Giving the Gorilla Some Brains: Giving the Gorilla Some Brains: How Can Formal Complement How Can Formal Complement
Simulation?Simulation?
FMCAD Panel DiscussionFMCAD Panel DiscussionNovember 14, 2006November 14, 2006
Andreas KuehlmannAndreas Kuehlmann
““Simulation” vs. “Formal Verification”Simulation” vs. “Formal Verification”
• Let’s look into terminology!Let’s look into terminology!
We as FMCAD community should know what formal means!
FMCAD = “Formal Methods on CAD”
“Precise Formalists” versus the “Sloppy Informalists” ??
But what does Simulation mean?
Let’s Check out Wikipedia…Let’s Check out Wikipedia…
A simulation is an imitation of some real thing, state of affairs, or process. The act of simulating something generally
entails representing certain key characteristics or behaviors of a selected physical or abstract system.
…for Distinction Sake, a Deceiving by Words, is commonly called a Lye,
and a Deceiving by Action, Gestures, or Behavior,is called Simulation
But it continues….
Let’s Google it…Let’s Google it…
• http://embedded.eecs.berkeley.edu/research/vis/ttc/lecDir/ps/session3.ppt.pshttp://embedded.eecs.berkeley.edu/research/vis/ttc/lecDir/ps/session3.ppt.ps
Simulation in the Formal WorldSimulation in the Formal World
“A Simulation Preorder is a relation between state transition systems
associating systems which behave in the
same way in the sense that one system “simulates” the other”
In other, words a system simulates another system if it can match all of its moves.
… looks to me like a pretty formal and “complete” approach
versus Simulation in the “Informal World”versus Simulation in the “Informal World”
DUVSubset of
Input
Stimuli
Monitor
RTL simulation -> stick a tiny subset of the input stimuli into the system,
simulate the behavior and see if the output matches what you expect
The formal world calls this
Testing
But Wait a Minute….But Wait a Minute….
… for others Testing means this:
The testing community uses formal methods to generate test vectors
E.g. D-Algorithm for ATPG
Paul Roth: Diagnosis of Automata Failure: A Calculus & MethodIBM Journal of R&D 1966 (10), pp. 278-291
Later we “renamed” sequential ATPG into Bounded Model Checking
… … and then there are the Companiesand then there are the Companies
• IBM IBM – Verification includes simulation and formal methodsVerification includes simulation and formal methods
• Intel:Intel:– Validation (simulation)Validation (simulation)
– versus Verification (formal)versus Verification (formal)
• The restThe rest– Whatever is fashionableWhatever is fashionable
Two Introductory LecturesTwo Introductory Lectures
• Robert Jones Robert Jones
Principal Engineer, Intel Corp. Hillsboro, ORPrincipal Engineer, Intel Corp. Hillsboro, OR
““Life in the Jungle: Simulation vs. Verification”Life in the Jungle: Simulation vs. Verification”
• Wolfgang RoesnerWolfgang Roesner
Distinguished Engineer IBM Server Division, Austin, TXDistinguished Engineer IBM Server Division, Austin, TX
””Ecological Niche or Survival Gear? - Improving an Industrial Ecological Niche or Survival Gear? - Improving an Industrial Simulation Methodology with Formal Methods”Simulation Methodology with Formal Methods”
How can Formal Complement How can Formal Complement SimulationSimulation• Technology:Technology:
– Are there methods from the formal world that are usable in a Are there methods from the formal world that are usable in a simulation based flow?simulation based flow?
• Methodologies:Methodologies:– Should we do simulation first to catch the “easy bugs” and then Should we do simulation first to catch the “easy bugs” and then
switch to formal for the “hard” ones?switch to formal for the “hard” ones?
• Teams:Teams:– In many projects designers are responsible for “almost” correctness In many projects designers are responsible for “almost” correctness
and hand the difficult part to the verification team. Does this make and hand the difficult part to the verification team. Does this make sense?sense?
A “typical” Simulation SetupA “typical” Simulation Setup
Testbench
DUVConstraint
Solver
Constraints
Biasing
Monitor
Coverage
Analysis
Points where “Formal” Could HelpPoints where “Formal” Could Help
Testbench
DUVConstraint
Solver
Constraints
Biasing
Monitor
Coverage
Analysis
Questions for the PanelQuestions for the Panel
• Are there interesting techniques from the formal world that can Are there interesting techniques from the formal world that can complement simulation methods?complement simulation methods?
• Does the traditional tool partitioning betweenDoes the traditional tool partitioning between• Simulation and test generationSimulation and test generation
• Equivalence checkingEquivalence checking
• Formal property checkingFormal property checking
encourage cross-fertilization between technologies?encourage cross-fertilization between technologies?
• Do we have the appropriate verification methodologies and Do we have the appropriate verification methodologies and team structures reflecting this?team structures reflecting this?
PanelistsPanelists
• Warren Hunt (UT Austin)Warren Hunt (UT Austin)• Robert Jones (Intel)Robert Jones (Intel)• Robert Kurshan (Cadence)Robert Kurshan (Cadence)• Wolfgang Paul (University Saarbruecken)Wolfgang Paul (University Saarbruecken)• Carl Pixley (Synopsys)Carl Pixley (Synopsys)• Wolfgang Roesner (IBM)Wolfgang Roesner (IBM)
Top Related