upgrade your verification with jasper!...an example of end-to-end properties a scoreboard, just like...
TRANSCRIPT
Upgrade your Verification with Jasper!
Lawrence Loh
VP Worldwide Applications Engineering
TVS 2013
Page 2 | © 2013, Jasper Design Automation | Confidential
Jasper Design Automation
• The leading provider of SoC design and verification solutions
leveraging advanced formal technologies
Jasper Users
• Our customers include system architects, logic designers,
verification engineers, and silicon bring-up teams
Jasper’s Success
• Our year-to-year exponential growth based on successful,
proven technologies; excellent AE support; and deployment-
driven business model
About Jasper
Page 3 | © 2013, Jasper Design Automation | Confidential
Company Highlights
Disruptive Market
Opportunity Traditional verification techniques are inadequate to address complex
verification challenges including Multi-Processor, Low Power, Security
World Leader in
Formal Verification Electronic Design Automation software products based on superior formal
technology, with highest performance and capacity, and broad reach
Tier 1
Customer Base 10 of the top 15 Semiconductor companies use Jasper
Experienced
Management Team CEO and executive staff are veterans of successful start-ups and public
companies with over 100 years of combined experience
Global Reach and
Presence Headquarters in Silicon Valley; R&D sites in Israel, Sweden and Brazil;
Direct sales in US and Europe; Distribution network in Japan, Asia, Israel
Strong Financials
and Business Model 35% CAGR since 2007; Profitable for 11 quarters
Page 4 | © 2013, Jasper Design Automation | Confidential
Formal Property
Verification App
• Protocol certification
• End-to-end packet integrity
• Asynchronous clocking effects
• Assertion-based verification
• Proofs for critical functionalities
• Debug isolation and fix validation
Connectivity
Verification App
• Chip-level
connectivity
• Conditional
connection with
latency
X-Propagation
Verification App
• Unexpected X
detection and
debugging
RTL Development App
• Waveform generation from
intent
• Designer-based verification
w/o testbench
• Design trade-off analysis
• Behavioral indexing
Architectural
Modeling App
• Executable spec
• Absence of deadlock
• Cache coherency
• Liveliness
• Latency
• Pre-RTL modeling
Intelligent Proof
Kits and
Verification IPs
• Certification of AMBA
4/ACE checkers
• Popular standard
protocols
• Configurable,
illustrative, optimized
for formal
JasperGold® Apps
Common Database • Common Interface • Simplified Interaction Between Apps • Flexible Deployment
Control/Status
Register
Verification App
• Automated
• Comprehensive
• Standard and
proprietary protocols
Post-Silicon Debugging
• Failure signature matching
• Root cause isolation
• Candidate cause elimination
• Validation of fixes before re-spin
Other SoC-Related
Applications
• Glitch detection
• Sequential equivalency
checking
• Security path verification
• System-level deadlock
Higher
Capacity
Interactive
Debug Increased
Throughput
Wider
Deployment Verify complex
100M gate designs
Modify/create properties
on the fly to explore
design behavior
Utilize multiple proof
engines on parallel
compute resources
Proliferate across
engineering teams with
unique adoption model
Behavioral Property Synthesis
• Inference & synthesis of properties
from RTL & simulation
• Multi-cycle, hand-shake, implication,
black box, and white box properties
• Automated and manual property
ranking and classification
• VCD, FSDB and PLI support
• Feedback into simulation coverage
Structural Property Synthesis
• Early validation w/o testbench
• Automatic checks from RTL such as
Arithmetic overflow, dead code, FSM
Livelock/Deadlock states
• Automated and manual property ranking
and classification
• Feedback properties into formal or
simulation environments
Design Coverage
Verification
• Coverage metrics generation
from formal verification
• Coverage metrics to establish
quality of formal testbench
• Coverage metrics for
bounded/full proof result
• Interacting with coverage
metrics from simulation via an
external DB (e.g. UCDB)
Low Power
Verification
• Formal analysis and verification
of architectural features, power
domains, supply network,
power switching, isolation,
retention
• Analysis of third-party IP blocks
• Verification of power-related
blocks and power sequencing
Customer Resonance and Adoption
Page 6 | © 2013, Jasper Design Automation | Confidential
AAHAA: Architecture, bug Avoidance, bug Hunting, bug Absence
and bug Analysis
Architecture specification and verification
• Specify architecture using formal methods and verify them for completeness
and correctness
• Usually an academic topic
• ARM is diving into this for new communication protocols, and for instruction
semantics (e.g. ACE modelling and verification, 2011)
Bug Avoidance
• Also called “design bring-up”
• Use formal as an aid for design, usually before the simulation testbench is ready
• Catch bugs early
Deployment of Formal: ARM’s View
Page 7 | © 2013, Jasper Design Automation | Confidential
Bug Hunting
• Find bugs at block and system level
• No effort for proofs
• Automation and regression on server-farm friendly
Bug Absence
• Prove critical properties to get 100% assurance
• May require considerable user expertise and effort
Bug Analysis
• Investigate late-cycle bugs
• Isolate corner-case bugs (observed in field, lab)
• Confirm the correctness of bug fix
AAHAA…
Designer Adoption
Architecture, Avoidance, Hunting, Absence, Analysis
Page 9 | © 2013, Jasper Design Automation | Confidential
Rethinking Designer Verification
Simulation
• More of an “input driven” method, may not exercise desired behavior
• Wiggle the inputs to produce a desired behavior (trial and error)
Visualize™
• Specify the target and let the formal engines generate the stimulus (“output
driven” method)
• Interactively add constraints to construct desired waveform
Simulator
RTL
Testbench
Simulation
waveform
VisualizeTM
RTL
state == READ
ack = 1
Visualize
waveform
Target
state == READ
ack = 1
Page 10 | © 2013, Jasper Design Automation | Confidential
Generate Waveforms Quickly and Easily
from RTL
The ‘target’ is satisfied without the need
of a testbench
Page 11 | © 2013, Jasper Design Automation | Confidential
Capture Properties from the Waveform
‘export -to_sva/psl’ to include
captured properties in other
verification flows
Page 12 | © 2013, Jasper Design Automation | Confidential
Combine Multiple Behaviors for Complex
Scenarios
Add design behaviors as constraints
to create complex scenarios…
Capture as a recipe
End to End Properties
Architecture, Avoidance, Hunting, Absence, Analysis
Page 14 | © 2013, Jasper Design Automation | Confidential
End-to-End Property Verification
When compared to low-level assertions, end-to-end properties are
better:
Provide highest return on investment
Leverage standard constraints on standard interfaces
Provide clear value for projects as they map to micro-architectural spec
Design
block
Block-level assertions
End-to-end
high-level requirement
Inputs Outputs
Page 15 | © 2013, Jasper Design Automation | Confidential
Scoreboard Proof Accelerator
Formal
engine
Formal
engine
An Example of End-to-End Properties
A scoreboard, just like in simulation, can be very powerful
Jasper’s Formal Scoreboard can exhaustively prove that data is not
dropped, duplicated, or swapped
Req In
Control/Data In
Grant Out
Control/Data Out
Grant In
Req Out
DUV Formal engine
Formal engine
Scoreboard
A A A
A
A
B
A
B
B B B C
C
C
C C
A
A A
A
B B B
B
B
B B
B X
Page 16 | © 2013, Jasper Design Automation | Confidential
Methodology
• Apply design domain knowledge to create formal-friendly models of
properties and constraints
• Applying design domain knowledge to create suitable manual abstractions
• Assume/guarantee reasoning
• Leverage symmetries in the design
Technology
• High-performance engines
• Safe abstraction techniques to reduce the design complexity (Proof
Accelerators™, counter abstraction, Formal Scoreboard™)
• Tool assistance in identifying complexity
• Design-domain-specific automatic abstractions
Coping with Design Complexity
The Big PICTURE
Architecture, Avoidance, Hunting, Absence, Analysis
Page 18 | © 2013, Jasper Design Automation | Confidential
System Level Deadlock – Root Causes
Architectural flaw:
• Protocol or the system
• A flaw in the protocol that could cause a deadlock
Bugs introduced during block implementation:
• Arbitration, interface errors, data-integrity related bugs could cause
deadlock
System implementation issue:
• Involves latencies and functionalities associated with many sub-
systems (ingress, fabric, egress)
Ideally the deadlock related issues should be
caught as close to the origin as possible
Page 19 | © 2013, Jasper Design Automation | Confidential
Deadlock Verification Stages
Architectural
Bugs
Block
Implementation
Bugs
System
Implementation
Bugs
Architectural verification: Catches architectural issues leading to deadlock
Block verification: Catches implementation bugs and a
subset of architectural bugs (ones present in the specific implementation)
System verification: Catches block and system implementation bugs and
a subset of architectural bugs (ones present in the specific implementation)
Page 20 | © 2013, Jasper Design Automation | Confidential
System-level Deadlock Detection App
Manages the complexity by concentrating on network
architecture • Multiple interconnect fabrics, many masters and slaves
• Potentially long latency before observing the deadlock
Tracks forward progress of activities in both subsystems • New intelligent traversal algorithms
• Assertions pre-packaged with the App – no user-defined assertions
necessary
• Tool automatically identifies what “progress” means
• Repeatable lack of forward progress indicates a deadlock
User interactions • Any unexplained lack of forward progress is presented to the user
• User determines if it is a bug or is actually expected, in which case it is
excluded
• Either finds a real deadlock or ultimately proves no deadlock
Am I done with Verification?
Architecture, Avoidance, Hunting, Absence, Analysis
Page 22 | © 2013, Jasper Design Automation | Confidential
Two main components of formal testbench
Constraints
• Responsible for determining stimulus for design sensitization
Assertions
• Responsible for providing checking capability
Usage Model 1: Coverage Metrics for Formal Testbench Sanity
Page 23 | © 2013, Jasper Design Automation | Confidential
Usage Model 2- Coverage Metrics for Bounded Proof Result
A bounded proof result implies that only a subset of the
reachable state-space is traversed and no violation of
the assertion is encountered in that subset
Bounded proof of “k” cycles:
• All states reachable within the “k” cycles from the design’s reset
state have been analyzed
This implies that all events possible within “k” cycles
from the reset state have been triggered
Page 24 | © 2013, Jasper Design Automation | Confidential
DUT
Coverage
DB
Testbench Simulator
Formal Tool
Read API
Write API
Write API
Read API
Usage Model 3 - Accelerating Coverage
Closure using Metrics from Formal Verification
Page 25 | © 2013, Jasper Design Automation | Confidential
Possible Caveats in Integrating Formal and Simulation Coverage
Users need to be aware of the semantic differences of
the data obtained from formal and from simulation
Users should also take the differences of verification
setup into account before merging data
Definition of coverage models not standardized
• Different simulation vendors may have mismatches
• Difficult to achieve complete compatibility with any simulation
vendor (even for simple coverage models)
Around the corner…
, Avoidance, Hunting, Absence, Analysis
Page 27 | © 2013, Jasper Design Automation | Confidential
Ubiquity of Complexity Driving Need for Formal Verification
Low Power
Dynamic Power Islands;
Functional Verification and
Sequential Equivalence
Security
Trusted Zones; Secure
Access; Immunity from
Physical Attacks
Multi Processor
Complex On-Chip Buses;
Deadlock; Coherency
Use is limited to handful of
very high end ICs 90’s
10’s
00’s
Super Computers Software only
Mobile Phones Concentrated use in PC
and Graphics Software only
Use in Mobile, Consumer,
Server, Graphics, IT, and
Computing
Wide-spread use in
Mobile, Consumer,
Industrial, Automotive,
Tablets and Mobile Phones
Use in Mobile, Automotive,
Servers, Gaming IC,
Graphics Chips
Page 28 | © 2013, Jasper Design Automation | Confidential
Traditional Verification Solutions Fall Short on Hardest Problems
Low Power Security Multi-Processor
Simulation is empirical; can’t test all possible combinations;
suffers from long run times and labor-intensive debug
Emulation is expensive; happens too late; can’t test all modes
• Previously rare and esoteric verification problems are now common to most chips
• Jasper is the only Formal Verification provider to embrace complexity as a strategy –
leveraging superior formal technology and deployment-driven business model
Large number of possible
power modes
Pre-verified modules can deadlock
after integration
Register state impacts
security path access
Non-deterministic
transitions
Cache coherency with many
heterogeneous master and slaves
Specifications of prohibited
behavior
Structural changes have
unexpected impact
Distributed On-Chip bus
implementation