Scribd Logo
Upload

Welcome to Scribd!

  • 2021 04 15 How Much Is Enough.

    Uploaded by

    Iris Diana
    2 views9 pages

    Original Title

    2021_04_15_how_much_is_enough.

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views9 pages

    2021 04 15 How Much Is Enough.

    Uploaded by

    Iris Diana

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    Certitude & Functional Verification

    Jean-Marc Forey
    Automotive Functional Safety Professional
    2021, April 15th
    CONFIDENTIAL INFORMATION
    The information contained in this presentation is the confidential and proprietary
    information of Synopsys. You are not permitted to disseminate or use any of
    the information provided to you in this presentation outside of Synopsys
    without prior written authorization.

    IMPORTANT NOTICE
    In the event information in this presentation reflects Synopsys’ future plans, such plans
    are as of the date of this presentation and are subject to change. Synopsys is not
    obligated to update this presentation or develop the products with the features and
    functionality discussed in this presentation. Additionally, Synopsys’ services and products
    may only be offered and purchased pursuant to an authorized quote and purchase order
    or a mutually agreed upon written contract with Synopsys.

    Synopsys Confidential Information © 2021 Synopsys, Inc. 2


    Functional Verification

    • Exhaustive Functional Verification is out of • The one-million-dollar questions


    reach – Is it enough?
    – Both for dynamic and formal verification – Where are the verification holes? How sever
    are they
    • Test plan, code, functional coverage are – Is there any critical bugs remaining in the
    useful but incomplete measures design?

    • Mutation testing is the most direct measure of • Really, Functional Verification is to:
    verification effectiveness – Identify design bugs
    – End to end constrained random testing of the – Mitigate risk while optimizing the costs
    verification

    Synopsys Confidential Information © 2021 Synopsys, Inc. 3


    How Much, When To Stop?

    • Multi-factor problem with unknowns


    – Cost of a verification day (hw, sw, labor)
    – Probability of presence of a critical design bug
    – Consequences of the non-discovered bugs
    – Cost and consequences of a delivery delay

    Synopsys Confidential Information © 2021 Synopsys, Inc. 4


    How Much, When To Stop?

    • Certitude was tuned to the task for years

    • Mutation testing is a good starting point


    – Direct, objective, end-to-end

    • Fault classes ordered by severity of (potential)


    verification issue
    – Top classes are highest severity
    – Correlate with risk level
    – Correlate with ease of analysis (from easiest to subtle)

    • Metric Mode
    – Statistical engine delivers overall effectiveness

    • Sign-off Mode
    – Combine metric and limited detection on the two most
    important classes

    Synopsys Confidential Information © 2021 Synopsys, Inc. 5


    Standard Synopsys Recommendations

    • Metric scores
    – Activation ratio: 95%
    – Propagation ratio: 80%
    – Detection ratio: 95%
    ÞLeads to a global ratio of ~72% (= 0.95 * 0.80 * 0.95)

    • Zero not-Detected in the first two classes


    – ie: zero Non-Detected, Non-Propagated, Non-Activated
    – Top Output Connectivity
    – Reset Condition True

    • Sign-off mode automatically handle the above


    – Automatically dig into hierarchy to identify the block with lowest metric score and highest weight

    Synopsys Confidential Information © 2021 Synopsys, Inc. 6


    Proposal for automotive designs for IPs

    • Criteria could vary with design phase (prototype or final TO)


    • Should consider ASIL level

    • Proposal (on top of the standard recommendation)


    – ASIL B:
    – Zero not Detected faults on “Internal Connectivity” nor “Synchronous Dead Assign”
    – 74% global detection ratio

    – ASIL C:
    – Minimize number of not Detected among the “Control Flow” classes (both synchronous and combo)
    – 75.5% global detection ratio

    – ASIL D:
    – 77% global detection ratio

    Synopsys Confidential Information © 2021 Synopsys, Inc. 7


    Practical Runs and Run Times

    • Certitude should be run regularly all along the verification effort

    • Run is expected to take a few hours to overnight


    – A run taking a week is the sign the setup should be improved
    – Is dropping disabled?
    – Certitude required to use full and large set of tests during detection?
    – Certitude contains several ranking features
    – Diminishing return of each additional tests; 1000 tests may not add any coverage compare to a subset of 50 tests

    • Analysis time
    – ND faults analysis in minutes, not days nor weeks
    – NP and NA faults often require designer help
    – One hour max weekly analysis session (designer+verifier)

    • For both run time and analysis, help available from DES or infineon_certitude@synopsys.com
    Synopsys Confidential Information © 2021 Synopsys, Inc. 8
    Thank You

    You might also like