140 likes | 250 Views
Automated Method Eliminates X Bugs in RTL and Gates. Kai-hui Chang, Yen-ting Liu and Chris Browy. Abstract.
E N D
Automated Method Eliminates X Bugs in RTL and Gates Kai-hui Chang, Yen-ting Liu and Chris Browy
Abstract Due to physical design resource planning and low power requirements, registers may be left uninitialized creating Xs (unknowns) in the design. However, logic simulation cannot handle Xs accurately due to X-optimism and X-pessimism problems, masking such X bugs in simulation-based verification flows. In this work we propose a comprehensive methodology and several innovative techniques that can identify unforseen X problems at the RTL and remove false Xs popping up in gate-level simulation. The methodology is currently in production use and has helped resolve X issues for dozens of chips. By finding X bugs prior to tape out, expensive respins caused by masked Xs can be avoided.
Cause and Effect of Xs in Designs • X is used to represent an unknown value in logic simulation • The value can be either 0 or 1 • Common causes of X • Inputs, registers, or memory not initialized and X corruption on power down cycle • Dangers of X • Xs may cause nondeterministic operation • Simulator problems with X • X semantics are inaccurate (optimism, pessimism) • Leads to RTL vs gate-level simulation mismatch • X problems are either masked or there are too many false alarms • Unless fully examined, Xs may exist after tape out causing expensive respins from designs that don’t work
X-Optimism and X-Pessimism in Logic Simulation • X-pessimism • Xs are propagated even though 0/1 value is known • Ambiguous results lead to more X-assignments than are unnecessary • X-Optimism • 0/1 value propagated instead of X • Interpretation of X causes only one conditional branch to be considered Example of X-Optimism always @(*) if (sel) reg1 = 0; else reg1 = 1; 1’b0 If branch 1’b1 else branch 1’bx Hardware Simulation mismatch Example of X-pessimism Output = ( a & b ) | ( ~a & c ); 1’b1 1’b0 1’b1 1’b1 1’b1 1’b1 1’b1 1’b1 1’b0 1’b1 1’bx 1’bx 1’b1 1’bx 1’b1 Simulation mismatch
Existing Solutions and Limitations • Techniques to find Xs at the RTL • VCS and VRQ Xprop generate Xs for X-optimism May create too many false alarms • Formal tools can identify real Xs Scalability is an issue and writing constraints can be difficult • Techniques to eliminate Xs at the gate level • Random deposit replaces Xs with 0/1 values May mask bugs • Structural analysis using Perl/C scripts May miss false Xs not in the template • Replace an X with 0/1 and run simulations Requires lots of simulation • Need a better comprehensive methodology to handle Xs!
Finding X Bugs in RTL Fix RTL Start RTL model with X bugs exposed, sequential X paths trace back to X source module foo(a, b, c, o1, o2, o3); input a, b, c; output o, o2, o3; reg o2, o3; assign o=a & b; always @(a, b, c) o2= a | c; … module foo(a, b, c, o1, o2, o3); input a, b, c; output o, o2, o3; reg o2, o3; assign o=a & b; always @(a, b, c) o2= a | c; … Xoptimism XOPT Formal detects X bugs in reg-reg, reg-output paths X-Prescreener(Optional)selects tests from testsuite for X analysis RTL model with X bugs masked by X-optimism No X bugs found in RTL XOPT Sim (Optional)heuristically exposes X problems by biasing execution paths Logic synthesis
Finding X Bugs in Gates Fix RTL Start Gate-level netlistwith false Xs removedand X bugs exposed SimXACTformally removesall combinationalfalse Xs Safe Deposit Analysis (Optional) formally identifies non-controlling Xs to reduce false Xs Gate-level netlist with X bugs hidden among false Xs Gate-level netlistwith false Xs removedand no X bugs exposed Done
X-Prescreener (New Innovation) • Figures out which tests may expose X problems and should run through X analysis • Running X analysis takes time and effort • X-Prescreener is a simulator add-on that monitors X activities when running tests • It collects X activities and aggregates similar X conditions encountered in different tests • Then automatically selects subset to cover all the X conditions • X-Prescreener provides engineers valuable information on which tests should be used for X analysis
Finding X Bugs at the RTL and Gate Level • RTL XOPT Formal • Uses symbolic simulation to formally prove whether Xs will cause reg-reg, reg-output non-determinism for real traces [DAC’09] • Spatial and temporal partitioning improves scalability [DATE’10] • Analysis based on the principle of most astonishment to reduce formal effort [IEEE D&T’11] • RTL XOPT Sim • Heuristically deposits non-X values to replace Xs when they are encountered at if/case conditions in logic simulation • Deposit values are derived from formal analysis to bias logic simulation toward exploring new execution paths and expose X bugs • Gate level: Safe Deposit Analysis and SimXACT • Gate level simulation can detect X bugs but the bugs are hidden among false Xs − our solution eliminates false Xs to expose real bugs
Safe Deposit Analysis (New Innovation) • Safe deposit analysis identifies non-controlling Xs • Those Xs will be eliminated by the reset sequence and can be replaced with 0/1 without masking any bug • Fewer Xs will generate fewer false Xs, thus reducing analysis effort • Example • The X symbol “x1” from Reg1 is non-controlling (masked by downstream logic) and can be safely replaced with 0/1 !x2 Reg1 x1 Output1 0 x2 Reg2 1 Reg4 (x1&0) | x2 = x2 Reg3 x2 0
SimXACT Analysis [DAC’12, US Patent 8402405] 0 • SimXACT analysis generates auxiliary behavior code to fix combinational false Xs 1 a OR (g1) x AND (g4) 1 x x INV (g8) x x reg1 NOR (g6) reset x AND (g7) reg2 x INV (g3) AND (g5) OR (g2) x b 1 1 c 1 False Xs will be eliminated by the “fix”, allowing gate-level simulation to produce correct results always @(g1.o or g8.o or g2.o) if (g8.o === 1’bx && g1.o === 1’b1 && g2.o === 1’b1) force g6.o= 1’b0; else release g6.o;
Gated-clock False X Fix (New Innovation) • False Xs may be generated due to gated-clocks • The X at wire “o” is false • if X is treated as 0, “ena” is 0, 0x will not occur, “r1” stays at 0 • if X is treated as 1, “ena” is 1, “reg1” will latch the 0 at “r1” o should be 0 either way, but logic simulation produces a false X • We formally analyze gated-clock structure for false Xs and generate fixes • Fix example: 1 r2 reg2 0 x o r1 reg1 clk 01 1 always @(posedge dut.clk) if (dut.reg1.q === 1’bx && dut.r1 == 1’b0 && dut.reg2.q == 1’b1) $deposit(dut.reg1.q, 0); r2o 1 0x AND ena icg x x clk 01
Conclusions • We proposed a comprehensive methodology and several innovative techniques to find X problems before tape out • X-Prescreener selects a required set of tests to analyze • XOPT Formal formally verifies the design to find X bugs • XOPT Sim heuristically directs logic simulation toward exposing X bugs • Safe Deposit Analysis eliminates non-controlling Xs discovered during reset in gate-level simulation • SimXACT eliminates all false Xs in gate-level simulation, exposing real X problems • The proposed methodology is in commercial production use and helped resolve X issues in dozens of chips