SlideShare a Scribd company logo

I Never Thought I Would Grow Up to be This Formal

D
DVClub

This document provides an overview of formal verification from the perspective of an engineer with experience using formal verification tools over time. It defines formal verification and how it differs from simulation-based verification. It then discusses the author's experiences with formal verification from the 1990s to present day, noting how formal verification has become more usable, integrated with design flows, and adopted by more designers. The document also outlines observed benefits of formal verification and common challenges with adopting it. It concludes by predicting continued growth in capacity, capabilities, and adoption of formal verification methods.

1 of 24
Download to read offline
I never thought I would grow up to be this formal. A reflection on Formal Verification experiences Tim Stremcha – May 2010
2 Agenda topics Ø  Definition Ø  Formal Verification use retrospective Ø  Observed benefits Ø  Use models across the industry Ø  Deployment challenges Ø  Formal future Ø  Q & A
3 Definition Ø  Formal Verification (FV) is a method of conclusively proving that a condition in a design can not be violated by legal input stimulus ―  Legal input stimulus defined with input constraint assertions ―  Checks are also inserted in the form of assertions Examples: - A FIFO will never overflow - bus protocol can not be violated Ø  This is not a discussion about formal Logical Equivalency Checking (LEC) ―  LEC has traditionally been referred to as formal verification and the name overload still causes confusion
4 Definition (cont) Ø  How is FV different from dynamic simulation based verification? ―  Dynamic simulations conclude that the range of stimulus used does not propagate a functional violation to a checker ―  Formal verification can conclude that there is no possibility of a functional violation being propagated to a checker (assertion). i.e. It can prove there is no legal sequence of stimulus that can possibly violate an assertion
5 Definition (cont) Ø  Iterative testing lowers probability of undetected flaw Ø Exhaustive search is not practical in most cases Ø  Cones of influence to assertions are isolated and algorithmically proven to hold true or have exceptions
6 Formal Verification retrospective Ø  Why look back? ―  It helps gain perspective on the trajectory of FV technology which can help us assess where it's most likely to be useful today, and also help predict where it's going ―  It provides a context to relay some direct experiences with some FV use models ―  It reveals the roots of some common reservations about FV and helps us weigh their relevancy today
7 Formal Verification retrospective (cont) Disclaimers: Ø  These reflections are based on my experiences. This is not a comprehensive treatise on the evolution and use of FV nor is it a comparison of capabilities between vendors. Ø  Most of my work with FV has been oriented toward improving the design process efficiency and accuracy, with considerably less emphasis on final verification sign- off and coverage closure. While there is a great deal of overlap between these goals, the ability of FV to contribute more directly to the latter is underrepresented here.
8 Formal Verification retrospective (cont) 1)  Early FV use – circa 1996 Ø  Backdrop: ―  Testbenches were generally a mix of straight Verilog, PLI models, and proprietary solutions ―  Design synthesis from RTL was a relatively new norm ―  FV tools for hardware design were in their infancy Ø  Environment: ―  Employed esoteric and proprietary constraint/assertion/query languages ―  Could not be leveraged by the companion workhorse simulation testbenches ―  Required top-notch resources which were removed from core contribution efforts ―  Woefully limited capacity
9 Formal Verification retrospective (cont) 1) Early FV use – circa 1996 Ø  Results/conclusions: ―  FV gave very low return in terms of actual DV or design process efficiency improvement ―  Very high monetary and time costs ―  Provided negative stereotypes of FV that persist today ―  FV is “weird” ―  It requires sophisticated specialization ―  It’s questionable whether it will provide much benefit ―  It doesn’t integrate very well with the rest of the design and verification process – it’s a separate effort
10 Formal Verification retrospective (cont) 2) Give it to the gurus – circa 2005 Ø  Backdrop: ―  FV was trickling into design/DV flows though fewer than 30% of companies had any FV use according to a Deepchip survey at the time ―  The major CAD vendors were actively investing and staking claims in FV through acquisitions and/or organic development. ―  Cadence acquired Verplex (Blacktie) in 2003 ―  Synopsys made full customer debut of Magellan in 2004 ―  Mentor Graphics acquired 0-in in 2004 ―  Some “indy” tools stood tall including Jasper and Real Intent ―  Recent standardization of assertion languages meant that FV preparation (constraints and checking assertions) provided value in the dynamic simulation environment
11 Formal Verification retrospective (cont) 2) Give it to the gurus – circa 2005 Ø  Environment: ―  Specialists with highly sophisticated knowledge of FV algorithms and processes were hired to provide FV capabilities to the team by owning the tool setup and operation ―  This specialized group reached in to provide verification in parallel with the DV team by targeting every assertion. Ø  Results/conclusions: ―  Provided real value to the design and verification processes, but relied on significant specialized expertise ―  Successful at starting to bridge the gap between FV as an academic expedition and a practical application within real design flows ―  Separation of skills between FV enablers and the design/DV team was too wide for widespread deployment
12 Formal Verification retrospective (cont) 3)  Designer owns it all – circa 2006 Ø  Backdrop: ―  Standardized assertion use by designers was becoming more commonplace ―  A large portion of the FV enabling work (i.e. the assertion implementation) was coincidentally being undertaken based on its own merits and value ―  The FV tools were maturing and reaching out to the design/dv community in a more user friendly way.
13 Formal Verification retrospective (cont) 3) Designer owns it all – circa 2006 Ø  Environment: ―  Verification of the block was to be done by the customer, but wasn’t available during the block design, so FV was the sole DV method used during that part of the design process ―  The designer implemented a full set of assertions for the design, set up the formal environment, and ran the tool ―  The design was quite configurable via control registers which presented a verification challenge in any environment. With FV all configurations were solved simultaneously.
14 Formal Verification retrospective (cont) 3) Designer owns it all – circa 2006 Ø  Results/conclusions: ―  Quite effective. No logic bugs were found during post-FV verification ―  Provided a tight, efficient bug identification and repair loop for the designer ―  You still probably don’t want to try this at home ―  Independent verification was only achieved during very late stage integration testing. This propagated too much risk forward for universal adoption. ―  Loading all FV related tasks onto logic designers unnecessarily lumps it onto a critical path resource
15 Formal Verification retrospective (cont) 4) FV enabled designer – circa today Ø  Backdrop: ―  Robust assertion methodology in use within our design group ―  More of the team is familiar with the application of FV ―  FV tools continue to improve capacity and usability Ø  Environment: ―  FV “enabler” supports each project ―  Responsible for assertions on some or all block-to-block interfaces ―  Sets up initial FV tool environment for each designer ―  Provides first line of support to users ―  These tasks can be shared across multiple people – flexible load sharing ―  Could be considered a guru-lite approach ―  Each designer has near push-button access to some level of FV
16 Formal Verification retrospective (cont) 4) FV enabled designer – circa today Ø  Results/conclusions: ―  Provides the tight bug identification and repair loop of the “Designer does it all” model, but allows better work sharing ―  Specialization is limited and the work on the interface assertions are leveraged by the FV environments as well as the dynamic testbenches ―  Allows a path for FV proliferation without excessive overhead on every user ―  Can be supplemented by dedicated FV work for difficult properties that are beyond the capabilities of newer users
17 Observed benefits of using FV Ø  Check of the checkers ―  The formal tools are very proficient at identifying underconstraint situations and providing short counter-example traces ―  This function is underrated and is even sometimes counted as solely a FV startup cost and therefore a FV detractor! ―  Better input constraints mean better checks on the driving block, whether that’s another block or the testbench Ø  More granular ad hoc test environments ―  Replaces designer “preverification” test environments ―  Decouples initial testing from the availability of other design blocks and the full testbench Ø  Closed loop, designer controlled testing (stealthy benefit)
18 Observed benefits of using FV Ø  Higher quality input constraints, design and checker assertions enter the dynamic simulation environment ―  Expectations and definitions are unambiguously conveyed to verification and other designers via full input constraint set ―  Illegal stimulus flagged immediately at the inputs of blocks during dynamic simulation and IP integration (stealthy benefit) Ø  Bounded proofs and FV bug hunting offer orthogonal testing and assurances relative to dynamic simulations. Ø  There’s nothing like a proof ―  Exhaustive proof capability was an original core offering of FV and is still a main attraction
19 Use models across the industry From “Mixing Formal and Dynamic Verification” by Bill Murray Respondent companies: Alcatel-Lucent, Analog Devices, ARM, Cisco, DE Shaw Research (DESRES), Fujitsu Microelectronics Europe, HP, IBM, Infineon, Intel, nVidia, Qualcomm, Saab, Silicon Logic Engineering (Tundra), STMicroelectronics and Sun Microsystems Disclosure: There is some element of self fulfilling consistency since I was one of those surveyed. Note: numbers in parenthesis on the left indicate use model index, not respondent counts
20 Use models across the industry From “Mixing Formal and Dynamic Verification” by Bill Murray My apologies for the eye chart! The main point is the high value attributed to use during early design (i.e. Early block-level checking and Block exploration/bug hunting) juxtaposed with no votes for late stage Sign-off criterion.
21 Launch and deployment challenges Ø  It’s a change. Ø  Lingering perception that FV requires super-specialized skills and is narrowly applicable. Ø  Requires multi-team learning, and cooperation. Fortunately, standardization has made this knowledge portable and likely to be valuable for the foreseeable future Ø  The discipline and completeness that FV enforces on the enabling work can be frustrating ―  It’s easier to create “pretty good” constraints than to build full constraints. The extra effort to close that gap doesn’t always seem worth it on the surface
22 Launch and deployment challenges Ø  Management buy in ―  Enabling work (constraints, assertions) is sometimes perceived as simply FV overhead ―  Adoption is misperceived as “all or nothing” ―  Assertion methodology can be adopted and improved without regard to actual FV use ―  FV can be applied gradually through use on select blocks, though the tool cost is a step function ―  Some important benefits are stealthy ―  Resources are always scarce and “a bird in the hand” contributing directly to a more traditional methodology is often more attractive than an assignment to something new and less well understood ―  Money for something “we didn’t need in the past”
23 Formal Future, continuing up Ø  Where will FV go from here? Formal Verification will… ―  Gain capacity and capabilities ―  Based on FV research advances (algorithms, programming efficiencies, etc) ―  By fully absorbing the power of the compute capacity wave ―  Faster per human resource than dynamic testbenches/tests? ―  Become more seamlessly enlisted in the [OUV]MM type testbench environments ―  Some level of constraint language amalgamation would be helpful ―  Continue to be more widely adopted. The more immediately observable curve will be the expanded use of the enabling assertions and constraints. ―  Become essential to your methodology
24 Formal Verification is good. There’s Proof!

Recommended

Software testing basic concepts
Software testing basic conceptsSoftware testing basic concepts
Software testing basic conceptsSuresh Mca
 
2011/09/20 - Software Testing
2011/09/20 - Software Testing2011/09/20 - Software Testing
2011/09/20 - Software TestingFernando Brito e Abreu
 
Testing Practices for Continuous Delivery - Ken McCormack
Testing Practices for Continuous Delivery - Ken McCormackTesting Practices for Continuous Delivery - Ken McCormack
Testing Practices for Continuous Delivery - Ken McCormackkennymccormack
 
Manual Testing Notes
Manual Testing NotesManual Testing Notes
Manual Testing Notesguest208aa1
 
Innovations and adaptations in agile testing
Innovations and adaptations in agile testingInnovations and adaptations in agile testing
Innovations and adaptations in agile testingSubrahmaniam S.R.V
 
Essential Test Management and Planning
Essential Test Management and PlanningEssential Test Management and Planning
Essential Test Management and PlanningTechWell
 
Manual Testing
Manual TestingManual Testing
Manual TestingG.C Reddy
 
Software Architecture: Test Case Writing
Software Architecture: Test Case WritingSoftware Architecture: Test Case Writing
Software Architecture: Test Case WritingSitdhibong Laokok
 

Recommended

Software testing basic concepts
Software testing basic conceptsSoftware testing basic concepts
Software testing basic conceptsSuresh Mca
 
2011/09/20 - Software Testing
2011/09/20 - Software Testing2011/09/20 - Software Testing
2011/09/20 - Software TestingFernando Brito e Abreu
 
Testing Practices for Continuous Delivery - Ken McCormack
Testing Practices for Continuous Delivery - Ken McCormackTesting Practices for Continuous Delivery - Ken McCormack
Testing Practices for Continuous Delivery - Ken McCormackkennymccormack
 
Manual Testing Notes
Manual Testing NotesManual Testing Notes
Manual Testing Notesguest208aa1
 
Innovations and adaptations in agile testing
Innovations and adaptations in agile testingInnovations and adaptations in agile testing
Innovations and adaptations in agile testingSubrahmaniam S.R.V
 
Essential Test Management and Planning
Essential Test Management and PlanningEssential Test Management and Planning
Essential Test Management and PlanningTechWell
 
Manual Testing
Manual TestingManual Testing
Manual TestingG.C Reddy
 
Software Architecture: Test Case Writing
Software Architecture: Test Case WritingSoftware Architecture: Test Case Writing
Software Architecture: Test Case WritingSitdhibong Laokok
 
Essential Test Management and Planning
Essential Test Management and PlanningEssential Test Management and Planning
Essential Test Management and PlanningTechWell
 
A comprehensive formal verification solution for ARM based SOC design
A comprehensive formal verification solution for ARM based SOC design A comprehensive formal verification solution for ARM based SOC design
A comprehensive formal verification solution for ARM based SOC design chiportal
 
King_Mimi_Resume_r1
King_Mimi_Resume_r1King_Mimi_Resume_r1
King_Mimi_Resume_r1Mimi King
 
Using PSL and FoCs for Functional Coverage Verification
Using PSL and FoCs for Functional Coverage Verification Using PSL and FoCs for Functional Coverage Verification
Using PSL and FoCs for Functional Coverage Verification DVClub
 
Complete testing@uma
Complete testing@umaComplete testing@uma
Complete testing@umaUma Sapireddy
 
Vaidyanathan Ramalingam Agile Testing Leadership Lessons Softec 2 July2011
Vaidyanathan Ramalingam Agile Testing Leadership Lessons Softec 2 July2011Vaidyanathan Ramalingam Agile Testing Leadership Lessons Softec 2 July2011
Vaidyanathan Ramalingam Agile Testing Leadership Lessons Softec 2 July2011Skills2Talent (Integrated Talent Management and L&D Software - Hire to ROI)
 
Vaidyanathan Ramalingam Rca In Testing Conference Speech
Vaidyanathan Ramalingam Rca In Testing Conference SpeechVaidyanathan Ramalingam Rca In Testing Conference Speech
Vaidyanathan Ramalingam Rca In Testing Conference SpeechSkills2Talent (Integrated Talent Management and L&D Software - Hire to ROI)
 
Vaidyanathan Ramalingam Trade Off Economics In Testing Conference Speech
Vaidyanathan Ramalingam Trade Off Economics In Testing Conference SpeechVaidyanathan Ramalingam Trade Off Economics In Testing Conference Speech
Vaidyanathan Ramalingam Trade Off Economics In Testing Conference SpeechSkills2Talent (Integrated Talent Management and L&D Software - Hire to ROI)
 
Vaidyanathan Ramalingam Agile Testing Conference Speech
Vaidyanathan Ramalingam Agile Testing Conference SpeechVaidyanathan Ramalingam Agile Testing Conference Speech
Vaidyanathan Ramalingam Agile Testing Conference SpeechSkills2Talent (Integrated Talent Management and L&D Software - Hire to ROI)
 
Vaidyanathan Ramalingam Silicon India Testing Conference 2 July2011 Speech
Vaidyanathan Ramalingam Silicon India Testing Conference 2 July2011 SpeechVaidyanathan Ramalingam Silicon India Testing Conference 2 July2011 Speech
Vaidyanathan Ramalingam Silicon India Testing Conference 2 July2011 SpeechSkills2Talent (Integrated Talent Management and L&D Software - Hire to ROI)
 
Vaidyanathan Ramalingam Agile Conference Speech
Vaidyanathan Ramalingam Agile Conference SpeechVaidyanathan Ramalingam Agile Conference Speech
Vaidyanathan Ramalingam Agile Conference SpeechSkills2Talent (Integrated Talent Management and L&D Software - Hire to ROI)
 
Vaidyanathan Ramalingam Testing Checklist Conference Speech
Vaidyanathan Ramalingam Testing Checklist Conference SpeechVaidyanathan Ramalingam Testing Checklist Conference Speech
Vaidyanathan Ramalingam Testing Checklist Conference SpeechSkills2Talent (Integrated Talent Management and L&D Software - Hire to ROI)
 
Vaidyanathan Ramalingam Software Testing Eco System Conference Speech
Vaidyanathan Ramalingam Software Testing Eco System Conference SpeechVaidyanathan Ramalingam Software Testing Eco System Conference Speech
Vaidyanathan Ramalingam Software Testing Eco System Conference SpeechSkills2Talent (Integrated Talent Management and L&D Software - Hire to ROI)
 
Vaidyanathan Ramalingam Waterfall Vs Agile Testing Conference Speech
Vaidyanathan Ramalingam Waterfall Vs Agile Testing Conference SpeechVaidyanathan Ramalingam Waterfall Vs Agile Testing Conference Speech
Vaidyanathan Ramalingam Waterfall Vs Agile Testing Conference SpeechSkills2Talent (Integrated Talent Management and L&D Software - Hire to ROI)
 
Vaidyanathan Ramalingam Rca In Agile Conference Speech
Vaidyanathan Ramalingam Rca In Agile Conference SpeechVaidyanathan Ramalingam Rca In Agile Conference Speech
Vaidyanathan Ramalingam Rca In Agile Conference SpeechSkills2Talent (Integrated Talent Management and L&D Software - Hire to ROI)
 
Test automation lessons from WebSphere Application Server
Test automation lessons from WebSphere Application ServerTest automation lessons from WebSphere Application Server
Test automation lessons from WebSphere Application ServerRobbie Minshall
 
01 software test engineering (manual testing)
01 software test engineering (manual testing)01 software test engineering (manual testing)
01 software test engineering (manual testing)Siddireddy Balu
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
 
Unit 4
Unit 4Unit 4
Unit 4jayanthi_2009
 
Unit 4
Unit 4Unit 4
Unit 4jayanthi_2009
 
Enhancing Quality and Test in Medical Device Design - Part 2.pdf
Enhancing Quality and Test in Medical Device Design - Part 2.pdfEnhancing Quality and Test in Medical Device Design - Part 2.pdf
Enhancing Quality and Test in Medical Device Design - Part 2.pdfICS
 
Continuous Performance Testing in DevOps - Lee Barnes
Continuous Performance Testing in DevOps - Lee BarnesContinuous Performance Testing in DevOps - Lee Barnes
Continuous Performance Testing in DevOps - Lee BarnesQA or the Highway
 

More Related Content

What's hot

Essential Test Management and Planning
Essential Test Management and PlanningEssential Test Management and Planning
Essential Test Management and PlanningTechWell
 
A comprehensive formal verification solution for ARM based SOC design
A comprehensive formal verification solution for ARM based SOC design A comprehensive formal verification solution for ARM based SOC design
A comprehensive formal verification solution for ARM based SOC design chiportal
 
King_Mimi_Resume_r1
King_Mimi_Resume_r1King_Mimi_Resume_r1
King_Mimi_Resume_r1Mimi King
 
Using PSL and FoCs for Functional Coverage Verification
Using PSL and FoCs for Functional Coverage Verification Using PSL and FoCs for Functional Coverage Verification
Using PSL and FoCs for Functional Coverage Verification DVClub
 
Complete testing@uma
Complete testing@umaComplete testing@uma
Complete testing@umaUma Sapireddy
 
Test automation lessons from WebSphere Application Server
Test automation lessons from WebSphere Application ServerTest automation lessons from WebSphere Application Server
Test automation lessons from WebSphere Application ServerRobbie Minshall
 
01 software test engineering (manual testing)
01 software test engineering (manual testing)01 software test engineering (manual testing)
01 software test engineering (manual testing)Siddireddy Balu
 

What's hot (17)

Essential Test Management and Planning
Essential Test Management and PlanningEssential Test Management and Planning
Essential Test Management and Planning
 
A comprehensive formal verification solution for ARM based SOC design
A comprehensive formal verification solution for ARM based SOC design A comprehensive formal verification solution for ARM based SOC design
A comprehensive formal verification solution for ARM based SOC design
 
King_Mimi_Resume_r1
King_Mimi_Resume_r1King_Mimi_Resume_r1
King_Mimi_Resume_r1
 
Using PSL and FoCs for Functional Coverage Verification
Using PSL and FoCs for Functional Coverage Verification Using PSL and FoCs for Functional Coverage Verification
Using PSL and FoCs for Functional Coverage Verification
 
Complete testing@uma
Complete testing@umaComplete testing@uma
Complete testing@uma
 
Vaidyanathan Ramalingam Agile Testing Leadership Lessons Softec 2 July2011
Vaidyanathan Ramalingam Agile Testing Leadership Lessons Softec 2 July2011Vaidyanathan Ramalingam Agile Testing Leadership Lessons Softec 2 July2011
Vaidyanathan Ramalingam Agile Testing Leadership Lessons Softec 2 July2011
 
Vaidyanathan Ramalingam Rca In Testing Conference Speech
Vaidyanathan Ramalingam Rca In Testing Conference SpeechVaidyanathan Ramalingam Rca In Testing Conference Speech
Vaidyanathan Ramalingam Rca In Testing Conference Speech
 
Vaidyanathan Ramalingam Trade Off Economics In Testing Conference Speech
Vaidyanathan Ramalingam Trade Off Economics In Testing Conference SpeechVaidyanathan Ramalingam Trade Off Economics In Testing Conference Speech
Vaidyanathan Ramalingam Trade Off Economics In Testing Conference Speech
 
Vaidyanathan Ramalingam Agile Testing Conference Speech
Vaidyanathan Ramalingam Agile Testing Conference SpeechVaidyanathan Ramalingam Agile Testing Conference Speech
Vaidyanathan Ramalingam Agile Testing Conference Speech
 
Vaidyanathan Ramalingam Silicon India Testing Conference 2 July2011 Speech
Vaidyanathan Ramalingam Silicon India Testing Conference 2 July2011 SpeechVaidyanathan Ramalingam Silicon India Testing Conference 2 July2011 Speech
Vaidyanathan Ramalingam Silicon India Testing Conference 2 July2011 Speech
 
Vaidyanathan Ramalingam Agile Conference Speech
Vaidyanathan Ramalingam Agile Conference SpeechVaidyanathan Ramalingam Agile Conference Speech
Vaidyanathan Ramalingam Agile Conference Speech
 
Vaidyanathan Ramalingam Testing Checklist Conference Speech
Vaidyanathan Ramalingam Testing Checklist Conference SpeechVaidyanathan Ramalingam Testing Checklist Conference Speech
Vaidyanathan Ramalingam Testing Checklist Conference Speech
 
Vaidyanathan Ramalingam Software Testing Eco System Conference Speech
Vaidyanathan Ramalingam Software Testing Eco System Conference SpeechVaidyanathan Ramalingam Software Testing Eco System Conference Speech
Vaidyanathan Ramalingam Software Testing Eco System Conference Speech
 
Vaidyanathan Ramalingam Waterfall Vs Agile Testing Conference Speech
Vaidyanathan Ramalingam Waterfall Vs Agile Testing Conference SpeechVaidyanathan Ramalingam Waterfall Vs Agile Testing Conference Speech
Vaidyanathan Ramalingam Waterfall Vs Agile Testing Conference Speech
 
Vaidyanathan Ramalingam Rca In Agile Conference Speech
Vaidyanathan Ramalingam Rca In Agile Conference SpeechVaidyanathan Ramalingam Rca In Agile Conference Speech
Vaidyanathan Ramalingam Rca In Agile Conference Speech
 
Test automation lessons from WebSphere Application Server
Test automation lessons from WebSphere Application ServerTest automation lessons from WebSphere Application Server
Test automation lessons from WebSphere Application Server
 
01 software test engineering (manual testing)
01 software test engineering (manual testing)01 software test engineering (manual testing)
01 software test engineering (manual testing)
 

Similar to I Never Thought I Would Grow Up to be This Formal

OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
 
Enhancing Quality and Test in Medical Device Design - Part 2.pdf
Enhancing Quality and Test in Medical Device Design - Part 2.pdfEnhancing Quality and Test in Medical Device Design - Part 2.pdf
Enhancing Quality and Test in Medical Device Design - Part 2.pdfICS
 
Continuous Performance Testing in DevOps - Lee Barnes
Continuous Performance Testing in DevOps - Lee BarnesContinuous Performance Testing in DevOps - Lee Barnes
Continuous Performance Testing in DevOps - Lee BarnesQA or the Highway
 
How to Deliver Winning Mobile Apps
How to Deliver Winning Mobile AppsHow to Deliver Winning Mobile Apps
How to Deliver Winning Mobile AppsTechWell
 
Diab Compiler Quality Overview
Diab Compiler Quality OverviewDiab Compiler Quality Overview
Diab Compiler Quality Overviewkylefacchin
 
Continuous Engineering with IBM Rational RELM
Continuous Engineering with IBM Rational RELMContinuous Engineering with IBM Rational RELM
Continuous Engineering with IBM Rational RELMgjuljo
 
In search of technical exellence
In search of technical exellenceIn search of technical exellence
In search of technical exellenceJinping Qu
 
End-to-end testing in complex GitOps environments
End-to-end testing in complex GitOps environmentsEnd-to-end testing in complex GitOps environments
End-to-end testing in complex GitOps environmentsEtienne Tremel
 
[2015/2016] Software development process
[2015/2016] Software development process[2015/2016] Software development process
[2015/2016] Software development processIvano Malavolta
 
Plagiarism Report SDLC 1.pdf
Plagiarism Report SDLC 1.pdfPlagiarism Report SDLC 1.pdf
Plagiarism Report SDLC 1.pdfOmethSanchitha
 
Software Development Taxonomy
Software Development TaxonomySoftware Development Taxonomy
Software Development TaxonomyAli Gholami
 
Software Development Models
Software Development ModelsSoftware Development Models
Software Development ModelsEmi Rahmi
 
Software Development Models by Graham et al
Software Development Models by Graham et alSoftware Development Models by Graham et al
Software Development Models by Graham et alEmi Rahmi
 
Tiara Ramadhani - Program Studi S1 Sistem Informasi - Fakultas Sains dan Tekn...
Tiara Ramadhani - Program Studi S1 Sistem Informasi - Fakultas Sains dan Tekn...Tiara Ramadhani - Program Studi S1 Sistem Informasi - Fakultas Sains dan Tekn...
Tiara Ramadhani - Program Studi S1 Sistem Informasi - Fakultas Sains dan Tekn...Tiara Ramadhani
 
How to test a Mainframe Application
How to test a Mainframe ApplicationHow to test a Mainframe Application
How to test a Mainframe ApplicationMichael Erichsen
 

Similar to I Never Thought I Would Grow Up to be This Formal (20)

OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 
Unit 4
Unit 4Unit 4
Unit 4
 
Unit 4
Unit 4Unit 4
Unit 4
 
Enhancing Quality and Test in Medical Device Design - Part 2.pdf
Enhancing Quality and Test in Medical Device Design - Part 2.pdfEnhancing Quality and Test in Medical Device Design - Part 2.pdf
Enhancing Quality and Test in Medical Device Design - Part 2.pdf
 
Continuous Performance Testing in DevOps - Lee Barnes
Continuous Performance Testing in DevOps - Lee BarnesContinuous Performance Testing in DevOps - Lee Barnes
Continuous Performance Testing in DevOps - Lee Barnes
 
Gopikrishanan
GopikrishananGopikrishanan
Gopikrishanan
 
Marc perillo
Marc perilloMarc perillo
Marc perillo
 
DevOps and SF.pdf
DevOps and SF.pdfDevOps and SF.pdf
DevOps and SF.pdf
 
How to Deliver Winning Mobile Apps
How to Deliver Winning Mobile AppsHow to Deliver Winning Mobile Apps
How to Deliver Winning Mobile Apps
 
Diab Compiler Quality Overview
Diab Compiler Quality OverviewDiab Compiler Quality Overview
Diab Compiler Quality Overview
 
Continuous Engineering with IBM Rational RELM
Continuous Engineering with IBM Rational RELMContinuous Engineering with IBM Rational RELM
Continuous Engineering with IBM Rational RELM
 
In search of technical exellence
In search of technical exellenceIn search of technical exellence
In search of technical exellence
 
End-to-end testing in complex GitOps environments
End-to-end testing in complex GitOps environmentsEnd-to-end testing in complex GitOps environments
End-to-end testing in complex GitOps environments
 
[2015/2016] Software development process
[2015/2016] Software development process[2015/2016] Software development process
[2015/2016] Software development process
 
Plagiarism Report SDLC 1.pdf
Plagiarism Report SDLC 1.pdfPlagiarism Report SDLC 1.pdf
Plagiarism Report SDLC 1.pdf
 
Software Development Taxonomy
Software Development TaxonomySoftware Development Taxonomy
Software Development Taxonomy
 
Software Development Models
Software Development ModelsSoftware Development Models
Software Development Models
 
Software Development Models by Graham et al
Software Development Models by Graham et alSoftware Development Models by Graham et al
Software Development Models by Graham et al
 
Tiara Ramadhani - Program Studi S1 Sistem Informasi - Fakultas Sains dan Tekn...
Tiara Ramadhani - Program Studi S1 Sistem Informasi - Fakultas Sains dan Tekn...Tiara Ramadhani - Program Studi S1 Sistem Informasi - Fakultas Sains dan Tekn...
Tiara Ramadhani - Program Studi S1 Sistem Informasi - Fakultas Sains dan Tekn...
 
How to test a Mainframe Application
How to test a Mainframe ApplicationHow to test a Mainframe Application
How to test a Mainframe Application
 

More from DVClub

IP Reuse Impact on Design Verification Management Across the Enterprise
IP Reuse Impact on Design Verification Management Across the EnterpriseIP Reuse Impact on Design Verification Management Across the Enterprise
IP Reuse Impact on Design Verification Management Across the EnterpriseDVClub
 
Cisco Base Environment Overview
Cisco Base Environment OverviewCisco Base Environment Overview
Cisco Base Environment OverviewDVClub
 
Intel Xeon Pre-Silicon Validation: Introduction and Challenges
Intel Xeon Pre-Silicon Validation: Introduction and ChallengesIntel Xeon Pre-Silicon Validation: Introduction and Challenges
Intel Xeon Pre-Silicon Validation: Introduction and ChallengesDVClub
 
Verification of Graphics ASICs (Part II)
Verification of Graphics ASICs (Part II)Verification of Graphics ASICs (Part II)
Verification of Graphics ASICs (Part II)DVClub
 
Verification of Graphics ASICs (Part I)
Verification of Graphics ASICs (Part I)Verification of Graphics ASICs (Part I)
Verification of Graphics ASICs (Part I)DVClub
 
Stop Writing Assertions! Efficient Verification Methodology
Stop Writing Assertions! Efficient Verification MethodologyStop Writing Assertions! Efficient Verification Methodology
Stop Writing Assertions! Efficient Verification MethodologyDVClub
 
Validating Next Generation CPUs
Validating Next Generation CPUsValidating Next Generation CPUs
Validating Next Generation CPUsDVClub
 
Verification Automation Using IPXACT
Verification Automation Using IPXACTVerification Automation Using IPXACT
Verification Automation Using IPXACTDVClub
 
Validation and Design in a Small Team Environment
Validation and Design in a Small Team EnvironmentValidation and Design in a Small Team Environment
Validation and Design in a Small Team EnvironmentDVClub
 
Trends in Mixed Signal Validation
Trends in Mixed Signal ValidationTrends in Mixed Signal Validation
Trends in Mixed Signal ValidationDVClub
 
Verification In A Global Design Community
Verification In A Global Design CommunityVerification In A Global Design Community
Verification In A Global Design CommunityDVClub
 
Design Verification Using SystemC
Design Verification Using SystemCDesign Verification Using SystemC
Design Verification Using SystemCDVClub
 
Verification Strategy for PCI-Express
Verification Strategy for PCI-ExpressVerification Strategy for PCI-Express
Verification Strategy for PCI-ExpressDVClub
 
SystemVerilog Assertions (SVA) in the Design/Verification Process
SystemVerilog Assertions (SVA) in the Design/Verification ProcessSystemVerilog Assertions (SVA) in the Design/Verification Process
SystemVerilog Assertions (SVA) in the Design/Verification ProcessDVClub
 
Efficiency Through Methodology
Efficiency Through MethodologyEfficiency Through Methodology
Efficiency Through MethodologyDVClub
 
Pre-Si Verification for Post-Si Validation
Pre-Si Verification for Post-Si ValidationPre-Si Verification for Post-Si Validation
Pre-Si Verification for Post-Si ValidationDVClub
 
OpenSPARC T1 Processor
OpenSPARC T1 ProcessorOpenSPARC T1 Processor
OpenSPARC T1 ProcessorDVClub
 
Intel Atom Processor Pre-Silicon Verification Experience
Intel Atom Processor Pre-Silicon Verification ExperienceIntel Atom Processor Pre-Silicon Verification Experience
Intel Atom Processor Pre-Silicon Verification ExperienceDVClub
 
Using Assertions in AMS Verification
Using Assertions in AMS VerificationUsing Assertions in AMS Verification
Using Assertions in AMS VerificationDVClub
 
Low-Power Design and Verification
Low-Power Design and VerificationLow-Power Design and Verification
Low-Power Design and VerificationDVClub
 

More from DVClub (20)

IP Reuse Impact on Design Verification Management Across the Enterprise
IP Reuse Impact on Design Verification Management Across the EnterpriseIP Reuse Impact on Design Verification Management Across the Enterprise
IP Reuse Impact on Design Verification Management Across the Enterprise
 
Cisco Base Environment Overview
Cisco Base Environment OverviewCisco Base Environment Overview
Cisco Base Environment Overview
 
Intel Xeon Pre-Silicon Validation: Introduction and Challenges
Intel Xeon Pre-Silicon Validation: Introduction and ChallengesIntel Xeon Pre-Silicon Validation: Introduction and Challenges
Intel Xeon Pre-Silicon Validation: Introduction and Challenges
 
Verification of Graphics ASICs (Part II)
Verification of Graphics ASICs (Part II)Verification of Graphics ASICs (Part II)
Verification of Graphics ASICs (Part II)
 
Verification of Graphics ASICs (Part I)
Verification of Graphics ASICs (Part I)Verification of Graphics ASICs (Part I)
Verification of Graphics ASICs (Part I)
 
Stop Writing Assertions! Efficient Verification Methodology
Stop Writing Assertions! Efficient Verification MethodologyStop Writing Assertions! Efficient Verification Methodology
Stop Writing Assertions! Efficient Verification Methodology
 
Validating Next Generation CPUs
Validating Next Generation CPUsValidating Next Generation CPUs
Validating Next Generation CPUs
 
Verification Automation Using IPXACT
Verification Automation Using IPXACTVerification Automation Using IPXACT
Verification Automation Using IPXACT
 
Validation and Design in a Small Team Environment
Validation and Design in a Small Team EnvironmentValidation and Design in a Small Team Environment
Validation and Design in a Small Team Environment
 
Trends in Mixed Signal Validation
Trends in Mixed Signal ValidationTrends in Mixed Signal Validation
Trends in Mixed Signal Validation
 
Verification In A Global Design Community
Verification In A Global Design CommunityVerification In A Global Design Community
Verification In A Global Design Community
 
Design Verification Using SystemC
Design Verification Using SystemCDesign Verification Using SystemC
Design Verification Using SystemC
 
Verification Strategy for PCI-Express
Verification Strategy for PCI-ExpressVerification Strategy for PCI-Express
Verification Strategy for PCI-Express
 
SystemVerilog Assertions (SVA) in the Design/Verification Process
SystemVerilog Assertions (SVA) in the Design/Verification ProcessSystemVerilog Assertions (SVA) in the Design/Verification Process
SystemVerilog Assertions (SVA) in the Design/Verification Process
 
Efficiency Through Methodology
Efficiency Through MethodologyEfficiency Through Methodology
Efficiency Through Methodology
 
Pre-Si Verification for Post-Si Validation
Pre-Si Verification for Post-Si ValidationPre-Si Verification for Post-Si Validation
Pre-Si Verification for Post-Si Validation
 
OpenSPARC T1 Processor
OpenSPARC T1 ProcessorOpenSPARC T1 Processor
OpenSPARC T1 Processor
 
Intel Atom Processor Pre-Silicon Verification Experience
Intel Atom Processor Pre-Silicon Verification ExperienceIntel Atom Processor Pre-Silicon Verification Experience
Intel Atom Processor Pre-Silicon Verification Experience
 
Using Assertions in AMS Verification
Using Assertions in AMS VerificationUsing Assertions in AMS Verification
Using Assertions in AMS Verification
 
Low-Power Design and Verification
Low-Power Design and VerificationLow-Power Design and Verification
Low-Power Design and Verification
 

I Never Thought I Would Grow Up to be This Formal

  • 1. I never thought I would grow up to be this formal. A reflection on Formal Verification experiences Tim Stremcha – May 2010
  • 2. 2 Agenda topics Ø  Definition Ø  Formal Verification use retrospective Ø  Observed benefits Ø  Use models across the industry Ø  Deployment challenges Ø  Formal future Ø  Q & A
  • 3. 3 Definition Ø  Formal Verification (FV) is a method of conclusively proving that a condition in a design can not be violated by legal input stimulus ―  Legal input stimulus defined with input constraint assertions ―  Checks are also inserted in the form of assertions Examples: - A FIFO will never overflow - bus protocol can not be violated Ø  This is not a discussion about formal Logical Equivalency Checking (LEC) ―  LEC has traditionally been referred to as formal verification and the name overload still causes confusion
  • 4. 4 Definition (cont) Ø  How is FV different from dynamic simulation based verification? ―  Dynamic simulations conclude that the range of stimulus used does not propagate a functional violation to a checker ―  Formal verification can conclude that there is no possibility of a functional violation being propagated to a checker (assertion). i.e. It can prove there is no legal sequence of stimulus that can possibly violate an assertion
  • 5. 5 Definition (cont) Ø  Iterative testing lowers probability of undetected flaw Ø Exhaustive search is not practical in most cases Ø  Cones of influence to assertions are isolated and algorithmically proven to hold true or have exceptions
  • 6. 6 Formal Verification retrospective Ø  Why look back? ―  It helps gain perspective on the trajectory of FV technology which can help us assess where it's most likely to be useful today, and also help predict where it's going ―  It provides a context to relay some direct experiences with some FV use models ―  It reveals the roots of some common reservations about FV and helps us weigh their relevancy today
  • 7. 7 Formal Verification retrospective (cont) Disclaimers: Ø  These reflections are based on my experiences. This is not a comprehensive treatise on the evolution and use of FV nor is it a comparison of capabilities between vendors. Ø  Most of my work with FV has been oriented toward improving the design process efficiency and accuracy, with considerably less emphasis on final verification sign- off and coverage closure. While there is a great deal of overlap between these goals, the ability of FV to contribute more directly to the latter is underrepresented here.
  • 8. 8 Formal Verification retrospective (cont) 1)  Early FV use – circa 1996 Ø  Backdrop: ―  Testbenches were generally a mix of straight Verilog, PLI models, and proprietary solutions ―  Design synthesis from RTL was a relatively new norm ―  FV tools for hardware design were in their infancy Ø  Environment: ―  Employed esoteric and proprietary constraint/assertion/query languages ―  Could not be leveraged by the companion workhorse simulation testbenches ―  Required top-notch resources which were removed from core contribution efforts ―  Woefully limited capacity
  • 9. 9 Formal Verification retrospective (cont) 1) Early FV use – circa 1996 Ø  Results/conclusions: ―  FV gave very low return in terms of actual DV or design process efficiency improvement ―  Very high monetary and time costs ―  Provided negative stereotypes of FV that persist today ―  FV is “weird” ―  It requires sophisticated specialization ―  It’s questionable whether it will provide much benefit ―  It doesn’t integrate very well with the rest of the design and verification process – it’s a separate effort
  • 10. 10 Formal Verification retrospective (cont) 2) Give it to the gurus – circa 2005 Ø  Backdrop: ―  FV was trickling into design/DV flows though fewer than 30% of companies had any FV use according to a Deepchip survey at the time ―  The major CAD vendors were actively investing and staking claims in FV through acquisitions and/or organic development. ―  Cadence acquired Verplex (Blacktie) in 2003 ―  Synopsys made full customer debut of Magellan in 2004 ―  Mentor Graphics acquired 0-in in 2004 ―  Some “indy” tools stood tall including Jasper and Real Intent ―  Recent standardization of assertion languages meant that FV preparation (constraints and checking assertions) provided value in the dynamic simulation environment
  • 11. 11 Formal Verification retrospective (cont) 2) Give it to the gurus – circa 2005 Ø  Environment: ―  Specialists with highly sophisticated knowledge of FV algorithms and processes were hired to provide FV capabilities to the team by owning the tool setup and operation ―  This specialized group reached in to provide verification in parallel with the DV team by targeting every assertion. Ø  Results/conclusions: ―  Provided real value to the design and verification processes, but relied on significant specialized expertise ―  Successful at starting to bridge the gap between FV as an academic expedition and a practical application within real design flows ―  Separation of skills between FV enablers and the design/DV team was too wide for widespread deployment
  • 12. 12 Formal Verification retrospective (cont) 3)  Designer owns it all – circa 2006 Ø  Backdrop: ―  Standardized assertion use by designers was becoming more commonplace ―  A large portion of the FV enabling work (i.e. the assertion implementation) was coincidentally being undertaken based on its own merits and value ―  The FV tools were maturing and reaching out to the design/dv community in a more user friendly way.
  • 13. 13 Formal Verification retrospective (cont) 3) Designer owns it all – circa 2006 Ø  Environment: ―  Verification of the block was to be done by the customer, but wasn’t available during the block design, so FV was the sole DV method used during that part of the design process ―  The designer implemented a full set of assertions for the design, set up the formal environment, and ran the tool ―  The design was quite configurable via control registers which presented a verification challenge in any environment. With FV all configurations were solved simultaneously.
  • 14. 14 Formal Verification retrospective (cont) 3) Designer owns it all – circa 2006 Ø  Results/conclusions: ―  Quite effective. No logic bugs were found during post-FV verification ―  Provided a tight, efficient bug identification and repair loop for the designer ―  You still probably don’t want to try this at home ―  Independent verification was only achieved during very late stage integration testing. This propagated too much risk forward for universal adoption. ―  Loading all FV related tasks onto logic designers unnecessarily lumps it onto a critical path resource
  • 15. 15 Formal Verification retrospective (cont) 4) FV enabled designer – circa today Ø  Backdrop: ―  Robust assertion methodology in use within our design group ―  More of the team is familiar with the application of FV ―  FV tools continue to improve capacity and usability Ø  Environment: ―  FV “enabler” supports each project ―  Responsible for assertions on some or all block-to-block interfaces ―  Sets up initial FV tool environment for each designer ―  Provides first line of support to users ―  These tasks can be shared across multiple people – flexible load sharing ―  Could be considered a guru-lite approach ―  Each designer has near push-button access to some level of FV
  • 16. 16 Formal Verification retrospective (cont) 4) FV enabled designer – circa today Ø  Results/conclusions: ―  Provides the tight bug identification and repair loop of the “Designer does it all” model, but allows better work sharing ―  Specialization is limited and the work on the interface assertions are leveraged by the FV environments as well as the dynamic testbenches ―  Allows a path for FV proliferation without excessive overhead on every user ―  Can be supplemented by dedicated FV work for difficult properties that are beyond the capabilities of newer users
  • 17. 17 Observed benefits of using FV Ø  Check of the checkers ―  The formal tools are very proficient at identifying underconstraint situations and providing short counter-example traces ―  This function is underrated and is even sometimes counted as solely a FV startup cost and therefore a FV detractor! ―  Better input constraints mean better checks on the driving block, whether that’s another block or the testbench Ø  More granular ad hoc test environments ―  Replaces designer “preverification” test environments ―  Decouples initial testing from the availability of other design blocks and the full testbench Ø  Closed loop, designer controlled testing (stealthy benefit)
  • 18. 18 Observed benefits of using FV Ø  Higher quality input constraints, design and checker assertions enter the dynamic simulation environment ―  Expectations and definitions are unambiguously conveyed to verification and other designers via full input constraint set ―  Illegal stimulus flagged immediately at the inputs of blocks during dynamic simulation and IP integration (stealthy benefit) Ø  Bounded proofs and FV bug hunting offer orthogonal testing and assurances relative to dynamic simulations. Ø  There’s nothing like a proof ―  Exhaustive proof capability was an original core offering of FV and is still a main attraction
  • 19. 19 Use models across the industry From “Mixing Formal and Dynamic Verification” by Bill Murray Respondent companies: Alcatel-Lucent, Analog Devices, ARM, Cisco, DE Shaw Research (DESRES), Fujitsu Microelectronics Europe, HP, IBM, Infineon, Intel, nVidia, Qualcomm, Saab, Silicon Logic Engineering (Tundra), STMicroelectronics and Sun Microsystems Disclosure: There is some element of self fulfilling consistency since I was one of those surveyed. Note: numbers in parenthesis on the left indicate use model index, not respondent counts
  • 20. 20 Use models across the industry From “Mixing Formal and Dynamic Verification” by Bill Murray My apologies for the eye chart! The main point is the high value attributed to use during early design (i.e. Early block-level checking and Block exploration/bug hunting) juxtaposed with no votes for late stage Sign-off criterion.
  • 21. 21 Launch and deployment challenges Ø  It’s a change. Ø  Lingering perception that FV requires super-specialized skills and is narrowly applicable. Ø  Requires multi-team learning, and cooperation. Fortunately, standardization has made this knowledge portable and likely to be valuable for the foreseeable future Ø  The discipline and completeness that FV enforces on the enabling work can be frustrating ―  It’s easier to create “pretty good” constraints than to build full constraints. The extra effort to close that gap doesn’t always seem worth it on the surface
  • 22. 22 Launch and deployment challenges Ø  Management buy in ―  Enabling work (constraints, assertions) is sometimes perceived as simply FV overhead ―  Adoption is misperceived as “all or nothing” ―  Assertion methodology can be adopted and improved without regard to actual FV use ―  FV can be applied gradually through use on select blocks, though the tool cost is a step function ―  Some important benefits are stealthy ―  Resources are always scarce and “a bird in the hand” contributing directly to a more traditional methodology is often more attractive than an assignment to something new and less well understood ―  Money for something “we didn’t need in the past”
  • 23. 23 Formal Future, continuing up Ø  Where will FV go from here? Formal Verification will… ―  Gain capacity and capabilities ―  Based on FV research advances (algorithms, programming efficiencies, etc) ―  By fully absorbing the power of the compute capacity wave ―  Faster per human resource than dynamic testbenches/tests? ―  Become more seamlessly enlisted in the [OUV]MM type testbench environments ―  Some level of constraint language amalgamation would be helpful ―  Continue to be more widely adopted. The more immediately observable curve will be the expanded use of the enabling assertions and constraints. ―  Become essential to your methodology
  • 24. 24 Formal Verification is good. There’s Proof!