

Design Verification Conference and Exhibition

February 22-25, 2010

# **Experiencing Checkers for a Cache Controller Design**

Ben Cohen

VhdlCohen Publishing



ben@SystemVerilog.us

Srinivasan Venkataramanan and Ajeetha Kumari CVC Pvt.Ltd., Bangalore, India srini@cvcblr.com akumari@cvcblr.com

Lisa Piper IC Verification Consultant

lisa@SystemVerilog.us



# **Purpose of Study**



- Are checkers useful?
  - Easy to use?
    - Create, instantiate, Intuitive results, Easy debug

#### What was our experience?

- Process of using checkers
- Application issues
- Tool issues
- Conclusions





## **Agenda**



- Classification of assertions
- Classification of checker instantiations
- The cache controller model
- Example of checker declaration and instantiation
- Design experience
  - Without checkers
  - With checkers
- Impressions and conclusions





# **Classification of Checkers Assertions and Instances**



#### **Assertion**

- Static
- procedural

#### **Checker instance**

- Static
- Procedural



Checker assertion type has significance when instantiated









#### Static instantiation is identical to module instantiation

When a checker is instantiated as a static checker instance, all of its code behaves as if it were instantiated directly in the module after the proper argument associations are made.





#### **EMULATION**



- Procedural concurrent assertions of checker instanced procedurally behave in-block.
- Static assertions of that checker behave inline to where instanced



#### The Model – Cache Controller









# Cache Controller Timing read and write-through cache









Main Memory Read with Cache Miss



Read with data in Cache

User Interface Write
Memory rd/wr access parameterized

#### **Cache Controller Architecture**









Checker

chk immd. chk rd cntrl. chk rd wr cntlr chk wr cntrl. chk reset. chk fifo

#### **Function**

Inline assertions, instantiated procedurally Read miss/hit, instantiated statically RD/WR miscellaneous, instantiated statically Write through and cache, instantiated statically Reset, instantiated statically LRU Fifo assertions, instantiated statically



# VhdlCohen Publishing

### **Cache Memory Architecture**



Checker chk\_invalidate. chk\_immd.

#### **Function**

Cache invalidates, instantiated procedurally Inline assertions, instantiated procedurally

Lots to check





```
import cache_ctl_pkg::*;
checker chk_invalidate(
 logic [0: 2**MAIN_MEM_ADDRESS_WIDTH-1] cache_valid,
 logic [MAIN_MEM_ADDRESS_WIDTH-1:0]
        [0 : (CACHE_SIZE-1)] cache_mem_addr,
 logic [CACHE_SIZE-1: 0] cache_entry,
 logic [MAIN_MEM_ADDRESS_WIDTH-1:0] addr2invalidate,
 logic found_existing_entry,
 logic clk, rst_n);
 timeunit 1ns; timeprecision 100ps;
 if (CACHE_SIZE > 1024) $error("cache size is too large");
 default clocking default_clk @ (posedge clk); endclocking
 default disable iff !rst_n;
```





```
function logic check_cache_entry4MT();
  automatic logic success =0; // If==1 then it was not invalidated
  automatic int i:
   for (i=0; i <= CACHE_SIZE -1; i++) begin : for1
    if(cache_entry[i]==1 && cache_mem_addr[i] == addr2invalidate) begin : if_1
     success = 1; // found cache line
     break;
    end: if 1
   end: for1
  if (success) check_cache_entry4MT =0; // was not invalidated
  else check_cache_entry4MT =1; // was invalidated
                                                                      Function
  endfunction: check_cache_entry4MT
                                                                      used here
 // static concurrent assertion
 ap_invalidate : assert property( // Static assertion
     ##1 cache valid[addr2invalidate] ==0 && check cache entry4MT());
 // static concurrent assertion
 ap_nothing2invalidate: assert property (found_existing_entry)
   else $error("nothing to invalidate");
endchecker : chk_invalidate
```





Function -Must
return a
single
value

To be instantiated procedurally





# **Example of a Checker Instantiation** (cache\_mem.sv)

```
always @ (posedge clk) begin : cache_mem_handling
  automatic logic success, found_existing_entry, found_empty_line;
  automatic int i, j, found_index;
                                                   checker: chk invalidate
  success =0; found_existing_entry =0;
                                                   ap_invalidate : assert property( ...);
  found index =0; found empty line =0;
                                                   ap nothing2invalidate: assert property (..);
                                                   endchecker: chk invalidate
  if (invalidate) begin: if1
   cache_valid[addr2invalidate]<= 1'b0;
   for (int j=0; j<= CACHE_SIZE-1; j=j+1) begin : for1
      if(cache_entry[j]==1 && cache_mem_addr[j] == addr2invalidate) begin : if2
      found_existing_entry= 1'b1;
      found_index= j;
      success=1;
      if (found_existing_entry) cache_entry[j] <=1'b0; // empty line
      break;
     end: if2
   end: for1
   chk_invalidate chk_invalidate_1(.*); // checks for invalidates
```

end: if1

# Design Verification Conference and Exhibition

# Example of a checker application





checker chk\_immd(logic the\_what, string msg, logic clk);

Need a static concurrent assertion to enable inline behavior. Immediate assertion is a concurrent assertion

// static concurrent assertion

ap\_test\_now: assert property(@ (posedge clk) the\_what) else

**\$error**("msg, the\_what=%b at %t", the\_what, \$time);

endchecker: chk immd

// cache\_controller

always @ (posedge clk) begin : main\_mem\_accesses

. . .

if (wr) begin: wr\_2main // Start of a write

chk\_immd chk\_immd\_wr\_cycle\_timer\_not\_0(



.msg("wr signal when memory counter !=0"),

.clk(clk));





#### **Potential Use Model of Checkers**



- Marks the need of checks during RTL design definition
- Not yet know what is in the checker
  - but feel that there should be something
  - The what's in the checker can be defined later



```
Example :
module dut(..);
...
always @ (posedge clk) begin
if (rd && mode==FAST) begin
    some_code;
    chk_rd_mode_fast chk_rd_mode_fast_1 (.*);
...
```



## Design Experience with Checkers VhdlCohen





- Started with a <u>single checker declared within the module</u>
  - Because requirements were too loose
  - Single checker became too complex
- **Reconsidered the use model** 
  - Smaller targeted checkers
  - As design matured:
    - More checkers created
    - More static concurrent assertions within a checker
    - More elaboration time checks
    - Less clutter in RTL
  - Assertions challenge the design and requirements!
    - Clarify requirements and ease RTL design
      - Even if assertions are correctly or incorrectly written
    - Review of assertions helped the RTL design and debug



### **Incorrect Assertions yield False Sense of Security**





#### Assertions collocated in checkers help in the review process

```
sequence q_wr_wr;
 int v_addr;
 @ (posedge clk) ($rose(wr), v_addr=addr) ##[1:$] wr && addr==v_addr;
 endsequence : q wr wr
                                      INCORRECT
 property p_wr_rd;
                                      ASSERTION
  int v addr, v data;
  disable iff(q_wr_wr_triggered)
 ($rose(wr), v_addr=addr, v_data=wr_data) |->
   ##[1:$] rd && addr==v_addr ##[1:3] rd_data==v_data;
 endproperty: p_wr_rd
 ap_wr_rd : assert property(@ (posedge clk) p_wr_rd);
```







endproperty: p wr rd always @ (posedge clk) ap wr rd: assert property(p wr rd);





### **Checker / Code Ratio**



- cache\_controller ~ 200 lines with some comments
  - Includes checker instantiations ~ 18 lines
- cache\_mem ~140 lines with some comments
  - Includes checker instantiations ~ 9 lines
- **fifo\_mem** ∼100 lines
  - − Includes ~100 lines
- Checkers



- chk\_rd\_cntrl ~60 lines
- chk invalidate ~38 lines
- chk\_immd ~ 7 lines
- chk\_wr\_cntrl ~90 lines
- chk\_rd\_wr\_cntlr ~30 lines
- chk\_fifo ~90 lines
- chk\_reset ~ 7 lines

| Checkers          |            |  |  |  |
|-------------------|------------|--|--|--|
| LOC               | 330        |  |  |  |
| Assertions        | 34         |  |  |  |
| Cover property    | 6          |  |  |  |
| Declarations      | 7          |  |  |  |
| Instantiations    | 10         |  |  |  |
| DUT               |            |  |  |  |
| LOC               | 440        |  |  |  |
| LOC: checker/DUT  | ~ 75%      |  |  |  |
| Checker instances | s/DUT < 3% |  |  |  |

### **Checker Impressions -1**

Clear demarcation between RTL and verification code



#### Verification and supporting code outside RTL code

Reduced clutter in RTL
 Supporting code (signal / functions)



- No concern about interference or confusion with the RTL
  - Organized and structured solution
  - Amenable to building small to medium verification units

#### Instantiated statically or procedurally within RTL

- If instantiated procedurally, then must differentiate
  - static assertions => behave inline
  - procedural assertions => in-block



#### Collocate common assertions statements

Otherwise multiple instantiations will cause duplicate assertions



### **Checker Impressions -2**



- Facilitates reviews
   Verification code is collocated
- Adopts a higher level view of verification
   Each checker envelops a related aspect of verification
- Configuration checks at elaboration time are useful Elaboration checks can be included in checkers
- Shorter code
   CLK & reset inference
- Ignored by synthesis tools

#### **Checker Impressions -3**



- Limitations Not a big issue
  - But ... Must understand the rules
- Limitations on what can be <u>declared</u>
  - What's <u>not</u> in the body of a checker
    - parameter, localparam and specparam
    - Module, interface, program, class
    - task, void functions, blocking assignments,
    - Functions with side effects
    - if, for, case (in always, initial procedures)
    - hierarchical references

#### Limitations on where instantiated

- Wherever a concurrent assertion may appear
  - Statically or procedurally in always, initial, final
- Illegal in fork...join, fork...join\_any, or fork...join\_none blocks







#### **Conclusions --1**



- Are checkers useful?
  - Yes, group related code and assertions into single entities
  - Can be instantiated inline with RTL or statically
  - Significantly reduces LOC of RTL
  - Eases review process of verification code
- What was our experience?
  - Process of using checkers:
    - Easy & like it; checkers are cousins of modules
    - Procedural concurrent assertions: useful for in-block behavior when instantiated
      - Different style than normal
    - static concurrent assertions: useful for inline behavior when instantiated procedurally
  - Tool issues
    - Very few vendors support checkers, as of December 2009
  - Conclusions
    - Checkers represent a good addition to IEEE 1800-2009
    - Checkers should be used in design and verification



# Design Verification Conference and Exhibition

# **Questions?**



#### And, yes, you can stuff many assertions into one checker!





Slides and code can be downloaded from http://SystemVerilog.us/DvCon2010/



# VhdlCohen Publishing

# **Backup slides**

To be used only if questions arise



### **Checkers Illegal constructs**



- Those include:
  - a) Parameter, localparam and specparam
  - b) Module, interface, program, class
  - c) Task, void functions, blocking assignments,
  - d) Functions with side effects
  - e) if, for, while, case statements (in always, and initial

procedures)

f) All hierarchical referencing, into or out of a checker, is disallowed



#### **Checkers Illegal constructs**



```
checker chk rdhit(
    logic data vld, busy, rd, wr, cache exists, clk, reset n);
 always @ (posedge clk) begin : al
    if(rd) begin : rd1 // Illegal in a checker
      assert(wr == 1'b0);
      if ($past(cache exists)) // if is illegal in a checker
        assert (busy==1'b0);
                                                      If, for, case are
    end: rd1
                                                     not allowed here
 end: a1
 function logic rd cache (logic rd, wr, cache exists, busy);
    if(rd && !wr && cache exists & !busy)
      rd cache = 1'b1;
                                    if, for, while, case
    else
                                    allowed in functions
      rd cache = 1'b0;
 endfunction : rd cache
 ap rd hit: assert property (@ (posedge clk)
              rd noWr(rd, wr, cache exists, busy));
 ap rd hit2: assert property(@ (posedge clk)
```

rd && cache exists |-> !wr ##1 !busy);

endchecker : chk rdhit





# **Checkers Illegal Instantiations**

- It is illegal to instantiate checkers in
  - fork…join,
  - fork...join\_any, or
  - fork...join\_none blocks



### mp\_busy\_no\_rd\_wr



#### wr when busy





#### Read hit and miss







#### **Good invalidate**







#### **Assertion Report with forced failures**

**VhdlCohen Publishing** 







#### **Assertion Report with no forced failures**

VhdlCohen Publishing



| Assertions ====================================                                                                                               |                 |                 |                 |       |              |        | LAPTOP     |
|-----------------------------------------------------------------------------------------------------------------------------------------------|-----------------|-----------------|-----------------|-------|--------------|--------|------------|
| D + 🚅 🖫 🦈 🎒   ¾ N 🕮 № 2 😩   Ø • MA Է Ե     Na Ø • MA Է Ե                                                                                      |                 |                 |                 |       |              |        |            |
| Name                                                                                                                                          | △ Assertion Typ | pe Lan Er Failu | re Count Pass ( | Count | Active Count | Memory | Peak Memor |
| ├▲ /cache_controller_tb/ap_wr_rd_memory                                                                                                       | Concurrent      | SVAon           | 0               | 68    | 7            | 1.3K   | 1.7        |
| ├▲ /cache_controller_tb/cache_controller_1/ap_fifo_pop_on_miss_full                                                                           | Concurrent      | SVAon           | 0               | 104   | 0            | 0B     | 48         |
| ⊢▲ /cache_controller_tb/cache_controller_1/ap_fifo_push_on_miss                                                                               | Concurrent      | SVAon           | 0               | 109   | 0            | 0B     | 4          |
| -▲ /cache_controller_tb/cache_controller_1/ap_invalidate                                                                                      | Concurrent      | SVAon           | 0               | 150   | 0            | 0B     | 6          |
| -🛕 /cache_controller_tb/cache_controller_1/ap_miss_then_data_2output                                                                          | Concurrent      | SVAon           | 0               | 109   | 0            | 0B     | 7          |
| - <u>\</u> /cache_controller_tb/cache_controller_1/ap_read_hit                                                                                | Concurrent      | SVAon           | 0               | 102   | 0            | 0B     | 9          |
| 🛕 /cache_controller_tb/cache_controller_1/ap_read_miss                                                                                        | Concurrent      | SVAon           | 0               | 109   | 0            | 0B     | 12         |
| -🛕 /cache_controller_tb/cache_controller_1/ap_read_miss_busy_data_vld                                                                         | Concurrent      | SVAon           | 0               | 109   | 0            | 0B     | 14         |
| _▲ /cache_controller_tb/cache_controller_1/ap_wr_rd                                                                                           | Concurrent      | SVAon           | 0               | 68    | 7            | 1.3K   | 1.         |
| 🛕 /cache_controller_tb/cache_controller_1/cache_mem1/cache_mem_handling/if1/ap_nothing2invalidate                                             | Immediate       | SVAon           | 0               | 150   | 0            | 0      |            |
| 🛕 /cache_controller_tb/cache_controller_1/cache_mem1/cache_mem_handling/if1/ap_nothing2invalidate_concurrent                                  | Concurrent      | SVAon           | 0               | 150   | 0            | 0B     | 6          |
| 🛕 /cache_controller_tb/cache_controller_1/cache_mem1/cache_mem_handling/wr_cache_updates/else1_mt4wr/ap_no_cache_line_found_4write            | Immediate       | SVAon           | 0               | 112   | 0            | 0      |            |
| 🛕 /cache_controller_tb/cache_controller_1/cache_mem1/cache_mem_handling/wr_cache_updates/else1_mt4wr/ap_no_cache_line_found_4write_concurrent | Concurrent      | SVAon           | 0               | 112   | 0            | 0B     | 7          |
| 🛕 /cache_controller_tb/cache_controller_1/cache_mem1/cache_read/if_exists/immed131                                                            | Immediate       | SVAon           | 0               | 159   | 0            | 0      |            |
| 🛕 /cache_controller_tb/cache_controller_1/cache_mem1/cache_read/if_exists/while1/ap_read_cache_line                                           | Immediate       | SVAon           | 0               | 722   | 0            | 0      |            |
| 🛕 /cache_controller_tb/cache_controller_1/cache_mem1/cache_read/if_exists/while1/ap_read_cache_line_concurrent                                | Concurrent      | SVAon           | 0               | 722   | 0            | 0B     | 4          |
| 🛕 /cache_controller_tb/cache_controller_1/LRU_fifo/a_illegal_fifo_cmd_1                                                                       | Concurrent      | SVAon           | 0               | 0     | 0            | 0B     |            |
| 🛕 /cache_controller_tb/cache_controller_1/LRU_fifo/ap_pop_error_1                                                                             | Concurrent      | SVAon           | 0               | 1163  | 0            | 0B     | 4          |
| 🛕 /cache_controller_tb/cache_controller_1/LRU_fifo/ap_push_data                                                                               | Concurrent      | SVAon           | 0               | 158   | 0            | 0B     |            |
| 🛕 /cache_controller_tb/cache_controller_1/LRU_fifo/ap_push_error_1                                                                            | Concurrent      | SVAon           | 0               | 1163  | 0            | 0B     |            |
| 🛕 /cache_controller_tb/cache_controller_1/main_mem_accesses/rd_from_main/ap_rd_cycle_timer_not_zero                                           | Immediate       | SVAon           | 0               | 109   | 0            | 0      |            |
| 🛕 /cache_controller_tb/cache_controller_1/main_mem_accesses/wr_2main/ap_wr_cycle_timer_not_0                                                  | Immediate       | SVAon           | 0               | 106   | 0            | 0      |            |
| 🛕 /cache_controller_tb/cache_controller_1/main_mem_accesses/wr_2main/ap_wr_cycle_timer_not_0_concurrent                                       | Concurrent      | SVAon           | 0               | 106   | 0            | 0B     |            |
| 🛕 /cache_controller_tb/cache_controller_1/mp_busy_no_rd_wr                                                                                    | Concurrent      | SVAon           | 0               | 645   | 0            | 0B     | 4          |
| 🛕 /cache_controller_tb/cache_controller_1/mp_no_simultaneous_rd_wr                                                                            | Concurrent      | SVAon           | 0               | 1163  | 0            | 0B     | 4          |
| ▲ /cache_controller_tb/test/begin_4wr/a0                                                                                                      | Immediate       | SVAon           | 0               | 4     | 0            | 0      |            |
| △ /cache_controller_tb/test/r1/a1                                                                                                             | Immediate       | SVAon           | 0               | 1050  | 0            | 0      |            |