Transaction Assertionsin an Interface Definition Language

Dave Whipp – DesignCon 2008

NVIDIA Confidential

Who Writes Assertions?

DesignersBottom Up Assumptions

Verification EngineersTop-down Intent

Verification Vs Validation

NVIDIA Confidential

Who Writes Assertions?

DesignersBottom Up Assumptions

Verification EngineersTop-down Intent

ArchitectsThe Specification

Top Down Assumptions

Bottom Up Intent

NVIDIA Confidential

Where to Write Assertions

The RTLInline

Bound

The TestbenchScoreboard

EnvironmentE.g. Post Process Log file

NVIDIA Confidential

Where to Write Assertions

The RTLInline

Bound

The TestbenchScoreboard

EnvironmentPost Process Log files

The SpecificationC Models (?)

NVIDIA Confidential

Where To Write Specification Assertions

FunctionalityModel

PerformanceModel

RTLDesign

NVIDIA Confidential

Where To Write Specification Assertions

FunctionalityModel

PerformanceModel

RTLDesign

StructuralModel

NVIDIA Confidential

What is a “Structural” model?

A GraphNodes

Arcs

Communicating ProcessesProcessors

Messages (Transactions)

A NetlistModules

Interfaces (Wires)

NVIDIA Confidential

Birth of an IDL

Initially, a language just to define signals

Interface a2b

clock clk

down U valid 1

up U busy 1

down U cmd 24

down U data 32

NVIDIA Confidential

Evolution of an IDL

Quickly added flow-control protocol abstraction

Interface a2b

clock clk

flow valid_busy

down U cmd 24

down U data 32

From this we can generate:Testbench components (BFMs: producers, consumers)

Protocol Assertions

…

NVIDIA Confidential

Multi-Unit Assemblies

A EB C D F G

a2b b2c c2d d2e e2f f2g

A simple pipeline

NVIDIA Confidential

Multi-Unit Assemblies

A

E

B C D

F G

a2b b2c c2d

d2ee2f f2g

Simple rearrangement

NVIDIA Confidential

Multi-Unit Assemblies

A

E

B C D

F G

a2b b2c c2d

d2ee2f f2g

Identify units with similar behaviors

NVIDIA Confidential

Multi-Unit Assemblies

BE

CF

D

a2be

be2cf

cf2dd2be

cf2gG

A

Extract common behavior into unified components

be2cf === b2c + e2f

NVIDIA Confidential

Reusing Interface Definitions

A EB C D F G

D

GA

BE

CF

How to maximize reuse between these two architectures?

NVIDIA Confidential

Continued Evolution of an IDL

Separation of packet structure from interface

group SOP

down U cmd 24

group MOP

down U data 32

group EOP

down U checksum 32

Interface a2b

clock clk

flow valid_busy

packet SOP, MOP, EOP

NVIDIA Confidential

Interfaces Vs State

Two approaches to comparing models:

Compare “Architectural State”Registers/flops within the design whose existence is required by the specification

Compare externally visible behaviorCompare interface traffic

B. F. Skinner?

NVIDIA Confidential

Comparing Interfaces

Simple “diff”

Normalization (masking, snapping)

Binning (collating, sorting)

Accumulating

In-memory FIFOs + scoreboard

File-based post-processing

NVIDIA Confidential

Step 1: Capture transactions

RTL

1010 011010 101011 011010 111011 101011 11

C-Model

tid=A seq=1tid=A seq=2tid=A seq=3tid=B seq=1tid=B seq=2tid=B seq=3time

NVIDIA Confidential

Step 2 : Normalize

RTL

1010 011010 101011 011010 111011 101011 11

C-Model

tid=A seq=1tid=A seq=2tid=A seq=3tid=B seq=1tid=B seq=2tid=B seq=3time

normal

A1A2B1A3B2B3

normal

A1A2A3B1B2B3

NVIDIA Confidential

Step 3 : Binning

RTL

1010 011010 101011 011010 111011 101011 11

C-Model

tid=A seq=1tid=A seq=2tid=A seq=3tid=B seq=1tid=B seq=2tid=B seq=3

normal

A1A2B1A3B2B3

normal

A1A2A3B1B2B3

bin

A1A2

B1A3

B2B3

bin

A1A2A3

B1B2B3

NVIDIA Confidential

Step 4: Accumulation

Binning may not be enough

Random Memory Accessdon’t want to sort on every address

Different Algorithmsend result is same – checksum?

“Spaghetti” Perl scripts often evolve

We need to formalize the definition of interface traffic to compare two different models

NVIDIA Confidential

Transaction Assertions in YACC

valid_interface_traffic:

| valid_interface_traffic packet;

packet: begin middle end;

begin: BEGIN;

middle:

| middle MIDDLE;

end: END

NVIDIA Confidential

Cycle Level Assertions in SVA

sequence packet;(cmd==BEGIN)##1 (cmd != BEGIN && cmd != END) [*0:$]##1 cmd == END

endsequence

a_well_formed_packet: assert @(posedge clk)cmd == BEGIN |-> sequence (packet)

clk

cmd BEG ENDMID MID

NVIDIA Confidential

Transaction Level Assertions in SVA

sequence packet;

(cmd==BEGIN)

##1 (cmd != BEGIN && cmd != END) [*0:$]

##1 cmd == END

endsequence

clk

valid

cmd BEG ENDMID MID

NVIDIA Confidential

Transaction Level Assertions in SVA

event sample;

always @(posedge clk)

if (valid && ! busy) -> sample

assert @(sample)

cmd == BEGIN |-> sequence (packet)

clk

valid

busy

cmd BEG ENDMID MIDDLE

NVIDIA Confidential

Transaction Level Assertions in SVA

event sample;

always @(posedge clk)

if (valid && ! busy) -> sample

assert @(sample)

cmd == BEGIN |-> sequence (packet)

clk

valid

busy

cmd BEG ENDMID MIDDLE

NVIDIA Confidential

The Structural Model

An Interface Definition LanguageDefine transactions/messages

Associate them with specific physical interfaces

Define connectivity of Modules

Use the definitionsRTL code generators

C-model code generators

Reuse the DefinitionsTopology Changes

Implementation Protocols

NVIDIA Confidential

Towards an ESL Language

During its early years, evolvedfrom 500 line Perl script

to 6000 line monster

Decision time:Throw it away (replace with SV?), or

Revamp itClean up language definition

Add first-class ESL features

– Assertions– Testpoints

NVIDIA Confidential

Example

Renderer Memory

NVIDIA Confidential

The Traffic

group mem_write

down U address 16

down U data 1

group sync

down U shape 2

enum SQUARE, CIRCLE, TRIANGE, BLANK

down U radius 3

NVIDIA Confidential

Accumulate Memory State

group mem_write

down U address 16

down U data 1

assign mem[ x = 0 .. 15 ][ y = 0 .. 15 ]

= past( data :sample( address == {x,y} ))

NVIDIA Confidential

Add Predicates

group_more mem_write

assign is_circle[ r = 0..7 ] = “&&”(

[ x = -8 .. 7 ]

[ y = -8 .. 7 ]

mem[ x+8 ][ y+8 ] == ( x**2 + y**2 <= r**2 )

)

NVIDIA Confidential

Define the interface

interface render2memory

clock mem_clk

flow valid_busy

packet sync, mem_write

assert “correct sync shape”

sync =>

sync.shape == CIRCLE =>

mem_write.is_circle[ sync.radius ]

…

NVIDIA Confidential

Important concepts

Assertion ScopingAssertion in group checked only when that group valid

“valid” signal

Packet id

Temporal Scoping“past” function sampled only when its group is valid

Further qualified by “sample” property

Assertions must be true in All modelsRTL

C Model

…

NVIDIA Confidential

Transaction Linkage across Interfaces

Client Memory

Request

Response

NVIDIA Confidential

A link Assertion

module memory

equiv client_id 2

in mem_req

map client_id = mem_req.src_id

out mem_ack[ N=4 ]

map client_id = N

assert “every req has an ack”

[ id = 0 .. 3 ]

:enable( client_id == N )

link mem_req -> mem_ack[ id ]

NVIDIA Confidential

Equivalence Classes

How to identify transaction pairings

Need identifier that it common to each

Equivalence Classes

module memory

equiv client_id 2

in mem_req

map client_id = mem_req.src_id

out mem_ack[ N=4 ]

map client_id = N

NVIDIA Confidential

More Interaction Concepts

a2b -> b2c // propagate

(a2x | b2x) -> x2y // merge

a2b -> (b2x | b2y) // branch

(a2x & b2x) -> x2y // join

a2b -> (b2x & b2y) // fork

:in_order( id )

:thread( id )

NVIDIA Confidential

Summary

Architects should write assertionsValidated assertions are input to Verification

Assertions must be directly reusable across modelsManual recoding invites errors

Explicitly model the structure that is common to architectural models and to design

Tie assertions to these common points

BACKUP

NVIDIA Confidential

Summary

Bridging abstractions requires defined traceabilityESL RTL

ESL C-Model

Use Transaction Abstraction for ESLRTL and C-Model share a common shape

Transaction flow defines the equivalence class

Designer Freedoms are defined by ESLThis is a design activity

Verification “trusts” the ESL

NVIDIA Confidential

Multi-Cycle Interface : RTL traffic

Module A

Module B

111000

34

datadatadatadatadata

-

keyvaluekey

value--

111110

time

NVIDIA Confidential

Multi-Cycle Interface: structural view

Module A

Module B34

struct a2b_iface {struct command {

union {struct key { bit valid, bit [7:0] key },struct value { bit more, bit [7:0] value }

}struct datum { bit valid, bit [7:0] data }

};

NVIDIA Confidential

Multi-Cycle Interface : grammar

Module A

Module B34

seq command = <key> <value>where $1.validattr more = $2.more

seq commands = <command> ** [0,64]where all( $1[ 0..$-1 ].more ) && ! $1[$].more

seq data = <datum> ** [0,128]where all( $1[*].valid )

seq a2b_info = <commands> & <data>

NVIDIA Confidential

Multi-Cycle Interface: C-model struct

Module A

Module B

struct A2B_info{ map<int8,int8> commands; vector<int24> data;};

34

NVIDIA Confidential

Equivalence classes for transactions

Every implementation is a deformation of the ESLRTL

C-Model

We want to know up front how we’ll compare themImplementation-independent comprehension

“Races” in the transaction graphare like “holes” in a topology

may be non-deterministic