Electronic Design

Functional Verification Is As Important As Timing Closure

In the rush to get electronics-based products to market faster, cheaper, and with more functionality, timing is everything. The electronics industry commonly believes that achieving timing closure makes a design silicon-ready. Several EDA companies have developed products that ease the timing-closure challenge. These tools are being successfully deployed on design projects throughout the world.

Although timing closure is a critical design consideration, it isn't everything. Meeting timing closure often creates structural changes within a design, leading to unexpected functional problems and reducing the likelihood that the design is truly ready for silicon. These problems are often introduced late in the design cycle, after the original RTL specification is created and larger portions of the netlist are flattened.

Proving that the full-chip implementation meets the RTL specification is known as functional closure—the functional equivalent of timing closure. Full-chip functional closure is just as important as timing closure.

Incorporating formal verification into the design flow will ensure functional closure. Equivalence checking (EC), part of a formal verification methodology, automatically detects functional inconsistencies, reliably ensuring that the final design implementation actually does what the RTL code specifies that it should. EC uses mathematical techniques to determine whether one design representation is functionally equivalent to another, and it's useful to verify that the final netlist is correct.

The void in most verification flows is filled by EC—the functional uncertainty due to design changes made to reach timing closure. EC functionality verifies an entire chip design from RTL to GDSII, like timing closure. Equivalence checkers first correlate state bits of the two designs, and then algorithmically compare the combinatorial cones of logic between them.

Previously, functional closure could be reached with gate-level simulation. But that's not possible for most designs today, as performance is too slow and coverage is inadequate. Once design sizes reach 250,000 gates, gate-level simulation becomes impractical. At the 500,000-gate level and above, it becomes too risky to verify designs using traditional methods alone. EC offers the only practical solution. By automatically detecting functional differences with 100% coverage that requires no test vectors, EC enables design teams to achieve functional closure quickly and exhaustively.

Lengthy gate-level simulation can be reduced or eliminated by EC. Without gate-level simulation, designers must depend entirely on RTL simulation to ensure their designs are correct. Without EC to prove that RTL matches silicon, RTL simulation results lie in question.

The adoption of EC and formal verification is gaining momentum. Next-generation EC software is far easier to use than first-generation offerings, thereby stemming the flow of criticism that was justifiably leveled by early adopters of the technology. Design teams are routinely using EC in their design flows, while ASIC vendors are supporting formal verification as part of their standard sign-off procedure.

The multitude of backend netlist changes and manipulations done today to reach timing closure have created a market for equivalence checkers that can verify these changes. Equivalence checkers that reliably compare designs at this backend stage, in all of their complexity, to their respective original RTL specifications will gain the broadest acceptance. Combining timing closure tools with EC ensures that both the timing and the function of a design have been thoroughly verified. Next year, the rallying cry might just become "timing and function are everything!"

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish