Streamline Verification Process with Formal Property Verification to Meet Highly Compressed Design Cycle Prosenjit Chatterjee, nVIDIA Corporation.

Streamline Verification Process Streamline Verification Process with Formal Property Verification with Formal Property Verification

to Meet Highly Compressed to Meet Highly Compressed Design CycleDesign Cycle

Streamline Verification Process Streamline Verification Process with Formal Property Verification with Formal Property Verification

to Meet Highly Compressed to Meet Highly Compressed Design CycleDesign Cycle

Prosenjit Chatterjee,Prosenjit Chatterjee,nVIDIA CorporationnVIDIA Corporation

Goals Goals Goals Goals

Reach conventional verification goals Reach conventional verification goals fasterfaster

Reach Reach moremore verification goals verification goals

FewerFewer verification resources verification resources

Prove specific properties of most complex blocksProve specific properties of most complex blocks

Reach conventional verification goals Reach conventional verification goals fasterfaster

Reach Reach moremore verification goals verification goals

FewerFewer verification resources verification resources

Prove specific properties of most complex blocksProve specific properties of most complex blocks

SFV SFV SFV SFV

Minimal verification environment expertise Minimal verification environment expertise

Ability to use conventional verification techniques Ability to use conventional verification techniques

Non FV-able properties still usableNon FV-able properties still usable

Use conventional verification techniques at Full Chip Use conventional verification techniques at Full Chip and Super Unit leveland Super Unit level

However, now fewer bugs to uncover as sub-units However, now fewer bugs to uncover as sub-units are already SFV-edare already SFV-ed

Full time Dedicated Verification EngineerFull time Dedicated Verification Engineernot requirednot required

Designer’s kitDesigner’s kit

Minimal verification environment expertise Minimal verification environment expertise

Ability to use conventional verification techniques Ability to use conventional verification techniques

Non FV-able properties still usableNon FV-able properties still usable

Use conventional verification techniques at Full Chip Use conventional verification techniques at Full Chip and Super Unit leveland Super Unit level

However, now fewer bugs to uncover as sub-units However, now fewer bugs to uncover as sub-units are already SFV-edare already SFV-ed

Full time Dedicated Verification EngineerFull time Dedicated Verification Engineernot requirednot required

Designer’s kitDesigner’s kit

Conventional Verification ProcessConventional Verification ProcessConventional Verification ProcessConventional Verification Process

Sets of vector sequences that Sets of vector sequences that User generates to accomplish coverage goalsUser generates to accomplish coverage goals Directed or Random Vector sequencesDirected or Random Vector sequences Outputs are “smart-diffed”Outputs are “smart-diffed”

Sets of vector sequences that Sets of vector sequences that User generates to accomplish coverage goalsUser generates to accomplish coverage goals Directed or Random Vector sequencesDirected or Random Vector sequences Outputs are “smart-diffed”Outputs are “smart-diffed”

DUT RTLDUT RTL

DUT Data Transform ModelDUT Data Transform Model

TestBench TestBench

XX

PassPass

FailFail Internal Internal PropertiesProperties

Unknown FailUnknown Fail

User writes User writes TestBench TestBench

Internal Coverage GoalInternal Coverage Goal

Reachable UnknownReachable UnknownDUT TestPlan Coverage GoalsDUT TestPlan Coverage Goals

Input BiasingInput Biasing

SFV EnvironmentSFV EnvironmentSFV EnvironmentSFV Environment

DUT RTLDUT RTL

Input AssumptionsInput Assumptions

DUT Data Transform ModelDUT Data Transform Model

SFV TestBenchSFV TestBench

XX

PassPass

FailFailInternal PropertiesInternal Properties

Input BiasingInput Biasing

DUT TestPlan Coverage GoalsDUT TestPlan Coverage Goals

Internal Coverage GoalInternal Coverage Goal

Proof Unknown FailProof Unknown Fail

generatesgenerates

Reachable Unknown UnreachableReachable Unknown Unreachable

Reachable Unknown UnreachableReachable Unknown Unreachable

SFV Environment- Test BenchSFV Environment- Test BenchSFV Environment- Test BenchSFV Environment- Test Bench

Input Assumptions provide legal stimulus Input Assumptions provide legal stimulus

Input Biasing provide higher proportion ofInput Biasing provide higher proportion of important events important events

Different Random Seeds are applied automaticallyDifferent Random Seeds are applied automatically

Random Simulation obeys Input AssumptionsRandom Simulation obeys Input Assumptionsand Biasingand Biasing

FV obeys Input Assumptions. Biasing is irrelevantFV obeys Input Assumptions. Biasing is irrelevant

Auto self adjusts user’s biasing to reach Auto self adjusts user’s biasing to reach coverage goalscoverage goals

Coverage goals missed by SFV are reached by Coverage goals missed by SFV are reached by directed testing directed testing

Input Assumptions provide legal stimulus Input Assumptions provide legal stimulus

Input Biasing provide higher proportion ofInput Biasing provide higher proportion of important events important events

Different Random Seeds are applied automaticallyDifferent Random Seeds are applied automatically

Random Simulation obeys Input AssumptionsRandom Simulation obeys Input Assumptionsand Biasingand Biasing

FV obeys Input Assumptions. Biasing is irrelevantFV obeys Input Assumptions. Biasing is irrelevant

Auto self adjusts user’s biasing to reach Auto self adjusts user’s biasing to reach coverage goalscoverage goals

Coverage goals missed by SFV are reached by Coverage goals missed by SFV are reached by directed testing directed testing

Coverage GoalsCoverage GoalsCoverage GoalsCoverage Goals

Automated:Automated:

Line CoverageLine Coverage

Condition CoverageCondition Coverage

User Specified:User Specified:

Implementation SpecificImplementation Specific

Executable Test PlanExecutable Test Plan

Automated:Automated:

Line CoverageLine Coverage

Condition CoverageCondition Coverage

User Specified:User Specified:

Implementation SpecificImplementation Specific

Executable Test PlanExecutable Test Plan

Coverage GoalsCoverage GoalsCoverage GoalsCoverage Goals

Rand_B1 Rand_Default Rand_Bm

Coverage Report

Save SFV generated vectors

Partition uncovered goals

SFV_G1 SFV_Gn

C-RTL output compare

Rand_Default

Coverage met ?yes

Done

no

Directed Testing

or

SFV run with - biased random ON - formal engines OFF

SFV run with - biased random ON - formal engines ON

Unit Verification Goals Reached Unit Verification Goals Reached Unit Verification Goals Reached Unit Verification Goals Reached

Coverage goals reached or proved expectedly Coverage goals reached or proved expectedly unreachableunreachable Line, Line, Condition, Condition, User Specified Implementation Specific,User Specified Implementation Specific, User Specified Test Plan User Specified Test Plan

SFV traces that reached above goals = Data SFV traces that reached above goals = Data Transform Model OutputTransform Model Output

White Box Properties proved or bounded provedWhite Box Properties proved or bounded proved

End to End Data Transport Property provedEnd to End Data Transport Property proved


SFV traces that reached above goals = Data SFV traces that reached above goals = Data Transform Model OutputTransform Model Output



SFV EnginesSFV EnginesSFV EnginesSFV Engines

Property ProvingProperty Provingoror

Coverage Goal UnreachabilityCoverage Goal Unreachability

SFVSFV

Process 2Process 2Process 1Process 1

Property FalsificationProperty Falsificationoror

Coverage Goal ReachabilityCoverage Goal Reachability

Using BMC from interesting start Using BMC from interesting start statesstates

Using BMC from interesting start Using BMC from interesting start statesstates

Default start state is reset stateDefault start state is reset state

SFV tool uses heuristics to find interesting SFV tool uses heuristics to find interesting start statesstart states

User identifies subset of coverage goals as User identifies subset of coverage goals as interesting start statesinteresting start states

Requires efficient management of the startRequires efficient management of the startstates populationstates population

Default start state is reset stateDefault start state is reset state

SFV tool uses heuristics to find interesting SFV tool uses heuristics to find interesting start statesstart states

User identifies subset of coverage goals as User identifies subset of coverage goals as interesting start statesinteresting start states

Requires efficient management of the startRequires efficient management of the startstates populationstates population

Helping SFV tool reach Helping SFV tool reach interesting states fasterinteresting states fasterHelping SFV tool reach Helping SFV tool reach interesting states fasterinteresting states faster

Limiting conditions in DUT may be very “deep” Limiting conditions in DUT may be very “deep”

Tolerable Random Logic Addition to fan-in of internal Tolerable Random Logic Addition to fan-in of internal signals in DUTsignals in DUT

Limiting conditions in DUT may be very “deep” Limiting conditions in DUT may be very “deep”

Tolerable Random Logic Addition to fan-in of internal Tolerable Random Logic Addition to fan-in of internal signals in DUTsignals in DUT

fifo_full = original_RTL_design_logic || fifo_full = original_RTL_design_logic ||

random_hi_or_low;random_hi_or_low;

Tout_cntr <= random_decision ? Tout_cntr <= random_decision ?

timeout_value : timeout_value :

original_RTL_design_logic;original_RTL_design_logic;

fifo_full = original_RTL_design_logic || fifo_full = original_RTL_design_logic ||

random_hi_or_low;random_hi_or_low;

Tout_cntr <= random_decision ? Tout_cntr <= random_decision ?

timeout_value : timeout_value :

original_RTL_design_logic;original_RTL_design_logic;

Primarily for finding bugs using SATPrimarily for finding bugs using SAT

Coverage Goals reached via such techniquesCoverage Goals reached via such techniquesare ignoredare ignored

Primarily for finding bugs using SATPrimarily for finding bugs using SAT

Coverage Goals reached via such techniquesCoverage Goals reached via such techniquesare ignoredare ignored

EnhancedEnhanced Unit Verification Goals Unit Verification Goals Reached Reached



SFV traces that reached above goals = Data SFV traces that reached above goals = Data Transform Model Output Transform Model Output







Proving Data Transport Functionality - Proving Data Transport Functionality - IntuitionIntuition

Proving Data Transport Functionality - Proving Data Transport Functionality - IntuitionIntuition

If I want to check FEDEX and UPS always delivers safely THENIf I want to check FEDEX and UPS always delivers safely THEN

I do not care if Dan changes the gift before sendingI do not care if Dan changes the gift before sending

Of course Dan cannot expect to deliver nuclear weapons via UPS Of course Dan cannot expect to deliver nuclear weapons via UPS

If I want to check FEDEX and UPS always delivers safely THENIf I want to check FEDEX and UPS always delivers safely THEN

I do not care if Dan changes the gift before sendingI do not care if Dan changes the gift before sending

Of course Dan cannot expect to deliver nuclear weapons via UPS Of course Dan cannot expect to deliver nuclear weapons via UPS

FEDEX gift toFEDEX gift toJohnJohn DanDanUPS gift toUPS gift to

BobBob

f(x)=x^22 4

2 garbage

2 +ve

Original

Too much !

Perfect !

2 2 Imperfect !

Data Transport PropertiesData Transport PropertiesData Transport PropertiesData Transport Properties

A packet entering the system may not be visible A packet entering the system may not be visible exiting the system if DUT is viewed as a black boxexiting the system if DUT is viewed as a black boxA packet entering the system may not be visible A packet entering the system may not be visible exiting the system if DUT is viewed as a black boxexiting the system if DUT is viewed as a black box

DUTDUT

P1P1P2P2......PnPn

Q1Q1Q2Q2......QmQm

n >= 1, m >= 0n >= 1, m >= 0

This happens due to This happens due to - One or more data transform functions inside DUT or - One or more data transform functions inside DUT or - Legal dropping of a Packet- Legal dropping of a Packet - Single Packet may split to multiple destinations- Single Packet may split to multiple destinations - Multiple Packets may merge to single destination- Multiple Packets may merge to single destination

H(x)

G(x)

F(x)

M(x)

null

N(x)

P enters via I1

Non-Math data transform

Math data transform

3

1 4

6

57

2

Deep FIFO

Split

Data filter

Breakup for FV complexity

P’ exits via O2

P’’ exits via O2

Proving Data Transport PropertiesProving Data Transport PropertiesProving Data Transport PropertiesProving Data Transport Properties

3

1 4

6

57

2

Deep FIFO

Split

Proving Data Transport PropertiesProving Data Transport PropertiesProving Data Transport PropertiesProving Data Transport Properties

Non-Math data transform

Math data transform Data filter

Breakup for FV complexity

H(x)

G(x)

F(x)

M(x)

null

N(x)

Tool Assisted User Interactive Tool Assisted User Interactive Proof ProcessProof Process

Tool Assisted User Interactive Tool Assisted User Interactive Proof ProcessProof Process

ABC = Cone of Influence of PropertyABC = Cone of Influence of Property

A’BC’ = Minimal cut-point to prove the PropertyA’BC’ = Minimal cut-point to prove the Property

A’’BC’’ = Cut-point that the tool can handle to Prove PropertyA’’BC’’ = Cut-point that the tool can handle to Prove Property

are internal assumptions added to Prove Propertyare internal assumptions added to Prove Propertywithin A’’BC’’within A’’BC’’

Internal Assumptions are subject to similar Proof ProcessInternal Assumptions are subject to similar Proof Process

ABC = Cone of Influence of PropertyABC = Cone of Influence of Property

A’BC’ = Minimal cut-point to prove the PropertyA’BC’ = Minimal cut-point to prove the Property

A’’BC’’ = Cut-point that the tool can handle to Prove PropertyA’’BC’’ = Cut-point that the tool can handle to Prove Property

are internal assumptions added to Prove Propertyare internal assumptions added to Prove Propertywithin A’’BC’’within A’’BC’’

Internal Assumptions are subject to similar Proof ProcessInternal Assumptions are subject to similar Proof Process

A

B

C

A’ A’’

C’C’’

EnhancedEnhanced SFV Environment SFV EnvironmentEnhancedEnhanced SFV Environment SFV Environment

DUT RTL

Input Assumptions

DUT Data Transform Model

DUT Data Transport Property

SFV TestBench

X

Pass

FailInternal Properties

Input Biasing

DUT TestPlan Coverage Goalsgenerates

Proof Unknown Fail

Reachable Unknown Unreachable

Reachable Unknown Unreachable

Internal Coverage Goal







Important Properties of Complex Control Logic Important Properties of Complex Control Logic Blocks provedBlocks proved





Important Properties of Complex Control Logic Important Properties of Complex Control Logic Blocks provedBlocks proved

Future ImprovementsFuture ImprovementsFuture ImprovementsFuture Improvements

Formal engines parallelized to reach goals fasterFormal engines parallelized to reach goals faster

Efficient Management of interesting startEfficient Management of interesting startstates populationstates population

Automating “logic addition” to DUT to reach Automating “logic addition” to DUT to reach bugs fasterbugs faster

Automate Assume Guarantee Verification for proofsAutomate Assume Guarantee Verification for proofs

Formal engines parallelized to reach goals fasterFormal engines parallelized to reach goals faster

Efficient Management of interesting startEfficient Management of interesting startstates populationstates population

Automating “logic addition” to DUT to reach Automating “logic addition” to DUT to reach bugs fasterbugs faster

Automate Assume Guarantee Verification for proofsAutomate Assume Guarantee Verification for proofs

Streamline Verification Process with Formal Property Verification to Meet Highly Compressed Design Cycle Prosenjit Chatterjee, nVIDIA Corporation.

Documents