Beruflich Dokumente
Kultur Dokumente
eetasia.com | EE Times-Asia
Data can change between
clock domains, with ability to ad-
just to the phase and frequency
drift between the two clocks. Data
must be transferred through the
elasticity buffer without corrup-
tion even when the design allows
clocks that are not fully synchro-
nized. An example of a functional
bug in this case could be buffer
overflow due to data changing
when clocks’ active edges are
aligned. It may require enormous
amounts of simulation and con-
sideration of all possible input
scenarios to model and simulate
this faulty behavior.
High-level requirements
Many companies have adopted an
assertion-based verification (ABV)
methodology to reduce the time
spent in verification while improv-
ing their overall verification effort.
However, basic adoption of ABV Figure 2: Here’s a closer look at the requirements and RTL assertions.
is typically focused on localized
RTL implementation-specific as- covered by a particular assertion requirement, the root cause of complete. Furthermore, since
sertions, which are used in simula- or requirement. The higher up the high-level requirement viola- engineers have to define and
tion. The aggregate of all internal the Y axis we move, the more tion can be traced. For example, generate a significant number of
assertions will not characterize or design space is covered by the if the FIFO were contained within input scenarios, they are focusing
fully specify a block’s end-to-end high-level requirement. There is the cone-of-influence for the their effort on how to break the
behavior as defined by the micro- high value in proving these high- high-level requirement, the un- design not on what the design is
architecture. Furthermore, these level requirements for a number derflow condition that caused supposed to do. Formal verifica-
localized assertions are not reus- of reasons: the high-level requirement to fail tion, on the other hand, is math-
able when the design implemen- • High-level requirements cor- would be detected. ematical, exhaustive and allows
tation changes. In other words, relate to the requirements in An ideal formal verification the engineer to focus solely on
by specifying a block’s required micro-architecture. tool requires capacity in order intent or “What is the design’s cor-
black-box behaviors through • High-level requirements corre- to exhaustively explore all pos- rect behavior?”
end-to-end properties, high-level late to the set of output check- sible input scenarios as well as The effort spent in verification
assertions (which we refer to as ers in a testbench. controllability and visibility at any implementation involves defining
high-level requirements in this ar- • High-level requirements cover arbitrary point within the design multiple input scenarios as part of
ticle) provide a much higher cov- the same design space as hun- (Table 1). JasperGold, for example, the test plan, creating a functional
erage of the design’s functionality, dreds of lower-level assertions employs high-performance and coverage model, developing a
and they are often reusable across that the engineer thought to high-capacity formal verifica- testbench, creating input stimulus
various design implementations write. tion technology to exhaustively generators, writing directed tests,
and multiple projects. More im- • High-level requirements cover verify that blocks meet high- as well as the effort to run the
portantly, by formally verifying a the design space that was not level requirements derived from tests, analyze the coverage met-
block’s set of high-level require- covered by missing lower-level the micro-architecture. It uses rics, adjust the stimulus genera-
ments, one can achieve significant assertions that the engineer mathematical algorithms so no tors to target unverified portions
gains in verification completeness neglected to add. simulation testbench or stimulus of the design, and then iterate on
and productivity. Hence, high- is required. this process. In contrast, a pure
level formal verification eliminates As an example of the last formal verification methodology
the need for block-level simulation point, assume the design con- Conclusion that focuses on proving a block’s
and dramatically shortens system- tains a FIFO, and the engineer Formal verification requires you end-to-end, high-level require-
level verification. Let’s take a closer neglected to write an assertion to think differently. For example, ments directly corresponding to
look at high-level requirements, as to check that the FIFO never simulation is empirical i.e. you use the micro-architecture specifica-
shown in Figure 2. underflows. This safety violation trial and error to try to uncover tion, enables users to dramatically
The Y axis represents level would be identified by a high- bugs that can take an intractable increase a project’s design and
of abstraction while the X axis level requirement. However, by amount of time to try all possible verification productivity while
represents the amount of design formally verifying the high-level combinations. Hence, it is never ensuring correctness.
eetasia.com | EE Times-Asia