

# Design Verification: A visual illustration

Kong Kritayakirana

There are  $4 \times 4 = 16$  cells below.

For every cell, there can only be X or blank.

Each cell can only be white or blue.

The Question: Is *every* X inside the blue cell?

You can answer only YES or NO.



There are  $4 \times 4 = 16$  cells below.

For every cell, there can only be X or blank.

Each cell can only be white or blue.

The Question: Is every X inside the blue cell?

You can answer only YES or NO.

### QUESTION 1:



There are  $4 \times 4 = 16$  cells below.

For every cell, there can only be X or blank.

Each cell can only be white or blue.

The Question: Is every X inside the blue cell?

You can answer only YES or NO.

## QUESTION 2:



There are  $4 \times 4 = 16$  cells below.

For every cell, there can only be X or blank.

Each cell can only be white or blue.

The Question: Is every X inside the blue cell?

You can answer only YES or NO.

### QUESTION 3:

|  |   |   |  |
|--|---|---|--|
|  |   |   |  |
|  | X | X |  |
|  |   |   |  |
|  |   |   |  |

There are  $4 \times 4 = 16$  cells below.

For every cell, there can only be X or blank.

Each cell can only be white or blue.

The Question: Is every X inside the blue cell?

You can answer only YES or NO.

#### QUESTION 4:

|  |   |   |   |
|--|---|---|---|
|  |   |   |   |
|  | X | X |   |
|  |   |   |   |
|  |   |   | X |

There are  $4 \times 4 = 16$  cells below.

For every cell, there can only be X or blank.

Each cell can only be white or blue.

The Question: Is every X inside the blue cell?

You can answer only YES or NO.

### QUESTION 5:

|  |   |   |   |
|--|---|---|---|
|  |   |   |   |
|  | X | X |   |
|  |   |   | X |
|  |   |   | X |

There are  $4 \times 4 = 16$  cells below.

For every cell, there can only be X or blank.

Each cell can only be white or blue.

The Question: Is every X inside the blue cell?

You can answer only YES or NO.

### QUESTION 6:

|   |   |   |   |
|---|---|---|---|
|   |   |   |   |
|   | X | X |   |
|   |   |   | X |
| X |   |   | X |

There are  $4 \times 4 = 16$  cells below.

For every cell, there can only be X or blank.

Each cell can only be white or blue.

The Question: Is every X inside the blue cell?

You can answer only YES or NO.

### QUESTION 7:



There are  $4 \times 4 = 16$  cells below.

There are many possible transactions for the design

For every cell, there can only be X or blank.

For every transaction, the design is tested or not.

Each cell can only be white or blue.

For each transaction, the design either works or fails.

The Question: Is every X inside the blue cell?

For every test that we simulate, does the design work?

You can answer only YES or NO.

Verification result must only be PASS or FAIL.

**The problem: bad verification engineers don't have enough X's.**

**If you don't test, the result is PASS (Question 7).**

# **Real World Verification Plans (vPlans):**

## **Source of design errors:**

- internal logic error
- missing functionality
- inter-block communication error

## **Before verification – vPlan meeting:**

**WHO:** DRI, the block designer, verifier, and adjacent blocks DRI

**WHAT:** review design microarchitecture and testability

review that plans have enough X's

must cover all functionality

must cover cases where designer wants extra attention

*Verifier must push back if design is hard to verify*

## **Real World Verification Plans (vPlans):**

### **Source of design errors:**

- internal logic error
- missing functionality
- inter-block communication error

### **Before verification – vPlan meeting:**

**WHEN:** allow 2.5x – 4x of design time for verification  
start after first RTL release. Don't wait for physical work.

**HOW:** must have bug database which records reproducibility  
must regress (re-run all previously failed tests for new releases)  
must target 100% RTL code coverage (designer must waive unreachables)

**WHY:** one unnecessary re-spin can sink the project/company

Real world scenario:  
Design worth verifying has enormous # of cells  
Initial design almost definitely contains bugs  
Initial verification has very few X's

### Release 1

|  |  |  |  |
|--|--|--|--|
|  |  |  |  |
|  |  |  |  |
|  |  |  |  |
|  |  |  |  |

Real world scenario:  
Design worth verifying has enormous # of cells  
Initial design almost definitely contains bugs  
Initial verification has very few X's

### Release 1, Test 1

|  |  |   |  |
|--|--|---|--|
|  |  |   |  |
|  |  | X |  |
|  |  |   |  |
|  |  |   |  |

## Test 2 fails

- File a bug in bug database
- including how to reproduce

### Release 1, Tests 1-2

|  |   |   |  |
|--|---|---|--|
|  |   |   |  |
|  |   | X |  |
|  | X | X |  |
|  |   |   |  |

# Designer fixes bug caught by Test2

## Release 2

|  |  |  |  |
|--|--|--|--|
|  |  |  |  |
|  |  |  |  |
|  |  |  |  |
|  |  |  |  |

# Must regress Test1

**Release 2, Tests 1-2**

|  |   |   |  |
|--|---|---|--|
|  |   |   |  |
|  |   | X |  |
|  | X | X |  |
|  |   |   |  |

Test 3 fails

- File a bug in bug database
- including how to reproduce

**Release 2, Tests 1-3**

|   |  |   |  |
|---|--|---|--|
|   |  |   |  |
|   |  | X |  |
| X |  | X |  |
|   |  |   |  |

Designer fixes bug caught by Test3

Side effect: now Test2 breaks

Designer's responsibility to release design  
that passes Tests 1-3

### Pre-release 3

|  |  |  |  |
|--|--|--|--|
|  |  |  |  |
|  |  |  |  |
|  |  |  |  |
|  |  |  |  |

# Release 3 passes Tests 1-3

## Release 3

|   |  |   |  |
|---|--|---|--|
|   |  |   |  |
|   |  | X |  |
| X |  | X |  |
|   |  |   |  |

## Test 4, 5 fails

- Analyze root cause of failure
- File 1 (or 2) bugs in database – depends on # of root causes
  - including how to reproduce every failure

## Release 3, Tests 1-5

|   |   |   |  |
|---|---|---|--|
|   |   |   |  |
|   |   | X |  |
| X |   | X |  |
|   | X | X |  |

Release 4 passes Tests 1-5

**Release 3, Tests 1-5**

|  |  |  |  |
|--|--|--|--|
|  |  |  |  |
|  |  |  |  |
|  |  |  |  |
|  |  |  |  |

When to stop?

- All Tests (**X**) are written
  - All Tests pass (in blue cells)
    - 100% RTL code coverage
- but, you can *never* test enough.

**Release 3, Tests 1-5**

|  |  |  |  |
|--|--|--|--|
|  |  |  |  |
|  |  |  |  |
|  |  |  |  |
|  |  |  |  |

# You can *never* test enough

Design Verification is a *risk manage problem*

- *How confident are you that the design works correctly?*  
*90%? 99%? 99.9% 99.99% ...*
  - *How big is the damage if it breaks?*  
Can bugs be fixed in firmware? (Rare)  
Fab mask costs (\$2M-\$5M at TSMC 3-5nm)  
TTM Failure – Resolution time: 3-6 months for ASIC

## Strategies

- Target 100% RTL code coverage
- Target 100% functional coverage
- Target all assertions
- Run Gate-Level sim – target 90+% toggles