Open side-bar Menu
 Real Talk

Archive for March 15th, 2011

The Evolution of Sign-off

Tuesday, March 15th, 2011

Anyone who was around the ASIC & EDA industries 20 years ago will remember that Sign-off Verification used to consist of one step: Sign-off Simulation. There were a number of choices of simulators from the big three “DMV” of that day – Daisy, Mentor and Valid – plus one called Verilog-XL from a little startup called Gateway. ASIC Vendors developed design kits and qualified the simulation libraries for these tools in order to sign-off on the expected function and timing of their designs.

Sign-off simulation in that day was a single process, run with full timing, thereby verifying function and timing simultaneously. As this was computationally expensive, it could not scale as designs grew larger with each process node.

The 90s: Function versus Timing

With full-timing sign-off simulation running out of steam, the industry looked for faster simulation methods that used unit timing or cycle-based simulation. In addition, full-timing simulation did not check every timing condition in the design, leading to the possibility of timing errors slipping through the sign-off process.

Fortunately, synthesized blocks were already using static timing verification, since it was built into Design Compiler, so a path existed to expand timing verification to full-chip with the introduction of PrimeTime. With full-chip sign-off timing verification now available, function and timing could be handled separately. However, a very important requirement to enable this abstraction was that designs had to be fully synchronous.

The 2000s: Intent versus Implementation

With timing abstracted away, sign-off simulation was able to use faster methods that didn’t look at propagation delays and focused only on cycle-accurate functionality. This was fine for RTL but started to break down at the gate level. Fortunately, the synchronous nature of these designs enabled another abstraction – formally verifying that a gate-level design is functionally equivalent to the original RTL source, thus creating the market for formal equivalence checking.

This separated verification of the design intent – primarily performed dynamically – from verification of implementation correctness for both function and timing – primarily performed statically using equivalence checking and timing analysis. Thus, the split between dynamic and static verification fell along the lines between intent and implementation.

Today: SoC Design and Asynchronous Verification

Today, Systems-on-Chip design involves the integration of fully asynchronously connected computation islands, many of which are imported IP with disparate clocking requirements. In addition, power requirements often necessitate that different parts of a chip be clocked at different and/or dynamically scalable rates. Thus, the requirement enabling separation of function and timing is no longer valid at the asynchronous interfaces between blocks. New failure modes arise from corner-case confluences of timing and functionality that cannot be found in either simulation or timing verification, thus breaking the current sign-off flow. A large SoC may have hundreds of clock domains, and communication between them must be synchronized to avoid data loss or corruption. An “Advanced Sign-off” flow for today’s SoCs and future billion-gate chips must be developed that includes full-chip CDC analysis to sign-off on all asynchronous interfaces between computation islands, on-chip interconnect and external interfaces.

SoC Design Complexity and RTL Verification

Large SoCs are also fueling the demand for improved code quality before verification. With SoC design being increasingly driven by consumer product life cycles, we cannot expect that the development timeline to grow with design size. In order to keep simulation from spiraling out of control, higher quality RTL must be checked in for verification, and imported IP must be checked for code quality. RTL code must also be analyzed for efficient implementation in both silicon and emulation. Implementation constraints must also be analyzed for consistency with chip-level requirements. What is needed is a comprehensive RTL sign-off process that uses automatic checks to enable detection of dead code, FSM deadlocks, hazardous coding styles and analysis of X-Propagation risks before simulation begins, as well as dynamic checks to flag issues as they occur during simulation and emulation.

Thus, the sign-off flow must adapt again. Only with a comprehensive approach can an “Advanced Sign-off” flow scale to deliver defect-free SoCs over the coming decade.

CST Webinar Series

Internet Business Systems © 2016 Internet Business Systems, Inc.
595 Millich Dr., Suite 216, Campbell, CA 95008
+1 (408)-337-6870 — Contact Us, or visit our other sites:
TechJobsCafe - Technical Jobs and Resumes EDACafe - Electronic Design Automation GISCafe - Geographical Information Services  MCADCafe - Mechanical Design and Engineering ShareCG - Share Computer Graphic (CG) Animation, 3D Art and 3D Models
  Privacy Policy