What’s Between Simulation and Formal Verification?

There is a desperate need for an immediate practical solution to the problem of verifying large designs. Simulation-based verification has not been able to keep up with increasing design complexity. In spite of increasing simulation and emulation speed, the number of problem cases that can be covered by manually generated functional test vectors or pseudo-random functional testing is declining. The amount of human and computational effort devoted to verification is increasing rapidly, time to market is being delayed, and bad bugs are showing up after tape-out and in products. Many designers hope that formal verification will solve the problem. Formal verification will help (indeed, it will be indispensible) in niches where it is particularly effective. However, it will not provide a general solution to the verification problem in the near future. Except for equivalence checking tools, which are targetted at low-level design errors (e.g. in hand-optimized net-lists), formal verification tools do not currently scale well to large designs. Effective use of these techniques requires reducing the core computational problem by a variety of methods, none of which is supported well by current design practices. For example, model checking a small part of a design needs a detailed specification of the interface behavior of the block being verified, so that only legal inputs are checked. Real designs almost never have up-to-date, detailed specifications of the interfaces between low-level blocks, so verification often requires painful reverse engineering of the interface specification. Another approach to complexity reduction is to abstract the circuit behavior. But abstracting parts of a complex design is a frustrating process, because of false error reports resulting from unanticipated dependencies on design details which are changed by the abstraction. I believe that design practices and formal verification techniques will evolve together to resolve these and other problems, at least in part. However, there is every reason to believe that it will be a long, difficult journey to the point where formal verification tools displace traditional simulation-based verification. It is likely that the most practically effective verification methods in the medium-term future will be “semi-formal” methods, which combine ideas from conventional and formal verification to achieve much better test coverage of designs than conventional verification, while avoiding the scaling and methodology problems inherent in formal verification methods. Although work with along these lines has been going on for several years, the collection of ideas has not yet evolved into a “field of study.” Even a modest attempt to compare techniques reveals that many obvious ideas have not yet been tried. We should expect research in this area to bloom in the next few years, accompanied by rapid commercialization and use of the best ideas.