QU22 DESIGN AND VERIFICATION™ DVCDDN CONFERENCE AND EXHIBITION

### UNITED STATES

## The Best Verification Strategy You've Never Heard Of

David Aerne, Amir Attarha, Harry Foster, Kurt Takara

Siemens EDA





## Introduction

Harry Foster









# The Crisis





## Productivity Gap

1997 SEMATECH sets off an alarm about the Design Productivity Gap

- IC manufacturing productivity gains increased 40% CAGR
- IC design productivity gains increased 20% CAGR



Design Productivity Gap solved through EDA improvements and IP Reuse



A more ominous productivity gap has emerged with respect to verification









## IC Verification & Validation Cost by Process Feature Size



Source: IBS Report, Design Activities and Strategies Implications, July 2020



DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



## Mean Peak Number of Engineers on an ASIC/IC Project

Design engineers has increased by 32%, verification engineers has increased by 143%.



Mean Peak Number of Engineers on ASIC/IC Projects

Source: Wilson Research Group and Mentor, A Siemens Business, 2020 Functional Verification Study



DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



## ASIC Number of Required Spins Before Production



Number of Required ASIC Spins Before Production

Source: Wilson Research Group and Mentor, A Siemens Business, 2020 Functional Verification Study



DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



## Number of Non-trivial FPGA Bug Escapes into Production



Number of Non-trivial Bug Escapes into Production for Previous FPGA Project

Source: Wilson Research Group and Mentor, A Siemens Business, 2020 Functional Verification Study



DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



## ASIC Completion to Project's Original Schedule



Actual ASIC design completion compared to project's original schedule

Source: Wilson Research Group and Mentor, A Siemens Business, 2020 Functional Verification Study



DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



# The Problem





## Separation of teams

- Ensure an independent interpretation of the specification that would assist in flushing out design errors
- Increased complexity of verification environments required unique engineering skills



• Fallacy that quality can be verified into a product







### Quality cannot be inspected into a product; it must be built into it.



W. Edwards Deming Father of Statistical Process Control







## Cost Multipliers

Finding and Fixing a Bug at Various Development Stages for a 5 nm ASIC



# The Prescription





## Improve RTL Quality While Reducing Bug Density with Intent Focused Insight

## Design+Intent







## Three Pillars of a Design+Intent Methodology





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



# Bug Prevention through HLL Design 15-50 Bugs per 1000 Lines of Code

### 100 lines of HLL is equivalent to 1000 lines of RTL

### Expect a 10x reduction in the average number of bugs

### 1–5 bugs for HLL design vs. 15–50 bugs for equivalent RTL design







# Closing The Verification Gap





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



## Beyond Verification: The SoC Lifecycle









## Siemens EDA Whitepaper:

Out of the Verification Crisis: Improving RTL Quality



#### Executive summar

A verification crisis is upon us that will not be solved solely through improvements in verification methodologies and techniques. The solution requires a holistic and philosophical change in the way we approach design with a foundation based on bug prevention. Our proposed first step in implementing this change tightly integrates static analysis into the design process, resulting in a decrease in bug density, which has a positive impact on downstream processes and consequently reduces cost.

Harry Foster - Siemens Digital Industries Software

https://resources.sw.siemens.com/en-US/white-paperout-of-the-verification-crisis-improving-rtl-quality









## Produce

Produce correct intent by construction

### David Aerne







## Addressing the Productivity Gaps

### • High-Level Synthesis (HLS)

- Design at a higher level of abstraction
- Rapid architecture exploration
- Target Technology Library to meet PPA goals
- High-Level Verification (HLV)
  - Using known and trusted techniques
  - Speedup compared to RTL
  - Efficient & Predictable post-HLS RTL verification signoff





## HLS for Rapid Algorithm to HW

- Accelerate design time with higher level of abstraction
  - 5-10X less code than RTL
  - Faster verification cycles, 30-1000x compared to RTL
  - New features added in days not weeks
- Quickly evaluate power and performance of algorithms
  - Rapidly explore multiple options for optimal Power Performance Area (PPA)
- Enable late functional changes without impacting schedule
  - Algorithms can be easily modified and regenerated
  - New technology nodes are easy (or FPGA to ASIC)









## HLS synthesizes C++ and SystemC to RTL

- SoC design is complex, one challenge is timely creation of optimal hand-crafted RTL
- Alternatively, HLS to produce correct-by-construction RTL







### **Demonstration Vehicle** Digital Pre-Distortion (DPD) concept





Time, temperature, frequency variant characteristics

- Difficult to model. Need physical component to . know real algorithm performance
- Simulation slow, does not parallelize ٠
- Multiple PA types, constantly evolving
- High bandwidth validation require high data rates ٠

Linearization bandwidth depends on data rates. Low prototype speed increases risk in ASIC

SIEME





SYSTEMS INITIATIV

### **Demonstration Vehicle** Digital Pre-Distortion (DPD) design + tb



Multi-block design •

Bottom-up approach

Assemble at DPD top



DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



## Quickly Simulate Real HW Behavior in C++/SystemC

#### Many various implementations for DPD

- How to know which is best suited for application?
- Model bit-accurate precision in C++
  - Directly measure and observe the effects of quantization
  - Not limited to power-of-two bit-widths
  - Plug back into environment for verification

#### Rapid simulation of true hardware behavior

- 30x to 1000x faster than RTL
- Simulate in minutes/hours vs. hours/days/weeks



#### Horizon Robotics

"Advantage is ability to compare C reference model with HLS C HW model"







## Bit-Accurate Date Types are a necessity

Required as modeling actual hardware

- Choice between AC Datatypes and SystemC, both are public domain
  - <u>https://hlslibs.org</u>
  - https://github.com/accellera-official/systemc/
- HLS Designers generally prefer AC types, even for SystemCHLS
  - AC types simulate faster than SystemC types, even in SystemC Designs
    - Especially the Fixed-Point types
- Include optional rounding and saturation modes



|          |                                                        |                | DPD     |
|----------|--------------------------------------------------------|----------------|---------|
| // Data  | types                                                  |                |         |
|          | ac fixed<12,1,true>                                    | IO FXP TYPE;   |         |
| typedef  | ac fixed<12,1,true,AC RND INF,AC SAT>                  | IO FXP TYPE RM | ND SAT; |
| typedef  | ac_complex <i0_fxp_type></i0_fxp_type>                 | I0_TYPE;       |         |
| typedef  | ac_complex <i0_fxp_type_rnd_sat></i0_fxp_type_rnd_sat> | IO_TYPE_RND_SA | AT;     |
| - dealer |                                                        |                |         |

'src/dpdTypedefs.h" 239 lines --13%--



DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



## HLS IP Libraries

Provide needed productivity gain

- HLS Designers rely on pre-established IP libraries
  - AC Math synthesizable C++ operations common in DSP applications
  - AC DSP synthesizable C++ objects for common DSP operations
- AC Math, AC DSP and AC ML are all public domain
  - <u>https://hlslibs.org</u>
- Customizable
  - Data type support built-in
  - PPA tradeoffs



class complexAbs\_c{
 public:
 complexAbs\_c(){}
 ABS\_TYPE calcAbs(I0\_TYPE &inputSample){
 ABS\_TYPE\_TEMP absSampleTemp, tempForSqrt = inputSample.mag\_sqr();
 ac\_math::ac\_sqrt\_pwl(tempForSqrt, absSampleTemp); // sqrt()
 ABS\_TYPE absSample = (ABS\_TYPE\_SAT)absSampleTemp; // Rnd&Sat
 return(absSample);
}

src/dpdDemo.h" 622 lines --4%--



DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



## HLS Makes PPA Goals Achievable

- Loop optimizations
  - Unrolling
  - Pipelining
  - Automatic merging
- Scheduling
  - Automatic timing closure based on target technology

- Register and Resource sharing
  - Automatic lifetime and mutual exclusivity analysis and optimization





30 DESIGN AND VERIFICA CONFERENCE AND EXHIB UNITED STAT

## HLS Builds Complex Multi-block Systems

- HW architectures often require multiple concurrent processes to meet performance
- Untimed HLS Builds Parallel Concurrent Processes from Sequential C++ Classes
  - Easy to design and debug
- Connect HLS blocks together using channels
  - Channels mapped to fifo's in post-HLS RTL







## C Design Checker

Static & Formal analysis to find issues early

- Quickly and easily find coding bugs and errors in HLS source before synthesis or simulation
- Some C++ language behavior can be too ambiguous for describing hardware
  - Leads to mismatches between C++ and RTL sim
  - Inefficient to debug in dynamic RTL simulation
- Collection of Quality of Results (QofR) checks, static lint checks, and formal property checking
  - e.g. Out of bounds array reads and writes (ABR, ABW) and uninitialized memory reads (UMR)







Protect



**Produce** 

•



## C Design Checker

- Results on DPD from running "Sim Mismatch" and "QofR" modes
- Reports analyzed within the Catapult GUI
  - Violations are cross-linked to design source
- Template Waiver File is automatically generated
  - Can be edited and reused for future runs
  - Can also specify waivers directly in source
- Constraints supported as 'assume' pragmas

| esign_C                                                   | 2.5                                                                  | ot<br>1 An 19 9 (*                       | Goto line                                                                                                                                                                                        |  |
|-----------------------------------------------------------|----------------------------------------------------------------------|------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|
| 91<br>92<br>93<br>94<br>95<br>96<br>97<br>98<br>99<br>100 | FATAL<br>Errof                                                       | i                                        | <pre>fatal, 2 error, 0 warning, 0 info)  zed Memory Read - 2  #pragma hls_unroll yes DELAY_LINE_AP:for(int i=0; i&gt;0; i){     shiftReg[i] = shiftReg[i-1];   }   shiftReg[0] = paInput; </pre> |  |
| 101                                                       | 83<br>84<br>85<br>86<br>87<br>88<br>89<br>90<br>91<br>92<br>93<br>94 | FATAL<br>ERROR<br>WARNING<br>CNS - Const | if(is_pos_def){                                                                                                                                                                                  |  |

Clean HLS design source results in less debug of post-HLS RTL







## Properties in HLS

Deploy properties to catch issues early

- Catapult HLS supports immediate assertions & cover properties
  - HLS C++ and SystemC
- Properties are propagated from HLS source to RTL
- Assertions in generated RTL
  - SVA, PSL, or OVL

```
#include <ac assert.h>
#pragma hls design top
uint16 alu(uint8 a, uint8 b, opcode t
opcode) {
   uint16 r = 0;
   switch(opcode) {
    case ADD:
      r = a+b;
      break;
    case SUB:
      assert(a>=b); // no negative results
      r = a-b;
      break:
    case DIV:
      assert(b!=0); // no divide-by-zero
      r = a/b;
      break;
  // Cover all of the possible opcodes
  cover((opcode==ADD));
  cover((opcode==SUB));
  cover((opcode==DIV));
  return r;
```

Applying common RTL debug and verification techniques to HLS design source





## Metric Driven Dynamic HLV

- Supported in a wide range of tb environments
  - C++, OSCI, MATLAB<sup>®</sup>, Python, SV/UVM, etc.
- Using known and trusted verification techniques
  - Supporting wide range of verification requirements
- DUT at a higher level of abstraction
  - Fewer lines of code
  - Simulations run faster
- Re-use for predictable and efficient post-HLS RTL signoff



## Google

"99% of the functional bugs found in (HLS-ready) C++ before running any RTL simulation" Hot Chips 2021 https://hc33.hotchips.org/





## C Coverage RTL-like coverage for HLS Design Source

- Bring RTL coverage into HLS world
  - C++ and SystemC design source
- Match coverage concepts from RTL
  - Statement, branch, expression
  - Functional coverage including covergroups, coverpoints, bins and crosses
- HLS-aware code coverage
  - Function inlining
  - Loop unrolling
  - Array access coverage

| overage Summary By Instanc |          |             |            |          |
|----------------------------|----------|-------------|------------|----------|
|                            |          |             |            | Ξ        |
| Instance 🛧                 | Branches | Expressions | Statements | Tota     |
| Search 🔻                   | Search 🔻 | Search 🔫    | Search 🔻   | Search 🔻 |
| Total                      | 75.3%    | 66.66%      | 93.44%     | 78.47%   |
| \dpdDemo_c::run#0          | -        | -           | 100%       | 100%     |
| \applyPredistortion::run#0 | 58.82%   | 100%        | 86.6%      | 81.8%    |
| \dpdTraining::run#0        | 87.23%   | 60%         | 98.55%     | 81.92%   |

| overgroups Coverage(80%)    |        |      |        |      |          | •        |
|-----------------------------|--------|------|--------|------|----------|----------|
|                             |        |      |        |      | Ē        | ¥ =      |
| Covergroups                 |        | Bins | ŀ      | lits | Misses   | Coverage |
| Search 🔻                    | Search | Ŧ    | Search | Ŧ    | Search 🔫 | Search 🔻 |
| ApplyPredistortion_c::apply |        | 14   |        | 10   | 4        | 80%      |
| MyCCoverGroup inst          |        | 14   |        | 10   | 4        | 80%      |





## Verification Coverage Closure Achieve coverage closure on HLS design source

- Unified Coverage Database (UCDB)
- Coverage analysis, report generation, exclusion development
- Test merging & ranking, test plan integration and tracking











## Catapult High-Level Synthesis & Verification Comprehensive flow providing needed productivity gains

HLL and HLS to design bit-accurate HW. DPD HLS 600 lines of code thus > 10x reduction compared to Verilog RTL

HLV using known and trusted approaches for functional verification of HLS source. DPD HLS sims > 300x speedup over RTL

Efficiencies gained by designing and verifying via HLL. Productivity gains via faster and predictable post-HLS RTL verification signoff









# Prove

Prove intent is met

### Kurt Takara







### Simulate RTL until you're done\* The verification methodology you <u>have</u> heard of

#### System design and HW/SW interaction

Unanticipated HW/SW interface bottlenecks Datapath and dataflow inconsistencies Power management functions

#### **Functional errors**

Incorrect implementation of specified algorithms or architecture Unintended functional interactions Initialization issues

#### Issues not found in simulation

Asynchronous crossing issues Trojan attacks and hidden functionality Implementation issues

#### **Construction errors**

Register specification and construction/connection errors Interconnect issues Clocking, testing

#### **Coding errors**

Syntax, style, semantics, structural issues Cut-and-paste creation errors Simple mistakes

\*What "done" means Is an entirely different topic



Simulation-based Verification

DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



Using intent-focused insight flushes issues before simulation Reduce bug density with a non-simulation verification methodology





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022

**Meets intent** 



### Static code analysis finds mistakes without testing Code analyses find RTL issues early, ensure highest quality code into verification







SYSTEMS INITIATIVE



Linting analyzes RTL statically, finding issues quickly without simulation Find & fix syntactic, semantic, stylistic and structural issues early during design

- Static analysis
  - Fast, requires no input apart from RTL
- Semantic issues do the elements make sense in context?
  - Unsynthesizable code, simulation/synthesis mismatch risks, improper assignments, etc.
- Structural issues do the elements form a coherent whole?
  - Width mismatches, unreachable or dead FSM states, latch inference, dead code, inconsistent clock/reset styles
- Stylistic issues do the elements meet coding style requirements?
  - Adequate commenting, naming conventions, unused objects, maintainability





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



Lint



Advanced Linting identifies issues based on deep formal design knowledge Code analyses find RTL issues early, ensure highest quality code into verification

### Statically-detectable design issue

```
case (qstate)
3'b001: if (en) dstate = 3'b010;
else dstate = 3'b001;
3'b010: dstate = 3'b100;
3'b100: if (rtn) dstate = 3'b100;
else dstate = 3'b100;
default: dstate = 3'b001;
endcase
```

• Both next states of if-else are the same

### Formally-detectable design issue

```
case (qstate)
3'b001: if (en) dstate = 3'b010;
else dstate = 3'b001;
3'b010: dstate = 3'b100;
3'b100: if (rtn) dstate = 3'b001;
else dstate = 3'b100;
default: dstate = 3'b001;
endcase
```

• Formal analysis will exhaustively determine if rtn can ever be 1





- Verify if X values propagate to initialized registers and other control logic
  - FSM's, outputs, clocks, resets ...
    - Can be customized with SVA properties
  - All X sources are considered
    - Find and fix X source bugs, report all uninitialized registers
  - X accurate analysis (no optimism)
- Flow











- Verify if X values propagate to initialized registers and other control logic
  - FSM's, outputs, clocks, resets ...
    - Can be customized with SVA properties
  - All X sources are considered
    - Find and fix X source bugs, report all uninitialized registers
  - X accurate analysis (no optimism)





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



- Verify if X values propagate to initialized registers and other control logic
  - FSM's, outputs, clocks, resets ...
    - Can be customized with SVA properties
  - All X sources are considered
    - Find and fix X source bugs, report all uninitialized registers
  - X accurate analysis (no optimism)





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



- Verify if X values propagate to initialized registers and other control logic
  - FSM's, outputs, clocks, resets ...
    - Can be customized with SVA properties
  - All X sources are considered
    - Find and fix X source bugs, report all uninitialized registers
  - X accurate analysis (no optimism)





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



- Verify if X values propagate to initialized registers and other control logic
  - FSM's, outputs, clocks, resets ...
    - Can be customized with SVA properties
  - All X sources are considered
    - Find and fix X source bugs, report all uninitialized registers
  - X accurate analysis (no optimism)





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



- Verify if X values propagate to initialized registers and other control logic
  - FSM's, outputs, clocks, resets ...
    - Can be customized with SVA properties
  - All X sources are considered
    - Find and fix X source bugs, report all uninitialized registers
  - X accurate analysis (no optimism)





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



Using intent-focused insight flushes issues before simulation Reduce bug density with a non-simulation verification methodology





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022

**Meets intent** 



A CDC is the transit of a signal or group of signals from one clock domain to another



- 1. The design has missing or incorrect synchronizers
- 2. The design does not adhere to the required CDC protocols to ensure correct data transfer
- 3. The design does not account for non-deterministic delays through synchronizers







A CDC is the transit of a signal or group of signals from one clock domain to another



- 1. Complete structural analysis to find all synchronizers
- 1. The design does not adhere to the required CDC protocols to ensure correct data transfer
- 2. The design does not account for non-deterministic delays through synchronizers







A CDC is the transit of a signal or group of signals from one clock domain to another



- 1. Complete structural analysis to find all synchronizers
- 2. Automated assertion-based verification to ensure correct implementation of CDC protocols
- 1. The design does not account for non-deterministic delays through synchronizers



DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



A CDC is the transit of a signal or group of signals from one clock domain to another



- 1. Complete structural analysis to find all synchronizers
- 2. Automated assertion-based verification to ensure correct implementation of CDC protocols
- 3. Accurate simulation of metastability effects in synchronizers to predict true silicon behavior







### Why does a crossing protocol matter? Adding or checking for a synchronizer across every CDC isn't enough

- Synchronization between clock domains requires a transfer protocol
  - To ensure that data is predictably transferred between domains
  - Simplest example: Stability check on input to 2-DFF synchronizer
    - Signal must be held stable long enough in the transmitting clock domain
- These protocols must be verified
- When protocol is violated
  - Data can be lost
  - Simulation may not show a failure
  - Silicon implementation will eventually fail!







How much of the protocol can be verified without simulation? As many crossings as possible are verified without a testbench



SYSTEMS INITIATIVE

DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022 DESIGN AND VERIFICATION CONFERENCE AND EXHIBITION UNITED STATES

### What is a reset domain crossing (RDC)?

An RDC is the transit of a signal or group of signals from one reset domain to another



| Reset Condition                           | Clock condition                     | Result                            |
|-------------------------------------------|-------------------------------------|-----------------------------------|
| rst1 and rst2 are asynchronous            | clk1 and clk2 are same domain       | violation                         |
| rst1 and rst2 are asynchronous            | clk1 and clk2 are different domains | caution – CDC verification needed |
| rst1 and rst2 follow ordering constraints | NA                                  | evaluation                        |



DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



Using intent-focused insight flushes issues before simulation Reduce bug density with a non-simulation verification methodology





**Correct-by-construction** 

DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022

**Meets intent** 



### Review design construction integrity with interconnect verification Verify the correctness of connectivity in the design



- Endless applications: pin muxes, power rails, clock trees, etc.
- Both functional and structural connectivity checked
- Checks include: connect, conditional, constants, delays, etc. •
- ASIC and FPGA designs from block to SoC level verification



PHY

Protocol

Master IF

USB

SlavelF

Memory

DMA

Ethernet

Master IF

AMBA APB

AMBA AHB. AXI

CPU

**Aaster** 

CPU

Arbiter

PHY Custom

Core

Slave IF

Bridge

PCI

Express



Ensuring register implementation correctness and construction is vita Consistency between spec and implementation aids working systems downstream

- Verify memory mapped register implementation matches the specification
  - IP-XACT, UVM, and other custom specs
  - Front door and back door
  - Common interfaces supported, can be customized





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



Using intent-focused insight flushes issues before simulation Reduce bug density with a non-simulation verification methodology





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022 Meets intent

### Operational assertions enable verification of conformance to specification A timing diagram can be transcribed to assertions for formal verification

- Capture your design functionality as a set of operations
  - Start state, i.e. a starting condition
  - Trigger condition event that triggers the operations
  - Expected output behavior
  - End state
- Use standard languages to write operational assertions
  - TiDAL : OneSpin SystemVerilog library
  - Allow timing diagram style assertions
  - Generate proof or CEX for operational assertions
- Enable Operational Assertion Based Verification
  - Ensure verification completeness
  - Automatically detect gaps between operations







Verification against specifications can find unanticipated functionality Processor verification confirms implementation against ISA



DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022

SYSTEMS INITIATIVE



# Processor trojan verification shifts from verifying what is to what isn't Extending a GapFree analysis to processor verification finds what shouldn't be there

- Benefits
  - Detects errors and inconsistencies in the specification
  - Prove 100% equivalence between specification and implementation
  - Demonstrates absence of bugs/Trojans/ambiguities
- Successes
  - Paper "Complete Formal Verification of RISC-V Processor IPs for Trojan-Free Trusted ICs" presented at GOMACTech 2019 identified bugs reported on GitHub (Discovered CEASE instruction – a "trojan kill switch" to those without knowledge)









Using intent-focused insight flushes issues before simulation Reduce bug density with a non-simulation verification methodology





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022

**Meets intent** 



### Verifying the implementation matches the original intent is critical Example: Synthesis (or other implementation stages) can compromise a clean RTL design



- Synthesis can break corrective circuitry or add surprise paths
- MUX used at RTL for CDC crossing
- Synthesis tool may implement combinational logic which produces glitch
   X+!X or X&!X
- Potential chip failure issue if glitch is caught by the receiving flip-flop





### Equivalence checking flows for FPGAs finds implementation-caused issues Check for combinational and sequential equivalence from Golden RTL through final

- FPGA Specifics
  - Fixed interconnect grid, LUTs, shift registers, block RAMs, configurable DSP blocks, etc.
  - Many timing, fan-out, capacity restrictions
  - Synthesis maximizes utilization by register duplication, retiming, and other sequential optimizations



FPGA synthesis tools balance logic between LUTs to improve QoR





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



Using intent-focused insight flushes issues before simulation Reduce bug density with a non-simulation verification methodology





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022

**Meets intent** 

**Retains intent** 

### Revisiting the verification methodology you <u>have</u> heard of Static and Formal capabilities enable cleaner RTL into simulation-based verification

### System design and HW/SW interaction

Unanticipated HW/SW interface bottlenecks Datapath and dataflow inconsistencies Power management functions

### **Functional errors**

Incorrect implementation of specified algorithms or architecture Unintended functional interactions Initialization issues

#### Issues not found in simulation

Asynchronous crossing issues Trojan attacks and hidden functionality Implementation issues

#### **Construction errors**

Register specification and construction/connection errors Interconnect issues Clocking, testing

#### **Coding errors**

Syntax, style, semantics, structural issues Cut-and-paste creation errors Simple mistakes

\*What "done" means Is an entirely different topic



DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022

## SIEMENS



Simulation-based Verification

# Protect

Protect intent throughout development lifecycle



### Amir Attarha







## Veloce emulation and prototyping

A complete and integrated verification and validation platform





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



## Scalable Veloce Architecture for HW-Accelerated Verification





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022 73 DESIGN AND VERIFICATION DESIGN AND VERIFICATION CONFERENCE AND EXHIBITION UNITED STATES

### Veloce Accelerates Progress Cycle



Fast Design Download irrespective of design size (2 minutes)

1M cycle ready in 5 minutes irrespective of design size

# SYSTEMS INITIATIVE

DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



## Veloce Strato: Architected to scale

- Low latency, high bandwidth channel
- Independent co-model channel for each AVB
- Concurrent execution of TB, Comm, DUT
- Directly impacts on these use models
  - Virtual environments
  - Time to visibility and debug
  - Simulation acceleration and coverage closure
  - Monitors/trackers for data collection
  - Power trend analysis and measurements
  - Data analytics

No performance-throughput degradation with capacity scaling







# Clock frequency vs. throughput: An important HAV system attribute

Emulator clock is easy to report, but everyone knows that the real measure of verification throughput is <u>wall-clock time to execute customer workloads</u>

| Design/Test        | Competition<br>Off-The-Shelf FPGA-based Emulator<br>Reported Average Clock: 2.0 MHz | Veloce Strato<br>Reported Average Clock: 632 KHz |
|--------------------|-------------------------------------------------------------------------------------|--------------------------------------------------|
| Design #1          | 8 min                                                                               | 9 min                                            |
| Design #2, Test #1 | 6 min                                                                               | 2 min                                            |
| Design #2, Test #2 | 26 min                                                                              | 22 min                                           |
| Design #3, Test #1 | 6 min                                                                               | 2 min                                            |
| Design #3, Test #2 | 27 min                                                                              | 23 min                                           |
| Design #4, Test #1 | 7 min                                                                               | 2 min                                            |
| Design #4, Test #2 | 29 min                                                                              | 25 min                                           |

Veloce Strato's superior system architecture delivers more SW-driven workload performance even when the competition reports faster clock speed!

|                   | Competition<br>Off-The-Shelf FPGA-based Emulator | Veloce Strato |
|-------------------|--------------------------------------------------|---------------|
| Compile Time      | 12 Hrs                                           | 3 Hrs         |
| Debug (1M Cycles) | 30 min                                           | 2 min         |







## Ensuring optimized and productive debug with Veloce Strato

### Fast 100% visibility built-in

- Always available for every compile
- No model performance impact
- No capacity impact
- No probes

#### AutoUpload for long simulation time captures

- 1 Million cycle upload in 5 mins
- Unlimited trace depth for full debug
- Scalable, independent of design size

### LiveStream with marching waves

• Leverage multiple co-model channels

### **Advanced debug Flows**

- Checkpoint Save & Restore
- Backup Replay etc.

#### **Protocol analyzer**

- Virtual and ICE
- All major protocols

### Triggers (no recompile needed)

### Virtual FSDB support (Verdi)

### 1 million cycles with full visibility takes 5 minutes irrespective of design size







### Design and verification milestones



SIEMENS

2022



## Veloce providing a <u>complete and integrated</u> solution 'right tool for the right task'



DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of March 2022 | © Siemens 2022

SYSTEMS INITIATIVE

DESIGN AND VERIFICATION DVC ON CONFERENCE AND EXHIBITION UNITED STATES

# Satisfying SW workload and benchmark requirements with Hardware-Assisted Verification (HAV)

#### Software, Workload-based requirements

- Long software sequences take extensive verification cycles to complete
- From boot-sequences to benchmarks

#### Power and performance analysis

- Accurate power/performance analysis during workload and benchmark cycles requires:
  - Visibility to power activity
  - Accurate analysis
  - Comprehensive debug tools

### Size and complexity of SoCs and Systems

- Billion-gate designs and rapidly growing
- Latest AMD 3<sup>rd</sup> Gen EPYC as an example of SOC size and complexity













### Enabling analysis & insights based on real workloads and benchmarks





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



# Veloce Apps offering Broad portfolio of Apps to address specific verification needs

March 2022 | © Siemens 2022

SYSTEMS INITIATIVE

|                               | Power App     | Early power profiling, analysis, metric tracking and UPF verification |
|-------------------------------|---------------|-----------------------------------------------------------------------|
| 79577/17                      | Coverage App  | Accelerate code and functional coverage closure                       |
| Veloce Apps                   | Assertion App | Efficient debug of design violations using SVA                        |
| rise<br>Per DFT Deterministic | DFT App       | Accelerate validation of zero-delay patterns prior to tape out        |
| ICE                           | Fault App     | Accelerate functional safety and ISO 26262 certification              |
| <b>SO</b> 26262               | De-ICE App    | Repeatable debug for non-deterministic ICE environments               |
|                               | ES App        | Efficient job scheduling and management of Veloce HW                  |
|                               | Codelink App  | Deterministic and non-intrusive offline SW-HW co-debug                |
|                               | HYCON App     | Configurable hybrid, high-speed, ready-to-use SoC reference platform  |

## Veloce Codelink App

### **RTL Driver/Firmware development and debug**

- Built-in PC Trace Monitor, Reg/Mem Visualization
- SW Coverage data

### **Enables efficient sharing of emulation resources**

- Multiple software engineers debug offline in parallel
- Freeing up valuable Emulator resource

### **HW/SW Correlation**

- Correlate between events in HW and SW executing
- Power/performance
- Waveforms and protocol analyzer

### **Deterministic and Non-intrusive Debug**

 with unique forward and backward execution via replay functionality

### SW Code Coverage and SW Performance Profiling







## Veloce Power App: Real scenario and workload-based power analysis *Early power trend analysis, estimation and sign-off power*



# Summary

### Harry Foster







# Three Pillars of a Design+Intent Methodology





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



# Three Pillars of a Design+Intent Methodology









## Catapult High-Level Synthesis & Verification Comprehensive flow providing needed productivity gains



HLV RESULTED IN TWO ORDERS OF MAGNITUDE SPEEDUP IN SIMULATION EFFICIENCIES GAINED BY DESIGNING AND VERIFYING VIA HLL. PRODUCTIVITY GAINS VIA FASTER AND PREDICTABLE POST-HLS RTL VERIFICATION SIGNOFF

¥= ∕⊼







# Three Pillars of a Design+Intent Methodology





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



Using intent-focused insight flushes issues before simulation Reduce bug density with a non-simulation verification methodology







# Three Pillars of a Design+Intent Methodology





**Protect** 



SYSTEMS INITIATIVE



Protect Intent Throughout the Development Lifecycle Emulation is critical in the age of SoC verification and validation





DVCon US | Tutorial: The Best Verification Strategy You Never Heard Of | March 2022 | © Siemens 2022



The Best Verification Strategy You've Never Heard Of

Q&A







# Disclaimer

© Siemens 2022

Subject to changes and errors. The information given in this document only contains general descriptions and/or performance features which may not always specifically reflect those described, or which may undergo modification in the course of further development of the products. The requested performance features are binding only when they are expressly agreed upon in the concluded contract.

All product designations may be trademarks or other rights of Siemens AG, its affiliated companies or other companies whose use by third parties for their own purposes could violate the rights of the respective owner.





