Functional Static Sign-Off’s
Expanding Role
by Prakash Narain, President & CEO, Real Intent
Impact of Shifting left on Functional Static Sign-Off Tool Deployment
System and semiconductor design costs for bug fixing goes up 10X at each design phase. These high costs, plus constantly increasing design complexity have driven the shift left trend in design verification for many years, enabling companies to achieve substantial cost reduction and better predict delivery schedules.
This industry-wide shift left has led to the expanded adoption of functional static sign-off tools during early RTL design, including clock domain crossing, reset domain crossing, and design for test static sign-off tools.
Static Sign-off Finds All Targeted Failures
Static sign-off tools find all targeted problems and scale easily to billion transistor designs. Because they report all design violations, engineers must analyze the reports to determine which violations are actual errors.
Formal verification methods also find all targeted problems, but in contrast with static sign-off, formal tools have capacity challenges at around one million gates. And simulation’s coverage is limited to the specified testcases.
Example Functional Static Sign-Off Domain: Reset Domain Crossing
The Reset Domain Crossing (RDC) application domain is a good example for understanding static sign-off. A reset domain crossing refers to a design path where the source and destination elements operate on different, independent resets.
RDC static sign-off tools are used to ensure that the signals crossing the reset domains function reliably, with no missed bug escapes.
The design principles for protection against reset domain crossing issues are very different from those for clock domain crossings. One example is that RDC errors can occur in the same clock domain. Further, RDC analysis scope is global, while CDC interfaces are localized. Also, the mean time between failures is much higher for RDC than for CDC, which can result in missed RDC failures.
To identify all RDC issues with low noise, RDC static sign-off analysis must be customized with RDC-specific design principles and analysis, for both structural and functional aspects. One case is that structural analysis alone can report a metastability error, where an advanced RDC functional analysis can recognize design protection – for example, a blocking signal.
The number of false errors reported (noise) goes up tremendously without this depth of functional analysis. Because engineers must review all the violations in the report, a high-noise violation report can require dramatically more engineering time and effort to reach sign-off. Further, if too many false positives are reported, engineers my end up missing bugs by incorrectly classifying actual errors as waivers.
Real Intent Achieves Designers’ Usability Requirements for Shifting Left
The above example illustrates a critical aspect of shifting left: The tools and methodologies must be usable for RTL designers to adopt a “shift left” approach. This means the tools must run fast and minimize engineering time.
Real Intent’s static sign-off tools meet designers’ high usability goals in multiple ways, including:
- Using hierarchy and abstraction to help our tools scale with increasing design sizes.
- Offering multimode options, with one set up for multiple reset scenarios or clock modes, and one consolidated report.
- Ensuring engineers can find and root cause actual errors quickly — this requires low noise from false-positive violations.
Shifting left with verification is driving Real Intent’s static sign-off tools to become an increasing part of RTL sign-off. We help our customers deliver reliable products with the best possible performance, power, and area — while meeting aggressive project windows and budgets.