Read articles and application reports from customers and specialists
Our latest technical article:
Continuous Verification
By John Hallman, OneSpin: A Siemens Business
The recent SolarWinds hacking incident that left many fortune-500 companies and US government networks exposed is a cautionary tale for unchecked software and hardware supply chain security vulnerabilities.
An Effective Way to Verify RISC-V Cores (Swedish)
By Nicolae Tusinshci and Wei Wei Chen, OneSpin: A Siemens Business
Modern processor designs present us with some of the toughest challenges in hardware verification. This is especially true when it comes to RISC-V processor cores, where there are a number of variations and implementations from a myriad of different sources. The article by W. W. Chen, N. Tusinschi and T. L. Anderson, OneSpin Solutions, was presented at DVCon Europe 2020 and describes a verification methodology available to both RISC-V kernel vendors and SOC teams working to integrate these kernels. It deals with functional correctness including compliance, detection of security vulnerabilities and verification of the reliability that no malicious logic has been entered. Detailed examples of design bugs discovered in real RISC-V cores have been included.
A Core Challenge
A common verification methodology available to both RISC-V core providers and SoC teams integrating these cores is required.
Modern processor designs present some of the toughest hardware verification challenges. Verification is particularly challenging for RISC-V processor core designs, with many providers and many variations of implementation.
Verification of the Safety and Functionality of RISC-V Cores (German)
Die Verifikation von RISC-V-Cores stellt für Core-Anbieter und SoC-Integratoren mit Blick auf die Sicherheit, Funktionaliät und Vertrauenswürdigkeit eine Herausforderung dar. Eine von beiden Seiten nutzbare Lösung eines Drittanbieters kann hier helfen.
Verification Requirements for SystemC/C++ Designs
By Vlada Kalinic, SystemC Verification, Product Manager, OneSpin Solutions
Although SystemC/C++ coding styles have been used for many years, specific models have recently emerged to drive common design flows across engineering teams. These include abstract algorithmic design code as input for high-level synthesis (HLS) tools, virtual platform models for early software test, configurable intellectual property (IP) blocks, and many more.
HLS, which transforms “mostly untimed” abstract SystemC/ C++ design representations to fully-timed register-transfer-level (RTL) design blocks, is in use at many large semiconductor and electronic systems companies. These tools are particularly popular as a method to rapidly generate design components with varying microarchitectures, whilst rapidly and effectively optimizing algorithm-processing data paths. Their use on control logic, as well as components with more detailed timing in general, is also becoming more widespread.
Securing Microelectronics for Safer Automobiles
By John Hallman, product manager for Trust and Security, OneSpin Solutions
Security researchers have demonstrated extensively how cybersecurity attacks can have disastrous consequences in automotive systems. A successful car hack could be extended to an entire fleet of vehicles and put many lives in danger. Moreover, car owners’ privacy and the protection of intellectual properties (IPs) and other assets of car manufactures and their supply chain are also at stake. Unlike safety, however, automotive cybersecurity is in its infancy. The upcoming “ISO/SAE 21434 Road Vehicles – Cybersecurity Engineering” standard promises to modernise and harmonise cybersecurity activities across the automotive supply chain.
Säker mikroelektronik ger tryggare bilar | Safer Microelectronics, Safer Cars (Article in Swedish)
By John Hallman, Product Manager Trust & Security, OneSpin Solutions
Det går inte att uppnå någon trygghet (safety) utan säkerhet (security). Standarden ISO/SAE 21434, som är ett komplement till ISO 26262, kräver att alla som ingår i en leverantörskedja för elektronik integrerar aktiviteter för cybersäkerhet hela vägen från konceptfasen till dekommissioneringen.
Mitigating Verification Risk By Understanding the Coverage
By Nicolae Tusinschi, Product Manager, OneSpin Solutions
The effective testing of an IC during the verification process prior to fabrication remains a perennial issue for design engineers, made worse by the inability to accurately measure the progress of verification.
There are various verification coverage techniques, all with disadvantages, leading to incomplete verification, poor test quality and duplicated verification effort on welltested parts of the design. Many reasons lie behind these drawbacks, including poorlydefined metrics, incompatible tools and unclear methodologies.
RISC-V with Focus on Security (Danish)
By John Hallman, Product Manager, OneSpin Solutions
The rise of RISC-V has many reasons behind it. RISC-V allows a new level of hardware optimization for specific workloads. Moore’s law is slowing down, and customization is crucial to sustaining the level of performance improvements that technological advances in the semiconductor manufacturing process can no longer provide. Moreover, the RISC-V architecture is free from licensing costs and royalties, enabling more companies to develop innovative, affordable products. Much is happening in the field of IoT and wearable devices with artificial intelligence capabilities, for example.
SoC integrators often use open-source or third-party RISC-V processor IPs. These designs and their associated toolchains can be augmented with custom instructions. A high-quality verification environment delivered with the IP and additional system-level testing can provide some confidence that the IP has no critical bugs. Unfortunately, for many applications, this is not enough, and there are other serious risks to consider.
ISO / SAE 21434 and cybersecurity in vehicles
By: Sergio Marchese
There is no functional safety without data security. The norm ISO / SAE 21434 will therefore support and require the ISO 26262 standard in the future Measures to ensure cybersecurity across the Lifecycle of electronic products. All are accordingly Companies in the value chain affected by the new standard. By Sergio Marchese
Addressing safety critical FPGA designs
By: Rob van Blommestein, Head of Marketing, OneSpin Solutions
Advanced EDA tools and methodology is helping designers to avoid synthesis bugs in safety-critical FPGA designs, as Rob van Blommestein explains.
Field-programmable gate arrays (FPGAs) are the dominant hardware platform in many safety-critical, low-volume applications, including aerospace and nuclear power plants (NPPs).
Modern FPGA devices feature integrated microprocessor cores, digital signal processing (DSP) units, memory blocks and other specialised intellectual properties (IPs) and these advanced devices allow for the implementation of large, high-performance system-on-chip (SoC) designs with integrated safety mechanisms, making a strong case for adoption in additional safetycritical applications traditionally dominated by application-speci c integrated circuits (ASICs).
Answers to designers' questions about RISC-V verification
By: Rob van Blommestein, Head of Marketing, OneSpin Solutions
It can certainly be said that interest in RISC-V is showing a sharp increase in design circles. It's not only that the whole idea behind open-source has made it a cost-effective alternative, but also that its ISA (instruction set architecture) is built to provide great flexibility. Rob van Blommestein, Vice President of Marketing, OpenSpin Solutions, looks at what this means for the verification of RISC-V.
The instruction set of RISC-V can be mapped to many different implementations and microarchitectures, has a large number of selectable instructions and functions and supports a wide range of end applications. But this flexibility also leads to problems with verification, as well as questions about how best to solve these problems.
There are a number of requirements that must be met when developing and using RISC-V cores. One of the most important is that it is possible to have confidence in the IP implementation. Have all functions been implemented? Have they been implemented correctly? Are there any bugs hidden in the implementation? Are there any hidden Trojans? With simulation, however, it has been difficult to get answers to these questions, which has led to an increased use of formal verification to answer them. The in-depth nature of formal verification makes this the ideal choice to be able to ensure confidence in the core.
Meeting Critical Automotive Safety Standards: A Case for Automated FMEDA
By: Sergio Marchese, Technical Marketing Manager, OneSpin Solutions
The safety and comfort of cars has increased dramatically over the past decade. Nowadays, even economy class vehicles feature advanced driver-assistance systems (ADAS) that, in certain conditions, can control not only acceleration and braking, but also steering. Fully autonomous vehicles are on the horizon – and although it is not clear when and how deployment will start, technology is moving fast.
Established automotive manufacturers are investing heavily in machine learning (ML) and other artificial intelligence (AI) fields. Meanwhile, new players are crowding this space, attracted by what is largely expected to be a booming, disruptive technology.
Sergio Marchese, Technical Marketing Manager at IC integrity verification expert, OneSpin Solutions discusses the implications for assessing the safety of automotive chips.
Secure Chips to Autonomous Vehicles (Danish)
By: Sergio Marchese, Technical Marketing Manager, OneSpin Solutions
I en stadig mere kompleks verden bliver præ-silicium specifikation og verifikation af hardwaresikerhed en helt afgørende parameter. For at kunne gøre det, er der imidlertid brug for mere robuste og effektive designflows.
De elektroniske systemer, der indgår i opkoblede autonome køretøjer (CAV’er) og avancerede førerassist systemer (ADAS), er bygget op omkring avancerede IC’er, der inkluderer en bred vifte af halvleder IP (Intellectual Property) funktioner og byggeblokke, som stammer fra mange forskellige kilder. En moderne bil kan inkludere mere end 100 elektroniske kontrolenheder (ECU’er), der kontrollerer kritiske systemfunktioner som bremsning og styring.
For at sikre at de anvendte IC’er – herunder ASICs og FPGA’er – har den højeste mulige integritet, kræves der tilgang til hardware udviklingsflows, der kan levere bevis for henholdsvis
Protection Against Attacks and Hardware-IP Trojans (German)
By: Sergio Marchese, Technical Marketing Manager, OneSpin Solutions
Sicherheitsschwachstellen bei RISC-V-Prozessoren vermeiden Prozessoren, auch solche basierend auf RISC-V, übernehmen kritische Funktionen in einer Vielzahl von Anwendungen.
Das Spektrum reicht von vernetzten autonomen Fahrzeugen über Smartphones und 5G-Geräte bis hin zu IoT-Produkten. Wie lässt sich dabei die Sicherheit und Privatsphäre der Endanwender schützen?
Aktuelle Prozessorkerne sind oft Bestandteil in anwendungsspezifischen integrierten Schaltungen (ASICs) oder FPGAs (Field Programmable Gate Arrays) und übernehmen dort wesentliche Steuerungs- und Datenverarbeitungsfunktionen. Die Befehlssatzarchitektur (Instruction Set Architecture, ISA) der Prozessoren bildet die Schnittstelle zwischen Hardware und Software und sorgt für die Flexibilität und Programmierbarkeit der benötigten Funktionen.
Verifying RISC-V SoCs
By: Rob van Blommestein, Head of Marketing, OneSpin Solutions
SoC developers give little thought to re-verifying a licensed core, trusting the vendor to perform thorough verification of functional correctness, and other aspects of integrity.
The open RISC-V processor architecture is shaking up both worlds – that of intellectual property (IP) and system-on-chip (SoC). There’s much industry activity and interest, with RISC-V cores already finding their way in new designs.
However, successful RISC-V core providers must verify all aspects of integrity for those designs, including functional correctness, safety, security and trust. Core-level verifiation steps may need to be re-run, plus some additional tasks performed, to ensure that the cores have been integrated properly.
Verification of RISC-V designs is especially challenging because of optional features, implementation exibility and provisions for customer extensions.
Protect RISC-V processors from cyber attacks and Trojans (German)
By: Sergio Marchese, Technical Marketing Manager, OneSpin Solutions
Processors, including those based on RISC-V, take on critical functions in many applications. But how can they be protected against cyber attacks and Trojans at the hardware IP level?
Current processor cores are often part of application-specific integrated circuits (ASICs) or FPGAs (Field Programmable Gate Arrays), where they perform essential control and data processing functions. The instruction set architecture (ISA) of the processors forms the interface between hardware and software and ensures the flexibility and programmability of the required functions.
The RISC-V open source ISA is becoming increasingly popular with advanced electronic systems as it allows developers to add highly customized extensions. The growing adoption of RISC-V is also fueling the ecosystem of tools, software and expertise, which in turn is driving its proliferation in an ever wider range of applications. In addition, there are no license costs or usage fees, so that a larger group of companies can develop innovative and at the same time affordable products. This development can already be observed in the field of IoT and portable devices with artificial intelligence.
RISC-V Design Requirements
By Rob van Blommestein, Head of Marketing, OneSpin Solutions
To increase understanding of how verification and the associated tools and techniques should be applied to achieve complete verification, OneSpin's Rob van Blommestein offers some advice:
It is safe to safe that Risc-V is enjoying a surge in popularity among the design community. Not only does the open source nature make it a cost-effective alternative to Cisc, but the instruction set architecture (ISA) is designed for flexibility.
It can map to many implementations and micro-architectures and contains numerous optional instructions and features. It also allows for the development of custom instructions and features, and supports a wide range of end applications.
However, with this flexibility come verification challenges and questions about how best to tackle them.
Hardware Progress (Innovative Chip Safety Analysis)
By Jörg Grosse and Sergio Marchese, OneSpin Solutions
A DVCon Europe 2019 conference paper, jointly authored by Renesas and OneSpin Solutions, considered innovative chip safety analysis. Jörg Grosse and Sergio Marchese discuss its findings.
In today’s vehicles, according to AUDI, microelectronics enable over 80% of vehicle innovation and high-
end cars may contain more than 100 electronic control units (ECUs) controlling both safety-critical and entertainment functions, as well as implementing advanced driver- assistance systems (ADAS).
As a consequence, electro- migration, cosmic radiation, and other physical phenomena may corrupt
the behaviour of integrated circuits (ICs) and cause both transient and permanent faults that could lead to dangerous system failures.
Security vulnerabilities and hardware Trojans in RISC-V processors
By Sergio Marchese, Technical Marketing Manager, OneSpin Solutions
Semiconductor chips and system-on-chip (SoC) devices implemented in application-specific integrated circuits (ASICs) or field-programmable gate arrays (FPGAs) are the backbone of modern life. Today’s Internet-of-Things (IoT), smartphones, communications equipment and advanced
driver assistance systems (ADAS), and tomorrow’s connected autonomous vehicles (CAVs), smart power-generation plants and various infrastructures all require complex electronic systems. Processor cores are often integrated into these chips to perform essential control and data-processing functions. Processors provide flexibility and programmability through their instruction set architecture (ISA), which defines the interface between hardware and software.
Efficient ISO 26262 Compliance for Vehicles Ships (Swedish)
By Jörg Grosse and Sergio Marchese, OneSpin Solutions
Chip and integrated circuits for vehicle applications form the backbone of advanced driver assistance systems (ADAS) and communicative, self-driving vehicles (CAVs). Although integrated circuits are very reliable and have a long life, errors can still occur in them. For example, physical phenomena such as electromigration can cause interruptions and short circuits that permanently damage the circuit. Alpha particles in cosmic radiation can hit a circuit and change the contents of the memory. Such events can cause malfunctions that may even lead to loss of human life. Jörg Grosse and Sergio Marchese, OneSpin Solutions here focus on FMEDA automation and fault analysis in safety mechanisms. Why is this important, and how can it be achieved more effectively?
How to make processors trustworthy
By Sergio Marchese, OneSpin Solutions
Modern integrated circuits (ICs) provide the computational and system control capabilities to process enormous amounts of data, make safety-critical decisions in real time, and protect sensitive data. Designing an application-specific integrated circuit (ASIC) or field-programmable gate array (FPGA) system-on-chip (SoC) from scratch would be prohibitively expensive and time-consuming. Many critical functions are implemented using third-party intellectual properties (IPs).
Read the full article How to make processors trustworthy here…
Securing Chips from the Ground Up
By Sergio Marchese, OneSpin Solutions
Advanced electronic systems for connected autonomous vehicles (CAVs) and other safety- and security-critical applications use complex software stacks. At the bottom of the stack are integrated circuits (ICs) that include general-purpose and workload-optimized processing engines, and other semiconductor intellectual properties (IPs). However, hardware vulnerabilities may compromise the entire system.
Read the full article Securing Chips from the Ground Up here…
Secure Chips from the Outset
By Sergio Marchese, OneSpin Solutions
Advanced electronic systems for connected autonomous vehicles (CAVs) and other safety- and security-critical applications use complex software stacks. At the bottom of the stack are ICs which include general purpose and workload-optimised processing engines, and other semiconductor IP.
A Deep Dive into AI Chip Arithmetic Engines
By Sergio Marchese, Technical Marketing, OneSpin Solutions
Artificial intelligence (AI) is steadily progressing toward advanced, high-value applications that will have a profound impact on our society. Automobiles that can drive themselves are perhaps the most talked about, imminent technological revolution, but there are many more applications of AI.
AI software, such as a neural network (NN) implementing a machine learning (ML) or deep learning (DL) algorithm, requires high-performance “artificial brains,” or hardware, to run on. Computer vision is fundamental to many complex, safety-critical decision-making processes.
Read the full article A Deep Dive into AI Chip Arithmetic Engines on Semiconductor Digest…
Automated connectivity checking with formal verification
By Tom Anderson, Technical Marketing, OneSpin
Formal verification traditionally has been regarded as anadvanced technique for experts to thoroughly verify indi- vidual blocks of logic, or perhaps small clusters of blocks.
The appeal of formal techniques is the exhaustive analysis of allpossible behavior for the design being verified. This stands insharp contrast to simulation, which exercises only a tiny fractionof possible behavior by running specific tests. If no test triggersa design bug, the bug will not be found. If the bug is triggered but no change in results is observed, the bug will not be found.Given a sufficiently robust set of properties to describe intended behavior, formal tools can not only find all bugs but also provethat there are no more bugs to be found.
Compliant with the norm [German]
Automated fault analysis. Especially smaller and early-stage companies in automotive electronics are facing difficulties in raising the costs and experts for the formal approval process. A new procedure helps here, which automatically determines the safety metrics according to ISO 26262.
Read the full article Compliant with the norm [German] here…
Die Sicherheit von applikationsspezifischen Automotive-Chips beurteilen
Fachartikel von Jörg Grosse, Sergio Marchese, OneSpin Solutions
ASICs, FPGAs und SoCs unterliegen dem Risiko, dass während des Betriebs Fehler auftreten. Dabei ist FMEDA entscheidend für die Analyse des Ausfallrisikos. Ist dabei eine Automatisierung möglich?
Automated Connectivity Test - QED [German]
By Tom Anderson, Technical Marketing Consultant, OneSpin Solutions
Automatisierte Konnektivitatsprufung. Die Verbindungen zwischen den Designblocken und I/O-Zellen komplexer Chips lassen sich nicht mittels Inspektion verifizieren. Simulation und Emulation konnen zwar Bugs aufspuren, bleiben aber unvolistandig. Formale Tools dagegen finden nicht nur alle Fehler – sie konnen das auch beweisen.
A Deep Dive Into AI Chip Algorithmic Engines
By Sergio Marchese, Technical Marketing, OneSpin
Tesla’s autopilot chip executes 72-trillion additions and multiplications per second: It better get the math right...
ARTIFICIAL INTELLIGENCE (AI) is steadily progressing toward advanced, high-value applications that will have a profound impact on our society. Automobiles that can drive themselves are perhaps the most talked about, imminent technological revolution, but there are many more applications of AI.
AI software, such as a neural network (NN) implementing a machine learning (ML) or deep learning (DL) algorithm, requires high-performance “artificial brains,” or hardware, to run on. Computer vision is fundamental to many complex, safety-critical decision-making processes.
Safety, Security, und Trust [German]
By Sven Beyer, Product Manager and Tom Anderson, Technical Marketing, OneSpin
Slcherstellung der Integritat von RISC-V-Prozessorkernen mit unabhanglger Verifikationslosung
Die offenhelt der RISC-V-Instruction-Set-Architektur und ihre mittlerwelle weite Adaption machen eine grundliche Uberprufung der RISC-V-Kerne erforderlich. Im Beitrag beschreibt elektronik industrie eine Losung zur Slcherstellung der Integritat von RISC-V-Implementierungen, die in Form von Apps ihre Anwendung fur den Nutzer so einfach wie moglich gestaltet.
Side-Channel Attacks on Embedded Processors
By Dr. Raik Brinkmann, President and CEO of OneSpin, for EE Times
Secure enclaves and root of trust are not enough. Hardware vulnerabilities affect the security of automotive, medical, and IoT systems.
In January 2018, computer security researchers disclosed two critical processor vulnerabilities that malicious programs could exploit to leak secure data: Meltdown and Spectre.
The engineering community and the public at large are accustomed to software vulnerabilities requiring frequent app updates or installation of operating system patches. These were different — hardware was the culprit, and hardware is not cheap to update.
The only practical approach is to release new software that, at the cost of making the system slower and less energy efficient, masks vulnerable hardware functions or avoids their use. Meltdown and Spectre sparked a series of investigations into hardware security.
Researchers already unveiled numerous more vulnerabilities, including Foreshadow, ZombieLoad, RIDL, and Fallout. These hardware flaws compromise the security of personal computers, smartphones, and even the cloud.
What about embedded systems?
Read the full article at EE Times
Hardware Trojans and the Problem of Trust in Integrated Circuits
Sergio Marchese for Semiconductor Engineering
IC development steps are vulnerable to malicious insertions that may compromise system security.
Electronic systems are at the core of an ever-increasing number of products and services. From power plants to automobiles, from medical devices to airplanes, from smartphones to home appliances, complex electronic systems enable an unprecedented level of automation, performance, safety, and security. Integrated circuits (ICs) are the backbone of these systems. It is of paramount importance that they can be trusted to operate in full compliance to their specifications and certifications. However, IC design, production, and distribution are surprisingly vulnerable to malicious agents that could infiltrate devices with poor performance and reliability, or even with hardware Trojans, i.e., additional, hidden functionalities designed for nefarious purposes.
Read full article at Semiconductor Engineering
IC Integrity Thesis
Jim Hogan, Vista Ventures, at SemiWiki
In this thesis, I establish the notion of IC Integrity and the impact that this will have on what has traditionally been viewed as the design verification market. I love getting feedback, and I also love to share that feedback with people, so please let me know what you think. Thanks - Jim
Read the full article at SemiWiki
Formal Verification Of RISC-V Cores
Sven Beyer at Semiconductor EngineeringRISC-V is hot and stands at the beginning of what may be a major shift in the industry. Even a cursory review of upcoming conferences programs and recent technical articles makes that clear. While it is still early in the evolution of the processor architecture, there is certainly the potential that RISC-V will be a game-changer in the IP and semiconductor industry. As “a free and open ISA enabling a new era of processor innovation through open standard collaboration,” it directly challenges several well-established processor families. This definition comes from the RISC-V Foundation, which assumed support and evolution of RISC-V after the original development in the EECS Department at the University of California, Berkeley.
Read the full article at Semiconductor Engineering.
Keine Abkürzung Erlaubt
Tom Anderson at elektronik informationenFunktionale Verifikation von IoT Chips. Um zuverlässig IoT-Produkte entwicklen zu können, ist eine umfassende Verifikation der Chips vonnöten. Abkürzungen können zu schwerwiegenden Fehlern führen, die sich beim Anwender nur mit großem Aufwand beheben lassen.
Access the full article as PDF.
Connectivity Checking Is A Perfect Fit For Formal Verification
Tom Anderson at Semiconductor EngineeringFormal verification has traditionally been regarded as an advanced technique for experts to thoroughly verify individual blocks of logic, or perhaps small clusters of blocks. However, if you talk to anyone involved in the field these days, you’ll find that the majority of formal users are running applications (“apps”) targeted for specific verification problems. Further, many of these apps, notably connectivity checking, are being run at the full-chip level on very large designs. We’d like to use this month’s post to explore the links between these two extremes, looking at what has changed and what is likely to happen going forward.
Read the full article at Semiconductor Engineering.
Heterogeneous Computing Raises The Bar For Functional Verification
Raik Brinkmann at Semiconductor EngineeringIf there’s one thing certain in chip development, it’s that every innovation in architecture or semiconductor technology puts more pressure on the functional verification process. The increase in gate count for each new technology node stresses tool capacity. Every step up in complexity makes it harder to find deep, corner-case bugs. The dramatic growth in SoC designs brings software into play for full-chip verification. True to form, the emerging generation of heterogeneous computing platforms is raising the bar for verification yet again. This new approach presents new challenges that must be faced by both device developers and chip users.
Read the full article at Semiconductor Engineering.
Demystifying EDA Support For ISO 26262 Tool Qualification
Sergio Marchese at Semiconductor EngineeringMy new, mid-size car is equipped with many advanced driver-assistance systems. To be honest, it’s taking me time to get used to some of them, as, for example, lane-centering assist that seamlessly takes control of my steering wheel. However, I cannot wait to get my hands off a fully autonomous vehicle and be able to take a nap while 7nm chips run machine learning and other artificial intelligence algorithms do the driving for me.
Read the full article at Semiconductor Engineering.
Seven Steps for IoT Verification
Tom Anderson at ElektronikpraxisMany IoT devices are complex system-on-chip (SoC) designs with embedded software. The development isn't trivial, and the verification is critical for successful deployments in end products.
Read the full article at Elektronikpraxis.
Integrating Results And Coverage From Simulation And Formal
Tom Anderson at Semiconductor EngineeringNot so long ago, formal verification was considered an exotic technology used only by specialists for specific verification challenges such as cache coherency. As chips have grown ceaselessly in size and complexity, the traditional verification method of simulation could not keep pace. The task of generating and running enough tests consumed enormous resources in terms of engineers, simulation licenses, and servers. Yet even unlimited simulation capability provided no guarantee of functional correctness. Constrained-random simulation, by its very nature, is probabilistic and has little chance of exercising enough of the design to find deep, corner-case bugs.
Read the full article at Semiconductor Engineering.
11 Myths About Formal Verification
Tom Anderson at Electronic DesignFormal verification is used by almost every chip development and verification group, though myths about it persist and may deter engineers who could benefit from its value.
Read the full article at Electronic Design.
AI Chips Must Get The Floating-Point Math Right
Sergio Marchese at Semiconductor EngineeringMost AI chips and hardware accelerators that power machine learning (ML) and deep learning (DL) applications include floating-point units (FPUs). Algorithms used in neural networks today are often based on operations that use multiplication and addition of floating-point values, which subsequently need to be scaled to different sizes and for different needs. Modern FPGAs such as Intel Arria-10 and Xilinx Everest include floating-point units in their DSP slices that can be leveraged to optimize classification, detection, and image recognition tasks. Convolutional neural networks (CNNs) are popular for computer vision applications and are demanding on compute power. The computational workload of a convolution layer may involve deeply nested loops.
Read the full article at Semiconductor Engineering.
Certifying the Certifier – OneSpin Talks About the Extra Burden of Proof
Bryon Moyer at EEJournalThis discussion stems from a conversation with OneSpin at this summer’s DAC. Seems like it was just about this time last year that we talked about how EDA and functional safety work together, but, based on some recent certification announcements, this year we have a view from a different stance.
Functional Safety: Art Or Science?
Sergio Marchese at Semiconductor EngineeringNowadays, most hardware development projects deploy functional verification flows that include UVM-based constrained-random testbenches and formal verification. High design complexity, tough budget constraints, and short time to market are the norm, not the exception. Advanced verification is a necessity for many engineering teams. In our increasingly connected world, where billions of IoT devices soon will be communicating to us and to each other, security rapidly is becoming a key concern.
Read the full article at Semiconductor Engineering.
The Skies Over EDA Are Finally Cloudy
Tom Anderson at Semiconductor EngineeringEDA companies have been talking for years about providing access to their tools in the cloud, including more articles than I can count with titles about the EDA forecast being cloudy, clouds on the horizon, and so forth. The title of this post continues the dubious tradition of cloud-based puns, but there’s no future tense involved. Recent announcements from several EDA companies make it appear that cloud support is finally here and poised to become a mainstream vehicle for design and verification.
Read the full article at Semiconductor Engineering.
Welcome Verification 3.0
Sergio Marchese at Semiconductor EngineeringWhen considering the future of verification, don’t forget the human factor.
Read the full article at Semiconductor Engineering.
Why Your FPGA Synthesis Flow Requires Verification
Tom Anderson at Semiconductor EngineeringEquivalence checking was key to making logic synthesis mainstream, but it’s more complex when it comes to FPGAs.
Read the full article at Semiconductor Engineering.
ISO 26262 and You
Jörg Grosse at Embedded Systems EngineeringWhy Automotive electronics suppliers will make increasing use of formal tools to meet the standard’s strict requirements for verification and satisfy supply chain demand.
Read the full article at Embedded Systems Engineering.
Making Sense Of Safety Standards
Tom Anderson on Semiconductor EngineeringIf you’re involved in the design or verification of safety-critical electronics, you’ve probably heard about some of the standards that apply to such development projects. If not, then you’re probably puzzled when you read about TÜV SÜD certifying that an EDA tool satisfies functional safety standards ISO 26262 (TCL3/ASIL D), IEC 61508 (T2/SIL 3) and EN 50128 (T2/SIL 3). The industry has quite an “alphabet soup” (more accurately, alphanumeric soup) of functional safety standards. In this post, we’ll try to sort it out.
Formal verification enables Agile RTL development
Sergio Marchese at TechDesignForumAgile development started in the software domain but the methodology shows promise for SoC verification. Formal verification techniques can help implement an Agile flow. The aim of this article is to share two experiences where a novel approach was used to develop register transfer level (RTL) modules. System Verilog Assertions (SVAs) were developed in parallel with RTL code using OneSpin Solutions’ 360-DV (Design Verification).
Read the full artile at TechDesignForum.
Strategies for verifying an FPGA design
Dave Kelf at Embedded Computing Design
The escalating cost, time, and risk associated with custom integrated circuit (IC) fabrication has driven increased field programmable gate array (FPGA) usage across electronics applications. FPGAs are larger, faster, and more power-efficient than ever, and bring a number of capabilities unavailable in custom silicon design, such as field updates, multi-function devices, and simplified prototyping, making them an attractive option.
Read the full article at Embedded Computing Design.
Using Formal Verification for HW/SW Co-Verification of an FPGA IP Core
Prof. Dr.-Ing. Markus Wedler; Berlin Institute of Technology, Eric Crabill; IP Design Engineer; Xilinx, Inc., Graham Schelle; Senior Staff Research Engineer; Xilinx, Inc. and Patrick Lysaght; Senior Director; Xilinx, Inc. at Xilinx Xcell Magazine.A new formal-verification technique allowed a group of academic and industry researchers to holistically verify tightly coupled hardware and firmware within a Xilinx soft core.
The University of Kaiserslautern and Xilinx researchers recently undertook an investigation into how to apply formal techniques to the holistic verification of a Xilinx® soft IP core that contains both embedded firmware and hardware components. We found that it was possible to capture the firmware and hardware interaction in a scalable formal-verification environment.
Download Xilinx Xcell Journal issue 79, pg. 56.
Are we done yet?
Bryon Moyer at EEJournalIt’s all well and good to verify a design, but how do you know when you’re done? Simulation has coverage metrics, so, whether or not you agree with their value, by that definition, you can know when you’re done (or as close as you’re going to get). It’s not so easy with formal analysis. OneSpin is addressing this with their new Quantify MDV product (MDV standing for “Metrics-Driven Verification”).
How formal MDV can eliminate IP integration uncertainty
Raik Brinkmann at EE Times
This article outlines how the latest formal metric-driven verification (MDV) methodology and technologies can eliminate integration uncertainty through the automatic generation of Accellera-defined coverage metrics, without the assistance of simulation. This formal MDV methodology measures not only the usual control coverage, but also observation coverage – a serious missing link in many other MDV approaches. The methodology is easily integrated into existing MDV flows or can be used stand-alone.
Hunting that elusive bug
Roland Syba, Melexis GmbH at EE Times
This article discusses the non-trivial challenge of detecting and correcting the – often elusive – functional defects that unavoidably arise in the design of complex system-on-chip (SoC) devices. How do we mitigate the conflict between the dramatic increase in SoC design complexity and the need to deliver the design in a shorter time with the same or better design quality?
OneSpin automates formal assertion/RTL debug
Bill Murray for SCD SourceWhat do you do when an assertion fails? How do you determine the cause of the failure? Is the assertion code incorrect? Is there an illegal input scenario that the constraints failed to exclude? Or is there a bug in the RTL code? Or is it a combination thereof?
Without highly automated debug support, it requires significant manual effort to answer these questions. This manual effort can put a serious dent in the team’s productivity, even in the case of relatively simple assertions that verify local RTL behavior.
OneSpin has solved this problem by automating the most effort-intensive steps in SVA analysis and RTL debug.
Formal methods: Rocket science or mainstream technology? A deeper look
Michael Siegel, OneSpin Solutions for SCDsourceIs formal verification only for experts? This is probably one of the most debated questions in functional RTL verification in recent years. The answer to this question is critical to anyone considering adopting formal verification because it determines the necessary investment in skills and technology – and the return on investment (ROI) that companies can expect.
Automated formal method verifies highly-configurable HW/SW interface
Joachim Knaeblein and Hans Sahm, Alcatel-Lucent at SCDsourceAlcatel-Lucent's Joachim Knaeblein and Hans Sahm describe how they used both automated assertion generation and automated formal methods to verify a complex HW/SW interface in a large SDH/SONET chip – and slashed verification time and effort by 70 percent.
Mixing Formal and Dynamic Verification
Bill Murry at SCDsourceOver the last few years, there has been a noticeable uptick in the use of formal verification to augment dynamic verification. Given that both techniques leverage assertions, one would assume that there would be a great deal of collaboration between dynamic testbenches and formal property checking, the user teams and the tools.
In this STR, we dig down to the use case level to determine how formal is being used, and how it augments dynamic verification.
Formal verification expands its use model by Bill Murray
Bill Murray for SCDsourceHolger Busch, senior staff engineer for verification in the automotive, industrial and multi-market group at Infineon Technologies, described an XML-assisted aggregate property checking methodology that performs a “vast” number of checks simultaneously to verify the special function registers in a control unit. The functionality of such registers constitutes a significant proportion of the control unit’s specification. Consequently, simultaneous checking using aggregate properties can verify the complex functionality of modules with considerably less effort than individual property checking or simulation. In addition, the methodology’s completeness checking identifies gaps in the property set, which can then be filled by the verification team.
Formal property checking – what the users say
Richard Goering for SCDsourceFormal property checking and "bug hunting" tools promise to find tough corner-case bugs and provide exhaustive proofs. But what's the reality? In the first part of this two-part report, engineers at IBM, Infineon, D. E. Shaw Research, MIPS Technologies, and Sun Microsystems discuss the advantages and limitations of existing formal tools.
Formal property checking – what the vendors say
Richard Goering for SCDsourceUsers profiled in the first part of this report said that formal property checking tools have significant value, but require expertise and have capacity limits. In this conclusion, vendors of formal tools give their perspectives on these challenges and discuss what sets their tools apart.
Now we turn to the providers of formal property checking tools to get their views on such questions as ease of use, capacity, and dynamic versus static property checking.
Achieving Highest, Certified IP Quality Efficiently
Lorenzo di Gregorio, Infineon Technologies AG; Carlo del Giglio, Michael Siegel, OneSpin Solutions GmbHThe article describes from the perspective of an IP provider the verification of a configurable network processor – called PPv2 – using OneSpin's 360 MV. It explains the details of this verification project and how the following results were achieved: error-free functional operation of the PPv2 across all possible configuration, a verification report that certifies the achieved IP quality and enables rapid IP quality assessment, a complete description of integration conditions for the IP, a considerably improved specification, no IP revision or redesign has been necessary since release, and a total verification effort of 4 engineer-months, about 40% less than that in the simulation-based verification of PPv1.
Complete Formal Verification of TriCore2 and Other Processors
Tim Blackmore, Fabio Bruno, Infineon Technologies AG; Jörg Bormann, Sven Beyer, Adriana Maggiore, Michael Siegel, Sebastian Skalberg, OneSpin Solutions GmbHThis paper describes the application of OneSpin's 360 MV to the verification of the TriCore2 processor, Infineon's next generation high-end processor for embedded and safety-critical applications. Unlike other formal approaches, the employed methodology is a self-contained approach to hardware verification, independent of simulation. It systematically eliminates all gaps in the verification plan and in the property set and thus ensures that the IP is free of functional errors – the highest possible quality.
Achieving Completeness in IP Functional Verification
Wolfram Buettner and Michael Siegel, OneSpin Solutions at EEtimes360 MV is the only complete functional verification solution. Verification is objectively 'complete' when all output signals of the design under verification have been verified to have their expected values at any point in time for any possible input scenario. This notion of completeness implies 100% input scenario coverage and 100% output behavior coverage, the highest possible coverage that any functional verification can achieve and the key to ensure error-free operation. It can only be achieved when transforming formal verification from the common bug-hunting and corner-case inspection approach into a full 'functional sign-off' approach. The details on complete functional verification compared to other functional verification approaches – be it simulation-based, assertion-based, or formal – is explained in the following EETimes article:
