Incisive® Formal Verification
R&D Update 2014
15 May, 2014
Jörg Müller
Agenda
1. Incisive Verification Platform
2. Incisive Formal Verifier
3. X-Propagation
4. Low Power
5. Summary
2
© 2014 Cadence Design Systems, Inc. All rights reserved
Incisive® Platform Combines Simulation and Formal
Incisive® Platform
Common parser/elaborator
Incisive
Common Parser/Elaborator
with Incisive Enterprise
Enterprise
SimulatorCommon Simvision Debug
Simulator
Incisive
Enterprise
Verifier
Integrated flows
(e.g. X, Reg, UNR, LP,…)
Metric-Driven Verification
Simulation
3
© 2014 Cadence Design Systems, Inc. All rights reserved
Formal
Agenda
1. Incisive Verification Platform
2. Incisive Formal Verifier
3. X-Propagation
4. Low Power
5. Summary
4
© 2014 Cadence Design Systems, Inc. All rights reserved
Incisive Verification Apps Improve Productivity
And require little to no formal expertise
Designer
Project
Start
RTL partially
available
Testbench
Ready
Super Linting
Feature/Protocol
Finished
Verification
Engineer
Code Coverage
Unreachability
Formally verify control/status
registers from IP-XACT spec.
Assertion-based checkers for
APB, AHB, AXI3/4/ACE, DFI…
Automatically exclude UNRs to
speed verification closure
Register Map Validation
Verify top-level connectivity from spreadsheet
much more efficiently than simulation
SoC Connectivity
• Applies the most efficient combination of formal and simulation engines
• Automated property generation and custom debug views
5
System
Tapeout
RTL lint + automatic formal analysis, find bugs early
Protocol Checking (ABVIP)
System
Integrator
Verification
Closure
© 2014 Cadence Design Systems, Inc. All rights reserved
Incisive Formal Core R&D Examples
• Performance
–
–
–
–
–
Engine parallelization
Engine collaboration
Word-level analysis
Semiautomatic and Manual abstractions
Assume-guarantee analysis
• Functionality
–
–
–
–
–
6
New Automatic Checks
Coverage and Completeness
X-Propagation consistency
Low Power: native UPF/CPF support
Integration into Metric Driven Verification
© 2014 Cadence Design Systems, Inc. All rights reserved
Agenda
1. Incisive Verification Platform
2. Incisive Formal Verifier
3. X-Propagation
4. Low Power
5. Summary
7
© 2014 Cadence Design Systems, Inc. All rights reserved
X Propagation
Mis-match
cond = X
if (cond)
data = 4’b0011
Gate: data = 0011
else
data = 4’b0101
RTL: data = 0101
But X is don’t care for synthesis
What if synthesis tool optimizes cond=X to cond=1?
Solution – X semantics in RTL to resolve X pessimistically
CAT: data = 0XX1
FOX: data = XXXX
8
© 2014 Cadence Design Systems, Inc. All rights reserved
X-Prop Application
• Generation: IEV is used to generate X
checking assertions
– Clocks, resets, and outputs: never X
– Flops: once non-X should never be X again
• Analysis:
– IEV used by designers at the block level
– IES used by verification engineers at
subsystem and above
9
© 2014 Cadence Design Systems, Inc. All rights reserved
IES
IEV
IEV
Hybrid X-Propagation Use Models
Executed in RTL leveraging dynamic and formal
• Reset sequence verification
–
–
–
–
Design must consistently cold or warm boot
X-Propagation task is identify real unresolved X values
Generate assertions at block level to check for X (automated)
Use Incisive X-Propagation simulation to detect and debug at SoC
• Power domain startup
– Shutoff domains must consistently restart
– Identify missing isolation (Conformal LP uses static analysis for this)
– Trace X back to shutdown domain with missing isolation
• Uninitialized memory
– Memory mapped I/O must be initialized to control logic properly
– Identify uninitialized memory
– Trace X back through control logic to uninitialized memory
10
© 2014 Cadence Design Systems, Inc. All rights reserved
X-Prop: Differentiated with Incisive platform
Example: Reset Verification
Reset plan
• vManager tracks reset metrics to plan
• IEV app finds potential X issues
– Generates assertions for simulation
• IES speeds X-prop reset simulation
– Complex, critical SoC verification problem
– Previous methodology relied on gate sim
vManager
X-Prop ABV
IEV app
X-Prop sim
IES +
advanced option
• SimVision speeds X debug
– Different wave traces for different X source
• Reset verification requires all four
ADI and Ambarella Success Videos on
www.cadence.com
11
© 2014 Cadence Design Systems, Inc. All rights reserved
X debug
SimVision
Reset verification
Agenda Review
1. Incisive Verification Platform
2. Incisive Formal Verifier
3. X-Propagation
4. Low Power
5. Summary
12
© 2014 Cadence Design Systems, Inc. All rights reserved
Cadence Low Power Verification Solution
• Cadence offers complete Low
Power Verification Solution
• Functional problems are targeted by
low power simulation (IES)
− Modeling virtual low power intent
• Structural Problems are targeted by
Conformal Low Power (CLP)
− Verifying and Comparing intent with
design
• Special problems require functional
Formal Property Checking IEV
− Modeling virtual low power intent
− Leveraging power of formal engines
 Formal Low Power Solution (IEV)
Power
Intent
Incisive Enterprise Manager
Power Plans & Metrics
Conformal Low Power
Incisive Enterprise Verifier
Formal Property Checking
Incisive Enterprise Simulator
Functional Verification
Logic Synthesis & DFT
Conformal Low Power
Physical Implementation
Equivalence Checking
© 2014 Cadence Design Systems, Inc. All rights reserved
Gate
netlist
Formal Rule & Equivalence Checking
Conformal Low Power
13
RTL
Quality Checks
Physical
netlist
Power Aware Formal Property Checking
• Features
– UPF/CPF reading and reporting
– Supports CPF and UPF 1801-2009
– Power supply network modeling
– Isolation and state retention
modeling
– Power-off corruption
– Assertion control (suspend, abort)
• User Input
–
–
–
–
–
14
RTL
Properties
Formal Environment
Low Power intent
Power controller module (PCM)
© 2014 Cadence Design Systems, Inc. All rights reserved
• Flow
– IEV models power intent
– Assertions now start failing
– Unintended assertion failures are
dismissed by assertion control
– Remaining failures indicate bugs
due to low power implementation
Corruption causes
design malfunction
Enhanced Verification Apps
Example: CON LP
Isolator
breaks
connection
• SoC Connectivity Checking App
– Verifies connections from high level spec
• Added Low Power Intent Modeling
– Introduces isolation, corruption
• Enhanced Spreadsheet
C5
C6
C7
Power Behavior
Src
Dest 0
IDE
:in_data_i[31:24]
IDE3:data_i
:in_data_i[23:16]
IDE2:data_i
:in_data_i[15:8]
IDE1:data_i
:in_data_i[7:0]
IDE0:data_i
Reset(PD_IDE0)
IDE0:error_o
CSR:error_0_i
Reset(PD_IDE1)
IDE1:error_o
CSR:error_1_i
Reset(PD_IDE2)
IDE2:error_o
CSR:error_2_i
Reset(PD_IDE3)
IDE3:error_o
CSR:error_3_i
Reset(PD_IDE3)
IDE0:req_o
AOD:req_i[0]
Reset(PD_IDE1)
IDE1:req_o
AOD:req_i[1]
Reset(PD_IDE2)
IDE2:req_o
AOD:req_i[2]
Reser(PD_IDE3)
IDE3:req_o
AOD:req_i[3]
Reset
IDE3:data_o
AOD:data_i[31:24]
Reset
IDE2:data_o
AOD:data_i[23:16]
Reset
IDE1:data_o
AOD:data_i[15:8]
Reset
IDE0:data_o
AOD:data_i[7:0]
– Specify required power domains
• Connection failures
– Unintended isolators along connection
– Unintended power domain pass through
– Wrong specification of power domain
• Value
– Find LP related issues on SoC level
– Start before full SoC (IPs) available
15
© 2014 Cadence Design Systems, Inc. All rights reserved
New Low Power Apps – Example
Example: Reset versus Clamp Value
• Problem:
– Designer implements IP level reset
– Low Power architect specifies SoC level isolation
– Unintended mismatches of reset and isolation
value can cause system hang!
Design
UPF/CPF
RTL
Reset
Sequence
Domain
Network
Isolation
• Solution:
–
–
–
–
Analysis of reset value
Analysis of isolation value
Comparison, reporting and debugging in IEV
“Correct Isolation Rule” creation capability
IEV LP_RVC
Mismatch
caused design
malfunction
• Benefit:
– Early detection of mismatches
– Finding corner case scenarios
– Identifying not-unique reset values
16
© 2014 Cadence Design Systems, Inc. All rights reserved
TB.inst.a:
TB.inst.b:
TB.inst.c:
TB.inst.z:
ISO
ISO
ISO
ISO
0
0
0
0
RST
RST
RST
RST
0
X
0
1
:
:
:
:
Match!
No Unique Reset Value!
Match!
Mismatch!
Agenda
1. Incisive Verification Platform
2. Incisive Formal Verifier
3. X-Propagation
4. Low Power
5. Summary
17
© 2014 Cadence Design Systems, Inc. All rights reserved
Summary and Trends
• Apps are successful
− Provides automated solutions to
common specific problems
− Widely adopted in industry since
introduction at DVCon 2012
− Possibly growing fast in 2014/15
• Expert Formal Focus
− Performance, Capacity, Productivity
Plan
Measure /
Analyze
Construct
Execute
• Apps expanding into new areas
− X-Propagation
− Reset verification
− Low Power
• Apps driving Integration
− Common Metrics
− Consistent Semantics
− Common Debug
18
© 2014 Cadence Design Systems, Inc. All rights reserved
Formal Analysis (IFV)
• Mathematical
• Breadth-first
• Static Analysis
• No Testbench
• Command : prove
Assertion-Driven Simulation
• Dynamic Simulation
• Linear
• Dynamic
• No Testbench
• Command : search
Mixed Approaches
19
© 2014 Cadence Design Systems, Inc. All rights reserved