

Formal Methods in Computer-Aided Design - Austin, Texas, USA, September 28, 2015

Ziyad Hanna, PhD. Vice President of R&D Cadence Design Systems

## Software and verification driving SoC project costs 80% of overall development costs, mostly in headcount



### Ever-growing system development complexity



### Agenda



Formal Verification Adoption

Formal Verification Vision

**Democratization of Formal** 

Forward Looking



## Disruptive Formal Verification



## 2007 Turing Award Groundbreaking work on Model Checking.



Edmund M. Clarke, E. Allen Emerson, Joseph Sifakis



## Writing Spec...



**IEEE STANDARDS ASSOCIATION** 



IEEE Standard for SystemVerilog— Unified Hardware Design, Specification, and Verification Language

IEEE Computer Society and the IEEE Standards Association Corporate Advisory Group

Sponsored by the Design Automation Standards Committee

IEEE 3 Park Avenue New York, NY 10016-5997 USA

21 February 2013

IEEE Std 1800™-2012 (Revision of IEEE Std 1800-2009)



#### Big Companies Pioneered Formal

"Replacing Testing with Formal Verification in Intel® Core $^{TM}$  i7 Processor Execution Engine Validation" – CAV 2009

Roope Kaivola, Rajnish Ghughal, Naren Narasimhan, Amber Telfer, Jesse Whittemore, Sudhindra Pandav, Anna Slobodová, Christopher Taylor, Vladimir Frolov, Erik Reeber, Armaghan Naik

"Automatic Verification of Floating Point Units" at IBM – DAC 14

Udo Krautz, Viresh Paruthi, Anand Arunagiri, Sujeet Kumar, Shweta Pujar, Tina Babinsky

"Sequential Equivalence Verifier for Hardware Designs", at Intel – ICCD 2006

Ziyad Hanna, Daher Kaiss, Silvian Goldenburg

And many more ...



#### Good Candidates for Formal Verification

- Arbiters
- On-chip bus bridges
- Power management units
- Memory and DMA controllers
- Host bus interface unit
- Scheduler, implementing multiple threads
- Virtual channels for QoS
- IEEE floating point arithmetic

- Interrupt controller
- Token generators
- Cache coherency
- Credit manager blocks
- Standard interface (ARM AMBA protocol, DDR, etc.)
- Proprietary interfaces
- Clock disable units



# IP and subsystem-level design and verification solutions (Apps)

- Formal property verification
- Sequential equivalence checking
- Structural property synthesis Superlint
- Behavioral property synthesis
- X propagation checking
- Coverage analysis and measurement
- Post-silicon debug (PSD)
- Clock glitch analysis and debug
- Functional Safety ISO26262
- •



#### SoC-level Formal Verification



### Spectrum of Formal Verification Solutions



## ROI is proven by industry leaders

Highlights from Jasper User Group in 2012-2013

#### Cortex® A12 formal verification results



#### Design bring-up benefits

simulation

- Another GPU example:
  Not more, not less bugs, but the bugs are found much earlier
  So less RTL changes (code churn), especially late

## 2.5X better ROI than simulation



#### Onarcoww.

"At QUALCOMM we've seen three aspects of ROI from our use of JasperGold: engineering efficiency, functional coverage and time-to-market." **EFFICIENCY** 

"Regarding engineering efficiency, we've observed cases of a 3x-4x productivity gain where we've applied JasperGold, compared to performing the same tasks with simulation."

QUALITY

"Our use of JasperGold increases functional coverage, and thereby chip quality, by exposing bugs earlier during chip development."

TIME-TO-MARKET

"We've seen that JasperGold accelerates time-to-market in certain cases by

enabling us to reach verification closure on late-stage changes in a day,
versus a week.\*

J. Scott Runner, QUALCOMN

cā dence<sup>°</sup>

Late-change verification in a day vs. a week



## Bugs found earlier: 82% code churn reduction





84% of bugs found automatically





#### JUG 2014: focus on proliferation of proven ROI



Formal experts enabling designers to use FV, with focus on properties that are hard to verify with simulation





Cookie cutter property library to assist mass FV deployment



FVC: status

Developed successfully on ARM® CORTEX®-A17 processor
Saves time
High configurability
Easier to use than the "usual" way
Adds no performance overhead onto the JasperGold usage
Now used in production on our current projects

Formal verification configuration (FVC) helps proliferate formal flows to non-experts





#### Spectrum of Formal Verification Solutions



#### Agenda

Formal Verification Adoption



Formal Verification Vision

**Democratization of Formal** 

Forward Looking





The primary verification method for systems !!



#### Formal Verification Scalability Factors

 Design capacity: Size of designs that can be read and elaborated

 Verification capacity: Measured by the number of state variables in pruned models that FV engines can verify

- Performance: CPU run time needed to complete a verification task
- Debugging: Measured by human effort spent to complete a verification task
- Predictability: Where can FV be applied
- Coverage and progress metrics





### Formal and Simulation Interoperability for System Integration and Verification



Simulation/

#### Agenda

Formal Verification Adoption

Formal Verification Vision

Democratization of Formal

Forward Looking



Democratization of technology refers to an ongoing process by which access to technology rapidly continues to become more accessible to more people. New technologies and improved user experiences have empowered those outside of the technical industry to access and use technological products and services. At an increasing scale, consumers have greater access to use and purchase technologically sophisticated products, as well as to participate meaningfully in the development of these products. Industry innovation and user demand have been associated with more affordable, userfriendly products.

http://en.wikipedia.org/wiki/Democratization\_of\_technology



#### The Industry Believes in it ...

"Democratization of Formal beyond the formal experts ... "

Bob Bentley (Former Intel Validation Director)
Jasper® Users Group 2012

"Formal for Everyone, Challenges in Achievable Multicore Design and Verification"

Daryl Stewart (Research Engineer at ARM) Formal Methods in CAD 2012



# Democratization of Formal for Design Community – Why?

- They are the creators of the implementation
- Poor quality design rolled out to downstream
  - process cause costly iterative design effort
- Design knowledge poorly communicated
- Main verification starts after RTL creation process
- Verification is costly and not effective





## Democratization Challenges – Support and Enablement!!



- Low-end solutions are useful for debugging and easy problems, however have limited ROI
- Formal applicability is evolving rapidly, but is still gated by capacity limitations, and therefore needs more automation
- Support and expertise is required to train initial users:
  - √ How to convert spec to properties
  - √ How to develop proper constraints
  - √ How to manage complexity



#### How do we train/support users today?

- Dedicated help and training (by EDA and Expert Users)
- Reference materials to search and read





#### Innovation – Exploiting Human Intelligence and Technology



cadence

#### What if we knew...

- When is a user struggling?
  - Did they give up?
- What problem is the user trying to solve?
- What stage of the verification effort is it
  - early, late, ..?
- Is there an opportunity for other App(s)?
- What information could we use to improve the tool?
- What design components/complexity are bogging down the tool?
- When is a task finished?
  - What was the ROI?



#### "Formal Tool State"!





#### Formal Expert System!

- A revolutionary new approach to user guidance. It is a knowledge-based system, that recommends decisions specific to the user's experience, design under verification in the context of tool state.
- It leverages everything the tool can detect, and then asks the user for additional information.
- Under the hood, decision leverages a versatile expert knowledge rules captured by experts
- Provides live monitoring and alerts from the FV tool to a web server. The web server collects usage data from runs.



#### Formal Expert System





#### **Expert System and Rule Matching**





#### **Expert System and Rule Matching**





#### **Expert System and Rule Matching**





#### Knowledge Rule Challenges

- How to capture the rules? How effective are they?
- How to match the rules, considering the context?
- How to sort the rules and recommendations based on user experience and skill set?
- Apply the recommendations and undo/redo, history?
- Frequency of the recommendation, in same or different sessions?
- Capturing user feedback and sharing!
- Fast processing ... all happens on-the-fly!



### Known Recommendation systems: Amazon, eBay, Google, Netflix, LinkedIn, ...







▼ The SPIN Model Checker: Primer and Reference Manual (paperback) by Gerard Holzmann Paperback \$50.63

HOME RECSYS 2016 PAST CONFERENCES HONORS WIKI



CONTACT

#### 9th ACM Conference on Recommender Systems

Vienna, Austria, 16th-20th September 2015

The ACM Recommender Systems conference (RecSys) is the premier international forum for the presentation of new research results, systems and techniques in the broad field of recommender systems. Recommendation is a particular form of information filtering, that exploits past behaviors and user similarities to generate a list of information items that is personally tailored to an enduser's preferences. As RecSys brings together the main international research groups working on recommender systems, along with many of the world's leading e-commerce companies, it has become the most important annual conference for the presentation and discussion of recommender systems research. RecSys 2015, the ninth conference in this series, was held at the TU Wien, Vienna, Austria, from September 16-20, 2015. Participants — in total nearly 500 — came from academia and industry presenting their latest results and identify new trends and challenges in providing recommendation components in a range of innovative application contexts. In addition to the main technical track, RecSys 2015 program featured keynote and invited talks, tutorials covering state-of-the-art in this domain, a workshop program, an industrial track and a doctoral symposium.

#### RECSYS 2015 (VIENNA)

| About the Conference   |  |
|------------------------|--|
| Call for Contributions |  |
| Program                |  |
| Keynotes               |  |
| Workshops              |  |
| Tutorials              |  |
| Doctoral Symposium     |  |

Q

#### Formal Democratization Impact!



Wider usage, higher impact, higher productivity, reduced cost





The primary verification method for systems!!

