

## A Systematic Take on Addressing Dynamic CDC Verification Challenges

Sukriti Bisht, Mentor - A Siemens Business Sulabh Kumar Khare, Mentor - A Siemens Business Ashish Hari, Mentor - A Siemens Business







## Introduction

- CDC issues: 2<sup>nd</sup> most common reason for silicon re-spins
  - Incorrect logic propagation across CDC paths
  - Results in functional failure of design
  - Synchronizers mitigate problem but **protocols** should be followed
- Dynamic CDC Protocol Verification essential
  - Synchronizer unreliable if protocols are violated
  - Crucial to validate synchronizer protocols for reliability





SYSTEMS INITIATIVE

#### **Synchronizer Protocol Violation**

- Reliability of synchronizer depends on some assumptions or **protocols** ullet
- Example: Two DFF synchronizer protocol violation lacksquare
  - Data loss as input of two DFF synchronizer stable for less than two clock cycles
  - Data stability protocol violation (NUM CYCLES = 2)





## **Existing Verification Methodology**

- Perform static CDC analysis
- Generate assertions for protocols
   of synchronizers
- Validate assertions in formal
  - Setup design for formal
  - Perform formal analysis
- Validate assertions in simulation
  - Setup design for simulation
  - Simulate design





# Challenges with Existing Methodology

- Setup design for Formal, Simulation
  - Effort, time for translating CDC design setup to both environments
- Debug effort to review firings in Formal, Simulation
  - Technical expertise of both environments
  - False firings if errors during translating design setup
- Correlating assertions results in Formal, Simulation to CDC – Coverage, review of CDCs is cumbersome for complex crossings
- No re-utilization of benefits, efforts of Formal, Simulation
  - Simulation: More intuitive to understand but coverage issues
  - Formal: Offers exhaustive proofs but infrastructural, capacity issues



- Formal proven assertions revalidated in Simulation



## Setup, Debug Challenge (1)

• Example: False two DFF synchronizer protocol firing in Formal

- Data stability check firing due to change in value of 'ctrl\_in' signal





## Setup, Debug Challenge (2)

- False firing due to incomplete setup for Formal
  - Constant specified on input signal 'ctrl\_in' during static CDC
  - Setup issue: Constant value missing from formal setup
  - Debug effort required for false firing caused due to incomplete setup







## **Correlation Challenge**

- Formal, Simulation environments very different from CDC
- Complex synchronizers have multiple assertions
  - Treated as separate entities in Formal, Simulation but relate to a single CDC
  - Correlating results is cumbersome, time consuming
  - Errors during result correlation can lead to missed bugs

CDC



Multi-assertion Handshake synchronizer





### **Proposed Verification Methodology**

- Perform static CDC analysis
- Generate:
  - Assertions for synchronizer protocols
  - Setup for Formal
  - Setup for Simulation
- Validate assertions in formal
  - Formal analysis using generated setup
- Validate assertions in simulation
  - Simulate design using generated setup
  - Only formal non-proven assertions





### **Verification Methodology**

- Automated design setup for Formal & Simulation
  - Static analysis setup parsed & converted to constraints
- Reduced formal firing debug effort

   Unconstrained formal firings do not reflect real design behavior
- Formal & simulation results correlated to CDC paths
  - Enables faster review of CDC paths, coverage closure
  - Avoids manual correlation of assertion results required
- Leverage formal efforts in simulation
  - Formally proven assertions not exported to simulation





SYSTEMS INITIATIV

## **Correlated Results View**

- Formal, Simulation results correlated to CDC
  - Enables faster review of CDC paths, coverage closure
  - No manual correlation of assertion results required

| CDC Protocol Results |                               |               |                   |
|----------------------|-------------------------------|---------------|-------------------|
|                      |                               |               |                   |
| CDC ID               | Protocol ID                   | Formal Result | Simulation Result |
| handshake 7492       | cdc protocol.handshake 7492   | Fired         | Fired             |
| bus two dff 1183     | cdc protocol.bus two dff 1183 | Fired         | Covered           |
| handshake_5883       | cdc_protocol.handshake_5883   | Inconclusive  | Uncovered         |
| two_dff_19174        | cdc_protocol.two_dff_19174    | Inconclusive  | Covered           |
| bus_two_dff_4271     | cdc_protocol.bus_two_dff_4271 | Proven        | -                 |
| fifo_2332            | cdc_protocol.fifo_2332        | Proven        | -                 |
| two_dff_68078        | cdc_protocol.two_dff_68078    | Proven        | -                 |
| →                    | <>                            | ← →           | ← →               |
| CDC                  | Protocol Assertion Generation | Formal        | Simulation        |
| ccellera             |                               |               |                   |



#### **Comparative Results of Methodologies** (Formal)

#### FORMAL RESULTS USING EXISTING METHODOLOGY





#### FORMAL RESULTS USING PROPOSED METHODOLOGY



SYSTEMS INITIATIVE

#### **Comparative Results of Methodologies** (Simulation)

#### SIMULATION RESULTS USING EXISTING METHODOLOGY







## Conclusion

- Dynamic CDC Protocol Verification is crucial
  - CDC bugs missed if synchronizer protocols not validated
- Proposed methodology helps achieve faster design closure
  - Significant reduction in verification time, effort
  - Reduced chances of error as automated setup generation
  - Helps overcome challenges of Formal, Simulation methods
  - Enables benefit, effort utilization of both methods
  - Seamless to adopt





### **Questions**?

