WO2008057840A2 - Verifying correctness of an electronic design based on requirements and conditions of components of the electronic design - Google Patents

Verifying correctness of an electronic design based on requirements and conditions of components of the electronic design Download PDF

Info

Publication number
WO2008057840A2
WO2008057840A2 PCT/US2007/082891 US2007082891W WO2008057840A2 WO 2008057840 A2 WO2008057840 A2 WO 2008057840A2 US 2007082891 W US2007082891 W US 2007082891W WO 2008057840 A2 WO2008057840 A2 WO 2008057840A2
Authority
WO
WIPO (PCT)
Prior art keywords
component
requirements
electronic design
conditions
ensures
Prior art date
Application number
PCT/US2007/082891
Other languages
French (fr)
Other versions
WO2008057840A3 (en
Inventor
Kevin D. Jones
Kathryn M. Mossawir
Thomas J. Sheffler
Vandana Prabhu
Original Assignee
Rambus Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rambus Inc. filed Critical Rambus Inc.
Publication of WO2008057840A2 publication Critical patent/WO2008057840A2/en
Publication of WO2008057840A3 publication Critical patent/WO2008057840A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/30Circuit design
    • G06F30/32Circuit design at the digital level
    • G06F30/33Design verification, e.g. functional simulation or model checking
    • G06F30/3323Design verification, e.g. functional simulation or model checking using formal methods, e.g. equivalence checking or property checking

Definitions

  • Verifying the correctness of an electronic design having multiple components More particularly, embodiments relate to verifying an electronic design based on conditions that a component ensures it will satisfy assuming that requirements, if any, of the component are met.
  • FIG. 1 is a diagram of an example electronic design having multiple components with requirements and conditions associated with the components, in accordance with an embodiment.
  • FIG. 2 is an example system for verifying and re-verifying a design by performing a comparison of requirements and conditions associated with various components of the electronic design, in accordance with an embodiment.
  • FIG. 3 is a flowchart illustrating steps of a process of verifying an electronic design by performing a comparison of requirements and conditions associated with various components of the electronic design, in accordance with an embodiment.
  • FIG. 4 is a flowchart illustrating steps of a process of re-verifying an electronic design by performing a comparison of requirements and conditions associated with various components of the electronic design, in accordance with an embodiment.
  • FIG. 5 is a block diagram that illustrates a computer system upon which an embodiment may be implemented.
  • At least one of the components has a "requires set" associated with it, in one embodiment.
  • the requires set specifies one or more requirements of the component.
  • the requirements can relate to various properties including, but not limited to, logic, timing, layout, and power. As a particular example, a component might require a specified setup time for input signals.
  • At least one of the components has an "ensures set" associated with it, in one embodiment.
  • the ensures set specifies one or more conditions that the component ensures that it will satisfy, assuming that its requirements, if any, are met.
  • a component might ensure that it will meet a specified hold time for output signals, assuming its requirements, if any, are met.
  • the correctness of the electronic design can be verified or re-verified based on the requires sets and ensures sets, along with information that describes dependencies between the components.
  • a re-verification of the electronic design might be achieved as follows. After the correctness of the electronic design is verified by some suitable technique, the design of one of the components of the electronic design might be changed. After re-designing the component, the effect of the re-design can be analyzed to determine whether the component still ensures its conditions, assuming its requirements are met. A determination may also be made as to whether any requirements of the component changed as a result of the re-design. If the component still ensures its conditions (and if there are no changes to the component's requirements), then there is no need to re-verify the electronic design further, as the design change does not impact other components.
  • the design change might cause the component to no longer ensure one or more of its conditions.
  • a hold time that the re-designed component ensures for an output might be slightly shorter.
  • the electronic design can be quickly re-verified by determining what components could be affected by this changed condition and determining whether their requirements (e.g., requires sets) are still satisfied. For example, a determination is made as to whether the input hold time is still satisfied for any components that receive the output of the re-designed component. If the requirements of the potentially affected components are still met, then no further verification of the electronic design may be needed. If the requirements of the other components are no longer satisfied, the electronic design can still be re-verified quickly in many cases.
  • the requires sets and ensures sets are used to perform an initial verification of the electronic design, in accordance with one embodiment.
  • the requires sets and ensures sets are used to verify the electronic design when a new component is added to the electronic design, in accordance with another embodiment.
  • Embodiments are described herein according to the following outline: a. Example Electronic Design b. Example Requires Set c. Example Ensures Set d.
  • Example System for Verifying an Electronic Design e. General Process Flow
  • Process Flow for Re-Verifying an Electronic Design g. Hardware Overview
  • FIG. 1 is a diagram of an example electronic design, which can be verified by an embodiment.
  • the example electronic design has multiple components with requirements and/or conditions associated with at least some of the components, in accordance with an embodiment.
  • the supplier 102 provides data and control signals to the FIFO 106
  • the FIFO 106 provides data and control signals to the consumer 104.
  • the other depicted components include a power supply 108 and a clock generator 110, which provide power and a clock signal to other components. It is not required that a component be a specific physical unit.
  • the environment provided by the electronic device may also be considered to be a component.
  • a factor such as layout area for components (e.g., FIFO 106) may depend on the environment provided by the electronic device.
  • a particular component such as the FIFO 106
  • An example requires set and an example ensures set for the FIFO 106 are discussed below.
  • Some components may only have an ensures set associated with them. The fact that a component has an ensures set, but not a requires set does not necessarily mean that the component does not have any requirements. Rather, this may mean that none of the potential requirements are specified in a requires set.
  • the clock generator 110 might ensure a condition related to the clock signal, but might not have any specified requirements. Still other components may have only a requires set associated with them.
  • the consumer 104 might have requirements associated with its various input lines, but might not ensure any conditions.
  • A requires sets for a particular component contains requirements of a particular component, in one embodiment.
  • the following discussion provides examples of FIFO 106 requirements for illustrative purposes. Requirements for a particular component can be based on information in data sheets for the component and/or other design requirements.
  • the FIFO 106 has a set of requirements, which can be related to different properties such as logic, timing, layout, and power. Referring to FIG. 1, the requirements for the logic properties might be that no other component asserts the "PUSH" signal while the FIFO 106 asserts the FULL signal. Another logic requirement might be that no other component asserts the POP signal while the FIFO 106 asserts the EMPTY signal.
  • timing requirements include setup time, hold times, and clock properties. More particularity, the FIFO 106 might require that input values are stable for a minimum of 10 pico seconds (ps) before the rising clock edge. The FIFO 106 might also require that input values are held for a minimum of 20 ps after the rising clock edge. With respect to the clock, the FIFO 106 might require a maximum frequency, a duty cycle tolerance, minimum rise and fall rates, and maximum jitter. [0025] An example of a power requirement is that the FIFO 106 requires at least 3 mW of power.
  • An example of a layout requirement is that the environment should provide a minimum area for the FIFO 106.
  • the environment may be considered to be a "component" as the term is used throughout this description.
  • the term "component” can be any physical portion of or logical construct associated with the electronic design.
  • An ensures sets for a particular component contains conditions with which the particular component ensures it will comply, in one embodiment.
  • the set of conditions that a component ensures it will comply with can be related to properties such as logic, timing, layout, and power.
  • Conditions for a particular component can be based on information in data sheets for the component and/or design requirements.
  • conditions related to logic properties might be that the FIFO 106 asserts the "FULL" signal when the FIFO 106 is full.
  • Another logic condition might be that the FIFO 106 asserts the "EMPTY" signal when the FIFO 106 is empty.
  • Another logic condition might be that if another component asserts the PUSH signal, then the FIFO 106 will store whatever values are on the data lines (Din). Still another logic condition might be that if another component asserts the POP signal, then the FIFO 106 will output, onto the data out lines (Dout), the first value that was loaded into the FIFO 106.
  • Another example of a logic condition is that the FIFO 106 samples inputs and drives outputs in response to the rising edge of the clock signal.
  • Examples of timing conditions include setup times and hold times. More particularly, the FIFO 106 might ensure that its output values are stable for a minimum of, for example, 10 pico seconds (ps) before the rising clock edge. The FIFO 106 might also ensure that it will hold output values for a minimum of 20 ps after the rising clock edge.
  • An example of a layout condition is that the FIFO 106 ensures that it will occupy no more than a specified area.
  • An example of a power condition is that the FIFO 106 ensures that it will consume a maximum of 3m W of power.
  • the FIFO 106 will assure that it meets a set of conditions, as specified in its ensures set, as long as its requirements are met.
  • the various properties discussed in the example of the FIFO 106 requirements and conditions are for illustrative purposes. Many other properties can be used. Moreover, a particular requirement or condition could potentially be considered to relate to more than one property (e.g., area and power).
  • FIG. 2 is an example system 200 for verifying and re-verifying an electronic design by performing a comparison of requirements and conditions associated with various components of the electronic design, in accordance with an embodiment.
  • the system 200 could be used with the design of FIG. 1.
  • the verification logic 202 is able to verify and/or re-verify the correctness of the electronic design, based on the requires sets 204 and ensures sets 206, and component dependency information 208.
  • the electronic design is represented by one or more electronic design descriptions 212.
  • a particular electronic design description 212 may pertain to one or more components. In some cases a particular electronic design description 212 might describe a portion of a component.
  • the electronic design descriptions 212 may pertain to different levels of abstraction, such as behavioral, transactional, RTL, etc.
  • Example formats for the electronic design descriptions 212 include, but are not limited to, Verilog RTL, Pathmill, the C programming language, the e verification language, HDL gate level netlist, transistor level netlist, Fastscan library model, and gate level models.
  • the requires sets 204 and ensures sets 206 are formed, at least in part, by inputting information into a user interface.
  • the information might be derived from data sheets for the components, although other sources can be used.
  • the requires sets 204 and/or ensures sets 206 are automatically generated by an information generation tool 215.
  • the information generation tool 215 extracts or infers information from the electronic design description 212 to generate the requires sets 204 and/or ensures sets 206.
  • the information generation tool 215 traverses a representation (e.g., a gate level netlist) of the particular component and algorithmically extracts a representation of a property in a suitable form, such as a logic formula.
  • a representation e.g., a gate level netlist
  • the portion of the requires set 204 and/or ensures set 206 for that property can be derived from the logic formula.
  • the component dependency information 208 describes what requirements depend on what conditions. For example, referring to Fig. 1, the Dout of the FIFO 106 is an input to the consumer 104. Therefore, the consumer 104 may have a requirement related to its input that depends on a condition or conditions related to the Dout of the FIFO 106. As another example, the clock signal (elk) of the clock generator 1 10 is input to several of the components (102, 104, 106). Therefore, those components 102, 104, 106 may have one or more requirements that depend on one or more conditions of the clock generator 110. As still another example, the FIFO 106 might have a layout area requirement that depends on the environment. The component dependency information 208 may be derived from the electronic design description 212.
  • the information generation tool 215 extracts or infers information from the electronic design description 212 to generate the component dependency information 208.
  • the verification logic 202 is able to identify, based on the component definition information 208, a set of one or more components ("dependent components") whose respective requires sets depend, at least in part, on the ensures set of a particular component.
  • the verification logic 202 is also able determine whether the one or more conditions in the ensures set of the particular component violate any requirements in the requires sets of any of the dependent components.
  • the verification logic 202 is able to invoke various verification tools 210(1) - 210(n) in order to perform a verification operation.
  • the verification operation might be to determine whether individual components comply with their specified conditions assuming that their requirements are met.
  • Each of the verification tools 210(1) - 210(n) is able to analyze and/or verify some aspect of the correctness of at least one component of the electronic design.
  • a simulation might be run using one of the verification tools (e.g., 210(1)) to determine maximum power consumption for the FIFO 106.
  • a different verification tool 210(2) could be used to perform a timing analysis on the FIFO 106.
  • the verification tools 210 include, but are not limited to, model checkers, test generator tools, static timing analysis tools, and circuit simulation tools.
  • model checkers include Incisive® formal verifier (IFV), which is commercially available from Cadence® Design Systems, Inc. of San Jose, California; 0-In® formal verification, which is commercially available from Mentor Graphics Corporation of Wilsonville, Oregon; and MagellanTM, which is commercially available from Synopsis®, Inc. of Mountain View, California.
  • test generator tools include Specman®, which is commercially available from Cadence® Design Systems, Inc. of San Jose, California; and QuestaTM SV (System Verilog), which is commercially available from Mentor Graphics Corporation of Wilsonville, Oregon.
  • the verification logic 202 can supply the verification tool 210(1) or 210(2) with one or more of the requirements of the FIFO 106, such as maximum clock frequency or timing requirements.
  • the verification logic 202 can check the results provided by various verification tools 210(1), 210(2), against the conditions of the FIFO 106 to determine whether the FIFO complies with its conditions, assuming that its requirements are met. Other verification operations can also be performed as discussed elsewhere in this description.
  • the verification logic 202 reports violations of conditions of a component, based on results provided by the verification tools 210, in one embodiment. For example, if the FIFO has a condition that it will consume no more than 3.0 mW, and a simulation indicates that the FIFO will consume a maximum of 3.4 mW, the verification logic 202 reports that the condition should be changed to 3.4 mW or a higher value.
  • the verification logic 202 is able to modify the conditions and requirements. The modification may be automatic or in response to user input.
  • FIG. 3 is a flowchart illustrating steps of a process 300 of associating requirements and conditions with components of an electronic design and performing a verification operation on the design based thereon, in accordance with an embodiment.
  • a requires set is electronically associated with each of a first group of components of an electronic design.
  • the first group may contain one or more components.
  • the requires set for a particular component describes one or more requirements of the particular component.
  • an ensures set is electronically associated with each of a second group of components of the electronic design.
  • the second group may contain one or more components.
  • the second group and the first group may have all members in common, some members in common, or no members in common.
  • Each ensures set specifies, for its respective component, one or more conditions that the respective component ensures it will satisfy, as long as the requirements (if any) of the respective component are met.
  • a verification operation is performed on the electronic design.
  • the verification operation is based on information that describes dependencies between the components, at least one of the requires sets, and at least one of the ensures sets. Many different types of verification operations can be performed. One example is to integrate a particular component into the electronic design.
  • This integration can be performed by determining whether the requirements of the particular component are met by the conditions of the other components and determining whether the conditions of the particular component satisfy the requirements of the other components.
  • the following example of integrating the FIFO 106 into the electronic design of FIG. 1 will be used to illustrate an example verification operation.
  • the requirements of the FIFO 106 are compared to the conditions ensured by other components.
  • the following table lists some of the requirements of the FIFO 106, and illustrates that these requirements are satisfied by conditions ensured by other components.
  • the FIFO 106 can have many other requirements, such as setup and hold times, etc. Further, many other components could ensure conditions that the FIFO 106 depends upon.
  • the conditions of the FIFO 106 are compared to the requirements of other components.
  • the following example table illustrates that the following FIFO 106 conditions satisfy the requirements of other components.
  • the FIFO 106 can ensure many other conditions, which many other components could depend upon.
  • Another example of a verification operation is to verify some aspect of the correctness of the entire electronic design.
  • the composition of the overall electronic design might be verified.
  • the electronic design as a whole is verified by determining that each component's requirements are met by the conditions of the other components, in one embodiment. For example, so long as the requirements of the supplier 102, FIFO 106, and consumer 104 are satisfied by conditions ensured by other components, then the correctness of the composition of the whole electronic design is verified.
  • a further step that can be performed is to verify that each component will satisfy its conditions, providing that its requirements, if any are met.
  • the step of verifying individual components does not necessarily have to be performed. For example, the manufacturer of a particular component might test and verify the particular component.
  • Process 400 of FIG. 4 describes an embodiment for re-verifying an electronic design.
  • step 402 or process 400 of FIG. 4 an initial verification of an electronic design is performed.
  • the initial verification is performed by comparing requirements and conditions of various components, in accordance with one embodiment. However, the initial verification may be performed by any technique. That is, the requirements and conditions of the components do not need to be used in the initial verification.
  • step 404 information is received related to modification of the design of one of the components of the electronic design is modified. For example, the design of the FIFO 106 component might be changed. As a more specific example, the depth of the FIFO 106 might be increased from 10 to 15 slots.
  • step 406 a determination is made as to whether any of the conditions and/or requirements of the re-designed component should be changed. For example, a test can be performed to determine whether the re-designed component still complies with its ensured conditions, assuming that the requirements of the component (if any) are met. A verification tool can be used to determine whether the component complies with its conditions.
  • the verification logic 202 might invoke one or more of the verification tools 210 to determine whether the FIFO 106 still complies with its ensures sets, assuming that the FIFO 106's requirements are met.
  • a verification tool 210 might be invoked to determine how much area the FIFO 106 with 15 slots will need.
  • Other verification tools 210 might also be invoked for other purposes such as determining how much power the re-designed FIFO 106 will consume.
  • step 408 If there are no changes to any requirements or conditions, then there is no need to perform any further verification of the electronic design. Thus in step 408, re- verification is confirmed.
  • a new set of conditions and/or requirements are associated with the re-designed component, in step 410.
  • an analysis of a re-designed FIFO 106 with 15 slots might reveal that 15 units of area are required. If the FIFO 106 previously had a requirement of needing no more than 10 units of area, then the requirements of the FIFO 106 can be changed to reflect this need. Moreover, the conditions of the FIFO 106 might be changed to specify that the FIFO 106 ensures that it will use no more than 15 units of area. Other requirements/conditions of the FIFO 106 might also be changed.
  • a simulation of the re-designed FIFO 106 might indicate that the power requirements have changed. For example, if a simulation of a FIFO 106 with 15 slots indicates that the FIFO 106 can no longer ensure that it will consume a maximum of 3 mW, then a new value is determined for which the FIFO 106 can ensure.
  • step 412 and/or step 414 further verification is performed on the electronic design, in step 412 and/or step 414.
  • the further verification involves identifying, based on information that describes dependencies between the components, a set of one or more components whose conditions the requirements of the re-designed component depends upon. Further identified are a set of one or more components whose respective requirements depend, at least in part, on the conditions of the re-designed component.
  • the new requirements of the re-designed component are compared with conditions of components upon which the redesigned component depends, in step 412. As an example, if the FIFO 106 now requires 15 units of area and the environment ensures that is will supply 20 units of area for the FIFO 106, then there is no violation by this changed requirement. However, other effects may need to be examined such as new power requirements and any changes to conditions ensured by the FIFO 106.
  • step 414 the new conditions of re-designed component are compared with requirements of dependent components. As an example, if the FIFO 106 now ensures a condition that it will use no more than 15 units of area and the environment has a requirement that the FIFO 106 use no more than 20 units of area, then there is no violation by this changed condition of the FIFO 106. [0055] If whichever of steps 412 and 414 indicate that re-verification is complete, then in step 416, an indication is provided that re-verification is complete. [0056] If either step 412 or 414 indicated that re-verification is not yet complete, then in step 418, several different actions could be taken.
  • a change to one or more conditions ensured by the FIFO 106 causes a violation of a requirement of a component (“dependent component") that depends on the FIFO 106
  • the FIFO 106 might now ensure that it will use no more than 4.OmW, whereas previously the FIFO 106 ensured it would consume no more than 3.OmW. If the power supply had a requirement that the FIFO 106 use no more than 3.5m W, this requirement would be violated.
  • a new requires set can be formed for the dependent component, wherein no requirements in the new requires set are violated by the modified ensures set of the FIFO 106.
  • the power supply requirements could be changed to require the FIFO 106 to use no more than 4.5m W. Then a determination is made as to whether, as long as the requirements in the new requires set of the dependent component (e.g., power supply) are met, the dependent component complies with the ensures set of the dependent component. If the dependent component complies with its ensures set, then re-verification of a portion of the electronic design is successful.
  • the dependent component e.g., power supply
  • FIG. 5 is a block diagram that illustrates a computer system 500 upon which an embodiment of the invention may be implemented.
  • Computer system 500 includes a bus 502 or other communication mechanism for communicating information, and a processor 504 coupled with bus 502 for processing information.
  • Computer system 500 also includes a main memory 506, such as a random access memory (RAM) or other dynamic storage device, coupled to bus 502 for storing information and instructions to be executed by processor 504.
  • Main memory 506 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed by processor 504.
  • Computer system 500 further includes a read only memory (ROM) 508 or other static storage device coupled to bus 502 for storing static information and instructions for processor 504.
  • ROM read only memory
  • a storage device 510 such as a magnetic disk or optical disk, is provided and coupled to bus 502 for storing information and instructions.
  • Computer system 500 may be coupled via bus 502 to a display 512, such as a cathode ray tube (CRT), for displaying information to a computer user.
  • An input device 514 is coupled to bus 502 for communicating information and command selections to processor 504.
  • cursor control 516 is Another type of user input device, such as a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to processor 504 and for controlling cursor movement on display 512.
  • This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane.
  • the invention is related to the use of computer system 500 for implementing the techniques described herein. According to one embodiment of the invention, those techniques are performed by computer system 500 in response to processor 504 executing one or more sequences of one or more instructions contained in main memory 506. Such instructions may be read into main memory 506 from another machine-readable medium, such as storage device 510. Execution of the sequences of instructions contained in main memory 506 causes processor 504 to perform the process steps described herein. In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention. Thus, embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
  • machine-readable medium refers to any medium that participates in providing data that causes a machine to operation in a specific fashion.
  • various machine-readable media are involved, for example, in providing instructions to processor 504 for execution.
  • Such a medium may take many forms, including but not limited to storage media and transmission media.
  • Storage media includes both non-volatile media and volatile media.
  • Non-volatile media includes, for example, optical or magnetic disks, such as storage device 510.
  • Volatile media includes dynamic memory, such as main memory 506.
  • Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise bus 502.
  • Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and infra-red data communications. All such media must be tangible to enable the instructions carried by the media to be detected by a physical mechanism that reads the instructions into a machine.
  • Machine-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD- ROM, any other optical medium, punchcards, papertape, any other physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
  • Various forms of machine-readable media may be involved in carrying one or more sequences of one or more instructions to processor 504 for execution.
  • the instructions may initially be carried on a magnetic disk of a remote computer.
  • the remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem.
  • a modem local to computer system 500 can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal.
  • An infra-red detector can receive the data carried in the infra-red signal and appropriate circuitry can place the data on bus 502.
  • Bus 502 carries the data to main memory 506, from which processor 504 retrieves and executes the instructions.
  • Computer system 500 also includes a communication interface 518 coupled to bus 502.
  • Communication interface 518 provides a two-way data communication coupling to a network link 520 that is connected to a local network 522.
  • communication interface 518 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line.
  • ISDN integrated services digital network
  • communication interface 518 may be a local area network (LAN) card to provide a data communication connection to a compatible LAN.
  • LAN local area network
  • Wireless links may also be implemented.
  • communication interface 518 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
  • Network link 520 typically provides data communication through one or more networks to other data devices.
  • network link 520 may provide a connection through local network 522 to a host computer 524 or to data equipment operated by an Internet Service Provider (ISP) 526.
  • ISP 526 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the "Internet" 528.
  • Internet 528 uses electrical, electromagnetic or optical signals that carry digital data streams.
  • the signals through the various networks and the signals on network link 520 and through communication interface 518, which carry the digital data to and from computer system 500, are exemplary forms of carrier waves transporting the information.
  • Computer system 500 can send messages and receive data, including program code, through the network(s), network link 520 and communication interface 518.
  • a server 530 might transmit a requested code for an application program through Internet 528, ISP 526, local network 522 and communication interface 518.
  • the received code may be executed by processor 504 as it is received, and/or stored in storage device 510, or other non-volatile storage for later execution. In this manner, computer system 500 may obtain application code in the form of a carrier wave.

Abstract

Verifying and/or re-verifying the correctness of an electronic design based on requirements of individual components of the electronic design and conditions that individual components assure they will satisfy. At least one of the components has a 'requires set' associated with it that specifies requirements of the component. At least one of the components has an 'ensures set' associated with it that specifies one or more conditions that the component ensures that it will satisfy. The correctness of the electronic design can be verified or re-verified based on the requires sets and ensures sets, along with information that describes dependencies between the components. For example, the electronic design is re-verified by determining if new requirements of a re-designed component are met by the rest of the electronic design and if new conditions of the re-designed component satisfy requirements of the rest of the electronic design.

Description

VERIFYING CORRECTNESS OF AN ELECTRONIC DESIGN BASED ON REQUIREMENTS AND CONDITIONS OF COMPONENTS OF THE ELECTRONIC DESIGN
FIELD OF INVENTION
[0001] Verifying the correctness of an electronic design having multiple components. More particularly, embodiments relate to verifying an electronic design based on conditions that a component ensures it will satisfy assuming that requirements, if any, of the component are met.
BACKGROUND
[0002] Most electronic systems are built by composing a number of components. The individual components are often designed and tested independently. Thus, by themselves, the components have been verified. However, verifying an electronic design of a system that is composed of the components usually involves substantial effort. More particularly, the fact that the components have been individually verified is not taken advantage of when verifying the electronic design as a whole. [0003] Furthermore, commonly one of the components is re-designed or replaced after the electronic design has been verified in whole or in part. For example, one of the components might need to be re-designed very shortly before the electronic design is released. The re-design might be very minor. Moreover, verifying the correctness of the re-designed electronic component itself can often be accomplished quickly. However, it can be extremely difficult to know what impact the re-design of the component will have on the overall electronic design. Thus, a substantial amount of re-verifi cation of the overall electronic design is performed. In many cases, the overall re-verification could be performed far more quickly if there were an understanding of precisely what re-verification of the overall electronic design needs to be performed. [0004] A problem with re-verifying the entire design is that resources (e.g., manpower, money) are wasted on unnecessary re-verification. A further problem with re-verifying the entire design is that the product release date may need to be pushed back.
[0005] The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
BRIEF DESCRIPTION OF THE DRAWINGS
[0006] Embodiments are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:
[0007] FIG. 1 is a diagram of an example electronic design having multiple components with requirements and conditions associated with the components, in accordance with an embodiment.
[0008] FIG. 2 is an example system for verifying and re-verifying a design by performing a comparison of requirements and conditions associated with various components of the electronic design, in accordance with an embodiment. [0009] FIG. 3 is a flowchart illustrating steps of a process of verifying an electronic design by performing a comparison of requirements and conditions associated with various components of the electronic design, in accordance with an embodiment.
[0010] FIG. 4 is a flowchart illustrating steps of a process of re-verifying an electronic design by performing a comparison of requirements and conditions associated with various components of the electronic design, in accordance with an embodiment. [0011] FIG. 5 is a block diagram that illustrates a computer system upon which an embodiment may be implemented.
DETAILED DESCRIPTION
[0012] In the following description, for the purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding. It will be apparent, however, that embodiments may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to avoid unnecessarily obscuring the description. OVERVIEW
[0013] Techniques are described herein that allow for verifying and/or re-verifying the correctness of an electronic design based on requirements of individual components and conditions that individual components ensure they will satisfy assuming that requirements, if any, of the individual components are satisfied. [0014] At least one of the components has a "requires set" associated with it, in one embodiment. The requires set specifies one or more requirements of the component. The requirements can relate to various properties including, but not limited to, logic, timing, layout, and power. As a particular example, a component might require a specified setup time for input signals.
[0015] At least one of the components has an "ensures set" associated with it, in one embodiment. The ensures set specifies one or more conditions that the component ensures that it will satisfy, assuming that its requirements, if any, are met. As a particular example, a component might ensure that it will meet a specified hold time for output signals, assuming its requirements, if any, are met.
[0016] The correctness of the electronic design can be verified or re-verified based on the requires sets and ensures sets, along with information that describes dependencies between the components. As an example, a re-verification of the electronic design might be achieved as follows. After the correctness of the electronic design is verified by some suitable technique, the design of one of the components of the electronic design might be changed. After re-designing the component, the effect of the re-design can be analyzed to determine whether the component still ensures its conditions, assuming its requirements are met. A determination may also be made as to whether any requirements of the component changed as a result of the re-design. If the component still ensures its conditions (and if there are no changes to the component's requirements), then there is no need to re-verify the electronic design further, as the design change does not impact other components.
[0017] As another example, the design change might cause the component to no longer ensure one or more of its conditions. For example, a hold time that the re-designed component ensures for an output might be slightly shorter. The electronic design can be quickly re-verified by determining what components could be affected by this changed condition and determining whether their requirements (e.g., requires sets) are still satisfied. For example, a determination is made as to whether the input hold time is still satisfied for any components that receive the output of the re-designed component. If the requirements of the potentially affected components are still met, then no further verification of the electronic design may be needed. If the requirements of the other components are no longer satisfied, the electronic design can still be re-verified quickly in many cases.
[0018] Thus, a design change to a particular component does not require re- verification of the entire electronic design. Moreover, the type of re-verification that is needed can be quickly and precisely determined.
[0019] The requires sets and ensures sets are used to perform an initial verification of the electronic design, in accordance with one embodiment. The requires sets and ensures sets are used to verify the electronic design when a new component is added to the electronic design, in accordance with another embodiment. [0020] Embodiments are described herein according to the following outline: a. Example Electronic Design b. Example Requires Set c. Example Ensures Set d. Example System for Verifying an Electronic Design e. General Process Flow f. Process Flow for Re-Verifying an Electronic Design g. Hardware Overview
EXAMPLE ELECTRONIC DESIGN HAVING MULTIPLE COMPONENTS [0021] FIG. 1 is a diagram of an example electronic design, which can be verified by an embodiment. The example electronic design has multiple components with requirements and/or conditions associated with at least some of the components, in accordance with an embodiment. In this example design, the supplier 102 provides data and control signals to the FIFO 106, and the FIFO 106 provides data and control signals to the consumer 104. The other depicted components include a power supply 108 and a clock generator 110, which provide power and a clock signal to other components. It is not required that a component be a specific physical unit. For example, the environment provided by the electronic device may also be considered to be a component. For example, a factor such as layout area for components (e.g., FIFO 106) may depend on the environment provided by the electronic device.
[0022] A particular component, such as the FIFO 106, may have both a requires set and an ensures set associated with it. An example requires set and an example ensures set for the FIFO 106 are discussed below. Some components may only have an ensures set associated with them. The fact that a component has an ensures set, but not a requires set does not necessarily mean that the component does not have any requirements. Rather, this may mean that none of the potential requirements are specified in a requires set. As an example, the clock generator 110 might ensure a condition related to the clock signal, but might not have any specified requirements. Still other components may have only a requires set associated with them. As an example, the consumer 104 might have requirements associated with its various input lines, but might not ensure any conditions.
EXAMPLE REQUIRES SET
[0023] A requires sets for a particular component contains requirements of a particular component, in one embodiment. The following discussion provides examples of FIFO 106 requirements for illustrative purposes. Requirements for a particular component can be based on information in data sheets for the component and/or other design requirements. As an example, the FIFO 106 has a set of requirements, which can be related to different properties such as logic, timing, layout, and power. Referring to FIG. 1, the requirements for the logic properties might be that no other component asserts the "PUSH" signal while the FIFO 106 asserts the FULL signal. Another logic requirement might be that no other component asserts the POP signal while the FIFO 106 asserts the EMPTY signal.
[0024] Examples of timing requirements include setup time, hold times, and clock properties. More particularity, the FIFO 106 might require that input values are stable for a minimum of 10 pico seconds (ps) before the rising clock edge. The FIFO 106 might also require that input values are held for a minimum of 20 ps after the rising clock edge. With respect to the clock, the FIFO 106 might require a maximum frequency, a duty cycle tolerance, minimum rise and fall rates, and maximum jitter. [0025] An example of a power requirement is that the FIFO 106 requires at least 3 mW of power.
[0026] An example of a layout requirement is that the environment should provide a minimum area for the FIFO 106. In this example, the environment may be considered to be a "component" as the term is used throughout this description. Thus, the term "component" can be any physical portion of or logical construct associated with the electronic design. EXAMPLE ENSURES SET
[0027] An ensures sets for a particular component contains conditions with which the particular component ensures it will comply, in one embodiment. As an example, the set of conditions that a component ensures it will comply with can be related to properties such as logic, timing, layout, and power. Conditions for a particular component can be based on information in data sheets for the component and/or design requirements. Continuing with the example of the FIFO 106, conditions related to logic properties might be that the FIFO 106 asserts the "FULL" signal when the FIFO 106 is full. Another logic condition might be that the FIFO 106 asserts the "EMPTY" signal when the FIFO 106 is empty. Another logic condition might be that if another component asserts the PUSH signal, then the FIFO 106 will store whatever values are on the data lines (Din). Still another logic condition might be that if another component asserts the POP signal, then the FIFO 106 will output, onto the data out lines (Dout), the first value that was loaded into the FIFO 106. Another example of a logic condition is that the FIFO 106 samples inputs and drives outputs in response to the rising edge of the clock signal. [0028] Examples of timing conditions include setup times and hold times. More particularly, the FIFO 106 might ensure that its output values are stable for a minimum of, for example, 10 pico seconds (ps) before the rising clock edge. The FIFO 106 might also ensure that it will hold output values for a minimum of 20 ps after the rising clock edge.
[0029] An example of a layout condition is that the FIFO 106 ensures that it will occupy no more than a specified area. An example of a power condition is that the FIFO 106 ensures that it will consume a maximum of 3m W of power. [0030] As previously discussed, the FIFO 106 will assure that it meets a set of conditions, as specified in its ensures set, as long as its requirements are met. The various properties discussed in the example of the FIFO 106 requirements and conditions are for illustrative purposes. Many other properties can be used. Moreover, a particular requirement or condition could potentially be considered to relate to more than one property (e.g., area and power).
[0031] Note that an item that is formulated as a requirement can also be formulated as a condition. For example, the FIFO 106 might require that it receives a specified amount of power and ensures that it will consume no more than a specified amount of power. Further note that the power requirement does not have to be the same value as the power condition ensured by the component. EXAMPLE SYSTEM FOR VERIFYING AN ELECTRONIC DESIGN [0032] FIG. 2 is an example system 200 for verifying and re-verifying an electronic design by performing a comparison of requirements and conditions associated with various components of the electronic design, in accordance with an embodiment. The system 200 could be used with the design of FIG. 1. The verification logic 202 is able to verify and/or re-verify the correctness of the electronic design, based on the requires sets 204 and ensures sets 206, and component dependency information 208. [0033] The electronic design is represented by one or more electronic design descriptions 212. A particular electronic design description 212 may pertain to one or more components. In some cases a particular electronic design description 212 might describe a portion of a component. The electronic design descriptions 212 may pertain to different levels of abstraction, such as behavioral, transactional, RTL, etc. Example formats for the electronic design descriptions 212 include, but are not limited to, Verilog RTL, Pathmill, the C programming language, the e verification language, HDL gate level netlist, transistor level netlist, Fastscan library model, and gate level models. [0034] In one embodiment, requires sets 204 and ensures sets 206 are formed, at least in part, by inputting information into a user interface. The information might be derived from data sheets for the components, although other sources can be used. In one embodiment, the requires sets 204 and/or ensures sets 206 are automatically generated by an information generation tool 215. The information generation tool 215 extracts or infers information from the electronic design description 212 to generate the requires sets 204 and/or ensures sets 206. To generate a requires set 204 and/or ensures set 206 for a particular component, the information generation tool 215 traverses a representation (e.g., a gate level netlist) of the particular component and algorithmically extracts a representation of a property in a suitable form, such as a logic formula. The portion of the requires set 204 and/or ensures set 206 for that property can be derived from the logic formula.
[0035] The component dependency information 208 describes what requirements depend on what conditions. For example, referring to Fig. 1, the Dout of the FIFO 106 is an input to the consumer 104. Therefore, the consumer 104 may have a requirement related to its input that depends on a condition or conditions related to the Dout of the FIFO 106. As another example, the clock signal (elk) of the clock generator 1 10 is input to several of the components (102, 104, 106). Therefore, those components 102, 104, 106 may have one or more requirements that depend on one or more conditions of the clock generator 110. As still another example, the FIFO 106 might have a layout area requirement that depends on the environment. The component dependency information 208 may be derived from the electronic design description 212. In one embodiment, the information generation tool 215 extracts or infers information from the electronic design description 212 to generate the component dependency information 208. [0036] The verification logic 202 is able to identify, based on the component definition information 208, a set of one or more components ("dependent components") whose respective requires sets depend, at least in part, on the ensures set of a particular component. The verification logic 202 is also able determine whether the one or more conditions in the ensures set of the particular component violate any requirements in the requires sets of any of the dependent components.
[0037] The verification logic 202 is able to invoke various verification tools 210(1) - 210(n) in order to perform a verification operation. For example, the verification operation might be to determine whether individual components comply with their specified conditions assuming that their requirements are met. Each of the verification tools 210(1) - 210(n) is able to analyze and/or verify some aspect of the correctness of at least one component of the electronic design. For example, a simulation might be run using one of the verification tools (e.g., 210(1)) to determine maximum power consumption for the FIFO 106. A different verification tool 210(2) could be used to perform a timing analysis on the FIFO 106.
[0038] The verification tools 210 include, but are not limited to, model checkers, test generator tools, static timing analysis tools, and circuit simulation tools. Examples of model checkers include Incisive® formal verifier (IFV), which is commercially available from Cadence® Design Systems, Inc. of San Jose, California; 0-In® formal verification, which is commercially available from Mentor Graphics Corporation of Wilsonville, Oregon; and Magellan™, which is commercially available from Synopsis®, Inc. of Mountain View, California. Examples of test generator tools include Specman®, which is commercially available from Cadence® Design Systems, Inc. of San Jose, California; and Questa™ SV (System Verilog), which is commercially available from Mentor Graphics Corporation of Wilsonville, Oregon. An example of a static timing analysis tool is PrimeTime®, which is commercially available from Synopsis®, Inc. of Mountain View, California. An example of a circuit simulation tool is SPICE (Simulation Program with Integrated Circuit Emphasis). [0039] The verification logic 202 can supply the verification tool 210(1) or 210(2) with one or more of the requirements of the FIFO 106, such as maximum clock frequency or timing requirements. The verification logic 202 can check the results provided by various verification tools 210(1), 210(2), against the conditions of the FIFO 106 to determine whether the FIFO complies with its conditions, assuming that its requirements are met. Other verification operations can also be performed as discussed elsewhere in this description.
[0040] The verification logic 202 reports violations of conditions of a component, based on results provided by the verification tools 210, in one embodiment. For example, if the FIFO has a condition that it will consume no more than 3.0 mW, and a simulation indicates that the FIFO will consume a maximum of 3.4 mW, the verification logic 202 reports that the condition should be changed to 3.4 mW or a higher value. The verification logic 202 is able to modify the conditions and requirements. The modification may be automatic or in response to user input.
GENERAL PROCESS FLOW
[0041] FIG. 3 is a flowchart illustrating steps of a process 300 of associating requirements and conditions with components of an electronic design and performing a verification operation on the design based thereon, in accordance with an embodiment. In step 302, a requires set is electronically associated with each of a first group of components of an electronic design. The first group may contain one or more components. The requires set for a particular component describes one or more requirements of the particular component.
[0042] In step 304, an ensures set is electronically associated with each of a second group of components of the electronic design. The second group may contain one or more components. The second group and the first group may have all members in common, some members in common, or no members in common. Each ensures set specifies, for its respective component, one or more conditions that the respective component ensures it will satisfy, as long as the requirements (if any) of the respective component are met. [0043] In step 306, a verification operation is performed on the electronic design. The verification operation is based on information that describes dependencies between the components, at least one of the requires sets, and at least one of the ensures sets. Many different types of verification operations can be performed. One example is to integrate a particular component into the electronic design. This integration can be performed by determining whether the requirements of the particular component are met by the conditions of the other components and determining whether the conditions of the particular component satisfy the requirements of the other components. [0044] The following example of integrating the FIFO 106 into the electronic design of FIG. 1 will be used to illustrate an example verification operation. The requirements of the FIFO 106 are compared to the conditions ensured by other components. The following table lists some of the requirements of the FIFO 106, and illustrates that these requirements are satisfied by conditions ensured by other components. The FIFO 106 can have many other requirements, such as setup and hold times, etc. Further, many other components could ensure conditions that the FIFO 106 depends upon.
TABLE 1
Figure imgf000011_0001
Also, the conditions of the FIFO 106 are compared to the requirements of other components. The following example table illustrates that the following FIFO 106 conditions satisfy the requirements of other components. The FIFO 106 can ensure many other conditions, which many other components could depend upon.
TABLE 2
Figure imgf000011_0002
[0045] Another example of a verification operation is to verify some aspect of the correctness of the entire electronic design. For example, the composition of the overall electronic design might be verified. The electronic design as a whole is verified by determining that each component's requirements are met by the conditions of the other components, in one embodiment. For example, so long as the requirements of the supplier 102, FIFO 106, and consumer 104 are satisfied by conditions ensured by other components, then the correctness of the composition of the whole electronic design is verified. A further step that can be performed is to verify that each component will satisfy its conditions, providing that its requirements, if any are met. However, the step of verifying individual components does not necessarily have to be performed. For example, the manufacturer of a particular component might test and verify the particular component.
[0046] Another verification operation that can be performed is to re-verify the electronic design as a whole after it has been initially verified. Process 400 of FIG. 4 describes an embodiment for re-verifying an electronic design.
PROCESS FLOW FOR RE-VERIFYING AN ELECTRONIC DESIGN [0047] In step 402 or process 400 of FIG. 4, an initial verification of an electronic design is performed. The initial verification is performed by comparing requirements and conditions of various components, in accordance with one embodiment. However, the initial verification may be performed by any technique. That is, the requirements and conditions of the components do not need to be used in the initial verification. [0048] In step 404, information is received related to modification of the design of one of the components of the electronic design is modified. For example, the design of the FIFO 106 component might be changed. As a more specific example, the depth of the FIFO 106 might be increased from 10 to 15 slots. Such a change could potentially affect one or more requirements or conditions of the FIFO 106. For example, area or power requirements and/or conditions might be affected by this change. The design change is reflected in a change to the electronic design description 212, in one embodiment. [0049] In step 406, a determination is made as to whether any of the conditions and/or requirements of the re-designed component should be changed. For example, a test can be performed to determine whether the re-designed component still complies with its ensured conditions, assuming that the requirements of the component (if any) are met. A verification tool can be used to determine whether the component complies with its conditions. As an example, the verification logic 202 might invoke one or more of the verification tools 210 to determine whether the FIFO 106 still complies with its ensures sets, assuming that the FIFO 106's requirements are met. Thus, a verification tool 210 might be invoked to determine how much area the FIFO 106 with 15 slots will need. Other verification tools 210 might also be invoked for other purposes such as determining how much power the re-designed FIFO 106 will consume.
[0050] If there are no changes to any requirements or conditions, then there is no need to perform any further verification of the electronic design. Thus in step 408, re- verification is confirmed.
[0051] However, if there are any changes to the conditions or requirements of the redesigned component, then a new set of conditions and/or requirements are associated with the re-designed component, in step 410. Continuing with the FIFO 106 example, an analysis of a re-designed FIFO 106 with 15 slots might reveal that 15 units of area are required. If the FIFO 106 previously had a requirement of needing no more than 10 units of area, then the requirements of the FIFO 106 can be changed to reflect this need. Moreover, the conditions of the FIFO 106 might be changed to specify that the FIFO 106 ensures that it will use no more than 15 units of area. Other requirements/conditions of the FIFO 106 might also be changed. For example, a simulation of the re-designed FIFO 106 might indicate that the power requirements have changed. For example, if a simulation of a FIFO 106 with 15 slots indicates that the FIFO 106 can no longer ensure that it will consume a maximum of 3 mW, then a new value is determined for which the FIFO 106 can ensure.
[0052] After the new set of conditions and/or requirements are determined, then further verification is performed on the electronic design, in step 412 and/or step 414. The further verification involves identifying, based on information that describes dependencies between the components, a set of one or more components whose conditions the requirements of the re-designed component depends upon. Further identified are a set of one or more components whose respective requirements depend, at least in part, on the conditions of the re-designed component.
[0053] If one or more requirements were changed, then the new requirements of the re-designed component are compared with conditions of components upon which the redesigned component depends, in step 412. As an example, if the FIFO 106 now requires 15 units of area and the environment ensures that is will supply 20 units of area for the FIFO 106, then there is no violation by this changed requirement. However, other effects may need to be examined such as new power requirements and any changes to conditions ensured by the FIFO 106.
[0054] If one or more conditions were changed, then in step 414, the new conditions of re-designed component are compared with requirements of dependent components. As an example, if the FIFO 106 now ensures a condition that it will use no more than 15 units of area and the environment has a requirement that the FIFO 106 use no more than 20 units of area, then there is no violation by this changed condition of the FIFO 106. [0055] If whichever of steps 412 and 414 indicate that re-verification is complete, then in step 416, an indication is provided that re-verification is complete. [0056] If either step 412 or 414 indicated that re-verification is not yet complete, then in step 418, several different actions could be taken. For example, if a change to one or more conditions ensured by the FIFO 106 causes a violation of a requirement of a component ("dependent component") that depends on the FIFO 106, the following could be performed. As a particular example, the FIFO 106 might now ensure that it will use no more than 4.OmW, whereas previously the FIFO 106 ensured it would consume no more than 3.OmW. If the power supply had a requirement that the FIFO 106 use no more than 3.5m W, this requirement would be violated. A new requires set can be formed for the dependent component, wherein no requirements in the new requires set are violated by the modified ensures set of the FIFO 106. For example, the power supply requirements could be changed to require the FIFO 106 to use no more than 4.5m W. Then a determination is made as to whether, as long as the requirements in the new requires set of the dependent component (e.g., power supply) are met, the dependent component complies with the ensures set of the dependent component. If the dependent component complies with its ensures set, then re-verification of a portion of the electronic design is successful.
[0057] However, if the dependent component no longer complies with its ensures set, then further steps could be undertaken. As an example, a new ensures set could be formed for the dependent component without any design change to the dependent component. Then, the new ensures set is compared to the requires set of any components that depend on the ensures set of the dependent component. If all the requirements are met, then re- verification for this portion of the electronic design is successful. [0058] Another option is to re-design a component whose requirements are not met by the other components. The preceding discussion lists just a few of the options that are possible to re-verify the electronic design in response to a requirement or a condition of a component changing. HARDWARE OVERVIEW
[0059] Figure 5 is a block diagram that illustrates a computer system 500 upon which an embodiment of the invention may be implemented. Computer system 500 includes a bus 502 or other communication mechanism for communicating information, and a processor 504 coupled with bus 502 for processing information. Computer system 500 also includes a main memory 506, such as a random access memory (RAM) or other dynamic storage device, coupled to bus 502 for storing information and instructions to be executed by processor 504. Main memory 506 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed by processor 504. Computer system 500 further includes a read only memory (ROM) 508 or other static storage device coupled to bus 502 for storing static information and instructions for processor 504. A storage device 510, such as a magnetic disk or optical disk, is provided and coupled to bus 502 for storing information and instructions. [0060] Computer system 500 may be coupled via bus 502 to a display 512, such as a cathode ray tube (CRT), for displaying information to a computer user. An input device 514, including alphanumeric and other keys, is coupled to bus 502 for communicating information and command selections to processor 504. Another type of user input device is cursor control 516, such as a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to processor 504 and for controlling cursor movement on display 512. This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane.
[0061] The invention is related to the use of computer system 500 for implementing the techniques described herein. According to one embodiment of the invention, those techniques are performed by computer system 500 in response to processor 504 executing one or more sequences of one or more instructions contained in main memory 506. Such instructions may be read into main memory 506 from another machine-readable medium, such as storage device 510. Execution of the sequences of instructions contained in main memory 506 causes processor 504 to perform the process steps described herein. In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention. Thus, embodiments of the invention are not limited to any specific combination of hardware circuitry and software. [0062] The term "machine-readable medium" as used herein refers to any medium that participates in providing data that causes a machine to operation in a specific fashion. In an embodiment implemented using computer system 500, various machine-readable media are involved, for example, in providing instructions to processor 504 for execution. Such a medium may take many forms, including but not limited to storage media and transmission media. Storage media includes both non-volatile media and volatile media. Non-volatile media includes, for example, optical or magnetic disks, such as storage device 510. Volatile media includes dynamic memory, such as main memory 506. Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise bus 502. Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and infra-red data communications. All such media must be tangible to enable the instructions carried by the media to be detected by a physical mechanism that reads the instructions into a machine.
[0063] Common forms of machine-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD- ROM, any other optical medium, punchcards, papertape, any other physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
[0064] Various forms of machine-readable media may be involved in carrying one or more sequences of one or more instructions to processor 504 for execution. For example, the instructions may initially be carried on a magnetic disk of a remote computer. The remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem. A modem local to computer system 500 can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal. An infra-red detector can receive the data carried in the infra-red signal and appropriate circuitry can place the data on bus 502. Bus 502 carries the data to main memory 506, from which processor 504 retrieves and executes the instructions. The instructions received by main memory 506 may optionally be stored on storage device 510 either before or after execution by processor 504. [0065] Computer system 500 also includes a communication interface 518 coupled to bus 502. Communication interface 518 provides a two-way data communication coupling to a network link 520 that is connected to a local network 522. For example, communication interface 518 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, communication interface 518 may be a local area network (LAN) card to provide a data communication connection to a compatible LAN. Wireless links may also be implemented. In any such implementation, communication interface 518 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
[0066] Network link 520 typically provides data communication through one or more networks to other data devices. For example, network link 520 may provide a connection through local network 522 to a host computer 524 or to data equipment operated by an Internet Service Provider (ISP) 526. ISP 526 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the "Internet" 528. Local network 522 and Internet 528 both use electrical, electromagnetic or optical signals that carry digital data streams. The signals through the various networks and the signals on network link 520 and through communication interface 518, which carry the digital data to and from computer system 500, are exemplary forms of carrier waves transporting the information.
[0067] Computer system 500 can send messages and receive data, including program code, through the network(s), network link 520 and communication interface 518. In the Internet example, a server 530 might transmit a requested code for an application program through Internet 528, ISP 526, local network 522 and communication interface 518. [0068] The received code may be executed by processor 504 as it is received, and/or stored in storage device 510, or other non-volatile storage for later execution. In this manner, computer system 500 may obtain application code in the form of a carrier wave. [0069] In the foregoing specification, embodiments of the invention have been described with reference to numerous specific details that may vary from implementation to implementation. Thus, the sole and exclusive indicator of what is the invention, and is intended by the applicants to be the invention, is the set of claims that issue from this application, in the specific form in which such claims issue, including any subsequent correction. Any definitions expressly set forth herein for terms contained in such claims shall govern the meaning of such terms as used in the claims. Hence, no limitation, element, property, feature, advantage or attribute that is not expressly recited in a claim should limit the scope of such claim in any way. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.

Claims

CLAIMSWhat is claimed is:
1. A machine-implemented method comprising: storing information that identifies one or more requirements of a first component of a plurality of components of an electronic design; storing information that identifies one or more conditions that a second component of the plurality of components ensures it will satisfy; storing information that identifies that the first component is dependent on the second component; as part of a verification of the electronic design, performing a comparison of the information that identifies one or more requirements of the first component with the information that identifies one or more conditions that the second component ensures it will satisfy; and based, at least in part, on the comparison, determining whether the electronic design is verified.
2. The method of Claim 1, wherein determining whether the electronic design is verified comprises: determining that the conditions of the second component meet the requirements of the first component.
3. The method of Claim 1, further comprising: modifying the information that identifies one or more conditions that the second component of the electronic design ensures it will satisfy; in order to re-verify the electronic design, performing a comparison of the information that identifies requirements of the first component with the modified information that identifies one or more conditions that the second component ensures it will satisfy; and based on the comparison of the information that identifies requirements of the first component with the modified information that identifies one or more conditions that the second component ensures it will satisfy, determining whether the electronic design is re-verified.
4. The method of Claim 3, further comprising: in response to determining that the electronic design has not been re-verified, modifying the requirements of the first component so that its modified requirements are met by the conditions of the second component; and in order to re-verify the electronic design, performing a comparison of the modified requirements of the first component with the information that identifies one or more conditions that the second component ensures it will satisfy; and based on the comparison of the modified requirements of the first component with the information that identifies one or more conditions that the second component ensures it will satisfy, determining whether the electronic design is re-verified.
5. The method of Claim 3, further comprising: in response to determining that the electronic design has not been re-verified, redesigning the first component so that its requirements are met by the conditions of the second component.
6. The method of Claim 1, further comprising: modifying the information that identifies one or more requirements of the first component of the electronic design; in order to re-verify the electronic design, performing a comparison of the information that identifies modified requirements of the first component with the information that identifies one or more conditions that the second component ensures it will satisfy; and based on the comparison of the modified information that identifies requirements of the first component with the information that identifies one or more conditions that the second component ensures it will satisfy, determining whether the electronic design is re-verified.
7. The method of Claim 6, further comprising: in response to determining that the electronic design has not been re-verified, redesigning the second component so that its modified conditions satisfy the modified requirements of the first component.
8. A system for verifying an electronic design comprising a plurality of components, said system comprising: a database comprising: information that describes dependencies between the components; a requires set electronically associated with each component of a first group of the components, wherein the requires set for a particular component describes requirements of the particular component; an ensures set electronically associated with each component of a second group of the components, wherein each ensures set specifies, for its respective component, one or more conditions that the respective component ensures it will satisfy, as long as requirements, if any, of the respective component are met; verification logic that is operable to: perform a verification operation on the electronic design based on the information that describes dependencies, the requires sets, and the ensures sets.
9. The system of Claim 8, wherein the verification logic is further operable to: access a modified ensures set that is associated with a first component, wherein the modified ensures set comprises a modified version of the one or more conditions ensured by the first component as compared to a previous version of the ensures set of the first component; identify, based on the information that describes dependencies between the components, a set of one or more dependent components whose respective requires sets depend, at least in part, on the modified ensures set of the first component; determine whether the one or more conditions in the modified ensures set of the first component violate any requirements in the requires sets of any of the dependent components; and in response to determining that the one or more conditions do not violate any requirements of the dependent components, determine that the electronic design has been re-verified.
10. The system of Claim 8, wherein the verification logic is further operable to: access a modified requires set that is associated with a first component, wherein the modified requires set reflects a change in the requirements of the first component; determine whether the ensures sets of any of components on which the first component depends satisfy the modified requires set of the first component; and in response to determining that the ensures sets of all of the components on which the first component depends satisfy the modified requires set of the first component, determine that the electronic design has been re-verified.
11. The system of Claim 8, wherein the verification logic is further operable to perform the following verification operation on the electronic design: for each component, determine whether any of the requirements in the requires set of the component are violated by any of the conditions in the ensures set of any of the components on which the component depends; and in response to determining that none of the requirements are violated, determine that the electronic design is verified.
12. The system of Claim 8, further comprising: one or more verification programs that are able to determine whether a particular component satisfies the conditions of the particular component assuming the requirements, if any, of the particular component are met.
13. A system verification tool comprising logic that is operable to: input information that describes dependencies between components of an electronic design; input information that describes one or more requirements of each of a first group of the components; input information that describes one or more conditions that each of a second group of the components ensures it will satisfy, as long as requirements of the component, if any, are met; and based on the information that describes dependencies between the components of the electronic design, the information that describes requirements, and the information that describes conditions, perform a verification operation on the electronic design.
14. The system verification tool in Claim 13, wherein the verification operation comprises comparing one or more conditions of a first component of the electronic design with one or more requirements of a second component of the electronic design to determine whether any of the requirements of the second component are violated.
15. The system verification tool recited in Claim 13, wherein the tool is further operable to: invoke one or more verification programs in order to determine whether one or more conditions of a particular component of the electronic design are satisfied, assuming that requirements, if any, of the particular component are met.
16. The system verification tool recited in Claim 13, wherein tool is further operable to: modify the information that describes one or more requirements of a first component of the electronic design to reflect a change in the requirements of the first component; determine whether one or more conditions of any components on which the first component depends satisfy the modified information; and in response to determining that the one or more conditions satisfy the modified information, determine that the electronic design has been re-verified.
17. A machine-implemented method comprising: electronically associating a requires set with each of a first group of components of an electronic design, wherein the requires set for a particular component describes one or more requirements of the particular component; electronically associating an ensures set with each of a second group of components of the electronic design, wherein each ensures set specifies, for its respective component, one or more conditions that the respective component ensures it will satisfy, as long as requirements, if any, of the respective component are met; performing a verification of the electronic design; modifying at least one of the following for a first component in order to produce modified component information: one or more conditions with which the first component ensures it will comply; and one or more requirements of the first component; and based on information that describes dependencies between the components, at least one of the requires sets, at least one of the ensures sets, and the modified component information, re-verifying the electronic design.
18. The method of Claim 17, wherein: the step of modifying comprises modifying one or more conditions with which the first component ensures it will comply; and the step of re-verifying the electronic design comprises comparing the one or more conditions that were modified with which the first component ensures it will comply with requirements of components that depend on the first component.
19. The method of Claim 18, further comprising determining that the electronic design has been re-verified if the one or more conditions that were modified meet the requirements of components that depend on the first component.
20. The method of Claim 17, wherein: the step of modifying comprises modifying one or more requirements of the first component; and the step of re-verifying the electronic design comprises comparing the one or more requirements of the first component that were modified with conditions of components on which the first component depends.
21. The method of Claim 20, further comprising determining that the electronic design has been re-verified if the one or more requirements that were modified are met by the conditions of components on which the first component depends.
22. The method of Claim 17, further comprising: changing a design of a first component of the electronic design; after changing the design of the first component, determining that the first component still complies with conditions specified in the ensures set of the first component; and based on determining that the first component still complies with conditions specified in the ensures set of the first component, determining that the electronic design has been re-verified.
23. A machine-implemented method comprising: electronically associating a requires set with each of a first group of components of an electronic design, wherein the requires set for a particular component describes one or more requirements of the particular component; electronically associating an ensures set with each of a second group of components of the electronic design, wherein each ensures set specifies, for its respective component, one or more conditions that the respective component ensures it will satisfy, as long as requirements, if any, of the respective component are met; and based on information that describes dependencies between the components of the electronic design, at least one of the requires sets, and at least one of the ensures sets, performing a verification operation on the electronic design.
24. The method of Claim 23, wherein the step of performing a verification operation comprises: determining whether any of the conditions in the ensures set of any components of the electronic design that a first component depends on violate any of the requirements in the requires set of the first component; and determining whether any of the conditions in the ensures set of the first component violates any of the requirements in the requires set of any components that depend on the first component.
25. The method of Claim 23, wherein the step of performing a verification operation on the electronic design comprises: for each component, determining whether any of the requirements in the requires set of the component are violated by any of the conditions in the ensures set of any of the components in the electronic design on which the component depends; and in response to determining that none of the requirements are violated, determining that the electronic design is verified.
26. The method of Claim 23, wherein the step of performing a verification operation on the electronic design comprises: for each component in the electronic design, determining whether all of the requirements in the requires set of the component are satisfied by a condition in at least one of the components in the electronic design.
27. The method of Claim 23, wherein the step of performing a verification operation on the electronic design is performed by a system verification tool.
28. The method of Claim 23, further comprising: modifying the one or more conditions in the ensures set that is associated with a first component to reflect a change to the first component; identifying, based on the information that describes dependencies between the components, a set of one or more dependent components whose respective requires sets depend, at least in part, on the ensures set of the first component; determining whether the modified one or more conditions in the ensures set of the first component do not violate any requirements in the requires sets of all the dependent components; and in response to determining that the modified one or more conditions do not violate any requirements of the dependent components, determining that the electronic design has been re-verified.
29. The method of Claim 28, further comprising: in response to determining that any of the dependent components have a requirement that is violated by the modified one or more conditions, performing additional verification on dependent components having a requirement that is violated by the modified one or more conditions.
30. The method of Claim 29, further comprising: modifying the design of the dependent components having a requirement that is violated by the modified one or more conditions so that they will not have any requirements that are violated by the modified one or more conditions.
31. The method of Claim 30, further comprising, for a first of the dependent components having a requirement that is violated by the modified one or more conditions: after modifying the design of the first dependent component, determining whether the first dependent component complies with its ensures set, assuming new requirements of the dependent component.
32. The method of Claim 28, wherein the step of performing additional verification comprises: for each dependent component having a requirement that is violated by the modified one or more conditions: forming a new requires set for the dependent component, wherein no requirements in the new requires set are violated by the modified one or more conditions; determining whether, as long as the requirements in the new requires set are met, the dependent component continues to comply with the ensures set of the dependent component; and in response to determining that the dependent component continues to comply with the ensures set of the dependent component, determining that the dependent component has been re-verified; if all of the dependent components, as long as their respective new requires sets are met, are re-verified, then determining that the electronic design has been re-verified.
33. The method of Claim 23, further comprising: modifying the requires set that is associated with a first component to reflect a change in the requirements of the first component; determining whether the ensures sets of any of components on which the first component depends satisfy the modified requires set of the first component; and in response to determining that the ensures sets of all of the components on which the first component depends satisfy the modified requires set of the first component, determining that the electronic design has been re-verified.
PCT/US2007/082891 2006-11-02 2007-10-29 Verifying correctness of an electronic design based on requirements and conditions of components of the electronic design WO2008057840A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US85665906P 2006-11-02 2006-11-02
US60/856,659 2006-11-02

Publications (2)

Publication Number Publication Date
WO2008057840A2 true WO2008057840A2 (en) 2008-05-15
WO2008057840A3 WO2008057840A3 (en) 2008-10-16

Family

ID=39365216

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/082891 WO2008057840A2 (en) 2006-11-02 2007-10-29 Verifying correctness of an electronic design based on requirements and conditions of components of the electronic design

Country Status (1)

Country Link
WO (1) WO2008057840A2 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6536037B1 (en) * 1999-05-27 2003-03-18 Accenture Llp Identification of redundancies and omissions among components of a web based architecture

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6536037B1 (en) * 1999-05-27 2003-03-18 Accenture Llp Identification of redundancies and omissions among components of a web based architecture

Also Published As

Publication number Publication date
WO2008057840A3 (en) 2008-10-16

Similar Documents

Publication Publication Date Title
US6944838B2 (en) Method and system for design verification using proof-partitioning
US8453085B2 (en) Method for estimating the latency time of a clock tree in an ASIC design
US5930148A (en) Method and system for verifying a digital circuit design including dynamic circuit cells that utilize diverse circuit techniques
US9251300B2 (en) Methods and tools for designing integrated circuits with auto-pipelining capabilities
US10222850B2 (en) Voltage and frequency balancing at nominal point
US6553514B1 (en) Digital circuit verification
US10354042B2 (en) Selectively reducing graph based analysis pessimism
US8095900B2 (en) Achieving clock timing closure in designing an integrated circuit
US7640476B2 (en) Method and system for automated path delay test vector generation from functional tests
US8635579B1 (en) Local clock skew optimization
US7484192B2 (en) Method for modeling metastability decay through latches in an integrated circuit model
US8560983B2 (en) Incorporating synthesized netlists as subcomponents in a hierarchical custom design
US10579341B2 (en) Generation of workload models from execution traces
CN115796093B (en) Circuit time sequence optimization method and device, electronic equipment and storage medium
US8401828B1 (en) Methods and systems for analog object fetch in mixed-signal simulation
US8341569B2 (en) Statistical iterative timing analysis of circuits having latches and/or feedback loops
US7210109B2 (en) Equivalence checking of scan path flush operations
US7194715B2 (en) Method and system for performing static timing analysis on digital electronic circuits
US10515169B1 (en) System, method, and computer program product for computing formal coverage data compatible with dynamic verification
US9679092B1 (en) Constraint handling for parameterizable hardware description language
US20030212972A1 (en) Unconventional clocked circuit components having multiple timing models
US20090077440A1 (en) Apparatus and method for verifying target cicuit
US20220327269A1 (en) Computing device and method for detecting clock domain crossing violation in design of memory device
US6701498B2 (en) Black box timing model for latch-based systems
US9754069B2 (en) Determining slack estimates for multiple instances of a cell in a hierarchical circuit design

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07854497

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07854497

Country of ref document: EP

Kind code of ref document: A2