

Jacob Abraham

Department of Electrical and Computer Engineering The University of Texas at Austin

> Verification of Digital Systems Spring 2020

> > January 23, 2020

Lecture 1. Introduction to Verificati

Jacob Abraham, January 23, 2020 1 / 44

Jacob Abraham, January 23, 2020 1 / 44

## Goals of This Course

ECE Department, University of Texas at Austin

ECE Department, University of Texas at Austin

#### Learn the principles of verification

- Verification is a key task in designing complex chips (as well as software and systems, for that matter)
  - Takes the majority of effort in the design cycle
- We will focus on digital hardware in this class
- Class will cover both simulation-based and formal verification

#### Apply techniques from the lectures to designs in the lab

- Use commercial software (Cadence, Mentor Graphics)
- Formal equivalence checking
- Specification and application of assertions in simulation
- Portable constrained random tests
- Formal verification of assertions



#### Topics

- Introduction
- Machine learning in verification
- Formal equivalence checking
  - Binary decision diagrams, satisfiability engines
  - Use of term rewriting
  - Sequential equivalence checking
- Dynamic (simulation-based) verification
  - Simulation environments, coverage metrics
  - Assertion-based verification
  - UVM
- Formal property checking
  - Introduction to model checking and comparing finite-state machines

Jacob Abraham, January 23, 2020 3 / 44

- Techniques to detect subtle bugs
- Post-Silicon validation
- Verification challenges
- Abstractions to reduce complexity

ECE Department, University of Texas at Austin Lecture 1. Introduction to Verification

### Lectures in the course

- Introduction
- Example of verification flow in industry (Alan Hunter, ARM)
- Machine learning and AI in verification (Monika Farkash, AMD)
- Formal equivalence checking (combinational)
- Finite-state machines and temporal logic
- Assertion-based verification and SystemVerilog assertions (Harry Foster, Siemens)
- Verification testbenches and UVM (Nagesh Loke, ARM)
- Sequential equivalence checking (Shaun Feng, Samsung)
- Model checking (Amit Goel, Apple)
- Quick Error Detection

ECE Department, University of Texas at Austin

- Verifying cache coherency
- Semi-formal verification (Hary Mony, RealIntent)

## Lectures in the course, Cont'd

- CPU verification Challenges (Tse-Yu Yeh, Apple)
- GPU verification Challenges (John Coers, Apple)
- SoC verification

ECE Department, University of Texas at Austin

- Techniques to extend tool capacity
- Am I ready to be a verification engineer? (Ram Narayan, ARM)
- New directions in verification

Lecture 1. Introduction to V

Jacob Abraham, January 23, 2020 4 / 44

Jacob Abraham, January 23, 2020 5 / 44

## Work in the Course

#### Lectures

- Cover fundamentals of the topics
- Notes posted on the web page
- Supplemental notes and papers on Canvas
- Homework problems
  - Solve problems posted on Canvas
- Laboratory exercises
  - Use commercial tools to apply techniques to realistic designs
- Project
  - Your opportunity to delve into a verification-related topic of interest to you
  - 2 3 person teams
  - Project report and presentation to class at the end of the semester

Jacob Abraham, January 23, 2020 6 / 44

Jacob Abraham, January 23, 2020 7 / 44

• Work on project throughout the semester

## Laboratory Exercises

ECE Department, University of Texas at Austin

#### Lab. 1 – Logic Equivalence Checking (LEC)

- Formally check logical equivalence between a simple RTL module and its synthesized version
- Example, after DFT insertion
- Cadence Conformal LEC

#### Lab. 2 – Assertion Based Verification (ABV)

 Add assertions to a testbench to verify that the implementation correctly implements design intent

Lecture 1. Introduct

- Document the functional coverage
- Mentor Questa

ECE Department, University of Texas at Austin



re 1. Introduction to Verificat

ECE Department, University of Texas at Austin

| Project                                                           |                                                                                                                                                                                                                                                                                                                                                                                                                             |                                                                                                                                                               |
|-------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Topics                                                            |                                                                                                                                                                                                                                                                                                                                                                                                                             |                                                                                                                                                               |
| • Res                                                             | search different areas in verification to                                                                                                                                                                                                                                                                                                                                                                                   | pick a topic                                                                                                                                                  |
| • Pro                                                             | ject can focus on a particular aspect o                                                                                                                                                                                                                                                                                                                                                                                     | of verification                                                                                                                                               |
| 9                                                                 | Analysis and comparison of different veri<br>Application of verification to a real desig<br>SUN OpenSparc (http://www.openspa<br>Verilog Model for the DEC Alpha (http<br>//www.crhc.illinois.edu/ACS/tool<br>designs from http://www.opencores.or<br>including Amber ARM<br>(http://opencores.org/project, aml<br>(http://riscv.org/), Ridecore<br>(https://github.com/ridecore/ride<br>(https://github.com/pulp-platform) | <pre>ification techniques gn (targets include the arc.net/), the Illinois : s/ivm/about.html), org/projects/ ber), RISC-V ecore/), Pulpino m/pulpino) )</pre> |
| Presentation/Report                                               |                                                                                                                                                                                                                                                                                                                                                                                                                             |                                                                                                                                                               |
| • Tea                                                             | am presents results to the class (during                                                                                                                                                                                                                                                                                                                                                                                    | the last few classes)                                                                                                                                         |
| • A concise report on the project is due at the end of the course |                                                                                                                                                                                                                                                                                                                                                                                                                             |                                                                                                                                                               |
| ECE Department, University of                                     | of Texas at Austin Lecture 1. Introduction to Verification                                                                                                                                                                                                                                                                                                                                                                  | Jacob Abraham, January 23, 2020 9 /                                                                                                                           |

Jacob Abraham, January 23, 2020 8 / 44



# Reliability in the Life of an Integrated Circuit – II



Verification versus Validation – From IEEE "PMBOK guide"

#### Verification

"The evaluation of whether or not a product, service, or system complies with a regulation, requirement, specification, or imposed condition. It is often an internal process." **Are we designing the system right?** 

#### Validation

ECE Department, University of Texas at Aus

ECE Department, University of Texas at Austin

"The assurance that a product, service, or system meets the needs of the customer and other identified stakeholders. It often involves acceptance and suitability with external customers." **Are we designing the right system?** 

## Historical Interest in Verification

#### A saga of "correct" software

- In 1969, Naur published a technique for constructing and proving software, and applied it to a text processing problem
   Informally proved correctness of about 25 lines of ALGOL 60
- Leavenworth in a 1970 review pointed out that the first line of the output would be preceded by a blank unless the first word had exactly the maximum number of possible characters in a line (MAXPOS)
- London found three additional faults in 1971 (e.g., procedure would not terminate unless word with more than MAXPOS characters encountered)
  - Presented a corrected version and proved it formally
- Goodenough and Gerhart found three further faults in 1975 that London had not detected (included the fact that the last word would not be output unless it is followed by a BLANK or NIL)

ry 23, 2020 12 / 44

23, 2020 13 / 44



#### Historical Interest in Verification, Cont'd





## The (In)Famous Pentium FDIV Problem



Graph of x, y, x/y in a small region by Larry Hoyle



# Verification Consumes the Majority of Project Time





# Where Verification Engineers Spend Their Time **ASIC: Where Verification Engineers Spend Their Time** 44% Test Planning Testbench Development Creating Test and Running Simulation Debua 21% Other 19% rch Group and Mentor. A Siemens Business, 2018 Functional Verification Study © Mento Menlor Source: Wilson Research Group and Mentor Graphics, 2018 Functional Verification Study ECE Department, University of Texas at Austin Jacob Abraham, January 23, 2020 21 / 44



Verification Study

ECE Department, University of Texas at Austin

## Adoption of Static (Formal) Verification Techniques



o Abraham, January 23, 2020 22 / 44



Source: Wilson Research Group and Mentor Graphics, 2018 Functional Verification Study

# Verification Language (Testbench) Adoption

ECE Department, University of Texas at Austin



o Abraham, January 23, 2020 24 / 44











ECE Department, University of Texas at Austin



b Abraham, January 23, 2020 30 / 44

## Verification Approaches

- Simulation (the most popular verification method)
  - Cycle based, functional simulation for billions of cycles
  - Good coverage metrics usually not available
  - Assertions used to specify behavior
  - Emulation
    - Capital intensive
    - Map design to be verified on FPGAs
    - Run OS and application at MHz rates
- Formal verification
  - Exhaustive verification of small modules
  - Formal equivalence checking
  - Property checking
- Techniques to manage complexity
  - Compositional techniques
  - Make use of symmetry
  - Abstractions

ECE Department, University of Texas at Au

## **Evaluating the Complete Design**

- Is there a verification technique which can be applied to the entire chip?
- Only one approach which scales with the design: Simulation
- Most common technique now used in industry
- Cycle-based simulation can exercise the design for millions of cycles
  - Unfortunately, the question of when to stop simulation is open
  - No good measures of coverage
- Emulation

ECE Department, University of Texas at Austin

- Used to verify the first Pentium (windows booted on FPGA system)
- Developing another accurate model is an issue

Jacob Abraham, January 23, 2020 32 / 44

Jacob Abraham, January 23, 2020 33 / 44

# When are we Done Simulating? When do you tape out? • Motorola criteria (EE Times, July 4, 2001) • 40 billion random cycles without finding a bug • Directed tests in verification plan are completed • Source code and/or functional coverage goals are met • Diminishing bug rate is observed • A certain date on the calendar is reached

## **Coverage-Driven** Verification

ECE Department, University of Texas at Austin

ECE Department, University of Texas at Austin

#### Attempt to Verify that the Design Meets Verification Goals

- Define all the verification goals up front in terms of "functional coverage points"
  - Each bit of functionality required to be tested in the design is described in terms of events, values and combinations
- Functional coverage points are coded into the verification environment
  - Simulation runs can be measured for the coverage they accomplish
- Focus on tests that will accomplishing the coverage ("coverage driven testing")
  - Then fix bugs, release constraints, improve the test environment
  - Measurable metric for verification effort

January 23, 2020 34 / 44

Jacob Abraham, January 23, 2020 35 / 44



## Assertions

ECE Department, University of Texas at Austin

ECE Department, University of Texas at Austin

- Assertions capture knowledge about how a design should behave
- Used in coverage-based verification techniques in a simulation environment as well as in formal verification
- Assertions help to increase observability into a design, as well as the controllability of a design
- Each assertion specifies
  - legal behavior of some part of the design, or
  - illegal behavior of part of the design
- Examples of assertions (will be specified in a formal language)
  - The fifo should not overflow
  - Some set of signals should be "one-hot"
  - If a signal occurs, then ...

Jacob Abraham, January 23, 2020 36 / 44

Jacob Abraham, January 23, 2020 37 / 44







- Digital systems similar to reactive programs
- Digital systems receive inputs and produce outputs in a continuous interaction with their environment
- Behavior of digital systems is concurrent because each gate in the system simultaneously evaluating its output as a function of its inputs

#### Check Properties of Design

- Since specification is usually not formal, check design for properties that would be consistent with the specification
- Safety "something bad will never happen"
- Liveness Property: "something good will eventually happen"
- Temporal Logic and variations commonly used to specify properties
- Example: Linear Temporal Logic (LTL) or Computation Tree Logic (CTL)



ECE Department. University of Texas at Austin



y 23, 2020 40 / 44



• Develop powerful abstractions

# **Program Slicing**

ECE Department. Unive

#### A Slice of a Design

- Represents behavior of the design with respect to a given set of variables (or slicing criterion)
- Proposed for use in software in 1984 (Weiser)
- Slice generated by a control/data flow analysis of the program code
- Slicing is done on the structure of the design, so scales well
- "Static analysis"

ECE Department, University of Texas at Austin

y 23, 2020 42 / 44

Jacob Abraham, January 23, 2020 43 / 44

