Register or Login
News Categories
Advertisements
Formal Verification: An Unfortunate Label
To the best of my memory commercial formal tools have been around for a decade or so. Yet the Formal Verification market is still in a state of confusion, with no single tool achieving significant market superiority. There are many startups, but none has really achieve the hoped for financial success. I believe that the principal reason for this state of affair is due to the erroneous positioning of the tools.
Functional tools are not really verification tools, or at least they should not be. Formal tools are design tools, not verification tools. Their mission should be to prevent errors, not to find them. We have the unfortunate human treat of being better at fixing error than at avoiding them. Yet error avoidance is more efficient, less costly, and almost always generates better implementations.
If a design engineer would start an implementation by writing the assertions required by the specification written in a natural language, he, or she, would be generating the equivalent of an executable specification. Such description is easier to use in discussing with the marketing department because the relationship between the collection of assertions and the written specification is more direct than when the project in an implementation language is discussed with the marketing professionals.
Then the implementation would proceed by developing the code required while obeying the rules described in the assertions. This would lead to both more straightforward design and the identification of missing requirements, in the form of absent or incorrect assertions. All this is the responsibility of the development engineer, and has nothing to do with what we traditionally call "verification".
Under this scenario, verification engineers would be responsible for inspecting the assertion, comparing them to the specification, and finding errors and omissions. Then they will generate the stimuli and expected responses, and also generate tests for corner cases and "improbable" inputs and execution states.
So, formal tools should be classified under "Formal Design" not "Formal Verification". In this manner they will be sold to the engineers responsible for using them. It is very inefficient to have verification engineers insert assertions in code written by design engineers, because they often are not familiar with the intent of the developer. By calling the tool in a manner that properly describes its use intent, we would go along way to simplify the sale process, and would, at the same time, improve its use methodology.
RSS Feed
Comments
No formal boundaries
First: full disclosure: I’m a Solutions Architect for Cadence’s Formal tools and methodologies.
Your posts on this topic really got me thinking – apologies that I haven’t had the chance to respond until now. In a nutshell, if there’s anything I have learned in my years working in the formal space is that we should not pigeon hole the technology. Our customers challenge us every day to apply it on new and interesting problems beyond plain vanilla model checking. If anything the term “Formal” should stand alone, or be used a prefix for the evolving and completely novel applications that are increasing the size of the EDA market as a whole. I’ve captured more comments and supporting points in a blog stream here: http://www.cadence.com/community/posts/teamverify.aspx
Thanks for initiating this interesting discussion!
Chris Komar
Cadence
Thoughts on the formal market
Gabe, I prefer using either "formal analysis" or "equivalence checking" to make it clear with part of the formal market we're discussing. Unfortunately, the term "formal verification" is used for both types of products. You appear to be discussion formal analysis, aka property checking, aka assertion checking. While no one would argue that this market remains very small compared to simulation, it is a well-established and growing segment for the industry in general and Cadence in particular. I don't see that "state of confusion" that you describe.
However, I do agree with most of your other comments. Since I first started working with formal analysis back in 1999, it was clear to me that its biggest success would come from use by designers early in a project. Designers should write assertions along with their RTL, not necessarily a complete "executable specification" but at least a set of properties capturing key aspects of the design intent, and then run formal analysis.
As I have written in my own blog, much of Cadence's considerable success with our formal products is due precisely to its adoption by designers following this approach. Designers can write assertions, run formal, and even run simulation using the assertions to generate stimulus long before any testbench is available.
So we do market formal analysis to designers, although we position it as a verification technology. I suppose that more designers might adopt it if we called it "formal design" or something similar; who knows?
Thanks for your encouragement for designers to adopt assertions and formal; it's a win-win for everyone.
Formal Technology Delivers for both Design and Verification
Hi Gabe,
I’m glad to see you addressing the role formal can play in product design, although we need to set the record straight on a few items.
First, the “classical” formal verification market itself is growing, and is named as an essential and expanding technology in the ITRS roadmap. Also, if you look at the EDAC statistics, you will indeed see a category leader! (modesty prevents me...)
True, as you commented, formal verification technology is indeed extremely valuable in the design and debug phase! As you know from our recent conversation, Jasper’s ActiveDesign is a highly successful product that leverages formal technology for RTL design, eliminating costly errors at the very beginning. It also stores behaviors in a persistent knowledge base that can be shared with the verification engineers, eliminating a lot of back and forth between design and verification teams.
BUT, it should also be noted that formal’s traditional role in design verification is alive and well, based on what I heard at multiple technical presentations by leading designers at DAC. Finding and preventing errors is an extremely valuable exercise for them.
Your readers may wish to view some of these on the DAC website (http://www2.dac.com/videos+from+dac+user+track+videos.aspx). Several DAC 2010 User Tracks by Jasper customers are also compelling (http://www.jasper-da.com/newsevents/technical_articles.htm)
One of our tenets is that formal verification can and should be used at each stage of the design, from architectural exploration to post-silicon debug, and Jasper customers are on the record (see www.jasper-da.com) attesting to this use model.
Look forward to hearing more from GABEonEDA on this topic in the months ahead.
best regards,
Holly Stump / Jasper Design Automation