Streamline Verification Process with Formal Property Verification to Meet Highly Compressed Design Cycle Prosenjit Chatterjee, nVIDIA Corporation.

Slides:



Advertisements
Similar presentations
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Advertisements

1 Data Link Protocols By Erik Reeber. 2 Goals Use SPIN to model-check successively more complex protocols Using the protocols in Tannenbaums 3 rd Edition.
Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.
© Copyright 2013 Xilinx. How to Kill 4 Birds with 1 Stone: Using Formal Verification to Validate Legal Configurations, Find Design Bugs, and Improve Testbench.
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)
Testing and Test Case Development A “primitive” method of testing, with NO test preparation, may include the following steps : – Initiate the system –
Automated Method Eliminates X Bugs in RTL and Gates Kai-hui Chang, Yen-ting Liu and Chris Browy.
Xiushan Feng* ASIC Verification Nvidia Corporation Automatic Verification of Dependency 1 TM Jayanta Bhadra
Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.
Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.
ECE Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.
Xiushan Feng* ASIC Verification Nvidia Corporation Assertion-Based Design Partition 1 TM Jayanta Bhadra, Ross Patterson.
Presenter: PCLee – This paper outlines the MBAC tool for the generation of assertion checkers in hardware. We begin with a high-level presentation.
Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (
CSE241 Formal Verification.1Cichy, UCSD ©2003 CSE241A VLSI Digital Circuits Winter 2003 Recitation 6: Formal Verification.
Leveraging Assertion Based Verification by using Magellan Michal Cayzer.
The Future of Formal: Academic, IC, EDA, and Software Perspectives Ziyad Hanna VP of Research and Chief Architect Jasper Design Automation Ziyad Hanna.
ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.
Illinois Institute of Technology
16/27/2015 3:38 AM6/27/2015 3:38 AM6/27/2015 3:38 AMTesting and Debugging Testing The process of verifying the software performs to the specifications.
1 Advanced Material The following slides contain advanced material and are optional.
Computing Over­Approximations with Bounded Model Checking Daniel Kroening ETH Zürich.
1 Abstraction Refinement for Bounded Model Checking Anubhav Gupta, CMU Ofer Strichman, Technion Highly Jet Lagged.
EE694v-Verification-Lect5-1- Lecture 5 - Verification Tools Automation improves the efficiency and reliability of the verification process Some tools,
Application of Formal Verification Methods to the analysis of Bearings-only Ballistic Missile Interception Algorithms Eli Bendersky Michael Butvinnik Supervisor:
Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.
Design Synopsys System Verilog API Donations to Accellera João Geada.
VerificationTechniques for Macro Blocks (IP) Overview Inspection as Verification Adversarial Testing Testbench Design Timing Verification.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
ECE 332 Digital Electronics and Logic Design Lab Lab 5 VHDL Design Styles Testbenches.
Simulation Management. Pass or Fail? Managing Simulations Regression Behavioral Models.
Software Systems Verification and Validation Laboratory Assignment 3 Integration, System, Regression, Acceptance Testing Assignment date: Lab 3 Delivery.
Presenter : Ching-Hua Huang 2013/12/30 Finding Reset Nondeterminism in RTL Designs – Scalable X-Analysis Methodology and Case Study Cited count : 4 Hong-Zu.
The First in GPON Verification Classic Mistakes Verification Leadership Seminar Racheli Ganot FlexLight Networks.
The Verification Gap Verification determines whether a design satisfies its requirements (a.k.a. its specification): Does it satisfy its functional requirements?
Semi-automatic Property Generation for the Formal Verification of a Satellite On-board System Wesley Gonçalves Silva.
1 Hybrid-Formal Coverage Convergence Dan Benua Synopsys Verification Group January 18, 2010.
Quality Driven SystemC Design By Nasir Mahmood. Hybrid Approach The idea here is to combine the strengths of simulation – namely the ability to handle.
© 2006 Synopsys, Inc. (1) CONFIDENTIAL Simulation and Formal Verification: What is the Synergy? Carl Pixley Disclaimer: These opinions are mine alone and.
CS551 - Lecture 5 1 CS551 Lecture 5: Quality Attributes Yugi Lee FH #555 (816)
EEL 5937 Managing mutability in agents EEL 5937 Multi Agent Systems Lecture 26, April 10, 2003 Lotzi Bölöni.
CHAPTER 8 Developing Hard Macros The topics are: Overview Hard macro design issues Hard macro design process Physical design for hard macros Block integration.
1 Extending FPGA Verification Through The PLI Charles Howard Senior Research Engineer Southwest Research Institute San Antonio, Texas (210)
- 1 - ©2009 Jasper Design Automation ©2009 Jasper Design Automation JasperGold for Targeted ROI JasperGold solutions portfolio delivers competitive.
Verification – The importance
Finding Errors in.NET with Feedback-Directed Random Testing Carlos Pacheco (MIT) Shuvendu Lahiri (Microsoft) Thomas Ball (Microsoft) July 22, 2008.
Software Engineering Saeed Akhtar The University of Lahore.
February 22-25, 2010 Designers Work Less with Quality Formal Equivalence Checking by Orly Cohen, Moran Gordon, Michael Lifshits, Alexander Nadel, and Vadim.
Chapter 10 Algorithmic Thinking. Learning Objectives Explain similarities and differences among algorithms, programs, and heuristic solutions List the.
SAT-Based Model Checking Without Unrolling Aaron R. Bradley.
FPGA-Based System Design Copyright  2004 Prentice Hall PTR Topics n Modeling with hardware description languages (HDLs).
Introduction to Hardware Verification ECE 598 SV Prof. Shobha Vasudevan.
Winter 2007SEG2101 Chapter 121 Chapter 12 Verification and Validation.
Equivalence checking Prof Shobha Vasudevan ECE 598SV.
Technion Haifa Research Labs Israel Institute of Technology Underapproximation for Model-Checking Based on Random Cryptographic Constructions Arie Matsliah.
Enhancing Model Checking Engines for Multi-Output Problem Solving Alan Mishchenko Robert Brayton Berkeley Verification and Synthesis Research Center Department.
On the Relation Between Simulation-based and SAT-based Diagnosis CMPE 58Q Giray Kömürcü Boğaziçi University.
Taverna allows you to automatically iterate through large data sets. This section introduces you to some of the more advanced configuration options for.
Cookie-cutter properties to assist non Formal experts Bin Xue.
Week#3 Software Quality Engineering.
Synthesis for Verification
Semi-Formal Verification at IBM
UNIT-4 BLACKBOX AND WHITEBOX TESTING
Overview: Fault Diagnosis
Formal Verification of Partial Good Self-Test Fencing Structures
Using Formal Coverage Analyzer for Code Coverage improvement
UNIT-4 BLACKBOX AND WHITEBOX TESTING
Presentation transcript:

Streamline Verification Process with Formal Property Verification to Meet Highly Compressed Design Cycle Prosenjit Chatterjee, nVIDIA Corporation

GoalsGoals Reach conventional verification goals faster Reach conventional verification goals faster Reach more verification goals Reach more verification goals Fewer verification resources Fewer verification resources Prove specific properties of most complex blocks Prove specific properties of most complex blocks Reach conventional verification goals faster Reach conventional verification goals faster Reach more verification goals Reach more verification goals Fewer verification resources Fewer verification resources Prove specific properties of most complex blocks Prove specific properties of most complex blocks

SFVSFV Minimal verification environment expertise Minimal verification environment expertise Ability to use conventional verification techniques Ability to use conventional verification techniques Non FV-able properties still usable Non FV-able properties still usable Use conventional verification techniques at Full Chip and Super Unit level Use conventional verification techniques at Full Chip and Super Unit level However, now fewer bugs to uncover as sub-units are already SFV-ed However, now fewer bugs to uncover as sub-units are already SFV-ed Full time Dedicated Verification Engineer not required Full time Dedicated Verification Engineer not required Designer’s kit Designer’s kit Minimal verification environment expertise Minimal verification environment expertise Ability to use conventional verification techniques Ability to use conventional verification techniques Non FV-able properties still usable Non FV-able properties still usable Use conventional verification techniques at Full Chip and Super Unit level Use conventional verification techniques at Full Chip and Super Unit level However, now fewer bugs to uncover as sub-units are already SFV-ed However, now fewer bugs to uncover as sub-units are already SFV-ed Full time Dedicated Verification Engineer not required Full time Dedicated Verification Engineer not required Designer’s kit Designer’s kit

Conventional Verification Process Sets of vector sequences that Sets of vector sequences that User generates to accomplish coverage goals User generates to accomplish coverage goals Directed or Random Vector sequences Directed or Random Vector sequences Outputs are “smart-diffed” Outputs are “smart-diffed” Sets of vector sequences that Sets of vector sequences that User generates to accomplish coverage goals User generates to accomplish coverage goals Directed or Random Vector sequences Directed or Random Vector sequences Outputs are “smart-diffed” Outputs are “smart-diffed” DUT RTL DUT Data Transform Model TestBench X Pass Fail Internal Properties Internal Properties Unknown Fail User writes TestBench Internal Coverage Goal Reachable Unknown Reachable Unknown DUT TestPlan Coverage Goals Input Biasing

SFV Environment DUT RTL Input Assumptions DUT Data Transform Model SFV TestBench X Pass Fail Internal Properties Input Biasing DUT TestPlan Coverage Goals Internal Coverage Goal Proof Unknown Fail generates Reachable Unknown Unreachable Reachable Unknown Unreachable

SFV Environment- Test Bench Input Assumptions provide legal stimulus Input Assumptions provide legal stimulus Input Biasing provide higher proportion of important events Input Biasing provide higher proportion of important events Different Random Seeds are applied automatically Different Random Seeds are applied automatically Random Simulation obeys Input Assumptions and Biasing Random Simulation obeys Input Assumptions and Biasing FV obeys Input Assumptions. Biasing is irrelevant FV obeys Input Assumptions. Biasing is irrelevant Auto self adjusts user’s biasing to reach coverage goals Auto self adjusts user’s biasing to reach coverage goals Coverage goals missed by SFV are reached by directed testing Coverage goals missed by SFV are reached by directed testing Input Assumptions provide legal stimulus Input Assumptions provide legal stimulus Input Biasing provide higher proportion of important events Input Biasing provide higher proportion of important events Different Random Seeds are applied automatically Different Random Seeds are applied automatically Random Simulation obeys Input Assumptions and Biasing Random Simulation obeys Input Assumptions and Biasing FV obeys Input Assumptions. Biasing is irrelevant FV obeys Input Assumptions. Biasing is irrelevant Auto self adjusts user’s biasing to reach coverage goals Auto self adjusts user’s biasing to reach coverage goals Coverage goals missed by SFV are reached by directed testing Coverage goals missed by SFV are reached by directed testing

Coverage Goals Automated: Line Coverage Line Coverage Condition Coverage Condition Coverage User Specified: Implementation Specific Implementation Specific Executable Test Plan Executable Test PlanAutomated: Line Coverage Line Coverage Condition Coverage Condition Coverage User Specified: Implementation Specific Implementation Specific Executable Test Plan Executable Test Plan

Coverage Goals Rand_B1 Rand_Default Rand_Bm Coverage Report Save SFV generated vectors Partition uncovered goals SFV_G1 SFV_Gn C-RTL output compare Rand_Default Coverage met ? yes Done no Directed Testing or SFV run with - biased random ON - formal engines OFF SFV run with - biased random ON - formal engines ON

Unit Verification Goals Reached Coverage goals reached or proved expectedly unreachable Coverage goals reached or proved expectedly unreachable Line, Line, Condition, Condition, User Specified Implementation Specific, User Specified Implementation Specific, User Specified Test Plan User Specified Test Plan SFV traces that reached above goals = Data Transform Model Output SFV traces that reached above goals = Data Transform Model Output White Box Properties proved or bounded proved White Box Properties proved or bounded proved End to End Data Transport Property proved End to End Data Transport Property proved Coverage goals reached or proved expectedly unreachable Coverage goals reached or proved expectedly unreachable Line, Line, Condition, Condition, User Specified Implementation Specific, User Specified Implementation Specific, User Specified Test Plan User Specified Test Plan SFV traces that reached above goals = Data Transform Model Output SFV traces that reached above goals = Data Transform Model Output White Box Properties proved or bounded proved White Box Properties proved or bounded proved End to End Data Transport Property proved End to End Data Transport Property proved

SFV Engines Property Proving or Coverage Goal Unreachability SFV Process 2 Process 1 Property Falsification or Coverage Goal Reachability

Using BMC from interesting start states Default start state is reset state Default start state is reset state SFV tool uses heuristics to find interesting start states SFV tool uses heuristics to find interesting start states User identifies subset of coverage goals as interesting start states User identifies subset of coverage goals as interesting start states Requires efficient management of the start states population Requires efficient management of the start states population Default start state is reset state Default start state is reset state SFV tool uses heuristics to find interesting start states SFV tool uses heuristics to find interesting start states User identifies subset of coverage goals as interesting start states User identifies subset of coverage goals as interesting start states Requires efficient management of the start states population Requires efficient management of the start states population

Helping SFV tool reach interesting states faster Limiting conditions in DUT may be very “deep” Limiting conditions in DUT may be very “deep” Tolerable Random Logic Addition to fan-in of internal signals in DUT Tolerable Random Logic Addition to fan-in of internal signals in DUT Limiting conditions in DUT may be very “deep” Limiting conditions in DUT may be very “deep” Tolerable Random Logic Addition to fan-in of internal signals in DUT Tolerable Random Logic Addition to fan-in of internal signals in DUT fifo_full = original_RTL_design_logic || random_hi_or_low; random_hi_or_low; Tout_cntr <= random_decision ? timeout_value : timeout_value : original_RTL_design_logic; original_RTL_design_logic; fifo_full = original_RTL_design_logic || random_hi_or_low; random_hi_or_low; Tout_cntr <= random_decision ? timeout_value : timeout_value : original_RTL_design_logic; original_RTL_design_logic; Primarily for finding bugs using SAT Primarily for finding bugs using SAT Coverage Goals reached via such techniques are ignored Coverage Goals reached via such techniques are ignored Primarily for finding bugs using SAT Primarily for finding bugs using SAT Coverage Goals reached via such techniques are ignored Coverage Goals reached via such techniques are ignored

Enhanced Unit Verification Goals Reached Coverage goals reached or proved expectedly unreachable Coverage goals reached or proved expectedly unreachable Line, Line, Condition, Condition, User Specified Implementation Specific, User Specified Implementation Specific, User Specified Test Plan User Specified Test Plan SFV traces that reached above goals = Data Transform Model Output SFV traces that reached above goals = Data Transform Model Output White Box Properties proved or bounded proved White Box Properties proved or bounded proved End to End Data Transport Property proved End to End Data Transport Property proved Coverage goals reached or proved expectedly unreachable Coverage goals reached or proved expectedly unreachable Line, Line, Condition, Condition, User Specified Implementation Specific, User Specified Implementation Specific, User Specified Test Plan User Specified Test Plan SFV traces that reached above goals = Data Transform Model Output SFV traces that reached above goals = Data Transform Model Output White Box Properties proved or bounded proved White Box Properties proved or bounded proved End to End Data Transport Property proved End to End Data Transport Property proved

Proving Data Transport Functionality - Intuition If I want to check FEDEX and UPS always delivers safely THEN If I want to check FEDEX and UPS always delivers safely THEN I do not care if Dan changes the gift before sending I do not care if Dan changes the gift before sending Of course Dan cannot expect to deliver nuclear weapons via UPS Of course Dan cannot expect to deliver nuclear weapons via UPS If I want to check FEDEX and UPS always delivers safely THEN If I want to check FEDEX and UPS always delivers safely THEN I do not care if Dan changes the gift before sending I do not care if Dan changes the gift before sending Of course Dan cannot expect to deliver nuclear weapons via UPS Of course Dan cannot expect to deliver nuclear weapons via UPS FEDEX gift to John Dan UPS gift to Bob f(x)=x^ garbage 2 +ve Original Too much ! Perfect ! 2 2 Imperfect !

Data Transport Properties A packet entering the system may not be visible exiting the system if DUT is viewed as a black box DUT P1P2...Pn Q1Q2...Qm n >= 1, m >= 0 This happens due to - One or more data transform functions inside DUT or - One or more data transform functions inside DUT or - Legal dropping of a Packet - Legal dropping of a Packet - Single Packet may split to multiple destinations - Single Packet may split to multiple destinations - Multiple Packets may merge to single destination - Multiple Packets may merge to single destination

H(x) G(x) F(x) M(x) null N(x) P enters via I1 Non-Math data transform Math data transform Deep FIFO Split Data filter Breakup for FV complexity P’ exits via O2 P’’ exits via O2 Proving Data Transport Properties

Deep FIFO Split Proving Data Transport Properties Non-Math data transform Math data transform Data filter Breakup for FV complexity H(x) G(x) F(x) M(x) null N(x)

Tool Assisted User Interactive Proof Process ABC = Cone of Influence of Property ABC = Cone of Influence of Property A’BC’ = Minimal cut-point to prove the Property A’BC’ = Minimal cut-point to prove the Property A’’BC’’ = Cut-point that the tool can handle to Prove Property A’’BC’’ = Cut-point that the tool can handle to Prove Property are internal assumptions added to Prove Property within A’’BC’’ are internal assumptions added to Prove Property within A’’BC’’ Internal Assumptions are subject to similar Proof Process Internal Assumptions are subject to similar Proof Process ABC = Cone of Influence of Property ABC = Cone of Influence of Property A’BC’ = Minimal cut-point to prove the Property A’BC’ = Minimal cut-point to prove the Property A’’BC’’ = Cut-point that the tool can handle to Prove Property A’’BC’’ = Cut-point that the tool can handle to Prove Property are internal assumptions added to Prove Property within A’’BC’’ are internal assumptions added to Prove Property within A’’BC’’ Internal Assumptions are subject to similar Proof Process Internal Assumptions are subject to similar Proof Process A B C A’ A’’ C’ C’’

Enhanced SFV Environment DUT RTL Input Assumptions DUT Data Transform Model DUT Data Transport Property SFV TestBench X Pass Fail Internal Properties Input Biasing DUT TestPlan Coverage Goals generates Proof Unknown Fail Reachable Unknown Unreachable Internal Coverage Goal

Enhanced Unit Verification Goals Reached Coverage goals reached or proved expectedly unreachable Coverage goals reached or proved expectedly unreachable Line, Line, Condition, Condition, User Specified Implementation Specific, User Specified Implementation Specific, User Specified Test Plan User Specified Test Plan SFV traces that reached above goals = Data Transform Model Output SFV traces that reached above goals = Data Transform Model Output White Box Properties proved or bounded proved White Box Properties proved or bounded proved End to End Data Transport Property proved End to End Data Transport Property proved Important Properties of Complex Control Logic Blocks proved Important Properties of Complex Control Logic Blocks proved Coverage goals reached or proved expectedly unreachable Coverage goals reached or proved expectedly unreachable Line, Line, Condition, Condition, User Specified Implementation Specific, User Specified Implementation Specific, User Specified Test Plan User Specified Test Plan SFV traces that reached above goals = Data Transform Model Output SFV traces that reached above goals = Data Transform Model Output White Box Properties proved or bounded proved White Box Properties proved or bounded proved End to End Data Transport Property proved End to End Data Transport Property proved Important Properties of Complex Control Logic Blocks proved Important Properties of Complex Control Logic Blocks proved

Future Improvements Formal engines parallelized to reach goals faster Formal engines parallelized to reach goals faster Efficient Management of interesting start states population Efficient Management of interesting start states population Automating “logic addition” to DUT to reach bugs faster Automating “logic addition” to DUT to reach bugs faster Automate Assume Guarantee Verification for proofs Automate Assume Guarantee Verification for proofs Formal engines parallelized to reach goals faster Formal engines parallelized to reach goals faster Efficient Management of interesting start states population Efficient Management of interesting start states population Automating “logic addition” to DUT to reach bugs faster Automating “logic addition” to DUT to reach bugs faster Automate Assume Guarantee Verification for proofs Automate Assume Guarantee Verification for proofs

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.