# **Verification Futures** Conference ## **Austin Marriot South** **Thursday 12 September 2024** ## Sponsored by ## **Participating Companies** # Silicon & Systems Solution Partner #### Robust Infrastructure Test Floor | Reliability & STPI Smart Lab #### **Expert Engineering Team** 90% Technical Staff #### **Quality Processes** Upto 30% Cycle Time Reduction ARM, RISC-V Subsystem and Analog Block Development 5G and High Frequency RF Solutions High Performance Compute Solution Automotive Compliance Solution ## Let's Talk About Engineering New Possibilities ## Agenda (AM) | 08:30 | Arrival: Breakfast and Networking | | | | |-------|----------------------------------------------------------------------------------------------|--|--|--| | 09:25 | Welcome: Mike Bartley, Tessolve Semiconductor Ltd | | | | | 09:30 | Keynote Speakers Hemendra Talesar (Startups (Bitstar Technologies, Planorama Design, others) | | | | | 10:15 | User Top Verification Challenges | | | | | | Vijay Kanumuri (Renesas Electronics) | | | | | 10:30 | Paul Graykowski (Cadence Design Systems) | | | | | 11:00 | Refreshments and Networking | | | | | 11.30 | Multi-Track Session | | | | | | Track 1 - CPU User Presentations [Lonestar Ballroom – Salon A+B] | | | | | | 11:30 Mike Thompson (OpenHW Group) | | | | | | 11:50 Varun Koyyalagunta (Tenstorrent) | | | | | | 12:10 Vibarajan Viswanathan (Condor Computing) | | | | | | Tunels 2. Tunining Session 1. [Longston Ballycom, Salon Cl. | | | | | | Track 2 - Training Session 1 [Lonestar Ballroom – Salon C] | | | | | | 11:30 Doug Smith (Doulos) | | | | | | Track 3 - UVM for AMS Verification [Lonestar Ballroom – Salon D] | | | | | | 11:30 Peter Grove & Steven Holloway (Renesas) Remote Presentation | | | | | | | | | | 12:30 Lunch and Networking ## Agenda (PM) | 13:30 | Adnan Hamid (Breker Verification System) | | | | |-------|-------------------------------------------------------|--------------------------------------|--|--| | 14:00 | Dilip Kumar (TessolveDTS Inc) | | | | | 14:20 | Larry Lapides (Synopsys) | | | | | 14:40 | Vikram Khosa (ARM) | | | | | 15:00 | Refreshments and Networking | | | | | 15:30 | Multi-Track Session | | | | | | Track 1 – Latest Topics in Verifica | tion [Lonestar Ballroom – Salon A+B] | | | | | 15:30 Nianhang Hu (University | of Nebraska - Lincoln) | | | | | 15:50 Rahul Kande (Texas A&M University) | | | | | | 16:10 Ishaq Unwala (University of Houston Clear Lake) | | | | | | Track 2 - Training Session 2 | [Lonestar Ballroom – Salon C] | | | | | 15:30 Doug Smith (Doulos) | | | | | | Track 3 — VHDL Verification | [Lonestar Ballroom – Salon D] | | | | | 15:30 Espen Tallaksen (EmLogi | c) Remote Presentation | | | | 16:30 | Event Closes | | | | ## **Floor Plan** #### **FLOOR PLAN** ## **CALL FOR PAPERS** Whatever your specialty, Verification Futures provides an excellent opportunity to share your experiences and insights on the key technical and industry challenges we face in verification. #### **Submit an Abstract for VF2025** We are now seeking submissions for presentations and papers describing interesting and innovative experiences related to challenges faced in hardware verification. These submissions should include a brief description of the ASIC, SoC and FPGA verification challenges that need to be addresses and/or innovative solutions to improving verification. Abstracts should be targeted toward a technical audience of hardware verification engineers. Abstracts may also address the safety and security issues relating to verification. #### **Submission Dates** Call for Papers Opens UK & USA Final Presentations Required UK Final Presentations Required USA 31 March 2025 30 June 2025 #### **Abstract Submissions** Abstract submissions should be no more than 2,500 characters and include a short biography of the speaker. All abstracts will be reviewed and notice of acceptance will be sent via email. To submit your abstract please sent to – <u>mike.bartley@tessolve.com</u> and for guidance please visit https://www.tessolve.com/verification-futures/ #### **About Verification Futures 2025** Verification Futures is a unique one-day conference, exhibition and industry networking event organized by Tessolve to discuss the challenges faced in hardware verification. The event gives the opportunity for end users to define their current and future verification challenges and collaborate with the vendors to create solutions. It's also an excellent opportunity to network and catch up with other verification engineers across Europe & USA. ## Mike Bartley # **Tessolve Semiconductor Ltd**Senior Vice President – VLSI Design ## Welcome Message #### **Biography** Dr Mike Bartley has over 30 years of experience in software testing and hardware verification. He has built and managed state-of-the-art test and verification teams inside a number of companies (including STMicroelectronics, Infineon, Panasonic and start-up ClearSpeed) and also advised a number of companies on organisational verification strategies (ARM, NXP and multiple start-ups). Mike successfully founded and grew a software test and hardware verification services company to 450+ engineers globally, delivering services and solutions to over 50+ clients in a wide range of technologies and industries. The company was acquired by Tessolve Semiconductors, a global company with 3000+ employees supporting clients in VLSI, silicon test and qualification, PCB and embedded product development in multiple vertical industries. Mike is currently a Senior VP at Tessolve supporting VLSI globally with a focus on helping companies to incorporate the latest verification techniques and strategies into their verification flows and building verification teams to support these companies implement them on IP and SoC projects. He is also responsible for the Tessolve Centres of excellence running all R&D project with Tessolve, including building a new AI capability across all Tessolve products and services. Mike has a PhD in Mathematics (Bristol University), and 9 MSc's in various subjects including management (MBA), software engineering, computer security robotics and AI, corporate finance, and blockchain and digital currency. He is currently studying part-time for an MSc in quantum computing with the University of Sussex and for the use of technology in healthcare with the University of Glasgow. Tessolve would like to thank the sponsors and participants of the 2024 Verification Futures Conference ## Hemendra Talesara # Startups (Bitstar Technologies, Planorama Design, others) Advisor # Rethinking Verification Leadership: Ready or Not, Here Comes Generative Al ## Keynote Speaker #### **Abstract** The scale and ever-increasing complexity of chip design in the semiconductor industry have always posed a challenge for verification. We are all too familiar with the escalating costs of missed defects and long verification cycles. Project timelines have made leadership stick to legacy methods and often risk aversive. Unfortunately, sticking to only tried and true methods can put you out of the game. Generative AI is a game-changer technology. Its a disruptive force that will transform chip verification practices. From automation to augmentation, it will complement and enhance our most advanced method available today. We will look at how everything can be accelerated, from brainstorming, test planning, design verification reviews, scenario generation, and improved coverage to finding corner cases. It does have challenges, but nothing unsurmountable. Its time to push boundaries. Let's explore and rethink verification. #### **Biography** Hemendra is a known name in verification with over 35 years of experience. He worked for IBM, Synopsys, AMD, and many others and led many projects through the entire verification life cycle, from initial architecture exploration to design implementation to tapeout. His projects included CPUs, GPUs, Wireless, Networking, Telecom, Solid State Drive, and various peripheral IPs. He is a Certified Corporate Director, Advisor, and Mentor to startups. He is deeply into disruptive and transformative technology's technical and societal impact. He will explore the implications of next-generation AI on Verification Processes. # PROMPT ENGINEERING PRIMING STYLE AND TONE INSTRUCTIONS HANDLING ERRORS AND EDGE CASES DYNAMIC CONTENT OUTPUT FORMATTING ## FINE TUNING FURTHER TRAINING FOUNDATION MODEL WITH NEW EXAMPLES TEACH INTUITUION WHEN WORD FALLS SHORT BAKE IN STYLE , TONE, AND FORMATTING TO OUTPUTS REDUCING PROMPT LENGTH TRAIN SMALLER MODEL TO PERFORM BETTER ON SPECIALIZED TASKS BIGGER IS SLOWER AND MORE EXPENSIVE PICK RIGHT SIZE MODEL FOR THE TASK NARROW RANGE OF OUTPUTS TO MOST RELEVANT RETRIEVAL AUGMENTED GENERATION (RAG) KNOWLEDGE FORM EXTERNAL (PROPRIETARY) SOURCE REMEMBER LLMS DO NOT STORE FACTS. THEY STORE PROBABILITIES THEY PARAPHRASE WHAT IT HAS READ IN PROBABILISTIC MANNER ADDING RIGHT INFORMATION CAN BE POWERFUL RETRIEVAL AUGMENTED GENERATION (RAG) RETRIEVAL QUESTION Pre---PROCESS Go TO EMBEDDINGS SEARCH RELEVANT RITER BUILD PROMPT SEND TO LLIM FOR GENERATION SELF-REFLECT DATA – PDFS, WEB PAGE, (SPECS, PLANS, AND SO ON) SPLIT- CREATE SMALL CHUNKS FROM TEXTS EMBED – CREATE A VECTOR REPRESENTATION OF CHUNKS FINE TUNING DOES NOT TEACH FACTS CAN DO WITH SMALLER DATA SETS DOES NOT HAVE TO BE TOO EXPENSIVE DOES NOT HAVE TO BE COMPLICATED IT CAN WORK ALONG WITH RAG # AGENTIC REASONING BY ANDREW NG ZERO SHOT – WRITE A PROMPT, GET AN ANSWER, WRITE A CODE IN ONE ATTEMPT, NO BODY WRITES LIKE THAL (3.4 48%, 4.0 67%, PROVIDE A STEP WISE PLAN, AN ITERATIVE APPROACH -> REMARKABLY BETTER RESULTS MULTIPLE AGENTS WITH DIFFERNIT ROLES WORKING TOGETHER COLLABORATIVEY – DON'T DO IT ONE TAKE. YOU DO NOT WRITE A CODE IN FIRST ATTEMPT. YOU WRITE AND REVISE, DEBUG AND ITERATE. HELP MODEL DO THE SAME CHOSING BENCHMARK GROQ – 800 TOKENS PER SECOND – LOT OF TIME IN INFERENCE RUNNING HYPER INFERENCE SPEED READING EACH OTHERS VERY FAST GET EMBEDDING PART IMPROVE ## **VERIFICATION GEN-AI PROOF POINTS** PLANORAMA DESIGN (BASED IN AUSTIN, TEXAS) CEO, MATT GENOVESE BEST DEMONSTRATES USE OF RAG, FINETUNING, PROMPT ENGINEERING TO ADVANCE VERIFICATION METHODOLOGY RISC-5 DEMO ON YOU TUBE (LINK) ABILITY TO ACCESS DISPERSED DATA ACROSS THE DEPARTMENT RISC 5 INSTRUCTION TEST GENERATION STRUCTURED TEST PLAN REVIEW FINDING GAPS BETWEEN SPEC AND THE PLAN FINDING BUG IN RTL FAST INFORMATION RETRIEVAL RELATED TO BUG AND SPECS VERILOG CODE GENERATION A BRAINSTORMING PARTNER WORKING WITH SEMICONDUCTOR ORGS TO ENABLE CUSTOMIZED GEN-AI FLOW FOR DESIGN AND VERIFICATION APPLICATION OF THE GEN-AI ADVANCED CONCPETS TO VERIFICATION • TBD **VERIFICATION GEN-AI PROOF POINTS** 1. QUALCOMM'S AI-DRIVEN VERIFICATION: QUALCOMM 5 AI-DRIVEN VERIFICATION: QUALCOMM USES AI TO ACCELERATE COVERAGE CLOSURE IN CHIP DESIGN VERIFICATION AUTOMATING THE GENERATION OF TESTBENCH STIMULI PROVIDING ANALYTICS TO ENHANCE TESTBENCH QUALITY AWS GENERATIVE AI FOR SEMICONDUCTOR DESIGN AUTOMATING TASKS LIKE CODING, DEBUGGING NVIDIA USING AI IN VERIFICATION AND DESIGN GOOGLE USING AI TO DESIGN NEW CHIPS **VERIFICATION GEN-AI PROOF POINTS** UVM AND SYSTEM VERILOG TESTBENCH • TRIALS OF USING GENERATIVE AI FOR APB UVM TESTBENCH GENERATION BY DIANA · SYSTEM VERILOG GPT ## Vijay Kanumuri ### **Renesas Electronics** Senior Principal ## **Challenges in Verification for Automotive Applications** ## Challenge Paper #### **Abstract** Design verification targeted for Automotive SoCs provides several challenges spanning technical, compute, safety, reliability, advanced technologies and complexity of modern vehicles. We will discuss these aspects as part of presentation. #### **Biography** Vijay has a rich 16 years of experience in leading Design Verification teams across SOC Design Verification, Platform IP Design Verification, HSIO/Networking/Infrastructure IPs domains. In various capacity as Design Verification lead, he has led verification across many breakthrough products and platform definition in Automotive and Industrial space. He joined Texas Instruments after his graduation in master's in computer engineering from UT Austin. In his role starting in IP development and leading SOC DV, he has been instrumental in developing a platform methodology for verification across multiple product lines as well as leading end-to-end SOC DV execution for successful 16nm Automotive ADAS SOCs including post-silicon Test development. He led vendor Technical Review Meetings, evaluating, onboarding new tools, and driving architecture, test plan reviews and execution for first pass silicon success. In his previous role as Design Manager responsible for HSIO/Networking/Infrastructure IPs, he was leading the architecture for low-cost platform and networking IPs, IP procurement and Management Review meetings with external vendors to drive roadmap decision and alignment. | LOW POWER | | | |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|------| | Understanding System requirements and breaking it down to Unit and SoC verifice Power domain dependencies and validation of the spec | cation | | | Functional Verification - Power measurement using EDA tools from waveform and annotation to gates - Custom VIP development and checkers for state transitions. Need scalability acro - Clock gating complexity for dynamic power reduction | | | | | | | | Late in the design cycle Isolation values and spec content need to be done ahead of UPF sims Slower run times and tool dependencies with x-prop and UPF enabled Power domain definition (including dependencies) and functional intent Library support for Power Aware RTL | | <br> | | Power Aware - Library support for Power Aware RTL | | | | 0.303 Natural Dictionia Corporation A3 right network. Page 5 | RENESAS | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RENESAS | | ## Paul Graykowski # Cadence Design Systems Product Marketing Director ## Al and GenAl for Verification Productivity #### **Platinum Sponsor** #### **Abstract** The chip and system design industry faces a growing productivity challenge, with complexity on pace to increase 100X over the next decade. The complexity is outpacing the industry's ability to train new engineers, presenting companies with substantial risk. Al is being actively applied to the productivity challenge, showing great promise in improving efficiency by ten times or more. Cadence is further addressing this challenge through a series of advancements, which include accelerated compute, application of high-speed engines, and optimization with Al and Generative Al. EDA can benefit greatly by applying Al with the engineer-in-the-loop approach. This presentation will explore Cadence's Al accelerators for debug and formal proof analysis. In addition, we will also examine how a Retrieval-Augmented Generation (RAG) integrated with large Language Models (LLMs) can significantly reduce LLM hallucinations. Finally, we will delve into the application of copilots for assisting verification engineers with documentation, specifications, and planning. #### **Biography** Paul has over 25 years of expertise in the design and verification of SoCs. His diverse career encompasses technical roles in corporate and field application engineering as well as technical and product marketing. Currently, Paul is focused on product marketing and management for Cadence's Xcelium Simulator. Previously, he drove the application of IPXACT and Network on Chip at Arteris. During his 20-year tenure at Synopsys, Paul specialized in Verification IP and methodologies, evolving from Vera and VMM to SystemVerilog and UVM. His professional journey also includes positions at Compaq (HP), Intel, and Cirrus Logic. Paul earned his BSEE from Texas A&M. | | cādence° | | |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | DISSE Calcium Drugor Systems, Im., 24 raptic necessary assistance of calcium Calc | Channel, the Colonies kips, and the time Colonies make found of these channel about the production of the colonies colo | months or findings or appeared policies of Distance 1 to 2 to design of the Control Contr | ## **Track Session** # CPU User Presentations Lonestar Ballroom – Salon A+B #### **FLOOR PLAN** We would be grateful if you could move to the track session as quickly as possible ## Mike Thompson ## **OpenHW Group** Director of Engineering, Verification Task Group ## Accelerate your adoption of RISC-V with CORE-V-VERIF #### **User Paper** #### **Abstract** CORE-V-VERIF is an open-source project supported by the OpenHW Group. Its goal is to provide an open-source environment and work-flow that can be deployed onto any RISC-V processor core. Since December of 2020, OpenHW Group members have successfully used CORE-V-VERIF for end-to-end verification of more than six RISC-V cores. #### **Biography** Mike is a functional verification engineer and manager who has been involved in all aspects of the discipline: simulation, emulation, prototyping and formal verification. He is strong proponent of coverage driven processes in the pursuit of first-time-right silicon. ## OpenHW Group Proven Processor IP ## Accelerate your adoption of RISC-V with CORE-V-VERIF Mike Thompson mike@openhwgroup.org © OpenHW Group #### **Objectives** - Introduce the OpenHW Group, who we are and what we do, with specific emphasis on functional verification of RTL models of RISC-V cores. - Introduce "CORE-V": - CORE-V (pronounced "core five") is the family of RISC-V processor cores curated by the OpenHW Group. Written in SystemVerilog. Permissively licensed open-source code and documentation. Quantitative verification metrics. - The OpenHW Group applies industry leading tools and methodologies to fully verify its open-source RTL IP. - RIL IP. CORE-V-VERIF is an open-source SV/UVM verification environment for RISC-V cores. CORE-V-VERIF can be used as-is, or by using select components such an Instruction Stream Generator, UVM Bus Agents, Assertion Libraries and Functional Coverage. - · The OpenHW Group is a not-for-profit, global organization. - The OpenHW ecosystem is driven by members (corporate & academic) bringing together HW and SW designers collaborate in developing open-source cores, related IP and SW. - Primary focus is the CORE-V Family of open-source RISC-V processors. - International footprint with developers in North America, Europe and Asia. - Strong support from industry, academia and individual contributors worldwide. © OpenHW Group #### Is Open Source for You? - Permissively licensed open-source IP provides the "freedom to innovate": - Reduces the barrier to adoption. - Enables proprietary extensions of open-source reference implementations. Promotes "competitive collaboration" through sharing of development resources. - Reduces productization costs. - Open-Source does not mean "free lunch": You will need commercial tools to run CORE-V-VERIF. Engineers do not work for free. - Closing coverage requires tens-to-hundreds of thousands of compute-hours. - CORE-V benefits those organizations that: - Do not view processor IP as a differentiator for their business - Can take advantage of potential cost savings of using open-source IP. Wish to develop or demonstrate technical capabilities. # A Different Kind of Open Source Company The OpenHW Group is all about Industrial Grade practises for Industrial Grade Products: Use of commercial EDA tools and methodologies. Comprehensive and usable documentation. Well implemented RTL. Quantitative verification metrics. You get out what you put in: The OpenHW Group does not employ a large staff of design, verification and implementation engineers. 95% of the engineering effort, EDA tooling and compute infrastructure used to develop CORE-V IP comes from our Members. ## Quantitative Quality: TRL-5 - An OpenHW development project has achieved TRL-5 when it has completed all the deliverables defined in the OpenHW Group TRL5 for COREV RTL IP Template checklist: - o Find it on GitHub at https://github.com/openhwgroup/programs (link) - This is a spreadsheet with worksheets for: - Documentation - IP Licensing - o RTL Design - Simulation Verification - Formal Verification - Software Requirements ## What is CORE-V-VERIF? - A GitHub repository! Directly supports verification of most CORE-V cores. - Three usage models: Direct instantiate your RTL directly into CORE-V-VERIF. - Indirect clone CORE-V-VERIF structure into your environment. - Library re-use select components as ## Important Points - Everything represented in the previous slide is permissively licensed open-source: RTL code for the core. - User Manual for the core. - Testbench code. - Agents - Testcases Assertions. - Functional coverage - The Reference Model is the exception: Commercial Option: ImperasDV from Synopsys. Open-Source Option: custom Spike extension. ## Summary / Wrap-up - CORE-V is a family of permissively licensed open-source RISC-V cores curated by the OpenHW Group. - CORE-V IP is Industrial Grade. - "There is no they": benefitting from open-source means getting involved. - CORE-V-VERIF is the SV/UVM verification environment for CORE-V IP. ## **Thank You** | <br> | <br> | | |------|------|--| | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | <br> | <br> | | | <br> | | | | | | | | | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | <br> | <br> | | | <br> | <br> | | | | <br> | | ## **Notes** ## Varun Koyyalagunta ## **Tenstorrent** **Design Verification Engineer** ## Accelerating RISC-V testbench development with open source RISC-V RTL and emulation ## **User Paper** ## **Abstract** Today's shorter product time to market makes silicon verification runway shorter. Tenstorrent is working on CPUs based on RISC-V architecture for many AI applications. Since this is an emerging processor environment having RTL ready is not an easy task. Once RTL is available the testbench should be ready for both simulation and emulation workloads. Also, we should have all test collaterals ready to go, which involves firmware, drivers, applications etc. ## **Biography** Today's shorter product time to market makes silicon verification runway shorter. Tenstorrent is working on CPUs based on RISC-V architecture for many Al applications. Since this is an emerging processor environment having RTL ready is not an easy task. Once RTL is available the testbench should be ready for both simulation and emulation workloads. Also, we should have all test collaterals ready to go, which involves firmware, drivers, applications etc. At Tenstorrent we solved this problem by adopting RTL from RISC-V open source. This enabled us to shift left the emulation and simulation testbench creation. We use a standard memory interface, AXI, standard instruction interface, RISC-V Formal Interface (RVFI), and the open source CVA-6 RISC-V cpu to develop testbench architecture and collateral in advance with full architectural instruction-by-instruction checking. This helped us complete the testbench development and test infrastructure ready without our custom CPU RTL. When the inhouse RTL is ready, we could be able to replace our custom CPU RTL with open source CVA-6 processor. This methodology helped us significantly shift left the testbench and test infrastructure readiness. Due to this, we could able to innovate in the area of test collateral creation, making emulation ready infrastructure and were confident to run application level tests the minute RTL was available. We used ZeBu for emulation work on this accelerated testbench creation with open source RTL. # Introduction • Tenstorrent seeks to develop a high performance RISC-V core and bring it market ASAP • Emulation is key to that effort – Emulation is a must for software development and function verification • How do we keep DV out of the critical path? – Tenstorrent is starting infrastructure, DV, and RTL from scratch – No prior in-house emulator setup # Shift left verification using open source Accelerate testbench development • RISC-V has a rich library of off-the-shelf free IP and VIP • A testbench can reuse free VIP and be built around free IP – Allows the testbench and test development to be done in parallel with RTL development – A testbench with free IP can achieve goals like booting Linux without waiting on any custom RTL • When the custom RTL IP is ready, it can be dropped into the existing testbench – Testbench functionality and bugs have already been flushed out on the free IP • IP - CVA6 core with AXI to memory • VIP - Instruction Set Simulators - swerv-iss/whisper - CVA6 harness has RVFI for checking • All the components needed to develop and test a RISC-V CPU testbench • Custom RISC-V core can be dropped-in later # CVA6 RISC-V Open Source IP From the openhwgroup https://github.com/openhwgroup/cva6 6 stage in-order single-issue CPU Compiles into 67k LUTs: Fraction of 1 FPGA Enables fast compile iterations to debug testbench tenstorrent ## rv tester Testbench - Multi-threaded, asynchronous, message-passing based testbench built for configurability and maximum performance on emulation and simulation - RVFI and AXI packets from CVA6 are transferred over DPI to C++ code - These packets are asynchronously dispatched to components that subscribe to them - Components (bridge, clint, etc) are configurable through a registry Enabled or disabled based on DUT's configuration - Test chaining on emulation is supported by reconstructing the registry between tests "Warm reset" of the testbench Saves ~2 minutes of overhead between tests Connecting HW and SW in the Testbench Example YAML code ``` m_rvfi: domain: 1 num: $ (max (TOP. PLATFORM.COSIM.RVFI.NRETS) } fields: trap: width: 1 intr: width: 1 cause: ``` ## Optimizing Transactions for Performance Example C++ code that can subscribe to that transaction $\bullet$ Called asynchronously on a separate thread, so that the emulator thread is not waiting ``` tenstorrent ``` | <del></del> | |-------------| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | # Testbench iteration time drastically reduced Testbench iteration time drastically reduced Test bench solds on the Open-SourceCVA6 are much faster than our custom core The fact LUTs The Strip is test LUTs The Strip is test to the sold of the draw of the sold of order custom RISC-V core Bugs found and fixed in emulation white custom core is brought up Thois issues - SV constructs of thigh supported in emulation Tostbench issues - various checker bugs missed in simulation Versiched transing bug in code This bug in code This bug in code This bug in code This instruction checking 90 Attractives to speed-up boot Performance for custom RISC-V core on Linux boot <5 minutes to boot Full instruction checking 90 Attractives (the proving) No instruction checking 15 Affiz (vorking to improve) Tenstorrent Conclusion Accelerated testbench bring-up on Open-Source CVA6 prior to custom core 4 months of saved DV development time after RTL is ready! Testbench is ready to run billions of cycles every day to run regressions tenstorrent ## Vibarajan Viswanathan ## **Condor Computing** Sr.Principal DV Lead ## Memory Patterns – Reusable Stimulus for RISC V Memory Subsystem Verification ## **User Paper** ## **Abstract** Verifying Memory Subsystem in CPU is hard. The design blocks span from Load store to caches, NOCs and to the memory. In RISC, the max access size is 8 bytes at the Load Store Unit. The caches operate on whole 64bytes (32byte) cache line size. DV challenges span across a) Coherency: The verification of Hit or Miss, Snoops on L1, L2 and L3. b) Memory ordering between LD, ST c) Data Forwarding from ST to LD, d) Aligned vs unaligned transfers e) NOC Latency modelling f) Complex address patterns. This presentation proposes a reusable Memory Pattern generator that can stress the memory subsystem from Unit level to full core level. ## **Biography** Vibarajan (Viba) Viswanathan has over 25 Years of experience in Semiconductor and EDA industry, mostly in Design Verification. Viba holds a bachelor's degree in Electronics and Communication Engg., and a PG Diploma from UT Austin on AIML. His work experience spans across companies that include 0-In Design Automation, Synopsys, Mentor Graphics, Marvell Semiconductor, Samsung, Centaur and Microsoft. He was part of the pioneering team on Assertions and Assertion IPs, Formal Verification and Verification IPs. Viba's domain expertise includes RISCV CPU/GPU Memory Subsystem, Load Store, Cache Coherency, Memory Ordering, Shader Core, Coherent Interconnects, CHI, DDR/LPDDR Memory Controllers. Viba is an avid follower of conferences and the various Verification Methodologies that include Constrained Random, Formal Property Verification, Assembly level instruction generation and AIML DV Use cases. ## **Notes** | | | Coherency | | |--------|-------------|-----------------------|-------------------------------| | vo c | ores writir | ng to same cache line | Multiple modified copies | | | | Correct Sequence: | | | CO | C1 | | CO C1 | | CO | CI | 1 | | | +1 | +10 | 2 | L1 (M) ST to same CL (Snoop) | | | . 10 | 12 | L2 (M) | | | | 13 | L3 (M) | | | | 23 | | | | | 33 | Which is most recent modified | | | | 34 | data? | | ncorre | ct Sequence | 35 | | | 1 | | 36 | | | | | 37 | | | 2 | | 38 | | | | | 39 | | | 3 | | 40 | | | | | 41 | | | | | 51 | | | | | 52 | | # Memory Ordering – Within a Core Same Cache Line Stores (\$10, \$10, \$10,...\$10) Order needs to be maintained Same Cache Line Loads (LD0, LD0, LD0,...LD0) Follow on Loads could reuse the return data of the first load Store to load forward: \$10,LD0 Different Cache Line Address Loads/Stores: (\$10,LD1,\$12,\$13,LD4) No ordering restrictions Same Cache line, Mixed Loads and Stores, Non-Overlapping bytes No ordering restrictions Same Cache line, Mixed Loads and Stores, \$20,Core (\$10,LD0,\$10,LD0,\$10,LD0) All LDs, \$15 have to be in order Sts will be merged in order before LD data is written to Physical Register CONDOR ## Memory Ordering - Multicore - Core0-\$T0,Core1-Ld1, Core2-Ld2,Core3-Ld3 (Different Cacheline) - At L3: LD1,LD2,ST0,LD3,LD4,LD5 - Intel (TSO): Total Store Order - LD1,LD2,ST0,LD3,LD4,LD5 - LD2.LD1.ST0.LD4.LD3.LD5 - LD1,LD2,ST0,LD3,LD5,LD4 - LD2,LD1,ST0,LD5,LD4,LD3 - ARM, RISC V: No Ordering - STO,LD3,LD1,LD2 - LD3,LD2,ST0,LD1 - LD3,LD2,LD1,ST0 - LD1,ST0,LD2,LD3 - LD1,LD3,ST0,LD2 CONDOR ## Load / Store Instructions (RV64,I,M,A,C,F,D,ZICSR) - S? - LB,LBU,LH,LHU,LW,LWU,LD,<del>LDU</del> (RV128I inst) - SB,SH,SW,SD - Sizes - B Byte (8 Bits) - H Half Word (16 Bits) - W Word (32 Bits) - D Double Word (64 Bits) | | <br> | <br> | <br> | |----------------|------|------|------| | | | | | | | | | | | | | | | | | | | | | 2.2 | | | | | | <br> | <br> | <br> | | | | | | | | | | | | 1000 | | | | | | | | | | 200 | <br> | <br> | <br> | | and the second | | | | | | | | | | | | | | | | | | | | | <br> | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | <br> | | | | | | | CONDOR | | | | | - V | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ## Load Register/Address level Dependency - Address dependency - Sample Scenario addird0, rs1, 0x5a; sb r1, offset(rd0); sb r2, offset(rd0); addird1, rs1, 0xdead; addird2, rs1, 0xdead; sb r4, offset(rd1); sb r5, offset(rd2); - Register dependencies - RAW, WAR, WAW - Single addi rd0, rs1, 0x5a; lb r0, offset(rd0); lb r1, offset(r0); lb r2, offset(r1); lb r3, offset(r2); Multiple Ib rb, offset(ra+8); Ib rd, offset(ra+64); sh rd, offset(rb); CONDO ## Same type Load, Continuous Address addird, rs1, 0xdeadbeef addird, rs1, 0x5a addird, rs1, 0xa5 //immediate value; //immediate value: //immediate value; lb r1, offset(rd); lb r1. 0(rd): lb r1, offset(rd); lb r1, offset(rd-1); lb r1, 1(rd); lb r1, offset(rd+1); lb r1, offset(rd-2); lb r1, 2(rd); lb r1, offset(rd+2); lb r1, 3(rd); Ib r1, offset(rd-3); Ib r1, offset(rd+3); lb r1, 4(rd); Ib r1, offset(rd-4); lb r1, offset(rd+4); lb r1, 5(rd); lb r1, offset(rd-5); lb r1, offset(rd+5); // Up to 5 or 10 Cacheline size // Up to 5 or 10 Cacheline size and put them in loop and put them in loop and put them in loop CONE ## Mixed Loads or Stores: Continuous Address ### Mixed Loads addird, rs1, imm value; lb r1, offset(rd); lh r1, offset(rd+1); lbu r1, offset(rd+1+2); lhu r1, offset(rd+1+3); lw r1, offset(rd+2+4); lw offset(rd+4+6); // Up to 5 or 10 Cacheline //size and put them in loop ### Mixed Stores addira, rs1, imm value; sb rd, offset(ra); sh rd, offset(ra+1); sw rd, offset(ra+2+4); sw rd, offset(ra+4+6); ......; // Up to 5 or 10 Cacheline size // and put them in loop CONDOR ## Mixed Loads and Stores, Continuous Address addi ra, rs1, imm address; addi rd, rs1, imm data; sb rd, offset(ra); lb rd, offset(ra); sh rd, offset(ra+1); lh rd, offset(ra+1); sbu rd, offset(ra+1+2); Ih rd, offset(ra+1+2); shu rd, offset(ra+1+3); Ihu rd, offset(ra+1+3); sw rd, offset(ra+2+4); Iw rd, offset(ra+2+4); sw rd, offset(ra+4+6); Iw rd, offset(ra+4+6); ......; // Up to 5 or 10 Cacheline size and put them in loop CONDO | <br> | <br> | |------|------| | <br> | <br> | | <br> | <br> | | | <br> | | | | | | | | | | | | | | | | | | | | <br> | <br> | | <br> | <br> | | <br> | <br> | | | | | | | | | | | | <br> | | | | | | | | | | | <br> | <br> | | <br> | <br> | | <br> | <br> | | | | | | | | | | | <br> | <br> | | <br> | <br> | | | | | | | | | | ### Loads & Stores, Continuous Address, two level dependencies Two Loads (Addr and Data) & One Store lb rb, offset(ra+1+3); addi ra0, rs1, imm addr; addi rd0, rs1, imm data; Ih rd, offset(ra+1+3); shu rd, offset(rb); lb ra, offset(ra0); lb rb, offset(ra+2+4); Ib rd, offset(rd0); Ih rd, offset(ra+2+4); sb rd, offset(ra); sw rd, offset(rb); lb rb, offset(ra+1); lb rb, offset(ra+4+6); lbrd, offset(ra+1); Ih rd, offset(ra+4+6); sh rd, offset(rb); sw rd, offset(ra+4+6); lb rb, offset(ra+1+2); Ihrd, offset(ra+1+2); // Up to 5 or 10 Cacheline size and put them in loop sbu rd, offset(rb); # addi rd, rs1, immediate value; Ih r1, offset(rd); Ih r1, offset(rd+2 - 2/2); Iw r1, offset(rd+4 - 4/2); Ih r1, offset(rd+8 - 2/2); Iw r1, offset(rd+10 - 4/2); Iw r1, offset(rd+10 - 4/2); Iw r1, offset(rd+10 - 4/2); Iw r1, offset(rd+10 - 4/2); Iw r1, offset(rd+10 - 4/2); ## Read / Write Collision: Bank Size is 8 Bytes. No overlapping bytes, Overlapping Byte level overlapping Word level overlapping Dword level overlapping Same Cacheline different Bytes (No Collision) Same Cacheline same bytes (Collision) ## Test Compose Strategy 1: "Base Patterns" Instruction Types: o Loads, Stores, Mixed Loads/Stores, Compressed Loads, Stores LB,LBU,LH,LHU,LW,LWU,LD SB,SH,SW,SD Patterns: o Address, Register Dependency o Single level, Multi level, o Increment, Decrement, Overlapping, Repeat (Same Address) Test Compose Strategy 2: "Address Pattern, Step Size" Random or Selective patterns Selective Patterns Increment, Decrement, RepeatContinuous, Overlapping Step Size Same step size (Repeat / Same Address) Variable Step Size Fixed Step Sizes : Byte(8Bits), Half Word(16), Word(32), Dword(64) CL, SET, TAG Sizes Overlapping Variants: Byte level Overlapping Addresses Word level , dword level overlapping Test Compose Strategy 3: "Test Options" Aligned/unaligned: · How to create unaligned: Using offsets or addresses. Test length (No of Transactions) · One time run or Repeat Count How to compose a test? Final Test = Pick a "Base Pattern" + Pick a "Type of Address Pattern" + Pick a "Test Option" ## Conclusion - Scalable Stimulus: - Generated Configurable, Reusable Assembly code - Same patterns could be generated for Unit level and Subsystem Level: LSU, L2, L3 - Results (LSU) - o 200+ Generated Tests - 100+ Explicit tests - o 60% Fails on Generated, 40% fails on Explicit tests CONDOR | <br> | - | <br> | | |------|---|------|--| | | , | <br> | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | ## **Notes** ## **Track Session** ## Training Session 1 Signing Off with Formal Lonestar Ballroom – Salon C ## FLOOR PLAN We would be grateful if you could move to the track session as quickly as possible. ## **Notes** ## **Doug Smith** ## **Doulos** Engineer / Instructor ## **Signing Off with Formal** ## **Gold Sponsor** ## **Abstract** If you have only used formal apps or verified a few properties using modeling checking, then how do you sign-off on a project using formal just like a simulation-based verification environment? The answer is a good formal methodology and objective formal coverage. In this tutorial, we will have a look at both and discuss different types of formal coverage and how to interpret them. ## **Biography** Doug Smith is a verification engineer and instructor for Doulos based in the Austin Texas area with expertise in UVM and formal technologies. He has been using formal technology for several decades, performing formal verification on many kinds of designs and formal applications. Likewise, he has provided formal application support at both Jasper and Mentor/Siemens EDA. At Mentor/Siemens EDA, he served as a formal specialist and verification consultant, where he provided both formal consulting and developed an automotive functional safety formal app for performing formal fault campaigns. At Doulos, he delivers training in verification methodologies like UVM, SystemVerilog, and formal technology. Doug holds a masters degree in Computer Engineering from the University of Cincinnati and a bachelors degree in Physics and Biology from Northern Kentucky University. Currently, he resides in Paige Texas with his wife and family on a small farm where he raises bees, cows, horses, chickens, and pigs and loves driving a tractor. ## **ESL & Verification Methodology** - » SystemVerilog » UVM - » SystemC » TLM-2.0 » Formal ## Hardware Design (ASIC / FPGA) - » VHDL » Verilog » SystemVerilog - » Tcl » AMD » Intel FPGA ## **Embedded Software** - » C » C++ » Zephyr » Linux » Yocto » Security - » Arm Cortex A/R/M » Rust » Android ## **AI & Machine Learning** - » Edge Al » Deep Learning - » Python ## **NEW Course: Advanced Formal Verification** Gain a deep, practical knowledge of formal verification Full course details: www.doulos.com/afv Call +1-888-GO-DOULOS to discuss your training needs # Signing-Off with Formal Strategy and methodology Formal coverage Assertion density Reachability Mutation coverage Interpreting coverage Sign-off summary # Bug Hunting Sign-off Formal apps End-to-end checks Formal VIP Reduce complexity with abstraction Property verification Replace simulation with formal sign-off Goal – CEXs Find deep corner-cases Coverage secondary Full coverage ## **Formal Coverage Goals** Assertion precondition coverage - 100% Functional coverage – 100% cover properties / covergroups Assertion coverage - 100% at required proof depth Code coverage – 100% line / condition / etc. 9 ## **Types of Formal Coverage** Assertion density (cone-of-influence) Assertion coverage (proof core) Functional coverage – cover properties / covergroups Unreachability Identifies dead code Reveals overconstraining Generate coverage exclusions for simulation Reachability ${\sf Code\ coverage-statement\,/\,branch\,/\,FSM\,/\,toggle\,/\,etc.}$ Bounded reachability – proof bound / target for abstraction Mutation coverage - quality of assertions and constraints 10 ## Coverage - Known By Many Names | Aliases | Cone-of-<br>Influence | Proof Core | Mutation | Reachability | |-------------------------------|-----------------------|------------|-------------------|--------------| | Assertion or property density | x | | | | | Stimulus coverage | | | | x | | Checker coverage | x | x | x | | | Observability coverage | | x | | | | Bounded coverage | | x | x | x | | Over-constraint coverage | | | × | × | | Sign-off coverage | X<br>(some tools) | X | X<br>(some tools) | Х | 11 ## **Signing-Off with Formal** Strategy and methodology Formal coverage Assertion density Reachability Mutation coverage Interpreting coverage Sign-off summary 12 | <br> | | |------|--| | | | | | | | | | | | | | | | | | | | <br> | | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | | | | | | <br> | | | | | | <br> | | | | | | <br> | | | <br> | | | | | | | | | | | | | | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | # Add Another Assertion always @(posedge clock) if (reset) q <= 0; else if (ena) q <= a; else if (enb) q <= b; a\_enb: assert property (@(posedge clock) disable iff (reset) ena |=> q == \$past(a) ); always @(posedge clock) begin sig <= in1 & in2; out <= sig | in3; end a\_out: assert property (@(posedge clock) ##1 out == \$past(sig | in3) ); | <br> | <br> | |------|------| | | | | | | | <br> | <br> | | | | | | | | <br> | <br> | | | | | | | | <br> | <br> | | | | | | | | <br> | <br> | | | | | | | | <br> | | | | | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | | | | | | | | | <br> | <br> | | | | | | | | <br> | <br> | | | | | | | | <br> | <br> | | | | | | | | <br> | <br> | | | | | | | | <br> | <br> | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | <br> | <br> | | <br> | | | | | | <br> | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ``` Reachable Items module simpleuart ( input clk, input resetn, output ser_tx, input ser_rx, 109 always @ (posedge clk) begin Line or statement if (reg_div_we) send_dummy <= 1; send_divcnt <= send_divcnt + 1; if (!resetn) begin Branch Expression / Condition send_pattern <= ~0; send_bitcnt <= 0; send_divcnt <= 0;</pre> FSM States 114 FSM Transitions Toggle 117 send_dummy <= 1; end else begin if (send_dummy && !send_bitcnt) begin send_pattern <= ~0; send_bitcnt <= 15; send_divcnt <= 0;</pre> 119 122 123 send_dummy <= 0; 124 end else .. 22 ``` ``` DOULOS Conceptually ... module simpleuart ( input clk, input resetn, output ser_tx, input ser_rx, always @(posedge clk) begin 109 110 if (reg_div_we) send_dummy <= 1; send_divcnt <= send_divcnt + 1;</pre> lineno = 110; lineno = 111; lineno = 112; if (!resetn) begin send_pattern <= ~0; send_bitcnt <= 0;</pre> send_divcnt <= 0; send_dummy <= 1; 117 118 119 end else begin if (send_dummy && !send_bitcnt) begin 120 121 send_pattern <= ~0; send_bitcnt <= 15;</pre> send divcnt <= 0; send_dummy <= 0; Line/statement reachable end else .. 124 line_cov_110: cover property ( lineno == 110 ); ``` ``` Unreachability logic [2:0] state; unreachable (FSM State Coverage) state 0->2, 1->0 unreachable (FSM Transition Coverage) always @(posedge clock) state[2] 0->1, 1->0 unreachable (Toggle Coverage) state <= 0; else case (state) 0: if (state == 0) state <= 1; else state <= 2; Line unreachable (Line Coverage) 1: if (a && !prev_a) state <= 2; else if (prev_a && b) Condition unreachable (Condition Coverage) w/ constraint state <= 3; 2: state <= 0; Line unreachable (Line Coverage) w/ constraint endcase prev_a <= a; as_prev_a: assume property ( @(posedge clock) prev_a != b ); 24 ``` | | <br> | |--|------| | | | | | | | | | | | | | | <br> | | | | | | <br> | | | | | | <br> | | | | | | | | | | | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | | | | | | <br> | | | | | | | | | | | | | | | <br> | | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ## **Use Models for Reachability Analysis** Run without constraints – identify dead code Generate coverage waivers for simulation Run with constraints - identify impact of constraints ``` else if (prev_a && b) state <= 3; Line unreachable with constraint as_prev_a: assume property ( @(posedge clock) prev_a != b ); ``` Bounded coverage - identify areas not reached by bounded proof 25 ## **Reachability Analysis** ``` always @ (posedge clock) if (reset) q <= 0; else if (ena) q <= a; else if (enb) q <= b; a_enb: assert property (@ (posedge clock) disable iff (reset) ena |=> q == $past(a) ); always @ (posedge clock) begin sig <= in1 & in2; out <= sig | in3; end Line Coverage 3/5 Toggle Coverage 7/12 ``` But are there enough assertions? ## **Un/Reachability Coverage** 26 Any items unreachable due to input stimulus? Reveals overconstraining | Cover Type | Total | Unreachable | 1 | Reachable | |----------------|----------|-------------|------------|--------------| | | | | | | | Branch | 35 | 35 | 35 ( | 100.0%) | | Condition | 4 | 4 | 4 ( | 100.0%) | | Expression | 2 | 2 | 2 ( | 100.0%) | | FSM State | 0 | 0 | 0 ( | 0.0%) | | FSM Transition | 0 | 0 | 0 ( | 0.0%) | | Statement | 37 | 37 | 37 ( | 100.0%) | | Toggle | 542 | 460 | 457 ( | 84.9%) | | Covergroup Bin | 0 | 0 | 25 ( | 0.0%) | | | | | | | | Also known as: | Stimulus | coverage | er-constra | int coverage | 27 ## Coverage - The Story So Far ... Simulation coverage – measure the quality of the simulation vectors [Test bench] Cover property – prove that a specific property holds at least once [RTL/constraints] Cone of Influence – measure assertion density (quick-and-dirty) [Assert/cover] Formal core – measure property density (more realistic) [Assert/cover] Un/Reachability analysis (unconstrained) – identify dead code [RTL] Un/Reachability analysis (constrained) – identify over-constraint [Constraints] Bounded unreachability analysis ........ 28 | <br> | <br> | |------|------| | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | <br> | <br> | | | | | | | | | | | <br> | <br> | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | <br> | <br> | | <br> | <br> | | | | | | | | <br> | <br> | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | <br> | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | | |------|--| | | | | <br> | | | | | | <br> | | | | | | <br> | | | | | | | | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ## **Running Mutation Coverage** - 1. First achieve 100% assertion, COI, and reachability coverage - 2. Run unmutated RTL with formal testbench as sanity check - 3. Run mutation coverage (exclude faults detected by simulation) Fault outside COI of any assert => write more assertions or waive Fault undetected => write more assertions or waive Fault detected by causing assertion to fail => okay 33 ## **Signing-Off with Formal** Strategy and methodology Formal coverage Assertion density Reachability Mutation coverage Interpreting coverage Sign-off summary 34 ## Interpreting Coverage – Property Coverage ### **Cover Properties** | | | Failing | Passing | |------------|---------|--------------------------------------------------------|--------------------------| | Properties | Failing | Covers - overconstrained<br>Asserts - underconstrained | Underconstrained<br>Bugs | | Assert Pr | Passing | Overconstrained<br>Missing asserts | Goal! 🎸 | 35 ## Interpreting Coverage – Stimulus vs Checker ## Un/Reachability (Stimulus Coverage) | | | Low | High | |-------------------------------------|------|------------------------------------------------------|----------------------| | COI / Proof Core (Checker Coverage) | Low | Need more assertions<br>Overconstrained<br>Dead code | Need more assertions | | | High | Overconstrained | Goal! 🎸 | | 024 Doulos | | | | ## **Track Session** ## UVM for AMS Verification **Lonestar Ballroom – Salon D** ## **FLOOR PLAN** We would be grateful if you could move to the track session as quickly as possible ## **Notes** ## **Peter Grove & Steven Holloway** #### Renesas Distinguished Member of Technical Staff Senior Member of Technical Staff #### **Mixed-Signal Randomisation - Stimulus and Checkers** #### **User Paper (Remote presentation)** #### **Abstract** Constrained-random verification (CRV) is a well-established and successful methodology for digital designs and UVM has become the primary means to achieve this. The functional complexity in mixed-signal designs is increasing exponentially. Even a simple Power Management Unit can have hundreds or thousands of control bits and many modes of operation. To achieve good functional coverage, it is important to adopt a CRV approach for mixed-signal designs. This approach can help us manage a large verification space, including: checking analogue performance under a large set of programmable configurations; digital control system interaction with analogue circuits; covering unexpected corner cases in A/D interaction. To lower the bar for verification engineers to switch Device-Under-Test (DUT) abstractions between DMS and AMS a generic monitor will be presented. This monitor is agnostic to the DUT abstraction so the Verification engineer can work in the environment they are most comfortable in. This presentation shows some of the ways in which Renesas has applied UVM to mixed-signal designs and some of the benefits we gained by doing so. The work presented was the driving force in defining the UVM-MS standard. #### **Biography** **Peter** has worked in the industry starting back in 2001 when he joined a small company called Wolfson MicroElectronics, where he was project lead for more than 15 production devices. Since then, Peter has only worked at one other company, Nujira, before joining Dialog (now Renesas) at their Edinburgh office. Peter has been with Dialog since 2014. Peter's background has been main digital design, but has over the years taken charge of many large mixed signal devices that are in volume production and been exposed to enough analogue design work to appreciate the issues they face in verification. Peter's background has been main digital design, but has over the years taken charge of many large mixed signal devices that are in volume production and been exposed to enough analogue design work to appreciate the issues they face in verification. Peter has an eye for looking for ways in which techniques can be done to improve chip level coverage, simulation runtime improvement to name a few. Peter is also in a unique position that during his days at Wolfson he was a key player in defining their schematic/Layout tool set with integrated revision control. This has allowed Peter to gather many skills not just in design work but in all the backend flows and EDA tools, understanding different netlist types and how the tools work. Peter's technical interests are mixed signal and analogue verification methodologies, design flows. Peter also is an Acellera SystemVerilog-AMS committee chair, UVM-AMS member/key contributor making sure the 'users' feedback on the language is considered and not what the vendors just want to support. **Steve** has 24 years' experience of digital verification including eRM, OVM, UVM and formal property checking. He has led the verification of large-scale consumer SoC projects. He joined Dialog Semiconductor in 2011 and previously worked for Doulos, NXP and Trident Microsystems. Steve has presented at multiple external conferences including a panel session at DVCon US. He participates in industry standards bodies and has contributed code to the Accellera UVM-AMS working group #### WHAT ABOUT REAL NUMBERS? IEEE 1800-2023: "The solver can randomize singular variables of any integral or real type" Random real values are uniformly distributed over their range. For example: ``` rand real v; constraint c {v > 0.0 && v < 2.0;}</pre> ``` The probability of choosing a value in the range 0.0 to 1.0 is the same as the probability of choosing a real value in the range 1.0 to 2.0. A real is a 64-bit number so some $\underline{sensible\ clamping}$ on significant figure is needed (int' (real\_var/le-6) \*le-6) //Clamp to 1u significant figure © 2024 Renesas Electronics Corporation. All rights reserved Page 1 BIG IDEAS FOR EVERY SPACE RENESAS ## REAL COVERAGE A range of real values is different from a range of integral values. A range of real values within the specified range • lt allows all possible values within the specified range • e.g. VALUE\_LOW > a > VALUE\_MAX • The covergroup option real\_interval defines partitioning for a range of bins • A single-value real bin can fail to cover numbers very close to the bin value, because a real number representation has limited precision covergroup cg; type\_option.real\_interval = 0.1; cp\_a:coverpoint a { bins Z = {real! (2STATE); bins RANGE[] = {(VALUE\_LOW:VALUE\_MAX]; } endgroup conditions the first partition of the condition con ## PROBLEM STATEMENT AND REQUIREMENTS - Ability to monitor internal nodes in the design which based on netlist configuration (HED) could change abstraction. - In one HED configuration the node resolves to a Real, in another UDN and in another Electrical. - Node may not exist in some HED configurations! - Effects of node can't easily be monitored on DUT IO's. (E.g. Internal bias currents/references) - Monitor Voltage, Port Current or Port/Block Power. - Requirements (Wish list) - No elaboration error if the path does not exist. Use a string as a path to a scalar node/port. - Work's in DMS/AMS without user interaction. - Ability to change trigger levels during the simulation. - Dynamically enable/disable the monitor during the simulation. - Limit simulation overhead. • Could be used for UPF supply monitoring thus works in DMS/AMS without user interaction or vendor extensions. Y SPACE RENESAS ## Automatically enable monitor on internal signals. E.g. Bandgap enable. (Allows concurrent checking for any simulation.) Noise on some nodes are hard to see unless a catastrophic issue happens, resulting in a verification hole. Detect if a circuit kicks a reference when starting up. E.g. Comparator's capacitive feedback kicks high impedance node. Monitor static bias currents to blocks. If a bias goes to 2 blocks by accident it might not be easy to detect in AMS. In DMS most of this is not as important, but DMS can be used to setup/debug the monitor in a fraction of the time. ## OUTLINE OF MODULE(S) AND FLOW • Must be a *module* to access continuous time nodes at every analog timestep. - Utilized simulator initialization sequencing, \$analog\_node/port\_alias and VPI routines. - Parameters to set Node, Mode and whether DMS+AMS, DMS only or AMS only - Hierarchy of 3 modules, with multiple views of Verilog-AMS version. - Dummy module for DMS netlist (ana\_node\_ok = 1'b0) - Verilog-AMS for AMS simulations. - Matches UVM-MS proposed standard architecture - SV Bridge (SV wrapper), instancing API via proxy - DUT abstraction for 'analog resource(s)' \_\_\_\_\_ Page 22 RENESAS #### #### **DIGITAL OOMR PROBING** - SystemVerilog has no \$digital\_node\_alias/\$digital\_port\_alias function. (Vendors don't have a generic version for any netType system Verilog has no \$digital\_node\_alias/\$digital\_port\_alias function. - Direct assign via OOMR's would force Connect Module in AMS or a netType conflict in pure SystemVerilog. - No native port current probing with SystemVerilog UDN's. Knowledge of UDR required. - e of Verilog Procedural Interface to Utilize a Single Environment/Testcase for DMS/AMS (Peter Grove" CDNLive 2023 Europe track winner) - Solution query the simulator at runtime using the Verilog Programming Interface (VPI) to access the data objects - . Make the VPI code unbound to a specific net/variable structure and expandable for other datatypes in the future - Use a function in SV to call some VPI (Verification Procedural Interface) code. - VPI code queries the simulator to get the information. - Can then handle many different use cases but keep SV function the same. - All LRM compliant. BIG IDEAS FOR EVERY SPACE RENESAS #### **VPI – SET UDN CHANGE CALLBACK** - Imported custom C function dpi\_udn\_change\_callback() to SV as setUDNChangeCallback() using DPI. - SV function registers a VPI call back when specific object change value. ``` //Uses formion call to bands my error condition function antended but settlichtepolitheit(myst string out_net, input string error_level = "fatal", input string error_may error_level = "fatal", imput string error error_may string error_may string error_level = "fatal", imput string error error_may string error_level = "fatal", imput string error error_may string error_level = "fatal", imput ``` - udn net Input string to the net to be monitored. (In this case the VPI code only support UDN, but could be extended.) - error msg Output string variable to return any error messages from the VPI code. - And used to set the scope for the call back task. - setUDNChangeCallback returns 0 or 1 to indicate a call-back successful or not. Error messages automatically displayed. Page 26 BIG IDEAS FOR EVERY SPACE RENESAS #### VPI – SET UDN CHANGE CALLBACK - Custom C function registers a callback (vpi\_register\_cb) when an objects value changes. - Monitor V field of UDN for Voltage probe, and additionally R field for Current probe, based on specific UDN. - Callback C function triggered when V or R field changes value, this could be during delta cycles. - Callback C function calls the SV task function that has been imported to the C layer, using svScope the dpi\_udn\_change\_callback() was called from. ``` max.b = ypl_lendle_by_neme(gash, (b); maxl = ypl_lendle_by_neme(gash, (b); maxl = (point = ypl_lendle_by_neme(b)) Handle to UDN and maxl = (point = ypl_lendle_by_neme(b); ma Build Call-Back struct and register it with the simulator C-Code BIG IDEAS FOR EVERY SPACE RENESAS Page 27 ``` #### **VPI – SET UDN CHANGE CALLBACK** - Exported SV task update\_udn\_event() to C. - SV task uses non-blocking event trigger ->>, so multiple changes on the UDN only call the event once. | <pre>static PLI INT32 dpi_udn_change_callback_fn(p_cb_data_cb_data_p) { svScope_scope = svGetScopeFromName(cb_data_p-&gt;user_data); svSetScope(scope); 4</pre> | Sets scope to call the<br>imported task obtained | |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | - dpi_update_udn(); | from user_data field set at<br>callback generation | | return 1; } C function called by registration to vpi_register_cb | caliback generation | | | | | <pre>export "DPI-C" dpi_update_udn = task update_udn_event;</pre> | | | event node_changed; | | | task update_udn_event(); if(en && dig_node_ok) ->>node_changed; endta | sk | | always@(node_changed) begin Non-blocking Event //Get value based on mode using VPI end | | | | av8cope scope = sv6et8copeFromName(cb_data_p=>user_data); sv8et8cope (scope); - dpi_update_udn(); return 1; C function called by registration to vpi_register_cb export "DPI-C" dpi_update_udn = task update_udn_event; event node_changed; task update_udn_event(); if(en && dig_node_ck) ->>node_changed; endtan always@(node_changed) begin + Non-Bocking Event //Get value based on node using VPI. | BIG IDEAS FOR EVERY SPACE RENESAS | <br> | <br> | | |------|------|--| | | | | | <br> | <br> | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | <br> | <br> | | | | | | | | | | | <br> | | | | | | | | <br> | <br> | | | | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | ## AMS MONITORING CODE Use an integer variable to toggle 0/1. (above or cross not used, use last\_crossing to get interpolated crossing time + Hysteresis is important to avoid oscillation due to tolerances on the Voltage/Current been monitored Use absdelta() function to sample into discrete domain for wrapper SV to probe via OOMR. Set delta\_expr and time\_tol to 0 so a change in value will be picked up unless it toggles faster than time precision. \*\*analog begin\*\* //Gate process based on ana node ok to save CPU cycles. if (ana. node ok 64 en.a) begin value = (node == "potential") ? V(int\_node):[(dint\_node); if (value > (upper a + (in\_range\_int\_a ? hyst:-hyst))) in\_range\_int\_a = 0; //Not OK else if (value < (lower\_a + (in\_range\_int\_a ? hyst:hyst))) in\_range\_int\_a = 0; //Not OK else begin in\_range\_int\_a = 0; //Not OK end //Sample back onto discrete domain. alwayse(abbdelta(in\_range\_int\_a, 1, 0, 0, 1)) in\_range\_int = in\_range\_int\_a; ## Call back will use non-block event on node\_changed, so it triggers in non-block region of simulation cycle. Use VPI routines to get the Voltage and Current but only if enabled as this can be costly. Additionally need to check for 'wrealXState/ wrealZstate that could be a return value. (Not in LRM but all vendor support) alwayse( node changed or en or possége dig node ok) begin if (in 6f dig node ob) (in 6f volte) upon in large int = 1 bo) //Not ob) else (route v loges) in range int = 1 bo) //Not ob) else if (value v loges) in range int = 1 bo) //Not ob) else if (value v loges) in range int = 1 bo) //Not ob) else in range int = 1 bo) //Not ob) else in range int = 1 bo) //Not ob) ### VERIFICATION METHODOLOGY | | | | _ | <br> | | |-------------------------------------------------|---------|-----------------------------------|---|------|--| | | | | | | | | | | | _ | | | | | | | _ | <br> | | | | | | _ | <br> | | | n Electronics Capparation. All rights reserved. | Page 32 | BIG IDEAS FOR EVERY SPACE RENESAS | _ | <br> | | | | | | • | | | | | | | | | | #### METRIC DRIVEN MINDSET Find bugs which almost certainly exist in the design - Stress protocols don't just interoperate with them - Explore corner cases - Zero tolerance of design inconsistency Reuse and debug should be considered from the start - . Using a methodology in the right way addresses reuse Appropriate and consistent messaging scheme - The right use of metrics - . Test-case pass rate is a "design" mindset - Coverage closure is the objective, test cases are a means to get there - · Never collect coverage without checks #### **UVM-MS** UVM-MS is the standardisation of analogue/mixed signal extensions for UVM - Improved verification of analogue/mixed-signal designs - Same degree of thoroughness for both analogue and digital parts - Metric-driven verification suits following objectives due to verification space size · Verifying analogue performance under large set of digital configurations - Digital control system transitions interacting with analogue functions - Dynamic control between analogue & digital circuits under wide range of conditions - . Finding problems with A/D interaction in unexpected corner cases Named UVM-MS as the focus is to support any MS system; DMS, RNM, Spice or a mixture. Randomisation is not mandatory and benefits are gained even when using directed tests - Plug & play reuse of existing UVM components - Rich debug & messaging scheme integrated with simulator Page 35 #### CONCLUSION © 2024 Renesas Electronics Corporation. All rights reserved. | BIG IDEAS FOR EVERY SPACE | RENESAS | |---------------------------|---------| BIG IDEAS FOR EVERY SPACE RENESAS # CONCLUSION Constrained-Random Verification is applicable for Mixed Signal designs. If not essential: More effort is required to assemble a Metric-Driven platform However, reuse can pay of here Fast DMS regression can be used to select seeds for slower AMS tests Most successful if a Metric Driven Mindset is adopted from the vPlan convertors The VPI enables a sophisticated concurrent checking system for fanalog intent signals whether in DMS or AMS. Verification engineers does not need to know the DUT's abstraction. UVM-MS will drive this capability. | Renesas.com | | |--------------------------------------------------------------|--------------------------------------| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | BIG IDEAS FOR EVERY SPACE RENESAS | | © 2024 Renesas Electronics Corporation. All rights reserved. | BIG IDEAS FOR EVERY SPACE (ENES/A) | | | | ### **Adnan Hamid** #### **Breker Verification Systems** Founder and CTO ## RISC-V Certification: Applying Advanced RISC-V Core and SoC Verification Towards the Anticipated Certification Requirements #### **Gold Sponsor** #### **Abstract** RISC-V processor cores are becoming more complex and varied, driving an ever greater need to prove their quality through advanced verification. RISC-V International has instigated a new Certification Group to target a quality metric, and this requires a range of new, automated verification test solutions. Through his work with multiple RISC-V core providers to extend their verification environments to meet modern processor verification requirements, the author has a unique perspective towards meeting these certification requirements. The presentation proposes a range of test "layers" that extend beyond standard random instruction generation to include system integrity verification. This presentation will demonstrate a number of these verification capabilities, how they have improved RISC-V verification, and how they may meet the certification needs of the future. #### **Biography** Adnan is the founder and CTO of Breker and the inventor of its core technology. Noted as the father of Portable Stimulus, he has over 20 years of experience in functional verification automation, much of it spent working in this domain. Prior to Breker, he managed AMD's System Logic Division, and also led their verification team to create the first test case generator providing 100% coverage for an x86-class microprocessor. In addition, Adnan spent several years at Cadence Design Systems and served as the subject matter expert in system-level verification, developing solutions for Texas Instruments, Siemens/Infineon, Motorola/Freescale, and General Motors. Adnan holds twelve patents in test case generation and synthesis. He received BS degrees in Electrical Engineering and Computer Science from Princeton University, and an MBA from the University of Texas at Austin. #### RISC-V CoreAssurance SystemVIP | | <u> </u> | |---------------------------|----------------------------------------------------| | Random Instructions | Do instructions yield correct results | | Register/Register Hazards | Pipeline perturbations dues to register conflicts | | Load/Store Integrity | Memory conflict patterns | | Conditionals and Branches | Pipeline perturbations from synchronous PC change | | Exceptions | Jumping to and returning from ISR | | Asynchronous Interrupts | Pipeline perturbations from asynchronous PC change | | Privilege Level Switching | Context switching | | Core Security | Register and Memory protection by privilege level | | Core Paging/MMU | Memory virtualization and TLB operation | | Sleep/Wakeup | State retention across WFI | | Voltage/Freq Scaling | Operation at different clock ratios | | Core Coherency | Caches, evictions and snoops | #### RISC-V SoCReady SystemVIP | Random Memory Tests | Test Cores/Fabrics/Memory controllers | | | |-----------------------|-----------------------------------------------------------|--|--| | Random Register Tests | Read/write test to all uncore registers | | | | System Interrupts | Randomized interrupts through CLINT | | | | Multi-core Execution | Concurrent operations on fabric and memory | | | | Memory Ordering | For weakly order memory protocols | | | | Atomic Operation | Across all memory types | | | | System Coherency | Cover all cache transitions, evictions, snoops | | | | System Paging/IOMMU | System memory virtualization | | | | System Security | Register and Memory protection across system | | | | Power Management | System wide sleep/wakeup and voltage/freq scaling | | | | Packet Generation | Generating networking packets for I/O testing | | | | Interface Testing | Analyzing coherent interfaces including CXL & UCle | | | | SoC Profiling | Layering concurrent tests to check operation under stress | | | | Firmware-First | Executing SW on block or sub-system without processor | | | ## SystemVIP with Test Synthesis Amplification Pre-packaged test availability Quality SystemVIP, broad test suites Ultrahigh coverage & bug hunting Auto bug tracking for complex scenarios #### Portable & Reusable Same tests across platforms and projects - Cache-System Coherency - Arm SoCReady - RISC-V SoCReady - RISC-V CoreAssurance - Power Management - Security - Networking & Interfacing #### A Look At RISC-V - Open Instruction Set Architecture (ISA) gaining significant traction in multiple applications - Significant verification challenges - o Arm spends \$150M per year on 1015 verification cycles per core - o Hard for RISC-V development group to achieve this same quality - o Lots of applications expands verification requirements - o Requires automation, reuse and new thinking - RISC-V International developing certification program to provide an assurance metric for RISC-V devices #### **RISC-V International Certification** - RVI Certification Steering Committee (CSC) recently formed with the intent of increasing industry confidence in certified RISC-V cores and IP - o Considered important as RISC-V gains in popularity - CSC now working on test sources, process plans, etc. - May look to commercial entities to provide rigorous certification tests - Breker involved as our SystemVIPs are aligned with potential CSC tests #### Meeting RISC-V Verification Challenges - Reuse & automation to meet quality expectation - Automated test generation key - RISC-V special requirements - o Custom instruction verification - Compliance assurance - Broad range of architectures • Different processors have different needs - o Embedded cores - Processor clusters Application processors | Suggested | RISC-V | verification | "stack | |-----------|--------|--------------|--------| | | | | | Performance/power profiling SW Execution, OS Boot System integration integrity > Core operation integrity Micro-architecture functionality ISA architectural compliance Up & running "Hello World" #### Summary - RVI is creating a certification program that requires rigorous testing Probably will be an important part of RISC-V development in the future - Breker is now providing state-of-the-art test solutions that accelerate and amplify RISC-V core and SoC test quality - RVI certification is likely to borrow heavily from commercial verification solutions such as Breker SystemVIP and Test Suite Synthesis © Breker Verification Systems, Inc. All rights reserved. Breker Systems Confidentia Thanks for Listening! Any Questions? ## **Notes** ## **Dilip Kumar** #### **TessolveDTS Inc** **Design Lead** ## Practical applications of machine learning in design verification and ISO 26262 practices #### **User Paper** #### **Abstract** ML (Machine Learning) is transforming the way we work in a wide range of industries and this has been accelerated by generative AI (Artificial Intelligence) applications such as ChatGPT. In this presentation we investigate how ML and AI can potentially be applied in DV (Design Verification), from automation of requirements/specification analysis and test plan generation, through test bench creation and test generation, to debug and coverage closure. There is a very wide range of ML techniques available and this presentation first surveys those techniques and how they have been applied (successfully and unsuccessfully) to DV in both academia and in real projects. The objective is to better understand how to apply the most promising techniques to a wide range of DV activities to ultimately make DV both more efficient and effective. The main objective of the presentation is to give the audience a better understanding of what is achievable of applying ML in DV and to give practical suggestions on their adoption. The integration of Generative AI (GenAI) into ISO 26262 practices represents a transformative approach to automotive functional safety. As the demand for safer automotive systems grows, it is essential to leverage strengths from other domains to enhance automotive safety practices. Recent advancements in Generative AI models and practices have opened new doors to innovative approaches. Beginning with an understanding of Functional Safety concepts, the trained AI model proves useful in Hazard Analysis and Risk Assessment (HARA), requirements management, Failure Mode and Effects Analysis (FMEA), Automotive Safety Integrity Level (ASIL) determination, and compiling compliance evidence The presentation features several noteworthy use cases where the trained AI model is particularly useful for the Functional Safety team. #### **Biography** Dilip has 10 years of industry experience as a design verification engineer and has worked extensively on verifying designs at full chip level as well as subsystem and IPs. Dilip has worked with leading semiconductor companies on world class products and has gained indepth knowledge on the concepts of verification. Dilip currently works as a verification consultant for Xilinx-AMD and is involved in verifying the FPGA designs at full chip level. #### Outline TESSOLVE - · Al Strategies - Background - Where are the main challenges in verification? - Where do we think Al/ML could help? Experiences in applying LLM (Large Language Models) - Experiences in applying ML to - Coverage closure - Debug - Regression suites - PracticalitiesApplication in ISO26262 - Conclusions ## TESSOLVE Al Strategy Features: Preserved training data Preserved prompts Model selection & upgrades (for conversational, coding assistance, analysi computational needs) Response validation Migration to Al agents Needs and security-based Al solution range Currently validation is manual\* | | 0 | | • | | | | |--------|----------------------------------|------------------|---------------|--------|------------|-----------------------------------------------------------------------------| | r. No. | Register Name | Register Address | Register Size | Access | Importance | Functionality | | | RegX | 0x33 | 32 bits | R/W | High | Stores the 32-bit secret key value used for secure<br>operations. | | 2 | RegX | 0x33 | 32 bits | R/W | High | Stores the 32-bit decryption key value used for secure<br>operations. | | 3 | Host Interrupt/Debug<br>Register | 0x34 | 32 bits | R/W | Medium | Contains interrupt and debug-related information for<br>host communication. | | 4 | Status | 0x34 | 1 bit | R | Medium | Indicates the presence of an interrupt condition. | | 5 | IntEnable | 0x34 | 1 bit | R/W | Medium | Enables or disables interrupts. | | 6 | KeySize | 0x34 | 1 bit | R/W | Medium | Selects the key size (128-bit or 256-bit). | | 7 | \ccessGranted | 0x34 | 1 bit | R | Medium | Indicates whether debug access is granted or not. | | В | HostIntRegClr | 0x34 | 1 bit | R/W | Medium | Clears the host interrupt. | | 9 | External Status Register 0 | 0x50 | 32 bits | R | Low | Connected to the chip top for external status<br>information. | | 10 | External Status Register 1 | 0x54 | 32 bits | R | Low | Connected to the chip top for external status<br>information. | | 11 | External Status Register 2 | 0x58 | 32 bits | R | Low | Connected to the chip top for external status<br>information. | | 12 | Lifecycle Register | 0x5C | 32 bits | R | Low | Contains the lifecycle word read from OTP memory. | | 3 | Clock/Reset Register | 0x60 | 32 bits | R/W | Low | Controls the reset and enable signals for the subsystem. | | 14 | Control/Status<br>Register | 0x64 | 32 bits | R/W | Low | Control and status register with undefined usage. | | 1173 | on real projects | | | | | |----------------------------------------------|----------------------|---------------------|---------------------------------------|----------------------|--------------------| | | | | | Saving | | | DV Flow | Conventional Efforts | Al Assisted Efforts | Engineering<br>Efforts Saved<br>(Hrs) | % Efforts<br>Savings | Speedup<br>(times) | | Specification Analysis | 1 Week, 1 Engineer | 2 Hrs, 1 Engineer | 38 | 95 | 20 | | Feature Extraction & Test<br>Plan Generation | 2 Days, 1 Engineer | 1 Days, 1 Engineer | 8 | 50 | 2 | | Constraint Generation | 1 Day, 1 Engineer | 2 Hours, 1 Engineer | 6 | 75 | 4 | | Coverage Generation | 6 Hours, 1 Engineer | 1 Hour, 1 Engineer | 5 | 83 | 6 | | Assertion Generation | 1 Day, 1 Engineer | 2 Hours, 1 Engineer | 6 | 75 | 4 | | UVM Template<br>Generation | 3 Days, 1 Engineer | 2 Hours, 1 Engineer | 22 | 92 | 12 | #### TESSOLVE Applying ML to debug Daniel Hanson, Verifyter (now Cadence) Debugging failures from a How to use this? regression • First use historic data for training · Indicators from code source for where to look for the root cause Once we have a trained model · Commit time · Indicate where to start looking • Number of editors (1, 2, many) Multiple files committed together · Identify "risky" commits as they happen History of "bugginess" of a fileChange in density of commentsWho made the commit! • Run more check-in tests? · Require reviews of riskiest commits? • Use lint for design and test bench code | | case - HA | +1 | | | | | | |-----------|-----------------------------------------------------------------------------|--------------|--------------|------------------------|--------|--------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Hazard ID | Hazard<br>Description | Severity (S) | Exposure (E) | Controllability<br>(C) | ASIL | Safety Goal (SG) | Safety Measure (SM) | | H1 | Both headlights fail<br>simultaneously | 83 | E3 | СЗ | ASIL C | headlights do not | SM1: Use redundant power<br>supplies and control circuits.<br>Design the headlight system with<br>dual independent circuits. | | H2 | One headlight fails | 85 | E3 | C2 | ASIL B | least one headlight<br>remains operational | SM2: Implement diagnostic<br>checks that can isolate a failed<br>headlight and ensure the other<br>continues to function. | | НЗ | Headlights fail to<br>switch to low<br>beam from high<br>beam | 82 | E3 | C2 | ASIL B | SG3: Ensure proper<br>switching between<br>high and low beam | SM3: Use reliable sensors and<br>control algorithms to manage the<br>switching of beams based on real-<br>time data. Employ adaptive<br>lighting systems that respond to<br>oncoming traffic and<br>environmental conditions. | | H4 | Headlights do not<br>turn on<br>automatically in<br>low light<br>conditions | 83 | E2 | C2 | ASILB | automatic<br>activation of<br>headlights in low | SM4: Incorporate ambient light<br>sensors and fail-safes to activate<br>headlights when low light<br>conditions are detected. Regularly<br>test and calibrate sensors. | ## **Notes** ## **Larry Lapides** #### **Synopsys** Exec. Director, Business Development #### A Holistic Approach to RISC-V Processor Verification #### **Gold Sponsor** #### **Abstract** Processors using the open standard RISC-V instruction set architecture (ISA) are becoming more and more common, with an estimated 30% of SoCs designed in 2023 containing at least one RISC-V core. Whether licensing RISC-V IP and adding custom instructions, using open-source RISC-V IP, or building a RISC-V processor from scratch, verification of RISC-V processors is a task in the SoC project plan. With the variety of sources for the processor IP, the range of complexity and the span of use cases, a one-size-fits-all approach to RISC-V processor verification does not work. This session will present a holistic approach to RISC-V processor verification. It will address processor complexity from microcontrollers to application processors to arrays of processors for AI accelerators, different levels of integration from unit to individual processor to processing subsystem to SoC and cover different scenarios depending on the source of the processor IP. Matching different technologies and methodologies to this multidimensional verification space is critical. In addition, we will elaborate on different decisions that go into the verification plan for RISC-V processors and review the different technologies and methodologies that are employed in a holistic approach to processor verification. #### **Biography** Larry Lapides is Executive Director, Business Development at Synopsys, responsible for the Imperas-branded products. Prior to Synopsys' acquisition of Imperas Software Ltd. in 2023, Larry was VP of Worldwide Sales & Marketing and a member of the founding team. Before Imperas, he held several roles in sales and marketing including VP of worldwide sales during the run-up to Verisity's IPO. Larry holds a BA in Physics, with General Distinction in Physics, from the University of California Berkeley, a MS in Applied and Engineering Physics from Cornell University and an MBA from Clark University. ### **SYNOPSYS®** ## Synopsys Verification Family Best-in-Class verification Fastest Engines Broad Support Complete product family with #1 products in all categories Highest-performance engines accelerate time-to-market Comprehensive, ready-to-use design, verification, and IP solutions for RISC-V www.synopsys.com/verification #### Agenda - Why should we use RISC-V? - Challenge: the RISC-V verification disconnect - A RISC-V processor verification solution - · Dynamic verification - Formal verification - Summary SYTTOPSY Synopsys Confidential Informati © 2024 Synopsys, Inc. #### Why should we use RISC-V? Anyone can design their own processor based on the RISC-V ISA Modular ISA = choice of which features to include/exclude Extensibility and freedom to customize at ISA and micro-architectural levels RISC-V enables the creation of domainspecific differentiated processors SYTOPSYS Synopsys Confid © 2024 Syra #### RISC-V is Crossing the Chasm: 2023-2024 Moving beyond early adopters, into early mainstream - Initially only used by 'visionaries' like SiFive, Andes, Nvidia, Microchip - Then systems companies wanting domain specific processors - Meta Infrastructure, Google, ... - IoT companies - e.g. Qualcomm, Nvidia Networking (Mellanox), Silicon Labs SYNOPSYS Synopsys Confidential Information 0 2024 Synopsys, Inc. # Challenges in RISC-V Processor Verification Design complexity – architecture, micro-architecture, implementation choices, custom features Source of processor IP (in-house, open source, vendor + custom instructions) Use case: microcontroller – application processor; closed versus open to external software development Verification productivity and time to closure Team experience (designers and verification engineers) Processor verification methodology Tool selection #### What have we learned in the last 7 years? - · A verification plan is needed - Different than with SoC DV, a high-quality, fully functional reference model is needed - $\bullet$ As with SoC DV, the full range of verification technologies is needed - Dynamic verificationFormal verification - Hardware-assisted verification #### **RISC-V Processor Verification Process** Design verification from unit to SoC | Design Level | Example | Tool/Methodology | |---------------------------|---------------------------------------------------------|------------------------------------------------------------------------------------| | Unit | Pipeline, FPU | Formal + predefined assertion IP | | | Security | Formal + predefined security assertion IP | | Architecture | ISA | Dynamic | | | | Formal + predefined assertion IP | | Custom instructions, CSRs | Custom DSP, matrix | Dynamic | | | | Formal sequential equivalence checking, register verification, datapath validation | | Processing subsystem | Coherent cache, multi- or<br>many-processor accelerator | Dynamic, especially using hardware assisted verification | | | | Formal property verification for cache coherence verification | #### Synopsys RISC-V Processor Verification Solutions Formal Verification Dynamic Verification VC Formal DPV VC Formal SEQ that custom instructions break the original core VCS & Verdi Dynamic Simulation ZeBu & HAPS HW Assisted Verifican Verdi Verification Planning and Functional Coverage Platform ### Dynamic Verification: ImperasDV ImperasFPM RISC-V Processor Model: for comparison of correct behavior; extendable for custom instructions ImperasDV: provides configuration, comparison and checking, pipeline synchronization and scoreboarding ImperasFC: deploys SystemVerilog functional coverage code for each ISA extension riscvISATESTS/ImperasTS: provides directed test suites # ImperasFPM (Fast Processor Models) for RISC-V ImperasFPM (User Extension outside Config 250+ params) (User Extension outside CSRs) (User Extension outside Config 250+ params) (User Extension outside CSRs) (User Extension outside Configurations and custom instructions for processor IP vendors (User Extensions built in a separate library do not perturb the verified Base Model, help reduce maintenance (User Extensions built in a separate library do not perturb the verified Base Model, help reduce maintenance (User Extensions built in a separate library do not perturb the verified Base Model, and including users of both commercial and free tools, over 150 companies, organizations and universities have used the ImperasFPM #### ImperasFC: SystemVerilog Functional Coverage for RISC-V - Functional coverage code generation - Manual creation would be tedious, time consuming and error prone - >100K lines of code - Synopsys tools can automatically generate functional coverage code for custom instructions - Functional coverage is the key verification metric coverage code generator readable RISC-V ISA specification https://github.com/riscv-verification/riscvISACOV/tree/v20240124/documentation for list of covered extensions SVDDPSVS nopaya Confidential Informati © 2024 Synopsys, Inc. #### Integrating ImperasDV with Verdi Auto-generated documentation in markdown and csv formats for inclusion in Verification Plans Functional coverage data is reported in verification tools such as Verdi Synopaya Confidential Informati © 2024 Synopays, #### STING Preventing bug escapes for complex RISC-V designs - Self-checking test generation for RISC-V - Addressing single CPU and complex many core SoC designs - Generates constrained-random, directed stimulus, and combinations of the two - Portable across simulation, emulation, prototyping and silicon - Full support for the RISC-V ISA specification - Extensible to custom instructions and peripheral devices - ImperasDV adds comprehensive checking and functional coverage when STING output is used in VCS SYNOPSYS Synopsys Confidential Information #### Formal Verification: VC Formal Formal verification provides exhaustive proof of VC Formal Apps correct behavior Property Verification Excellent tool for unit-level DV Can get started early, even with design engineers Unit-level includes pipeline, floating point unit, load/store unit, ... Testbench Analyzer RISC-V ISA Assertion IP (AIP) available to enable early use of VC Formal Sequential Equivalence VC Formal Apps improve verification efficiency of many tasks Register verification, datapath validation, connectivity checking, security verification ... RISC-V Formal Verification VC Formal FPV + AIP (Model Checking): VC Formal DPV (Equivalence Checking): Clock gating verification in every functional unit Design comparison in presence of new features/timing changes FRV (Formal Register verification) · FSV (Formal Security Verification) SEQ (Equivalence Checking): Prefetch BufferLSU – Load/Store unit - Pipeline - ALU/MULT/Dotp - Decoder #### VC Formal FSV: Formal Security Verification Ensure data security objectives are met through exhaustive formal analysis VC FORMAL FSV Detect security issues that are hard to find through other Users define security properties to check for data integrity Flexible property creation and management → secure source ML powered engines for fast performance Data propagation analysis and debug with temporal flow view · Verification of multiple scenarios in one session #### What have we learned in the last 7 years? #### Starting point: - · A verification plan is needed - Different than with SoC DV, a high-quality, fully functional reference model is needed - As with SoC DV, the full range of verification - technologies is needed Dynamic verification - Formal verification - Hardware-assisted verification #### Keys to Success: - · Support for full RISC-V specification - · Custom instructions easily added and verified - · Silicon-proven processor verification tools, models, and methodologies | | SYNOPSYS° | |--------------------------------------------------|-----------| | | | | Thank You Learn more at www.synopsys.com/RISC-V | | | | | | <br> | | |------|--| | | | | <br> | | | | | | | | | <br> | | | | | | | | | <br> | | | | | | <br> | | ## Vikram Khosa #### Arm #### **Principal Engineer** #### Pushing forward the frontiers of formal in Arm CPUs #### **User Paper** #### **Abstract** Over the last decade, formal verification has been steadily maturing into a mainstream methodology and seeing serious adoption across various semiconductor companies, including Arm. However, the long-held promise of being able to deploy formal to exhaustively verify designs in a timely manner is still limited by size, complexity, and cost of compute. In addition, opportunities for novel formal use-cases are also tempered by their own fresh set of challenges. This talk covers some of these challenges and the innovative solutions being developed to address the twin demands of convergence and efficiency. #### **Biography** Vikram Khosa has been spearheading initiatives in formal methodology as well as involved in hands-on deployment of formal methods for functional and security verification, across various roles in A-class CPU design projects, at Arm's Austin design center since 2013. Previously, he led memory-system verification for the Cortex A15 CPU. He has also worked in various verification roles for other companies, including 2 early-stage start-ups. He holds a master's in computer engineering from the University of Minnesota, Twin Cities and a B.E. (Hons.) from BITS Pilani. #### Outline - + Early Hurdles - + Path to Mainstreaming - + Present Challenges - + Contours of the Future - + Vectors of Innovation - + Conclusions 2 © 2024 Arm arm #### **Early Hurdles** - + Designer Engagement - + Management Buy-in - + Right scope - + Ownership - + Resourcing - + Criteria for Success/Completion 4 © 2024 Arr | <br> | | | |------|---|--| | | | | | | | | | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | | | | <br> | | | | <br> | | | | | | | | | | | | | | | | | - | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | #### Path to Mainstreaming - $+\,$ Integrating formal in development flow - · Goal to get formal out of its silo - Evolve away from centralized team - Position formal as a desirable skill for all verification engineers - Formal engineer embedded within the respective unit team Owns both simulation and formal Move TB to formal-only opportunistically arm #### Path to Mainstreaming - + Scoring minor successes and building on them - Critical to developing credibility - $+\,$ Key drivers towards achieving left-shift - Datapath C2RTL + theorem-proving (novel methodology) - Specialized flows : Clock-gating, X-prop arm #### Path to Mainstreaming - Role of management +Strategic patience supporting long-term vision - Organizational adjustments + Consciously push engagement with val/unit leads + CPU Formal Council to enable cross-site alignment + Cross-site working groups for technical collaboration & reuse - · Smart bets on small/special problems - +Sustain focused resourcing till we see results - Limited investment in solving tougher challenges Become drivers to develop new technologies/flows Fnables progressive scaling formal to bigger problems Architectural-specification based / end-to-end flows | <br> | |------| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | | | | <br> | | | | <br> | | | | <br> | | | | <br> | | | | | | | | | | | | | | | | | | | | <br> | | | | <br> | | | | | | | | | | | | | | | | | | <br> | | <br> | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ## arm **Present Challenges and** Solutions #### Compute Cost -- Challenges - + Overall compute footprint driven by increasing - design/feature complexity deployment surface - + Increased compute bandwidth requirements - driven by shorter overlapping project cycles reduced time-to-market across increased number of served segments - + Formal is no exception - + Additional factors - More unit/multi-unit environments More users More design configurations → more regressions - More specialized formal flows (clock-gating, X-prop, functional-safety, security) More bug-hunting strategies More formal-engine solver threads/partitions distributed across cluster arm #### Compute Cost – Cluster/Flow-based Solutions - Cloud Migration - Demand-based cost structure - Increased efficiency for burst/peak demands Pre-emption overhead - · Dedicated lower-cost clusters - Minimize/avoid contention with other formal/non-formal runs Also improves startup latency - Debug-fitted regressions - Don't generate more fails than you have resources to debug between runs Stop regression after some number of fails Don't generate the same failure more than once - Optimally-sized regressions : don't spread resources too thin - Running on too many (disparate) properties at once can undermine effectiveness and coverage arm #### Compute Cost – Tool-supported Solutions - Proof Caching/Profiling Restore results from previous run if no changes Learn optimal engine settings etc. across regressions - Bound aggregation - · Hybrid Flows - Enabled by stagnation-detection - Exhaustive Proofs followed/overlapped by Bug-Hunting (Lack of) Overlap controlled by saturation of progress - ML-based Optimizations - Proof strategies within and across runs Tuned to specific designs/properties | | | _ | |--|------|---| | | | _ | | | | | | | | | | | <br> | | | | <br> | | | | | | | | | | | | | | | | | _ | | | | _ | | | <br> | _ | | | | | | | | | | | <br> | | | | | | | | | | | | | | | | | _ | | | | _ | | | <br> | _ | | | | _ | | | | | | | | | | | <br> | | | | <br> | | | | | | | | | | | | | - | | | | - | | | <br> | _ | | | <br> | _ | | | | | | | | | ### Complexity Squeeze - Challenge + Ever-increasing complexity across the board Even lower-profile CPUs adding more speculation for performance + Inter-unit Complexity → Upward Pressure • Desire to test complex features across a broader surface-area → Bigger DUTs Gypically) Lower Interface Complexity/Volatility Higher Design-Complexity Tool Burden + Intra-unit Complexity $\rightarrow$ Downward Pressure Desire to test at subunit level for better coverage Smaller DUTs Smaller Design-Complexity Higher Interface Complexity/Volatility Designer Burden arm **Complexity Squeeze - Solutions** • Interface/Stimulus Complexity Intentional Over-Constraints Narrower Scope of Checks Bringup-only TBs Design Complexity Transaction Limiting Profiles Abstraction Models IVAs Design Mutations arm Designer Engagement - Challenges Engagement varies by site Common challenges Ownership of interface properties especially related state-tracking Additional formal TB support Abstractions etc. Attempts to promote formal-based designer bring-up Only successes were organic and based on designer's innate interest Top-down mandates don't work Top-down mandates don't work Positive factors Formal-friendly designer Suitable scope Negative factors Existing mature simulation TBs Excessive schedule pressure arm Designer Engagement – Strategies Designer training Formal integration into smokes and other CI flows Push-button debug & fix-qualification flows Sometimes requires dumping FSDBs from FV tool Support of a focused FV engineer Offloads maintenance while allowing them to explore the design FV owner support interface constraints that require state tracking Allows them to maintain lighter-weight constraints in some cases 6 © 2024 Arm #### Contours of the Future - + Proliferation of FPV - Number of environments Size Complexity - Increased Areas of Focus Regression Efficiency Architecture/Specification Derived Checkers for Niche Areas Decode, RAS Liveness - SecurityFunctional Safety - + Areas of Increased Alignment - EZE Checker Methodology Front-end Tools & Specialized flows + Central formal team to own and support arm # arm **Vectors of Innovation** #### Convergence - I - Human-guided Proof Closure - Automated invariant generation based on user-curated list of signals Experiments with engine-level integration JUG Paper '22 - Structured Proofs - Proof Decomposition Helper Integration Book-keeping enables Safe Composition Both full and bounded proofs Automatic case-splitting based on key, independent variables - Proof-orchestration improvements (stagnation-detection) | | | <br> | | |------|------|------|------| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | <br> | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | <br> | <br> | | | | <br> | <br> | | | | <br> | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | ## Convergence - II Bug-hunting flow improvements Mitigate effect of free variables (oracles) across a leapfrogging trail of covers Trace profiling Mine known bug/cover traces for interesting covers/transitions Apply these as soft constraints to direct engines to similar scenarios Regression clumping Smaller groups of similar properties Similar COI, complexity Exploit locality Multi-property engines, manual out-of-COI abstractions • Flow-graph based approach (JUG Paper'22) Bound Aggregation for elastic BMC arm **Special Flows** • Architectural Specification based flows ISA-F MMU-F Decoder-F MEM-F CAT2SVA • Liveness, FSM deadlocks • X-Prop & Clock-gating Improvements arm **Novel Use-Cases** Security (information-flow based) Evolution of semantics & operators Taint-propagation based abstractions Exploration of various attacks/vulnerabilities Spectre, Meltdown, Spoiler, Spectre-BHB JUG Paper '22 Verifying mitigations Symbolic Simulation Multi-Cycle Path Verification arm arm **Conclusions** #### Conclusions - + Formal no longer a fringe/novel technology at Arm as with rest of industry - + Increased maturity/adoption/success $\Rightarrow$ increased compute footprint - New challenges driven by Dueling demands of efficiency vs. effectiveness Increasing complexity of designs targeted by formal New areas of application for formal methods - Meeting these challenges and preparing for the future Requires investment in innovation Extending to novel use-cases Reducing compute-cost and complexity Improving convergence | <br> | | | |------|------|------| | <br> | | | | <br> | <br> | <br> | | <br> | <br> | <br> | | <br> | | | | | | | | | | | | | | | | <br> | | | | | | | | | | | | | | | | <br> | | | | <br> | | | | <br> | <br> | <br> | | <br> | <br> | | | | | | | | | | | | | | | <br> | <br> | | | <br> | <br> | <br> | | <br> | <br> | | | <br> | | | | | | | | | | | | <br> | | | ## **Track Session** ## Latest Topics in Verification Lonestar Ballroom – Salon A+B #### **FLOOR PLAN** We would be grateful if you could move to the track session as quickly as possible ## **Nianhang Hu** ## University of Nebraska - Lincoln Graduate Student ## Using Symbolic Execution to analyze Hardware TCP/IP StacksBased on HLS Development #### **User Paper** #### **Abstract** Hardware accelerators developed based on High-Level Synthesis(HLS) are becoming increasingly popular in modern computing systems. Symbolic execution is a powerful technique for analyzing software programs, but its application to hardware accelerators developed with HLS presents some challenges. This paper explores the use of symbolic execution to analyze a real-world HLS-based hardware accelerator, hardware TCP/IP stack. We discuss the challenges encountered in this context, and propose feasible solutions to use symbolic execution to improve code coverage testing. Overall, this paper highlights the great potential of symbolic execution in analyzing HLS hardware accelerators and suggests directions for future research. #### **Biography** Mr. Nianhang Hu has been pursuing a Master's degree at the University of Nebraska-Lincoln since 2022. He earned his Bachelor's degree in Electronic Engineering from Zhengzhou University in 2005. With extensive industry experience in chip functional verification and bring-up, he has worked at prominent companies including Foxconn, TI, and Nufront. Notably, he led a team of 20 firmware engineers for three years, achieving a 100% first-pass success rate and 98% functional test coverage in bringing up four ARM-based chips. His exceptional skills in both software and hardware debugging have been instrumental in his success. #### Using Symbolic Execution to analyze Hardware TCP/IP Stacks Based on HLS Development Nianhang Hu 12Sep2024e Department of Computer Science and Engineering University of Nebraska-Lincoln, Lincoln, NE 68588 N #### Hardware TCP/IP Stack (I) - Implementing the TCP/IP protocol on the FPGA. - Using High-Level Synthesis (HLS) technology to convert high-level languages into hardware description language. #### Hardware TCP/IP Stack (II) - Enhanced Offloading Capabilities. - Increased Throughput and Reduced latency. - Programmability - Reduced CPU Overhead - Scalability Hardware synthesis #### **High-Level Synthesis (HLS)** - Increase design efficiency - Support high-level abstraction - Reduce design complexity - Difficult to find the correspondence between high-level and low-level code. - Challenges in testing and verification. - Lack of effective debugging tools. #### Motivation - Propose a symbolic execution tool. - Identify issues at an early stage of code development. - Enhance code coverage for the hardware TCP/IP stack. #### **Symbolic Execution** \* https://www.researchgate.net/publication/220623844\_Cloud9\_A\_Software\_Testing\_Service #### Analyze C/C++ Code #### Problems: - Special data type in the HLS library - Arbitrary precision integer types - Streaming processing data types - Parallel computing in the HLS library ## Lil VISCON red example in 60,0100,01 red example in 60,0100,0100 Programs Programs Red in 60,0100,0100 Red in 60,0100,0100 Red in 60,0100 60,01 #### HLS special data type (I) Using basic data types to construct arbitrary bit-width data types #### Basic data types: - unsigned char - unsigned short ap\_uint<W> data; - unsigned int - unsigned long ap\_umt<w> data; \* W: bit width, from 1 to 4096 # HLS special data type (II) ap\_uint <1> flag; W = 1 Unsigned char ap\_uint <128> flag; W = 128 Two "unsigned long" variables #### HLS special data type (III) void make\_symbolic\_case1(){ ap\_uint<128> tcpData; unsigned long temp[2]; make\_symbolic(&tcpData, sizeof(tcpData), "tcpData"); for(int i = 0; i < 2; i ++){ tcpData.range((i+1) \* 64 - 1, i \* 64) = temp[i];}}</pre> #### **Concurrent Computation** Remove the code that supports concurrent access in the HLS library and replace it with single-threaded sequential access. • Modify multithread tasks to single-thread tasks. #### Refactor functions unsupported by symbolic execution Implement some library functions that symbolic execution does not support in C++ • std::vector, std::map and std::cout function. | | <br> | <br> | | |------|------|------|--| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | <br> | | | <br> | | | | | <br> | | | | | <br> | | <br> | | | | | | | | | | | | | | | | | | Evaluation | | |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--| | <ul> <li>Enhance the verification efficiency and code test coverage of hardware TCP/IP stacks.</li> <li>Using the TCP three-way handshake code as the test subject, comparing symbolic execution and random testing in terms of testing efficiency and coverage.</li> </ul> | | | Q & A | | ## Rahul Kande #### **Texas A&M University** Ph.D. student #### **Hardware Fuzzing to Secure Modern Hardware** #### **User Paper** #### **Abstract** Hardware is at the heart of computing systems. However, recent years have seen increased attacks exploiting hardware vulnerabilities and exploits, which even traditional software-based protections cannot prevent. Hardware fuzzing has shown promise in detecting vulnerabilities in large-scale designs like modern processors. In this talk, I will describe the hardware vulnerabilities in hardware description languages, such as Verilog and VHDL. Then, I will explain a new and radical approach called hardware fuzzing to find these vulnerabilities and detail how fuzzing techniques can be combined with existing formal verification techniques to detect vulnerabilities efficiently. Finally, I will discuss a strategy for pinpointing vulnerabilities to accelerate the mitigation process and briefly talk about improving the efficiency of hardware fuzzing using ML/AI techniques, such as multi-armed bandit (MAB) and large language models (LLM). #### Biography Mr. Rahul Kande is a Ph.D. student in the Computer Engineering and Systems Group at Texas A&M University since 2018. He completed his Bachelor of Technology in Electronics and Communication Engineering from the Indian Institute of Technology Guwahati in 2017. He developed TheHuzz, a novel hardware fuzzer that detected new vulnerabilities in popular open-source processors. This work received great traction in the industry and academia, especially Intel and the Office of Naval Research (ONR), USA, who are now jointly funding their future fuzzing projects. Rahul has won several awards and scholarships during his Ph.D. program, such as the departmental Quality Graduate Student Award in 2023 and Graduate Merit Scholarship in 2018, 3rd place at IEEE HOST 2022 Hardware Demonstration, and USENIX Security Symposium Student Grant in 2020 and 2021. His research involves developing more efficient and automated hardware fuzzing techniques to detect vulnerabilities in hardware, especially processors. More on Rahul Kande: <a href="https://www.rahulkande.com/">https://www.rahulkande.com/</a> More on Rahul Kande's research group at Texas A&M University: <a href="https://seth.engr.tamu.edu/">https://seth.engr.tamu.edu/</a> # HacktheSilicon International hardware security capture-the-flag competitions @ DAC, USENIX Security, and CHES Goal: Promote hardware security verification RISC-V SoC platform Bugs injected in collaboration with Intel TECHNISCHE UNIVERSITAT DARMSTADT SYNOPSYS\* https://hackthesilicon.com/ # Publications • Kande, R., Crump, A., Persyn, G., Jauernig, P., Sadeghi, A. R., Tyagi, A. and Rajendran, J., "TheHuzz: Instruction fuzzing of processors using Golden-Reference models for finding Software-Exploitable vulnerabilities," USENIX Security Symposium, pp. 321–3236, 2022. Chen, C., Kande, R., Nguen, N., Andersen, F., Tyagi, A., Sadeghi, A. R., and Rajendran, J., "HyPFuzz: Formal-Assisted Processor Fuzzing," USENIX Security Symposium, pp. 1361–1378, 2023. Kande, B., Pearce, H., Tan, B., Joan-Gavitt, B., Thakur, S., Karri, R. and Rajendran, J., "(Security) Assisted Processor Fuzzing," USENIX Security Symposium, pp. 1361–1378, 2023. Sohil, V., Kande, B., "Chen, C., Sadeghi, A. R. and Rajendran, J., "(Security) Assertions by Large Language Models," IEEE Transactions on Information Agents in George Conference & Exhibition (DATE), pp. 1-6, 2024. Rostam, M., Chilse, M., Zeltouni, S., Kande, B., Ejapidran J., and Sadeghi, A. R., "Reyond random inputs: A novel ml-based hardware fuzzing," IEEE Design, Automotion & Test in Europe Conference & Exhibition (DATE), pp. 1-6, 2024. Borkar, P., Chen, C., Rostami, M., Singh, N., Kande, B., Sadeghi, A. R., Rebein, C., and Rajendran, J., "Whisperfuzz: White-box fuzzing for detecting and locating timing vulnerabilities in processors," ISENIX Security Symposium, 2024. Chen, C., Gohli, V., Kande, B., Sadeghi, A.R. and Rajendran, J., "PSOFuzz-Fuzzing processors with particle swarm optimization," IEEE/ACM International Conference on Computer Medic Design (ICCA), pp. 1-8, 2023. Rostami, M., Zeltouni, S., Kande, R., Chen, C., Mahmood, P., Rajendran, J. and Sadeghi, A.R., "Lost and Found in Speculation: Hybrid Speculative Vulnerability Design Automation Conference (DAG), 2024. Sadeghi, A.R., Rajendran, J. and Kande, B., "Organizing the world's largest hardware security competition: challenges, opportunities, and lessons learned," orea Losse's Symposium on VIS, pp. 95-100, 2021. • → equal contribution 17 Chen, C.\*, <u>Kande</u>, R.\*, Mahmoody, P.\*, Sadeghi, A.R. and Rajendran, J., "Trusting the trust anchor: towards det vulnerabilities with hardware fuzzing.," 59th ACM/IEEE Design Automation Conference, pp. 1379-1383, 2022. # Thank You! Rahul Kande rahulkande@tamu.edu ## Ishaq Unwala ## University of Houston Clear Lake Associate Professor of Computer Engineering **Verification education: Opportunities and Challenges** #### **User Paper** #### **Abstract** Functional verification is facing a challenging task to verify ever more complex designs. Finding well educated, experienced verification engineers is always a challenging task. This task is made more challenging by the fact that colleges don't provide proper education on verification techniques. To meet this challenge, there is a need to promote functional verification in colleges and present it as a career path to the students. This requires cooperation by the faculty members and support from the industry. Currently, colleges don't promote functional verification as a subject. The students are not even aware of the career opportunities in verification. Graduating Computer Engineers learn verification techniques incidentally as part of logic design class. This is not sufficient for verification of today's designs. The opportunity for the industry is the ability to hire a well-educated functional verification engineers, instead of having to train them on-job. Cooperation between industry and colleges can meet the future verification challenges. Despite many commonalities, there are significant differences between the education of functional verification and design engineers. The presentation will also point out the similarities and differences in education requirements. #### **Biography** Dr. Ishaq Unwala is an Associate Professor of Computer Engineering at University of Houston Clear Lake. He received his undergraduate degree in Electrical Engineering from West Virginia University, Morgantown, WV. He received his M.S. and Ph.D. degrees in electrical and computer engineering from the University of Texas at Austin, Austin, TX, in 1986 and 1998, respectively. After working in semiconductor industry for 20 years for VLSI Technology Inc, IBM Corp, Intel Corp, Intrinsity Inc, Apple and Oracle (SunMicro Systems), he joined University of Houston Clear Lake in 2014. At University of Houston Clear Lake, he teaches both undergraduate and graduate courses, and conducts research in various computer engineering topics. He has co-authored over 20 technical papers and articles. He has directly supervised 5 Thesis students and taught over 300 graduate students. His professional involvement includes serving as Section Chair of IEEE Galveston Bay Section and Vice Chair of IEEE Vehicle Technology Society in Galveston Bay Section. He is the recipient of IEEE R5 Outstanding Individual Achievement Award 2019. Under his guidance IEEE Galveston Bay Section received multiple awards: IEEE Galveston Bay Section received the 2019 R5 Best Small Section award, two IEEE R5 NASA/JSC Stepp Stone awards 2019 and global 2022 IEEE MGA Outstanding Small Section award. His research interests include Cyber-physical systems (Internet-of-Things), Computer architecture and micro-architecture, Digital systems design, Hardware design verification techniques and technologies, Formal verification methods, Functional coverage, Engineering CAD tools technologies and techniques. #### Verification education: Opportunities and Challenges Ishaq Unwala, Ph. D. Associate Professor of Computer Engineering University Of Houston Clear Lake #### Introduction #### Professional Education: Ph.D. University of Texas at Austin M.S. University of Texas at Austin B.S.E.E. West Virginia University #### Introduction #### Work experience: - Oracle Corporation (SPARC CPUs) - Apple. (ARM CPUs) - Intrinsity Inc. (ARM CPUs) - Intel Corporation (x86 CPUs) - IBM Corporation (POWER4 CPU) - VLSI Technology Inc. (EDA software development) - Computer Services (Hardware and Software services) #### Introduction Joined University of Houston Clear Lake in Fall 2014 • Current classes in Computer Engineering | Verification of Digital Systems | Digital Systems Testing | |---------------------------------|----------------------------| | Low Power Systems Design | Fault Tolerant Computing | | Research Project and Seminar | Microprocessor Programming | | Microprocessor Interfacing | Labs for classes | - Research interest: - Hardware verification - Computer architecture/micro-architecture - Digital Systems Design - Engineering CAD tools | <br> | <br> | | |------|------|--| | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | <br> | <br> | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | | | | | | | <br> | <br> | | | | | | | <br> | <br> | | | | | | | <br> | | | | | | | | | | | | <br> | <br> | | | | | | | <br> | <br> | | | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | | | | | | | | | | | | | | | | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | | | |-------|------|--| | <br> | <br> | | | | | | | | | | | | | | | | <br> | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | <br> | | | | | | | | | | | | | | | <br>, | <br> | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | <br> | <br> | | | | | | | | | | | <br> | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | <br> | <br> | | | | | | | | | | | | <br> | | | <br> | <br> | | | | | | | <br> | <br> | | #### **Education** - Computer Engineering basic education - Circuit Network concepts with labs - Electronic components with labs - Basic Digital logic with labs - Programming in assembly language - Programming in C or C++ - Introduction to Computer Architecture - Verilog or SystemVerilog (or VHDL) #### Design vs. Verification - Design Engineer Specific Skills - Timing design meets timing requirements - Efficient implementation of algorithm - Area design fits in allocated area - Power design stays in power envelope - Transistor sizes for driving long wires - Routing wire congestion | | <br> | | |--|------|--| | | | | | | <br> | | | | | | | | <br> | | | | <br> | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | | #### Design vs. Verification - Verification Engineer Specific Skills - Architectural knowledge - Functional understanding of the design - Debugging skills to find bugs - Effective and efficient software design - Coverage of events - Verification tools, simulation and formal - Test generation to exercise target logic #### Verification challenge #### **Design Challenges** - Increasingly complex micro-architectural designs - · Increasing of functional integration (SOCs) - · Higher performance and lower power requirements - · Shorter time to market - · Practical size of verification team - · Simulation run times increasing due to - increase in design size - Larger and more complex verification environment - Cost of "bug" in terms of lives, cost of recall, reputation, product liability, even survival of the company #### Verification challenge #### Work force challenge - Colleges don't promote verification as an career - · Few college graduates with verification knowledge - Shortage of well educated and skilled verification engineers - Most student are not even aware of verification as a career - Graduating students learn verification incidentally, rather than as a subject. (Insufficient to verify current designs) #### **Verification Opportunity** #### Opportunity for industry - Academia can not solve all the verification challenges - But academia can provide well educated verification engineers - Industry can get well educated verification engineers from colleges, rather that train them on job - Industry and academia should work together to promote verification as a viable career - Industry can provide - Funding for research in verification related topics (Helps to train verification engineers) - Internships for students to get familiar with verification | <br> | <br> | | |------|------|------| | | | | | | | | | <br> | | <br> | | | <br> | <br> | | | <br> | | | | | | | | | | | <br> | <br> | <br> | | | | | | | | | | | | | | | | | | <br> | | <br> | | <br> | <br> | <br> | | <br> | | | | | | | | | | | | | | | | <br> | | <br> | | | | | | | | | | | | | | | | | | <br> | <br> | <br> | | <br> | <br> | <br> | | <br> | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | | <br> | | <br> | | <br> | | <br> | <br> | <br> | | | | | | | <br> | | | | | | | <br> | | | ## **Track Session** ## Training Session 2 Lonestar Ballroom – Salon C #### **FLOOR PLAN** We would be grateful if you could move to the track session as quickly as possible. # **Doug Smith** # **Doulos** Engineer / Instructor # **Practical Hacks for SystemVerilog Coverage** # **Gold Sponsor** # **Abstract** Ever wondered how to reuse coverpoints across several covergroups? Or how to collect coverage in different hierarchies? SystemVerilog coverage gets the job done, but it still has some missing, unexpected, and even head scratching behaviors. This tutorial will discuss several of these issues and offer some tips and hacks to work around them. # **Biography** Doug Smith is a verification engineer and instructor for Doulos based in the Austin Texas area with expertise in UVM and formal technologies. He has been using formal technology for several decades, performing formal verification on many kinds of designs and formal applications. Likewise, he has provided formal application support at both Jasper and Mentor/Siemens EDA. At Mentor/Siemens EDA, he served as a formal specialist and verification consultant, where he provided both formal consulting and developed an automotive functional safety formal app for performing formal fault campaigns. At Doulos, he delivers training in verification methodologies like UVM, SystemVerilog, and formal technology. Doug holds a masters degree in Computer Engineering from the University of Cincinnati and a bachelors degree in Physics and Biology from Northern Kentucky University. Currently, he resides in Paige Texas with his wife and family on a small farm where he raises bees, cows, horses, chickens, and pigs and loves driving a tractor. # **ESL & Verification Methodology** - » SystemVerilog » UVM - » SystemC » TLM-2.0 » Formal # Hardware Design (ASIC / FPGA) - » VHDL » Verilog » SystemVerilog - » Tcl » AMD » Intel FPGA # **Embedded Software** - » C » C++ » Zephyr » Linux » Yocto » Security - » Arm Cortex A/R/M » Rust » Android # AI & Machine Learning - » Edge AI » Deep Learning - » Python # **Practice - Share - Learn** Simulate your hardware description code in a web browser for free Call +1-888-GO-DOULOS to discuss your training needs www.doulos.com ## **Practical Hacks for SystemVerilog Coverage** → Types of SystemVerilog Coverage Coverage Hacks Summary 2 # **Types of SystemVerilog Coverage** Cover properties ... Use SVA temporal syntax Can use the same properties that assertions use Accessible through the assertion API (IEEE 1800-2023, Section 39) Placeable in structural code only ### Covergroups ... Record values of coverpoints Provide functional crosses of coverpoints Accessible by SV code and testcases Placeable in both objects and structural code Assertion Coverage / Code coverage API Only assertion coverage supported by tools (IEEE 1800-2023, Sec. 39) 3 # # What's Wrong with SV Coverage? Limitations Scope – location and sampling of non-local signals $\label{prop:continuous} \textit{Features} - \textit{combining coverage}, \, \textit{extending coverage}, \, \textit{etc.}$ Cross coverage Cannot cross across covergroups Non-intuitive filtering Unexpected behaviors Special keyword behavior Neglected by the SV Committee No significant changes since 2005 until latest 1800-2023 LRM $\,$ # **Practical Hacks for SystemVerilog Coverage** Types of SystemVerilog Coverage Coverage Hacks Summary 8 ``` covergroup cg (ref int v, input string comment); coverpoint v; option.per_instance = 1; option.weight = 5; option.goal = 90; option.comment = comment; endgroup int a, b; Same definition - multiple uses cg cg_inst1 = new(a, "This is cg_inst1 - variable a"); cg cg_inst2 = new(b, "This is cg_inst2 - variable b"); ``` ``` Type Options Type options apply to the entire covergroup type covergroup cg @(posedge clk); type_option.weight = 5; // Weight in calculation type_option.goal = 90; // Percentage of coverage type_option.strobe = 1; // Sample in postponed region cp_a: coverpoint a { type_option.comment = comment; }; coverpoint b; endgroup cg::type_option.goal = 100; cg::cp_a::type_option.weight = 80; ``` ``` For Real! - real_interval real a, b; covergroup cg @(posedge clk); // Real number range interval type_option.real_interval = 0.01; bins b1[] = {[0.75:0.85]}; // 10 bins bins b2[] = {[0.75:0.85],[0.90:0.92]}; // 12 bins // Tolerance range intervals bins b3[] = {[0.753+/-0.01]}; // 2 bins: // b3[0.743:0.753] // b3[0.753:0.763] endgroup ``` # **Practical Hacks for SystemVerilog Coverage** Hack #2 – How to Cover Non-Local Signals 15 # **Pulling Values Into Covergroups** Coverpoints must be local scope СССРС How do you pull in out-ofblock signals? How do you cross between covergroups? | mo | module InstructionMonitor ( | | | | | |----|--------------------------------------|--|--|--|--| | | <pre>input bit clk, decode,</pre> | | | | | | | <pre>input logic [2:0] opcode,</pre> | | | | | | | <pre>input logic [1:0] mode );</pre> | | | | | | | covergroup cg | | | | | | | @(posedge clk iff decode); | | | | | | | <pre>coverpoint opcode;</pre> | | | | | | | <pre>coverpoint mode;</pre> | | | | | | | endgroup | | | | | | | | | | | | | | | | | | | ``` covergroup cg; coverpoint testbench.covunit.a; coverpoint $root.test.count; coverpoint testbench.covunit.cg_inst.cp_a; endgroup covergroup cg (ref_logic [7:0] a, ref_int_b); coverpoint a; coverpoint b; endgroup cg cg_inst = new(testbench.covunit.a, $root.test.count); ``` ``` class base; enum (red, green, blue) color; covergroup g1 (bit [3:0] a) with function sample (bit b); option.weight = 10; option.per instance = 1; coverpoint a; coverpoint b; c: coverpoint color; endgroup function new(); g1 = new; endfunction endclass class derived extends base; bit d; covergroup extends g1; option.weight = 1; // Overrides the weight from base g1 // Overrides the coverpoint in with inherited one endgroup :g1 endclass Cross with other covergroups ``` # **Practical Hacks for SystemVerilog Coverage** Hack #3 – How to Mix SVA Coverage with Covergroups | <br> | |------| | | | | | | | <br> | | | | | | | | | | | | | | <br> | | | | | | | | | | | | | | | | <br> | | | | <br> | | | | <br> | | | | <br> | | | | | | | | | | | | | | | | | | | | | | <br> | | <br> | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ``` Transfer Coverage to Monitor typedef struct packed { logic [3:0] opcode; logic [ww-1:0] jump_instr_pc, logic [ww-1:0] jump_target_pc; jump_data = {op, jump instr_pc, jump_target_pc; jump_trig = o; logic [ww-1:0] jump_target_pc); logic [ww-1:0] jump_target_pc); jump_trig = o; jump_trig = o; logic [ww-1:0] jump_target_pc); j ``` | Record Coverage with Covergroup | | | | | |-----------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--| | <pre>m_cov.opcode = m_cov.jump_inst m_cov.jump_targ</pre> | <pre>void write( input jump_xact t ); t.opcode; r_pc = t.jump_instr_pc; et_pc = t.jump_target_pc; a = m_cov.jump_target_pc - m_cov.jump_instr_pc - 1;</pre> | | | | | FULLY C 2024 Coulos, A3 Rights Reserved | <pre>covergroup cov jump; coverpoint jump_delta { bins no_jump = { 0 }; bins short_jump fwd = { [1:15] }; bins long_jump_fwd = { [16:2**ww-1] }; bins short_jump_back = { [-15:-1] }; bins long_jump_back = { [-2**ww+1:-16] }; option.at_least = 4; } endgroup: cov_jump</pre> | | | | | Copy | 24 | | | | | <br> | <br> | |------|------| | | | | <br> | | | | | | | | | <br> | <br> | | | | | <br> | <br> | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | <br> | <br> | | | | | <br> | <br> | | | | | | | | <br> | <br> | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | <br> | <br> | | <br> | <br> | | | | | | | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ### **Advantages** - Cover property ... - Protocol defined in the interface (everything kept together) - Protocol defined using temporal syntax--not a custom FSM - Covergroup ... - Provides additional coverage options - Provides cross coverage - Accessible by testbench or testcase (coverage feedback) 25 # **Practical Hacks for SystemVerilog Coverage** Hack #4 - How to Direct Stimulus with Coverage 26 ### **Querying coverage** get\_coverage() returns % covered (as a real number) on covergroups and coverpoints ``` initial repeat (100) @(posedge clk) begin cg_inst.sample; cov = cg_inst.get_coverage; if ( cov > 90.0 ) cg_inst.stop; end (100 - $rtoi(cg_inst.a.get_coverage)) : ...; (100 - $rtoi(cg_inst.b.get_coverage)) : ...; (100 - $rtoi(cg_inst.c.get_coverage)) : ...; endcase 27 ``` # **Querying bin coverage** ``` covergroup cg; coverpoint i { bins zero = { 0 }; bins tiny = { [1:100] }; bins hunds[3] = { 200,300,400,500,600,700,800,900 }; endgroup get_coverage() does not work on bins Not allowed ``` cov = cg\_inst.i.zero.get\_coverage(); ``` covergroup instr_cg; op_nop : coverpoint instr_word[15:12] { bins op = { nop_op }; } op_load : coverpoint instr_word[15:12] { bins op = { load_op }; } op_store : coverpoint instr_word[15:12] { bins op = { str_op }; } op_move : coverpoint instr_word[15:12] { bins op = { move_op }; } ... endgroup • Now get coverage() can be used ... cov = cg_inst.op_nop.get_coverage(); ``` ### Randomize using dist The dist operator accepts changing random weights ``` int weight_nop = 1, weight_load = 1, weight_store = 1, weight_add = 1, ...; constraint bias_opcodes { opcode dist { nop_op := weight_nop, load_op := weight_load, store_op := weight_add, ... }; } Some simulators only support variables ``` ### Use pre\_randomize to set weights pre\_randomize() sets the weighting used by the dist ### **Practical Hacks for SystemVerilog Coverage** Hack #5 – How to Include Cover Properties into Functional Coverage | <br> | <br> | |------|------| | | | | <br> | <br> | | | | | <br> | <br> | | | | | <br> | <br> | | | | | <br> | <br> | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | <br> | | | | | <br> | <br> | | | | | <br> | <br> | | | | | <br> | <br> | | | | | <br> | <br> | | | | | <br> | <br> | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | <br> | | | <br> | | | <br> | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ``` cl: coverage[string]; cl: cover property ( a |=> b ) coverage["cl"]=1; c2: cover property ( c |=> d ) coverage["cl"]=1; c2: cover property ( c |=> d ) coverage["c2"]=1; covergroup cg @(posedge clk); type_option.strobe = 1; // Sample end of cycle coverpoint coverage["cl"] { bins match = { 1 }; } coverpoint coverage["c2"] { bins match = { 1 }; } endgroup cg cg1 = new; // Clear the coverage after it is sampled always @(negedge clk) coverage = '{default:0}; 33 ``` ``` covergroup cg @(posedge clk); type_option.strobe = 1; option.per_instance = 1; cp_cl: coverpoint coverage["cl"] { bins match = { 1 }; option.weight = 1; } cp_c2: coverpoint coverage["c2"] { bins match = { 1 }; option.weight = 0.5; } cross cp_c1, cp_c2; endgroup ``` ### **Practical Hacks for SystemVerilog Coverage** Hack #6 – Avoid Coverage Gotchas 35 # illegal\_bins ``` 000 load 001 store logic [2:0] opcode; logic signed [15:0] jump_distance; 010 add 011 sub 100 unused covergroup cg @(posedge clk iff decode); 101 and 110 shift 111 jump bins move_op[] = { 3'b000, 3'b001 }; bins ALU_op = {[3'b010:3'b011],[3'b101:3'b110]}; bins jump_op = {3'b111}; illegal_bins unused_op = {3'b100}; Value endgroup not counted 36 ``` ``` Using default bins bit [15:0] i; default catches unplanned or invalid values covergroup cg @(posedge Clock); coverpoint i { = { 0 }; bins zero = { [1:100] }; bins tiny bins hunds[3] = { 200,300,400,500,600,700,800,900 }; = { [1000:$] }; ignore_bins ignore = { [501:599] }; bins others[] = default; One bin for each other value endgroup 38 ``` | <br> | |------| | <br> | | | | | | <br> | | <br> | | | | | | | | <br> | | | | <br> | | | | <br> | | | | | | | | | | | | | | | | <br> | | | | | | | | <br> | | <br> | | | | | | <br> | | | | | | | | <br> | | | | | | <br> | | <br> | | | | | | <br> | | | ### Solution Avoid [] with default, or use with smaller variables with fewer possible values ``` logic [7:0] a; covergroup cg ...; coverpoint a { bins other = default; endgroup ``` Use wildcard or min/max (\$) to catch remaining values ``` bins huge = { [1000:$] }; // Max values wildcard bins a[4] = { 'b?0 }; // Even values ``` 41 # **Practical Hacks for SystemVerilog Coverage** Types of SystemVerilog Coverage Coverage Hacks Summary ### **Summary** Hack #1 – Use Coverage Options Wisely Hack #2 – How to Cover Non-Local Signals Hack #3 - How to Mix SVA Coverage with Covergroups Hack #4 - How to Direct Stimulus with Coverage Hack #5 – How to Include Cover Properties into Functional Coverage Hack #6 - Avoid Coverage Gotchas 43 Delivering KnowHow www.doulos.com SoC Design & Verification - » SystemVerilog » UVM » Formal » SystemC » TLM-2.0 FPGA & Hardware » VHDL » Verilog » SystemVerilog » Tcl » Xilinx » Intel FPGA (Altera) Design **Embedded Software** » Emb C/C++ » Emb Linux » Yocto » RTOS » Security » Arm **Python & Deep Learning** | | | · | | | |--|--|---|--|------| | | | | | <br> | # **Track Session** # VHDL Verification **Lonestar Ballroom – Salon D** ### **FLOOR PLAN** We would be grateful if you could move to the track session as quickly as possible. # **Notes** # Espen Tallaksen # **EmLogic** **Managing Director** # A pragmatic approach to improving your FPGA VHDL verification # **User Paper (Remote presentation)** # **Abstract** A good architecture is very important for FPGA design, but it is in fact equally important for verification of complex FPGA design. The verification architecture determines the verification efficiency and the product quality for complex designs. The difference between a good and a "normal" verification architecture could be many hundred hours, and for medium to complex designs even as much as a couple of thousand hours. The only good thing about this - is that you can easily do something about it. UVVM was made exactly for this and is free and open source - and used by 35-40% of all FPGA VHDL designers world-wide. A new ESA (European Space Agency) project has just been initiated to extend UVVM even further. In this presentation, we will show you how to make a simple, well-structured, and efficient testbench using the open-source Universal VHDL Verification Methodology (UVVM) architecture. We will also discuss the importance of testbench sequencer simplicity and how it can be used to control multiple VHDL Verification Components simultaneously. We will show testbench examples for a simple interrupt controller, for AXI, for Avalon and more - to illustrate how UVVM will help allow pragmatic and simple verification of both simple and complex DUTs. # **Biography** Espen Tallaksen is the CEO of EmLogic, in Norway. Espen is also the author and architect of the Open Source UVVM (Universal VHDL Verification Methodology). He has a strong interest in methodology cultivation and pragmatic efficiency and quality improvement, and he has given lots of presentations at various international conferences with great feedback. He is also giving courses on FPGA Design and Verification. # **Notes** # A pragmatic approach to improving your FPGA VHDL verification Verification Futures Conference, US 12 September, 2024 (by Espen Tallaksen, CEO EmLogic) The Norwegian Embedded Systems and FPGA Design Centre - Independent Design Centre for Embedded Systems and FPGA - Established 1<sup>st</sup> of January 2021. Extreme ramp up - January 2021: 1 person September 2024: → 43 persons (SW:19, HW:4, FPGA:18, DSP:1+) - Continues the legacy from bitvis - All previous Bitvis technical managers are now in EmLogic - Verification IP and Methodology provider UVVM - Course provider within FPGA Design and Verification Accelerating FPGA Design (Architecture, Clocking, Timing, Coding, Quality, Design for Reuse, ...) - Advanced VHDL Verification Made simple (Modern efficient verification using UVVM) - A potential partner for ESA projects for European companies - Increased opportunities due to Norway's low geo return ### What is UVVM? UVVM = Universal VHDL Verification Methodology - VHDL Verification Library & Methodology - Free and Open Source - Very structured infrastructure and architecture - Significantly improves Verification Efficiency - Assures a far better Design Quality - Recommended by Doulos for Testbench architecture - ESA projects to extend the functionality - IEEE Standards Association Open source project esa Runs on any VHDL-2008 compliant simulator on average... A EmLogic # Testbenches in the industry: Far worse than design - Architecture is normally far worse - Far worse structured (architecture) - Far worse documented - Far worse coded - We waste far more time on verification - Saving-potentials from 20% to 75% - 75% means 4 times the "possible" time. - Average? Maybe a factor of 2 (50%) - TB quality could have "double quality improvement" - The testbench in itself could be much better for finding bugs - Faster verification allows more verification | | <br> | <br> | |-------------------------------------------|------|------| | | | | | | <br> | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | <br> | <br> | | | | | | | | | | | <br> | <br> | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | <br> | <br> | | | | | | | <br> | | | | <br> | <br> | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | <br> | <br> | | | <br> | | | <br>· · · · · · · · · · · · · · · · · · · | <br> | <br> | | <br> | <br> | <br> | | | | | | | | | | <br> | <br> | <br> | | | | | | | | | # UVVM Utility Library for simple **and** advanced testbenches - check\_stable(), await\_stable() - clock\_generator(), adjustable\_clock\_generator() - random(), randomize() - gen\_pulse() - block\_flag(), unblock\_flag(), await\_unblock\_flag() - await\_barrier() - enable\_log\_msg(), disable\_log\_msg() - to\_string(), fill\_string(), to\_upper(), replace(), etc... - normalize\_and\_check() - set\_log\_file\_name(), set\_alert\_file\_name() - wait\_until\_given\_time\_after\_rising\_edge() - etc... 7 Pragmatically improve your FPGA verification ▲ EmLogic # Basic Randomisation in "old" UVVM - Under UVVM Utility library : methods\_pkg - Simple functions using shared variable seeds: - my\_int := random(VOID); - my\_int := random(4, 245); - my\_slv8 := random(8); - my\_byte\_array := random(1, 16); - my\_time := random(1 ns, 15 ns); - Also provides support for fixed random sequence - Needs to control seeds locally - random(4, 245, seed1, seed2, my\_int); Still the simplest possible solution for simple Randomisation | 8 | Pragmatically | improve | your | FPGA | verificatio | |---|---------------|---------|------|------|-------------| | | <br> | |--|------| | | <br> | | | | | | | | | | | | | | | | | | <br> | | | | | | | | | | | | <br> | | | <br> | | | <br> | | | <br> | | | | | | | | | | | | | | | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | # **UVVM Enhanced Randomisation** Quality & Efficiency enablers Well integrated with UVVM Alert handling and logging in particular Strong focus on Overview & Readability Adding keywords to ease understanding UVVM System Utility BFMs Constr. Rand. Library TIM Transactions Specification Watchdogs VVCs Coverage Error Coorenboard Error Monitor Scoreboard Error Injection A EmLogic Single Method approach "Standard" approach: Randomisation in one single command Simple randomisation is always easy to understand addr <= my\_addr.rand(0, 18); More complex randomisation is normally more difficult to understand BUT – there are ways to significantly improve this addr <= my\_addr.rand(0, 18 EXCL,(7)); addr <= my\_addr.rand(0, 18(ADD,)30,31)); addr <= my\_addr.rand(0, 18 ADD, 30,31) EXCL (7)); But - what does this mean??? addr <= my\_addr.rand(0, 18, (30,31), (7)); addr <= my\_addr.rand\_range\_weight)(0,18,4),(19,31,1)); A EmLogic Coding for readability Quality & Efficiency enablers Well integrated with UVVM Alert handling and logging in particular Strong focus on Overview & Readability Adding keywords to ease understanding Easy to Maintain and Extend Typing code consumes is an insignificant part of the development time. Reading and understanding code is repeated over and over again, and is thus a significant part of the development time addr <= my\_addr.rand(0, 18 ADD, 030,31) EXCL (7)); → Investing in better code yields a huge return on investment Pragmatically improve your FPGA verification **A** EmLogic Utility BFMs Constr. R Library TLM Transactions Covera atchdogs VVCs Specifica Covera **Functional Coverage** Functional Coverage is 'a user-defined metric that measures how much of the design specification has been exercised in verification' · Has various functional scenarios been tested. A manual process is required to set up all wanted scenarios → Time consuming, but Great to check that various specific scenarios have been verified E.g. For a UART - Has payload started and ended with both 0 and 1 (4 permutations) - Has odd and even parity been tested - AND with the payload variation above - Has selected cases of baud rate vs clock rate been tested A EmLogic # Optimised randomisation - Optimised Randomisation is - Randomisation without replacement - Weighted according to target distribution AND previous events. Thus for the protocol payload of 0-256 bytes: - → Optimised randomisation yields the lowest number of randomisations for a given target - → Major reduction in # packets and thus simulation time Again: Imagine a payload between 0 to 65.536 bytes... ### Specification Coverage - Assure that all requirements have been verified - 1. Specify all requirements - 2.Report coverage from test sequencer(s) (or other TB parts) - 3. Generate summary report - Coverage per requirement - Test cases covering each requirement - Requirements covered by each Test case - · Accumulate over multiple Test cases Mandatory for Safety and Mission Critical (Strictly required by ESA) Strongly recommended for good quality assurance Expensive tools exist... Solutions exist to report that a testcase finished successfully $\ensuremath{\mathsf{BUT}}$ - reporting that a testcase has finished is not sufficient Pragmatically improve your FPGA verification | UVVM System | | | | | |------------------------------------|----------------------------|----------------|---|--| | Utility | BFMs | Constr. Rand. | ı | | | Library | TLM<br>Transactions | Functional | l | | | | | Specification | ١ | | | Watchdogs | VVCs | Coverage | | | | Monitor Scoreboard Error Injection | | | | | | Avalon Stre | AXI-stream,<br>am, UART, S | PI, GPIO, 12C, | | | ### Specification Coverage (2) What if multiple requirements are covered by the same testcase? | iption | |-------------------------------| | celeration shall be *** | | p speed shall be given by *** | | celeration shall be *** | | al position shall be *** | | | E.g. Moving/turning something to a to a given position R1: Acceleration R2: Speed R3: Deceleration 4: Position - Generates various types of reports - Coverage per requirement - · Test cases covering each requirement - · Requirements covered by each Test case - Accumulated over multiple Test cases \_ogic | A | EmL | |---|-----| | | EML | # According to Wilson research: On average... • Verification is 50% of total development time • Debug is 50% of verification. I.e. 25% of total development Same issues: • Mismatch reports are important Architecture Architecture Overview, Readability Debuggability Resuability Resuability A EmLogic # Pragmatically improve your FPGA verification | <br> | <br> | |------|------| | | | | | | | | <br> | | | | | <br> | <br> | | | | | | | | | | | | | | <br> | <br> | | | | | | | | <br> | <br> | | | | | | | | <br> | <br> | | | | | <br> | | | <br> | <br> | | | | | | | | | | | | | | <br> | <br> | | | | | <br> | <br> | | <br> | <br> | | | | | <br> | <br> | | | <br> | | | | | <br> | <br> | | | <br> | | | | | | | | | | | | | | <br> | <br> | | | | | <br> | <br> | | | | | | | | | <br> | | | | | | <br> | | | <br> | | | | | <br> | <br> | | | | **Due to:** - VVC architecture - TB architecture - Command structure - Simultaneous activity on multiple interfaces - Encapsulated → Reuse at all levels - lacktriangle Queue ightarrow May initiate multiple high level commands - Local Sequencers for predefined higher level commands - Only in UVVM VVCs: - UNIQUE: Control all VVCs from a single sequencer! - May insert delay between commands from sequencer - → The only system to target cycle related corner cases Simple handling of split transactions and out of order protocols - Common commands to control VVC behaviour - Simple synchronization of interface actions from sequencer - May use Broadcast and Multicast Better Overview, Maintenance, Extensibility and Reuse 27 Pragmatically improve your FPGA verification | <br> | <br> | | |------|------|--| | | | | | | | | | <br> | <br> | | | | | | | | | | | | <br> | | | | | | | <br> | <br> | | | | | | | | | | | <br> | <br> | | | | | | | | | | | <br> | <br> | | | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | <br> | <br> | | | | | | | | | | | <br> | <br> | | | | | | | | | | | <br> | <br> | | | | | | | | | | | <br> | | | | | | | | | | | | <br> | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <br> | <br> | | | | | | | <br> | <br> | | | <br> | | | | <br> | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | # Improving verification in general? - Awareness, awareness, awareness - Allow time up front to structure - Discuss your testbench architecture before coding - Sparring partner - Walkthrough - Same applies to - Control & status of all stimuli & checkers - Reaching Corner cases Overview, Readability Modifiability, Maintainability, Extensibility | Divide and conquer at all stages Prioritise the reader at all times | | |----------------------------------------------------------------------|--------------| | natically improve your FPGA verification | <b>▲</b> Eml | | | | # The 2022 Wilson Research Group Functional Verification Study (2) Half the verification time is spent on debugging Other development 2022 WILSON RESEARCH GROUP, FUNCTIONAL VERIFICATION STUDY FPGA FUNCTIONAL VERIFICATION TREND REPORT We can definitely be more efficient! - structured! Pragmatically improve your FPGA verification ▲ EmLogic ### Huge improvement potential - Assume a 6000 hour project → 3000 hour verification - 50% improvement → 1500 hours saved 38 # Courses - FPGA (and ASIC) Verification: 'Advanced VHDL Verification Made simple' - FPGA (and ASIC) Design: 'Accellerating FPGA and Digital ASIC Design' - Design Design Architecture & Structure Clock Domain Crossing Coding and General Digital Design Reuse and Design for Reuse Timing Closure Quality Assurance at the right level Faster and safer design - Verification Architecture & Structure Self checking testbenches BFMs How to use and make Checking values, time aspects, etc Verification components Advanced Verif: Scoreboard, Models, etc State-of-the-art verification methodology - Next courses Online in November. More courses on demand: On-site, Online, Public, or Hybrid Pragmatically improve your FPGA verification # New **ESA UVVM** extension project - Started up in March - First new functionality to be published (in June) - Detection of unexpected / unwanted transactions or interface activity - Completion detection ▲ EmLogic | <br> | <br> | | |------|------|--| | | | | | | | | | <br> | | | | <br> | <br> | | | | <br> | | | | <br> | | | | | | | | | | # **Notes** Tessolve (a Hero Electronix Venture) is the leading engineering service/solution provider with 3000+ employees worldwide and a full breadth of pre-and post-silicon expertise. Tessolve provides a one-stop-shop solution with full-fledged hardware and software capabilities, including its advanced silicon and system testing labs. We have Test labs in India, the US, Malaysia, and Singapore. Tessolve offers complete Turnkey ASIC Solutions, from design to packaged parts. We are actively investing in the Center of excellence initiatives such as 5G, RISC-V subsystems, high power PMICs, HSIO, HBM/3D/Chiplets, system-level tests, advanced verification methodologies, and others. Tessolve also offers end-to-end product design services in the embedded domain from concept to manufacturing under an ODM model with application expertise in Avionics, Automotive, Data Center/ Enterprise, Industrial/IoT and Semiconductor segments. We are ISO 9001:2015 certified and our Embedded team is ISO9001 & EN9100 Quality certified. Visit www.tessolve.com for more information. # Chip Design # 180nm 3nm Advanced Process Development 950+ Engineers executing Specs to GDSII solutions . 0 # Test/Product Engineering # Hardware Development # Embedded Systems # Mike Bartley Senior Vice President VLSI Design +44 (0)779 630 7958 mike.bartley@tessolve.com # **Marc Waugh** Director Sales & Marketing 512-461-4017 # **Tessolve DTS Inc** 4210 South Industrial Drive STE 140 Austin, TX 78744, USA Email: sales@tessolve.com # **Notes** # **INDUSTRY FOCUS** **Automotive** **Avionics** **Data Center/Enterprise** Industrial/IoT **Semiconductor** # **Notes** # **CALL FOR PAPERS** Whatever your specialty, Verification Futures provides an excellent opportunity to share your experiences and insights on the key technical and industry challenges we face in verification. ### **Submit an Abstract for VF2025** We are now seeking submissions for presentations and papers describing interesting and innovative experiences related to challenges faced in hardware verification. These submissions should include a brief description of the ASIC, SoC and FPGA verification challenges that need to be addresses and/or innovative solutions to improving verification. Abstracts should be targeted toward a technical audience of hardware verification engineers. Abstracts may also address the safety and security issues relating to verification. # **Submission Dates** Call for Papers Opens UK & USA 12 September 2024 Final Presentations Required UK 31 March 2025 Final Presentations Required USA 30 June 2025 # **Abstract Submissions** Abstract submissions should be no more than 2,500 characters and include a short biography of the speaker. All abstracts will be reviewed and notice of acceptance will be sent via email. To submit your abstract please sent to – <a href="mike.bartley@tessolve.com">mike.bartley@tessolve.com</a> and for guidance please visit <a href="https://www.tessolve.com/verification-futures/">https://www.tessolve.com/verification-futures/</a> # **About Verification Futures 2025** Verification Futures is a unique one-day conference, exhibition and industry networking event organized by Tessolve to discuss the challenges faced in hardware verification. The event gives the opportunity for end users to define their current and future verification challenges and collaborate with the vendors to create solutions. It's also an excellent opportunity to network and catch up with other verification engineers across Europe & USA. We hope you have found the conference interesting and informative Slides and recordings will be available on the Tessolve Website https://www.tessolve.com/verification-futures/vf2024-austin-usa/