Synthesizing SVA Local Variables for Formal Verification Jiang Long Mentor Graphics Corp. San Jose, CA, U.S.A. jiang.long@mentor.com ABSTRACT This paper describes techniques for efficiently handling a subset of SystemVerilog Assertion(SVA) safety properties with local variables in formal verification. The techniques produce checker circuits using datapath logic and pipeline registers for handling the local variables where the datapath logic and pipeline registers scales lineally to the size of the property expressed in the SVA abstract grammar. Categories and Subject Descriptors Andrew Seawright Mentor Graphics Corp. Wilsonville, OR, U.S.A. andrew.seawright@mentor.com 1.1 Related Work A high level specification for describing and synthesizing protocol monitors using regular expression, storage vasiables and pipeline operators is proposed in 161. A notion of dy- namic threads is introduced, however, the language has dif- ferent language semantics where the choice operators can't bifurcate threads compared to SVA. Recent work in SVA compilation[7l is bssed on translating SVA assertions into Blnespec constructs and uses Dluespec compiler to generate the checker circuit. Their work does C.4 [Performance of Systems]: Modeling techniques not describe how to model SVA local variable constructs. Apart from the local variable constructs, the most direct General Terms Verification Keywords SVA, Assertion Synthesis influence on the present work is earlier work from [Z] and 181. Our compilation model is similar to on-thefly RCTL model checking work [2]. Our compilation flow is similar to [8] where an extended regular expression language with action statements to specify state machines, which are synthesized in polynomial time into circuits, however the semantics of 1. INTRODUCTION actions with local variables is different in SVA. The theoretical analysis in [3] gives a rigid explanation SVA local variables are a powerful feature in IEEE18OO on the complexity introduced by local variables through SystemVerilog Standardll]. They allow assertions to cap- alternating biichi automaton construction. It provcs that ture data during their evaluation to be referenced later in the the upper bound for model checking the SVA basic sub- execution. Certain common properties like data integrity, set is PSPACE-complete and EXPSPACEcomplete for SVA can now be writtcn in a concise way, which would othnwise properties with local variables. . . require auxiliary state machine modeling. The capability of data storage during evaluation adds con- siderable complexity in verification. To simulate the prop- erties in dynamic verification, on-the-fly data storage is re- quired to store the temporary values for later reference. Consequently, the runtime memory requirement can theo- retically be unlimited for certain assertions. Also, the sim- ulation engine needs to repeat the cornputation for each ac- tive valuation of the local variables to handle concurrency or overlapping scenarios. This casts great difficulty for static formal verification, because a complete formal model must be constructed to have enough control logic and memory storage to model the concurrency and possibly unlimited amount memory storage. . . 1.2 Contribution Our contribution is to synthesiae a subset of SVA safety properties with local variables effectively for use in formal verification. We propose techniques to compile SVA with lo- cal variables using pipelined datapath and non-determinism. This subset includes all the SVA constructs, but restricts the use of SVA local variable assignments on the right hand of an implication operator to certain forms. 1.3 Overview of the Paper Notations used in the paper and SVA semantics are briefly reviewed in Section 2. The overall compilation model and flow is introduced in Section 3, followed by details of the compilation algorithms in Section 4. Finally, we present experimental results and conclusions. Permission to make digital or hard copies of all or pan of this work for pemnnal or elarsmom use is granted without fee provided that copies are 2. PRELIMINARIES not made or distributed for profit or commencial advantage and that copies Given a set C of an alphabet, C' denotes the set of finite hear this notice and the full citation on the fint page. To copy othenvire, to over C, C" denotes the set of infinite words over C, republish. to post on servers or to distribute to lists. requires prior specific and Em denotes the C* xu, ~h~ length of word permission andlor a fee. UAL'2W7. Junc 4-8. 2007, San Diego. California. USA. w E Ern is denoted lwl. Copyright 2007 ACM 978-1.~9593-627-1m7n~6 ... $5.00. SVA has fuur language layers: Boolean, sequence, property 75 5.3 Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. DAC 2007, June 4–8, 2007, San Diego, California, USA. Copyright 2007 ACM 978-1-59593-627-1/07/0006 ...$5.00.