nicolae tusinschi, product specialist design verification

Verification Beyond the CoreAccelerate SoC Verification

Nicolae Tusinschi, Product Specialist Design Verification

| Confidential | © 2021 OneSpin Solutions

Outline

1. Accelerate SoC Verification

a) Complexity and Criticality

b) Automation is Key

2. PULPino

a) A Single-Core SoC

b) Getting the Targets Right

3. Deployment of OneSpin Formal Suite

a) OneSpin 360 DV-Inspect

b) OneSpin VIPs and Unique Specialized Apps

4. Next Challenge: HERO Platform

a) The Interconnect Challenge

b) Formal Connectivity – Level XL

5. Summary


Wherever IC Integrity Matters, You’ll Find UsOneSpin targets critical hardware verification challenges

Functional CorrectnessRigorous coverage-driven functional

verification from block to chip,

leveraging formal technology

SafetySafety analysis and higher diagnostic

coverage to meet strict certification

requirements

Trust and SecurityAutomated detection of RTL Trojans

and hardware vulnerabilities to

adversary attacks

Design Exploration

Protocol Violations

Integrate Formal/Sim Coverage

End-to-End User Assertions

HLS/SystemC Verification

Synthesis/P&R Errors

FMEDA of Complex SoCs

Failure Mode Distribution

Avoid Excessive Fault Simulations

Measure Diagnostic Coverage

ISO 26262 Compliance

Tool Qualification

Denial of Service

Data Leakage

Privileges Escalation

Data Integrity/Confidentiality

Hardware Backdoors

Hardware Trojans

OneSpin 360® Formal Platform

Heterogeneous Computing

OneSpin Solutions and Services

Thorough verification of

complex SoC platforms

used for 5G wireless, IoT,

and AI applications

Automotive and IndustrialSystematic bug elimination

and metrics on proper

handling of random errors in

the field

RISC-VEfficient and complete

verification, including

custom extensions.

Compliance to ISA.

RISC-V


Outline




2. PULPino









5. Summary


SoC Complexity and CriticalityIncreased Risks: Functionality, Safety, Security

Complexity!

Capacity, Power, Performance, Flexibility

$§Reliability? Threats!


Systematic Verification FlowRequirement tracing and coverage of paramount importance

Req1 Feat1 Feat1.1 Goal1 Directed Test

Code Coverage

Functional Coverage

Feat1.2 Goal2

Assertion Passing

Feat1.3 Goal3

Goal4

Assertion Coverage

Coverage Models & Database

Formal

Coverage

Simulation Debug

Verification Plan

Testbench Assertions

Coverage

Requirements Specification

Implementation Plan

Individual requirements broken down into features,

implementations, verification goals, and metrics


Accelerating the Design Verification FlowClean integration is key for efficient verification

Requirements

Spec

Verification

Plan

Implementation

IP Plan

Design

Specs

Design Flow

Integration

Verification

• Ensuring reliable integration of design IP accelerates verification

• Many SoC issues can be solved quickly using formal apps

• Range of DV apps packaged in DV-Verify

• Capability provided for custom apps


Automated Formal Apps

• Solve complex, error-prone verification issues

• Exhaustive testing without significant simulation effort

Automatically solve tough verification problems

OneSpin Apps

Periphera

l

L2 CacheDSP Controller

Fast Bus

Algorithm

HW Accelerator

μP Support HW

& RAM / ROM

Security Sub-system

Custom

Device

Network on Chip

μP

Core

μP

Core

μP

Core

μP

Core

Chip

Activation / Safety Checks

Scoreboard

Protocol Compliance

Register Checking

Connectivity Checking

Floating-Point Verification

Processor Integrity

Coverage Closure Accelerator

Verification Planning Integration

Verification Coverage Integration


Outline




2. PULPino




a) OneSpin DV-Inspect





5. Summary


PULPinoParallel Ultra Low Power Platform

Open-source project started by ETH Zürich and University of Bologna

• Part of the PULP project

• Single-core SoC platform

Built for two open-source cores

• RI5CY - (32-bit, 4-stage pipeline)

• Zero-riscy - (32-bit, 2-stage pipeline)

Rich set of peripherals:

• UART

• I²C

• SPI master and slave

• GPIO

…


Plan Appropriately

• Identify the areas of design risk, then identify the most straightforward verification process

• Remember that simulation and formal can co-exist

Example:

Identified good targets for formal verification

• CPU

• AXI4

• APB

• I²C

• SPI

• UART

• SoC Control

• Event Unit

• GPIO

Make progress quickly


Outline




2. PULPino









5. Summary


OneSpin’s Suite of Formal Apps

• Safety RTL checks on entire SoC

• Reachability checks

RTL

Code

“Under-the-hood”

Assertion Synthesis

Str

uctu

ral

An

aly

sis

Sa

fety

Che

cks

Activa

tio

n

Che

cks

Tra

ce

&

Deb

ug

Structure

(Easy Lint)

Safety Checks

(Assertion Synthesis)

Activation

(Coverage)

Mismatch / port /

wireRuntime Errors Sim-Synth Issue Safe Function

Dead code

checks

Signal truncation /

no sink

Array / range

checksFull case

Neg / zero div, exp, rem

Arithmetic overflow

Stuck signal

(toggle test)

Sensitivity list

issues

Function without

returnParallel case X / Z resolution

FSM transitions

and states

Unused signal /

param

Signal domain

checks

Write-write race

detectArithmetic shifts MORE…


Periphera

l


Fast Bus

Algorithm

HW Accelerator

μP Support HW

& RAM / ROM

Security Sub-system

Custom

Device

AXI Bus

μP

Core

μP

Core

μP

Core

μP

Core

Periphera

l


Fast Bus

Algorithm

HW

Accelerator

μP Support HW

& RAM / ROM

Security Sub-system

Custom

Device

Network on Chip

μP

Core

μP

Core

μP

Core

μP

Core

X

x x x x

1

0

Periphera

l


Fast Bus

Algorithm

Accelerator

μP Support HW

& RAM / ROM

Security Sub-system

Custom

Device

Network on Chip

μP

Core

μP

Core

μP

Core

μP

Core

Connectivity

OneSpin’s Suite of Formal Apps

• Protocol compliance verification

• X Checking

• Interconnect verification

• Floating-point verification

• Processor integrity verification


SoC Verification

• Full range of safety RTL checks• FSM Reachability analysis• Dead Code analysis• Stick Check analysis• Initialization check• Linting

• Protocol compliance for AXI4 interfaces• Protocol compliance for APB interfaces• Protocol compliance for I²C• X-Propagation checks• Interconnect verification• Floating-point verification• Processor verification

OneSpin’s suite of formal apps


SoC Verification

• PENABLE signal on APB interface violates address phase protocol

• Unique case statement violation results in unexpected instruction decode scenario

• Floating-point addition delivers an incorrect result for (neg_0 + neg_0)

Selection of issues detected in PULPino


SoC Verification

• #122: Wrong PMP CSRs value read/ written

• #132: Exception Handling Violation - mstatus’ MPP

• #136: Exception Raising Violation - Illegal Instruction - accessing debug CSRs not in debug mode

• #137: Exception Raising Violation - Illegal Instruction - compressed instruction is not valid

• #152: Exception Raising Violation - Illegal Instruction - invalid instruction decoding

Selection of issues detected in PULPino´s RI5CY core


SoC Verification

• #157: Exception Handling Violation - dcsr

• #159: Exception Raising Violation - Fetch/Store/Load Access

• #169: Exception Raising Violation - Illegal Instruction - dynamic rounding mode

• #170: Exception Raising Violation - Illegal Instruction - FS field

• #174: F extension - Dynamic Rounding Mode Violation

• #175: F extension - Wrong Result Calculation

• #182: Trap Return Handling Violation - mstatus’ MIE

• #185: Debug Mode Violation - Exceptions Update CSRs

Selection of issues detected in PULPino´s RI5CY core


Outline




2. PULPino









5. Summary


HEROHeterogeneous Research Platform

The base configuration of HERO for the Xilinx Zynq ZC706 Evaluation Kit features the following accelerator configuration:

• 1 PULP cluster (Mr. Wolf) comprising 8 32-bit RI5CY cores

• 256 KiB of shared L1 scratchpad memory,

• 4 KiB of shared L1 instruction cache,

• 256 KiB of shared L2 scratchpad and instruction memory,

• IOMMU with an L1 TLB of 32 variable-sized entries, and an L2 TLB of 1024 page-sized entries.


The Complexity ProblemWhat are the challenges?

• Large-scale SoC involves large number of hierarchy levels

• Checking connectivity between modules in large-scale SoC increases the overall runtime

• Number of connections that need to be checked reaches 1M+

• Not all connections are of direct type: they can be conditional or delayed

• Defining 1M+ connections can be time consuming; there is need to automate the specification process


What are the Challenges?


Connectivity XL™

• Formal connectivity checking flow that scales to extra-large chips

• Deliver convergent proof results in complex connectivity problems

• Exceed capacity limitations of existing flows

• Reduce the engineering effort dramatically

Key benefits


Connectivity XL™

-I- CheckCon - Reading CSV file 'connections.csv'...

-I- CheckCon - Rule 1: 'm:pulp_soc, clk_cluster_i, m:cluster_clock_gating, clk_i'

from 'csv/connections.csv:4’ matches 1300 connections.

Generating 1300 connectivity checks for rule 1 with condition '…'

-I- CheckCon - Rule 2: 'm:pulp_soc, CLUSTER_ID[0][0], i:*riscv_tracer_i, cluster_id[0]'



-I- CheckCon - Rule 3: 'm:pulp_soc, clk_cluster_i, i:*cs_registers_i, csr_rdata_o[0]'



-I- CheckCon - Generated 1332 connections for checking in total.

-I- CheckCon - Processing 1332 connections generated from file 'connections.csv'...

…


Applying


Connectivity XL™

…


…

-R- CheckCon - Summary of performed checks (hold/fail/width_mismatch/skip):(1276/56/0/0)

-R- CheckCon - Only 1276 out of 1332 signal pairs are connected as specified!

-I- CheckCon - Signal paths written to file 'connections.path'.

-I- CheckCon - Total check time: 02:02 minutes

-I- CheckCon - Summary of unconnected signal pairs:

Applying


Connectivity XL?Proven to support

Auto generation of connectivity tables

Huge number of hierarchy levels

Millions of RTL instances

Fast and reliable formal proofs

Thousands of connections per hour


Outline



b) Automation is key

2. PULPino

1. A single-core SoC

2. Getting the targets right

3. Applying OneSpin´s Formal Suite

1. OneSpin 360 DV-Inspect

2. OneSpin VIPs and Unique Specialized Apps

4. Next challenge – HERO Platform

1. The interconnect challenge

2. Formal connectivity – level XL

5. Summary


Low Effort, High Speed

• SoC can be verified exhaustively by formal means• Floating-point issue has been confirmed by PULP team

• APB issue still under investigation

• Unique case statement violation results in unexpected instruction decode scenario –potential security issue

• Approach has been applied on several SoC designs• Numerous bugs confirmed and fixed by original designers


IC Integrity AssuranceFunctionally correct, safe, secure, and trusted SoCs/ASICs/FPGAs

Design Integration Implementation

IC Integrity

SoC/ASIC/FPGA Verification Flow

OneSpin provides certified

IC Integrity

Assurance Solutions

to develop functionally

correct, safe, secure, and

trusted integrated circuits

Functional

CorrectnessSafety

Trust and

Security

nicolae tusinschi, product specialist design verification

Documents