| Login | | Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name. | |
| Who's Online | There are currently, 38 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here | |
 | |
|
Verification Guild: Forums |
|
| View previous topic :: View next topic |
| Author |
Message |
anilo
Newbie
Joined: May 20, 2004
Posts: 1
|
 Posted: Thu May 20, 2004 1:37 am Post subject: Arbiter verification |
 |
|
What are the different ways of verifying a reasonably complex arbiter that is embedded deep in the design. The arbiter has no direct access to the ports of the design. And another intresting situation is the arbiter arbitrates among the requests only when some of the internal design state conditions are satisfied. In such a scenario, what is the better approach to validate the arbiter?
Thanks |
|
| Back to top |
|
 |
odellconnie
Junior
Joined: May 10, 2004
Posts: 8
|
| Posted: Thu May 20, 2004 8:29 am Post subject: Arbiter verification |
|
|
Formal verification (static property/model checking) is the canonical way to verify arbiters. There are three basic reasons:
1) arbiters have to deal with many corner cases correctly, as you have noted, and it is painful to generate and to ascertain that you have covered all cases of interest,
2) numerous design teams have applied formal to arbiters and any needed constraints/assumptions are straightforward to define (this is the major stumbling block for pure formal for most other design types)
3) Formal can and does exhaustively verify the arbiter, while with simulation you cannot hope to cover all the real variations for a complex arbiter.
Every time I go to "verify" an arbiter and I don't have formal in my toolkit, I will do what can be done with constrained random simulation of the arbiter as a unit, but I know that bugs are possibly being missed, when I could otherwise be doing it what I like to call "the right way".
Cheers,
Connie L. O'Dell
Sr. Verification Specialist
c.odell@co-consulting.net
303-641-5191
_____________________________________________
CO Consulting - Boulder, CO - http://co-consulting.net |
|
| Back to top |
|
|
bdeadman
Senior
Joined: Jan 06, 2004
Posts: 204
Location: Austin, TX
|
| Posted: Thu May 20, 2004 2:07 pm Post subject: |
|
|
I think Connie is suggesting you verify the arbiter as a unit, ideally using formal modeling checking, whereas the original question seemed to suggest the arbiter ought to be tested when embedded in the system, and I'm not clear on the reason(s) for that?
If it must indeed be tested as part of the system, and probably by simulation, I would guess it's going to take a lot of cycles to get the system into each of the required corner cases, therefore I would suggest you look at some form of, ideally functional, coverage of the arbiter, since it will almost certainly be very difficult to be certain you've hit the required corner cases. You can then use this functional coverage to either manually, or semi-automatically drive the generation of additional test cases.
Finally, if the controllability of the arbiter is poor, it's probably fair to assume the observability is equally bad, therefore you might consider adding the kind of properties Connie mentioned as assertions on the arbiters behavior, to avoid faults not propagating to the design boundaries within the duration of the simulation.
Regards
Bernard |
|
| Back to top |
|
|
jeffli
Senior
![]()
Joined: Jan 09, 2004
Posts: 32
|
| Posted: Fri May 21, 2004 6:53 am Post subject: |
|
|
| bdeadman wrote: | I think Connie is suggesting you verify the arbiter as a unit, ideally using formal modeling checking, whereas the original question seemed to suggest the arbiter ought to be tested when embedded in the system, and I'm not clear on the reason(s) for that?
|
Theoretically, property/model checking's great power should be very useful in verifying critical parts like arbiters. Because current property/model checking tools' capacities, it is usually more practical to verifiy such parts without its normal context/environment.
After you get rid of the neighboring parts, generally you need to construct a simplified version of the context/environment to avoid impossible input vectors/sequences. If this reconstruction is not very simple (see the possibility of getting "over constrained" in http://verificationguild.com/modules.php?name=Forums&file=viewtopic&p=1460&highlight=#1460), it is desirable to use the existing context/environment.
This context/environment issue exists with all verification projects. When simulating a chip (or a chip set), people use various behavioral models (or transaction-level models) to reconstruct the context/environment of the chip (or the chip set). This reconstruction of the context/environment is desirable if there is no need to verify whether the neighboring parts in the real context/environment provide correct constraints.
To avoid the possible mismatches between the "abstract" constraints and the real constraints, it is often nice to use the existing parts in the design (in the simulation testbenches or in the simulation models). This is generally not practical for current property/model checking tools. We are developing innovative tools that use such existing context/environment and are at least as powerful as property/model checking. |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
| |
|
|
Forum FAQ
Search
Usergroups
Profile
Digest
Log in
