Designers Work Less with Quality Formal Equivalence Checking
Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty...
Transcript of Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty...
![Page 1: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/1.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 1
Compatible Qualification Metrics for Formal Property Checking
Munich - November 18, 2013
Holger Busch
Senior Staff Engineer VerificationInfineon Technologies
![Page 2: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/2.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 2
�Motivation�Goals�Qualification Approaches�Onespin‘s Coverage Feature�Certitude
– General set-up– Coupling with Onespin
�Experience and Comparison�Conclusions
Overview
![Page 3: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/3.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 3
� “Formal properties are exhaustively checked! “� 100 % coverage ?
� Yes: – All input combinations implicitly checked by formal provers
� No:– Property assumptions constrain inputs
(better than constrained randomized simulation: not just seed)– Property commitments cannot check all outputs– Single property cannot cover all input-/output behaviour�Properties are developed according to partitioned DUT-function
�Task: Guarantee completeness of partitioning
Why Qualify Formal Property Sets ?
![Page 4: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/4.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 4
Goals
� Quality control– Assessment of formal property sets
� Formal verification management– Progress indication– Sign-Off Criteria
� Handling of mixed verification tool landscape– Directed & constraint driven randomized simulation– Formal property checking
� ISO26262 compliance of automotive μC products– Traceability– Documentation of design and verification process
![Page 5: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/5.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 5
� Manual– Review of formal properties
� Formal completeness checks – Onespin‘s gap-free verification methodology�Strongest criterion, not related to simulation coverage metrics
� Formal witness generation– Simulation coverage for witness trace: line, branch�Quality of witness ?
� Design mutation– Onespin‘s built-in coverage feature Quantify– Link to test-bench qualification tool Certitude
Qualification Approaches for Formal
![Page 6: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/6.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 6
�Motivation�Goals�Qualification Approaches�Onespin‘s Coverage Feature�Certitude
– General set-up– Coupling with Onespin
�Experience and Comparison�Conclusions
Overview
![Page 7: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/7.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 7
Onespin 360° MV
� Bounded model-checker– Various proof engines
� Property languages: – ITL (Interval Language) ,
SVA, PSL
� Linting� Consistency checker
– Dead-code, Stuck@signals, ...
� Property debugger� Coverage
– Formal completeness checker– Line & branch coverage: “Quantify“
![Page 8: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/8.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 8
Onespin‘s Quantify Feature
� Pre-analyses– Formal-proof-based identification of
dead, constrained, redundant code regions– Code reachability by given property set
� Observation coverage: – Formal proof that code location (assignment) checked– Code location observed when proof fails
� User-guidance easy– Push-button, focussing to code regions possible
� Result presentation– XML ~> UCDB-compatible– HTML-visualisation
![Page 9: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/9.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 9
Onespin‘s Quantify Feature
![Page 10: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/10.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 10
Onespin‘s Quantify Feature
![Page 11: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/11.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 11
�Motivation�Goals�Qualification Approaches�Onespin‘s Coverage Feature�Certitude
– General set-up– Coupling with Onespin
�Experience and Comparison�Conclusions
Overview
![Page 12: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/12.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 12
Certitude: Fault Instrumentation
� Principle:– Fault-instrumentation of HDL-sources– Check fault detection by test-cases
![Page 13: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/13.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 13
Certitude: Qualification Phases
� Modelling phase: RTL-code instrumentation by Certitude– Different fault models injected into RTL code– Top-level entity with additional input vector for individual activation
� Activation phase: Each test-case run once:– Activation: test-case stimulus activates fault condition– Propagation: fault visible at observation points (DUT interface)� Detection phase: Analyses for pairs of {fault test-case}:– Detection: fail of test-case instead of pass– Fault-sets: Finjected ⊇ Factivated ⊇ Fpropagated ⊇ Fdetected– Iterative detection controlled by Certitude:
� Statistical Approach by Certitude:– Metrics computation for statistical samples
� Application to Formal Properties– Iterative invocation of property checker for {fault / formal-property} pairs
instead of simulator for {fault / test-case} pairs
![Page 14: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/14.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 14
Certitude Qualification Flow
13.12.2012 Page 14
Certitude
Simulator/Formal
Property Checker
Selection:{fault, test-case/prop}
Result:fail/pass, check-time
RTL*
Test-cases/Props
Scripts:•Elaborate RTL*•Generate fault assumption•Check•Write result
Qualification Results
![Page 15: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/15.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 15
�Motivation�Goals�Qualification Approaches�Onespin‘s Coverage Feature�Certitude
– General set-up– Coupling with Onespin
�Experience and Comparison�Conclusions
Overview
![Page 16: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/16.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 16
Certitude <-> Onespin
� Iterative procedure:– Let Certitude select:
� Property P from set of qualification properties� Fault c from current set of non-detected faults
– Add fault assumption to regular property
– Check fault-c-enabled Property P in property checker– Return proof result + run-time to Certitude
� Fail: fault c detected by Property P– Repeat until Certitude is finished:
� All faults detected or� All {fault / property}-pairs exercised for non-detected faults
1hot(f) ∧ f(c)=1,ass(P) |- com(P)ass(P) |- com(P)
Regular Property P: Property P with enabling of fault c:∀c. f(c)= 0
![Page 17: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/17.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 17
�Motivation�Goals�Qualification Approaches�Onespin‘s Coverage Feature�Certitude
– General set-up– Coupling with Onespin
�Experience and Comparison�Conclusions
Overview
![Page 18: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/18.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 18
Experience and Comparison
Quantify Certitude <-> Onespin Qualification
Added value: Coverage results useful for productive verification projectsDesign size: Modules with several 10 k locs manageable
Usage: easy Usage: less easy at the beginning: Set-up for Certitude and FPC required
Fault injection: elaborated model Fault injection: RTL design
User control:Code regions (focus, skip, exclude)Property set
User control: rich configurabiltyCode inclusion, fault types, density, properties; instance- or module-based
Restartability: yes (longer setup time) Restartability: yes (short set-up time)
Compatibility with simulation: mergeable Compatibility with simulation: 1:1
Maturity: Product feature, potentials for improvements
Maturity: Certitude available for many years; recently: scripting for IFX-internal usage for performance optimization
Licences: regular Onespin prover licenses Licences: Onespin prover licenses +Certitude license
![Page 19: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/19.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 19
�Motivation�Goals�Qualification Approaches�Onespin‘s Coverage Feature�Certitude
– General set-up– Coupling with Onespin
�Comparison�Conclusions
Overview
![Page 20: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/20.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 20
Conclusions
� Two simulation-compatible FPC qualification methods for productive usage
� Both handle big IPs and property sets� Usage strongly recommended!� Two different paradigms:
– Integrated in property checking environment: Quantify � Efficient, but closed and vendor-specific� Metrics similar to simulation coverage
– Coupling of separate tools: Certitude-Onespin/Simulators… � Open for customization� Exactly same metrics for FPC and simulation
�Potential synergies
![Page 21: Compatible Qualification Metrics for Formal Property Checking · Metrics for Formal Propertty Checking Holger Busch Page 1 Compatible Qualification Metrics for Formal Property Checking](https://reader034.fdocuments.in/reader034/viewer/2022050717/5e160ac4d011867ef032b499/html5/thumbnails/21.jpg)
Verification Futures Conference 2013, Munich, Nov. 18
Compatible Qualification Metrics for Formal Propertty Checking
Holger BuschPage 21
Questions ?