# Hassert: Hardware Assertion-Based Agile Verification Framework with FPGA Acceleration



Root cause

Assertion failed

States HASSERT

中国种宫院大学

Verification progress

System stuck

I/O error

Ref model ck failed

Figure 1: Multilevel effective self-checking

Ziqing Zhang<sup>1,2</sup>, Weijie Weng<sup>3</sup>\*, Yaning Li<sup>4</sup>\*, Lijia Cai<sup>5</sup>\*, Haoyu Wang<sup>6</sup>\*, David Boland<sup>7</sup>, Yungang Bao<sup>1,2</sup> Kan Shi<sup>1,2</sup>

<sup>1</sup> SKLP, Institute of Computing Technology, CAS <sup>2</sup> University of Chinese Academy of Sciences <sup>3</sup> Xiamen University of Technology <sup>4</sup> University College Dublin <sup>5</sup> Hong Kong University of Science and Technology <sup>6</sup>Zhejiang University <sup>7</sup> The University of Sydney

## Standing 23z@ict.ac.cn , shikan@ict.ac.cn

## Background

With the growing complexity of hardware designs, functional verification has become the bottleneck throughout the entire chip development cycle. Existing platforms face the dilemma of verification efficiency and effectiveness.

#### Software RTL Simulation

- Pros: high visibility with many practical verification tools and methods.
- Cons: extremely slow speed, for large design < 10kHz.
- **FPGA** Prototyping
  - Pros: enable thorough verification with the fastest simulation speed. .
  - Cons: debugging disaster, lack of debugging capability, and error-checking mechanism

## Functional Verification with Hassert

The simulation-based functional verification employs the design on a specific

verification platform, and then simulates it for error checking and fault localization.

#### Hassert improves verification in both aspects:

- Multilevel effective self-checking
  - Coarse-grained: Check against a systemlevel reference model Fine-grained: Check with Assertions(SVAs).
- Agile fault localization with the snapshot
  - Hassert can automatically snapshot the The design states when necessary
  - Identify the bugs by replaying the progress from the closest snapshot

## **Hassert Overview**



- Sequence Operator, e.g., and, or

## **Hassert for Fault Localization**

## **Assertion Coverage**

- Assertion in Hassert serves as a probe in ROI (region of interest), monitoring the μArch state.
- · Coverage in Hassert consists of a hit counter and a sub-expression toggle monitor.

## **Dynamic Switching of Assertion**

- · Hassert supports dynamic switching by utilizing partial reconfiguration
- · Hassert will schedule the assertions based on the Assertion Coverage and Aera overhead of assertions.

#### Microarchitecture-guided snapshot

- · Periodic Snapshot: Perform the snapshot periodically, and locate the bug by replaying from the closest snapshot.
- **µArch Guided snapshot:** Based on the assertion coverage information, only trigger snapshot when necessary.

# **Evaluation**

## Platform:

- FPGA: Fidus Sidewinder board
- with ZYNQ UltraScale+ XCZU19EG FPGA Chip and two 16GB DDR memory

Server: Dual AMD Ryzen 5950x 16 cores Processor

#### **Configuration:**

- System Clock Frequency: 100MHz.
- ISA Emulator: NEMU
- DUT: Nutshell
- Weijie Weng, Yaning Li, Lijia Cai and Haoyu Wang finish this work during internship at the SKLP, Institute of Computing Technology, CAS



Figure 3: Comparison between different snapshot strategies

Figure 5: Comparison against ModelSim simulations with different debugging options. (Trace none: disable the wave dump, Trace partial

only dump the signal monitored by assertion



- Figure 4: The debugging workflow with Hassert
- ① Assertion detects a violation and a fail flag issue, initiating a snapshot.
- ② The simulator replays the simulation with the snapshot
- ③ Assertion metadata is passed to the software driver to
- look up the exact assertion triggered. ④ Identify the bug according to the assertions.



Table 1: Resource Usages Comparison



Figure 6: Different debugging approaches reproducing a known bug (Shaded parts: time for snapshot; solid parts: SW simulation time.)

- Sample Function, e.g., \$past
- Property operator, e.g., |=>, |->

30000

25000

20000

15000

Figure 2: Hassert Framework. Blue and green boxes are new modules and tools; yellow boxes are from FPGA/EDA vendors.

# **Debugging with Hassert**