2022 DESIGN AND VERIFICATION DVCDDN CONFERENCE AND EXHIBITION

#### UNITED STATES

#### Never too late with Formal: Stepwise Guide for Applying FV in Post-Si Phase to Avoid Re-spins

Anshul Jain, Aarti Gupta, Achutha KiranKumar V M, Bindumadhava Ss, Shivakumar S Kolar, Siva Gadey NV

Intel Corporation



### Overview of the Presentation

- Problem statement
- Proposed methodology
- Case Study
- Summary
- Questions





## Post-Silicon Design Bugs

- Embrace of formal verification grown over last decade
- Simulation still the main workhorse for pre-silicon functional sign-off







## High Stakes >>> Need Absolute Assurance

Late-stage functional bugs demands high-confidence fixes

Solution: FV -- Enable Proof-based Assurance

Challenging to apply FPV in Post-Si? Yes!







**Fape-in** 

#### Get the Myths Out of your Way!







### Stepwise Approach – UNEARTH







#### 1. Understand Problem & Collect Collaterals

Description of the failure/problem seen in post-silicon testing

Design documentation & source code files

Existing formal verification environments (if exists)

Waveform and register dumps from pre/post-silicon verif/val

Sample waveforms from pre-silicon dynamic simulations





### 2. Nail-down the Formal Property

Capture a crisp and clear description of post-silicon failure; validate with other stakeholders from design, pre-silicon verification, post-silicon validation teams

Brainstorm properties (from spec) of the DUT that could be violated in post-silicon failure; Start with general properties, move towards specific properties gradually

For example, responses should be in same order as request, buffer should always have N free entries for pointer management, preemptions should be finite

Note down properties in plain, simple, human-readable language without worrying about implementation details

Engage architects, micro-architects, to identify observation points for the property; implement them using light-weight instrumentation code and SVA





#### 3. Etch Design Boundary for Formal Search







#### 4. <u>Assess Reachability of Source of the Bug</u>







## 5. <u>Regulate Constraints (Over/Under)</u>







## 5. <u>Regulate Constraints (Over/Under)</u>



Over-constraints can be used to restrict non-participating interfaces and values of configuration registers

Constraints refinement to keep inputs relevant to failure underconstrained, may flag other failure manifestations/sister-bugs





#### 6. Tap Details from Sims for Formal Search







#### 7. <u>Harness Full Potential of Formal Technology</u>







# Case Study

Post-silicon bug in Scheduler





## Scheduler: Design & Bug Details



#### **General Functionality:**

- Predefined transformations of Packets
- Routing : Interface X -> Interface Y/Z
- Routing based on resource availability and rules

#### Verification Challenges:

• Huge Design Size: ~4M gates

#### **Bug Synopsis**



Txn C parameters overwritten by Txn D

















ETCH THE DESIGN BOUNDARY FOR FORMAL SEARCH

### Scheduler: DUT













<u>R</u>EGULATE CONSTRAINTS TO STRIKE A BALANCE B/W OVER-CONSTRAINTS & UNDER-CONSTRAINTS

#### <u>T</u>AP DETAILS FROM SIM WAVES TO START FORMAL SEARCH

Under-

counters

constraints

• Reset abstractions

on critical resource

HARNESS FULL POTENTIAL OF FORMAL TECHNOLOGY

#### Scheduler: FV Environment

Overconstraints

> Fixed Configuration Register Values
> Reduced Number of Physical Channels

A valid reset state loaded from a simulation trace (initially); Later replaced with abstraction

More properties added for full functionality check of DUT





#### Scheduler: Results

Post-silicon bug was reproduced in 4 weeks

4 other failing scenarios were detected

FV helped in determining a robust fix

Two fixes verified and compared

FV environment reused in next project as pro-active FV

Key Takeaway: Design size not a limiting factor in Post-Silicon FV





#### Summary

UNEARTH – Comprehensive guide for Post-Silicon FV

Impactful results seen in the case-study shared

Apart from this case study, several other successful applications

Simple checks can find deep issues in complex designs

Post-Silicon FV motivates transition from reactive to proactive approach

- Identifies more design candidates for FV Signoff
- Targets bug prone designs for next generations

#### Recommendation

• All post-silicon issues in control-logic should be reproduced in FV





## Questions?





# Backup

Not included in oral presentation





# Case Study

Post-silicon bug in Bridge





#### UNDERSTAND THE PROBLEM & COLLECT ALL THE COLLATERAL

### Bridge: Design & Bug Details







#### <u>N</u>AIL-DOWN THE FORMAL PROPERTY

#### Bridge: Formal Property (Checker)







ETCH THE DESIGN BOUNDARY FOR FORMAL SEARCH

### Bridge: DUT & FV Environment







<u>A</u>ssess REACHABILITY BY COVERING YOUR WAY TO SOURCE OF THE BUG

### Bridge: Helper Covers







<u>R</u>EGULATE CONSTRAINTS TO STRIKE A BALANCE B/W OVER-CONSTRAINTS & UNDER-CONSTRAINTS

### Bridge: Constraints Strategy







## Bridge: Bug Repro (1 of 6 manifestations)

|                                                                                                          | WR REQ<br>HDR DW – 0x0001_PPQQ<br>(opcode=0x01, src=0xPP, dst=0xQQ)<br>DATA DW – 0x0020_QQQQ | WR RSP (dummy)<br>HDR DW – 0x0020_QQQQ<br>(opcode=0x20, src=0xQQ,<br>dst=0xQQ) | WR REQ (loopback)<br>HDR DW – 0x0001_PPQQ<br>DATA DW – 0x0020_QQQQ<br>Supposed to be discarded by Bridge | WR RSP (actual)<br>HDR DW –<br>0x0020_QQQQ<br>To be routed to<br>mainband | WR RSP<br>(fake) | WR RSP<br>(actual) |
|----------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------|------------------|--------------------|
| e                                                                                                        |                                                                                              |                                                                                |                                                                                                          |                                                                           |                  |                    |
| , 22 m2b_vld<br>m2b_vld<br>b_ m2b rdy //                                                                 |                                                                                              |                                                                                |                                                                                                          |                                                                           |                  |                    |
| m2b_pld                                                                                                  | 0x0001_PPQQ X 0x0020                                                                         |                                                                                |                                                                                                          |                                                                           |                  |                    |
| m2b_eom                                                                                                  |                                                                                              |                                                                                |                                                                                                          |                                                                           |                  |                    |
| b2r_vld         //           o         b2r_pld           b2r_eom         //           b2r_eom         // |                                                                                              | )(0x00)(0xQQ)(0x20)(0x00)(//////)[////////////////////////////                 | /                                                                                                        |                                                                           |                  |                    |
|                                                                                                          |                                                                                              | a a a a a a a a a a a a a a a a a a a                                          | 0xQQ(0xPP(0x01)(0x00) <mark>0xQQ_(0x20)(0x00</mark>                                                      | 0xQQ (0x20(0x00)                                                          |                  |                    |
|                                                                                                          |                                                                                              |                                                                                | /                                                                                                        | / \                                                                       |                  |                    |
| b2m_vid                                                                                                  |                                                                                              |                                                                                |                                                                                                          |                                                                           |                  |                    |
| b2m_rdy                                                                                                  |                                                                                              | J.                                                                             | ]                                                                                                        |                                                                           |                  |                    |
| b2m_pld                                                                                                  |                                                                                              | //////////////////////////////////////                                         |                                                                                                          | <u>/////////////////////////////////////</u>                              |                  | 0x0020_QQQQ        |
|                                                                                                          |                                                                                              |                                                                                |                                                                                                          |                                                                           |                  |                    |





#### Bridge: Results

Post-silicon bug was reproduced in 3 engineer days weeks on 25K Gates DUT

4 new bug manifestations were detected (not yet seen in Silicon)

FV environment helped evaluating workarounds and bug-fixes

Comprehensive FV environment was created for sign-off

FV environment reused in next 2 project; Found 8 new bugs in pre-Silicon

Key Takeaway: Verifying post-Silicon bug-fixes offers huge ROI



