SoC Verification (晶片系統驗證)
Pao-Ann Hsiung (熊博安)
hpa@computer.org
http://www.cs.ccu.edu.tw/~pahsiung/
嵌入式系統實驗室
國立中正大學資訊工程學系
Contents


Introduction
Formal Verification





Model Checking
Equivalence Checking
Verification Tools
Verification Example:
Industrial Embedded SoC
Conclusion & Future Work
3 ~ 26
27 ~ 38
39 ~ 73
74 ~ 83
84 ~ 86
87 ~ 98
99 ~ 100
2
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Introduction
Process Technology
Silicon Complexity
1998
1999
2001
0.25 um
0.18 um
0.15 um
1 M Gates
2~5 M Gates
5~10 M Gates
M O O R E’ S L A W
Deep Sub-Micron (DSM) Technology
Pao-Ann Hsiung, CSIE, National Chung Cheng University
3
Introduction
Challenges in DSM technology for SoC:
 Timing Closure


Large Capacity


Sensitive to interconnect delays
Hierarchical design and design reuse
Physical Properties


Signal integrity (crosstalk, IR drop,
power/ground bounce)
Design integrity (electron migration, hot
electron, wire self-heating)
Pao-Ann Hsiung, CSIE, National Chung Cheng University
4
Introduction
Gates / Chip
Design
Productivity Gap
1990
1995
Gates / Hour
2000
5
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Introduction
Time-to-Market (TTM) Trends
6
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Introduction
Multiple Design
Disciplines:
 Digital HW
 Embedded SW
 Analog/Mixed
Signal (AMS) Blocks
 Bus Architectures
 Clock / Power
Distributions
 Test Structures
Pao-Ann Hsiung, CSIE, National Chung Cheng University
7
Introduction
SoC Verification v/s Design Gap
8
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Verification Options

Simulation Technologies

Static Technologies

Formal Technologies

Physical Verification and Analysis
9
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Simulation Technologies









Event-based Simulators
Cycle-based Simulators
Transaction-based Simulators
Code Coverage
HW/SW Co-verification
Emulation Systems
Rapid Prototyping Systems
Hardware Accelerators
AMS Simulation
Pao-Ann Hsiung, CSIE, National Chung Cheng University
10
Static Technologies


Lint Checking

Syntactical correctness

Identifies simple errors
Static Timing Verification

Setup, hold, delay timing requirements

Challenging: multiple sources
11
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Formal Techniques

Theorem Proving Techniques



Formal Model Checking



Proof-based
Not fully automatic
Model-based
Automatic
Formal Equivalence Checking



Reference design  modified design
RTL-RTL, RTL-Gate, Gate-Gate implementations
No timing verification
12
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Physical Verification & Analysis
Issues for physical verification:
 Timing
 Signal Integrity
 Crosstalk
 IR drop
 Electro-migration
 Power analysis
 Process antenna effects
 Phase shift mask
 Optical proximity correction
Pao-Ann Hsiung, CSIE, National Chung Cheng University
13
Comparing Verification Options
14
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Comparing HW/SW
Coverification Options
15
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Which is the fastest option?

Event-based simulation


Cycle-based simulation


Best for control-oriented designs
Emulation


Best for medium-sized designs
Formal verification


Best for asynchronous small designs
Best for large capacity designs
Rapid Prototype

Best for software development
16
Pao-Ann Hsiung, CSIE, National Chung Cheng University
SoC Verification Methodology

System-Level Verification

SoC Hardware RTL Verification

SoC Software Verification

Netlist Verification

Physical Verification

Device Test
17
Pao-Ann Hsiung, CSIE, National Chung Cheng University
SoC Verification Methodology
18
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Verification Approaches

Top-Down Verification

Bottom-Up Verification

Platform-Based Verification

System Interface-Driven Verification
19
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Top-Down SoC Verification
verification
20
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Bottom-Up SoC Verification
Components,
blocks, units
verification
Memory map,
internal interconnect
Basic functionality,
external interconnect
System level
21
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Platform Based SoC Verification
Derivative
Design
Interconnect
Verification
between:
 SoC Platform
 Newly added
IPs
22
Pao-Ann Hsiung, CSIE, National Chung Cheng University
System Interface-driven
SoC Verification
Besides Design-Under-Test,
all others are interface models
23
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Device Test


To check if devices are manufactured
defect-free
Focus on structure of chip

Wire connections

Gate truth tables

Not functionality
24
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Device Test
Challenges in SoC device test:

Test Vectors: Enormous!

Core Forms: soft, firm, hard, diff tests

Cores: logic, mem, AMS, …

Accessibility: very difficult / expensive!
25
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Device Test Strategies

Logic BIST (Built-In-Self-Test)



Memory BIST




On-chip address generator
Data generator
Read/write controller (mem test algorithm)
Mixed-Signal BIST


Stimulus generators embedded
Response verifiers embedded
For AMS cores: ADC, DAC, PLL
Scan Chain


Timing and Structural compliance
ATPG tools generate manufacturing tests automatically
Pao-Ann Hsiung, CSIE, National Chung Cheng University
26
Formal Verification
What is Formal Verification?

An analytic way of proving a system
correct

Formal
Verification
Methods




no simulation triggers, stimuli, inputs
no test-benches, test-vectors, test-cases
Deductive Reasoning (theorem proving)
Model Checking
Equivalence Checking
28
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Theorem Proving



Uses axioms, rules to prove system
correctness
No guarantee that it will terminate
Difficult, time consuming: for critical
applications only
29
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Model Checking

Automatic technique to prove
correctness of concurrent systems:






Digital circuits
Communication protocols
Real-time systems
Embedded systems
Control-oriented systems
Explicit algorithms for verification
30
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Equivalence Checking

Checks if two circuits are equivalent




Register-Transfer Level (RTL)
Gate Level
Reports differences between the two
Used after:



clock tree synthesis
scan chain insertion
manual modifications
31
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Why Formal Verification?



Simulation and test cannot handle all
possible cases (only some possible ones)
Simulation and test can prove the presence
of bugs, rather than their absence
Formal verification conducts exhaustive
exploration of all possible behaviors


If verified correct, all behaviors are verified
If verified incorrect, a counter-example (proof)
is presented
32
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Why Formal Verification Now?




SoC has a high system complexity
Simulation and test are taking
unacceptable amounts of time
More time and efforts devoted to
verification (40% ~ 70%) than design
Need automated verification methods
for integration into design process
33
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Increased Simulation Loads
34
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Why Formal Verification Now?
Examples of undetected errors

Ariane 5 rocket explosion, 1996


Exception occurred when converting 64-bit
floating number to a 16-bit integer!
Pentium FDIV bug

Multiplier table not fully verified!
35
Pao-Ann Hsiung, CSIE, National Chung Cheng University
36
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Verification Tasks for SoC
37
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Property Checking v/s
Equivalence Checking
38
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Model (Property) Checking


Algorithmic method of verifying
correctness

of (finite state) concurrent systems

against temporal logic specifications
A practical approach to formal
verification
39
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Model Checking
What is necessary for Model Checking?



A mathematically precise model of the
system
A language to state system properties
A method to check if the system
satisfies the given properties
40
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Model Checking

Formal model of the system


Desired behavior expressed as a set of
properties (specifications)


Finite State Machine (FSM)
Computation Tree Logic (CTL)
Method to check properties against
system

Efficient FSM traversals
41
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Formal Models of System
Any mathematically precise model that
can be represented as a state transition
system
 Finite State Machines
 Petri Nets
 (Timed) Automata
 Statecharts
42
Pao-Ann Hsiung, CSIE, National Chung Cheng University
State Transition System
M(S, R, L)
s1
S = {s1, s2, s3}
a
R = transition
relation
L = {a, b, c}
ac
b
s2
s3
Kripke Structure
43
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Formal Model v/s Verification

表達能力 v/s 驗證複雜度
語言的表達能力
表
達
能
力
簡
單
NP
找平衡點!
表達能力豐富
Undecidable
nonelementary
EXPSPACE
EXPTIME
PSPACE
驗證問題複雜度
PTIME
44
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Property Specification
Languages



Linear Temporal Logic (LTL)
Computation Tree Logic (CTL)
Timed Computation Tree Logic (TCTL)
 7 ms
45
Pao-Ann Hsiung, CSIE, National Chung Cheng University
CTL – Computation Tree Logic

Path quantifiers



A (for all computation paths)
E (for some computation path)
Temporal operators





X (next time, next state)
F (eventually, finally)
G (always, globally)
U (until)
R (release, dual of U)
Pao-Ann Hsiung, CSIE, National Chung Cheng University
46
CTL Formulas


Temporal logic formulas are evaluated
with respect to a state in the model
State Formulas


Apply to a specific state
Path Formulas

Apply to all states along a specific path
47
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Basic CTL Formulas

M, s |= E X (f )

Exists a next state of s, for which f holds
s
f

M, s |= A X (f )

For all next states of s, f is true
s
f
f
Pao-Ann Hsiung, CSIE, National Chung Cheng University
48
Basic CTL Formulas

M, s |= E G (f )


Exists a path from s, along which f holds
s
in every state
f
f
M, s |= A G (f )

For all paths from s, f holds in every state,
i.e., globally s
f
f
f
Pao-Ann Hsiung, CSIE, National Chung Cheng University
49
Basic CTL Formulas
s

M, s |= E F (f )

Exists a path from s, which eventually
contains a state in which f holds
f
s

M, s |= A F (f )

f
For all paths from s, eventually there is a
state in which f holds
f
50
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Basic CTL Formulas
s
f

M, s |= f U g

f
g


Exists a path from s, which contains a state
in which g holds and in all previous states
f holds
E F (f ) = E (true U f )
A F (f ) = A (true U f )
51
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Basic CTL Formulas

Full set of operators



Boolean: , , , 
Temporal: E, A, X, F, G, U, R
Minimal set of operators
(to express any CTL formula)


Boolean: , 
Temporal: E, X, U
52
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Typical CTL Formulas

E F ( start   ready )


A G ( req  A F ack )


Eventually a state is reached where start
holds and ready does not hold
Any time request occurs, it will be
eventually acknowledged
A G ( E F restart )

From any state it is possible to get to the
restart state
53
Pao-Ann Hsiung, CSIE, National Chung Cheng University
TCTL (Timed CTL)

A G ( req  A F 7 ack )

Time Constraint:

Subscript “~ c ” is added to CTL formulas
 ~  {<, , =, , >}
 c is an integer
54
Pao-Ann Hsiung, CSIE, National Chung Cheng University
TCTL Example
x:=0; z:=0
監控
x、z在系統開
始時，被設為
零。
x、 z 是實數值系統時鐘。
x<500ms
z50ms
z=50ms
命中
z在每次監控週期，
被設為零。
z:=0; 修正
M, 監控 |= E F<300 (命中)
55
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Model Checking – Problem
Given:
 a structure M (S, R, L) and
 a temporal logic formula f,
find a set of states that satisfy f .
{s  S : M, s |= f }
56
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Model Checking –
Explicit Algorithm





Label each state s with the set label(s )
= { sub-formulas of f, which hold in s }
i = 0; label(s ) = L (s )
i = i + 1; process formulas with (i -1)
nested CTL operators. Add processed
formulas to label(s ).
Continue until closure.
Result: M, s |= f
iff f  label(s )
57
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Explicit Model Checking
E F  (g  h)
T1 = states in which g & h are true
T2 = complement of T1
T3 = predecessor states of T2
58
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Traffic Light Controller
C’ + T’
S
G1 R2
T
Farm Road
T
C T
S
R1 Y2
Y1 R2
City Road
C’ + T
S = Sensor
R1 G2
T = Timer
C T’
Kripke
Structure
59
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Traffic Light Controller
G1 R2
Y1 R2
G1 R2
State Graph
G1 R2
Y1 R2
Y1 R2
R1 G2
R1 Y2
R1 G2
R1 G2
R1 Y2
R1 G2
G1 R2
60
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Traffic Light Controller
Model Checking Tasks
 Safety Condition


No green lights on both roads at the same
time
A G  (G1  G2)
Fairness Condition

Eventually one road has green light
E F (G1  G2)
61
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Traffic Light Controller –
Checking Safety Condition





A G  (G1  G2) 
 E F ( G1  G2)
S(G1  G2)
= S(G1)  S(G2)
= {1}  {3} = 
S(EF(G1  G2) = 
S(EF(G1  G2) = 
= {1, 2, 3, 4}
Safety condition is true!
C’ + T’
G1 R2
1
C T
4
R1 Y2
Y1 R2
2
C’ + T
R1 G2
C T’
Pao-Ann Hsiung, CSIE, National Chung Cheng University
3
Kripke
Structure
62
Traffic Light Controller –
Checking Fairness Condition



E F (G1  G2) 
E(true U (G1  G2))
S(G1  G2) = S(G1)  S(G2)
= {1}  {3} = {1, 3}
3
4
2
3
1
S(EF(G1  G2)) = {1, 2, 3, 4}
(going backward from {1, 3},
find predecessors)

1
Fairness condition satisfied!
63
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Symbolic Model Checking

Symbolic


Operates on “sets of states” rather than
individual states
Use BDD for efficient representation

Represent Kripke structures

Manipulate Boolean formulas
64
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Binary Decision Diagram (BDD)


BDD: A canonical form of
representation for Boolean formulas.
Motivation:




Too much space redundancy in traditional
representations
BDD is more compact than truth tables,
conjunctive normal form, disjunctive
normal form, binary decision trees, etc.
Ordered BDD has a canonical form
BDD operations are efficient
65
Pao-Ann Hsiung, CSIE, National Chung Cheng University
BDD v/s Binary Decision Trees
2-bit Comparator
Binary Decision Tree
BDD
Order: a1 < b1 < a2 < b2
Pao-Ann Hsiung, CSIE, National Chung Cheng University
66
Ordered BDD (OBDD)

Since OBDDs are canonical, it is easy to:




check equivalence = check BDD isomorphism
check satisfiability = check BDD isomorphism
with OBDD(0)
Size of OBDD depends critically on VARIABLE
ORDERING !!!
2-bit comparator example:
Change variable order to: a1 < a2 < b1 < b2
11 vertices instead of 8 for a1 < b1 < a2 < b2
67
Pao-Ann Hsiung, CSIE, National Chung Cheng University
OBDD (Variable Ordering)


a1 < a2 < b1 < b2
In general, for n-bit
comparator:
a1 < b1 < …< an < bn
gives 3n + 2 vertices
a1 < …< an < b1<…< bn
gives 3  2n  1 vertices
68
Pao-Ann Hsiung, CSIE, National Chung Cheng University
BDD: Application to Verification


Equivalence of combinational circuits
Canonicity property of BDDs:

If F and G are equivalent, their BDDs are
identical (for the same variable ordering)
a
F=a’bc + abc + ab’c
?
b
c
0
a
b
c
G=ac + bc
1
Pao-Ann Hsiung, CSIE, National Chung Cheng University
0
1
69
BDD: Application to Verification

Functional Test Generation



SAT, Boolean satisfiability
analysis
Test for H=1 (0):
find a path in BDD to terminal
1 (0)
The path, expressed in
function variables, gives a
satisfying solution (test vector)
a
ab
b
ab’c
c
0
1
70
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Model Checking Issues
Completeness
 Model checking is effective for a given
property
 Impossible to guarantee that the
specification covers all properties the
system should satisfy
 Writing the specification – responsibility
of the user
71
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Model Checking Issues
Negative Results

Incorrect model

Incorrect specification (false negative)

Failure to complete the check (too large)
72
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Model Checking Issues
Capacity
 State-space explosion occurs for
complex systems
 So, what is the use of Model Checking
for SoC?
 Use model checking as a
complementary technique, in addition
to simulation, testing, emulation, etc.
73
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Equivalence Checking

Compares an implementation to an existing
RTL or gate-level description for functional
equivalence



RTL vs. synthesized gate-level implementation
Gate-level design vs. revised gate-level design
Uses BDDs, a canonical representation of
logic functions

BDDs can grow exponentially with number of
inputs

Depends on variable ordering
74
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Equivalence Checking

Features:
 No vectors or testbench required
 Capacity to handle large design
 Eliminates gate-level simulation
 Reduce time-to-market
75
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Equivalence Checking

Equivalence Checkers were used in:



RTL-to-RTL
RTL-to-Netlist
Netlist-Netlist: some optimizations in Netlist
like:




CTS-inserted netlist
Scan-chain-inserted netlist
Post-layout netlist
…….
76
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Equivalence Checking


Two circuits are functionally equivalent
if they exhibit the same behavior
Combinational Circuits


For all possible input values
Sequential Circuits

CL
For all possible input
sequences
Pi
Po
CL
Ps
R
Ns
77
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Combinational
Equivalence Checking

Functional Approach



Transform output functions into BDD
2 circuits are equivalent if their BDDs are
identical
Structural Approach


Identify structurally similar internal points
Prove internal points (cut-points)
equivalent
78
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Functional Equivalence


BDDs of output functions must be
identical (using the same variable
ordering) for functional equivalence
If BDDs are too large


Cannot construct BDD, memory problem
Use partitioned BDD method



Decompose circuit into smaller pieces
Represent each piece as a BDD
Check equivalence of internal points
Pao-Ann Hsiung, CSIE, National Chung Cheng University
79
Functional Decomposition

Decompose each function into
functional blocks



F
Represent each block as a BDD
Define cut-points (z)
Verify equivalence of blocks at
cut-points starting at primary
inputs
G
f2
g2
z
z
f1
g1
x
y
x
y
80
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Cut-Points Resolution



All pairs of cut-points are equivalent 
FG
If intermediate functions f2, g2 are not
equivalent, functions F and G may still
be equivalent (FALSE NEGATIVE)
How to check False Negative?


XOR (F, G)
BDD for F  G
81
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Structural Equivalence

Given 2 circuits, each with its own
structure



Identify “similar” internal points, cut sets
Exploit internal equivalences
False negative problem may arise


F  G, but differ structurally
Verification algorithm declares F, G differ’nt


Implication Techniques
Learning Techniques
82
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Sequential
Equivalence Checking

Represent each sequential circuit as an
FSM


Verify if two FSMs are equivalent
Approaches:



Reduction to combinational circuit
Isomorphism of state graphs
Symbolic FSM traversal of product machine
83
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Formal Verification Tools






Model Checkers
Equivalence Checkers
Academic Research Tools
Commercial Verification Tools
Formal Tools
Semi-Formal Tools
84
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Academic Tools
Tools
SMV
Institutes
CMU
MOCHA, VIS, HyTech UC Berkeley
STeP
Stanford
SGM
CCU & Sinica
RED
UPPAAL
Academia Sinica
Uppsala & Aalborg Univs
KRONOS
Verimag
85
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Commercial Tools
Tools
Companies
Formal Check
Cadence
Formal Model Checker
Avant!
Formality
Synopsys
Formal Pro
Mentor Graphics
Black Tie, Conformal LEC Verplex Systems
86
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Example:
Formal Verification of SoC




Industrial Embedded SoC Product
Korea Samsung Electronics S3C2400X
ARM920T processor
16 function modules (IPs)



Reused IPs: UART, I2S, …
Newly Designed IPs: bus controllers, DMA,...
Newly Bought IPs: USB host controller
87
Pao-Ann Hsiung, CSIE, National Chung Cheng University
S3C2400X SoC
88
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Formal Verification
Methodology for SoC
89
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Model Checker
Cadence SMV (Symbolic Model Verifier)
 Many success stories!!!
 Supports SMVL and Verilog (with vl2smv)
 Problem size reduction:




scalarset data type for symmetric reduction
ordset data type for induction
subclass structure for case-splitting
layer structure for compositional assumeguarantee verification
90
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Modeling Problems

SMV supports only 1 implicit clock

Issues in modeling in SMVL:

Multiple clocks

Gated clocks

Unsynchronized clocks

Synchronization logic
91
Pao-Ann Hsiung, CSIE, National Chung Cheng University
General Strategy for
Module Verification
1) Define what to verify for a module.
2) Construct the environment required
for verifying each property.
3) Transform each property to CTL.
4) Check coverage of CTL properties over
RTL code
92
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Vacuous Property Checking




A G ( p  A X (q) )
If p does not occur, we cannot check
AX(q) at all.
Model Checker says it is verified as true.
We should check if p occurs at least
once, i.e., A G (~p) is false!
93
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Fairness Constraint



The correctness of a module depends
not only on environment, but also some
specific behavior of the environment
This specific behavior is modeled as
fairness constraints (input restrictions)
Also called assumptions in assumeguarantee reasoning
94
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Reduction of Address Bus and
Data Bus

Traditional approach:


Abstraction:
32-bit wide bus  1-bit or 2-bits wide
Not used in SoC, because full data bus
and partial address bus are used to
access CRs (configuration registers)
95
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Reduction of Address Bus and
Data Bus

Different approach:

Divide verification task into 2 parts:

CR accessing logic

Normal operation logic

2 different environments

2 different property groups
96
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Modules Verified
Modules
CTL
State
Time
properties variables (min)
AHB arbiter 27, 38
90, 80
50
Bridge
61
50
5
DMA
67
100
440
N/A
9h, 43h
2h, 6h
USB (mw) 102+4+5
Host (mr) 36+4+2
97
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Discussions on Example




Incremental design and verification
Early stage of design: helps find real
design errors
Later stage of design: helps find model
and property errors
Design and verification time reduced
98
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Conclusions




Formal verification of SoC is definitely
required!
But, it should be used in conjunction
with other verification techniques.
Capacity of formal verification must be
enlarged for its wide-spread adoption
Techniques required:


Design abstraction
Verification partitioning
99
Pao-Ann Hsiung, CSIE, National Chung Cheng University
Future Work

Automatic abstraction & partitioning


Incorporation of assertion languages:





Assume-Guarantee Reasoning (AGR)
Verplex’s OVL
Intel’s ForSpec
etc.
Language
Wars!!!
IP = Verilog + OVL + AGR
Hierarchical verification of SoC based on
OVL + AGR
100
Pao-Ann Hsiung, CSIE, National Chung Cheng University