Formal-Based Techniques

Formal-Based Techniques Courses

Handling Inconclusive Assertions in Formal Verification

In this course, you will be introduced to techniques to help formal tools solve inconclusive assertions. You will also learn tool options to help convergence, introduce techniques for reducing assertion and design complexity.

Formal Coverage

Formal coverage is a hot topic these days. Simulation has a number of metrics for helping determine when verification is done. These include code coverage, assertions coverage, transaction coverage, and functional coverage to name a few.

Sequential Logic Equivalence Checking

In this course, you will be introduced to the concept of sequential logic equivalence checking and its common applications. You will also learn how to start with Questa® SLEC to verify design optimization, bug fix/ECOs, low power clock gating logic, and safety mechanisms.

Power Aware CDC Verification

Reducing power consumption is essential to mobile and handheld application chips where reduced power contributes to longer battery life while minimally impacting performance. As more designs incorporate low power strategies, CDC errors are being found in the low power structures. Since low power logic is implemented late in the design cycle, these low power CDC issues are being missed by traditional CDC techniques.

Getting Started with Formal-Based Technology

This course introduces basic concepts and terminology that should be useful by any engineer wishing to mature their formal-based technology skills.

Formal Assertion-Based Verification

In this course the instructors will show how to get started with direct property checking.

Formal-Based Technology: Automatic Formal Solutions

After a brief introductory session outlining the general architecture of formal apps, in each subsequent session of the course will deep dive on a specific verification challenge and the corresponding formal application.

Clock-Domain Crossing Verification

This course introduces a set of steps for advancing an organization’s clock-domain crossing (CDC) verification skills, infrastructure, and metrics.

Formal-Based Techniques Resources

Reset Verification in SoC Designs

by Chris Kwok, Priya Viswanathan and Kurt Takara - Mentor, A Siemens Business

Today’s SoC designs integrate many design IP blocks from various providers, each with their own implementation of reset. The reset architecture of a digital design can also be very complex. Designs have multiple sources of reset, such as power-on reset, hardware resets, debug resets, software resets, and watchdog timer reset. Errors in reset design can lead to metastability, glitches or other functional failures of the system. Furthermore, complex interactions can occur with the convergence of multiple resets, multiple clocks and multiple power domains. In many cases, this leads to a reset tree that is larger and more complex than the clock tree. Many of the concerns related to clock tree synthesis and load balancing now apply to the reset tree as well. Clearly, it’s a challenge to ensure that all sources of reset propagate safely to the intended destinations under all conditions!

Debugging Inconclusive Assertions and a Case Study

by Jin Hou - Mentor, A Siemens Business

Formal assertion-based verification uses formal technologies to analyze if a design satisfies a given set of properties. Formal verification doesn’t need simulation testbenches and can start much earlier in the verification process. There are three possible results for an assertion after formal runs: “proven,” “fired,” and “inconclusive.” Proven means that formal has done exhaustive mathematic analysis and proved the design satisfies the assertion and no legal stimulus sequence can violate the assertion. Fired means that formal has found an error trace showing the assertion violation. Inconclusive means that formal has only found bounded proof result, i.e., the assertion is true for the bounded cycle, but may be true or false for longer cycles. An inconclusive result cannot guarantee the design function associated with the assertion is correct.

How Formal Techniques Can Keep Hackers from Driving You into a Ditch

by Joe Hupcey III and Bryan Ramirez - Mentor, A Siemens Business

The number one priority in vehicle security is to harden the root-of-trust; from which everything else—the hardware, firmware, OS, and application layer’s security—is derived. If the root-of-trust can be compromised, then the whole system is vulnerable. In the near future the root-of-trust will effectively be an encryption key—a digital signature for each vehicle—that will be stored in a secure memory element inside all vehicles.

Minimizing Constraints to Debug Vacuous Proofs

by Anshul Jain, Verification Engineer, Oski Technology

Most false positives (i.e. missing design bugs) during the practice of model checking on industrial designs can be reduced to the problem of a failing cover. Debugging the root cause of such a failing cover can be a laborious process, when the formal testbench has many constraints. This article describes a solution to minimize the number of model checking runs to isolate a minimal set of constraints necessary for the failure. This helps improve formal verification productivity.

Formal and Assertion-Based Verification of MBIST MCPs

by Ajay Daga, CEO, FishTail Design Automation, and Benoit Nadeau-Dostie, Chief Architect - Mentor, A Siemens Business

Built-In Self-Test (BIST) is widely used to test embedded memories. This is necessary because of the large number of embedded memories in a circuit which could be in the thousands or even tens of thousands. It is impractical to provide access to all these memories and apply a high quality test. The memory BIST (MBIST) tool reads in user RTL, finds memories and clock sources, generates a test plan that the user can customize if needed, generates MBIST IP, timing constraints, simulation test benches and manufacturing test patterns adapted to end-user circuit.

Starting Formal Right from Formal Test Planning

by Jin Zhang, Senior Director of Marketing & GM Asia Pacific, and Vigyan Singhal, President & CEO, OSKI Technology

Planning is key to success in any major endeavor, and the same is true for meaningful formal applications. End-to- End formal, with the goal of achieving formal sign-off, is a task that usually takes weeks if not months to complete, depending on the size and complexity of the design under test (DUT). Dedicating time and effort to planning is of utmost importance. While most formal engineers and their managers understand the need for formal planning, they do not know how to conduct thorough planning to arrive at a solid formal test plan for execution.

Evolving the Use of Formal Model Checking in SoC Design Verification

by Ram Narayan, Oracle

Project RAPID is a hardware-software co-design initiative in Oracle Labs that uses a heterogeneous hardware architecture combined with architecture-conscious software to improve the energy efficiency of database-processing systems. This article, adapted from a paper we presented at DVCon 2014, describes how formal methods went from being used opportunistically to a central place in the verification methodology of the RAPID SoC. Though not without a learning curve, formal did help the Oracle team achieve its verification goals of finishing on schedule and achieving first pass silicon success.

Next-Generation Power Aware CDC Verification: What Have We Learned?

Reducing power consumption is essential to mobile and handheld application chips where reduced power contributes to longer battery life while minimally impacting performance.
Download

Using Formal Verification to Check SoC Connectivity Correctness

Formal verification offers a solution that is quick, exhaustive and allows for efficient debug. It’s true that traditionally, chip-level formal verification is impractical.
Download

Planning Formal Verification Closure

This paper introduces a process (consisting of a set of recommendations) for achieving static formal verification closure.
Download

Five Steps to Quality CDC Verification

With the number of clock domains increasing in today's complex ASIC designs, the ability to thoroughly verify clock domain crossings (CDC) has become even more important.
Download

A Comparison of Metastability Modeling Methods

With asynchronous clocks common place in today's ICs, designers need a solution to verify that the design's functionality is not impacted by the non-deterministic effects of metastability.
Download

The Need for an Automated Clock Domain Crossing Verification Solution

Clock domain crossings (CDC) continue to be a trouble spot for functional verification. With the number of clock domains increasing in today's complex system designs, the ability to thoroughly verify CDC has become even more important.
Download

Formal Verification Tips for Success Seminar

Wouldn't it be great if you could begin serious verification before a testbench was available? Even better, what if your verification process gave you exhaustive results? Formal verification delivers on both counts, and today new property creation and debug capabilities enable regular engineers to make use of classical formal techniques to explore their design's behavior in an intuitive, interactive manner.

What Is CDC Protocol Verification, Prevent Bugs in Your Silicon

In this session, we discuss the pros and cons of various approaches to verifying CDC protocols and we show how Questa CDC automatically generates protocol assertions for a complete dynamic CDC verification methodology that includes simulation and formal analysis..

How to Shorten Your Schedule with Interactive Formal Debug and Design Exploration

Wouldn’t it be great if you could begin serious verification before a testbench was available? Even better, what if your verification process gave you exhaustive results? Formal verification delivers on both counts, and today new property creation and debug capabilities enable regular engineers to make use of classical formal techniques to explore their design’s behavior in an intuitive, interactive manner.

CDC Technology Tips for Success Seminar

Metastability from the intermixing of multiple clock signals is not modeled by simulation. Unless you leverage exhaustive, automated Clock-Domain Crossing (CDC) analyses to identify and correct problem areas, you will inevitably suffer unpredictable behavior when the chip samples come back from the fab. These problems are only compounded when your reset signaling network gets caught up in the mix as well. Hence, the focus of this half-day Verification Academy seminar is on how you can get the most out of automated, formal-based CDC analysis – including the latest techniques and real-world customer case studies.

Formal Verification Seminar

One of the biggest developments in the formal verification world in the past several years has been the industry-wide growth of formal-based "apps". But how do formal apps really work in practice? In this seminar you will learn how you can adopt new school formal apps for connectivity checking, accelerating coverage, mitigating X effects, securing your system and more.

New School Connectivity Checking

One of the primary goals of SoC-level verification is to ensure that all top-level connections have been made correctly. However, this is no easy task. Today's SoC designs contain large numbers of design IP blocks, interconnected through multiple on-chip bus fabrics and point-to-point connections, which can result in interconnect signals that number in the thousands. This session discusses the use of a new school formal verification method which can be easily applied to solve the problem of connectivity checking with detailed case studies of how this formal app was used to automatically verify connectivity and accelerate the debug process.

New School Coverage Closure

Management of complex SoC development projects to the point of successful coverage closure has become a very challenging job. Design and verification engineers spend enormous amounts of time reviewing coverage holes. This presentation discusses a new school formal verification method which automates the job of focusing coverage closure efforts on the items which actually need to be hit and the results achieved on a large SoC design in the entertainment and signal processing domain.

Improving Quality and Time-to-Market with Formal Verification

This archived web seminar presents Questa Formal Verification and explains how it is being used today, by both designers and verification engineers, to improve design quality and accelerate verification.

Questa CDC - Verifying CDC Reconvergence with Silicon-Accurate Models

This archived web seminar focuses on how to ensure that simulations of such designs can nevertheless be accurate predictors of silicon behavior.

Industrial-Strength Clock Domain Crossing Verification

This archived web seminar will explain each of these steps in CDC verification and demonstrate how Questa CDC Verification automates these steps.

Formal Tech Tip: What are Vacuous Proofs, Why They Are Bad, and How to Fix Them

In formal verification, proving all of your properties is pretty much the main goal of the whole exercise – if all the assertions are proven, clearly the design has been exhaustively verified. This suggests that there is no such thing as a “bad proof”, right? Wrong! There is one case where a proof is bad – misleading, actually. It is when a proof is “vacuous”. What is this bad apple, how can you spot it, and how can you fix it? Read on …

How to Become a Formal Expert and Impress your Friends and Boss!

The industry has experienced significant adoption of formal solutions over the past few years. One of the driving forces behind increased adoption of formal solutions has been due to advancements in formal technology. For example, in the early 1990s the effort required to use a formal tool was high, and the tools generally required an expert. In addition, the state-spaces these tools could handle were quite small. This has changed over the years, where many of the formal solutions have become fully automated. In addition, today’s formal tools can handle significantly larger capacity and state-spaces compared to their predecessors. The maturing of formal technology is driving the adoption of formal property checking on many projects today, as shown in the following figure.

How to Save a Ton of Time and Energy by Prioritizing Faults with Exhaustive Formal Analysis Before Launching Detailed Fault Verificatio

Whether you are tasked with proving your DUT – and the design & verification flow used to create it — meets ISO 26262, DO-254, IEC 60601, IEC 61508, Mil-Std 882, or any one of a host safety standards, you will have to:

DVCon China: Formal Technology Is Set for Growth in Asia

The overall theme of the Q&A I received was around the benefits that property checking provided over other verification techniques. Indeed, I was directly asked “Why do you need formal?” It’s a fair question – especially since property checking with hand-written assertions (vs. automated formal apps) does impose a learning curve on its users; and it is not always obvious what formal is capable of doing better than the alternatives.

How To Connect Your Testbench to Your Low Power UPF Models

All the necessary HDL testbench connections are done through importing UPF packages available under the power-aware simulation tool distribution environment. Even better: the IEEE 1801 LRM provides standard UPF packages for Verilog, SystemVerilog, and VHDL testbenches to import the appropriate UPF packages to manipulate the supply pads of the design under verification. The following are syntax examples for UPF packages to be imported or used in different HDL variants.

How Formal Techniques Can Keep Hackers from Leaving You in the Cold

While internet connected vehicles remain a popular target for hackers, the new breed of "smart" devices have the potential to invite the bad guys inside your home and force you to pay them to leave. Specifically, in a DefCon 2016 demo security researchers Andrew Tierney and Ken Munro showed how an internet connected thermostat could be taken over and reloaded with "ransomware". Consequently, the bad guys could literally leave you in the cold until you pay up.

3 Things About UPF 3.0 You Need to Know Now

UPF 3.0 has been an official IEEE standard since January, but its most valuable capabilities have only become clear as EDA vendors and users have begun to incorporate the corresponding design & verification (D&V) features. Looking across our user base, the following three items have come to the forefront of the UPF 3.0 adoption wave.

How to Avoid Metastability on Reset Signal Networks, a/k/a Reset Check is the New CDC

It's axiomatic that digital circuitry must initialize properly before it's used. Once upon a time, verifying a design's reset signaling was a pretty straightforward process – simply confirm the continuity of reset signal from the pad ring to all the IPs and instances inside the DUT. Fast forward to the present, and previously unheard of bugs on reset signal networks are being created via...

5 Things I Learned at the 2016 SAE World Congress

Being an IEEE member for many years, it was intriguing to enter this parallel universe of professionals equally interested in advancing the state of their art. This year in particular, the incredible momentum behind automotive automation gave this conference a palpable energy.

DVCon USA 2016: Heralding Formal's New Wave

If you were wondering whether formal verification is becoming a cornerstone of mainstream verification flows, several events at the recent DVCon USA 2016 should leave you without any doubt. Consider the evidence...

Goal posts Aren't Only for Football – Use Them in Formal Analysis Too!

Seriously: goal posts and scoring drives aren't just for football – conceptually similar things can be a winning strategy for using formal analysis to penetrate the state space of a large DUT, and drive toward the areas you are seeking to reach. To paraphrase, run a series of formal "goal posting" plays. Here is how it works...

Are You Struggling to Reach Timing Closure with Your Low Power Design – You May Have CDC Problems!

First, if you were brought here by a desperate Google search for "timing closure tricks STA RTL" as your tape out deadline looms, I can empathize — working to achieve timing closure on a deadline is truly a high pressure, thankless job. Even worse from this standpoint, the addition of vital low power design techniques could unintentionally be the reason why your cycle of analyses and fixes are still not converging — let me explain...

Formal Tech Tip: How Good Properties Can be Over-constrained and How to Fix It

Given the dramatic increase in the scalability of formal engines over the past 5 years, "formal testbenches" have grown to comprise hundreds, if not thousands, of assertions, constraint properties, and cover properties. Like with simulation-based constrained-random verification, the number of constraints and the overlap and dependencies among them can quickly exceed what a single engineer can envision.

Back to School: How to Educate Yourself and Your Colleagues About Formal and CDC Verification

Now that summer is over and the kids are settled into their classrooms, it's a great time for grown-ups to go back to school themselves by taking advantage of new Verification Academy events and courses. Specifically, the Questa Formal and CDC instructors have been working hard over the past spring and summer to create new training materials for both novices and intermediate students alike. We welcome you to take advantage of the following educational resources.

How Formal Techniques Can Keep Hackers from Driving You into a Ditch, Part 2 of 2

In Part 1 of this series, inspired by security researchers that were able take over a new Jeep and drive it into a ditch I asserted that in the future all vehicles will need to encrypt their internal control and data bus traffic with an encryption key. This key would be stored in a secure memory element of some sort – a separate memory chip or a register bank inside a system on a chip (SoC). As such, Design & Verification (D&V) engineers will need to verify that this secure storage can't be compromised.

How Formal Techniques Can Keep Hackers from Driving You into a Ditch, Part 1 of 2

The dark side of our connected future is here: from the comfort of a living room sofa, security researchers were able to remotely disable the brakes and transmission of a new Jeep Cherokee — literally driving the vehicle into a ditch (Hackers Remotely Kill A Jeep On The Highway – With Me In It, Wired, 7-21-15). Another group of researchers were able to hack into a car's braking and other critical systems via the digital audio broadcast (DAB) infotainment system ("Now car hackers can bust in through your motor's DAB RADIO", The Register, 7-24-2015). In this form of attack, multiple vehicles could be affected simultaneously.

Languages & Standards

Methodologies

Techniques & Tools

Universal Verification Methodology (UVM)

Featured Courses

Additional Courses

Analog/Mixed Signal

UVM Forum

SystemVerilog Forum

Coverage Forum

Additional Forums

Implementation Patterns

Specification Patterns

Pattern Resources

UVM Cookbook

Coding Guidelines & Deployment

Coverage Cookbook

Upcoming & Featured Events

On Demand Seminars

Recording Archive

Learning Center

Blog & News

Verification Horizons Publication

About Us