Presentation is loading. Please wait.

Presentation is loading. Please wait.

STMicroelectronics – Agrate Brianza - Italy Can We Really do Without the Support of Formal Methods in the Verification of Large Designs ? Special Session.

Published byErin Blair Modified over 9 years ago

Similar presentations

Presentation on theme: "STMicroelectronics – Agrate Brianza - Italy Can We Really do Without the Support of Formal Methods in the Verification of Large Designs ? Special Session."— Presentation transcript:

1

2 STMicroelectronics – Agrate Brianza - Italy Can We Really do Without the Support of Formal Methods in the Verification of Large Designs ? Special Session on Formal Verification DAC 2005 – Anaheim Jun 16, 2005 Umberto Rossi

3 Outline Progress through the last 10 years from STM view Progress through the last 10 years from STM view How Formal Verification is used in STM How Formal Verification is used in STM Examples of success in STM Examples of success in STM How Formal Verification can make the difference How Formal Verification can make the difference The example of IP Validation The example of IP Validation What can help Formal verification to fly What can help Formal verification to fly Hints for the future & conclusion Hints for the future & conclusion

4 Progress through the last 10 years The Pentium FP bug made the concept of “corner case” familiar to an extended community of designers (1994) The Pentium FP bug made the concept of “corner case” familiar to an extended community of designers (1994) ASIC design, 2 MGate systems,.35  process (1995) ASIC design, 2 MGate systems,.35  process (1995) –commercial Formal Verification was limited to (combinational) Equivalence Checking –mainly Gate 2 Gate – few 100’s KGate blocks serious limitations in name mapping serious limitations in name mapping –custom-like designs via Transistor Abstraction –only one design group was using E.C. in ST Commercial Property Checking was still to come (98) Commercial Property Checking was still to come (98)

5 Progress through the last 10 years SoC/SiP, 100’s MGate system, 90nm process SoC/SiP, 100’s MGate system, 90nm process Equivalence Checking is massively used Equivalence Checking is massively used –2 commercial products used in ST Several formal products dealing with Functional Verification Several formal products dealing with Functional Verification –4 different solutions used in ST with little penetration each

6 Progress through the last 10 years Long story of start-up’s, mergers and acquisitions (Verplex  CADENCE 0-In  MENTOR) just to mention the latest Long story of start-up’s, mergers and acquisitions (Verplex  CADENCE 0-In  MENTOR) just to mention the latest The tools in the Formal verification arena have completely re-shaped themselves The tools in the Formal verification arena have completely re-shaped themselves Testbench Automation has dominated the verification market since the last 90ties both in the IP and the System Level domains Testbench Automation has dominated the verification market since the last 90ties both in the IP and the System Level domains Functional Verification based on Formal Verification has not even competed with Testbench Automation Functional Verification based on Formal Verification has not even competed with Testbench Automation

7 What is in a Formal Verification tool FormalVerificationProcess Reachab.ATPGSAT Abstraction CRTPG User Defined Properties GDL/Sugar, PSL, SVA/OVA Encrypted Protocol VIP Libraries

8 How Formal Verification is used in STM Testbench based methodology is by far the most used for IP validation, especially for protocols Testbench based methodology is by far the most used for IP validation, especially for protocols Formal product-I for proof – module level Formal product-I for proof – module level –50%: “COPS” package for STBus protocol checking – IP level –50%: custom properties Formal product-II for bug hunting – IP level Formal product-II for bug hunting – IP level Formal product-III used with ABV features Formal product-III used with ABV features about 10 people can address Formal Verification about 10 people can address Formal Verification

9 Typical usage of Protocol Checking 4.6MHz UIF CCIR656 CCP1.1 eWarp T2/SRAM or Memory controller SPI Parallel Interface FP_ALU eWarp/T1 Bridge VP Arbiter MCU Data MCU Code Peripheral Contr. Interrupt Contr. Sensor Comm. Dual Pixel Pipe JPEG T2 DMA T2 YUV T2 DMA T2 P2 P1 P2 P1 Host/I2C T1 T1/T2 GPIOs T1 T2 RGB/YUV Formal Verification is used on top of Testbench approach for certain architecture hot spots

10 Taking advantage of Formal Verification beyond module level End-to-End, black-box, “simple” properties End-to-End, black-box, “simple” properties –general functional properties that presumably involve the whole “block” function Typically ~10 independent properties Typically ~10 independent properties –Data integrity –Data persistence –Arbitration Allows checking robustness of RTL, via reasonable under-constraining of the environment Allows checking robustness of RTL, via reasonable under-constraining of the environment

11 Ex: generating transaction scenario Bus infrastructure Bus infrastructure –6 Masters 19 Slaves –matrix of relations is incomplete, each master sees a fraction of address space –total utilization < ½ of available address space Setup is the same for all masters Setup is the same for all masters –no need to bias address generation depending on {master, slave} Found a protocol violation when error is notified Found a protocol violation when error is notified slave 4 slave 1 slave 2 slave 3 slave 18 slave 19...... M1 M2 M3 M4 M5 M6 2 32 addr space

12 Infrastructure implemented by Multi-Layer AHB Infrastructure implemented by Multi-Layer AHB Testbench built by adapting Single Layer V.C. Testbench built by adapting Single Layer V.C. –avoid building new V.C. tried to re-use existing –1 st configuration, the violation is missed by monitors ! –2 nd configuration, cumbersome but monitors work Testbench verification setup AHB bus AHB Matrix M1M2M3 S1S14 M4 M5 M6 S15 S19

13 Formal Verification strengths Exploring a huge scenario of input sequences Exploring a huge scenario of input sequences Seamless configuration of environment components Seamless configuration of environment components –eases reusability of environment blocks –eases environment component plug-in Does not need to weight/bias test pattern generation Does not need to weight/bias test pattern generation –like in the case of large address ranges protocol properties: 6 (master) + 29 (slave) protocol properties: 6 (master) + 29 (slave) 2 functional properties  Address Map Check 2 functional properties  Address Map Check

14 Ex: diagnosing a failure in the field bool arm_write : ~nMREQ && nWAIT && nRW && ADDR_M0[31:2]==30'h8000000; // `timeout’ address ADDR_M0[31:2]==30'h8000000; // `timeout’ address assert check_reg : check (evn_check_reg); clock posedge clk { logic [15:0] reg_val = 16'hffff; // register reset logic [15:0] reg_val = 16'hffff; // register reset reg_val <= arm_write ? DATA_M0[15:0] : reg_val; reg_val <= arm_write ? DATA_M0[15:0] : reg_val; event evn_check_reg : timeout==reg_val; } event evn_check_reg : timeout==reg_val; } A system hang occurred in A system hang occurred in the real silicon the real silicon A block is suspected A block is suspected Problem: what are the Problem: what are the generating conditions ? generating conditions ? Does the schema work for all transaction combinations and sequences ? M0 silent - M1 active BUG:`timeout’ written by M0 is corrupted on invalid transaction

15 Formal Verification capabilities End-to-End Properties Semantic Checks Integrity Checks Structural Checks Implied Intent Functional Intent Out of Bounds full_case parallel_case FIFO full FIFO empty Powerful Extraction Capabilities Mixed VHDL/VERILOG Assertion Languages e PSL SVA/OVA Temporal Properties

16 Formal Verification capacity End-to-End Properties Semantic Checks Integrity Checks Structural Checks Implied Intent Functional Intent Out of Bounds full_case parallel_case FIFO full FIFO empty Temporal Properties Full Chip Full IP Full Block Complex Infrastr.

17 Opportunities for Verification success ? Cost of masks, exceeding $1M in 90nm Cost of masks, exceeding $1M in 90nm –makes re-spin impossible to sustain Number of transistors in IP (RTL ‘big’ modules): Number of transistors in IP (RTL ‘big’ modules): –.25   30% –90nm  90% –assuring IP quality becomes a key factor to achieve reusability among different projects Address the right demanding market Address the right demanding market –Automotive: the process qualification requires 2,3 years, so increasing the risk for late bug finding

18 How to enhance the Verification flow ? 30% Design vs 70% Verification is a dream is a dream –product groups cannot afford this rate as far as engineering resources are considered –team managers still feel more confident with system level verification but this makes controllability and debugging much harder Verif. 70% Design 30%

19 How to enhance the Verification flow ? Formal Verification helps simplifying the scenario generation, e.g. by means of assertion constraints Formal Verification helps simplifying the scenario generation, e.g. by means of assertion constraints Harry Foster’s et. al. “line of intent” concept Harry Foster’s et. al. “line of intent” concept –formal verification can help in simplifying the ‘how’ and concentrate the effort on the ‘what’ Example: reachability analysis on FSM Example: reachability analysis on FSM type state is (A,B,C,D,E...); signal SM: state; –Reach all states in FSM: cover SM vector –Reach all arcs in FSM: cover {SM X SM} array

20 Pervading the Verification flow Strong point of Testbench Automation Strong point of Testbench Automation –Scalability (layered verification methodology) –Coverage metrics How to obtain better coverage, white box verification How to obtain better coverage, white box verification –Checking forbidden conditions in state-holding loops –Clock Domain Crossing –Out of Bounds –Bus Contention / Mutual exclusivity –FSM traversal –Cross FSM traversal

21 The RTL-IP Verification flow Functional Specification Functional Validation Integrity Checks Struct/Arch Checks Design Convention compliance Reset State Analysis 1 2 3 4 5

22 What can help Formal Verification to fly Availability of `Verification Component’ s for standard I/F, interoperable with simulation Availability of `Verification Component’ s for standard I/F, interoperable with simulation Assertion Based Verification Assertion Based Verification –it is the simplest way to achieve a unified criterion of coverage among Simulation and Formal Verification Provide “approximated” methods that can help to afford larger capacities – bug hunting Provide “approximated” methods that can help to afford larger capacities – bug hunting –Bounded Model Checking –custom exploration capabilities –Assertion Based Test Generation

23 Further application areas Sequential Equivalence Checking Sequential Equivalence Checking –90nm technology requires architectural modification of the RTL module –a reasonable level of S.E.C. should be made available RTL vs C formal proof RTL vs C formal proof –Supporting the development of Behavioral Synthesis Verification of parametric IP’s Verification of parametric IP’s –The RTL instance of a parametric IP is verified stand- alone today, simply because we are not sure that our configuration works correctly

24 Open issues The problem of several assertion languages The problem of several assertion languages –e, PSL, SVA/OVA Support of mixed HDL language Support of mixed HDL language –VHDL support generally comes very late in commercial products Functional coverage from Simulation and Formal Verification “reasonably” combined Functional coverage from Simulation and Formal Verification “reasonably” combined Ways to evaluate property coverage Ways to evaluate property coverage

25 Conclusions Formal Methods are already penetrating classical verification methodology, especially at the low level, to verify the designer’s “implied intent” Formal Methods are already penetrating classical verification methodology, especially at the low level, to verify the designer’s “implied intent” Formal Verification usage model must become closer to the traditional verification engineer culture Formal Verification usage model must become closer to the traditional verification engineer culture –standard Verification Components interoperable with simulation  this is an important vendor differentiator as it requires specific features in the tools ! –integrated coverage measure capabilities among simulation and formal verification No room for “gurus” exclusively devoted to FV No room for “gurus” exclusively devoted to FV

Download ppt "STMicroelectronics – Agrate Brianza - Italy Can We Really do Without the Support of Formal Methods in the Verification of Large Designs ? Special Session."

Similar presentations

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
1 System Level Verification of OCP-IP based SoCs using OCP-IP eVC Himanshu Rawal eInfochips, Inc.,4655 Old Ironsides Drive, Suite 385,Santa Clara, CA 95054.

1 System Level Verification of OCP-IP based SoCs using OCP-IP eVC Himanshu Rawal eInfochips, Inc.,4655 Old Ironsides Drive, Suite 385,Santa Clara, CA
Putting It All Together: Using Formal Verification In Real Life Erik Seligman CS 510, Lecture 19, March 2009.

Putting It All Together: Using Formal Verification In Real Life Erik Seligman CS 510, Lecture 19, March 2009.
Using emulation for RTL performance verification

Using emulation for RTL performance verification
- Verifying “Golden” reused IPs The Evil’s in the Edits William C Wallace Texas Instruments Nitin Jayaram Texas Instruments Nitin Mhaske Atrenta Inc Vijay.

- Verifying “Golden” reused IPs The Evil’s in the Edits William C Wallace Texas Instruments Nitin Jayaram Texas Instruments Nitin Mhaske Atrenta Inc Vijay.
Systematic method for capturing “design intent” of Clock Domain Crossing (CDC) logic in constraints Ramesh Rajagopalan Cisco Systems.

Systematic method for capturing “design intent” of Clock Domain Crossing (CDC) logic in constraints Ramesh Rajagopalan Cisco Systems.
2011.07.21 - Presenter: PCLee VLSI Design, Automatic and Test, 2005. (VLSI-TSA-DAT).

Presenter: PCLee VLSI Design, Automatic and Test, (VLSI-TSA-DAT).
Effective RTL coding rules to avoid Simulation Shoot-thru Udit Kumar 1, Bhanu Prakash 1, Olivier Florent 1, Paras Mal Jain 2, Anshu Malani 2, Shaker Sarwary.

Effective RTL coding rules to avoid Simulation Shoot-thru Udit Kumar 1, Bhanu Prakash 1, Olivier Florent 1, Paras Mal Jain 2, Anshu Malani 2, Shaker Sarwary.
Presenter: PCLee – 2011.03.02. This paper outlines the MBAC tool for the generation of assertion checkers in hardware. We begin with a high-level presentation.

Presenter: PCLee – This paper outlines the MBAC tool for the generation of assertion checkers in hardware. We begin with a high-level presentation.
Leveraging Assertion Based Verification by using Magellan Michal Cayzer.

Leveraging Assertion Based Verification by using Magellan Michal Cayzer.
The Future of Formal: Academic, IC, EDA, and Software Perspectives Ziyad Hanna VP of Research and Chief Architect Jasper Design Automation Ziyad Hanna.

The Future of Formal: Academic, IC, EDA, and Software Perspectives Ziyad Hanna VP of Research and Chief Architect Jasper Design Automation Ziyad Hanna.
The Design Process Outline Goal Reading Design Domain Design Flow

The Design Process Outline Goal Reading Design Domain Design Flow
Design For Verification Synopsys Inc, April 2003.

Design For Verification Synopsys Inc, April 2003.
Presenter : Yeh Chi-Tsai System-on-chip validation using UML and CWL Qiang Zhu 1, Ryosuke Oish 1, Takashi Hasegawa 2, Tsuneo Nakata 1 1 Fujitsu Laboratories.

Presenter : Yeh Chi-Tsai System-on-chip validation using UML and CWL Qiang Zhu 1, Ryosuke Oish 1, Takashi Hasegawa 2, Tsuneo Nakata 1 1 Fujitsu Laboratories.
1 HW/SW Partitioning Embedded Systems Design. 2 Hardware/Software Codesign “Exploration of the system design space formed by combinations of hardware.

1 HW/SW Partitioning Embedded Systems Design. 2 Hardware/Software Codesign “Exploration of the system design space formed by combinations of hardware.
1 Assertion Based Verification 2 The Design and Verification Gap  The number of transistors on a chip increases approximately 58% per year, according.

1 Assertion Based Verification 2 The Design and Verification Gap  The number of transistors on a chip increases approximately 58% per year, according.
Behavioral Design Outline –Design Specification –Behavioral Design –Behavioral Specification –Hardware Description Languages –Behavioral Simulation –Behavioral.

Behavioral Design Outline –Design Specification –Behavioral Design –Behavioral Specification –Hardware Description Languages –Behavioral Simulation –Behavioral.
ECE 667 - Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
DSI Division of Integrated Systems Design Functional Verification Environments Development Goals Our main goals are in the field of developing modular.

DSI Division of Integrated Systems Design Functional Verification Environments Development Goals Our main goals are in the field of developing modular.
Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.

Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.

Similar presentations

Ads by Google