Skip to content

AMBA AXI · Module 17

Wrong LEN / Wrong SIZE

Diagnose AXI bursts whose declared shape is wrong — a mis-set AxLEN (beat count) or AxSIZE (bytes per beat) that makes producer and consumer disagree on how many beats and how wide each is. Why these are 'silent contract' bugs that can hang, truncate, mis-place data, or corrupt the address stream, and the cross-check that catches them.

A missing LAST (17.2) breaks where the burst ends; a wrong AxLEN or AxSIZE breaks what the burst is. AxLEN declares the beat count (LEN+1 beats) and AxSIZE declares the bytes per beat (the transfer width); together they define the burst's shape and its total byte span. When either is wrong — mis-latched, mis-computed, or mis-driven — producer and consumer disagree on the contract itself, and LAST may even fire consistently with the wrong LEN, so the burst looks internally valid while being the wrong shape. This is the most insidious layer of burst bugs: it can hang (like a LAST problem), truncate, mis-place data at wrong addresses, or corrupt the address stream — and the fix requires checking the declared fields against what was intended, not just internal consistency. This chapter diagnoses both.

1. What LEN and SIZE Declare

AxLEN and AxSIZE are the burst's contract. AxLEN = number of beats minus one (so AWLEN=3 means 4 beats). AxSIZE = log2 of the bytes per beat (so AWSIZE=2 means 4 bytes/beat), which must not exceed the data bus width and which positions data on the correct byte lanes. The total bytes moved is (LEN+1) << SIZE, and the per-beat address advance (for INCR) is 1 << SIZE. Get either field wrong and every downstream computation — beat count, addressing, byte lanes, total span — is wrong.

AxLEN sets beat count; AxSIZE sets bytes per beat and lanes; together set total span, address increment, and LAST position.AxLENbeats = LEN+1AxSIZEbytes/beat = 1<<SIZETotal span(LEN+1) << SIZEAddr increment1 << SIZE (INCR)Byte lanesfrom SIZE + addrLAST positionbeat == LEN12
Figure 1 — what AxLEN and AxSIZE declare and what depends on them. AxLEN sets the beat count (LEN+1); AxSIZE sets bytes per beat (1 << SIZE) and the byte-lane placement. Together they determine the total byte span ((LEN+1) << SIZE), the per-beat address increment (1 << SIZE for INCR), and where LAST should fire (beat LEN). A wrong value in either field propagates into all of these — beat count, addressing, lanes, and span — so a single mis-set field corrupts the whole burst's interpretation.

2. Wrong LEN: Beat-Count Mismatch

A wrong AxLEN means producer and consumer disagree on how many beats. If the slave latches (or the master drives) a LEN larger than the actual data, the slave waits for beats that never come → hang (it looks like a missing-LAST hang, but the root is the wrong count). If LEN is smaller than the data, the burst ends early and extra beats are orphaned or misattributed → truncation/corruption (it looks like a premature-LAST problem). The tell-tale that distinguishes wrong-LEN from a LAST-timing bug: here LAST fires consistently with the (wrong) LEN — the burst is internally self-consistent but the declared length itself is wrong.

Wrong AWLEN — self-consistent but wrong-length burst

9 cycles
Intended 4 beats but AWLEN=2; WLAST fires on beat 2 consistent with the wrong LEN; the 4th beat is lost; B issued.3 beats (AWLEN=2)WLAST + B (self-consistent)intended 4th beat lostLAST agrees with WRONG lenLAST agrees with WRONG…ACLKAWLEN.2 2 2 ..WVALIDWREADYWLASTBVALIDt0t1t2t3t4t5t6t7t8
Figure 2 — a wrong AxLEN with self-consistent LAST. The master intended a 4-beat burst but drove AWLEN=2 (3 beats); it asserts WLAST on beat 2, consistent with the wrong LEN. The slave completes a 3-beat write and issues B — no hang, no internal inconsistency — but the intended 4th beat is lost, so the transaction is wrong. Because LAST agrees with the (wrong) LEN, the LAST-vs-count cross-check passes; only checking LEN against what was *intended* (the reference model) catches it.

3. Wrong SIZE: Beat-Width and Lane Mismatch

A wrong AxSIZE means producer and consumer disagree on how wide each beat is. The consequences are subtler than wrong-LEN because the beat count may be right while the data is mis-placed: a wrong SIZE changes the per-beat address increment (1 << SIZE) and the byte-lane mapping, so data lands at the wrong addresses or on the wrong byte lanes, and an oversized SIZE (exceeding the bus width) is an outright protocol violation. The total span (LEN+1) << SIZE is also wrong, which for INCR can push the burst across a 4 KB boundary it shouldn't, or misalign a WRAP.

Wrong SIZE changes address increment and byte-lane mapping, placing data at wrong addresses/lanes; oversized SIZE is illegal; span errors cross 4KB.Wrong SIZEbytes/beat offWrong increment1 << SIZE offWrong addressesdata mis-placedWrong byte lanesdata on bad lanesOversized SIZE> bus = illegalWrong span4KB cross / misalign12
Figure 3 — wrong AxSIZE mis-places data. With the correct SIZE, each beat advances the address by 1 << SIZE and maps to the right byte lanes. A wrong SIZE changes the increment and lane mapping, so the same data beats land at the wrong addresses or wrong lanes — silent data placement corruption even when the beat count is correct. An oversized SIZE (> bus width) is an illegal encoding; a wrong span can also cross a 4 KB boundary or misalign a WRAP. The data may all 'transfer' yet end up in the wrong place.

4. The Cross-Check: Declared Fields vs. Intended

Because a wrong LEN/SIZE makes the burst internally self-consistent (the LAST-vs-count check passes, the beats are well-formed), the only way to catch it is to compare the declared fields against what was intended — the reference model's expected transaction (16.4). The scoreboard knows the intended address, length, and size for each transaction (from the test's intent or the address map), so it flags a LEN/SIZE that doesn't match even when the burst is internally valid. Protocol assertions catch the illegal cases (oversized SIZE, span crossing 4 KB), but the wrong-but-legal case needs the reference model.

Check LEN/SIZE: protocol assertion catches illegal values; reference model catches wrong-but-legal values by comparing to intent.noyesyesnoObserved AxLEN /AxSIZELegalencoding?(SIZE≤bus,span, WRAP)Illegal →assertion firesMatchesintendedshape?Correct burstWrong-but-legal→ scoreboardflags
Figure 4 — the two-level check for LEN/SIZE bugs. Protocol assertions catch the illegal cases: SIZE exceeding the bus width, a span crossing a 4 KB boundary, an illegal WRAP length. But a wrong-but-legal LEN/SIZE (e.g. AWLEN=2 when 4 beats were intended) is internally self-consistent and passes every protocol check — only the scoreboard's reference model, which knows the *intended* transaction shape, catches it by comparing declared fields against intent. Internal consistency is necessary but not sufficient; intent comparison is required.

5. Common Misconceptions

6. Debugging Insight

7. Verification Insight

8. Interview Questions

9. Summary

A wrong AxLEN or AxSIZE breaks what the burst is — its declared shape — as opposed to where it ends (17.2) or whether beats transfer (17.1). AxLEN sets the beat count (LEN+1); AxSIZE sets the bytes per beat (1 << SIZE), the address increment, and the byte-lane mapping; together they set the total span (LEN+1) << SIZE and where LAST should fire — so a single wrong field corrupts beat count, addressing, lanes, and span. Wrong LEN makes producer and consumer disagree on beat count: too large → hang (waits for beats that never come), too small → truncation/corruption — and critically, LAST fires consistently with the wrong LEN, so the burst is internally self-consistent but the wrong shape. Wrong SIZE is subtler: the beat count can be right while data is mis-placed at wrong addresses or lanes (silent corruption), with oversized SIZE being an illegal encoding and a wrong span crossing 4 KB or misaligning a WRAP.

Because a wrong-but-legal LEN/SIZE passes every protocol check (legality and LAST-vs-count), catching it requires two levels: protocol assertions for the illegal cases (oversized SIZE, 4 KB-crossing span, illegal WRAP length), and the reference-model scoreboard comparing declared fields against intent for the wrong-but-legal cases. This is the chapter's deepest lesson — internal consistency is necessary but not sufficient for burst correctness; only an independent statement of intent catches a flawlessly self-consistent but wrong-shaped burst, which is the compliance-vs-correctness split (16.1) made concrete at the field level. Across 17.1→17.3 the bug moves from "a beat won't transfer" to "the end-marker is wrong" to "the declared contract is wrong," each requiring a check one level further from the raw signals. Next, we examine wrong WSTRB — where the data that arrives is corrupted at the byte level.

10. What Comes Next

You can now catch a wrong burst shape; next, byte-level data corruption:

  • 17.4 — Wrong WSTRB (coming next) — diagnosing corrupted data from bad byte strobes, where the burst shape is right but individual bytes are written or masked incorrectly.

Previous: 17.2 — Missing LAST. Related: 7.5 — Burst Address Calculation for how SIZE drives the per-beat address, 7.6 — The 4 KB Boundary Rule for the span constraint, and 16.4 — AXI Scoreboards for the reference model that checks shape against intent.