by Rachida El IDRISSI , ST-Ericsson
Functional verification is one of the most critical steps in the IC development cycle. As complexity increases, along with the associated cost of fixing late-stage functional defects, manufacturers including ST-Ericsson are putting additional effort into the up-front verification process.
As is true in many engineering projects, the most difficult step in verification is knowing when you are done. The challenge of reaching verification closure stems mostly from increasing complexity. Recall that as a general rule of thumb, verification cycles rise at some multiple to the number of gates in a design, which is enough to give one pause in the age of billion-gate designs. Other obstacles on the way to closure include new verification methodologies and their sometimes-steep learning curves, aggressive milestones that sometimes force verification teams to truncate their efforts, and the difficulty of reusing verification components.
These issues compel verification engineers to use different processes and combine methodologies (e.g., static and dynamic) as they attempt to reach verification closure. However, the improvisational approach leads to its own sort of complexity, both in the overall verification environment and the hodgepodge of complex databases for storing results and metrics from the different verification techniques.
Any tool aiming to navigate and manage these issue must be able to do at least these four things: collect coverage information from different verification engines, particularly static and dynamic, into a database; leverage automation and available computing resources in order to meet timeto-market objectives; have a built-in verification environment that provides an easy way to debug and analyze the coverage and regression results; and give accurate visibility on the progress toward coverage closure, a view that also helps control the risks.
Questa Verification Platform provides these and other capabilities. The Mentor Graphics tool suite offers verification regression management (VRM), electronic closure and results analysis. ST-Ericsson recently used the tool in two IC verification projects. It proved to be effective in helping us to control and steer our progress, which I'll describe below.
ST-Ericsson is a leading developer of wireless semiconductors and platforms, and thus makes every effort to adopt the latest verification methodologies and processes at our engineering sites around the world, including in Rabat, Morocco, where I am based. Our goal is to continue to mature and deepen our IC development processes without compromising time-to-market. We need to be efficient and fast.
RNG and Efuse are two secure ICs that have been integrated in the latest ST-Ericsson SOCs.
RNG is a random number generator processor based on continuous analog noise that provides a random 64-bit value to the host when read.
Efuse IP contains two main parts. First, secure registers control the secure mode and allow for enabling or disabling some device functionalities, such as read access to fuse values, debug functionalities, test modes, and so on. Second, the fuse unit module is accessed through the secure registers; a SAFMEMHV macro is used to allow software to program the fuses.
The EFUSE IP plays a central role in the security implementation of the chip; RNG IP is part of cryptographic system of the SOC.
Any error on these IPs will affect the security of the chip. Thus, both ICs are very sensitive and need to be exhaustively verified, a goal we are achieving by combining formal and dynamic approaches to build the verification environment and using SystemVerilog and OVM to develop our testbenches.
Figure 1 IP verification flow used by STE engineers
FLOW AND PROCESS
As shown in figure 1, the first step in our verification flow was building the verification plan document that clearly describes the goals of the verification process, the key features and functions that need to be verified and covered, and the approaches that are needed to verify a particular function. Then we started to construct our verification environment based on the priorities features list. This step was all about defining which stimuli are needed in which sequence, the checkers points and all coverage metrics (code, assertions, functional).
For each functional feature in the verification plan, we developed a set of sequences that emulate the behavior of our IP and then developed checkers (for example, data checkers or behavioral checkers) to confirm that the behavior is compliant with the requirements defined in the specification.
Finally, after checking that standalone tests were working correctly, we built our regression test suite to get our coverage metric score and control our progress toward the verification closure.
REGRESSION MANAGEMENT CAPABILITIES
Questa Verification Run Manager (VRM) helps control regression progress. Its many capabilities allow verification engineers to focus more on checking relevant functionalities and concentrate effort where it is needed.
Questa's verification management capabilities are built upon the Unified Coverage Database (UCDB), which can capture coverage data generated by a variety of verification tools and processes.
UCDB allows for mixing coverage items: code coverage, static coverage (assertions and formal) and dynamic coverage (functional). Thus, using the database results in a rich verification history gathered from all the aspects of the verification flow, a history that tracks user information about individual test runs and also shows how tests contribute to coverage objects.
The GUI interface makes it easy to manage and view coverage data from a standalone test or a complete test suite. Based on the results, you can start and focus your coverage analysis, a task made easier by VRM's ability to address failures identified during regression. Efficient analysis keeps a verification project on schedule.
The tool combines the results of multiple verification runs, assisting in the grouping, sorting, triaging and filtering of messages from the complete set of regression tests. You
can add your own filters and prioritize the debug of your failures or coverage holes.
Questa also allows the verification plan document to be annotated with nearly any category of metadata, which can then be sorted (by engineer, project group, verification method, milestone and so on) and tracked. The sorted data can be shared in text or HTML reports, making it easier to allocate scarce resources and more accurately hit and manage deadlines.
At any point during regression you can pause and generate reports and graphs showing development progress, which provides an accurate and deterministic evaluation of your verification completeness.
In our work on the RNG and Efuse ICs we analyzed our verification results and measured our progress toward closure using VRM capabilities. Among the most obvious improvements over our previous method:
ease of setup, and also ease of debugging and merging our coverage database.
Other benefits included faster convergence to the expected level of verification and easy combination of the regression management capability with other tools such as Questa CDC (clock domain crossing) for metastability check.
Metastability check has been introduced in our flow to detect incorrect behavior of the design that may be caused by metastability occurring in signals that cross clock domains.
Questa CDC mainly injects the effects of metastability into the CDC signals and then, through our checkers, we evaluate the effect of those injections. Any firing or violations during those injections need to be analyzed to
determine if they are real problems in the design or false alarms due to erroneous constraints or checkers.
More specifically, the tool includes assertions for detecting alignment of transmit and receive clock domains, and also changes to the input of a register receiving a clock-domaincrossing
signal. Questa CDC also includes coverage monitors for measuring statistics related to metastability injection. It accurately models the effects of metastability by inverting outputs of registers receiving clock-domaincrossing
We were able to re-launch the same regression and enable metastability injectors to detect issues in the design. By updating the input file of the tool and making simple changes to some setup files, we enabled the
injectors during the regression. The results helped us verify the robustness of our CDC structures.
Figure 2 Questa GUI showing regression test list selection and test plan coverage results for Efuse
Figure 3 Questa GUI showing regression test list selection and test plan coverage results for RNG
The tool has been tuned to our needs, integrated into an in-house framework to provide more automation and ease of use for our verification team. The framework captures regression test lists while the rest of the regression management, integrated coverage closure and failure analysis is handled directly using the Questa VM tool suite.
Figures 2 and 3 show the final results for both ICs. The total coverage reached was almost 100%. The goals we missed were analyzed and justified in our verification reports.
It is now much easier for ST-Ericsson verification engineers, at least those of us using Questa, to gauge our progress. At any given time the answer to the question "How close are we to coverage closure?" can be made visible to all via Questa's GUI and HTML reports. Questa VRM helps avoid wasting time gathering coverage pieces and manually tracking what has been covered and by which means. We now more easily analyze results, take appropriate actions and then re-run our regression suite — all of which speeds us toward coverage closure.
Questa Verification Management: http://www.mentor.com/products/fv/questa-verification-management/
I would like to warmly thank all the people who contributed to this new process, especially: Jamal El-Haitout and Mohamed Anouar Zajni from ST-Ericsson, Gregory Faux from STMicroelectronics, and Gabriel Chidolue and Alain Gonier from Mentor Graphics.
Engineers at the ST-Ericsson campus in Rabat, Morocco involved in the verification work described in this article. STE's Rabat campus employs about 100 engineers specializing in IP and subsystems design and SoC development for the mobile cellular market.
Back to Top