Teams 'shift left' to tackle challenges earlier in the design flow, says CTO of Real Intent, an EDA software design tools company.
We are at the dawn of a new age of digital verification for SoCs. A fundamental change is underway. We are moving away from a tool and technology approach — “I have a hammer, where are some nails?” — and toward a verification-objective mindset for design sign-off, such as “Does my design achieve reset in two cycles?”
Objective-driven verification at the RT level now is being accomplished using static-verification technologies. Static verification comprises deep semantic analysis (DSA) and formal methods. DSA is about understanding the purpose and intent of logic, flip-flops, state machines, etc. in a design, in the context of the verification objective being addressed. When this understanding is at the core of an EDA tool set, a major part of the sign-off process happens before the use or need of formal analysis.
The right mix of these two components — DSA and formal methods — significantly reduces the need for dynamic analysis (simulation). Although dynamic analysis continues to have a role, increasingly it is viewed as a backstop and not the main focus of the verification flow. Any simulation must be absolutely necessary and be tied to a companion static analysis step.
In addition, DSA and formal analysis work synergetically to complete sign-off. DSA generates checks that are precisely scoped and well-structured, enhancing formal analysis performance. Likewise, formal analysis helps validate or falsify hypotheses made during DSA. This combination is proving its value for multiple SoC verification objectives.
X-propagation verification is a prime example. RTL simulation is X-optimistic and can hide bugs or cause RTL and gate-level simulation results to differ. It’s important for design teams to understand which constructs in their designs are X-sensitive, and how these can be affected by upstream X-sources. Designers also need to ensure that their designs come out of power-up in a known state, in a given number of clock cycles. Also, powered-down blocks must not cause incorrect behavior in the active blocks. The only way to sign-off on X-verification objectives in a reasonable amount of time is by using static analysis based on combining DSA with the proper application of formal methods.
Verifying clock-domain crossings is another example showcasing the value of DSA and formal analysis for SoCs. Although basic failure modes are simple to describe, identifying these failures in real-life RTL so that all potential failures are reported in acceptable run time — without drowning the engineer in noise — is a formidable challenge. This is an area where DSA shines. Real Intent’s Meridian CDC tool, for example, performs full-chip comprehensive CDC analysis in a hierarchical and distributed workflow without resorting to abstractions. For full-chip SOC integration, IP block connectivity must be retained intelligently to make sure “sneak paths” that come into play only at the SoC level can be identified. To enable DSA, data models have been developed to represent even giga-scale designs with all the necessary details for comprehensive verification.
Despite the fact that linting verification tools have been in use for more than 20 years, new data models are needed to deliver giga-scale capacity and performance for current SoCs. The combination of new levels of performance and DSA lets designers get answers in minutes, and helps resolve chip-scale issues quickly that otherwise would have been missed or would have taken days to resolve. For example, undesired combinational loops often arise when an IP block is integrated into the SoC. Without advanced linting tools, such problems would go undetected and ultimately manifest as failures in deployed products.
Preventing SoC re-spins no longer requires the fastest simulator, assertion verifier or static timer tool; or even an all-in-one tool that does a little bit of a lot of things. What SoC design houses need instead to achieve the next breakthrough in verification efficiency for key SoC-verification objectives — such as CDC, and X-safety verification — is to adopt the mindset of deploying the best-in-class solutions with leading-edge performance, capacity, workflow and sign-off quality.
One advantage of this new mindset is that companies and their design managers can more easily create a set of verification objectives that are comprehensive and complete to meet sign-off requirements at the RT level. Once these objectives are defined, the decision makers can use these sign-off criteria to allocate the right mix of resources between the RTL design team and the system-level verification team, both of which are highly focused on top-level functionality and performance.
Without the move from a tools-driven mindset to a verification-objective-driven mindset, the SoC design process will break down. Static methods now shine as objectives have become clearly defined and failure modes deeply understood. A new age of SoC design is beginning with the advent of best-in-class solutions in CDC and early RTL verification. We expect to see newer objectives to be adopted as teams “shift left” to tackle challenges earlier in the design flow.
—Dr. Pranav Ashar is chief technology officer at Real Intent, which makes EDA software design tools to accelerate Early Functional Verification and Advanced Sign-off of digital designs.
He has more than two decades of EDA expertise to Real Intent and previously was department head at NEC Labs in Princeton, NJ where he developed a number of EDA technologies that have influenced the industry.