Graham is VP of Marketing at Real Intent. He has over 20 years experience in the design automation industry. He has founded startups, brought Nassda to an IPO and previously was Sales and Marketing Director at Internet Business Systems, a web portal company. Graham has a Bachelor of Computer … More »
Design Verification is Shifting Left: Earlier, Focused and Faster
April 10th, 2014 by Graham Bell
Recently, we have seen announcements by the Big Three EDA Companies about new initiatives in the area of SoC verification. Synopsys for example, has started talking about Verification Compiler and how it is introducing static and formal checks for the first time, and relies on the Verdi debugging environment (acquired from SpringSoft) to tie it all together. Real Intent has been delivering solutions focused static and formal for several years now (and also relies on Verdi for Debug). The industry really started taking notice of this static verification trend in 2013 at DVCon and we have seen it grow through DAC 2013 in Austin. We are now talking about designs crossing the billion-gate threshold and what can be done to not only control this explosion of complexity, but also to achieve sign-off for RTL code.
RTL and gate-level simulation theoretically can be used to fully test a billion-gate SoC, but the cost of complete RTL testing is beyond what design teams can afford. To reduce the testing cost and the risk of missing critical tests, abstract modeling and pre-simulation static analysis of RTL have now become imperative in SoC design flows. Integration of heterogeneous IP and design units require confirmation of protocols, power budgets, testability and the correct operation of multiple interfaces and clock domain crossings (CDC).
The goal is to “shift left” and find more problems earlier in the design cycle. To improve the quality and robustness of RTL before simulation and synthesis requires a number of tools :
Let’s look at these in more detail and discuss their importance to sign off.
Modern Lint tools have evolved to the point where they can handle full-chip designs and yet still offer concise hierarchical reporting. The availability of low-noise reporting means less time waiving violations and more time cleaning easy-to-fix issues. Because of the lower-noise, designers can use the tool earlier and more often. However, an RTL Lint tool requires only rule-setup and therefore cannot provide a deep analysis.
Automatic formal RTL analysis builds on Lint cleaning for early detection of functional issues and takes advantage of clock definitions for the design. Because automated formal performs a sequential analysis and does constant propagation, it can do a deeper design exploration to uncover potential problems. Formal analysis can eliminate potential failures reported in Lint. Designers benefit from early static analysis of problems such as potential FSM deadlocks, bus issues and even X-value propagation.
Billion-gate designs have millions of flip flops to initialize. Many of the IP blocks used in such designs also have their own initialization schemes. It is neither practical nor desirable to wire a reset signal to every single flop. It makes more sense to route resets to an optimal minimum set of flops, and initialize the rest through the logic, but this is a significant RTL coding challenge.
Flip-flop reset analysis ensures that the SoC design will come in a known good state, and in later iterations of the design it may be used to save chip area and routing resources through a more intelligent application of reset signals. The analysis of any system with such a reset and initialization scheme is bound to identify many Xs. For designers, the issue is in knowing which ones matter, because dealing with unnecessary Xs wastes time and resources. However, missing an X state that does matter can increase the likelihood of late-stage debug, cause insidious functional failures and ultimately, respins.
As a last step, it is important to manage the way simulation and synthesis processes handle the unknown (X) states thrown up by power management strategies that turn blocks on and off, and adjust clocks crossing between domains. A proper analysis of this issue can reveal functional bugs that have been hidden at the RTL level by too much optimism about the impact of X states, and also reduce the impact of excessive pessimism given to X states after synthesis.
Timing constraints (SDC) are a key input to the gate-level synthesis of designs, so SDC management and checking ensures correct timing for the block and full-chip level, so long as any changes in the RTL are reflected in the SDC files for the design. And the SDC itself needs to be verified for correctness and consistency, which is essential for other analyses such as clock design crossing.
Power analysis and optimization techniques address issues such as retention flop and isolation-cell analysis and optimization, clock/power gating, and sequential/combinational optimizations. These interventions can be so extensive that it makes sense to go back to the other static analyses to recheck the design.
Combining these static verification steps can enable signoff of the RTL to reduce the simulation burden of testing functionality and the synthesis burden of trying to implement conflicted code from disparate IP. It means the design will be as correct as possible as soon as possible, with reduced risk of failure at the implementation stage. And billion-gate SoC signoff is now a reachable goal, not an impossibility.
Does the industry want a monolithic solution from one vendor? Certainly history has shown that is not the case. The ability to create a best-in-class solution that uses a mix of mature industry tools with leading-edge products from smaller, more innovative EDA companies is very desirable. Semiconductor companies support open flows because it provides the easiest pathway to incorporate that next 10x tool in their design suite. May it ever be so.