I remember 0-in's first DAC. It was DAC'98 and it was the startup that grabbed everyone's attention that year. 0-in wrestled with the functional verification problem. 0-in worked by placing "checkers" in your Verilog RTL.
There were 28 types of checkers. Their 10 static checkers monitored stuff like "Unverifiable Full Case Statements" and "Not possible to verify that mem address will always be valid."
Their 18 dynamic checkers monitored stuff like "a tristate bus was simultaneously driven by multiple sources," "a mem location was overwritten without being used" or "valid data in a synchronization register was overwritten without being used"-all time-dependent data usage stuff. A typical 100-kgate design has 200 to 500 checkers generated for it.
Next, you fed 0-in all the human-generated functional test vectors for your design. From there, 0-in figured out your design's legal I/O and then, by tweaking your I/O, 0-in did directed searches outside of the space-time continuum that you had established with those hand-generated vectors via their state machine "arc-pairs." (Don't ask. I didn't completely understand it myself at the time.) Anyway, if any of this directed legal I/O tweaking caused an error, a checker would fire, thus catching an obscure bug you probably hadn't anticipated.
Or at least that was their story two years ago. After DAC'98, 0-in fell from view until the recent Guild newsletter carried a short letter from Anders Nordstrom of Nortel, who shared his 0-in story with an 850,000-gate design.
"The tool tried to figure out what to check, and the user had to filter out the incorrect assumptions afterward," wrote Nordstrom. "It was correct 95 percent of the time, but it was still painful to go through those reports. I did, however, find several bugs using the check tool. One thing the tool can check for is incorrect usage of "//synopsys full_case parallel_case" on case statements. If you specify parallel_case and it turns out in simulation that it is not a parallel_case, Zero-In Check will flag it. We caught at least one bug with this specific checker."
Nordstrom then praised 0-in's register leak check. "It found one register leak bug that would have been very hard to debug in the lab. It would have really confused our software designers."
Anders Nordstrom's experience was with an older version of 0-in. "I know 0-in has evolved since I last used it. It's apparently much easier to use now. It's still an interesting complement to simulation that helps you find a class of bugs that are very difficult to find," concluded Nordstrom.
I wonder what the 0-in user experience is now (www.0-in.com).
John Cooley runs the E-mail Synopsys Users Group (ESNUG), is a Contract ASIC Designer and loves hearing from engineers at jcooley@world.std.com or (508) 429-4357.
