Upgrade your Verification with Jasper!...An Example of End-to-End Properties A scoreboard, just like...

Upgrade your Verification with Jasper!

Lawrence Loh

VP Worldwide Applications Engineering

TVS 2013

| © 2013, Jasper Design Automation | Confidential

Jasper Design Automation

• The leading provider of SoC design and verification solutions

leveraging advanced formal technologies

Jasper Users

• Our customers include system architects, logic designers,

verification engineers, and silicon bring-up teams

Jasper’s Success

• Our year-to-year exponential growth based on successful,

proven technologies; excellent AE support; and deployment-

driven business model

About Jasper


Company Highlights

Disruptive Market

Opportunity Traditional verification techniques are inadequate to address complex

verification challenges including Multi-Processor, Low Power, Security

World Leader in

Formal Verification Electronic Design Automation software products based on superior formal

technology, with highest performance and capacity, and broad reach

Tier 1

Customer Base 10 of the top 15 Semiconductor companies use Jasper

Experienced

Management Team CEO and executive staff are veterans of successful start-ups and public

companies with over 100 years of combined experience

Global Reach and

Presence Headquarters in Silicon Valley; R&D sites in Israel, Sweden and Brazil;

Direct sales in US and Europe; Distribution network in Japan, Asia, Israel

Strong Financials

and Business Model 35% CAGR since 2007; Profitable for 11 quarters


Formal Property

Verification App

• Protocol certification

• End-to-end packet integrity

• Asynchronous clocking effects

• Assertion-based verification

• Proofs for critical functionalities

• Debug isolation and fix validation

Connectivity

Verification App

• Chip-level

connectivity

• Conditional

connection with

latency

X-Propagation

Verification App

• Unexpected X

detection and

debugging

RTL Development App

• Waveform generation from

intent

• Designer-based verification

w/o testbench

• Design trade-off analysis

• Behavioral indexing

Architectural

Modeling App

• Executable spec

• Absence of deadlock

• Cache coherency

• Liveliness

• Latency

• Pre-RTL modeling

Intelligent Proof

Kits and

Verification IPs

• Certification of AMBA

4/ACE checkers

• Popular standard

protocols

• Configurable,

illustrative, optimized

for formal

JasperGold® Apps

Common Database • Common Interface • Simplified Interaction Between Apps • Flexible Deployment

Control/Status

Register

Verification App

• Automated

• Comprehensive

• Standard and

proprietary protocols

Post-Silicon Debugging

• Failure signature matching

• Root cause isolation

• Candidate cause elimination

• Validation of fixes before re-spin

Other SoC-Related

Applications

• Glitch detection

• Sequential equivalency

checking

• Security path verification

• System-level deadlock

Higher

Capacity

Interactive

Debug Increased

Throughput

Wider

Deployment Verify complex

100M gate designs

Modify/create properties

on the fly to explore

design behavior

Utilize multiple proof

engines on parallel

compute resources

Proliferate across

engineering teams with

unique adoption model

Behavioral Property Synthesis

• Inference & synthesis of properties

from RTL & simulation

• Multi-cycle, hand-shake, implication,

black box, and white box properties

• Automated and manual property

ranking and classification

• VCD, FSDB and PLI support

• Feedback into simulation coverage

Structural Property Synthesis

• Early validation w/o testbench

• Automatic checks from RTL such as

Arithmetic overflow, dead code, FSM

Livelock/Deadlock states

• Automated and manual property ranking

and classification

• Feedback properties into formal or

simulation environments

Design Coverage

Verification

• Coverage metrics generation

from formal verification

• Coverage metrics to establish

quality of formal testbench

• Coverage metrics for

bounded/full proof result

• Interacting with coverage

metrics from simulation via an

external DB (e.g. UCDB)

Low Power

Verification

• Formal analysis and verification

of architectural features, power

domains, supply network,

power switching, isolation,

retention

• Analysis of third-party IP blocks

• Verification of power-related

blocks and power sequencing

Customer Resonance and Adoption


AAHAA: Architecture, bug Avoidance, bug Hunting, bug Absence

and bug Analysis

Architecture specification and verification

• Specify architecture using formal methods and verify them for completeness

and correctness

• Usually an academic topic

• ARM is diving into this for new communication protocols, and for instruction

semantics (e.g. ACE modelling and verification, 2011)

Bug Avoidance

• Also called “design bring-up”

• Use formal as an aid for design, usually before the simulation testbench is ready

• Catch bugs early

Deployment of Formal: ARM’s View


Bug Hunting

• Find bugs at block and system level

• No effort for proofs

• Automation and regression on server-farm friendly

Bug Absence

• Prove critical properties to get 100% assurance

• May require considerable user expertise and effort

Bug Analysis

• Investigate late-cycle bugs

• Isolate corner-case bugs (observed in field, lab)

• Confirm the correctness of bug fix

AAHAA…

Designer Adoption

Architecture, Avoidance, Hunting, Absence, Analysis


Rethinking Designer Verification

Simulation

• More of an “input driven” method, may not exercise desired behavior

• Wiggle the inputs to produce a desired behavior (trial and error)

Visualize™

• Specify the target and let the formal engines generate the stimulus (“output

driven” method)

• Interactively add constraints to construct desired waveform

Simulator

RTL

Testbench

Simulation

waveform

VisualizeTM

RTL

state == READ

ack = 1

Visualize

waveform

Target

state == READ

ack = 1


Generate Waveforms Quickly and Easily

from RTL

The ‘target’ is satisfied without the need

of a testbench


Capture Properties from the Waveform

‘export -to_sva/psl’ to include

captured properties in other

verification flows


Combine Multiple Behaviors for Complex

Scenarios

Add design behaviors as constraints

to create complex scenarios…

Capture as a recipe

End to End Properties



End-to-End Property Verification

When compared to low-level assertions, end-to-end properties are

better:

Provide highest return on investment

Leverage standard constraints on standard interfaces

Provide clear value for projects as they map to micro-architectural spec

Design

block

Block-level assertions

End-to-end

high-level requirement

Inputs Outputs


Scoreboard Proof Accelerator

Formal

engine

Formal

engine

An Example of End-to-End Properties

A scoreboard, just like in simulation, can be very powerful

Jasper’s Formal Scoreboard can exhaustively prove that data is not

dropped, duplicated, or swapped

Req In

Control/Data In

Grant Out

Control/Data Out

Grant In

Req Out

DUV Formal engine

Formal engine

Scoreboard

A A A

A

A

B

A

B

B B B C

C

C

C C

A

A A

A

B B B

B

B

B B

B X


Methodology

• Apply design domain knowledge to create formal-friendly models of

properties and constraints

• Applying design domain knowledge to create suitable manual abstractions

• Assume/guarantee reasoning

• Leverage symmetries in the design

Technology

• High-performance engines

• Safe abstraction techniques to reduce the design complexity (Proof

Accelerators™, counter abstraction, Formal Scoreboard™)

• Tool assistance in identifying complexity

• Design-domain-specific automatic abstractions

Coping with Design Complexity

The Big PICTURE



System Level Deadlock – Root Causes

Architectural flaw:

• Protocol or the system

• A flaw in the protocol that could cause a deadlock

Bugs introduced during block implementation:

• Arbitration, interface errors, data-integrity related bugs could cause

deadlock

System implementation issue:

• Involves latencies and functionalities associated with many sub-

systems (ingress, fabric, egress)

Ideally the deadlock related issues should be

caught as close to the origin as possible


Deadlock Verification Stages

Architectural

Bugs

Block

Implementation

Bugs

System

Implementation

Bugs

Architectural verification: Catches architectural issues leading to deadlock

Block verification: Catches implementation bugs and a

subset of architectural bugs (ones present in the specific implementation)

System verification: Catches block and system implementation bugs and

a subset of architectural bugs (ones present in the specific implementation)


System-level Deadlock Detection App

Manages the complexity by concentrating on network

architecture • Multiple interconnect fabrics, many masters and slaves

• Potentially long latency before observing the deadlock

Tracks forward progress of activities in both subsystems • New intelligent traversal algorithms

• Assertions pre-packaged with the App – no user-defined assertions

necessary

• Tool automatically identifies what “progress” means

• Repeatable lack of forward progress indicates a deadlock

User interactions • Any unexplained lack of forward progress is presented to the user

• User determines if it is a bug or is actually expected, in which case it is

excluded

• Either finds a real deadlock or ultimately proves no deadlock

Am I done with Verification?



Two main components of formal testbench

Constraints

• Responsible for determining stimulus for design sensitization

Assertions

• Responsible for providing checking capability

Usage Model 1: Coverage Metrics for Formal Testbench Sanity


Usage Model 2- Coverage Metrics for Bounded Proof Result

A bounded proof result implies that only a subset of the

reachable state-space is traversed and no violation of

the assertion is encountered in that subset

Bounded proof of “k” cycles:

• All states reachable within the “k” cycles from the design’s reset

state have been analyzed

This implies that all events possible within “k” cycles

from the reset state have been triggered


DUT

Coverage

DB

Testbench Simulator

Formal Tool

Read API

Write API

Write API

Read API

Usage Model 3 - Accelerating Coverage

Closure using Metrics from Formal Verification


Possible Caveats in Integrating Formal and Simulation Coverage

Users need to be aware of the semantic differences of

the data obtained from formal and from simulation

Users should also take the differences of verification

setup into account before merging data

Definition of coverage models not standardized

• Different simulation vendors may have mismatches

• Difficult to achieve complete compatibility with any simulation

vendor (even for simple coverage models)

Around the corner…

, Avoidance, Hunting, Absence, Analysis


Ubiquity of Complexity Driving Need for Formal Verification

Low Power

Dynamic Power Islands;

Functional Verification and

Sequential Equivalence

Security

Trusted Zones; Secure

Access; Immunity from

Physical Attacks

Multi Processor

Complex On-Chip Buses;

Deadlock; Coherency

Use is limited to handful of

very high end ICs 90’s

10’s

00’s

Super Computers Software only

Mobile Phones Concentrated use in PC

and Graphics Software only

Use in Mobile, Consumer,

Server, Graphics, IT, and

Computing

Wide-spread use in

Mobile, Consumer,

Industrial, Automotive,

Tablets and Mobile Phones

Use in Mobile, Automotive,

Servers, Gaming IC,

Graphics Chips


Traditional Verification Solutions Fall Short on Hardest Problems

Low Power Security Multi-Processor

Simulation is empirical; can’t test all possible combinations;

suffers from long run times and labor-intensive debug

Emulation is expensive; happens too late; can’t test all modes

• Previously rare and esoteric verification problems are now common to most chips

• Jasper is the only Formal Verification provider to embrace complexity as a strategy –

leveraging superior formal technology and deployment-driven business model

Large number of possible

power modes

Pre-verified modules can deadlock

after integration

Register state impacts

security path access

Non-deterministic

transitions

Cache coherency with many

heterogeneous master and slaves

Specifications of prohibited

behavior

Structural changes have

unexpected impact

Distributed On-Chip bus

implementation

Upgrade your Verification with Jasper!...An Example of End-to-End Properties A scoreboard, just like...

Documents

Transcript of Upgrade your Verification with Jasper!...An Example of End-to-End Properties A scoreboard, just like...