Enabling Large-Scale Pervasive Logic Verification through Multi-Algorithmic Formal Reasoning

Enabling Large-Scale Pervasive Logic

Verification through Multi-Algorithmic Formal

Reasoning

Tilman Gloekler, Jason Baumgartner, Devi

Shanmugam, Rick Seigler, Gary Van Huben,

Barinjato Ramanandray, Hari Mony, Paul Roessler

© 2003 IBM Corporation

2

Enabling Large Scale Formal Pervasive Logic Verification

Outline

 Introduction

– What is "Pervasive Logic"?

– (Semi-) Formal Verification with SixthSense

 Examples

– Tracebus

– Fencing

– ABIST

– Ext. Time Reference Attachment Facility

 Summary and Conclusion

Tilman Glökler et al.

18.04.2020


3


What is "Pervasive Logic" (PL)?

PL includes the following functionalities:

1.

Power-On-Reset Sequence

 Initialization of latches and arrays



Interface Training

 Security, Configuration etc.

2.

Debug Features

 Debug interfaces

 Access to internal registers

 Trace Analyzer, Performance Monitor etc.

3.

Manufacturing Test Support

 LBIST, ABIST, AVP, ....

PL Verification (PLV) has to deal with many chip level functionalities


© 2003 IBM Corporation 18.04.2020

4


PLV Challenges

 PL is tighly intertwined with the functional logic (FL)

• long scan chains are used to initialize all the FL latches

• trace bus traverses the complete hierarchy of FL

•

LBIST exercises the functional logic for manufacturing test



PL can usually not be isolated from FL

 reasoning about designs with >10k to >100k registers required

 PL properties are often sequentially very deep

•

POR and ABIST require >10M cycles to complete

•

Serially scanning of scan chains (shortest chain >2k registers)

• multiple clock domains for e.g. internal logic & external interfaces (100:1)



PLV is historically based on simulation/acceleration

In the following we discuss:

– how we implemented testbenches to enable a formal approach

– how we leveraged tuned formal algorithms for such tasks


18.04.2020


5


(Semi-) Formal Verification with SixthSense 1/2

Sixthsense...

... uses a "testbench" to define drivers and checkers (= verification properties)

... is a system of cooperating algorithms:

1.

Semi-formal algorithms for finding bugs

2.

Formal algorithms for proving correctness

3.

Transformation/abstraction algorithms for reducing problem complexity

Algorithms are encapsulated as synergistic engines

 SixthSense has been tuned for application to large systems

 PLV tasks nonetheless stretched the capacity of SixthSense



6


(Semi-) Formal Verification with SixthSense 2/2

SixthSense Engine Overview

COM combinational optimization engine to reduce gate count

EQV a sequential redundancy removal engine, to eliminate functionally redundant registers

LOC a localization engine, to abstract the design

IND a SAT-based induction engine, to perform light-weight proofs

BMC a bounded model checking engine, to falsify or boundedly prove properties

RET a min-area retiming engine

RCH a BDD-based reachability engine

CUT an input elimination engine




Trace and Debug Bus Structure

7

Source

1

MERGE

Source

2

DELAY

RAMP

Source

3 + 4

Source

5 + 6

MUX

RAMP

SPEED

CONV

 Trace/Debug Bus

 Feed-Forward Tree Structure

 Routes "Debug Data" to the Trace Analyzer

 Simple Blocks Like Ramps, Muxes, Delays etc.

 Needs Configuration Bits for Different Bus Settings


18.04.2020

Trace

Analyzer



8

Tracedef Verification Flow and Testbench

Textual descriptions owned by design teams

Tracedef

Description

"Bugspray VHDL"

Constrained

Drivers

Traceconf

Description

Testbench

Generator

Reference

Model

"Bugspray

VHDL Code"

VHDL

Design

=

"Bugspray

Checker"


Formal Verification with Sixth Sense

18.04.2020



Tracedef Formal Verification Results

9

Size Metric Initial COM LOC ¹ COM ¹ EQV¹ Resources

Inputs 33441 21492 11 11 0

Gates 924723 797710 596 493 0

Registers 142072 125520 193 193 0

Properties 128 128 1 1 0

792s

624MB

¹ Localization solves each property individually, only largest localized cone is reported

Memory Controller Unit

 Note: problem size always includes design and testbench

 Tracebus routes output of functional logic (FL) to a central location; drivers of testbench overwrite the contribution of FL with non-deterministic values

 FL can be effectively removed by LOC (if design is correct!)

 EQV-style induction solves the abstracted property


18.04.2020



What is "Fencing"?

10

Control

Unit activate_fence

Irritator

Partition A

Irritator

Partition B

Fenc e

Logic

Fenced

Partition ok

Rando m

Logic error: unfenced latch!

Microprocessor Chip

Actively fenced partition is supposed to hold its current state


18.04.2020



Formal Verification Results for Fencing

Size Metric Initial COM

Inputs

Gates

548878 32362

EQV

843

IND

0

748426 245309 43978 0

Resources

Registers

Properties

73368 23560 5922 0

4665 4665 1837 0

211s

748MB

11

 COM effective since fencing created some constants discernable by combinational analysis

 EQV was useful to quickly reduce design size and eliminate simpler-to-prove non-toggling properties

 IND was able to solve the remaining harder ones on the EQVsimplified design


18.04.2020



Formal ABIST Verification

Shared

ABIST engine

ABIST result “array ok”

12

2 Address

Registers

2 Data-In

Registers


Registers in Scan

Chain

Array

18.04.2020

2 Data-Out

Registers




Shared

ABIST engine

ABIST result “repairable failure”

13

2 Address

Registers

2 Data-In

Registers


Registers in Scan

Chain

Array

18.04.2020

2 Data-Out

Registers




Shared

ABIST engine

ABIST result

“unrepairable failure”

14

2 Address

Registers

2 Data-In

Registers


Registers in Scan

Chain

Array

18.04.2020

2 Data-Out

Registers



Formal ABIST Verification: Testbench

2 Address

Registers

15

2 Data-In

Registers

Interceptors


Shared

ABIST engine

ABIST result

“Randomizing

FSM”

Fail?

Array

18.04.2020

Registers in Scan

Chain

2 Data-Out

Registers



ABIST Verification Results 1/2

Array had to be reduced to 4 words: reduction from 5,321,918 to 246,302 state bits

+ ABIST engine run had to be reduced to one pattern per testbench: reduction from ~10M to ~31k cycles until ABIST complete

SixthSense BMC engine was tuned for sequentially deep designs

16

Results: formal vs. simulation

Memory

SixthSense 5.9GB

HDL simulation

170MB

Time per

Run

1611s

670s

Total Time

1611s

670s x 129


Scenario: single-bit stuck-at fault in 128 bits or no error

18.04.2020



ABIST Verification Results 2/2

Size Metric

Inputs

Gates

Registers

Properties

Initial COM

29176 29086 0

1567812 1394640 0

BMC

440,000

246302 230495 0

6 6 0

Resources

1611s

5976MB

 sequentially extremely deep problem due to long scan chains

 we know from directed simulation, how many BMC steps are needed for a proof, thus, BMC was able to prove our properties

 not much potential for further reduction

17 Tilman Glökler et al.

18.04.2020



ETR and EAF Overview n

ETR

Atomic Clock

18

ETR stands for “External Time

Reference” and denotes a mechanism to keep all processor cores in all nodes of a system synchronized to the same (accurate) “Time Of Day”

(TOD).

EAF = ETR Attachment Facility


E

A

F

2

1

E

A

F

E

A

F z/System

18.04.2020

DB n

DB

2

DB

1



EAF Overview

DATA

ETR

ETR Bit Stream

Testbench

DUT

DATA

DATA

DATA

EAF

IDLES DATA IDLES

1.048576 s

IDLES OTS IDLES

OSC

TOD COUNTER

TOD

19

ETR and EAF are used in a multi-core system for time-of-day

(TOD) synchronization


18.04.2020



EAF Verification Environment 1/2

Testbench

Driver

ETR Sender 1

ETR Sender 0

OSC

EAF

Port 1

Sampler

Control / Interrupt

Port 0

Sampler

Freeze

3. REG

2. REG

1. REG

Channel

Freeze

3. REG

2. REG

1. REG

Channel


20 18.04.2020

Checker



EAF Verification Environment 2/2

Testbench: serial part

Driver

ETR Sender 0

OSC


Port 0

Sampler

Freeze

3. REG

2. REG

1. REG

Channel


21 18.04.2020

Checker



EAF Verification Environment

Testbench: parallel part

Driver

OSC

Sampler


Port 0

Sampler

Freeze

3. REG

2. REG

1. REG

Channel

Freeze

3. REG

2. REG

1. REG

Channel


22 18.04.2020

Checker



EAF Formal Verification Results for Serial Properties

Resources Size

Metric

Inputs

Initial COM EQV COM BMC

6,162

2957 18 16 16 0

Gates 72340 49489 3460 3264 0

Registers 9544 5576 725 725 0

Properties 3 3 3 3 0

1611s

5976MB

 sequentially very deep (multiple clock domains, significantly different rates)

 COM was effective in pruning the design for parallel/sequential partitioning

 EQV was very effective to reduce the problem size and speed up BMC run

 usage of BMC similar to ABIST problem

(upper bound of BMC steps was known in advance)

23 Tilman Glökler et al.

18.04.2020



Summary and Conclusion

 PLV traditionally used only simulation and hardware acceleration due to

– the high design complexity (>1M registers)

– sequentially very deep problems (>1M cycles)

 (Semi-) Formal Verification

– was able to solve a variety of our PLV tasks after proper tuning

– enabled an improved verification methodolgy

 PLV still represents challenges for semi-formal approaches and is far from being a solved problem

– More development on scalable algorithms/tools needed


© 2003 IBM Corporation 24 18.04.2020

Enabling Large-Scale Pervasive Logic Verification through Multi-Algorithmic Formal Reasoning

Related documents

Products

Support

Enabling Large-Scale Pervasive Logic Verification through Multi-Algorithmic Formal Reasoning

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib