by Martin Vlach, Mentor Graphics
Today, very high expectations are placed on electronic systems in terms of functional safety and reliability. Users expect their planes, automobiles, and pacemakers to work perfectly, and keep on working for years. A reboot of a smartphone is annoying, but rebooting the airplane or car electronics while underway could be catastrophic, and a glitch in an implanted medical device could be life threatening.
The extremely successful digital abstraction allows us to decompose the problem of ensuring that a digital circuit "works" into the separate steps of functional and physical verification. EDA tools take the design either from an algorithm, or from RTL, all the way to implementation.
Functional verification of digital systems is primarily concerned with verifying that the logic design at the algorithmic and RTL level conforms to specification, and as a final check, physical verification is performed to make sure that nothing in the automation went wrong. Verifying that the logic and its circuit implementation are correct are orthogonal problems.
For analog circuits, and by extension mixed-signal systems, no such abstraction and ensuing automation exists. The concerns of making sure that the circuit works, and that it keeps on working, are not independent of each other. It is useful to examine the many different types of verification that need to be performed on a mixed signal systems. As always when considering mixed-signal design and verification, the challenge is to address the topic in a way that is understandable to engineers that come from the two very different backgrounds of digital and analog, and so while some of this description may sound obvious to you, it may be completely new to the reader from "the other camp". The target audience of this discussion is both the digital verification engineer whose activities need to expand to verifying chips with analog hardware content, as well as the analog design engineer who wishes to apply the more formal methods of verification to the design at hand.
Before embarking on the investigation of AMS verification, it is worthwhile to examine some aspect of what is "digital," what is "analog," and what is a "model". In common usage, these terms often have an imprecise and/or overloaded meaning. The rest of this article will use the following terminology:
Signal (Meaning 1): as used when talking about HDL concepts: An informal term, such as a variable, net (SystemVerilog), analog net (Verilog-AMS), signal (VHDL), terminal, or quantity (VHDL-AMS). The context where it is used may imply further restrictions on allowed types.
Signal (Meaning 2): (a) used when talking about electric circuits: transmitted energy that can carry information, (b) physical phenomenon whose presence, absence or variation is considered as representing information. To disambiguate, the phrase real-world signal will be used to refer to this kind of signal.
Analog abstraction: a representation of a real-world signal that retains the sense of the continuous range of the signal level. Many different representations are possible, including conservative (electrical signals with both voltage and current), signal-flow (system level models where a signal will often be implemented as voltage, but sometimes as current), and event-driven.
Event-driven signals may be represented by a single value of type real (also known as Real Number (RN) modeling), or by a structure (record) that may contain many pieces of information (including real, integer, and enums). Event-driven signals are often thought of as piecewise constant, but this is not a fundamental requirement. Piecewise linear event-driven signal may, for example, be represented by a pair of real numbers (e.g. value and slope). Analog abstraction is applicable to all forms of energy (electrical, mechanical, thermal, and others).
Digital abstraction: an abstraction of a real-world signal by discrete bands of analog levels, rather than by a continuous range. All levels within a band represent the same signal state. In most cases the number of these states is two, and they are represented by two voltage bands: one near a reference value (typically termed as "ground" or zero volts) and a value near the supply voltage, corresponding to the "false" ("0") and "true" ("1") values of the Boolean domain respectively.
Waveforms of signals in the digital abstraction are always of necessity discontinuous - they are in fact piecewise constant. Digital abstraction is only applied to the electrical form of energy for practical purposes in EDA software.
Functionally analog signal: a real-world signal that must be represented by an analog abstraction to usefully reason about it. It cannot be represented using digital abstraction and still retain the information content.
Functionally digital signal: a real-life signal that can usefully be represented by a digital abstraction. It can also be represented by an analog abstraction from which the digital abstraction can be derived based on the discrete bands of analog levels.
The word model is one of those terms that everybody (thinks s/he) understands, yet it defies precise definition. The following model categories and definitions will be used in this document.
Implementation model: in digital circuits, an implementation model implies RTL or gate level description. In analog design, an implementation model is essentially the schematic or its equivalent transistor level description (i.e. SPICE).
Physical model: further refinement of the design on the way to fabrication. Physical model can be thought of as an implementation model together with physical layout (timing, parasitics, etc.).
Verification model: a model that is used during verification. This is much more of a qualitative term compared to the terms Implementation and Physical model. It suggests the purpose for which the model is created. While implementation or physical models could in theory be used during verification activities, their execution is often too slow for practical use. In order to gain speed, verification models always abstract away many – even most – details of the final implementation.
Ideally, a verification model should faithfully model only that aspect of the design that is being verified in the current test, and abstract away everything else. Behavioral model: a model that describes how the modeled entity behaves, but does not suggest or describe an actual implementation of the entity.
Verification models are in fact a type of behavioral models that have been designed for a specific verification purpose. In analog and mixed signal contexts, behavioral modeling has long been advocated for top-down design, and while widely used in some companies, many have struggled to adopt the concept due to the special skills required to create good behavioral models and the lack of meaningful automation to help with the process.
With these definitions in mind, here then are the different kinds of verification that should be considered when designing high reliability and safety critical systems.
Functional safety verification: Verification of compliance with a Functional Safety Standard, such as DO-254 for avionics, ISO 26262 for automotive applications, the IEC 60601 series for medical devices, and IEC 61508, a general functional safety standard for diverse industries. This kind of verification is a business procedure that is performed by a verification authority (a 3rd party). Customers using EDA software may choose to have their products certified. In most circumstances it is not the EDA software tools that are certified, but rather the designs created using those tools. Nevertheless, the verification activities described below will be a necessary part of obtaining a functional safety certification.
Architectural verification: Sometimes applied to the process of verifying that SoC architecture supports the system requirements. This verification should happen before one embarks on the design of an AMS IC chip.
Physical verification: A process whereby an IC layout design is checked to see if it meets certain criteria. Verification involves DRC (Design Rule Check), LVS (Layout Versus Schematic), ERC (Electrical Rule Check), XOR (Exclusive OR), and Antenna Checks.
Functional verification: Verifying that the logic design of a work product conforms to specification. This is wellestablished usage when applied to (pure) digital circuits.
In the context of AMS verification, we retain the meaning of functional verification as applied to the logic design, but extend it to circuits that contain either (1) analog hardware (which processes functionally analog signals) or (2) aspects of digital hardware that need to be simulated using an analog abstraction (e.g. active power management, detailed timing in memories). Functional verification can be accomplished by a variety of methods, including simulation, acceleration, emulation, formal verification, and intelligent testbench automation. Today, commercially available AMS verification focuses only on simulation, and the other approaches are not (yet) commonly used when applied to AMS systems.
Formal verification: A technique employed in functional verification. It is the act of proving or disproving the correctness of intended algorithms underlying a system with respect to a certain formal specification or property, using formal methods of mathematics.
Model checking is one formal verification technique that mathematically proves whether an assertion in Linear Temporal Logic (LTL) holds true (SystemVerilog Assertions and Property Specification Language are examples of LTL specifications). Other techniques for formal verification exist. All of the successful and welldeveloped methods of formal verification are applied to digital (discrete time) systems. Formal verification of continuous time dynamical systems can be applied to analog and AMS circuits, but the theoretical approach has not (yet) gained acceptance in the IC design community. AMS Formal verification tools are not commercially available.
Performance verification: The task of verifying that requirements that are numerical in nature are met.
These are commonly employed in analog requirement specifications (gain, frequency, noise, jitter, etc.). Digital system performance specifications (clock speed, power consumption) may also be understood to be this form of verification. Performance verification focuses on whether a circuit meets performance requirement when the circuit is implemented correctly.
Implementation verification: The task of verifying that functional and performance requirements are met considering all the ways that circuits can "go wrong" in an "analog way". There are many examples of what can go wrong, including making sure that the right device (transistor) has been chosen (safe operating area), thermal issues (including self-heating), substrate coupling, ground bounce, power supply droop, onchip cross-talk, latch-up, electrostatic discharge, or electrical overstress. Specialized simulation algorithms are often required to accomplish the implementation verification tasks. Various commercial tools offer such extended simulation techniques.
Reliability verification: Reliability is the property of an item which enables it to fulfill its required functions for the prescribed period under the given conditions.
Reliability verification is the task of verifying that the functional and performance requirements continue to be met for the length of time prescribed by the reliability requirements. Major causes of chip reliability problems include excessive power dissipation, electromigration, hot carrier injection, negative bias temperature instability, and time-dependent gate oxide breakdown. Specialized simulation techniques are often required to accomplish the reliability verification tasks, and commercial tools are available.
Extreme environment verification: The task of verifying that extreme (sometimes called hostile) environment requirements are met. In a sense it is a special case of implementation verification, but specialized techniques (methodologies) and models are often required. Examples of extreme environments that are relevant to semiconductor chip design (not packaging) include radiation (ionizing radiation, single event upsets) and extreme temperature (both very high and very low). These are encountered in automotive and other transportation applications, avionics, medical (think of an implanted device and MRI), and energy exploration (sensor in drilling equipment), generation, and transmission. This kind of verification may often be accomplished with unspecialized simulation tools applied to specialized models.
Electrical verification: A term that is sometimes used in the EDA community to refer to aspects of performance, implementation, and reliability verification. Metric-driven verification: Any verification activity where progress is measured by objective means.
Of course, the verification activities will often overlap. For example, the verification of states in digitally-compensated or digitally-controlled analog circuits need to consider both the functional and performance verification aspects: the circuit performs correctly (performance verification) under all possible states (functional verification).
Note that "analog verification" is purposefully not defined here, since it is used loosely in the EDA community to refer to different activities, and is often used in the broad sense of "that which is not digital verification". Some examples of usage are:
- Methodology for performing functional verification on analog, mixed-signal and RF integrated circuits and systems on chip [Wikipedia].
- Running simulation on all corners.
- Any circuit simulation using a circuit-level (SPICE) simulator.
In recent years, the focus of verification of AMS chips has been on incorporating analog and mixed signal systems into digital functional verification via the use of verification models of analog circuits. For efficiency, such verification models use event-driven models, and in particular often represent analog signals by a single real number – Real Number Modeling. While this is a necessary part of verification for high reliability and safety critical systems, it may not be sufficient for the verification of analog performance, and cannot be used for implementation and reliability verification - that needs to be applied to the transistor level design.
Using the terminology introduced above, here is a practical definition of AMS Verification:
AMS Verification encompasses the functional, performance, implementation, and reliability verification of circuits that (1) are pure analog circuits, (2) contain both analog and digital circuits, or (3) are purely digital circuits that must be simulated using the analog abstraction to obtain meaningful results.
More simply, verification is an AMS Verification whenever analog abstraction must be employed by the model of a circuit in order to verify conformance to requirements.
Using tool-specific classification, the simulators used in AMS verification may be
- Pure digital simulator, i.e. Questa. Analog abstraction with event-driven models is used to model some parts of the overall design.
- Pure analog simulator, i.e. Eldo or ADiT. Even digital parts are modeled at the conservative analog abstraction level.
- Mixed simulator, i.e. Questa ADMS
- A single-kernel simulator with unified analog and digital simulation cycle, i.e. Questa ADMS for VHDL-AMS or Verilog-AMS.
- Digital/SPICE or Mixed/SPICE co-simulation, i.e., Questa ADMS and Eldo/ADiT engine.
Back to Top