Bypass logic verification is a common and difficult challenge for modern VLSI design that arises in the verification of CPU, GPU, and networking ASICs. Get it wrong and/or miss a bug in the bypass logic and whole system can simply freeze.
Fortunately, the 2012 DAC User Track Best Presentation award-winning paper titled "Deploying Model Checking for Bypass Verification" by engineers from Cisco and Oski Technology (full citation below) describes an easily replicated, nearly push-button flow that does not require users to put in a lot of effort to write complex input constraints. And full disclosure: they used my favorite combined simulation+formal tool, Incisive Enterprise Verifier (IEV)!
The paper was presented by Vigyan Singhal, Oski Technology CEO (right). Here are my highlights of this ground breaking work:
* Again, it bears repeating that the flow they created is nearly push-button since it does not require users to put in much to effort to write complex input constraints. Their creativity is particularly impressive since the DUT is a bear, with a tough-to-verify, 25-deep bypass logic schema.
* In a nutshell, their technique was to use the DUT itself as a reference model based on the fundamental principal of bypass logic: whether the bypass is active or not, the results should be the same regardless. In this case, the input commands to the reference model (1st DUT instance) have been separated by 25 cycles where the bypass logic is inactive. However, the challenging twist is that input commands to the 2nd DUT instance are randomly separated by anywhere from 1 to 24 cycles.
* Another key factor to their success was using "memory random" as a simple abstraction of the design depth. This allowed the tool to concentrate on the key elements of the DUT/state space.
* Bottom-line: they achieved phenomenal results, with 10 bugs found in this already heavily simulated IP. Indeed, many corner cases they reached with formal would have been practically impossible to reach with only a constrained-random, simulation-based testbench given the permutation of command-combinations, the number of cycles that each command pair was spaced out, etc.
* Although they didn't go into this in the paper, speaking with the authors afterward I learned that IEV was also used to generate "formal environment coverage" to give them the confidence that the design was well covered given the verification depth.
If you are tasked with bypass verification in any way, I strongly recommend that you to review this paper. It will give you a lot of food for thought in general, and there is high probability that the methodologies they used can apply to your project as well. The paper is available at the Oski Technology web site.
Finally, congratulations to all the paper's authors for their well-deserved award!
Darrow ChuSr. Sales Technical LeaderFor Team Verify
Reference Info: the paper's complete citation8U.2 - Deploying Model Checking for Bypass Verification
This paper describes how we applied model checking, a formal verification approach, to establish correctness of the bypass logic in our design and how we found corner case bugs that are almost impossible to find with simulation. We used the RTL design both as the DUT and as a component of the reference model in the formal verification setup and experimented with different initialization approaches. Further, by adopting end-to-end verification, we saved time on writing and verifying complex functional constraints. Since bypass logic is prevalent in many processor and networking designs, we believe our methodology will benefit such designs.
Vigyan Singhal - Oski Technology, Inc., Mountain View, CA
Prashant Aggarwal - Oski Technology, Inc., Gurgaon, India
Michelle Liu - Cisco Systems, Inc., San Jose, CA
Wanli Wu - Cisco Systems, Inc., San Jose, CA
Photo by Joe Hupcey III
Great Post! I appreciate this post as its very interesting and informative.... keep posting regarding the same.....