making formal normal - t&vs...tool training knowledge acquisition expert hiring external...

1© 2019 Dialog Semiconductor

FEBRUARY 2019

Integrating FV into your verification flowSteve Holloway

Making Formal Normal


Dialog Semiconductor is a leading provider of custom and highly-integrated Configurable Mixed-signal ICs, including

power management, power conversion, and connectivity technologies, backed by world-class manufacturing partners.

HQ: London, UK | Founded: 1981 | Listing: Frankfurt (DLG)

Dialog Corporate Overview

Increased focus on fast-growing segments of mobile,

IoT, automotive and computing & storage applications

A fabless manufacturing model, with production,

assembly and packaging fully outsourced

#1 supplier of PMICs, sub-PMICs and

Configurable Mixed-signal ICs (CMICs)

Global design centers, broad direct sales

and distribution channels, including

excellence in customer support

Leading innovator in Bluetooth® low energy

technology

Track record of revenue growth and a strong cash

generative business model


Dialog’s Formal Journey

▪ Basic training (wider)

▪ Fundamental concepts

▪ Tool training

▪ Knowledge acquisition

▪ Expert hiring

▪ External consultants

▪ Knowledge sharing (focussed)

▪ Best practise guidelines

▪ Knowledge base

▪ Assertion library

▪ Internal training

▪ Project deployment (focussed)

▪ Dialog FV expert network

▪ >= 1 expert per team

▪ Project deployment model

Novice

Expert

Post Si debug

Security

assurance

Automatic

analysis,

Superlint

In-house

scripts & apps

Formal

Property

Verification

Bug Hunting


Formal in the Verification Flow

Specification vPlanning RTL Design VerificationCoverage Closure

Gate Level Sims

Post Silicon

Designer

properties,

AFA

Formal

Property

Checking,

Scripts, Apps

Bug HuntingECO

Target FV

features,

design

assurance

Unreachability,

Formal Replay


Build Effort

Refinement Effort

Formal vs Simulation workflow

Build testbench

Sanity checking

Refine models and

checks

Refine stimulus

Uncover corner cases

Coverage closure

Develop sanity covers

Uncover corner cases

Refine models and

checks

Refine constraints

Reach proof bounds

Decide when to stop

Deep

Debug

Deep

Debug

Simulation

Formal


▪Start with covers – do not leave until the end!

▪Confirms specified behaviour is possible in the FV environment

▪Basic coverage recipe:

▪All normal use cases possible

▪Every waveform diagram in the design specification

▪All transaction types possible

▪All FSM states/arcs reachable

▪Normally part of AFA

▪Corner cases reachable:

▪FIFO full/empty

▪Error or “bad machine” cases

Tips and Tricks – Creating Covers


Transactions as sequences

Raising abstraction

sequence ahb_write(addr, data);

(haddrs == addr) && hwrites && . . .

##1 (hreadys && !hwrites && . . . && hwdatas == data);

endsequence: ahb_write

chk_lock: assert property (

ahb_write(‘LOCK_REG, ‘h01)

|=>

lock_rwt);

Special function register check

AHB write sequence


Covering access sequence

cov_wr_deadabba: cover sequence (

ahb_write('h00, ‘hDE) ##1

ahb_write('h04, ‘hAD) ##1

ahb_write('h08, ‘hAB) ##1

ahb_write('h0C, ‘hBA) ##1

1);


Abstract FSM

Raising Abstraction

DUT

FSM

assertions

▪Possible to construct FSM model

▪Higher level concept of DUT state

▪Allows simpler properties

▪Enables easier debug

▪Sometimes a good proxy for design restructure!


Pipelined handshaking protocol

Helper code – avoiding complex properties

always @(posedge clk or negedge rst_n) begin

if (!rst_n) handshakes <= 0;

else begin

if (req & !gnt) handshakes++;

if (!req & gnt) handshakes--;

end

end

gnt_follows_req: assert property (

@(posedge clk)

(req && (handshakes == 0)

|-> ##[1:$](handshakes == 0)));

no_gnt_without_req: assert property (

@(posedge clk)

(not(handshakes < 0)));

Every req must have a gnt sometime later

There must be no gnt issued without a req


▪Some pitfalls with Formal:

▪Incomplete (bounded) proofs

▪Not knowing when to stop

▪Faulty constraints which give a false result

▪Some design structures don’t work well

▪How simulation can help:

▪Provides formal constraint checking

▪Cross-check FV design understanding

▪Can collect coverage metrics from formal env

▪Can tackle formal-unfriendly implementations

No need to simulate - Formal is complete, right?

Mixing Formal with Simulation


▪Creating stimulus to exercise corner ‘coverage holes’ can be time consuming

▪Closure activities take place close to tape-out, adding to project stress!

▪Formal Replay connects the two different worlds of Formal and dynamic simulation

▪Stores cover traces (waveforms) from IP or device-level cover sequences

▪Converts these into simulation stimulus

▪Internal Dialog flow:

▪Automatic hole covers – automatically generated from coverage metrics data

▪Manual covers – cover sequences manually written for specific interesting cases

Automated stimulus generation

Formal Replay


Translating coverage analysis report into SVA covers

Metrics hole cover automation

cov_hole_expr_11_1_2 : cover sequence (

!(clear_cabinet_i)&&

!(fifo_empty_o)&&

(user_reg_access_i)&&

!((rd_ptr_next == {SRAM_OFFSET_WIDTH{1'b0}}))&&

((rd_ptr_q + 1'b1))&&

(user_is_reading_d)

);


Formal Replay Flow

Coverage

Metrics

Testbench

DUT

JasperGold vcd wgl

Checkers

assumes

asserts

manual covers

hole covers

Simulator

batch

script

translate

automation


▪Integrate FV into your verification flow – it’s a no-brainer!

▪Be careful not to neglect formal covers

▪Try to raise abstraction in your approach

▪Run FV assertions in simulation as early as possible

▪Judge ROI for FV vs simulation approaches

▪Take advantage of “push button” apps

▪UNR

▪AFA / Superlinting

▪Connectivity/Security/CSR

▪Formal Replay

▪Drive cultural change:

▪Make Formal Normal in your company

Conclusions


Personal • Portable • Connected

www.dialog-semiconductor.com

Powering the Smart Connected Future

https://www.dialog-semiconductor.com/

http://www.dialog-semiconductor.com/

making formal normal - t&vs...tool training knowledge acquisition expert hiring external...

Documents