ECE 667 Synthesis and Verification of Digital Systems

ECE 667 Synthesis and Verification of Digital Systems Verification Introduction ECE 667 - Synthesis & Verification 1

Outline • Motivation: what is verification, why we need it • Verification methods – Formal methods – Simulation-based functional verification – Deterministic test generation ECE 667 - Synthesis & Verification 2

Verification • Design verification = ensuring correctness of the design – against its implementation (at different levels) – against alternative design (at the same level) ? model behavior function ? ? structure Design 1 HDL / RTL ? Logic level Design 2 RTL Logic level ? Gate level Mask level ? layout ECE 667 - Synthesis & Verification 3 ?

Why Verification • Verification crisis – System complexity, difficult to manage – More time, effort devoted to verification (70%) than to design – Need automated verification methods, integration • Consequences – Disasters, life threatening situations – Inconvenience (Pentium bug … ? ) – Many more … ECE 667 - Synthesis & Verification 4

Verification Methods • Deductive verification • Model checking Formal Verification • Equivalence checking • Simulation - performed on the model • Emulation, prototyping – product + environment • Testing - performed on the actual product (manufacturing test) ECE 667 - Synthesis & Verification 5

Functional Verification Simulation-based: Validation • Goal: verify the design in the full operational context • RTL functional verification – Verify specification (HDL) of RTL model – No model to check against: must simulate – Functional simulation • Functional test generation – Automatically generate tests: high-level transactions on data, clocking, control – SAT based methods ECE 667 - Synthesis & Verification 6

Evaluating Test Coverage • Coverage metrics - facilities to measure the effectiveness of functional verification – Monitors: collect data about testing (coverage, profile) – Code coverage • low-level coverage statistics for states, transitions, HDL model line coverage – Functional verification coverage • statistics, monitors for events, state transition sequences (transactions), data sets – Self-checking tests ECE 667 - Synthesis & Verification 7

Functional Test Generation • Given an RTL design and a coverage metric, must reach the predefined coverage goal • Solution: Solution run functional simulation – Directed tests • manual, often easy to generate (e. g. instruction set) • reliable (predictable coverage), but • not efficient (cover small portion of design) – Random tests • efficient (fast), but not reliable (unpredictable coverage) – Deterministic tests • Automatically generated • Constraints (user-defined, environment, coverage metrics) • Challenging to compute ECE 667 - Synthesis & Verification 8

Functional Verification - typical scenario 100 % Deterministic tests ? 100. 0 Coverage 95 % Pseudo-random directed tests (reliable and efficient) Normalized verification test cycles 1. 0 50 % Manual directed tests (reliable, not efficient) Test development time ECE 667 - Synthesis & Verification 9

Functional Test Generation • Random and pseudo-random methods • Directed pseudo-random simulation • Deterministic Methods – SAT-based methods • Boolean satisfiability • Mixed, arithmetic/Boolean satisfiability – Symbolic simulation – ATPG-based methods ECE 667 - Synthesis & Verification 10

Test Generation using Boolean SAT • Given an RTL specification of a combinational circuit • Simulate the design (pseudo-random, targeted vectors) • Code coverage OK ? module If not - expand the underlying logic: Boolean function ECE 667 - Synthesis & Verification input ports, output ports, internal signals begin. . . If (condition) then assignal = function( ); end if; . . . end module 11

B-SAT - Solving SAT using BDDs Boolean logic + constraints • Add constraints (modify the logic) • Build BDDs for each output, s. to constraints • Build the product BDD (AND of all BDDs) – If the set is empty, infeasible SAT instance – Otherwise: set of all satisfying assignments, test. ECE 667 - Synthesis & Verification 12

A simple B-SAT example • Given: output value requirements for a circuit • Compute: satisfying assignments at the inputs a b c d u v w • Output requirements: u=1, v=1, w=1 • SAT assignments: a, b, c, d = ? ECE 667 - Synthesis & Verification 13

How does B-SAT work ? H • Boolean satisfiability analysis – H = product BDD a • set of all satisfying solutions – to test for H = 1 (0), find a path in the BDD to terminal 1 (0) – the path, expressed in function variables, gives a satisfying solution (test vector) {1, 1, -}, {1, 0, 1} ECE 667 - Synthesis & Verification b ab c 0 ab’c 14 1

Functional test generation using Symbolic Simulation • Deterministic test pattern generation – Formulate a SAT problem for a complex combinational design – Solve SAT: find a set of satisfying assignment Module DUT … always @ (clk) begin A=? B=? + c=? * extract < if (A+B < B*C) out = x; else out = a & b x=? a=? b=? end ECE 667 - Synthesis & Verification 15 0 1 out

Formal Verification • Deductive reasoning (theorem proving) – Uses axioms, rules to prove system correctness – No guarantee that it will terminate – Difficult, time consuming: for critical applications only • Model checking – Automatic technique to prove correctness of concurrent systems: digital circuits, communication protocols, etc. – Practical tools become available, popular in industry • Equivalence checking – Check if two designs are equivalent – OK for combinational circuits, unsolved for sequential systems ECE 667 - Synthesis & Verification 16

Formal Verification • Equivalence checking – Takes two designs and makes a miter (AIG) Equivalence checking • Property checking – Takes design and property and makes a miter (AIG) • Prove that result is 0 (un. SAT) The goals are the same: to transform AIG until the output is proved constant 0 ABC is very effective at doing it ECE 667 - Synthesis & Verification 0 D 1 D 2 Property checking p 0 D 1 17