nicolae tusinschi, product specialist design verification
TRANSCRIPT
Verification Beyond the CoreAccelerate SoC Verification
Nicolae Tusinschi, Product Specialist Design Verification
| Confidential | © 2021 OneSpin SolutionsPage 2
Outline
1. Accelerate SoC Verification
a) Complexity and Criticality
b) Automation is Key
2. PULPino
a) A Single-Core SoC
b) Getting the Targets Right
3. Deployment of OneSpin Formal Suite
a) OneSpin 360 DV-Inspect
b) OneSpin VIPs and Unique Specialized Apps
4. Next Challenge: HERO Platform
a) The Interconnect Challenge
b) Formal Connectivity – Level XL
5. Summary
| Confidential | © 2021 OneSpin SolutionsPage 3
Wherever IC Integrity Matters, You’ll Find UsOneSpin targets critical hardware verification challenges
Functional CorrectnessRigorous coverage-driven functional
verification from block to chip,
leveraging formal technology
SafetySafety analysis and higher diagnostic
coverage to meet strict certification
requirements
Trust and SecurityAutomated detection of RTL Trojans
and hardware vulnerabilities to
adversary attacks
Design Exploration
Protocol Violations
Integrate Formal/Sim Coverage
End-to-End User Assertions
HLS/SystemC Verification
Synthesis/P&R Errors
FMEDA of Complex SoCs
Failure Mode Distribution
Avoid Excessive Fault Simulations
Measure Diagnostic Coverage
ISO 26262 Compliance
Tool Qualification
Denial of Service
Data Leakage
Privileges Escalation
Data Integrity/Confidentiality
Hardware Backdoors
Hardware Trojans
OneSpin 360® Formal Platform
Heterogeneous Computing
OneSpin Solutions and Services
Thorough verification of
complex SoC platforms
used for 5G wireless, IoT,
and AI applications
Automotive and IndustrialSystematic bug elimination
and metrics on proper
handling of random errors in
the field
RISC-VEfficient and complete
verification, including
custom extensions.
Compliance to ISA.
RISC-V
| Confidential | © 2021 OneSpin SolutionsPage 4
Outline
1. Accelerate SoC Verification
a) Complexity and Criticality
b) Automation is Key
2. PULPino
a) A Single-Core SoC
b) Getting the Targets Right
3. Deployment of OneSpin Formal Suite
a) OneSpin 360 DV-Inspect
b) OneSpin VIPs and Unique Specialized Apps
4. Next Challenge: HERO Platform
a) The Interconnect Challenge
b) Formal Connectivity – Level XL
5. Summary
| Confidential | © 2021 OneSpin SolutionsPage 5
SoC Complexity and CriticalityIncreased Risks: Functionality, Safety, Security
Complexity!
Capacity, Power, Performance, Flexibility
$§Reliability? Threats!
| Confidential | © 2021 OneSpin SolutionsPage 6
Systematic Verification FlowRequirement tracing and coverage of paramount importance
Req1 Feat1 Feat1.1 Goal1 Directed Test
Code Coverage
Functional Coverage
Feat1.2 Goal2
Assertion Passing
Feat1.3 Goal3
Goal4
Assertion Coverage
Coverage Models & Database
Formal
Coverage
Simulation Debug
Verification Plan
Testbench Assertions
Coverage
Requirements Specification
Implementation Plan
Individual requirements broken down into features,
implementations, verification goals, and metrics
| Confidential | © 2021 OneSpin SolutionsPage 7
Accelerating the Design Verification FlowClean integration is key for efficient verification
Requirements
Spec
Verification
Plan
Implementation
IP Plan
Design
Specs
Design Flow
Integration
Verification
• Ensuring reliable integration of design IP accelerates verification
• Many SoC issues can be solved quickly using formal apps
• Range of DV apps packaged in DV-Verify
• Capability provided for custom apps
| Confidential | © 2021 OneSpin SolutionsPage 8
Automated Formal Apps
• Solve complex, error-prone verification issues
• Exhaustive testing without significant simulation effort
Automatically solve tough verification problems
OneSpin Apps
Periphera
l
L2 CacheDSP Controller
Fast Bus
Algorithm
HW Accelerator
μP Support HW
& RAM / ROM
Security Sub-system
Custom
Device
Network on Chip
μP
Core
μP
Core
μP
Core
μP
Core
Chip
Activation / Safety Checks
Scoreboard
Protocol Compliance
Register Checking
Connectivity Checking
Floating-Point Verification
Processor Integrity
Coverage Closure Accelerator
Verification Planning Integration
Verification Coverage Integration
| Confidential | © 2021 OneSpin SolutionsPage 9
Outline
1. Accelerate SoC Verification
a) Complexity and Criticality
b) Automation is Key
2. PULPino
a) A Single-Core SoC
b) Getting the Targets Right
3. Deployment of OneSpin Formal Suite
a) OneSpin DV-Inspect
b) OneSpin VIPs and Unique Specialized Apps
4. Next Challenge: HERO Platform
a) The Interconnect Challenge
b) Formal Connectivity – Level XL
5. Summary
| Confidential | © 2021 OneSpin SolutionsPage 10
PULPinoParallel Ultra Low Power Platform
Open-source project started by ETH Zürich and University of Bologna
• Part of the PULP project
• Single-core SoC platform
Built for two open-source cores
• RI5CY - (32-bit, 4-stage pipeline)
• Zero-riscy - (32-bit, 2-stage pipeline)
Rich set of peripherals:
• UART
• I²C
• SPI master and slave
• GPIO
…
| Confidential | © 2021 OneSpin SolutionsPage 11
Plan Appropriately
• Identify the areas of design risk, then identify the most straightforward verification process
• Remember that simulation and formal can co-exist
Example:
Identified good targets for formal verification
• CPU
• AXI4
• APB
• I²C
• SPI
• UART
• SoC Control
• Event Unit
• GPIO
Make progress quickly
| Confidential | © 2021 OneSpin SolutionsPage 12
Outline
1. Accelerate SoC Verification
a) Complexity and Criticality
b) Automation is Key
2. PULPino
a) A Single-Core SoC
b) Getting the Targets Right
3. Deployment of OneSpin Formal Suite
a) OneSpin 360 DV-Inspect
b) OneSpin VIPs and Unique Specialized Apps
4. Next Challenge: HERO Platform
a) The Interconnect Challenge
b) Formal Connectivity – Level XL
5. Summary
| Confidential | © 2021 OneSpin SolutionsPage 13
OneSpin’s Suite of Formal Apps
• Safety RTL checks on entire SoC
• Reachability checks
RTL
Code
“Under-the-hood”
Assertion Synthesis
Str
uctu
ral
An
aly
sis
Sa
fety
Che
cks
Activa
tio
n
Che
cks
Tra
ce
&
Deb
ug
Structure
(Easy Lint)
Safety Checks
(Assertion Synthesis)
Activation
(Coverage)
Mismatch / port /
wireRuntime Errors Sim-Synth Issue Safe Function
Dead code
checks
Signal truncation /
no sink
Array / range
checksFull case
Neg / zero div, exp, rem
Arithmetic overflow
Stuck signal
(toggle test)
Sensitivity list
issues
Function without
returnParallel case X / Z resolution
FSM transitions
and states
Unused signal /
param
Signal domain
checks
Write-write race
detectArithmetic shifts MORE…
| Confidential | © 2021 OneSpin SolutionsPage 14
Periphera
l
L2 CacheDSP Controller
Fast Bus
Algorithm
HW Accelerator
μP Support HW
& RAM / ROM
Security Sub-system
Custom
Device
AXI Bus
μP
Core
μP
Core
μP
Core
μP
Core
Periphera
l
L2 CacheDSP Controller
Fast Bus
Algorithm
HW
Accelerator
μP Support HW
& RAM / ROM
Security Sub-system
Custom
Device
Network on Chip
μP
Core
μP
Core
μP
Core
μP
Core
X
x x x x
1
0
Periphera
l
L2 CacheDSP Controller
Fast Bus
Algorithm
Accelerator
μP Support HW
& RAM / ROM
Security Sub-system
Custom
Device
Network on Chip
μP
Core
μP
Core
μP
Core
μP
Core
Connectivity
OneSpin’s Suite of Formal Apps
• Protocol compliance verification
• X Checking
• Interconnect verification
• Floating-point verification
• Processor integrity verification
| Confidential | © 2021 OneSpin SolutionsPage 15
SoC Verification
• Full range of safety RTL checks• FSM Reachability analysis• Dead Code analysis• Stick Check analysis• Initialization check• Linting
• Protocol compliance for AXI4 interfaces• Protocol compliance for APB interfaces• Protocol compliance for I²C• X-Propagation checks• Interconnect verification• Floating-point verification• Processor verification
OneSpin’s suite of formal apps
| Confidential | © 2021 OneSpin SolutionsPage 16
SoC Verification
• PENABLE signal on APB interface violates address phase protocol
• Unique case statement violation results in unexpected instruction decode scenario
• Floating-point addition delivers an incorrect result for (neg_0 + neg_0)
Selection of issues detected in PULPino
| Confidential | © 2021 OneSpin SolutionsPage 17
SoC Verification
• #122: Wrong PMP CSRs value read/ written
• #132: Exception Handling Violation - mstatus’ MPP
• #136: Exception Raising Violation - Illegal Instruction - accessing debug CSRs not in debug mode
• #137: Exception Raising Violation - Illegal Instruction - compressed instruction is not valid
• #152: Exception Raising Violation - Illegal Instruction - invalid instruction decoding
Selection of issues detected in PULPino´s RI5CY core
| Confidential | © 2021 OneSpin SolutionsPage 18
SoC Verification
• #157: Exception Handling Violation - dcsr
• #159: Exception Raising Violation - Fetch/Store/Load Access
• #169: Exception Raising Violation - Illegal Instruction - dynamic rounding mode
• #170: Exception Raising Violation - Illegal Instruction - FS field
• #174: F extension - Dynamic Rounding Mode Violation
• #175: F extension - Wrong Result Calculation
• #182: Trap Return Handling Violation - mstatus’ MIE
• #185: Debug Mode Violation - Exceptions Update CSRs
Selection of issues detected in PULPino´s RI5CY core
| Confidential | © 2021 OneSpin SolutionsPage 19
Outline
1. Accelerate SoC Verification
a) Complexity and Criticality
b) Automation is Key
2. PULPino
a) A Single-Core SoC
b) Getting the Targets Right
3. Deployment of OneSpin Formal Suite
a) OneSpin 360 DV-Inspect
b) OneSpin VIPs and Unique Specialized Apps
4. Next Challenge: HERO Platform
a) The Interconnect Challenge
b) Formal Connectivity – Level XL
5. Summary
| Confidential | © 2021 OneSpin SolutionsPage 20
HEROHeterogeneous Research Platform
The base configuration of HERO for the Xilinx Zynq ZC706 Evaluation Kit features the following accelerator configuration:
• 1 PULP cluster (Mr. Wolf) comprising 8 32-bit RI5CY cores
• 256 KiB of shared L1 scratchpad memory,
• 4 KiB of shared L1 instruction cache,
• 256 KiB of shared L2 scratchpad and instruction memory,
• IOMMU with an L1 TLB of 32 variable-sized entries, and an L2 TLB of 1024 page-sized entries.
| Confidential | © 2021 OneSpin SolutionsPage 21
The Complexity ProblemWhat are the challenges?
• Large-scale SoC involves large number of hierarchy levels
• Checking connectivity between modules in large-scale SoC increases the overall runtime
• Number of connections that need to be checked reaches 1M+
• Not all connections are of direct type: they can be conditional or delayed
• Defining 1M+ connections can be time consuming; there is need to automate the specification process
| Confidential | © 2021 OneSpin SolutionsPage 22
What are the Challenges?
| Confidential | © 2021 OneSpin SolutionsPage 23
Connectivity XL™
• Formal connectivity checking flow that scales to extra-large chips
• Deliver convergent proof results in complex connectivity problems
• Exceed capacity limitations of existing flows
• Reduce the engineering effort dramatically
Key benefits
| Confidential | © 2021 OneSpin SolutionsPage 24
Connectivity XL™
-I- CheckCon - Reading CSV file 'connections.csv'...
-I- CheckCon - Rule 1: 'm:pulp_soc, clk_cluster_i, m:cluster_clock_gating, clk_i'
from 'csv/connections.csv:4’ matches 1300 connections.
Generating 1300 connectivity checks for rule 1 with condition '…'
-I- CheckCon - Rule 2: 'm:pulp_soc, CLUSTER_ID[0][0], i:*riscv_tracer_i, cluster_id[0]'
from 'csv/connections.csv:9’ matches 16 connections.
Generating 16 connectivity checks for rule 2 with condition '…'
-I- CheckCon - Rule 3: 'm:pulp_soc, clk_cluster_i, i:*cs_registers_i, csr_rdata_o[0]'
from 'csv/connections.csv:14’ matches 16 connections.
Generating 16 connectivity checks for rule 3 with condition '…'
-I- CheckCon - Generated 1332 connections for checking in total.
-I- CheckCon - Processing 1332 connections generated from file 'connections.csv'...
…
-I- CheckCon - Generated 1332 connections for checking in total.
Applying
| Confidential | © 2021 OneSpin SolutionsPage 25
Connectivity XL™
…
-I- CheckCon - Generated 1332 connections for checking in total.
…
-R- CheckCon - Summary of performed checks (hold/fail/width_mismatch/skip):(1276/56/0/0)
-R- CheckCon - Only 1276 out of 1332 signal pairs are connected as specified!
-I- CheckCon - Signal paths written to file 'connections.path'.
-I- CheckCon - Total check time: 02:02 minutes
-I- CheckCon - Summary of unconnected signal pairs:
Applying
| Confidential | © 2021 OneSpin SolutionsPage 26
Connectivity XL?Proven to support
Auto generation of connectivity tables
Huge number of hierarchy levels
Millions of RTL instances
Fast and reliable formal proofs
Thousands of connections per hour
| Confidential | © 2021 OneSpin SolutionsPage 27
Outline
1. Accelerate SoC Verification
a) Complexity and Criticality
b) Automation is key
2. PULPino
1. A single-core SoC
2. Getting the targets right
3. Applying OneSpin´s Formal Suite
1. OneSpin 360 DV-Inspect
2. OneSpin VIPs and Unique Specialized Apps
4. Next challenge – HERO Platform
1. The interconnect challenge
2. Formal connectivity – level XL
5. Summary
| Confidential | © 2021 OneSpin SolutionsPage 28
Low Effort, High Speed
• SoC can be verified exhaustively by formal means• Floating-point issue has been confirmed by PULP team
• APB issue still under investigation
• Unique case statement violation results in unexpected instruction decode scenario –potential security issue
• Approach has been applied on several SoC designs• Numerous bugs confirmed and fixed by original designers
| Confidential | © 2021 OneSpin SolutionsPage 29
IC Integrity AssuranceFunctionally correct, safe, secure, and trusted SoCs/ASICs/FPGAs
Design Integration Implementation
IC Integrity
SoC/ASIC/FPGA Verification Flow
OneSpin provides certified
IC Integrity
Assurance Solutions
to develop functionally
correct, safe, secure, and
trusted integrated circuits
Functional
CorrectnessSafety
Trust and
Security