Embed Size (px)
Citation preview
Integration
2
Agenda
• The changing nature of design at Intel
• Easy problems
• Hard problems
• Prospects
10/14/2015 3
Market segmentation
4
SoC methodology
5
Shared ingredients
Bay Trail SoC
6
Bay Trail SoC
7
Power Management
Controller
SilvermontCore
SilvermontCore
Shared 1M L2$
SilvermontCore
SilvermontCore
Shared 1M L2$
Imaging DSP
Intel HD Gfx
Video Decoder
Display Controller
LPDDR3/DDR3L
Controller
LPDDR3/DDR3L
Controller
Silvermont System AgentDRAM
DRAM
MPI-CSI
HDMI 1.4
DP 1.2
eDP 1.3
MPI-DSI
Primary Switching Fabric
GPIO Controller
Power Management
Controller
Legacy
Security Engine
Low Power IO Controller
Storage Hub
SDIO 3.0 Controller
SD 3.0 Controller
eMMC 4.1 Controller
USB3 OTG xHCI
Audio Engine
I2S
USB HSIC
USB2
USB3
USB3 OTG
eMMCSD CardSDIOPWMI2CHS UARTSPI
GPIO
SMBUS
LPC
Boot ROM
DD
RG
PIO
+ L
egac
yD
isplay
Au
dio
USB
1x64b
1x64b
Development with shared IPs
10/14/2015 8
CPU n CPU n+1
Gfx n Gfx n+1
Img n Img n+1
Wireless n Wireless n+1
Chassis n Chassis n+1
IntegrationFirmware development
RTL development
0 2 3
Product
“IPs” - Ingredients
Each product
Formal verification today
• Primary focus is on units within IPs
– Does this multiplier multiply?
– Does this decoder decode?
– etc
10/14/2015 9
CPU n CPU n+1
Gfx n Gfx n+1
Img n Img n+1
Wireless n Wireless n+1
Chassis n Chassis n+1
“IPs” - Ingredients
Integration validation
• Simulation and emulation dominate
• Little/no use of formal – but opportunities exist
10/14/2015 10
IntegrationFirmware development
RTL development
0 2 3
Product
Cost of a bug vs time found
10/14/2015 11
CPU n CPU n+1
Gfx n Gfx n+1
Img n Img n+1
Wireless n Wireless n+1
Chassis n Chassis n+1
IntegrationFirmware development
RTL development
0 2 3
Product
$ 103
$ 106
$ 109
Agenda
• The changing nature of design at Intel
• Easy problems
– Interface protocol compliance
– Control/status register (CSR) verification
– Connectivity verification
• Hard problems
• Prospects
10/14/2015 12
Bay Trail SoC
13
Power Management
Controller
SilvermontCore
SilvermontCore
Shared 1M L2$
SilvermontCore
SilvermontCore
Shared 1M L2$
Imaging DSP
Intel HD Gfx
Video Decoder
Display Controller
LPDDR3/DDR3L
Controller
LPDDR3/DDR3L
Controller
Silvermont System AgentDRAM
DRAM
MPI-CSI
HDMI 1.4
DP 1.2
eDP 1.3
MPI-DSI
Primary Switching Fabric
GPIO Controller
Power Management
Controller
Legacy
Security Engine
Low Power IO Controller
Storage Hub
SDIO 3.0 Controller
SD 3.0 Controller
eMMC 4.1 Controller
USB3 OTG xHCI
Audio Engine
I2S
USB HSIC
USB2
USB3
USB3 OTG
eMMCSD CardSDIOPWMI2CHS UARTSPI
GPIO
SMBUS
LPC
Boot ROM
DD
RG
PIO
+ L
egac
yD
isplay
Au
dio
USB
1x64b
1x64b
Interface protocol compliance
• Each IP has several interfaces:
– Mainband
– DFx: test, debug, …
10/14/2015 14
UARTTx
Rx
clk rst#
OCP
Interface compliance
• Given:– IP block
– Protocol configuration: data width, burst size, feature inclusion, …
• Verify:– Interface well-formedness: signals, naming
conventions
– Legality of configuration
– Adherence to protocol rules
10/14/2015 15
Interface compliance
• Standard protocols– Commercial bus functional models and checkers
support simulation
– Some EDA vendor support for formal (e.g. Jasper IPKs)
• Proprietary protocols– Writing and maintaining high quality formal
compliance checkers is very labor intensive
– Need synthesis of formal compliance checkers (and simulation testbench, …) from declarative protocol specifications
10/14/2015 16
Control/status register verification
• IPs configured and controlled via CSRs
• CSRs are memory or IO mapped for access by BIOS, driver, …
10/14/2015 17
Tx
Rx
clk rst#
OCP
RBR/THRIERIIRLCRMCRLSRMSRSCR
#define UART_BASE 0x03F8
enum {UART_RBR = UART_BASE + 0,UART_THR = UART_BASE + 0,UART_IER = UART_BASE + 1,UART_IIR = UART_BASE + 2,UART_LCR = UART_BASE + 3,UART_MCR = UART_BASE + 4,UART_LSR = UART_BASE + 5,UART_MSR = UART_BASE + 6,UART_SCR = UART_BASE + 7,};
SystemRDL
CSR verification
• Given:– IP block
– Register specification (e.g. SystemRDL)
• Verify:– Address mapping
– Correct cold reset values
– Data integrity
– Read only/write only
– Lock bits behavior
10/14/2015 18
CSR verification
• Simulation is standard approach today
• Continuous regressions required due to periodic IP drops and register spec churn
• Formal tools appearing: Cadence Jasper, OneSpin
10/14/2015 19
Scaling challenge of “easy” problems
• This is an IP:
• Dozens of interfaces, 1000s of pins
• Complex protocols
• Hundreds/thousands of CSRs, some buried deep10/14/2015 20
Silvermont Core Silvermont Core
Shared 1M L2$
Connectivity verification
21
Power Management
Controller
SilvermontCore
SilvermontCore
Shared 1M L2$
SilvermontCore
SilvermontCore
Shared 1M L2$
Imaging DSP
Intel HD Gfx
Video Decoder
Display Controller
LPDDR3/DDR3L
Controller
LPDDR3/DDR3L
Controller
Silvermont System AgentDRAM
DRAM
MPI-CSI
HDMI 1.4
DP 1.2
eDP 1.3
MPI-DSI
Primary Switching Fabric
GPIO Controller
Power Management
Controller
Legacy
Security Engine
Low Power IO Controller
Storage Hub
SDIO 3.0 Controller
SD 3.0 Controller
eMMC 4.1 Controller
USB3 OTG xHCI
Audio Engine
I2S
USB HSIC
USB2
USB3
USB3 OTG
eMMCSD CardSDIOPWMI2CHS UARTSPI
GPIO
SMBUS
LPC
Boot ROM
DD
RG
PIO
+ L
egac
yD
isplay
Au
dio
USB
1x64b
1x64b
ObsJTAGdbg
Connectivity verification
• Given– Fullchip model including pins– Connectivity specification (spreadsheet)
• Verify– Power & ground planes connected– Clocks & resets connected with correct polarity– Fabrics connected to IPs– Mux networks correct: GPIOs– DFx infrastructure connected: observability, debug,
JTAG, misc test, …
• Scaling is the biggest challenge
10/14/2015 22
Agenda
• The changing nature of design at Intel
• Easy problems
• Hard problems
– Networks on chip
– Security verification
– Power management
• Prospects
10/14/2015 23
Networks on chip
24
Power Management
Controller
SilvermontCore
SilvermontCore
Shared 1M L2$
SilvermontCore
SilvermontCore
Shared 1M L2$
Imaging DSP
Intel HD Gfx
Video Decoder
Display Controller
LPDDR3/DDR3L
Controller
LPDDR3/DDR3L
Controller
Silvermont System AgentDRAM
DRAM
MPI-CSI
HDMI 1.4
DP 1.2
eDP 1.3
MPI-DSI
Primary Switching Fabric
GPIO Controller
Power Management
Controller
Legacy
Security Engine
Low Power IO Controller
Storage Hub
SDIO 3.0 Controller
SD 3.0 Controller
eMMC 4.1 Controller
USB3 OTG xHCI
Audio Engine
I2S
USB HSIC
USB2
USB3
USB3 OTG
eMMCSD CardSDIOPWMI2CHS UARTSPI
GPIO
SMBUS
LPC
Boot ROM
DD
RG
PIO
+ L
egac
yD
isplay
Au
dio
USB
1x64b
1x64b
NoC verification
• Given
– NoC RTL
– Behavior/constraints at network endpoints
– Maybe: additional info like topology, queue sizes
• Verify
– Message integrity
– Deadlock freedom, livelock freedom
– QoS: latency, throughput
10/14/2015 25
NoC verification
• Usually validated in fullchip simulation or emulation– Difficult to hit all important scenarios, corner
cases
• Academic traction on formal modeling and verification at architecture level, but no commercial formal tools yet
• Even with verified architecture, establishing RTL correctness extremely difficult
10/14/2015 26
Security verification
• CIA: confidentiality, integrity, availability
– Focus today is on C and I
• Most effective method is careful manual review by devious experts
• Some formal tools for static security path verification
– Specify location of secrets and potential attack points
– Tool seeks to sensitize a path between adversary and secret
10/14/2015 27
Use case: content protection
28
Power Management
Controller
SilvermontCore
SilvermontCore
Shared 1M L2$
SilvermontCore
SilvermontCore
Shared 1M L2$
Imaging DSP
Intel HD Gfx
Video Decoder
Display Controller
LPDDR3/DDR3L
Controller
LPDDR3/DDR3L
Controller
Silvermont System AgentDRAM
DRAM
MPI-CSI
HDMI 1.4
DP 1.2
eDP 1.3
MPI-DSI
Primary Switching Fabric
GPIO Controller
Power Management
Controller
Legacy
Security Engine
Low Power IO Controller
Storage Hub
SDIO 3.0 Controller
SD 3.0 Controller
eMMC 4.1 Controller
USB3 OTG xHCI
Audio Engine
I2S
USB HSIC
USB2
USB3
USB3 OTG
eMMCSD CardSDIOPWMI2CHS UARTSPI
GPIO
SMBUS
LPC
Boot ROM
DD
RG
PIO
+ L
egac
yD
isplay
Au
dio
USB
1x64b
1x64b
Security verification
• Given:– CSR specification– IP behaviors– Use case flows: content protection, FW authentication, Intel® SGX– Threat model
• Verify:– C: secret not revealed to adversary– I: secret not tampered by adversary– [A: secret available to authorized user]
• Analysis must comprehend– dynamic nature of the computation, – the changing locations of secrets, – role and privilege of each participating IP,– evolution of access permissions
10/14/2015 29
Power management
• Techniques
– Clock gating
– Dynamic voltage and frequency scaling (DVFS)
– C-states: core active, idle, various levels of powerdown
– Various system level power states
• Intricate fullchip protocols orchestrate the transitions
10/14/2015 30
Power state transition
31
Power Management
Controller
SilvermontCore
SilvermontCore
Shared 1M L2$
SilvermontCore
SilvermontCore
Shared 1M L2$
Imaging DSP
Intel HD Gfx
Video Decoder
Display Controller
LPDDR3/DDR3L
Controller
LPDDR3/DDR3L
Controller
Silvermont System AgentDRAM
DRAM
MPI-CSI
HDMI 1.4
DP 1.2
eDP 1.3
MPI-DSI
Primary Switching Fabric
GPIO Controller
Power Management
Controller
Legacy
Security Engine
Low Power IO Controller
Storage Hub
SDIO 3.0 Controller
SD 3.0 Controller
eMMC 4.1 Controller
USB3 OTG xHCI
Audio Engine
I2S
USB HSIC
USB2
USB3
USB3 OTG
eMMCSD CardSDIOPWMI2CHS UARTSPI
GPIO
SMBUS
LPC
Boot ROM
DD
RG
PIO
+ L
egac
yD
isplay
Au
dio
USB
1x64b
1x64b
MWAIT
Power management
• Verified in emulation or on silicon
• Formal tools to check local power management measures vs power intent (UPF)
– Clock domain crossings, level shifters
– Isolation cells
– Clock and power gating
10/14/2015 32
Power management
• Really need to verify:
– Power dependencies: e.g. core pup requires fabric pup
– Flow synchronization: e.g. two cores on one PLL
– Each IP remains inside its operating envelope
– Timely response to thermal emergency and other urgent events
– Stability?
– Time scales are microseconds or milliseconds
10/14/2015 33
Agenda
• The changing nature of design at Intel
• Easy problems
• Hard problems
– NoC verification
– Security verification
– Power management
• Prospects
10/14/2015 34
Looking ahead
• New verification problems, new opportunities
• Need a verification approach that
– Supports executable specs and models
– Enables abstract modeling and refinement
– Scales to address system complexity
– Addresses HW, SW, protocols, concurrency
10/14/2015 35
Thank you!
10/14/2015 36
