Jasper Formal Verification: High-level Overview

DVCon San Jose

February 2023
Agenda

Jasper™ platform overview

Core formal apps

RTL designer signoff apps

Verification apps

Summary
2 © 2023 Cadence Design Systems, Inc. All rights reserved.
The New Era of Domain Specific Architectures
is bringing a new dimension of verification complexity

• End of Moore’s Law and Dennard Scaling

• Parallel processing can only help so much ISA ƒ(x)
(Amdahl’s law)
Arm, x86, Math, AI, Security
RISC-V… ML

 Optimize performance/power for the domain

 Customized processors and accelerators
PPA
 Highly optimized implementations of instruction set Reqt
architectures (ISAs)
 RISC-V open ISA gaining traction

 Huge democratization of processor design!

 Processor verification goal: every instruction
must behave per the programmers’ manual
every time in every context and combination
regardless of the implementation Hyperscale Comms Automotive Mobile

3 © 2023 Cadence Design Systems, Inc. All rights reserved.

 Why Formal Verification is Essential
• Formal: critical to processor verification
o Too many input combinations to verify by
other means
ISA ƒ(x)
• Explosion of processor design in era of
domain-specific architectures (DSA) Arm, x86,
RISC-V…
Math, AI,
ML
Security

• Formal verification is the only way to

fully verify ISAs/DSAs
• Processor ISA and DSA verification PPA
FPV
Reqt SEC C2RTL
accounts for 90% of Jasper sessions
Jasper Core Formal and
C2RTL Apps

Hyperscale Comms Automotive Mobile

4 © 2023 Cadence Design Systems, Inc. All rights reserved.

Why Formal Verification is Essential: Customer Successes
Formal signoff on
CPUs/GPUs @
NVIDIA JUG 2022 C++ to RTL Datapath
verification @ Intel JUG 2021
CNN-based image ISA ƒ(x)
processor verification
@ Intel JUG 2020 Deep bug hunting
Arm, x86, Math, AI, Security on CPUs @ AWS
RISC-V… ML JUG 2021

Formal Coverage on
Tensor Processing Units Verifying Load-Store Units
@ Google JUG 2022 PPA @ Arm JUG 2021
FPV
Reqt SEC C2RTL

Jasper Core Formal and

C2RTL Apps
MicroOp verification on CPUs Verifying Instruction Fetch
@ Intel JUG 2022 Units @ Arm JUG 2022

Converging end-to-end proofs RISC-V FPU verification

on CPUs @ Arm JUG 2021 @ NXP DVCon India 2022
Spectre/Meltdown security
Hyperscale Comms Automotive Mobile
flaw verification @ Arm
JUG 2020 RISC-V verification @
Microchip JUG 2019
5 © 2023 Cadence Design Systems, Inc. All rights reserved.
 Hand off higher quality
Breadth of Jasper Solutions Across Flow Designers code earlier (shift left)

Improve quality through

exhaustive verification
Algorithm Verification Formal DV Offload simulation, find
corner-case bugs
Incremental Change Safety & Security
C2RTL Verification Verification Sim Coverage Closure

Algorithm Development SEC FSV SPV UNR

Block Development

Block/Subsystem Verification
SLINT
SoC

CDC FVIP
XPROP

Design Bring-up CSR CONN CDC

FPV COV
& Handoff
Register Map Core Functional
Integration Verification
Verification Verification

6 © 2023 Cadence Design Systems, Inc. All rights reserved.

Agenda

Jasper™ platform overview

Core formal apps

RTL designer signoff apps

Verification apps

Summary
7 © 2023 Cadence Design Systems, Inc. All rights reserved.
Smart Jasper Formal Verification Platform
ML-enabled third-generation formal verification

Smart Proof Technology Advanced Design Scalability Signoff-quality Formal Coverage

SoC
Training A B … N
Data
Custom
Solver
ML for solver inference and multi- 2X design capacity increase and Signoff-accurate formal coverage
advisor orchestration 50% memory footprint reduction with new intuitive analysis GUI

Third-Generation Jasper™ Formal Verification Platform

“We measured 2X faster proofs out-of-the-box, 5X faster regressions and

non-converged properties reduced by 50%.”
-Mirella Negro Marcigaglia, digital design verification manager, STMicroelectronics

8 © 2023 Cadence Design Systems, Inc. All rights reserved.

ProofMaster Smart Proof Automation Framework
Automates expert-level optimizations
ProofMaster
Component &
Data Management

Proof Profiling Multi Advisor Proof

Proof Caching
Data Orchestration
“The tool uses
• Keep engine-level • Reuse existing result • Use Machine machine learning...
settings that worked if constraints and Learning to find best …and the results are
before COI unchanged macro-level settings
on par with careful
selection by a human”
Learning Machine Learning

Optimizes subsequent runs/regressions Optimizes out-of-the-box proofs

Find more bugs Better convergence Faster proofs

9 © 2023 Cadence Design Systems, Inc. All rights reserved.
Sequential Equivalence Checking App
Accelerates design convergence
What’s new?
• Performance and convergence boost using
Proof Cache and DBH technologies
• Over-constraint debug
• Compound signals mapping

• Sweet-spot use cases:

o Clock Gating Optimization
o Pipeline Retiming

10 © 2023 Cadence Design Systems, Inc. All rights reserved.

 SEC Proof Performance

60% increase in # Number of Fully-converging Clock Gating Designs

of fully converged
designs

1. Benchmark includes
35 clock gating
customer designs

2. Run time of 12h per

testcase, 28 jobs on
dedicated identical
machines

11 © 2023 Cadence Design Systems, Inc. All rights reserved.

Introducing the Jasper C2RTL Equivalence Checking App
Breakthrough datapath formal verification solution for algorithmic designs

New class of formal engines optimized for checking RTL datapath

Up to 100X implementations versus their C/C++ algorithmic specifications
performance
improvement Delivers industry-leading performance and capacity to check
datapath implementation functionally matches algorithmic intent

Broadest Innovative compilation technology co-developed with University of

C/C++ Oxford
specification
support Supports latest ANSI C++ standards and common math libraries

Jasper™ Visualize debug technology extended to support C/C++

Side-by-side
C/C++ and Enables user to directly compare RTL datapath implementation with
RTL debug C/C++ specification to speed debug and ease root cause analysis

12 © 2023 Cadence Design Systems, Inc. All rights reserved.

 Visualize Debug and DUT Exploration Source: www.deepchip.com
“Visualize is an incredible debug tool. We use it for
debugging, finding root causes, and exploring."
What-If
Minimum trace length

Highlight
Relevant Logic

QuietTrace Property that

fails earliest

Preview with
values for property Why?
or why results

RTL line with

value annotation
13 © 2023 Cadence Design Systems, Inc. All rights reserved.
Formal VIP Portfolio
AMBA5 CHI-F I/F

AMBA5 CHI-E
AMBA5 AHB AMBA5 AXI CHI-E I/F & SYS OCP 2.2
AMBA4
AMBA5 AHB/AHB- AMBA5 AXI/ACE DFI 3/4/5
ACE SYS
Lite/APB
AMBA5 CHI-D PIPE 6
AMBA4 AXI CHI-D I/F & SYS AMBA4 AXI
AMBA3/4 AHB DDR 3/5
AMBA4 AXI/ACE Stream
I2C
AMBA3/4 AMBA5 CHI-C
AHB/AHB- AMBA3 AXI AMBA ATB LPDDR 3/5
CHI-C I/F & SYS
Lite/APB AMBA3 AXI
SPI
AMBA5 CHI
AMBA LPI
CHI-A/B I/F & SYS
CXL.Mem

14 © 2023 Cadence Design Systems, Inc. All rights reserved.

Agenda

Jasper™ platform overview

Core formal apps

RTL designer signoff apps

Verification apps

Summary
15 © 2023 Cadence Design Systems, Inc. All rights reserved.
Jasper RTL Designer Apps
Shift-left: remove bugs before handoff to verification and implementation

Superlint CDC RTL Designers Desktop

Differentiated
Extensive Lint Complete
Best-in-class Functional
& DFT Structural
Auto Formal Checks &
Checks Checks for
Checks Metastability
CDC & RDC
Injection 80% reduction
in late-stage changes
Visualize Analysis & Violation Debug
Up to 4 weeks
Persistent & Formal-assisted Waivers faster IP design time
Best-in-class Formal Engines

• Common Jasper™ front-end with leading System Verilog support & capacity
• Leverages formal technology to reduce noise and automate waivers

16 © 2023 Cadence Design Systems, Inc. All rights reserved.

Jasper Superlint: Hand-off Robust Reusable RTL

Enabled by true
• What’s new?
Naming
formal technology o Custom rule creation
Coding style
o FSM deadlock/livelock check
DFT controllability
Structural Lint performance improvements
& DFT Checks Sim-synth DFT o Deadcode debug root-cause
mismatch observability
analysis
Low-noise violation o Improved waiver handling
+ X assignment & waiver handling

Arithmetic LPDDR
NAND
FLASH
Reachability

Automatic overflow
Livelock/
Formal deadlock
Checks Range overflow

Combo loop Bus contention

analysis

Comprehensive functional checks, violation debug & waiver

handling based on best-in-class formal analysis

17 © 2023 Cadence Design Systems, Inc. All rights reserved.

Jasper CDC: Hand-off CDC/RDC-clean RTL
Convergence/
Wide range of synchronizers (nDFF, reconvergence
mux, fifo, handshake, user-defined…)

Comprehensive
Checks Automatic structural checks
• What’s new?
RDC checks Usability & noise reduction
+
Functional checks (gray, fifo…) o

Metastability o Schematic enhancements

modeling & injection
Low-noise
violation handling
o Native SDC support
Innovative o Full-chip scalability
Debug & Waiver
Handling Powerful auto-
Innovative debug
waiver feature
with graph view
Enabled by true Flexible reports Assertion
formal technology with filters CDC coverage generation & export
to sim

The only CDC + RDC solution with industry-leading formal technology

for functional checks and violation/waiver handling
18 © 2023 Cadence Design Systems, Inc. All rights reserved.
Agenda

Jasper™ platform overview

Core formal apps

RTL designer signoff apps

Verification apps

Summary
19 © 2023 Cadence Design Systems, Inc. All rights reserved.
Coverage Unreachability App
Saves simulation users weeks of time and effort for verification closure

• Inputs: simulation coverage database Design

&
Simulation
Simulation Formal
Holes
and RTL Testbench
Simulation
Runs
Runs
Runs
N Y
• Output: Unreachable cover points Block
Expression
Unreachable?
database Coverage
Toggle
Unreachable
no action Coverage
• Run by simulation users without formal Database
Database

expertise Merge

• Integrated with vManager to clearly show

unreachable coverage points
• Resilient compilation with Xcelium
“Unreachable”
• Supports all Xcelium modeling markers in
languages and setup vManager

20 © 2023 Cadence Design Systems, Inc. All rights reserved.

CSR Verification App
Exhaustive verification with reduced setup & run times
1
2 3
RTL Design

Control/Status Spec vs.

Register Verification Register Behavior
Register Spec Discrepancies
Jasper™ w/Visualize™

Formal VIP

1. Inputs: register spec and your RTL design

2. Run Jasper Control/Status Register Verification app
o App automatically derives & generates all properties
o Automatically runs formal engines to prove all properties
3. Output: CEX’s show discrepancies between spec and RTL
21 © 2023 Cadence Design Systems, Inc. All rights reserved.
Connectivity Verification App
Fast, exhaustive verification with lower setup & maintenance
1
2 3
RTL Design

Spec vs. RTL

Connectivity Verification Connectivity
Connectivity Spec Discrepancies
Jasper™ w/Visualize™

1. Inputs: static & temporal connectivity spec and SoC RTL

2. Run Jasper™ Connectivity Verification app
o App automatically derives & generates all properties
o Automatically runs formal engines under-the-hood to prove all properties
3. Output: any CEX’s are connectivity errors
22 © 2023 Cadence Design Systems, Inc. All rights reserved.
Built-in “Reverse Connectivity” Capability

Generate connectivity map from a golden

RTL and re-verify it in a revised RTL

(Add other configurations

accessible from Tcl)

23 © 2023 Cadence Design Systems, Inc. All rights reserved.

X-Propagation Verification App
Automatic formal checks with X-aware analysis & debug

• Analysis reflects actual silicon behavior

o No missed bugs due to either X-optimism or X-
pessimism
• Customized GUI and advanced reporting features
enables rapid X-propagation fault analysis.
• Requires no knowledge of formal or SVA

24 © 2023 Cadence Design Systems, Inc. All rights reserved.

Summary: Best-in-class Jasper Formal Verification Platform
• Jasper™ is the industry’s leading formal verification platform
o Adopted in 19 of the top 20 semiconductor companies

• Fastest and most scalable formal verification solution

o Proves properties and finds bugs faster, on wider range of bigger designs
o Largest R&D team by far ensures we stay ahead

• Easiest formal verification solution to adopt

o Comprehensive range of formal apps that automate property generation for specific tasks
o Powerful root-cause analysis and design exploration with the Visualize™ environment

Formal Technology Leadership =

• higher verification throughput
• on bigger designs
• with optimal compute resource (in-house or cloud)
25 © 2023 Cadence Design Systems, Inc. All rights reserved.
© 2023 Cadence Design Systems, Inc. All rights reserved worldwide. Cadence, the Cadence logo, and the other Cadence marks found at https://www.cadence.com/go/trademarks are trademarks or registered trademarks of Cadence
Design Systems, Inc. Accellera and SystemC are trademarks of Accellera Systems Initiative Inc. All Arm products are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All MIPI
specifications are registered trademarks or service marks owned by MIPI Alliance. All PCI-SIG specifications are registered trademarks or trademarks of PCI-SIG. All other trademarks are the property of their respective owners.
Security: Functional v Data Propagation Requirements

FPV App or SEC App Security Path Verification

(SPV) App

Data
Functional
Propagation
requirements
requirements
specified by
& restrictions
assertions
(high-level
(SVA)
rules)

• Examples: • Examples:
o CPU must not be interrupted if running secure code o Data in secure area must not be visible by CPU if it is
o System must be reset if an environment monitor trips not in secure mode
o FSM must never transition to SECURE after reaching o Secure register must not be written by non-secure
TEST or DEBUG states agent

• Other Jasper apps relevant to security:

o CSR app verifies integrity of register access policies
o FSV app models direct attacks on internal HW circuitry (laser, radiation…)
27 © 2023 Cadence Design Systems, Inc. All rights reserved.
Security Path Verification App
Formally prove secure data cannot leak
Proofs
No Data Leakage
Absolute Data Sanctity
RTL Fault Tolerance
Design
Visualize™
Secure Security Path Verification
Design Behavior &
Storage Jasper™ w/Visualize™ Counter examples
Spec

1. Inputs: RTL and spec. of the secure storage element

2. Run Jasper™ Security Path Verification app
o App automatically derives & generates all properties
o Automatically runs special path analysis, optimized formal engine under-the-hood
3. Output: CEXs show data leakage, violations of data sanctity, or vulnerabilities to
tampering/faults
28 © 2023 Cadence Design Systems, Inc. All rights reserved.
Jasper Functional Safety Verification Use Models

batch
Fault Testability Analysis Formal Fault
Testability
• Structural Fault Testability, Activatability and Relation analysis
• Automated pre-qualification flow for Xcelium Safety, no user intervention
• Reduces number of fault simulations
Fault Sim Fault
Fault Propagatability Analysis Xcelium Safety DB
• Formal Propagatability and Activatability analysis for Xcelium Safety
• Interactive debug, schematics and visualization of propagation
• Assists fault analysis sign-off with Xcelium Safety Formal Fault
Propagatability interactive

Fault Safety and Security Analysis

• Custom strobes and faults specification to model hacker attacks

• Advanced formal checks and multiplicity of faults FSV Standalone
• Addresses safety and security hardware qualification

29 © 2023 Cadence Design Systems, Inc. All rights reserved.

 Low Power Verification

UPF
Automatic Automatic
Power
User Functional Structural
Low Power Verification Aware
Assertions Assertions Checks
RTL Jasper™ w/Visualize™
RTL

Feed the new low power design view into other

apps for power-aware proofs and verification

Formal Property Connectivity Design Coverage

Verification Verification Verification

Jasper™ w/Visualize™

 Identify errors in the power architecture

 Identify RTL functional bugs implicated by power architecture

30 © 2023 Cadence Design Systems, Inc. All rights reserved.