Viresh Paruthi, IBM Systems and Technology Group, Austin TX, USA 23 October 2010 Large-Scale Formal Application: From Fact to Fiction © 2010 IBM Corporation
IBM Systems and Technology Group A Quick Trip down Memory Lane… Middle Ages Early Times The Future… Modern Era 2000 2002 2006 Advent of SFV, SEC, Parallel Larger logics verified; higher coverage Same “look and feel” as simulation SEC key to many newer methodologies Applied to small logics (~100 s of registers) Manual Intensive w/ dedicated resources Required setting up of complex drivers 2010 Avoid duplicate work Reusable methodologies / IP Automation, automation… Stay tuned! Large scale FV application Integrated approach / DLV Out-of-the-box methodologies High speed, capacity toolsets SFV: Semi-formal verification SEC: Sequential Equivalence Checking DLV: Designer-level Verification 2 © 2010 IBM Corporation
IBM Systems and Technology Group Outline § Topics § Context: High-end Server Microprocessors and Systems § Formal Verification Methodology Formal H/W Acceleration § Future Directions Simulation § Results Verification V. Paruthi, “Large-scale Application of Formal Verification – From Fiction to Fact, ” FMCAD 2010 3 © 2010 IBM Corporation
IBM Systems and Technology Group Topics Formal methods have matured over years with myriad applications. In this talk. . . ü What we will cover – Deployment of Functional Formal Verification (FFV) on a large-scale • Experiences from leveraging the technology extensively on high-end systems – Application of Sequential Equivalence Checking (SEC) in an industrial setting • New frontier enabling improved productivity and new methodologies û What we will not cover – Advances in formal technology to enable large-scale formal application • Significant improvements to speed and capacity of FV tools over the years – Combinational equivalence checking • Mainstay of the industry to verify equivalence of transistor- and gate-level to RTL 4 © 2010 IBM Corporation
IBM Systems and Technology Group Outline § Topics § Context: High-end Server Microprocessors and Systems § Formal Verification Methodology 5 Formal H/W Acceleration § Future Directions Simulation § Results Verification © 2010 IBM Corporation
IBM Systems and Technology Group 45 nm IBM POWER Processors 65 nm 130 nm RS 64 IV Sstar . 18 um. 25 um. 35 um RS 64 II North Star RS 64 I Apache Bi. CMOS -Cobra A 10 -64 bit . 22 um . 5 um POWER 3 TM -630 . 35 um . 72 um POWER 2 TM P 2 SC . 25 um RSC 1. 0 um . 35 um. 6 um 604 e POWER 1 -AMERICA’s 1990 6 POWER 5 TM -SMT . 5 um Muskie A 35 -603 POWER 7 -Multi-core POWER 6 TM -Ultra High Frequency 180 nm RS 64 III Pulsar Next Gen. POWER 4 TM -Dual Core Major POWER® Innovation -1990 RISC Architecture -1994 SMP -1995 Out of Order Execution -1996 64 Bit Enterprise Architecture -1997 Hardware Multi-Threading -2001 Dual Core Processors -2001 Large System Scaling -2001 Shared Caches -2003 On Chip Memory Control -2003 SMT -2006 Ultra High Frequency -2006 Dual Scope Coherence Mgmt -2006 Decimal Float/VSX -2006 Processor Recovery/Sparing -2009 Balanced Multi-core Processor -2009 On Chip EDRAM -601 1995 2000 2005 2010 * Dates represent approximate processor power-on dates, not system availability © 2010 IBM Corporation
IBM Systems and Technology Group The POWER 7 Processor Chip § Size: 567 mm 2 § Technology: 45 nm lithography, Cu, SOI, e. DRAM § 1. 2 B transistors – Equivalent function of 2. 7 B – e. DRAM efficiency § Eight processor cores – 12 execution units per core – 4 Way SMT per core – 32 Threads per chip – 256 KB L 2 per core – Advanced Pre-fetching (Data and Instruction) – Binary Compatibility with POWER 6 § 32 MB on chip e. DRAM shared L 3 § Dual DDR 3 Memory Controllers – 100 GB/s Memory bandwidth per chip sustained § Scalability up to 32 Sockets – 360 GB/s SMP bandwidth/chip – 20, 000 coherent operations in flight 7 * Statements regarding SMP servers do not imply that IBM will introduce a system with this capability. © 2010 IBM Corporation
IBM Systems and Technology Group POWER 7: Core § Execution Units – – – – 2 Fixed point units 2 Load store units 4 Double precision floating point 1 Vector unit 1 Branch 1 Condition register 1 Decimal floating point unit 6 Wide dispatch/8 Wide Issue § Recovery Function Distributed § 1, 2, 4 Way SMT Support § Out of Order Execution DFU ISU Add IFU CRU/BRU FXU Boxes VSX FPU LSU § 32 KB I-Cache § 32 KB D-Cache § 256 KB L 2 – Tightly coupled to core 8 256 KB L 2 © 2010 IBM Corporation
IBM Systems and Technology Group POWER 7: Flexibility and Adaptability § Cores: – 8, 6, and 4 -core offerings with up to 32 MB of L 3 Cache – Dynamically turn cores on and off, reallocating energy – Dynamically vary individual core frequencies, reallocating energy – Dynamically enable and disable up to 4 threads per core § Memory Subsystem: – Full 8 channel or reduced 4 channel configurations § System Topologies: – Standard, half-width, and double-width SMP busses supported § Multiple System Packages 2/4 s Blades and Racks Single Chip Organic 1 Memory Controller 3 4 B local links 9 High-End and Mid-Range Single Chip Glass Ceramic 2 Memory Controllers 3 8 B local links 2 8 B Remote links Compute Intensive Quad-chip MCM 8 Memory Controllers 3 16 B local links (on MCM) © 2010 IBM Corporation
IBM Systems and Technology Group POWER 7: Reliability and Availability Dynamic Oscillator Failover OSC 0 OSC 1 Fabric Interface Fabric Bus Interface to other Chips and Nodes • ECC protected • Node hot add /repair Core Recovery • Leverage speculative execution resources to enable recovery • Error detected in GPRs FPRs VSR, flushed and retried • Stacked latches to improve SER BUF BUF Alternate Processor Recovery • Partition isolation for core checkstops BUF L 3 e. DRAM X 8 Dimms • 64 Byte ECC on Memory • Corrects full chip kill on X 8 dimms • Spare X 8 devices implemented • Dual memory chip failures do not cause outage • Selective memory mirror capability to recover partition from dimm failures • HW assisted scrubbing • SUE handling • Dynamic sparing on channel interface • Power. VM Hypervisor protected from full dimm failures 10 IO Hub PCI Bridge • ECC protected • SUE handling • Line delete • Spare rows and columns GX IO Bus • ECC protected • Hot add Infini. Band® Interface • Redundant paths PCI Adapter * Statements regarding SMP servers do not imply that IBM will introduce a system with this capability. © 2010 IBM Corporation
IBM Systems and Technology Group Outline § Topics § Context: High-end Server Microprocessors and Systems Formal H/W Acceleration § Results Verification Simulation § Formal Verification Methodology – Verification Technology / Progression – Integrated Approach – Sequential Equivalence Checking § Future Directions 11 © 2010 IBM Corporation
IBM Systems and Technology Group Verification Technology RTL (VHDL, Verilog) Physical VLSI Design Tools / Custom Design Driver/Checker Assertions PSL et al. Language Compile Model Build Test Program Generator (GPro, X-Gen) Cycle-Based Model C++ Testbench Boolean Equivalence Check (Verity) 12 (Semi-) Formal Verification (Sixth. Sense, Rule. Base) Constraint Random Testbench Software Simulator (MESA) Hardware Accelerator (Awan) Hardware Emulator © 2010 IBM Corporation
IBM Systems and Technology Group Formal Verification at IBM § Vision: Bring FV to the masses – Common infrastructure → Trivial learning curve, resource savings – Shared / reusable verification IP → High ROI, tight integration – High scalability → Improved productivity Amortize development cost → Higher value proposition § Synergistic application alongside other verification disciplines – Focused on the same problems 13 © 2010 IBM Corporation
IBM Systems and Technology Group Formal Verification Technology § Scalable Transformation-based Formal and Semi-formal Verification – Synergistic logic simplifications → Exponential verification speedup – Use symbolic exploration incompletely, to expose corner-case bugs – Seamlessly integrated with existing verification framework • No new languages; specs reused across FV + simulation + acceleration 14 © 2010 IBM Corporation
IBM Systems and Technology Group Verification Progression VPO Level Hardware Emulation Hardware / Firmware Verification VBU Level System Level Hardware Acceleration Chip Level Software Simulation Element Level Hardware Verification Unit Level Formal Verification Block Level VBU = Virtual Bring-Up (chip) VPO = Virtual Power-On (system) 15 © 2010 IBM Corporation
IBM Systems and Technology Group Verification Progression (1) § Block Level – Targeted “deep dive” driven by knowledge of the micro-architecture • Symmetric Multi-Threading, Aggressive out-of-order execution… – Formal/Semi-formal verification leveraged heavily at this level • Work closely with designer – documentation may be lacking – Small size proofs, Controllability corner cases Design-Under-Test Driver Block Level entity. . end. . . ; architecture. . . Checker end. . . Testbench 16 © 2010 IBM Corporation
IBM Systems and Technology Group POWER 7 Core Block Diagram 6 instructions Global Completion Table Instruction Dispatch Instruction Decode 8 instructions Instruction Fetch Buffer Branch History Table Branch Information Queue Branch Issue Queue Branch Execution Unit Condition Register Issue Queue CR Execution Unit Instruction Cache Return stack Count Cache Instruction Translation Branch Prediction VSX / FP / DFP / VMX / FX / LSU Unified Issue Queue Dual FP VSX Execution Unit FX Execution Unit 16 B Store Reorder Queue VMX Permute Execution Unit DFU Decimal Execution Unit FX Execution Unit LS / FX Execution Unit 16 B Store Data Queue 32 -entry Segment Lookaside Buffer 512 -entry Translation Lookaside Buffer (TLB) Data Translation Data Cache VMX Compute Execution Unit Eight instructions (SLB) Load Reorder Queue LS / FX Execution Unit Predecode 32 KB, 4 -way 32 KB, 8 -way Second level translation 16 B store data 32 B cache sector Advanced Data Prefetch Engine Translation Data 256 KB, 8 -way L 2 Cache Load Miss Queue (outside the core) Memory subsystem 17 © 2010 IBM Corporation
IBM Systems and Technology Group Verification Progression (2) § Functional Units – Biased random tests directly against unit interface • Transaction-, Instruction-based – Formal/Semi-Formal verification applied selectively at this level • Well-documented / simpler interfaces, reusable drivers / checkers • Reference model-based end-to-end check • Fixed- / Floating-point Unit, Memory Controller… IEEE Floating Point Spec FLAVOR Unit Level Block Level Floating Point Unit (FPU) Full Proof (dataflow) FLAVOR: FLo. Ating-point Verif Envi. ORment 18 © 2010 IBM Corporation
IBM Systems and Technology Group FPU Datapath Verification Operands § Checks numerical correctness of FPU datapath – E. g. , Fused-multiply-add (FMA) instruction: A*B + C § A “driver” issues an instruction into real, reference FPUs – Restricted to a single instruction issued in an empty FPU Reference FPU Real FPU = § A “checker” compares the results of the two FPUs for equality § Provides complete datapath coverage – Remaining verification resources may focus on other aspects C. Jacobi, K. Weber, V. Paruthi, and J. Baumgartner, “Automatic formal verification of fused multiply-add FPUs, ” DATE 2005 19 © 2010 IBM Corporation
IBM Systems and Technology Group Verification Progression (3 & 4) § Element and Chip Level – Transactions, pre-generated test programs (out-of-memory) – (Semi-) formal verif used to verify multi-unit/core interactions, architectural aspects… • Reuse RTL models with suitably abstracting blocks/units with behaviorals • Multi-unit models with “heavy black-boxing” • Hangs, stalls, bus protocols, arbitration… Chip Level Chiplet Element Level Perv Core Unit Level Block Level 20 Perv Nest Unit 1 Unit 2 Unit 3 Unit 4 © 2010 IBM Corporation
IBM Systems and Technology Group Arbitration / Deadlock Verification r 0(t) Random number generator r 1(t) r 2(t) § LFSR-based (random-priority) arbiters are used extensively – Large programmable configurations manifests as tough bugs – Liveness insufficient, request-to-grant bound crucial performance aspect 0 1 2 3 4 5 . . . Arbiter 0. . . … . . . Arbiter 1. . . Arbiter 2. . . 15 § Developed reusable method to quantify fairness properties 1 – Decouple fairness and arbitration logic and check each independently § Evolved a generalized bug hunting technique 2 – Property strengthening to infer underapproximate abstractions 1. K. Kailas, V. Paruthi, B. Monwai, “Formal Verification of Correctness and Performance of Random Priority-based Arbiters, ” FMCAD 2009 2. G. Auerbach, F. Copty, V. Paruthi, “Formal Verification of Arbiters using Property Strengthening and Underapproximations, ” FMCAD 2010 21 © 2010 IBM Corporation
IBM Systems and Technology Group Verification Progression (5) § System Level – Pre-generated test-programs • Multiprocessor models/tests • I/O chips interactions, asynchronous aspects – Formal methods applied to study chip interactions • Dedicated models, high level analysis… System Level Chip Level Element Level • Traffic flow, asynchronous interfaces, timing protection windows, deadlocks… P 7 P 7 P 7 Unit Level Block Level 22 © 2010 IBM Corporation
IBM Systems and Technology Group Protocol Analysis (B) Snoops command (C) Observer (A) Issues command § Standard approaches ineffective for verification of system-level aspects § Automated protection time window calculation for bus protocol – Enumerate chip interactions via geometry and routing constraints § High-level (mathematical) analysis of potential deadlocks – Analyzed message routing, arbitration deadlocks M 1 Wait for M 2 Wait for M 3 Wait for § High-level protocol modeling and model checking 1 – Murphi model of on-chip interconnect protocol 1. X. Chen, S. German, and G. Gopalakrishnan, “Transaction based modeling and verification of hardware protocols, ” FMCAD 2007 23 © 2010 IBM Corporation
IBM Systems and Technology Group Verification Progression (6 & 7) § VBU (virtual bring-up) Level VPO Level VBU Level – On-the-fly generated test-programs (H/W exercisers) – Bootstrap model from undefined initial state • POR, RAS verification System Level § VPO (virtual power-on) Level Chip Level Element Level – Initial Firmware Loading • Hardware/firmware interaction verified Unit Level Block Level 24 © 2010 IBM Corporation
IBM Systems and Technology Group Pervasive Logic Verification § Logic to provide reliability, availability, and serviceability (RAS) features – Intertwined with the mainline function – Spans block, unit, element, chip boundaries – Tough to verify – large design slices, sequentially deep logic, etc. – Scan, BIST, trace and debug, power-on-reset, power management… ETS ETR EAF – Applied extensively at various levels of the hierarchy – Expose the logic of interest and delete irrelevant logic EAF CPU CPU CPU Node 1 § FFV has demonstrated strength to verify pervasive logic EAF Node 2 Node 3 ETR: External Time Reference ETS: External Time Source EAF: ETR Attachment Facility T. Gloekler et. al. “Enabling large-scale pervasive logic verification through multi-algorithmic formal reasoning. ” FMCAD 2006. 25 © 2010 IBM Corporation
IBM Systems and Technology Group Quality Refinement Process VPO Level VBU Level Because controllability, state coverage is higher, and cost of a bug is lower, at lower levels : § Every major bug find at higher level is treated as escape of lower level System Level § Lower level team gets feedback to reproduce problems Chip Level Element Level – Harden lower level environments – Reproduce with targeted block-level checkers • Proof with (semi-) formal verif environments Unit Level Block Level 26 © 2010 IBM Corporation
IBM Systems and Technology Group Outline § Topics § Context: High-end Server Microprocessors and Systems Formal H/W Acceleration § Results Verification Simulation § Formal Verification Methodology – Verification Technology / Progression – Integrated Approach – Sequential Equivalence Checking § Future Directions 27 © 2010 IBM Corporation
IBM Systems and Technology Group Integrated Approach: Design i 1 § Assertion-based Verification (ABV) Designer-level Verification (DLV) . . . in – Require designers to capture assumptions as verif objects (checkers) • Accelerated debug, faster IP integration, documentation… MUX o . . . s 1 sn One-hot – …and perform basic verification leveraging those • High ROI: Improved productivity / cost / schedule, efficient use of resources – Reuse events (checkers, coverage) • Proof design events with FV FV events / assumptions cross-checked Simple Driver Assertions Vhdl Enables Integrated Checking Complete Driver Enables Stimulus Simulation H/W Accel Semi- Formal Verification Assertion-Based Verification Designer-Level Verification Block-Level Verification 28 © 2010 IBM Corporation
IBM Systems and Technology Group Integrated Approach: Verification § Better synergy with other verification disciplines – Formal plans drawn collaboratively with design and simulation teams – Optimized testplans via detailed reviews with simulation team • Unified view of verification “coverage” inclusive of simulation and formal § Formal team project manages global plan/priorities/resources – In consultation with design and verification leadership § Minimize duplicate work in verif disciplines Book verification of logics in formal – LRUs, Debug Bus, Mux-based networks… 29 © 2010 IBM Corporation
IBM Systems and Technology Group High-level Modeling Support entity e 1 is port (i 1: in std_ulogic_vector(0 to 3); we, re: std_ulogic; o 1: out std_ulogic_vector(0 to 3)); end; § Raise level of abstraction of the testbench specification § Provide rich set of convenience functions as VHDL support library § Parameterized functions encapsulate commonly used logic constructs architecture e 1 of e 1 is signal ff: hl_fifo(0 to 3)(0 to 3)); begin process (ALL) begin if (we = '1') then fifo_push(ff, i 1); end if; if (re = '1') then fifo_pop(ff, o 1); end if; end process; end; – Clocks generation (e. g. , oscillator), edge detection (falling, rising) – Vector processing functions – one hot, parity, hamming distance… – Waveform drivers (wave, pulse), counters, delays, FIFO… § PSL (VHDL) events managed as part of unified event management support 30 © 2010 IBM Corporation
IBM Systems and Technology Group Outline § Topics § Context: High-end Server Microprocessors and Systems Formal H/W Acceleration § Results Verification Simulation § Formal Verification Methodology – Verification Technology / Progression – Integrated Approach – Sequential Equivalence Checking § Future Directions 31 © 2010 IBM Corporation
IBM Systems and Technology Group Equivalence Checking – Combinational vs. Sequential Equivalence Check Logic 1 § Method to assess I/O equivalent behavior of two designs init Combinational Equivalence Check (CEC) d 1 ? == init s d 1 Logic 1 0? d 1 Logic 2 0? d 2 § Requires 1: 1 state elements mapping § Cannot handle sequential behavior • Validates next-state functions and outputs w/r/t cutpoints – may cause false mismatches § Well-established technology 32 init {x 0, x 1, …} Logic 2 d 2 Sequential Equivalence Check (SEC) Logic 1 x Logic 2 init {0, 0, …}? d 2 § Supports arbitrary design changes (I/O equivalent) • Obviates need for 1: 1 latch/hierarchy corresp • Retiming, power saving, redundant logic… § Explores sequential behavior of the designs • Computationally more complex than CEC © 2010 IBM Corporation
IBM Systems and Technology Group Sequential Equivalence Checking Set-up Information from designer: Process outputs: OLD Design Simulation Assertions Sixth. Sense Sequential Equivalence Checker NEW Design Initialization Data Input Constraints Initialized OLD Design Inputs Cross-checked With simulation Proof of Equality Mismatch Trace Debugged by designer Outputs =? Initialized NEW Design § SEC leveraged effectively to verify non-functional design transformations – Technology made available in the hands of designers • Push-button set-up automatically applies clock / pervasive settings – Retiming, backward-compatibility (mode bits), clock-gating, etc. § Proof conversion of external IP to IBM clocking / latching methodology § Enabled key methodologies as a reasoning engine – Clock-, power-gating verification 1, soft errors… 1. C. Eisner, A. Nahir and K. Yorav, “Functional verification of power gated designs by compositional reasoning, ” CAV 2008 33 © 2010 IBM Corporation
IBM Systems and Technology Group Sequential Equivalence Checking – Hierarchical Decomposition Cross-checked with simulation Lower levels black boxed Chip Unit 1 . . . Unit m different at each level Wrapper 1 Macro 2 Macro 3 Design hierarchy . . . Macro n Lower levels black boxed Leaf level Constraints/ Reset files § End-to-end SEC process used to verify (entire) design remaps – Invaluable productivity advantage • No simulation Huge resource savings, fast turnaround § Hierarchical decomposition starting at macros all the way to chip level – Allow designers to deal with logic partitions they are familiar with § Avoid potential tool (Sixth. Sense) capacity issues – RTL hierarchy offers “natural” boundaries – any level (e. g. group of blocks) 34 © 2010 IBM Corporation
IBM Systems and Technology Group Outline § Topics § Context: High-end Server Microprocessors and Systems § Formal Verification Methodology 35 Formal H/W Acceleration § Future Directions Simulation § Results Verification © 2010 IBM Corporation
IBM Systems and Technology Group Formal Application Results: POWER 7 § Largest and most successful ever application of formal on any IBM project – Applied at various hierarchies spanning all areas of the chip • Significant progress in designer owned FV environments – Found large numbers of documented and undocumented bugs • Many hard-to-hit-in-sim bugs § Developed new (reusable) techniques to verify different logics – Arbitration, LRUs, Linked Lists, ECC… § Synergistic application as a mainstream verification technology § Technology of choice to root cause lab bugs, and verify fixes thereof – Large numbers found as quick extensions of existing FV environments § Leveraged Sequential Equivalence Checking extensively – Run by designers / end-to-end process, verify external IP, new methodologies… 36 © 2010 IBM Corporation
IBM Systems and Technology Group POWER 7 Documented Defects Code / Design Review Formal Verification* Unit Verification Element Verification Chip / System Mainline Verification Performance Verification Chip Pervasive Verification Other Verification * Does NOT include SEC defects and bugs found by designers leveraging FFV 37 © 2010 IBM Corporation
IBM Systems and Technology Group Outline § Topics § Context: High-end Server Microprocessors and Systems § Formal Verification Methodology 38 Formal H/W Acceleration § Future Directions Simulation § Results Verification © 2010 IBM Corporation
IBM Systems and Technology Group Scaling Formal Testbenches § Wide-spread adoption of FV requires scalability to simulation-sized testbenches – Easier to specify well-documented functional units vs. components thereof • Simpler (constraints-based) drivers – higher productivity – Synthesizable testbenches – reuse / portable across verification disciplines – System level issues a big concern in multi-processor systems • Simulation cannot produce traffic seen by the real system Driver Block 1 Checker (Properties) Block 2 Driver Block 2 Checker (Properties) (Sub-) Unit Driver Block 1 Block 2 Driver Testbench Components Design Components 39 Block 1 Checker (Properties) Block 2 Checker (Properties) © 2010 IBM Corporation
IBM Systems and Technology Group Verification Templates § “Template” is a blueprint to verify a certain type of logic – A cook-book approach / recipe to check complex RTL implementations – Predictable, portable, repeatable, teachable… – FPU: Architecture-based case-splits against reference model → Reusable – L 2, MC, LSU, ISU…? Functional Verification Testbench Driver, Checker We’re broken here We had great Success here Abstracted Model Logic Design (e. g. , VHDL) e. g. out-of-order pipe, cache-coherency protocol, muxout <= gate_and(cond, d 1(0 to 63)) or gate_and(not cond, d 2(0 to 63)); C. Jacobi, “Formal Verification in Industry – Current State and Future Trends, ” FMCAD 2006 40 © 2010 IBM Corporation
IBM Systems and Technology Group Verification of Complex Math Functions Modulo reduction state diagram idle Input A & N § Combine high-level decision procedures and bit-level solvers Theorem proving combines results 001 Shift amt calc ACL 2 Theorem Prover Property Compilation 008 Checker/ Driver 020 Property True/False Subtract while shifting DUT If N > A Other Decision Procedure Align data Bit-level solver 200 Debug trace Result = A mod N – Decompose check into invariants proven of each state transition with a bit-level solver, and combine results using a theorem prover to prove desired property – Powerful ally to verify wide range of complex math functions • FP Division, Sqrt, Cryptography Asymmetric Math Functions (AMF) such as Modular Reduction… J. Sawada and E. Reeber, “Acl 2 six: A hint used to integrate a theorem prover and an automated verification tool, ” FMCAD 2006 J. Sawada, “Automatic verification of estimate functions with polynomials of bounded functions, ” FMCAD 2010 41 © 2010 IBM Corporation
IBM Systems and Technology Group Formal Design § Correct-by-construction design – Leverage FV feedback early in design process • Proof high-level specification and verify implementation against it – Develop a rich set of assertions during design process • Verified of the specification as well as the implementation Schematic Equiv Check Optimized RTL Equiv Check High-level Model Parser Theory solver 42 Specialized theory © 2010 IBM Corporation
IBM Systems and Technology Group Extensions Core #1 Core #2 L 2 / L 3 Cache Core #8 . . . . L 2 / L 3 Cache Fabric § Create automated reusable IP / methodologies MC MC – “Off-the-shelf” implementation agnostic (library of) checkers 1 – Characterize logics with functional and/or structural properties • Employ vacuity and mutation coverage concepts to gauge effectiveness § Leverage FV to check aspects beyond functional verification – Verification transcends logic function – performance, throughput, power… • Verify arbiter performance, throughput across (asynchronous) interfaces – Employ FFV and SEC as general purpose reasoning engines • SEC – infer clock-gating opportunities, soft-error analysis, sequential synthesis… • FFV – optimize data structure logic (e. g. size, area), infer machine settings… G. Auerbach, H. Chockler, S. Moran and V. Paruthi, “Functional vs. Structural Verification – case study, ” Submitted to DATE 2011 43 © 2010 IBM Corporation
IBM Systems and Technology Group Conclusion § FV has matured to become a core verification discipline – Integrated approach with design + verification – Leverage by the masses § FV has had a significant and measurable impact – Improved design quality minimize bug escapes to silicon – Boost design and verification productivity § Formal Application is evolving towards a broader and strategic focus – New application domains, reusable verification IP, innovative solutions – Aided by improved speed and capacity of formal and semi-formal toolset § Large-scale application of Formal Verification is a fact! 44 © 2010 IBM Corporation
IBM Systems and Technology Group Acknowledgements § Methodology – Wolfgang Roesner – Klaus-Dieter Schubert – Jason Baumgartner – Ali El-Zein § Execution – Gadiel Auerbach – Mark Firstenberg – Paul Roessler – Jo Lee – Shiri Moran – David Levitt – Fady Copty – Steven German – Krishnan Kailas – Jun Sawada 45 © 2010 IBM Corporation
IBM Systems and Technology Group 46 © 2010 IBM Corporation
Viresh Paruthi, IBM Systems and Technology Group, Austin TX, USA 23 October 2010 Back-Up © 2010 IBM Corporation
POWER 7: Verification Overview Different Timescales Hardware Accelerator SMT 4 Testcase Generation Sequential Equivalence Checking Chip/System Pervasive FXU L 2 End. Points Formal Verification PC Coverage L 3 Constraint Random Verification Perv. Network VSU/DFU Interconnect Access IFU MCU Bridge LSU IO Pwr. Mgmt. Ctrl Result Prediction 48 System Bringup (HW/SW Co-Simulation) Nest Structural Checking Chip Bringup (BIST, Clock control, Power-On Reset, . . . ) Core © 2010 IBM Corporation
Case-Splitting 49 © 2010 IBM Corporation
Скачать презентацию Viresh Paruthi IBM Systems and Technology Group Austin
ee1d4dfa845a30945ecbd19718b21a70.ppt