140 likes | 348 Vues
Giving the Gorilla Some Brains: How Can Formal Complement Simulation? FMCAD Panel Discussion November 14, 2006. Andreas Kuehlmann. “Simulation” vs. “Formal Verification”. Let’s look into terminology!. We as FMCAD community should know what formal means! FMCAD = “Formal Methods on CAD”
 
                
                E N D
Giving the Gorilla Some Brains: How Can Formal Complement Simulation?FMCAD Panel DiscussionNovember 14, 2006 Andreas Kuehlmann
“Simulation” vs. “Formal Verification” • Let’s look into terminology! We as FMCAD community should know what formal means! FMCAD = “Formal Methods on CAD” “Precise Formalists” versus the “Sloppy Informalists” ?? But what does Simulation mean?
Let’s Check out Wikipedia… A simulation is an imitation of some real thing, state of affairs, or process. The act of simulating something generally entails representing certain key characteristics or behaviors of a selected physical or abstract system. But it continues…. …for Distinction Sake, a Deceiving by Words, is commonly called a Lye, and a Deceiving by Action, Gestures, or Behavior, is called Simulation
Let’s Google it… • http://embedded.eecs.berkeley.edu/research/vis/ttc/lecDir/ps/session3.ppt.ps
Simulation in the Formal World “A Simulation Preorder is a relation between state transition systems associating systems which behave in the same way in the sense that one system “simulates” the other” In other, words a system simulates another system if it can match all of its moves. … looks to me like a pretty formal and “complete” approach
Monitor Subset of Input Stimuli DUV versus Simulation in the “Informal World” RTL simulation -> stick a tiny subset of the input stimuli into the system, simulate the behavior and see if the output matches what you expect The formal world calls this Testing
But Wait a Minute…. … for others Testing means this: The testing community uses formal methods to generate test vectors E.g. D-Algorithm for ATPG Paul Roth: Diagnosis of Automata Failure: A Calculus & Method IBM Journal of R&D 1966 (10), pp. 278-291 Later we “renamed” sequential ATPG into Bounded Model Checking
… and then there are the Companies • IBM • Verification includes simulation and formal methods • Intel: • Validation (simulation) • versus Verification (formal) • The rest • Whatever is fashionable
Two Introductory Lectures • Robert Jones Principal Engineer, Intel Corp. Hillsboro, OR “Life in the Jungle: Simulation vs. Verification” • Wolfgang Roesner Distinguished Engineer IBM Server Division, Austin, TX ”Ecological Niche or Survival Gear? - Improving an Industrial Simulation Methodology with Formal Methods”
How can Formal Complement Simulation • Technology: • Are there methods from the formal world that are usable in a simulation based flow? • Methodologies: • Should we do simulation first to catch the “easy bugs” and then switch to formal for the “hard” ones? • Teams: • In many projects designers are responsible for “almost” correctness and hand the difficult part to the verification team. Does this make sense?
Constraint Solver Monitor Constraints Biasing Coverage Analysis Testbench A “typical” Simulation Setup DUV
Constraint Solver Monitor Constraints Biasing Coverage Analysis Testbench Points where “Formal” Could Help DUV
Questions for the Panel • Are there interesting techniques from the formal world that can complement simulation methods? • Does the traditional tool partitioning between • Simulation and test generation • Equivalence checking • Formal property checking encourage cross-fertilization between technologies? • Do we have the appropriate verification methodologies and team structures reflecting this?
Panelists • Warren Hunt (UT Austin) • Robert Jones (Intel) • Robert Kurshan (Cadence) • Wolfgang Paul (University Saarbruecken) • Carl Pixley (Synopsys) • Wolfgang Roesner (IBM)