Back in my Atrenta days (before mid-2015), we were already running into a lot of very large SoC-level designs – a billion gates or more. At those sizes, full-chip verification of any kind becomes extremely challenging. Memory demand and run-times explode, and verification costs explode also since these runs require access to very expensive servers in-house or in the cloud. Verifying hierarchically seems like an obvious solution but presents new problems in abstracting blocks in the analysis. Immediate ideas for abstraction invariably hide global detail which is critical to accuracy and dependability for sign-off. Implementing hierarchical CDC (clock domain crossing) analysis provides a good example.
The need for hierarchical CDC
The factors that make for a CDC problem don’t neatly bound themselves inside design hierarchy blocks. Clocks run all over an SoC and many domain crossings fall between function blocks. You might perhaps analyze two or more such blocks together, but you still have to abstract the rest, adding unknown inaccuracies to your analysis. Even this solution may fail for more extended problems like re-convergence or glitch prone logic. Add in multiple power domains and reset domains and the range of combinations you may need to test can become overwhelming. Clever user hacks can’t get around these issues unfortunately.
The unavoidable answer is to develop much better abstractions which can capture that global detail, detail that is necessary for CDC analysis but not captured in conventional constraints or other design data. That direction started in Atrenta and continues to be evolved in Synopsys through a concept of sign-off abstract models (SAMs). A SAM is a reduced and annotated model, much smaller than the full model. But it still contains enough design and constraint detail to support an accurate CDC analysis at the next level up.
The analysis methodology, which can extend through multiple levels of hierarchy, will typically start at a block/IP level where an engineer will first fully validate CDC correctness, then generate a SAM model through an automatic step. These models strip out internal logic except for logic at boundaries where that logic has relevance to CDC. The SAM model will also include assumptions made in the block-level analysis. At the next level up, CDC will between the assumptions at that level (e.g. sync/async relations between clocks) and those block-level assumptions.
When you have fixed any consistency problems at one level, you can run CDC analysis at level next level up. Fix any problems there, generate a SAM model for that level, and so on, up the hierarchy.
Hierarchy simplifies CDC review
There’s another obvious benefit to this approach. CDC noise becomes much more manageable. No need to wade through gigabytes of full-chip reports to find potential problems. You can now work through reasonably-sized reports at each level. Synopsys already has lots of clever techniques uses to reduce noise further within a level .
The secret sauce in this process is the detail in the SAM model, in generation, and in consistency checks between levels. To ensure that hierarchical analysis is entirely consistent with a full flat analysis. While subtracting the detail that would have been reported inside whatever you have abstracted. You can still run a final signoff before handoff, to be absolutely certain. Hierarchical CDC helps you to be a lot more efficient about how you get there.
You can learn more about the VC SpyGlass hierarchical CDC analysis flow HERE.