behaviors
o
Known efficient underlying verification algorithms
o
Intuitive and easy to learn, read, and write
o
PSL is a layered language, ideal for reuse, and supports multiple HDL flavors
– Verilog, VHDL, SystemC, and SystemVerilog
Jasper Design Automation© 2005
3
Background
Sugar
created at IBM
Haifa Research Labs
FVTC
formed in
Accellera (OVI)
1994
1998
Syntactic
sugaring of
CTL
Branching-time
semantics
plus regular
expressions
Jasper Design Automation© 2005
FVTC considers:
Temporal e
PSL
CBV
based
on
ForSpec
Sugar 2.0
Sugar
2001
Linear-time
semantics
Added to Sugar
2002
PSL 1.01
Approved
2003
PSL and
SVA alignment
4
PSL 1.1
Approved
IEEE 1850
PSL
2004
2005
PSL enhancements
and clarifications
Elements of an assertion language
 Logic, whose origins date back to the Greek philosophers, allows
us to answer the question:
Does a given model satisfy a given property?
model
logic
property
Jasper Design Automation© 2005
5
true/false
Elements of assertion languages
 Classical logic deals with timeless statements.
o
“The moon is a satellite of the earth.”
o
“The moon is rising (now).”
universe
logic
true/false
The moon is rising
 However, in classical logic, we cannot express:
o
“The moon will rise again and again”
Jasper Design Automation© 2005
6
Temporal Logic

Our interest – properties of reactive systems.

In reactive systems, processes maintain on-going interaction
with their environment.

Interesting statements about reactive systems depend on time.
o

For example, A and B are mutually exclusive for all values of time
Temporal logic can describe the ordering of events in time without introducing time
explicitly.
o
Without temporal logic, we would be forced to explicitly write equations involving time:
– For example,
Jasper Design Automation© 2005
t.!(A(t) & B(t))
7
Temporal Logic
 Pnueli 1977 – use of temporal logic for reasoning about reactive systems
(LTL).
 Clarke & Emerson 1981 – model checking (CTL).
 Various temporal logics (LTL, CTL, CTL*,…).
 The logics differ in
o Syntax
o Semantics – meaning of the formulas.
o Expressiveness – which properties can be expressed.
o Complexity – efficiency of evaluating a property.
o Underlying model of time.
Jasper Design Automation© 2005
8
Temporal Logic
 Model of time:
o
Finite computation (simulation) or infinite computation (model
checking).
o
Linear or branching
– Linear – each moment in time has a unique possible future.
– Branching – each moment in time can split into various possible
futures.
p
1
3
1
q
2
2
3
2
2
2
2
1
2
3
1
2
2
2
2
Jasper Design Automation© 2005
9
PSL
Linear-Time Temporal Logic
 Intuitive to engineers
o
Reason about expected behavior over linear sequences of states
(computational paths)
o
Thinking is similar to reviewing a simulation trace
 Properties evaluated over paths
0
2
Jasper Design Automation© 2005
Infinite path
p
q
1
0
2
1
10
What We can Express in LTL
 All Boolean logic properties.
“Process 2 is in the critical section”
 next p – p holds in the next state.
“Process 2 will be in the critical section in the next state”
 eventually! p – eventually p holds.
“eventually process 2 will enter the critical section”
Jasper Design Automation© 2005
11
What We Cannot Express in LTL?
 Counting example:
“p is asserted in every even cycle”
All the following traces satisfy this property
!p,p,!p,p,…
p,p,p,p,….
p,p,!p,p,p,p…
 No linear-time temporal formula can express this property.
Jasper Design Automation© 2005
12
Extended Regular Expressions
 Extended regular expressions overcome some of the limitations in linear-time
temporal logic’s lack of expressiveness.
 They are a convenient way to define a temporal pattern that can match (or
more aptly put, specify) sequences of states.
 Regular expressions let us describe design behavior that involves counting.
o
Such as modulo n type behavior, with the * operator.
 For example, the PSL extended regular expression:
{a ; b ; [*3] ; c ; [*2:3] ; d}
Jasper Design Automation© 2005
13
What Cannot be Express with Regular Expressions
The property: “eventually p holds forever”
 The following property cannot be expressed with regular
expressions:
o
“Eventually, p holds forever”
!p
!p
!p
p
p
p
 Can be expressed in LTL. For example, in PSL:
o
eventually always p
Jasper Design Automation© 2005
14
What We Can Express in LTL and CTL
 “Always if req is received, then ack must be received sometime in the
future”
o
LTL:
G (req -> F ack)
o
CTL: AG(req -> AF ack)
 Most useful properties are in the common fragment of LTL and CTL
(Maidl, 2000).
Jasper Design Automation© 2005
15
PSL Layers
Jasper Design Automation© 2005
16
PSL is a Layered Language
Modeling
Verification
Temporal
Boolean
Jasper Design Automation© 2005
17
Boolean Layer
 The Boolean layer is used to:
o
Specify logic expressions without specific timing
information using a standard HDL syntax such as
Verilog-HDL and VHDL
Example (Verilog):
// A and B are mutually exclusive
( !(A & B) )
Example (VHDL):
-- A and B are mutually exclusive
( not (A and B) )
Jasper Design Automation© 2005
18
Temporal Layer
 The temporal layer is used to:
Specify when the Boolean expression must be valid
o Remove time ambiguities
o
Example:
// A and B are always mutually exclusive
always ( !(A & B) )
 There are many temporal operators:
always property
o never property
o
o
until property
o …
o
next property
Jasper Design Automation© 2005
19
Verification Layer
 The verification layer is used to:
o
Specify how to use the property:
– Assertion to be verified against the implementation
– Assumption to be used as constraint during the verification
– Or functional coverage metric to improve the overall
verification coverage
Example:
// A and B must always be mutually exclusive
assert always ( !(A & B) ) ;
Jasper Design Automation© 2005
20
Modeling Layer
 The modeling layer is used to:
o
Write auxiliary HDL code required to specify complex
properties
 You can define HDL functions that are used in your
properties, model complex FSMs or expressions
Example:
// If req is asserted, ack must be asserted the next cycle
wire req;
assign req = readA_req || readB_req;
assert always (req -> next (ack && gnt)) ;
Jasper Design Automation© 2005
21
PSL Layers
wire req;
assign req = readA_req || readB_req;
assert always (req -> next (ack && gnt)) ;
Boolean layer
Temporal layer
Verification layer
Modeling layer
Jasper Design Automation© 2005
22
PSL Sequences
Jasper Design Automation© 2005
23
PSL Sequences
 PSL sequences enable us to:
o
Describe a sequence of Boolean expression (that is, states)
 PSL sequences are marked by curly braces ‘{’ and ‘}’
 Advancement of time occurs with each concatenation operator ‘;’
Example:
{ req; busy; gnt }
Jasper Design Automation© 2005
24
PSL Sequences Matching
 A PSL sequence can have multiple matching diagrams
Example:
{ req; busy; gnt }
req
req
busy
busy
gnt
gnt
This diagram represents
one possible match
This diagram represents
another possible match
 To explicitly match the waveform, we would need to specify the following
Example:
{ req && !busy && !gnt ;
!req && busy && !gnt ;
!req && !busy && gnt }
Jasper Design Automation© 2005
req
busy
gnt
25
Temporal Operators for Sequences
 PSL supports the following temporal operators for sequences:
Overlapping implication
o Non-overlapping implication
o
|->
|=>
Example(s):
sequence S1 = { req; ack } ;
sequence S2 = { start; busy; end } ;
// Event “start” occurs on the same clock cycle as “ack”
property P1 = always S1 |-> S2 ;
// Event “start” occurs on the next clock cycle after “ack”
property P2 = always S1 |=> S2 ;
Jasper Design Automation© 2005
26
Operators for SERE
 PSL supports the following operators for SERE:
o
Repetition in n consecutive clock cycles
Repetition in n non-consecutive clock cycles
o Repetition in n non-consecutive clock cycles
o
o
Repetition for 0 or any number of clock cycles
Repetition for 1 or any number of clock cycles
o Repetition for n to m clock clock cycles
o
[*n]
[=n]
[->n]
[*]
[+]
[*n:m]
 The number of repetitions must be a positive integer
 Keyword inf stands for an infinite number of clock cycles
Example(s):
sequence S1 = { rd[*5] } ;
sequence S2 = { rd[->3] } |=> { wr } ;
// {!rd[*]; rd; !rd[*]; rd; !rd[*]; rd}
sequence S3 = { req} |=> { ack[=1]; done} ; // {!ack[*]; ack; !ack[*]}
sequence S4 = { rd[*]; rd; wr };
sequence S5 = { rd[+]; wr } ;
sequence S6 = { rd[*2:5] } |=> { wr } ;
Jasper Design Automation© 2005
27
Example
property P1 = { req[+]; ack; wr[*4] } |=> { (wait && !req)[*]; done } ;
assert always P1;
clock
req
1 or more
0 or more
ack
write
wait
0 or more
done
Jasper Design Automation© 2005
28
Example
Properties are Derived from Specification
Receiving Data:
 When the reception of data is complete, then an interrupt should occur:
property done_rcving_implies_int =
always rose(done_rcving) -> rose(int) ;
assert done_rcving_implies_int ;
Jasper Design Automation© 2005
29
Example
Properties are Derived from Specification
Receiving Data:
 If the signal that indicates a reception in progress is active, then it
should remain active until the reception is complete:
property rcving_until_done_rcving =
always rose(rcving) -> (rcving until done_rcving) ;
assert rcving_until_done_rcving ;
Jasper Design Automation© 2005
30
Example
RTL Implementation Queue
 Design intent
o“If
Queue is full, then an attempt to insert data is ignored.” (Overflow)
o“If
Queue is empty, then an attempt to remove data is ignored.” (Underflow)
qDataIn
 RTL implementation fragment:
qLast
function [3:0] qNext;
input [3:0] p;
qNext = ((p + 1) mod `qSize);
endfunction;
assign qFull = (qNext(qLast) == qFirst);
7
6
5
4
3
2
1
0
cntrl
assign qEmpty = (qLast == qFirst);
…
 PSL implementation assertions:
qFirst
qDataOut
assert always (qFull && qInsert -> next !qEmpty) abort ~rstN ;
assert always (qEmpty && qRemove -> next !qFull) abort ~rstN;
Jasper Design Automation© 2005
31
qInsert
qRemove
qError
qEmpty
qFull
Verification Units for Grouping
Properties and Directives
 Verification with PSL is based on using verification units
vunit <name> [(<module binding>)] {
<declarations and verification layer directives>
Usually a separate file from RTL
};
vunit
Example:
inputs
outputs
RTL module
vunit my_unit (my_module) {
default clock = posedge clk;
assume never read & write;
property P1 = never (full & write);
A vunit binds to a module or an instance
assert P1;
assert always (read -> ! empty);
};
Jasper Design Automation© 2005
32
Types of Assertions and PSL Expressiveness
Data
Integrity
High-level requirements
•
•
•
•
Packet
Ordering
End-to-end
Black box
Based on design intent
Generally require
modeling+assertions
Design Intent
RTL Implementation
RTL implementation assertions
• Localized
• Implementation-specific
• Generally can be
expressed using only
assertions
One
Hot
Increment
By 1
FIFO
Overflow
FIFO
Overflow
Design Behavior
Jasper Design Automation© 2005
33
To learn more
 www.eda.org/ieee-1850
 Accellera v1.1 LRM available at www.accellera.org
 My email:
Jasper Design Automation© 2005
[email protected]
34

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz