Patent Application
20220075920
The present disclosure relates to formal verification of power-aware properties.
Power management and reducing power consumption in integrated circuits (chips) is increasingly important. Different techniques may be used to reduce power consumption. One technique is to use different power domains within the integrated circuit. Power domains may be turned on when needed and idled or turned off when not needed, thus reducing power consumption. This power management functionality is often referred to as the power intent of the chip.
Since defects in this power management functionality can cause integrated circuits to malfunction, integrated circuits should be verified during the design phase to ensure that this functionality is operating correctly. If errors in the power intent are detected, the root cause of the error should be identified and corrected.
In one approach, both formal verification and static checking are used to verify the power intent of a design of an integrated circuit. Violations detected by formal verification are referred to as falsified power-aware formal properties. These are matched against violations detected by the static checking to determine possible causes of the falsified power-aware formal properties. The falsified power-aware formal properties are annotated with information about the matching static-check violations.
In another aspect, a power intent specification specifies the desired power intent for a design of an integrated circuit, for example the states of the power domains under different conditions. Power-aware formal properties describe desired behaviors specified by the power intent specification. Falsified power-aware formal properties indicate that the design does not exhibit the desired behavior. In addition, a debug context database contains debug contexts for static-check violations resulting from power-aware static checking of the design. Static checking checks for compliance with the power intent specification based on a static structure of the design. Falsified power-aware formal properties ae matched against the static-check violations. A data structure is generated, associating debug contexts for the matching static-check violations as possible causes of the falsified power-aware formal properties.
Other aspects include components, devices, systems, improvements, methods, processes, applications, computer readable mediums, and other technologies related to any of the above.
The disclosure will be understood more fully from the detailed description given below and from the accompanying figures of embodiments of the disclosure. The figures are used to provide knowledge and understanding of embodiments of the disclosure and do not limit the scope of the disclosure to these specific embodiments. Furthermore, the figures are not necessarily drawn to scale.
Aspects of the present disclosure relate to automated debug of falsified power-aware formal properties using static checker results.
Modern designs of integrated circuits may partition an integrated circuit into different power domains. The power domains may be switched ON or OFF (or into other states) depending on the operation of the integrated circuit. The states of the power domains under different conditions is referred to as the power intent and it may be defined in a power intent specification, for example using the UPF (Unified Power Format) standard.
Formal verification uses formal mathematical and logic analysis to verify the functional logic of an integrated circuit design. VC-Formal from Synopsys is an EDA software tool that carries out formal verification. In formal verification, a formal property is used to describe the desired behavior/function. A rigorous analysis is then used to formally prove whether or not the circuit design adheres to the behavior described by the property. Because the analysis is rigorous, it is also exhaustive to cover all possible operations of the circuit design. If the circuit design does not adhere to the behavior described by the property, the property is falsified. EDA tools typically report falsified properties as issues (errors) to the user.
In recent times, there has been an increasing need to exhaustively verify power-aware behavior, i.e., behavior of the circuit that involves the power intent. An example of power-aware behavior is: a power switch output supply is driven by an input supply when the ON state expression is true. The design may be verified for compliance with this behavior. “Power-aware” is sometimes referred to as “low power” because a common goal of power-aware designs is to reduce power consumption. Formal verification may be used to test power-aware behavior by creating formal properties for these behaviors. For convenience, these properties will be referred to as power-aware formal properties. Formal verification tools may then report falsified power-aware formal properties.
The debug of falsified power-aware formal properties requires domain knowledge of both formal verification as well as power-aware design. However, formal verification is typically run by verification engineers, who may not be familiar with power-aware principles. As a result, debugging falsified power-aware formal properties to find the root cause of the error can be a time-consuming manual task.
The techniques described below automate the debug of falsified power-aware formal properties by combining the results of the formal verification with the results of static checking.
Static checking verifies a circuit design based on the static structure of the circuit design. For example, VC-Static Low Power (VCLP) from Synopsys is a power-aware static checking EDA software tool used to verify the correctness, completeness and consistency of the power intent of the circuit design based on its static structure. This type of static check will be referred to as a power-aware static check or a power intent static check. Power-aware static checkers use the circuit design data and the power intent specification to verify the power intent of a circuit design. If issues are detected, static checkers typically report a listing of violations. For each violation, the report typically states the type of power intent problem present and identifies the relevant locations (nodes) in the circuit design and/or in the power intent.
As a circuit design is being developed, violations from the static checking are collected into a database. For convenience, this will be referred to as the context debug database, because it will be used to provide context for the debug of falsified properties. Falsified properties from the formal verification are matched against the violations in the context debug database. For example, the nodes involved in a falsified property may be matched against the nodes for different static-check violations in the database. Based on this, additional context for the falsified property may be retrieved from the context debug database, which can help in determining the cause of the falsified property.
The automated debug framework (ADF) 160 is a specialized software module that compares the violations in the failed properties database 155 and the static checker database 145, producing a data structure 190 of possible causes of the falsified power-aware formal properties. In some embodiments, the power-aware static checking 142-145, the power-aware formal verification 152-155 and the automated debug framework 160 are implemented as an integrated flow. The ADF 160 may have direct access to the two databases 145, 155 and the underlying information. Examples of output 190 include reports for use by humans or by other EDA tools. The output 190 may also be used to enhance or annotate the failed properties database 155. For example, possible causes may be added to the database 155.
The static checker database 145 contains additional information about the static-check violations, such as text descriptions of the cause of the violation. This information can provide additional context for the matching falsified property. For example, if a falsified property involves the same nodes as a static-check violation, and the cause of the static-check violation is xyz, then the cause of the falsified property may also be xyz. This context may be useful for debugging the falsified property, so it is referred to as debug context. The debug context is added 167 to the data structure 190 in a manner that associates the debug context as a possible cause of the falsified property.
This process is repeated 169 for the falsified properties in the database 155. The falsified properties may be processed sequentially or in parallel. In some cases, similar or related falsified properties may be grouped together and processed as a group, or the results may be grouped together. For example, if several falsified properties are all associated with the same root cause, this may be presented as a single root cause associated with the group of falsified properties, rather than presenting each falsified property separately.
The automated debug framework 160 explores the static checker database 145 to find the relevant cause(s) for falsified power-aware formal properties. It may systematically prune the various aspects of falsified formal properties to find the relevant cause(s) based on information in the static checker database 145. By accessing the static checker database 145, the ADF 160 incorporates the low power domain knowledge-based intelligence. As described in more detail below, it may also incorporate user feedback to dynamically improve its decision-making to find the relevant causes.
Returning to
Modules 130 and 132 process these inputs. Module 130 includes analysis of the design 110 and elaboration (exploration) of the design 110. Module 132 includes analysis of the power intent specification 120. It also converts the power intent specification from UPF form to PNM form. Here, PNM stands for power network model, which captures the power intent as a functional model to capture the supply state of various supplies by modelling power switch strategies, resolution functions, add power state, etc. The PNM may be used by a power-aware verification checker (e.g., simulation engine, formal verification engine).
After module 132, the left branch is power-aware static checking and the right branch is power-aware formal verification. For the static checking, a static checker tool 142 uses the circuit design and power intent (in UPF form) as input, analyzes the circuit design for compliance with the power intent, and produces static-check violations that are collected as database 145.
For the formal verification, power-aware formal properties 150 are provided, for example by the user based on the power intent specification and circuit design. A formal verification tool 152 then uses the PNM to analyze the circuit design for compliance with the power intent, and produces violations (falsified properties) that are collected as database 155.
Consider first the static checker tool 142 and static checker database 145. VCLP is a static power-aware verification tool which uses UPF along with circuit design information to verify correctness, completeness and consistency of power intent for a given design. VCLP uses design connectivity and auxiliary inputs (UPF, clock, etc.) to identify different power intent issues in the design in the form of a violation report. A typical VCLP violation report contains a summary of violations, as shown in
The summary report of
The bottom violation is identified by Tag PSW_EXPRE_INCOMPLETE. It is a warning and is not waived. The violation is that the ON conditions and OFF conditions for a power switch strategy are not complements, meaning either there are some conditions that are defined as both ON and OFF or as neither ON nor OFF. This is also a UPF violation. UPF nodes are identified by the static checker from UPF information.
The descriptions in
In
For example, information for the violations PSW_EXPR_INCOMPLETE and UPF_SUPPLY_UNDRIVEN from
In
Consider the example of a falsified power-aware formal property. In this example, the power-aware formal property is:
add_cc -dest VDDsw -src VDDCore1 -enable {psw_cntrl==1}-lpa_type LPA_SUPPLY
This property checks the structural and functional connectivity between two supplies VDDCore1 and VDDsw when the enable condition holds true. However, in this example situation, the property is falsified because VDDsw is OFF when VDDCore1 is FULL_ON.
The UPF power intent for this circuit specifies that both supplies are connected through a power switch, as shown pictorially in
The fanin cone of supply VDDsw given in the formal property has these Design/Power Intent nodes:
In this case, the UPF node VDDsw present in the path of the power-aware formal property can be mapped to the violation UPF_SUPPLY_UNDRIVEN from
Formal properties can have many Design/Power Intent nodes which may map to multiple different violations present in the debug context database. Based on knowledge about the power-aware design domain, the different debug contexts may be pruned and/or ranked 177 in a priority order for selecting the more likely causes which could have caused the property falsification.
Continuing the example above, the falsified property has three Design/Power Intent nodes: VDDsw, V1_header_switch_1, and VDDCore1. Comparing to the three violations shown in
There can be many types of relationships between causes. Hierarchical root causes may be used to rank causes.
Hierarchical: There can be nested causes for a falsified property. One cause can be the effect of another cause. Hierarchical causes are demonstrated in the example of
Parallel: There can be multiple unrelated causes for a falsified property. For example, when there are multiple drivers for a supply in UPF, the power intent may provide certain semantics to resolve the conflict between multiple drivers. These semantics are called resolution functions, such as “parallel” and “strong”. For example:
add_cc -dest VDDsw -src VDDCore1 -enable {psw_cntrl==0 &&
psw_cntrl1==0} -lpa_type LPA_SUPPLY
In
Speculative: A cause can be speculative in a sense that it might be a potential cause, but the user makes a final decision. For example, as shown in
Specifications for a circuit or electronic structure may range from low-level transistor material layouts to high-level description languages. A high-level of abstraction may be used to design circuits and systems, using a hardware description language (‘HDL’) such as VHDL, Verilog, SystemVerilog, SystemC, MyHDL or OpenVera. The HDL description can be transformed to a logic-level register transfer level (‘RTL’) description, a gate-level description, a layout-level description, or a mask-level description. Each lower abstraction level that is a less abstract description adds more useful detail into the design description, for example, more details for the modules that include the description. The lower levels of abstraction that are less abstract descriptions can be generated by a computer, derived from a design library, or created by another design automation process. An example of a specification language at a lower level of abstraction language for specifying more detailed descriptions is SPICE, which is used for detailed descriptions of circuits with many analog components. Descriptions at each level of abstraction are enabled for use by the corresponding tools of that layer (e.g., a formal verification tool). A design process may use a sequence depicted in
During system design 714, functionality of an integrated circuit to be manufactured is specified. The design may be optimized for desired characteristics such as power consumption, performance, area (physical and/or lines of code), and reduction of costs, etc. Partitioning of the design into different types of modules or components can occur at this stage.
During logic design and functional verification 716, modules or components in the circuit are specified in one or more description languages and the specification is checked for functional accuracy. For example, the components of the circuit may be verified to generate outputs that match the requirements of the specification of the circuit or system being designed. Functional verification may use simulators and other programs such as testbench generators, static HDL checkers, and formal verifiers. In some embodiments, special systems of components referred to as ‘emulators’ or ‘prototyping systems’ are used to speed up the functional verification.
During synthesis and design for test 718, HDL code is transformed to a netlist. In some embodiments, a netlist may be a graph structure where edges of the graph structure represent components of a circuit and where the nodes of the graph structure represent how the components are interconnected. Both the HDL code and the netlist are hierarchical articles of manufacture that can be used by an EDA product to verify that the integrated circuit, when manufactured, performs according to the specified design. The netlist can be optimized for a target semiconductor manufacturing technology. Additionally, the finished integrated circuit may be tested to verify that the integrated circuit satisfies the requirements of the specification.
During netlist verification 720, the netlist is checked for compliance with timing constraints and for correspondence with the HDL code. During design planning 722, an overall floor plan for the integrated circuit is constructed and analyzed for timing and top-level routing.
During layout or physical implementation 724, physical placement (positioning of circuit components such as transistors or capacitors) and routing (connection of the circuit components by multiple conductors) occurs, and the selection of cells from a library to enable specific logic functions can be performed. As used herein, the term ‘cell’ may specify a set of transistors, other components, and interconnections that provides a Boolean logic function (e.g., AND, OR, NOT, XOR) or a storage function (such as a flipflop or latch). As used herein, a circuit ‘block’ may refer to two or more cells. Both a cell and a circuit block can be referred to as a module or component and are enabled as both physical structures and in simulations. Parameters are specified for selected cells (based on ‘standard cells’) such as size and made accessible in a database for use by EDA products.
During analysis and extraction 726, the circuit function is verified at the layout level, which permits refinement of the layout design. During physical verification 728, the layout design is checked to ensure that manufacturing constraints are correct, such as DRC constraints, electrical constraints, lithographic constraints, and that circuitry function matches the HDL design specification. During resolution enhancement 730, the geometry of the layout is transformed to improve how the circuit design is manufactured.
During tape-out, data is created to be used (after lithographic enhancements are applied if appropriate) for production of lithography masks. During mask data preparation 732, the ‘tape-out’ data is used to produce lithography masks that are used to produce finished integrated circuits.
A storage subsystem of a computer system (such as computer system 800 of
The machine may be a personal computer (PC), a tablet PC, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a server, a network router, a switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while a single machine is illustrated, the term “machine” shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.
The example computer system 800 includes a processing device 802, a main memory 804 (e.g., read-only memory (ROM), flash memory, dynamic random access memory (DRAM) such as synchronous DRAM (SDRAM), a static memory 806 (e.g., flash memory, static random access memory (SRAM), etc.), and a data storage device 818, which communicate with each other via a bus 830.
Processing device 802 represents one or more processors such as a microprocessor, a central processing unit, or the like. More particularly, the processing device may be complex instruction set computing (CISC) microprocessor, reduced instruction set computing (RISC) microprocessor, very long instruction word (VLIW) microprocessor, or a processor implementing other instruction sets, or processors implementing a combination of instruction sets. Processing device 802 may also be one or more special-purpose processing devices such as an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), a digital signal processor (DSP), network processor, or the like. The processing device 802 may be configured to execute instructions 826 for performing the operations and steps described herein.
The computer system 800 may further include a network interface device 808 to communicate over the network 820. The computer system 800 also may include a video display unit 810 (e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT)), an alphanumeric input device 812 (e.g., a keyboard), a cursor control device 814 (e.g., a mouse), a graphics processing unit 822, a signal generation device 816 (e.g., a speaker), graphics processing unit 822, video processing unit 828, and audio processing unit 832.
The data storage device 818 may include a machine-readable storage medium 824 (also known as a non-transitory computer-readable medium) on which is stored one or more sets of instructions 826 or software embodying any one or more of the methodologies or functions described herein. The instructions 826 may also reside, completely or at least partially, within the main memory 804 and/or within the processing device 802 during execution thereof by the computer system 800, the main memory 804 and the processing device 802 also constituting machine-readable storage media.
In some implementations, the instructions 826 include instructions to implement functionality corresponding to the present disclosure. While the machine-readable storage medium 824 is shown in an example implementation to be a single medium, the term “machine-readable storage medium” should be taken to include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more sets of instructions. The term “machine-readable storage medium” shall also be taken to include any medium that is capable of storing or encoding a set of instructions for execution by the machine and that cause the machine and the processing device 802 to perform any one or more of the methodologies of the present disclosure. The term “machine-readable storage medium” shall accordingly be taken to include, but not be limited to, solid-state memories, optical media, and magnetic media.
Some portions of the preceding detailed descriptions have been presented in terms of algorithms and symbolic representations of operations on data bits within a computer memory. These algorithmic descriptions and representations are the ways used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. An algorithm may be a sequence of operations leading to a desired result. The operations are those requiring physical manipulations of physical quantities. Such quantities may take the form of electrical or magnetic signals capable of being stored, combined, compared, and otherwise manipulated. Such signals may be referred to as bits, values, elements, symbols, characters, terms, numbers, or the like.
It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise as apparent from the present disclosure, it is appreciated that throughout the description, certain terms refer to the action and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage devices.
The present disclosure also relates to an apparatus for performing the operations herein. This apparatus may be specially constructed for the intended purposes, or it may include a computer selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a computer readable storage medium, such as, but not limited to, any type of disk including floppy disks, optical disks, CD-ROMs, and magnetic-optical disks, read-only memories (ROMs), random access memories (RAMs), EPROMs, EEPROMs, magnetic or optical cards, or any type of media suitable for storing electronic instructions, each coupled to a computer system bus.
The algorithms and displays presented herein are not inherently related to any particular computer or other apparatus. Various other systems may be used with programs in accordance with the teachings herein, or it may prove convenient to construct a more specialized apparatus to perform the method. In addition, the present disclosure is not described with reference to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the disclosure as described herein.
The present disclosure may be provided as a computer program product, or software, that may include a machine-readable medium having stored thereon instructions, which may be used to program a computer system (or other electronic devices) to perform a process according to the present disclosure. A machine-readable medium includes any mechanism for storing information in a form readable by a machine (e.g., a computer). For example, a machine-readable (e.g., computer-readable) medium includes a machine (e.g., a computer) readable storage medium such as a read only memory (“ROM”), random access memory (“RAM”), magnetic disk storage media, optical storage media, flash memory devices, etc.
In the foregoing disclosure, implementations of the disclosure have been described with reference to specific example implementations thereof. It will be evident that various modifications may be made thereto without departing from the broader spirit and scope of implementations of the disclosure as set forth in the following claims. Where the disclosure refers to some elements in the singular tense, more than one element can be depicted in the figures and like elements are labeled with like numerals. The disclosure and drawings are, accordingly, to be regarded in an illustrative sense rather than a restrictive sense.
This application claims the benefit of U.S. Provisional Application No. 63/076,701, filed Sep. 10, 2020, which is incorporated by reference in its entirety.
| Number | Date | Country | |
|---|---|---|---|
| 63076701 | Sep 2020 | US |
