The Certitude™ Functional Qualification System (See Figure 1) is the only solution that objectively measures the overall effectiveness of your verification environment. It identifies verification weaknesses that allow bugs to go undetected and lead to functional problems, silicon re-spins, and delays to market. For designs targeting automotive, Certitude assesses safety mechanisms as required by the ISO 26262 standard. The Certitude system does this with unique automation technology that provides quick feedback on the most serious problems and supports the efficient analysis and correction of problems.
Gaining Confidence in Your Verification Environment
The Certitude system provides detailed information on the ability of your verification environment to activate, propagate and detect “systematic faults” that represent potential bugs in your design, exposing significant weaknesses that have gone unnoticed by other tools. The system provides data to identify vulnerabilities in the stimuli, observability, checkers and assertions as well as holes in your verification plan. With the uncertainty removed, your verification efforts will be more reliable and efficient.
Figure 1: Certitude Functional Qualification Process
Satisfying ISO 26262 for Automotive
The Certitude system provides detailed information on the ability of your safety mechanisms to detect and react to “random faults” that represent defects in your designs, enabling calculation of key metrics like diagnostic coverage (DC) and documentation of how these mechanisms are verified and whether they perform as expected. Such documentation is required by the ISO 26262 standard to validate the satisfactory operation of the system under unexpected conditions and to illustrate the use of best-practice, state-of-the art verification methods.
The Certitude system works in three modes:
- Verification improvement mode analyzes the verification of your design and identifies specific holes and weaknesses
- Metric mode objectively measures the overall quality of your verification environment
- Safety mode assesses your safety mechanisms relative to the ISO 26262 automotive standard
Verification Improvement Mode
In this mode, the Certitude system identifies weaknesses and holes caused by incomplete or missing results checkers, assertions and test scenarios or problems in the verification infrastructure. It provides a complete report of the results in HTML format that highlights the problem areas. This mode is used to expose shortcomings and guide improvements in your environment to ensure that RTL bugs do not slip through the process.
You can also use the system to objectively assess overall functional verification quality. The metric mode uses statistical sampling techniques to analyze the ability of your verification environment to activate, propagate, and detect potential bugs. The scores produced by the metric mode in these areas allow for:
- High-confidence IP exchange
- Better SoC predictability
- Optimized allocation of verification resources
In this mode, the Certitude system injects a subset of faults (typically stuck-at 0/1) that represent defects in the design that can occur and adversely affect normal functional operation with safety-related implications. The data produced by this mode can be used to validate and document the proper operation of the safety mechanisms for the ISO 26262 automotive standard.
How It Works
The Certitude functional qualification system works with a patent-pending technology that combines mutation-based techniques and static analysis to stress the verification environment and identify holes and weaknesses that can allow bugs to remain undetected.
The Certitude system introduces mutations, also called “faults”, into your existing register transfer level (RTL) code. For example:
a = b | c; (original code)
a = b & c; (faulty program code)
The system then determines whether the verification environment can activate the faulty code, propagate the effects to an observable point, and detect the presence of the fault. This is done in three phases (See Figure 2):
- The fault model analysis phase analyzes the RTL design and selects the faults to insert
- The fault activation phase runs a complete regression simulation and analyzes the behavior of the verification environment with respect to the faults
- The fault detection phase runs selected tests from the verification environment to measure the ability of the verification environment to detect the faults
The Certitude system uses proprietary techniques to optimize and manage the overall process. This enables practical usage on real-world designs and the identification of significant verification weaknesses with a minimal amount of simulation.
Figure 2: The Three Phases of Certitude Functional Qualification
Adopt Functional Qualification Early in the Process
Research has shown that certain faults are more likely than others to expose big weaknesses in the verification environment. The Certitude system uses a proprietary algorithm to automatically classify and prioritize the faults related to your RTL design. The faults are then injected and qualified in priority order. Subsequent qualifications inherit results from previous runs and focus on the remaining undetected faults. This process allows you to:
- Find and fix big weaknesses early in the verification process
- Expand the set of qualified faults as the environment and design mature
- Achieve incremental improvement over time
- Minimize analysis and debug effort
Broad Support for Languages, Tools and Techniques
Certitude supports qualification of a range of design languages, including C and C++ for high-level modeling and software implementation, and SystemC, (System) Verilog and VHDL for modeling hardware. There are no restrictions on the test or verification environment.
Certitude is tightly integrated with the most commonly-used commercial HDL simulators. In addition to Synopsys’ VCS®, Certitude supports IUS™ from Cadence and Questa™ from Mentor Graphics.
Certitude also supports the qualification of formal verification environments. The process and purpose are analogous to the simulation application. Certitude modifies the RTL code to inject faults and in this case invokes the formal verification environment to prove a set of properties. If at least one of the properties fails, that implies that this particular fault can be detected by the existing environment. If all of the properties pass, then there is something to investigate — perhaps a missing property, an over-constrained situation, or some other problem. Simulation and formal verification qualification results can be merged into a single report to provide an overall measure of verification effectiveness from a combined static and dynamic perspective. Certitude supports Synopsys’ VC Formal as well as IFV™ and JasperGold™ from Cadence, and OneSpin 360 DV™ from OneSpin.
The Certitude system is easy to insert into existing functional verification flows (See Figure 3). It is fully compatible with all current verification methodologies, such as constrained-random stimulus generation and assertion-based approaches. The Certitude system also leverages the Verdi Automated Debug System to enable quick debug and analysis of results.
Figure 3: The Certitude System Integrates Easily with Existing Environments
For more information about Synopsys products, support services or training, visit us on the web at: www.synopsys.com, contact your local sales representative or call 650.584.5000.