Design Verification Club technical-review | category

Archive for the ‘Technical Review’ Category

Power7 Verification: It’s Not Rocket Science (It’s More Advanced)

Thursday, May 20th, 2010 by saturday

Complexity

In his recent presentation discussing verification of the Power7 processor, John Ludden of IBM opened with a quote from an IBM exec more than a decade ago. “it’s not rocket science”- a perception held by some members of the management and design communities at that time.

However, designs have become a whole lot more complex over time. The Power7 processor at 45nm has 1.2B transistors on a 567 sq. mm die, supporting 8 cores with 4 threads each, an on-chip eDRAM, 3 levels of caches and 2 DDR memory controllers. Yet as verification complexity multiplies in this multi-threaded design, it’s very helpful to have some of the more advanced tools and methodology at your disposal.

Tools and Methodology

Fortunately for Ludden and the Power7 team, IBM has invested in verification technology for years (in spite the quote from the exec). The company continues to develop and rely on in-house tools for many of the advanced verification technologies for processor-specific testing. These include the test-bench, multi-thread test generators, hardware accelerators, formal and semi-formal tools, micro-architecture checkers (API based), cache coherency checkers and coverage tools. Exercisers
originally developed for post-silicon validation were used to exploit the hardware acceleration platform. Forty-five thousand coverage points were organized to assist with big picture and were used to re-direct the test generator and exercisers for accelerators.

To support corner case testing for events that occur rarely, especially in multi-threaded scenarios, software irritator threads were used. These irritators are capable of creating the worst possible contentions. Through their application, twenty-three high quality bugs were revealed hiding in the corners.

A methodical application of these tools and technology clearly captured and advanced the industry best practices.

Designing for Verification

Designing for Verification was an important element in managing the overall risk to verification time line. IBM minimized the risks by maintaining a tight interaction between the specification and verification teams during the design phase and allowing the verification team to maintain architectural changes. “Chicken switches” were placed in silicon that allowed verification team to back-off an area considered risky or possible of otherwise compromising the verification effort. These switches provide workarounds, with some small impact on performance but no functional change, for accessing difficult to verify micro architectural features. Hardware irritators were also used to enable stress testing of corner cases in both pre-silicon and post-silicon testing.

Conclusion

The Power7 draws many architectural features from the Power5 and 6 designs, although it is a much more complex and powerful processor with a much shorter verification cycle. Ludden and the Power7 team accomplished this remarkable feat with a lot of foresight in planning, metrics collection and careful execution. Tight interlocking between metrics collected and verification plan was key part of tracking mechanism and functional closure. This project should serve as an example of how to plan for and manage risks in a complex verification project.

Kudos to John and the IBM team. His full presentation can be downloaded here.

Tags: Architecture, checkers, Complex Architectures, functional design verification, functional verification, RTL testbench, Technical Review, Verification
Posted in Austin, Design Verification, Technical Review | No Comments »

Bob Colwell’s Reading List

Wednesday, April 14th, 2010 by saturday

In his recent Silicon Valley presentation, Bob Colwell referenced several interesting books to validate his points. We’ve already begun receiving emails asking for a list of these titles, so we thought that it would make a great blog posting. Happy reading!

Normal Accidents : Living with High-Risk Technologies
Charles Perrow

A History of Murphy’s Law
Nick T. Spark

Inviting Disaster: Lessons From the Edge of Technology
James R. Chiles

Fluid Concepts And Creative Analogies: Computer Models Of The Fundamental Mechanisms Of Thought
Douglas R. Hofstadter

The Challenger Launch Decision: Risky Technology, Culture, and Deviance at NASA
Diane Vaughn

Tags: Bob Colwell
Posted in Austin, Technical Review | No Comments »

Highlights of DVCon 2010

Friday, March 5th, 2010 by admin

By Doug Smith of Doulos

Conferences aren’t my favorite events to attend. They tend to be dominated by the big three EDA companies, and the messages are usually just a variation on what was said last year. However, there is always something useful to glean if you listen hard enough, and I think DVCon this year is no exception.

While DVCon is generally more of a verification conference, I found design related topics surprisingly absent. Cliff Cummings presented a good paper on using SystemVerilog’s unique, priority, and 1800-2009’s unique0 constructs, but other than that, everything centered on verification except for some brief discussion on C synthesis at a panel and the SystemC synthesizable subset at the OSCI tutorial session. Verification continues to dominate the industry’s focus as well as high-level modeling.

In fact, I felt that the major topics at DVCon this year were verification methodologies (VMM & OVM), TLM 2.0, and SystemVerilog. I’ll just say a brief word on each.

Both VMM and OVM have recently been updated. Synopsys has added significant features to VMM in their 1.2 release. Doulos sponsored a VMM 1.2 tutorial along with other VMM Central partners highlighting the new features like TLM 2.0 support, implicit phasing, and enhanced testbench structure and configuration as well as explaining how to exploit the RAL register package. In conjunction, Doulos gave away their new VMM 1.2 Golden Reference Guide and has made available a VMM 1.2 tutorial on their website. OVM is also recently updated (version 2.1), but it hasn’t majorly changed so the story is still much the same.

The SystemC NASCUG meeting was co-located with DVCon and there seemed to be a lot of interest around TLM 2.0. OSCI also hosted a TLM 2.0 tutorial session and there was a user paper session centering on TLM. VMM’s TLM 2.0 implementation generated a bit of interest as well. While I don’t use TLM for SystemC modeling, given all the buzz about it I have to conclude that it’s being well-embraced by the industry and it looks like it’s here to stay. I certainly find TLM connections quite useful in an OVM/VMM testbench.

Personally, I found the most interesting papers were those discussing SystemVerilog. Dave Rich from Mentor proposed a multiple class inheritance enhancement, which seems to have great potential. Cliff Cummings talked about enhancing the language to handle X optimism and pessimism. Eduard Cerny discussed new SV-2009 checker and assertion features. But I have to admit, the nagging question I have is, “Will this language everstop exploding?” If I may say, SystemVerilog is like an ever-expanding patchwork, where piece after piece is added but none of it ever seems to truly fit together. And every year, more and more ideas are proposed to enhance it. Oh well, I guess it’s what we have to live with. For those not converted yet to SystemVerilog, my colleague, Alan Fitch, wrote in his DVCon paper, “How to Achieve Sample-Based Coverage Using VHDL” — quite a unique topic among all the other presented papers. Keep an eye out on the Doulos website for the upload of his paper if you’re interested. I usually write papers that show how to work with or around what we already have. That’s why I presented a paper on matching asynchronous behaviors using SystemVerilog assertions (soon to be uploaded to the Doulos website), and likewise, my colleague, John Aynsley, presented a great paper on using the DPI to interface with C/C++ models.

I think the most exciting news at DVCon this year came from Accellera. Accellera’s Verification IP (VIP) technical subcommittee has announced that a universal verification methodology (UVM) is planned for release mid-March. UVM will be based on OVM 2.0.3 and have features of VMM incorporated into it. The amazing thing is that Synopsys, Cadence, and Mentor are all unanimously behind UVM. I think this will definitely reshape the verification methodology story in the industry over the coming year. I was also pleased to hear that the unified coverage interoperability standard (UCIS) is due out in October. This should give us a common way to access and merge all of our coverage data. Lastly, I was rather surprised by the take-away message from Brian Bailey’s panel on minimizing verification time and effort—engineers need more training!! As a trainer, I couldn’t agree more!

Doug Smith

Tags: Brian Bailey, Cadence, Design, Doug Smith, Doulos, DVCon, Mentor, modeling, OVM, Synopsys, SystemC, SystemVerilog, UVM, VMM
Posted in DV Conferences, Technical Review | 1 Comment »

How to Avoid “Firefighting” in Verification [Repost]

Thursday, February 11th, 2010 by admin

By Richard Goering on February 1, 2010.

This article is reposted from the Cadence blog.

Can verification engineers gain control over the verification process, and stop being full-time firefighters? With proper planning, communication, and organization, the answer is “yes,” according to Allison Goodman, validation program manager at Intel for client and enterprise solid state hard drives.

Goodman spoke at a Silicon Valley DVClub lunch meeting January 26 at Dave and Buster’s restaurant in Milpitas, California. DVClub is an interesting organization. With chapters in Austin, Bangalore, Boston, Dallas, Research Triangle Park, San Diego, and Silicon Valley, the club’s stated purpose is “to have fun while helping build the verification community through quarterly educational and networking events.” IC engineers can join for free, and events are free. Costs are picked up by sponsors, including Cadence.

The January 26 event brought together around 120 attendees. There were a few EDA folks, but as far as I could tell, most attendees were verification engineers. Goodman’s speech was entitled “Tales from the trenches – validation missteps making us full time firefighters.” Goodman started her speech by noting that “it’s not technical problems that cause bad things to happen. It’s usually on the people side.” She identified four “missteps” that force engineers to put out fires rather than proactively validate a product’s quality.

Misstep #1: Insufficient planning

Insufficient planning occurs when you don’t have what you need to do testing, and your test coverage falls short. It’s caused by undocumented assumptions, the increasing scope of projects, and “missed dependencies” (you need 10 prototypes but only get 5). “If you don’t plan for it, it will surprise you, and every surprise will end up as a fire.”

The solution? Put your plan in writing – including who does what, how features work, what it means to be “done,” what checkpoints will monitor progress, and criteria for success. Keeping track of assumptions may be the biggest part of the solution. Write them down!

Misstep #2: Not designing for test

Designers often think their designs won’t have any mistakes, so there’s no plan for testing and no communication with validators. This makes it difficult to find and replicate bugs, to figure out what you need to monitor, and to know when you’re done. Interpreting test results as “pass” or “failure” may be very difficult. The antidote is for validators to get involved in the earliest stages of the design process. “Ask how you’re going to test it and how you’re going to tell if it’s working.”

DVClub provides an opportunity for networking as well as speakers and lunches.

Misstep #3: Not creating and integrating feedback loops

All too often, the marketing team or the design engineers make changes to a product, and don’t communicate those changes to the verification team. Further, many companies place engineers in “silos” with little or no communication – for example, there are software engineers, hardware engineers, and firmware engineers who don’t talk to each other.

What’s needed is continuous feedback about any changes in the product, as well as problems found with the product. Tests should be monitored for effectiveness and continually improved.

Misstep #4: Lack of transparency

Lack of transparency happens when you tell your boss (or team) that everything is well when it really isn’t. Or, you skimp on tests and coverage as schedule pressure rises, and don’t let managers know. As a result, risks and coverage gaps increase. “Tell the real story, and encourage others to do the same. Don’t declare that it’s done until it’s really done.”

My takeaway

While there are tools that can help with verification planning and monitoring – such as Cadence Incisive Enterprise Manager – quality verification depends on “people” factors such as whether and how verification teams plan, how early they’re involved with the design process, how well and how honestly people communicate, and how adaptable teams are to feedback and change. Pay attention to these issues and perhaps you can put the fire extinguishers away.

Richard Goering

Tags: Allison Goodman, Validation, Verification
Posted in Boston, Silicon Valley, Technical Review | No Comments »

Knowing When Verification is Complete

Friday, March 27th, 2009 by admin

Introduction

This article presents an overview of functional design verification using a coverage driven methodology while attempting to answer the question of how much testing is enough. The part being verified in this case will be a general purpose microprocessor, such as those found in mobile computing devices. Note that an approach of this magnitude is not always required. Designs with very limited instruction sets or highly restricted functionalities may be satisfied by simply writing directed assembly code tests to verify their intended functionalities.

Comparison of Simple and Complex Architectures

Figure 1 depicts a simple architecture as compared to a complex one. Note that the number of corner cases and unpredictability of the verification space increases as the architecture gains complexity. Thus, the complexity of the architecture determines how much testing will need to be accomplished to properly verify the component’s function.

Figure 1. Comparison of Verification Spaces

Comparison of Verification Spaces

Measuring Verification Progress

Coverage metrics are the dominant method for measuring verification progress in the industry today. Coverage points are normally designated by the design engineers looking at the logic of their block and by verification or system engineers looking at the functional definition of the part. Both of these are critical insights into the required verification coverage of the design.

Coverage points, indicated by the red dots in Figure 2, are deliberately chosen with respect to placement and density according to design knowledge and risk assessment.

Figure 2. Distribution of Coverage Points

Directed Testing

In the past, directed tests were typically written to hit coverage points. Because directed tests are by their very nature highly targeted and relatively inflexible, this resulted in much of the design not being tested as is shown by the ratio of red to gray in Figure 5. In addition to the low overall coverage that results from this approach, creation of directed tests is time consuming and requires highly skilled engineers. In this approach, testbench checkers that detect hits to coverage points are often overlooked with the assumptions that the engineers writing the tests know how to hit the required coverage points and that human errors will not be significantly problematic. In addition, as the design changes over the course of development, the directed test may lose track of its target coverage point. Without coverage monitors, these types of errors will not be detected and the design will not be as thoroughly verified as it appears to be on paper.

Using a Random Test Generator to Close Coverage

As processor designs became more complex, the need to hit more coverage points became apparent. Once the grid has been established, large numbers of purely random tests may be incorporated to begin closing coverage. Some of these tests may hit points on the coverage grid while others will not.

Figure 3. Intersection of Coverage Grid and Pure Random

Approaching the problem of hitting coverage points from a random test generator viewpoint, a single engineer begins by writing a few generator templates and then generates tests using those templates. The generated tests are then run on a testbench which incorporates coverage monitors. The coverage monitors report all coverage points that are hit by the tests. As long as tests generated from the templates continue to hit new coverage points, the templates are kept in the nightly suite. As the rate of hitting new coverage points declines, new generator templates are created to target coverage holes. This approach requires skilled engineers to write checkers for the testbench but less skilled engineers to run the test generator.

Directed-random templates are created around points not hit by the purely random templates. We now begin to see the coverage grid closing more tightly (around 95%), and the verification process comes closer to completion.

Figure 4. Coverage Grid, Directed Random and Pure Random

Hitting Corner Cases

Not all coverage points will be hit by fully random or directed random templates. Some coverage points require a long series of events before the targeted behavior takes place. In this case, there are two possible approaches: write directed tests and write directed templates. Probably both of these approaches should be used. Directed tests can get to these most difficult coverage points more quickly but prove only one or a few cases around that point. Directed templates take more time to create but can be written to allow as much random behavior around the coverage point as possible.

Figure 5. Review Templates and Relax Restrictions

Finally, existing tests are reviewed, and as much directed behavior as possible is removed before the tests are run again. Coverage then reaches full closure, and these tests are run until the schedule no longer permits.

Tags: checkers, Complex Architectures, corner cases, coverage driven methodology, coverage grid, Coverage metrics, coverage monitors, directed assembly code tests, directed testing, Distribution of Coverage Points, functional design verification, general purpose microprocessor, mobile computing, random test generator, RTL testbench, Verification Progress
Posted in Technical Review | No Comments »

Bailey on Verification at the Club

Monday, March 23rd, 2009 by admin

By Grant Martin
This blog post originally appeared at:
http://www.chipdesignmag.com/martins/2009/03/19/bailey-on-verification-at-the-club/
— March 19, 2009 @ 11:14 pm

Today I attended the latest meeting of the Silicon Valley branch of the DVClub. For those not familiar with the DVClub (DV = Design Verification), it was started by Eric Hennenhoefer in Austin a few years ago. It now has branches in Austin, Bangalore, Boston, Bristol, Dallas, RTP, San Diego and Silicon Valley. In Silicon Valley it meets about once a quarter for a talk on some aspect of verification. I first heard of this about 1.5 years ago when we were invited from Tensilica to give a talk about verifying our video subsystem. The club has all the right ingredients to attract a crowd of engineers:

a free lunch
interesting speakers
did I mention a free lunch?
a chance to meet new colleagues and old friends
and of course, a free lunch

(Sponsors such as Cadence, Doulos, Denali, Silicon Elite and Obsidian pick up the tab for the venue and lunch (updated after original post, on Friday 20 March 2009, to correct list of sponsors)).

Today’s speaker was Brian Bailey, a friend and co-author of mine, speaking on “Is it time to declare a verification war?” The place was packed out with about 130 people, filling the room to capacity (Eric said this was the largest Silicon Valley DVClub crowd to date).

Brian Bailey

Brian spoke about his philosophy of verification, drew some analogies to Sun-Tzu’s Art of War, and also spoke about three technologies that he felt had potential to change verification significantly:

Functional Qualification – as exemplified by Certess (now SpringSoft) Certitude
Raising abstraction – as exemplified by Calypto’s sequential equivalence checking
“Intelligent testbenches” – as exemplified by Jasper’s Behavioural Indexing

Brian’s slides are available here.

IF you live or work anywhere any of these branches of the DVClub, and have an interest in verification, I recommend that you check them out. Sign up for their newsletter and get notified of meetings in advance.

Tags: Brian Bailey, DVClub, Eric Hennenhoefer, Is it time to declare a verification war?, Silicon Valley, Technical Review
Posted in Silicon Valley, Technical Review | No Comments »

Random Test Generator Taxonomy

Friday, February 27th, 2009 by admin

There is a vast landscape of test generators used in the industry today. These range from simple scripts and parameterized macros that can be created in a matter of weeks to full featured systems used by cutting edge processor verification teams.

In many cases, a processor design team will select a simple test generator for the first project and gradually evolve it into a more advanced form as the architecture matures. This continual evolution of test generator technology stems from several causes:

• Earlier designs tend to be simpler with later revisions adding more features and complexity.
• Later designs may prove complex enough to require a new approach.
• The verification effort may initially be underestimated.
• Estimates become more realistic over time as they become based on knowledge gained in earlier revisions.
• Products that go through several revisions and enhancements are likely to be those that have proven successful in the market and these tend to have better funding for both design and verification.

Table Based Generators

Table based test generators are the simplest generators available. Creation of such generators can be accomplished relatively quickly, and maintenance requirements are often low. These generators work by capturing ISA knowledge and storing it in a central table for later use. Because of their simplistic nature, table based generators may be used by less skilled personnel to create interesting tests. There is a drawback to these generators however, as their implementation is generally restricted to simple architectures. Usage on more complex ISAs may result in an inability to reach corner-cases or create complex scenarios. Table based generators may also generate invalid tests at times.

Static Generators

Static generators are similar to table based generators with the exception that the majority of the instruction, operand and data selection reside in complex procedural code. Static generators are capable of producing more random behavior than table based generators, but still have trouble
hitting many corner-cases. In addition, the skill level required to create and maintain such a tool rises sharply once this level of sophistication is reached.

Dynamic Generators

Dynamic generators incorporate significant knowledge about the architecture being tested. They enhance the ability of less-skilled users to generate complex tests that can hit hard-to-reach corner cases without stumbling on subtle programming pitfalls. This added knowledge, flexibility and ease-of-use is reflected in a more complex generator and consequently the cost of creating and maintaining the generator are greater than for table-based or static generators.

Tags: random test generators, test generator technology
Posted in Technical Review | 1 Comment »

Processor Design Verification Overview

Friday, February 20th, 2009 by admin

Anyone who has worked on a microprocessor design in recent years knows that verification has become a larger and larger share of the effort to bring a product to market. Designs are becoming increasingly complex and this complexity is often magnified in verification. Since completed verification is always the final stage in the design cycle, the additional time, effort and resources required are in the critical path to get the design out the door. For this reason, selection of verification tools has a direct effect on the total cost of the design and on meeting the time-to market criteria.

Through a series of upcoming postings, we will seek to outline several usage models and technologies while highlighting their strengths and weaknesses and providing a platform to judge the best verification strategy for a given product.

The goal of verification is to achieve bug-free first silicon on schedule. However, determining the absence of implementation flaws is no easy task; engineers must find an undetermined number of design flaws in an infinite space.

Determining when verification has reached completion is also a difficult task. This is typically based on heuristics, statistical measurements and experience. On all but the simplest designs, there is no point where the verification lead can say that the design has been completely tested and is known not to contain any hidden errors. Instead, verification engineers rely on proven methodologies, apply legacy test suites, and create sample applications to simulate real world conditions to the best of their abilities.

Functional verification typically involves running a large number of assembly level tests in RTL simulation. Figure 1 depicts a simple environment in which an external stimulus is applied to the device under test (DUT). The more random tests that are run in RTL pre-silicon, the greater the chance the DV team has of finding all the bugs.

Figure 1. A Simple Verification Testbench Environment

Tags: emulation, hardware based verification, RTL emulator hybrid, RTL testbench, verification completion, verification platforms
Posted in Technical Review | No Comments »

Thoughts on AMS Verification

Friday, November 14th, 2008 by eric

By Joseph Hupcey III of Cadence
November 13, 2008
Persistent link to this article here.

Last week I had the pleasure of attending a DV Club lunch presentation from Dr. Henry Chang of Designers’ Guide Consulting on “What the Digital Verification Engineer Needs to Know about Analog Verification”.

The talk was very engaging, where Dr. Chang’s comments on the relatively primitive state of analog verification confirmed my observations in talking with customers and Trailblazer partners. Specifically:

1 – In the eyes of digital verification people, analog verification looks like digital verification circa 1990. This isn’t meant as a criticism of analog developers — Dr. Chang reviewed the many reasons why this gap exists, and why they will likely persist for years into the future. For example, in order to effectively support the hierarchical circuit construction methodologies commonly used in the digital world, depending on the type circuit you are simulating analog simulators would have to become literally 1,000,000 times faster than they are today.

2 – Dr. Chang noted that very trivial, functional A-D interface errors are depressingly common in mixed signal designs. Even worse: such bugs are typically catastrophic (i.e. the chip is dead-on-arrival from the fab)

3 – The level of automation vs. the digital world is very low. Despite the growing complexity of pure analog blocks, most design entry is still done with schematic capture and not high-level design languages (although this is slowly changing). Debug? It’s all about eyeballing golden waveforms.

There was much more to the talk, but these three highlights stood out in my mind because myself and my fellow Trailblazers have also seen 1, 2, and 3 in our customer base. As such, I was “relieved” (in an ironic, negative sense) to hear that an expert like Dr. Chang is seeing the same things too. Do you out there in the blogsphere see all this too? Have you seen any analog users overcome 1, 2, or 3?

In a vaguely related note:
Driving back to my office from the talk, I was also struck by an analogy to the hardware/software co-verification space, where verification in this mixed domain is also relatively primitive compared to pure digital RTL verification. My colleague Jason Andrews captures this issue nicely in his recent post “Is anybody out there a Software Verification Engineer?”

In conclusion, I’d argue that at the 50,000ft level, issues 1 and 2 are factors in both the AMS and HW/SW domains (and for issue 3, you have to admit there is a lot of “bad” automation in the HW/SW domain; but that’s the subject of another blog post). The silver lining in these clouds is that the hunger for automated, metric-driven solutions in the AMS space is growing, and thus the EDA business has some future opportunities here whatever doldrums the economy might be in today.

P.S. If you haven’t been to one of these “DV Club” events, you are really missing out. The format is typically an in depth talk on some design or verification topic given over lunch, and the speakers have always been very informative. These events also draw a good sized audience (I’ve never seen less than 50 people at the Silicon Valley area events I go to), so the networking is great. Note that in addition to Silicon Valley, they hold these “lunch & learns” in Austin, Bangalore, Boston, Bristol UK, Dallas, RTP, and San Diego. Here is the DV Club events calendar for more info:
http://www.dvclub.org

Tags: analog automation, analog verification, Cadence, design entry, designers' guide consulting, digital verification, Henry Chang, interface errors, Joseph Hupcey, RTL verification, schematic capture
Posted in Technical Review | No Comments »