#### ESE532: System-on-a-Chip Architecture

Day 20: November 10, 2021 Verification 2

## Penn







#### Assertion

- Predicate (Boolean expression) that must be true
- Invariant

n ESE532 Fall 2021 -- DeHor

- Expect/demand this property to always hold
- Never vary  $\rightarrow$  never not be true

#### Penn ESE532 Fall 2021 -- DeHon

## Equivalence with Reference as Assertion

- Match of test and golden reference is a heavy-weight example of an assertion
- r=fimpl(in);
- assert (r==fgolden(in));

enn ESE532 Fall 2021 -- DeHor

#### Assertion as Invariant

 May express a property that must hold without expressing how to compute it.
 Different than just a simpler way to compute

```
int res[2];
res=divide(n,d);
assert(res[QUOTIENT]*d+res[REMAINDER]==n);
```

enn ESE532 Fall 2021 -- DeHon

## Lightweight

- Typically lighter weight (less computation) than full equivalence check
- Typically less complete than full check
- Allows continuum expression

Preclass 1

What property needs to hold on 1?
 Note: divide: s/l
s=packetsum(p);
l=packetlen(p);
res=divide(s,l);

#### Check a Requirement

s=packetsum(p); l=packetlen(p); assert(l!=0); res=divide(s,l);

ESE532 Fall 2021 -- DeHor

ESE532 Fall 2021 -- DeHor

Penn ESE532 Fall 2021 -- DeHon





#### Merge Requirement

- Require: astream, bstream sorted
- int aptr; int bptr;
- astream.read(ain); bstream.read(bin)
- For (i=0;i<MCNT;i++)</li>

If ((aptr<ACNT) && (bptr<BCNT))

If (ain>bin)

{ ostream.write(ain); aptr++; astream.read(ain);} Else

{ ostream.write(bin) bptr++; bstream.read(bin);} Else // copy over remaining from astream/bstream





## Merge Requirement

- Require: astream, bstream sorted
- Requirement that input be sorted is good – And not hard to check
- Not comprehensive

ESE532 Fall 2021 -- Del

- Weaker than saying output is a sorted version of input
- What errors would it allow?











# Testing with Reference Specification

Validate the design by testing it:

- · Create a set of test inputs
- · Apply test inputs
  - To implementation under test
  - To reference specification
- · Collect response outputs
- · Check if outputs match

Penn ESE532 Fall 2021 -- DeHon













#### Composite FSM

• Work

At most |2<sup>N</sup>|\*|State1|\*|State2| edges == work

- Can group together original edges

   *i.e.* in each state compute intersections of outgoing edges
  - Really at most |E<sub>1</sub>|\*|E<sub>2</sub>|

Penn ESE532 Fall 2021 -- DeHon

#### Non-Equivalence

- State {S1<sub>i</sub>, S2<sub>j</sub>} demonstrates nonequivalence iff
  - {S1<sub>i</sub>, S2<sub>j</sub>} reachable
  - On some input, State S1<sub>i</sub> and S2<sub>j</sub> produce different outputs
- If S1<sub>i</sub> and S2<sub>j</sub> have the same outputs for all composite states, it is impossible to distinguish the machines
  - They are equivalent
- A **reachable** state with differing outputs
  - Falmplies, the machines are not identical

32



















#### Tokens

- Use data presence to indicate when producing a value
- Only compare corresponding outputs – Only store present outputs from
  - computations, since that's all comparing
- Relevant non-Real-Time
- Examples?

n ESE532 Fall 2021 -- DeHon

- (not want to match cycle-by-cycle)

# Timing• Record timestamp from implementation• Allow reference specification to specify<br/>its time stamps- "Model this as taking one cycle"- Or requirements on its timestamps• This must occur before cycle 63• This must occur between cycle 60 and 65

- Compare values and times
- More relevant Real Time
- Example Real Time where exact cycle

44

ESE53 notomatter? What does?















- CIS673 Computer Aided Verification
- · CIS541 includes verification for realtime system properties
- · CIS500 Software Foundations - Has mechanized proofs, proof checkers

#### n ESE532 Fall 2021 -- DeHor

53

#### **Big Ideas** Assertions valuable - Reason about requirements and invariants - Explicitly validate

- · Formally validate equivalence when
- possible · Valuable to decompose testing
  - Functionality
  - Functionality at performance
- ...we can extend techniques to address timing and support at-speed tests ESE532 Fall 202 DeHo

#### Admin

55

- Feedback
- Reading for Monday on Canvas
- P2 due Friday
- P3 out

enn ESE532 Fall 2021 -- DeHon