Professional Documents
Culture Documents
Unit3 Concepts
Unit3 Concepts
Functional Verification
Design verification tools include simulation tools but are not limited to them
Clearly, simulating a gate network or HDL code (design models) is a way to check if
they do what we intent, but more and more, simulation is not enough and other
approaches are required to cope with current design complexity.
As previously mentioned, functionality is not the only design specification that has to
be verified. In addition, questions like will the circuit work at the required clock
frequency? should be answered before the circuit is fabricated. Also power or signal
integrity are a concern in many current applications.
Design verification tools are not only used to validate design specifications. For
example, the analysis performed to validate timing constraints (like operating
frequency) can be also used for design exploration. That is, different designs could
be compared using design verification (or analysis) tools.
There are two main types of approaches concerning how the verification is carried out. It is
distinguished between tools and methodologies based on simulation, which is called dynamic
verification, and static verification methods which are not.
Simulation
Basically, what a simulation does is providing the output of a design model for a given set of inputs
(simulation stimulus or stimulus in the following). From this output, the design parameter of interest is
extracted.
For example, if maximum propagation delay is the target, the simulator is used to obtain the output
response, delays are measured by identifying when output changes with respect to the input change
causing it, and the highest one is selected.
The stimulus to be applied depend on what we want to verified. That is, on the design parameter that
we are going to extract from the simulation.
The design model and the stimulus can be described at different levels of abstraction defining
different types of simulations.
Static
The main characteristic of static methods is that they are input independent. No stimulus generation
is required. This is attractive because selecting/generating suitable stimulus for a simulation can be
difficult in complex designs.
There are static approaches which work with a single design representation and others that work with
two representations (usually with different level of abstraction: RTL behavioral HDL code versus
synthesized circuit, schematic versus layout…) to determine whether they are coherent.
An example of static tool is Static Timing Analysis (STA). It can be used to evaluate the maximum
propagation delay. Unlike the simulation approach to this task, previously described, neither stimulus
need to be provided by the designer, nor a measuring step is required. STA is covered in Unit 5.
Design verification can be hardware assisted. Basically two sceneries are identified.
We identified several design verification tasks in the digital flow described in Unit 1. These verification
activities occur in different moments of the design flow:
• Functional verification is carried out after HDL coding
• Both functional and timing verification have sense after logic synthesis or after physical design
(place & route) has been realized.
• In addition, analysis tools are also applied inside optimization tools.
In the rest of this unit, we focus on functional verification, a major component of digital design
projects. It is time-consuming for today complex systems and it is reported, in various industry
surveys to be the largest step in completing a new design.
1.- Simulation based which requires stimulus generation and inspection of results.
2.- Formal Verification which eliminates problems associated with stimulus generation. The
designer writes properties the design must fulfil and the tool comes up with a Yes/No answer
for every property the design is being checked for.
3.- Assertion based verification which adds monitors to the design to increase its
observability and/or controllability
1.- Simulation based which requires stimulus generation and inspection of results.
2.- Formal Verification which eliminates problems associated with stimulus generation. The designer
writes properties the design must fulfil and the tool comes up with a Yes/No answer for every
property the design is being checked for.
3.- Assertion based verification which adds monitors to the design to increase its observability and/or
controllability.
Assertions can be validate either dynamically (in a simulation environment) or statically (using formal
tools)
This section focuses on simulation based verification from the point of view of methodology.
Material on how it is implemented using Verilog is also available (see Writing Verilog Testbenches in the
Examples and Tutorial Section).
The goal of functional verification can be simply stated: to prove that the design functionality is the intended
one. To achieve this goal four components are required:
1. Determine what the design has to do according to its specification (the intent)
In some cases, when it is possible to specify the functions that the device must perform, the intent may be
obvious. For complex digital systems, even the intent may not be clear.
In simulation based verification, these four components are carried out into a simulation environment.
From the point of view of how they are defined different approaches are:
Exhaustive
Apply all input combinations for a combinational circuit or checking experiment
(travels every state and state transition) for a sequential circuit.
Directed test
For example, write test to exercise the complete set of operations intended for a
register.
Random
Captured
This figure from synopsys clearly shows that constrained random verification is
much more efficient than writing directed tests.
Time savings in verification is achieved using the former.
Higher fraction of functionality verified (higher design quality) with constrained
random stimulus generation versus directed approach with same time effort.
The critical role of coverage metrics is now well recognized and a coverage-driven
verification methodology has arose.
The outstanding point is that well known code coverage metrics are not longer
considered enough. The main drawback is that they do not prove that a design is
correct as it can be easily understand by means of this simple example consisting in
the statement a <= b op c.
Functional Coverage
The basic idea under this concept is:
Assertions are used as monitors looking for bad behaviour, but they may be used
to create an alert for desired behaviour as well.
Assertion Coverage
Going back to FSM used as a first example of using assertions. In order to prove in
simulation that, assertion “When reset is activated, state must be idle within two
cycles” is false, the stimulus would need to put the state machine into St4 and then
activated the reset condition for multiple cycles. If the assertion does not fail, it may
mean that the logic is valid, or it may mean that there was insufficient stimulus.
This Section focuses on Equivalence Checking (EC). The first two slides place EC
in the general context of design verification methods.
EC is a formal verification approach. Formal techniques mathematically prove the
functional correctness of a design.
The two more advanced formal verification methods are EC and Property Checking.
See also Tutorial B. Verification using equivalence checking Section
EC fits into a design process exactly the same way a logic simulator fits when it is
used for regression testing. Specifically, any time you make a non functional change
to a design, you can use EC to prove that the implementation is still functionally
equivalent to the reference.
Introduction
In this Section, we introduce a new approach to addressing the functional
verification challenge, known as assertion-based verification, which provides a
unified methodology for unambiguously specifying design intent across multiple
verification processes.
Assertions for this design using English could look like this:
Reset Sequences
The previous slide showed an example in which the reset behaviour of the design was checked.
As in that example, often controllers have a resetting sequence that with certain sequence of inputs,
the machine ends up in a certain state regardless of what state it starts from. Assertions can be used
to verify these reset sequences.
There are other design features that are typically verified using assertions:
Initial resetting
For verification of many sequential circuits, it becomes necessary to check for resetting the circuit
using a synchronous or asynchronous reset input.
Implication
There are many assertions that can be made about the relationship of signals. Some examples are:
For a finite state machine.- if current state is state3 and input x is 1, the z output is 1 (1)
For a bus protocol.- Grant must be activated within n cycles of a request (2)
Note that in the previous statements used as examples of assertions there are both logical and
temporal components. We can think in logical components as equations (boolean equations). For
example, in (1), if current state is state3 and input x is 1 is a logical component.
Temporal components specifies under what time constraints the equation is expected to hold true.
For example in (2), within n cycles is a temporal component.
Valid states
In sequential circuit, testing it often becomes necessary to check for the machine´s valid states. In
other words, check that the machine never enters invalid states.
Once having introduced the concept of assertion, the next question is how can we implement them.
Designers historically had the ability to craft assertions using both the Verilog and VHDL design
languages. Lacking an assertion statement, the Verilog designer used a conditional statement to
trigger the output of an error message. The VHDL designer used the assert statement inherent in
VHDL to check for the violation of a condition and to output a message.
However a public, HDL library of pre-packaged and pre-verified assertions is now available.
This initiative began with the realization that:
• An standard method of defining more complex assertions was needed.
• A method was needed that could be used and understood by designers in different groups, at
different sites, and at different companies.
• Furthermore, a consistent specification mechanism was needed for both simulation and formal
tools.
This Open Verification Library (OVL) started as a donation by Verplex Systems of an assertion library
for open source standardization.
Concurrent: describe more complex expressions that span time and are triggered relative to a clock
edge
Check at each clock Edge that a y b are not both equal to 1. It is equivalent to:
Implication operators
LHS |-> RHS Overlapping implication - The RHS is evaluated from the same cycle LHS is true
LHS |=> RHS Non-overlapping implication - The RHS is evaluated one clock cycle after LHS is true
Example of “covergroup”
Taken from https://www.chipverify.com/systemverilog/systemverilog-covergroup-coverpoint
Mode can take 4 different values. Two of them (0 and 1) have been reached during the simulation.
Since covergroup monitorizes mode (coverpoint), Coverage is 50%
This is a very simple example many more sophisticate ones can be creted in SV
(weighted distributed, bidirectional constraints…)
In the following example variable data is randomized uniformly
This is an example of an interface. Signals associated to this interface are clk, data
and enable. Modport indicates the direction. Since they passed to different
components (DUT and TB in the code below), different direction can be defined for
each signal.
This is an example of a clocking block. Input enable is sampled 3ns before clock
event (positive edge) and output data is driven 2ns after the posedge of clk
As described in assertion section, the first step to solve that problem using a open
source library (OVL). The next step was extending Verilog.
UVM scoreboard:
Receives data item’s from monitor’s and compares with expected values.