Dr. Pranav Ashar
Dr. Pranav Ashar is chief technology officer at Real Intent. He previously worked at NEC Labs developing formal verification technologies for VLSI design. With 35 patents granted and pending, he has authored about 70 papers and co-authored the book ‘Sequential Logic Synthesis’.
Static Verification Leads to New Age of SoC Design
July 3rd, 2014 by Dr. Pranav Ashar
SoC companies are coming to rely on RTL sign-off of many verification objectives as a means to achieve a sensible division of labor between their RTL design team and their system-level verification team. Given the sign-off expectation, the verification of those objectives at the RT level must absolutely be comprehensive.
Increasingly, sign-off at the RTL level can be accomplished using static-verification technologies. Static verification stands on two pillars: Deep Semantic Analysis and Formal Methods. With the judicious synthesis of these two, the need for dynamic analysis (a euphemism for simulation) gets pushed to the margins. To be sure, dynamic analysis continues to have a role, but is increasingly as a backstop rather than the main thrust of the verification flow. Even where simulation is used, static methods play an important role in improving its efficacy.
Deep Semantic Analysis is about understanding the purpose or role of RTL structures (logic, flip-flops, state machines, etc.) in a design in the context of the verification objective being addressed. This type of intelligence is at the core of everything that Real Intent does, to the extent that it is even ingrained into the company’s name. Much of sign-off happens based just on the deep semantic intelligence in Real Intent’s tools without the invocation of classical formal analysis.
Further, Deep Semantic intelligence and Formal analysis play a symbiotic role to complete the sign-off. Formal analysis benefits from the precisely scoped and contextually well-structured checks generated by virtue of the Deep Semantic intelligence, and Formal analysis proves the supposition of these generated checks.
This combination is efficient for numerous verification objectives in the SoC era.
A key area is X-propagation verification. RTL simulation be its very nature is X-optimistic and can hide bugs or cause RTL and gate-level simulation results to differ. Designers need to understand the X-sensitive constructs in their design and how they can be affected by upstream X-sources. Another area of concern is ensuring that designs come out of power-up in a known state in a given number of clock cycles, and that powered-down blocks do not cause illicit behavior in the active blocks. Static analysis based on combining Deep Semantic intelligence with judicious application of Formal methods is the only way to sign-off on X-verification objectives in a reasonable amount of time.
Another iconic example is the verification of clock-domain crossings. Whereas the basic failure modes here have a textbook simplicity, identifying these failures in real-life RTL so that all potential failures are reported in acceptable run time and without drowning the engineer in noise is a challenging ask. This is an area where the Deep Semantic intelligence in Real Intent’s Meridian CDC tool shines. It is the only product that performs full-chip comprehensive CDC analysis without resorting to abstractions, while also providing the ability of a full-featured hierarchical and distributed workflow. For example, when doing full-chip SoC integration the details of the IP blocks must be retained intelligently to ensure that “sneak paths” that may be lurking in the IP and only come into play at the SoC level can be uncovered. Abstraction models are infamous for ignoring that essential detail that may needed for top-level analysis. Real Intent has developed data models that allow its analyses to represent even gigascale designs with all the necessary details that allow for comprehensive verification. We like to say that if you are not signing-off on CDC with Real Intent’s Merdian, you are not signing-off!
Even for RTL linting, which has been a verification tool in use for over 20 years, new data models are needed to deliver gigascale capacity and performance. With the new levels of performance combined with Real Intent’s Deep Semantic intelligence, designers can have answers in minutes and can quickly resolve chip-scale issues that would otherwise have been missed or taken days to resolve. For example, it is often the case that undesired combinational loops get added as IPs are integrated into the SoC. Without tools like Real Intent’s Ascent Lint, such problem would go undetected and manifest as field failures.
Related to the above, we see a fundamental change in the moving away from a tool-based mindset to a verification-objective-driven mindset in chip verification that is facilitating sign-off at RTL and anchoring the use of static verification methods. This is supremely beneficial for the ScC paradigm and it would not be an exaggeration to say that the SoC design process would have broken down. Static methods shine when the objective is clearly stated and failure modes are deeply understood. Real Intent has experienced this first hand over the past decade as it has watched the static verification for CDC and early functional verification that it pioneered become entrenched in the SoC verification flow.
The objective-driven approach also points to another reality for SoC design houses: Insuring your SoCs against respins is not about having the fastest simulator, ABV or STA tool any more. Neither is it about having an all-in-one tool that does a little bit of a lot of things. Rather, it is about deploying the best-in-class solution with leading edge performance, capacity, workflow and sign-off quality for key SoC-verification objectives like CDC and X-safe design. We are seeing this message take hold in the high-end SoC design houses. It is imperative that SoC design companies across the full spectrum of SoC types to accept this message.
Real Intent is a verification-solutions provider that emphasizes early static verification sign-off. Mostly that means signing off at RTL, but sometimes it could also mean signing-off at the gate-level in order to get an independent validation of the synthesis steps. It also means signing-off on as much as possible before simulation. Any simulation you must do has to be absolutely necessary and tied to a companion static analysis step. With its best-in-class verification-solutions focus, Real Intent sees itself as an enabler of the new age of SoC design.
Tags: cdc, clock domain crossing, RTL sign-off, SOC, static verification, verification, x-propagation, x-verification